From 3ec8e981a1f2d9f6387d83e961bea93a8e754d1e Mon Sep 17 00:00:00 2001 From: Martin Schuppert Date: Wed, 8 Nov 2023 10:46:03 +0100 Subject: [PATCH] [tls] wip Depends-On: https://github.com/openstack-k8s-operators/lib-common/pull/399 --- modules/certmanager/go.mod | 8 +- modules/certmanager/go.sum | 18 +- modules/common/go.mod | 10 +- modules/common/go.sum | 22 +- modules/common/test/functional/tls_test.go | 136 +++++++ modules/common/tls/tls.go | 347 +++++++++++----- modules/common/tls/tls_test.go | 425 ++++++++++++++++---- modules/common/tls/zz_generated.deepcopy.go | 70 ++-- modules/openstack/go.mod | 6 +- modules/openstack/go.sum | 14 +- modules/storage/go.mod | 5 +- modules/storage/go.sum | 11 +- modules/test/go.mod | 7 +- modules/test/go.sum | 15 +- 14 files changed, 814 insertions(+), 280 deletions(-) create mode 100644 modules/common/test/functional/tls_test.go diff --git a/modules/certmanager/go.mod b/modules/certmanager/go.mod index da69fb54..7be7ffee 100644 --- a/modules/certmanager/go.mod +++ b/modules/certmanager/go.mod @@ -49,9 +49,9 @@ require ( go.uber.org/multierr v1.10.0 // indirect golang.org/x/oauth2 v0.4.0 // indirect golang.org/x/sys v0.14.0 // indirect - golang.org/x/term v0.13.0 // indirect + golang.org/x/term v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.14.0 // indirect + golang.org/x/tools v0.15.0 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/protobuf v1.28.1 // indirect @@ -69,8 +69,8 @@ require ( github.com/json-iterator/go v1.1.12 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect - golang.org/x/net v0.17.0 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/net v0.18.0 // indirect + golang.org/x/text v0.14.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/klog/v2 v2.100.1 // indirect diff --git a/modules/certmanager/go.sum b/modules/certmanager/go.sum index 997920f1..89d9a472 100644 --- a/modules/certmanager/go.sum +++ b/modules/certmanager/go.sum @@ -348,7 +348,7 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -383,8 +383,8 @@ golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= +golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -450,8 +450,8 @@ golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= +golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -460,8 +460,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -510,8 +510,8 @@ golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= -golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= +golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= +golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/modules/common/go.mod b/modules/common/go.mod index 64e9c540..735ad775 100644 --- a/modules/common/go.mod +++ b/modules/common/go.mod @@ -11,7 +11,7 @@ require ( github.com/openshift/api v3.9.0+incompatible github.com/pkg/errors v0.9.1 go.uber.org/zap v1.26.0 - golang.org/x/exp v0.0.0-20231006140011-7918f672742d + golang.org/x/exp v0.0.0-20231108232855-2478ac86f678 k8s.io/api v0.26.10 k8s.io/apimachinery v0.26.10 k8s.io/client-go v0.26.10 @@ -52,13 +52,13 @@ require ( github.com/prometheus/procfs v0.8.0 // indirect github.com/spf13/pflag v1.0.5 // indirect go.uber.org/multierr v1.10.0 // indirect - golang.org/x/net v0.17.0 // indirect + golang.org/x/net v0.18.0 // indirect golang.org/x/oauth2 v0.4.0 // indirect golang.org/x/sys v0.14.0 // indirect - golang.org/x/term v0.13.0 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/term v0.14.0 // indirect + golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.14.0 // indirect + golang.org/x/tools v0.15.0 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/protobuf v1.28.1 // indirect diff --git a/modules/common/go.sum b/modules/common/go.sum index ddb79cde..962f4aaa 100644 --- a/modules/common/go.sum +++ b/modules/common/go.sum @@ -331,8 +331,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= -golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= +golang.org/x/exp v0.0.0-20231108232855-2478ac86f678 h1:mchzmB1XO2pMaKFRqk/+MV3mgGG96aqaPXaMifQU47w= +golang.org/x/exp v0.0.0-20231108232855-2478ac86f678/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -353,7 +353,7 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -388,8 +388,8 @@ golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= +golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -455,8 +455,8 @@ golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= +golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -465,8 +465,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -515,8 +515,8 @@ golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= -golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= +golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= +golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/modules/common/test/functional/tls_test.go b/modules/common/test/functional/tls_test.go new file mode 100644 index 00000000..ff849c39 --- /dev/null +++ b/modules/common/test/functional/tls_test.go @@ -0,0 +1,136 @@ +/* +Copyright 2023 Red Hat + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package functional + +import ( + "github.com/google/uuid" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + "github.com/openstack-k8s-operators/lib-common/modules/common/service" + "github.com/openstack-k8s-operators/lib-common/modules/common/tls" + "k8s.io/apimachinery/pkg/types" + ctrl "sigs.k8s.io/controller-runtime" +) + +var _ = Describe("tls package", func() { + var namespace string + + BeforeEach(func() { + // NOTE(gibi): We need to create a unique namespace for each test run + // as namespaces cannot be deleted in a locally running envtest. See + // https://book.kubebuilder.io/reference/envtest.html#namespace-usage-limitation + namespace = uuid.New().String() + th.CreateNamespace(namespace) + // We still request the delete of the Namespace to properly cleanup if + // we run the test in an existing cluster. + DeferCleanup(th.DeleteNamespace, namespace) + + }) + + It("validates CA cert secret", func() { + sname := types.NamespacedName{ + Name: "ca", + Namespace: namespace, + } + th.CreateEmptySecret(sname) + + // validate bad ca cert secret + _, ctrlResult, err := tls.ValidateCACertSecret(th.Ctx, cClient, sname) + Expect(err).To(HaveOccurred()) + Expect(ctrlResult).To(BeIdenticalTo(ctrl.Result{})) + + // update ca cert secret with good data + th.UpdateSecret(sname, tls.CABundleKey, []byte("foo")) + hash, ctrlResult, err := tls.ValidateCACertSecret(th.Ctx, cClient, sname) + Expect(err).ShouldNot(HaveOccurred()) + Expect(ctrlResult).To(BeIdenticalTo(ctrl.Result{})) + Expect(hash).To(BeIdenticalTo("n56fh645hfbh687hc9h678h87h64bh598h577hch5d6h5c9h5d4h74h84h5f4hfch6dh678h547h9bhbchb6h89h5c4h68dhc9h664h557h595h5c5q")) + }) + + It("validates service cert secret", func() { + sname := types.NamespacedName{ + Name: "cert", + Namespace: namespace, + } + + // create bad cert secret + th.CreateEmptySecret(sname) + + // validate bad cert secret + s := &tls.Service{ + SecretName: sname.Name, + } + _, ctrlResult, err := s.ValidateCertSecret(th.Ctx, h, namespace) + Expect(err).To(HaveOccurred()) + Expect(ctrlResult).To(BeIdenticalTo(ctrl.Result{})) + + // update cert secret with cert, still key missing + th.UpdateSecret(sname, tls.CertKey, []byte("cert")) + _, ctrlResult, err = s.ValidateCertSecret(th.Ctx, h, namespace) + Expect(err).To(HaveOccurred()) + Expect(err.Error()).To(ContainSubstring("field tls.key not found in Secret")) + Expect(ctrlResult).To(BeIdenticalTo(ctrl.Result{})) + + // update cert secret with key to be a good cert secret + th.UpdateSecret(sname, tls.PrivateKey, []byte("key")) + + // validate good cert secret + hash, ctrlResult, err := s.ValidateCertSecret(th.Ctx, h, namespace) + Expect(err).ShouldNot(HaveOccurred()) + Expect(ctrlResult).To(BeIdenticalTo(ctrl.Result{})) + Expect(hash).To(BeIdenticalTo("n547h97h5cfh587h56ch594h79hd4h96h5cfh565h587h569h688h666h685h67ch7fhfbh664h5f9h694h564h9ch645h675h665h78h7h87h566hb6q")) + }) + + It("validates endpoint certs secrets", func() { + sname := types.NamespacedName{ + Name: "cert", + Namespace: namespace, + } + // create bad cert secret + th.CreateSecret(sname, map[string][]byte{ + tls.PrivateKey: []byte("key"), + }) + + endpointCfgs := map[service.Endpoint]tls.Service{} + + // validate empty service map + _, ctrlResult, err := tls.ValidateEndpointCerts(th.Ctx, h, namespace, endpointCfgs) + Expect(err).ToNot(HaveOccurred()) + Expect(ctrlResult).To(BeIdenticalTo(ctrl.Result{})) + + endpointCfgs[service.EndpointInternal] = tls.Service{ + SecretName: sname.Name, + } + endpointCfgs[service.EndpointPublic] = tls.Service{ + SecretName: sname.Name, + } + + // validate service map with bad cert secret + _, ctrlResult, err = tls.ValidateEndpointCerts(th.Ctx, h, namespace, endpointCfgs) + Expect(err).To(HaveOccurred()) + Expect(err.Error()).To(ContainSubstring("field tls.crt not found in Secret")) + Expect(ctrlResult).To(BeIdenticalTo(ctrl.Result{})) + + // update cert secret to have missing private key + th.UpdateSecret(sname, tls.CertKey, []byte("cert")) + + // validate service map with good cert secret + hash, ctrlResult, err := tls.ValidateEndpointCerts(th.Ctx, h, namespace, endpointCfgs) + Expect(err).ShouldNot(HaveOccurred()) + Expect(ctrlResult).To(BeIdenticalTo(ctrl.Result{})) + Expect(hash).To(BeIdenticalTo("n5d7h65dh5d5h569hffh66ch568h95h686h58fhcfh586h5b8hc6hd7h65bh56bh55bh656hfh5f7h84h54bh65dh5c9h8ch64bh64bhdfh8ch589h54bq")) + }) +}) diff --git a/modules/common/tls/tls.go b/modules/common/tls/tls.go index 806339b3..0d077008 100644 --- a/modules/common/tls/tls.go +++ b/modules/common/tls/tls.go @@ -20,89 +20,181 @@ package tls import ( "context" + "encoding/json" "fmt" "strings" + "time" + "github.com/openstack-k8s-operators/lib-common/modules/common/env" "github.com/openstack-k8s-operators/lib-common/modules/common/helper" "github.com/openstack-k8s-operators/lib-common/modules/common/secret" "github.com/openstack-k8s-operators/lib-common/modules/common/service" + "github.com/openstack-k8s-operators/lib-common/modules/common/util" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" "k8s.io/utils/ptr" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" ) const ( // CABundleLabel added to the CA bundle secret for the namespace CABundleLabel = "combined-ca-bundle" + // CABundleKey - key of the secret entry holding the ca bundle + CABundleKey = "tls-ca-bundle.pem" + + // CertKey - key of the secret entry holding the cert + CertKey = "tls.crt" + // PrivateKey - key of the secret entry holding the cert private key + PrivateKey = "tls.key" + // CAKey - key of the secret entry holding the ca + CAKey = "ca.crt" + + // TLSHashName - Name of the hash of hashes of all cert resources used to indentify a change + TLSHashName = "certs" ) -// Service contains server-specific TLS secret -type Service struct { - /// +kubebuilder:validation:Optional - // SecretName - holding the cert, key for the service - SecretName string `json:"secretName,omitempty"` +// API - API tls type which encapsulates both the service and CA configuration. +type API struct { // +kubebuilder:validation:Optional - // CertMount - dst location to mount the service tls.crt cert. Can be used to override the default location which is /etc/tls//tls.crt - CertMount *string `json:"certMount,omitempty"` - // +kubebuilder:validation:Optional - // KeyMount - dst location to mount the service tls.key key. Can be used to override the default location which is /etc/tls//tls.key - KeyMount *string `json:"keyMount,omitempty"` + // Disabled TLS for the deployment of the service + Disabled *bool `json:"disabled,omitempty"` + + // +kubebuilder:validation:optional + // +operator-sdk:csv:customresourcedefinitions:type=spec + // The key must be the endpoint type (public, internal) + Endpoint map[service.Endpoint]APIService `json:"endpoint,omitempty"` + + // +kubebuilder:validation:optional + // +operator-sdk:csv:customresourcedefinitions:type=spec + // Secret containing CA bundle + Ca `json:",inline"` +} + +// APIService contains server-specific TLS secret +type APIService struct { // +kubebuilder:validation:Optional - // CaMount - dst location to mount the CA cert ca.crt to. Can be used if the service CA cert should be mounted specifically, e.g. to be set in a service config for validation, instead of the env wide bundle. - CaMount *string `json:"caMount,omitempty"` + // SecretName - holding the cert, key for the service + SecretName *string `json:"secretName,omitempty"` + // +kubebuilder:validation:Optional - // DisableNonTLSListeners - disable non TLS listeners of the service (if supported) - DisableNonTLSListeners bool `json:"disableNonTLSListeners,omitempty"` + // IssuerName - name of the issuer to be used to issue certificate for the service + IssuerName *string `json:"issuerName"` } // Ca contains CA-specific settings, which could be used both by services (to define their own CA certificates) // and by clients (to verify the server's certificate) type Ca struct { - // +kubebuilder:validation:Optional // CaBundleSecretName - holding the CA certs in a pre-created bundle file CaBundleSecretName string `json:"caBundleSecretName,omitempty"` +} - // +kubebuilder:validation:Optional - // +kubebuilder:default="/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" - // CaBundleMount - dst location to mount the CA cert bundle - CaBundleMount *string `json:"caBundleMount"` +// Service contains server-specific TLS secret +// +kubebuilder:object:generate:=false +type Service struct { + // SecretName - holding the cert, key for the service + SecretName string `json:"secretName"` + + // CertMount - dst location to mount the service tls.crt cert. Can be used to override the default location which is /etc/tls/certs/.crt + CertMount *string `json:"certMount,omitempty"` + + // KeyMount - dst location to mount the service tls.key key. Can be used to override the default location which is /etc/tls/private/.key + KeyMount *string `json:"keyMount,omitempty"` + + // CaMount - dst location to mount the CA cert ca.crt to. Can be used if the service CA cert should be mounted specifically, e.g. to be set in a service config for validation, instead of the env wide bundle. + CaMount *string `json:"caMount,omitempty"` } // TLS - a generic type, which encapsulates both the service and CA configurations // Service is for the services with a single endpoint // TypedSecretName handles multiple service endpoints with respective secrets +// +kubebuilder:object:generate:=false type TLS struct { // certificate configuration for API service certs APIService map[service.Endpoint]Service `json:"APIService"` // certificate configuration for additional arbitrary certs Service map[string]Service `json:"service"` // CA bundle configuration - Ca *Ca `json:"ca"` + *Ca `json:",inline"` +} + +// Enabled - returns true if the tls is not disabled for the service and +// TLS endpoint configuration is available +func (a *API) Enabled() bool { + return (a.Disabled == nil || (a.Disabled != nil && !*a.Disabled)) && + a.Endpoint != nil +} + +// ToService - convert tls.APIService to tls.Service +func (s *APIService) ToService() (*Service, error) { + toS := &Service{} + + sBytes, err := json.Marshal(s) + if err != nil { + return nil, fmt.Errorf("error marshalling api service: %w", err) + } + + err = json.Unmarshal(sBytes, toS) + if err != nil { + return nil, fmt.Errorf("error unmarshalling tls service: %w", err) + } + + return toS, nil +} + +// EndpointToServiceMap - converts API.Endpoint into map[service.Endpoint]Service +func (a *API) EndpointToServiceMap() (map[service.Endpoint]Service, error) { + sMap := map[service.Endpoint]Service{} + for endpt, cfg := range a.Endpoint { + a, err := cfg.ToService() + if err != nil { + return nil, err + } + sMap[endpt] = *a + } + + return sMap, nil +} + +// ValidateCACertSecret - validates the content of the cert secret to make sure "tls-ca-bundle.pem" key exist +func ValidateCACertSecret( + ctx context.Context, + c client.Client, + caSecret types.NamespacedName, +) (string, ctrl.Result, error) { + hash, ctrlResult, err := secret.VerifySecret( + ctx, + caSecret, + []string{CABundleKey}, + c, + 5*time.Second) + if err != nil { + return "", ctrlResult, err + } else if (ctrlResult != ctrl.Result{}) { + return "", ctrlResult, nil + } + + return hash, ctrl.Result{}, nil } // NewTLS - initialize and return a TLS struct -func NewTLS(ctx context.Context, h *helper.Helper, namespace string, serviceMap map[string]Service, endpointMap map[string]service.Endpoint, ca *Ca) (*TLS, error) { +func NewTLS(ctx context.Context, h *helper.Helper, namespace string, serviceMap map[string]Service, endpointMap map[string]service.Endpoint, ca *Ca) (*TLS, ctrl.Result, error) { apiService := make(map[service.Endpoint]Service) // Ensure service SecretName exists for each service in the map or return an error for serviceName, service := range serviceMap { - if service.SecretName != "" { - secretData, _, err := secret.GetSecret(ctx, h, service.SecretName, namespace) - if err != nil { - return nil, fmt.Errorf("error ensuring secret %s exists for service '%s': %w", service.SecretName, serviceName, err) - } - - _, keyOk := secretData.Data["tls.key"] - _, certOk := secretData.Data["tls.crt"] - if !keyOk || !certOk { - return nil, fmt.Errorf("secret %s for service '%s' does not contain both tls.key and tls.crt", service.SecretName, serviceName) - } + _, ctrlResult, err := service.ValidateCertSecret(ctx, h, namespace) + if err != nil { + return nil, ctrlResult, err + } else if (ctrlResult != ctrl.Result{}) { + return nil, ctrlResult, nil } // Use the endpointMap to get the correct Endpoint type for the apiService key endpoint, ok := endpointMap[serviceName] if !ok { - return nil, fmt.Errorf("no endpoint defined for service '%s'", serviceName) + return nil, ctrl.Result{}, fmt.Errorf("no endpoint defined for service '%s'", serviceName) } apiService[endpoint] = service } @@ -111,55 +203,115 @@ func NewTLS(ctx context.Context, h *helper.Helper, namespace string, serviceMap APIService: apiService, Service: serviceMap, Ca: ca, - }, nil + }, ctrl.Result{}, nil +} + +// ValidateCertSecret - validates the content of the cert secret to make sure "tls.key", "tls.crt" and optional "ca.crt" keys exist +func (s *Service) ValidateCertSecret(ctx context.Context, h *helper.Helper, namespace string) (string, ctrl.Result, error) { + // define keys to expect in cert secret + keys := []string{PrivateKey, CertKey} + if s.CaMount != nil { + keys = append(keys, CAKey) + } + + hash, ctrlResult, err := secret.VerifySecret( + ctx, + types.NamespacedName{Name: s.SecretName, Namespace: namespace}, + keys, + h.GetClient(), + 5*time.Second) + if err != nil { + return "", ctrlResult, err + } else if (ctrlResult != ctrl.Result{}) { + return "", ctrlResult, nil + } + + return hash, ctrl.Result{}, nil +} + +// ValidateEndpointCerts - validates all services from an endpointCfgs and +// returns the hash of hashes for all the certificates +func ValidateEndpointCerts( + ctx context.Context, + h *helper.Helper, + namespace string, + endpointCfgs map[service.Endpoint]Service, +) (string, ctrl.Result, error) { + certHashes := map[string]env.Setter{} + for endpt, endpointTLSCfg := range endpointCfgs { + if endpointTLSCfg.SecretName != "" { + // validate the cert secret has the expected keys + hash, ctrlResult, err := endpointTLSCfg.ValidateCertSecret(ctx, h, namespace) + if err != nil { + return "", ctrlResult, err + } else if (ctrlResult != ctrl.Result{}) { + return "", ctrlResult, nil + } + + certHashes["cert-"+endpt.String()] = env.SetValue(hash) + } + } + + certsHash, err := util.HashOfInputHashes(certHashes) + if err != nil { + return "", ctrl.Result{}, err + } + return certsHash, ctrl.Result{}, nil } // CreateVolumeMounts - add volume mount for TLS certificates and CA certificate for the service -func (s *Service) CreateVolumeMounts() []corev1.VolumeMount { - var volumeMounts []corev1.VolumeMount +func (s *Service) CreateVolumeMounts(serviceID string) []corev1.VolumeMount { + volumeMounts := []corev1.VolumeMount{} + + if serviceID == "" { + serviceID = "default" + } if s.SecretName != "" { - certMountPath := "/etc/pki/tls/certs/tls.crt" + certMountPath := fmt.Sprintf("/etc/pki/tls/certs/%s.crt", serviceID) if s.CertMount != nil { certMountPath = *s.CertMount } - keyMountPath := "/etc/pki/tls/private/tls.key" + keyMountPath := fmt.Sprintf("/etc/pki/tls/private/%s.key", serviceID) if s.KeyMount != nil { keyMountPath = *s.KeyMount } volumeMounts = append(volumeMounts, corev1.VolumeMount{ - Name: "tls-crt", + Name: serviceID + "-tls-certs", MountPath: certMountPath, - SubPath: "tls.crt", + SubPath: CertKey, ReadOnly: true, }, corev1.VolumeMount{ - Name: "tls-key", + Name: serviceID + "-tls-certs", MountPath: keyMountPath, - SubPath: "tls.key", + SubPath: PrivateKey, ReadOnly: true, }) - } - if s.CaMount != nil { - volumeMounts = append(volumeMounts, corev1.VolumeMount{ - Name: "ca-certs", - MountPath: *s.CaMount, - ReadOnly: true, - }) + if s.CaMount != nil { + volumeMounts = append(volumeMounts, corev1.VolumeMount{ + Name: serviceID + "-tls-certs", + MountPath: *s.CaMount, + SubPath: CAKey, + ReadOnly: true, + }) + } } return volumeMounts } -// CreateVolumes - add volume for TLS certificates and CA certificate for the service -func (s *Service) CreateVolumes() []corev1.Volume { - var volumes []corev1.Volume - +// CreateVolume - add volume for TLS certificates and CA certificate for the service +func (s *Service) CreateVolume(serviceID string) corev1.Volume { + volume := corev1.Volume{} + if serviceID == "" { + serviceID = "default" + } if s.SecretName != "" { - volume := corev1.Volume{ - Name: "tls-certs", + volume = corev1.Volume{ + Name: serviceID + "-tls-certs", VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: s.SecretName, @@ -167,46 +319,39 @@ func (s *Service) CreateVolumes() []corev1.Volume { }, }, } - volumes = append(volumes, volume) - } - - if s.CaMount != nil { - caVolume := corev1.Volume{ - Name: "ca-certs", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - SecretName: *s.CaMount, - DefaultMode: ptr.To[int32](0444), - }, - }, - } - volumes = append(volumes, caVolume) } - return volumes + return volume } // CreateVolumeMounts creates volume mounts for CA bundle file -func (c *Ca) CreateVolumeMounts() []corev1.VolumeMount { - var volumeMounts []corev1.VolumeMount +func (c *Ca) CreateVolumeMounts(caBundleMount *string) []corev1.VolumeMount { + volumeMounts := []corev1.VolumeMount{} - if c.CaBundleMount != nil { - volumeMounts = append(volumeMounts, corev1.VolumeMount{ - Name: CABundleLabel, - MountPath: *c.CaBundleMount, - ReadOnly: true, - }) + if caBundleMount == nil { + caBundleMount = ptr.To("/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem") + } + + if c.CaBundleSecretName != "" { + volumeMounts = []corev1.VolumeMount{ + { + Name: CABundleLabel, + MountPath: *caBundleMount, + SubPath: CABundleKey, + ReadOnly: true, + }, + } } return volumeMounts } -// CreateVolumes creates volumes for CA bundle file -func (c *Ca) CreateVolumes() []corev1.Volume { - var volumes []corev1.Volume +// CreateVolume creates volumes for CA bundle file +func (c *Ca) CreateVolume() corev1.Volume { + volume := corev1.Volume{} - if c.CaBundleSecretName != "" && c.CaBundleMount != nil { - volume := corev1.Volume{ + if c.CaBundleSecretName != "" { + volume = corev1.Volume{ Name: CABundleLabel, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ @@ -215,47 +360,45 @@ func (c *Ca) CreateVolumes() []corev1.Volume { }, }, } - volumes = append(volumes, volume) } - return volumes + return volume } // CreateDatabaseClientConfig - connection flags for the MySQL client // Configures TLS connections for clients that use TLS certificates // returns a string of mysql config statements // (vfisarov): Note dciabrin to recheck this after updates -func (t *TLS) CreateDatabaseClientConfig() string { +func (t *TLS) CreateDatabaseClientConfig(caBundleMount *string) string { conn := []string{} // This assumes certificates are always injected in // a common directory for all services for _, service := range t.Service { - if service.SecretName != "" { - certPath := "/etc/pki/tls/certs/tls.crt" - keyPath := "/etc/pki/tls/private/tls.key" - // Override paths if custom mounts are defined - if service.CertMount != nil { - certPath = *service.CertMount - } - if service.KeyMount != nil { - keyPath = *service.KeyMount - } + certPath := "/etc/pki/tls/certs/tls.crt" + keyPath := "/etc/pki/tls/private/tls.key" - conn = append(conn, - fmt.Sprintf("ssl-cert=%s", certPath), - fmt.Sprintf("ssl-key=%s", keyPath), - ) + // Override paths if custom mounts are defined + if service.CertMount != nil { + certPath = *service.CertMount } + if service.KeyMount != nil { + keyPath = *service.KeyMount + } + + conn = append(conn, + fmt.Sprintf("ssl-cert=%s", certPath), + fmt.Sprintf("ssl-key=%s", keyPath), + ) } // Client uses a CA certificate that gets merged // into the pod's CA bundle by kolla_start if t.Ca != nil && t.Ca.CaBundleSecretName != "" { caPath := "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" - if t.Ca.CaBundleMount != nil { - caPath = *t.Ca.CaBundleMount + if caBundleMount != nil { + caPath = *caBundleMount } conn = append(conn, fmt.Sprintf("ssl-ca=%s", caPath)) } diff --git a/modules/common/tls/tls_test.go b/modules/common/tls/tls_test.go index b2aaf77c..fb82ec4c 100644 --- a/modules/common/tls/tls_test.go +++ b/modules/common/tls/tls_test.go @@ -17,105 +17,380 @@ limitations under the License. package tls import ( - "strings" "testing" corev1 "k8s.io/api/core/v1" + "k8s.io/utils/ptr" + + . "github.com/onsi/gomega" + "github.com/openstack-k8s-operators/lib-common/modules/common/service" ) -func TestCreateVolumeMounts(t *testing.T) { - caCert := "ca-cert" +func TestAPIEnabled(t *testing.T) { tests := []struct { - name string - service *Service - wantMountsLen int + name string + api *API + want bool }{ { - name: "No Secrets", - service: &Service{}, - wantMountsLen: 0, + name: "empty API", + api: &API{}, + want: false, }, { - name: "Only TLS Secret", - service: &Service{SecretName: "test-tls-secret"}, - wantMountsLen: 2, + name: "defined API Endpoint map", + api: &API{ + Disabled: nil, + Endpoint: map[service.Endpoint]APIService{}, + }, + want: true, }, { - name: "Only CA Secret", - service: &Service{ - CaMount: &caCert, + name: "empty API Endpoint map", + api: &API{ + Disabled: ptr.To(true), + Endpoint: map[service.Endpoint]APIService{}, + }, + want: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + g.Expect(tt.api.Enabled()).To(BeEquivalentTo(tt.want)) + }) + } +} + +func TestAPIEndpointToService(t *testing.T) { + tests := []struct { + name string + api *API + want map[service.Endpoint]Service + }{ + { + name: "empty API", + api: &API{}, + want: map[service.Endpoint]Service{}, + }, + { + name: "empty API.Endpoint", + api: &API{ + Endpoint: map[service.Endpoint]APIService{}, + }, + want: map[service.Endpoint]Service{}, + }, + { + name: "empty API.Endpoint entry", + api: &API{ + Endpoint: map[service.Endpoint]APIService{ + service.EndpointInternal: {}, + }, + }, + want: map[service.Endpoint]Service{}, + }, + { + name: "empty API.Endpoint entry", + api: &API{ + Endpoint: map[service.Endpoint]APIService{ + service.EndpointInternal: { + SecretName: ptr.To("foo"), + }, + }, + }, + want: map[service.Endpoint]Service{ + service.EndpointInternal: { + SecretName: "foo", + }, + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + s, err := tt.api.EndpointToServiceMap() + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(s).NotTo(BeNil()) + }) + } +} + +func TestAPIServiceToService(t *testing.T) { + tests := []struct { + name string + apiservice *APIService + want Service + }{ + { + name: "empty APIService", + apiservice: &APIService{}, + want: Service{}, + }, + { + name: "APIService SecretName specified", + apiservice: &APIService{ + SecretName: ptr.To("foo"), + }, + want: Service{ + SecretName: "foo", + }, + }, + { + name: "APIService SecretName nil", + apiservice: &APIService{ + SecretName: nil, + }, + want: Service{ + SecretName: "", + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + s, err := tt.apiservice.ToService() + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(s).NotTo(BeNil()) + }) + } +} + +func TestServiceCreateVolumeMounts(t *testing.T) { + tests := []struct { + name string + service *Service + id string + want []corev1.VolumeMount + }{ + { + name: "No TLS Secret", + service: &Service{}, + id: "foo", + want: []corev1.VolumeMount{}, + }, + { + name: "Only TLS Secret", + service: &Service{SecretName: "cert-secret"}, + id: "foo", + want: []corev1.VolumeMount{ + { + MountPath: "/etc/pki/tls/certs/foo.crt", + Name: "foo-tls-certs", + ReadOnly: true, + SubPath: "tls.crt", + }, + { + MountPath: "/etc/pki/tls/private/foo.key", + Name: "foo-tls-certs", + ReadOnly: true, + SubPath: "tls.key", + }, + }, + }, + { + name: "Only TLS Secret no serviceID", + service: &Service{SecretName: "cert-secret"}, + want: []corev1.VolumeMount{ + { + MountPath: "/etc/pki/tls/certs/default.crt", + Name: "default-tls-certs", + ReadOnly: true, + SubPath: "tls.crt", + }, + { + MountPath: "/etc/pki/tls/private/default.key", + Name: "default-tls-certs", + ReadOnly: true, + SubPath: "tls.key", + }, }, - wantMountsLen: 1, }, { name: "TLS and CA Secrets", service: &Service{ - SecretName: "test-tls-secret", - CaMount: &caCert, + SecretName: "cert-secret", + CaMount: ptr.To("/mount/my/ca.crt"), + }, + id: "foo", + want: []corev1.VolumeMount{ + { + MountPath: "/etc/pki/tls/certs/foo.crt", + Name: "foo-tls-certs", + ReadOnly: true, + SubPath: "tls.crt", + }, + { + MountPath: "/etc/pki/tls/private/foo.key", + Name: "foo-tls-certs", + ReadOnly: true, + SubPath: "tls.key", + }, + { + MountPath: "/mount/my/ca.crt", + Name: "foo-tls-certs", + ReadOnly: true, + SubPath: "ca.crt", + }, }, - wantMountsLen: 3, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - mounts := tt.service.CreateVolumeMounts() - if len(mounts) != tt.wantMountsLen { - t.Errorf("CreateVolumeMounts() got = %v mounts, want %v mounts", len(mounts), tt.wantMountsLen) - } + g := NewWithT(t) + + mounts := tt.service.CreateVolumeMounts(tt.id) + g.Expect(mounts).To(HaveLen(len(tt.want))) + g.Expect(mounts).To(Equal(tt.want)) }) } } -func TestCreateVolumes(t *testing.T) { +func TestServiceCreateVolume(t *testing.T) { tests := []struct { - name string - serviceMap map[string]Service - ca *Ca - wantVolLen int + name string + service *Service + id string + want corev1.Volume }{ { - name: "No Secrets", - serviceMap: map[string]Service{}, - ca: &Ca{}, - wantVolLen: 0, - }, - { - name: "Only TLS Secret", - serviceMap: map[string]Service{"test-service": {SecretName: "test-tls-secret"}}, - ca: &Ca{}, - wantVolLen: 1, - }, - // { - // name: "Only CA Secret", - // serviceMap: map[string]Service{}, - // ca: &Ca{CaBundleSecretName: "test-ca1"}, - // wantVolLen: 1, - // }, - // { - // name: "TLS and CA Secrets", - // serviceMap: map[string]Service{"test-service": {SecretName: "test-tls-secret"}}, - // ca: &Ca{CaBundleSecretName: "test-ca1"}, - // wantVolLen: 2, - // }, - // { - // name: "TLS with Custom CA Mount", - // serviceMap: map[string]Service{"test-service": {SecretName: "test-tls-secret", CaMount: ptr.String("custom-ca-mount")}}, - // ca: &Ca{CaBundleSecretName: "test-ca1"}, - // wantVolLen: 3, - // }, + name: "No Secrets", + service: &Service{}, + want: corev1.Volume{}, + }, + { + name: "Only TLS Secret", + service: &Service{SecretName: "cert-secret"}, + id: "foo", + want: corev1.Volume{ + Name: "foo-tls-certs", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "cert-secret", + DefaultMode: ptr.To[int32](0440), + }, + }, + }, + }, + { + name: "Only TLS Secret no serviceID", + service: &Service{SecretName: "cert-secret"}, + want: corev1.Volume{ + Name: "default-tls-certs", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "cert-secret", + DefaultMode: ptr.To[int32](0440), + }, + }, + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - tlsInstance := &TLS{Service: tt.serviceMap, Ca: tt.ca} - volumes := make([]corev1.Volume, 0) - for _, svc := range tlsInstance.Service { - volumes = append(volumes, svc.CreateVolumes()...) - } - if len(volumes) != tt.wantVolLen { - t.Errorf("CreateVolumes() got = %v volumes, want %v volumes", len(volumes), tt.wantVolLen) - } + g := NewWithT(t) + + volume := tt.service.CreateVolume(tt.id) + g.Expect(volume).To(Equal(tt.want)) + }) + } +} + +func TestCACreateVolumeMounts(t *testing.T) { + tests := []struct { + name string + ca *Ca + caBundleMount *string + want []corev1.VolumeMount + }{ + { + name: "Empty Ca", + ca: &Ca{}, + want: []corev1.VolumeMount{}, + }, + { + name: "Only CaBundleSecretName no caBundleMount", + ca: &Ca{ + CaBundleSecretName: "ca-secret", + }, + want: []corev1.VolumeMount{ + { + MountPath: "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", + Name: "combined-ca-bundle", + ReadOnly: true, + SubPath: "tls-ca-bundle.pem", + }, + }, + }, + { + name: "CaBundleSecretName and caBundleMount", + ca: &Ca{ + CaBundleSecretName: "ca-secret", + }, + caBundleMount: ptr.To("/mount/my/ca.crt"), + want: []corev1.VolumeMount{ + { + MountPath: "/mount/my/ca.crt", + Name: "combined-ca-bundle", + ReadOnly: true, + SubPath: "tls-ca-bundle.pem", + }, + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + mounts := tt.ca.CreateVolumeMounts(tt.caBundleMount) + g.Expect(mounts).To(HaveLen(len(tt.want))) + g.Expect(mounts).To(Equal(tt.want)) + }) + } +} + +func TestCaCreateVolume(t *testing.T) { + tests := []struct { + name string + ca *Ca + want corev1.Volume + }{ + { + name: "Empty Ca", + ca: &Ca{}, + want: corev1.Volume{}, + }, + { + name: "Set CaBundleSecretName", + ca: &Ca{ + CaBundleSecretName: "ca-secret", + }, + want: corev1.Volume{ + Name: "combined-ca-bundle", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "ca-secret", + DefaultMode: ptr.To[int32](0444), + }, + }, + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + volume := tt.ca.CreateVolume() + g.Expect(volume).To(Equal(tt.want)) }) } } @@ -160,24 +435,16 @@ func TestGenerateTLSConnectionConfig(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + tlsInstance := &TLS{Service: tt.services, Ca: tt.ca} - configStr := tlsInstance.CreateDatabaseClientConfig() - var missingStmts []string + configStr := tlsInstance.CreateDatabaseClientConfig(nil) + for _, stmt := range tt.wantStmts { - if !strings.Contains(configStr, stmt) { - missingStmts = append(missingStmts, stmt) - } + g.Expect(configStr).To(ContainSubstring(stmt)) } - var unexpectedStmts []string for _, stmt := range tt.excludeStmts { - if strings.Contains(configStr, stmt) { - unexpectedStmts = append(unexpectedStmts, stmt) - } - } - if len(missingStmts) != 0 || len(unexpectedStmts) != 0 { - t.Errorf("CreateDatabaseClientConfig() "+ - "missing statements: %v, unexpected statements: %v", - missingStmts, unexpectedStmts) + g.Expect(configStr).ToNot(ContainSubstring(stmt)) } }) } diff --git a/modules/common/tls/zz_generated.deepcopy.go b/modules/common/tls/zz_generated.deepcopy.go index 9bed0c4a..8a9e1ac9 100644 --- a/modules/common/tls/zz_generated.deepcopy.go +++ b/modules/common/tls/zz_generated.deepcopy.go @@ -26,85 +26,69 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Ca) DeepCopyInto(out *Ca) { +func (in *API) DeepCopyInto(out *API) { *out = *in - if in.CaBundleMount != nil { - in, out := &in.CaBundleMount, &out.CaBundleMount - *out = new(string) + if in.Disabled != nil { + in, out := &in.Disabled, &out.Disabled + *out = new(bool) **out = **in } + if in.Endpoint != nil { + in, out := &in.Endpoint, &out.Endpoint + *out = make(map[service.Endpoint]APIService, len(*in)) + for key, val := range *in { + (*out)[key] = *val.DeepCopy() + } + } + out.Ca = in.Ca } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Ca. -func (in *Ca) DeepCopy() *Ca { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new API. +func (in *API) DeepCopy() *API { if in == nil { return nil } - out := new(Ca) + out := new(API) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Service) DeepCopyInto(out *Service) { +func (in *APIService) DeepCopyInto(out *APIService) { *out = *in - if in.CertMount != nil { - in, out := &in.CertMount, &out.CertMount - *out = new(string) - **out = **in - } - if in.KeyMount != nil { - in, out := &in.KeyMount, &out.KeyMount + if in.SecretName != nil { + in, out := &in.SecretName, &out.SecretName *out = new(string) **out = **in } - if in.CaMount != nil { - in, out := &in.CaMount, &out.CaMount + if in.IssuerName != nil { + in, out := &in.IssuerName, &out.IssuerName *out = new(string) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Service. -func (in *Service) DeepCopy() *Service { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIService. +func (in *APIService) DeepCopy() *APIService { if in == nil { return nil } - out := new(Service) + out := new(APIService) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLS) DeepCopyInto(out *TLS) { +func (in *Ca) DeepCopyInto(out *Ca) { *out = *in - if in.APIService != nil { - in, out := &in.APIService, &out.APIService - *out = make(map[service.Endpoint]Service, len(*in)) - for key, val := range *in { - (*out)[key] = *val.DeepCopy() - } - } - if in.Service != nil { - in, out := &in.Service, &out.Service - *out = make(map[string]Service, len(*in)) - for key, val := range *in { - (*out)[key] = *val.DeepCopy() - } - } - if in.Ca != nil { - in, out := &in.Ca, &out.Ca - *out = new(Ca) - (*in).DeepCopyInto(*out) - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLS. -func (in *TLS) DeepCopy() *TLS { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Ca. +func (in *Ca) DeepCopy() *Ca { if in == nil { return nil } - out := new(TLS) + out := new(Ca) in.DeepCopyInto(out) return out } diff --git a/modules/openstack/go.mod b/modules/openstack/go.mod index 9c089eda..1534857d 100644 --- a/modules/openstack/go.mod +++ b/modules/openstack/go.mod @@ -39,11 +39,11 @@ require ( github.com/prometheus/common v0.37.0 // indirect github.com/prometheus/procfs v0.8.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - golang.org/x/net v0.17.0 // indirect + golang.org/x/net v0.18.0 // indirect golang.org/x/oauth2 v0.4.0 // indirect golang.org/x/sys v0.14.0 // indirect - golang.org/x/term v0.13.0 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/term v0.14.0 // indirect + golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/modules/openstack/go.sum b/modules/openstack/go.sum index d65bf0a2..185362e1 100644 --- a/modules/openstack/go.sum +++ b/modules/openstack/go.sum @@ -364,8 +364,8 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= +golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -431,8 +431,8 @@ golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= +golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -441,8 +441,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -490,7 +490,7 @@ golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= +golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/modules/storage/go.mod b/modules/storage/go.mod index 668bda1d..82d6740b 100644 --- a/modules/storage/go.mod +++ b/modules/storage/go.mod @@ -10,6 +10,7 @@ require ( require ( github.com/onsi/ginkgo/v2 v2.13.1 // indirect github.com/rogpeppe/go-internal v1.10.0 // indirect + golang.org/x/tools v0.15.0 // indirect ) require ( @@ -23,8 +24,8 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/stretchr/testify v1.8.1 // indirect - golang.org/x/net v0.17.0 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/net v0.18.0 // indirect + golang.org/x/text v0.14.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/modules/storage/go.sum b/modules/storage/go.sum index ebe54dc3..eea80a21 100644 --- a/modules/storage/go.sum +++ b/modules/storage/go.sum @@ -65,8 +65,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= +golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -77,13 +77,14 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= +golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= +golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/modules/test/go.mod b/modules/test/go.mod index b9a9a35b..01955851 100644 --- a/modules/test/go.mod +++ b/modules/test/go.mod @@ -5,7 +5,7 @@ go 1.19 require ( github.com/go-logr/logr v1.3.0 github.com/onsi/gomega v1.30.0 - golang.org/x/mod v0.13.0 + golang.org/x/mod v0.14.0 ) require ( @@ -14,8 +14,9 @@ require ( github.com/kr/pretty v0.3.1 // indirect github.com/onsi/ginkgo/v2 v2.13.1 // indirect github.com/rogpeppe/go-internal v1.10.0 // indirect - golang.org/x/net v0.17.0 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/net v0.18.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/tools v0.15.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/modules/test/go.sum b/modules/test/go.sum index 4252f967..10a0722f 100644 --- a/modules/test/go.sum +++ b/modules/test/go.sum @@ -25,15 +25,16 @@ github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsK github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= -golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= -golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= +golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= +golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=