From 63953a5e6a93386706795fe0111d9530efd804bd Mon Sep 17 00:00:00 2001 From: Martin Schuppert Date: Wed, 15 Nov 2023 14:56:54 +0100 Subject: [PATCH] [tls] wip --- modules/common/tls/tls.go | 274 +++++++++++--------- modules/common/tls/tls_test.go | 15 +- modules/common/tls/zz_generated.deepcopy.go | 33 +++ modules/storage/go.mod | 5 +- modules/storage/go.sum | 11 +- modules/test/go.mod | 7 +- modules/test/go.sum | 15 +- 7 files changed, 212 insertions(+), 148 deletions(-) diff --git a/modules/common/tls/tls.go b/modules/common/tls/tls.go index a6cf3c71..db2f6fd6 100644 --- a/modules/common/tls/tls.go +++ b/modules/common/tls/tls.go @@ -22,39 +22,55 @@ import ( "context" "fmt" "strings" + "time" - "golang.org/x/exp/slices" - + "github.com/openstack-k8s-operators/lib-common/modules/common/env" "github.com/openstack-k8s-operators/lib-common/modules/common/helper" "github.com/openstack-k8s-operators/lib-common/modules/common/secret" "github.com/openstack-k8s-operators/lib-common/modules/common/service" + "github.com/openstack-k8s-operators/lib-common/modules/common/util" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" "k8s.io/utils/ptr" + ctrl "sigs.k8s.io/controller-runtime" ) const ( // CABundleLabel added to the CA bundle secret for the namespace CABundleLabel = "combined-ca-bundle" + // CABundleKey - key of the secret entry holding the ca bundle + CABundleKey = "tls-ca-bundle.pem" + + // CertKey - key of the secret entry holding the cert + CertKey = "tls.crt" + // PrivateKey - key of the secret entry holding the cert private key + PrivateKey = "tls.key" + // CAKey - key of the secret entry holding the ca + CAKey = "ca.crt" ) // Service contains server-specific TLS secret type Service struct { - /// +kubebuilder:validation:Optional + // +kubebuilder:validation:Optional // SecretName - holding the cert, key for the service - SecretName string `json:"secretName,omitempty"` + SecretName *string `json:"secretName,omitempty"` // +kubebuilder:validation:Optional + // IssuerName - name of the issuer to be used to issue certificate for the service IssuerName *string `json:"issuerName,omitempty"` // +kubebuilder:validation:Optional - // CertMount - dst location to mount the service tls.crt cert. Can be used to override the default location which is /etc/tls//tls.crt + // CertMount - dst location to mount the service tls.crt cert. Can be used to override the default location which is /etc/tls/certs/.crt CertMount *string `json:"certMount,omitempty"` + // +kubebuilder:validation:Optional - // KeyMount - dst location to mount the service tls.key key. Can be used to override the default location which is /etc/tls//tls.key + // KeyMount - dst location to mount the service tls.key key. Can be used to override the default location which is /etc/tls/private/.key KeyMount *string `json:"keyMount,omitempty"` + // +kubebuilder:validation:Optional // CaMount - dst location to mount the CA cert ca.crt to. Can be used if the service CA cert should be mounted specifically, e.g. to be set in a service config for validation, instead of the env wide bundle. CaMount *string `json:"caMount,omitempty"` + // +kubebuilder:validation:Optional // DisableNonTLSListeners - disable non TLS listeners of the service (if supported) DisableNonTLSListeners bool `json:"disableNonTLSListeners,omitempty"` @@ -82,102 +98,46 @@ type TLS struct { // certificate configuration for additional arbitrary certs Service map[string]Service `json:"service"` // CA bundle configuration - Ca *Ca `json:"ca"` -} - -// +kubebuilder:object:generate:=false -// DeplomentResources - holding information to be passed in to any deployment require tls certificates -type DeplomentResources struct { - // Volumes - - Volumes []Volume + *Ca `json:",inline"` } -// +kubebuilder:object:generate:=false -// Volume - -type Volume struct { - // this Volume reflects a CA mount - IsCA bool - // Volume base of the mounts - Volume corev1.Volume - // VolumeMounts - VolumeMounts []corev1.VolumeMount - // Hash of the VolumeMounts. Note: e.g. secret.VerifySecret() can be used to validate - // the secret holds the expected keys and returns a hash of the values of the expected fields. - Hash string -} - -// GetVolumeMounts - returns all VolumeMounts from a DeplomentResources. If caOnly -// is provided, only the Volumemounts for CA certs gets returned -func (d *DeplomentResources) GetVolumeMounts(caOnly bool) []corev1.VolumeMount { - volumemounts := []corev1.VolumeMount{} - - for _, vol := range d.Volumes { - - // skip non CA VolumesMounts if caOnly requested - if caOnly == true && !vol.IsCA { - continue - } - - for _, volmnt := range vol.VolumeMounts { - // check if the VolumeMount is already in the volumes list - f := func(v corev1.VolumeMount) bool { - return v.Name == volmnt.Name && v.SubPath == volmnt.SubPath - } - if idx := slices.IndexFunc(volumemounts, f); idx < 0 { - volumemounts = append(volumemounts, volmnt) - } - } - } - - return volumemounts -} - -// GetVolumes - returns all Volumes from a DeplomentResources. If caOnly -// is provided, only the Volumes for CA certs gets returned -func (d *DeplomentResources) GetVolumes(caOnly bool) []corev1.Volume { - volumes := []corev1.Volume{} - for _, vol := range d.Volumes { - // skip non CA volumes if caOnly requested - if caOnly == true && !vol.IsCA { - continue - } - - // check if the Volume is already in the volumes list - f := func(v corev1.Volume) bool { - return v.Name == vol.Volume.Name - } - if idx := slices.IndexFunc(volumes, f); idx < 0 { - volumes = append(volumes, vol.Volume) - } - } - - return volumes +// API - API tls type which encapsulates both the service and CA configuration. +type API struct { + // +kubebuilder:validation:Optional + // Disable TLS for the deployment of the service + Disable *bool `json:"disable,omitempty"` + + // +kubebuilder:validation:optional + // +operator-sdk:csv:customresourcedefinitions:type=spec + // The key must be the endpoint type (public, internal) + Endpoint map[service.Endpoint]Service `json:"endpoint,omitempty"` + + // +kubebuilder:validation:optional + // +operator-sdk:csv:customresourcedefinitions:type=spec + // Secret containing CA bundle + Ca `json:",inline"` } // NewTLS - initialize and return a TLS struct -func NewTLS(ctx context.Context, h *helper.Helper, namespace string, serviceMap map[string]Service, endpointMap map[string]service.Endpoint, ca *Ca) (*TLS, error) { +func NewTLS(ctx context.Context, h *helper.Helper, namespace string, serviceMap map[string]Service, endpointMap map[string]service.Endpoint, ca *Ca) (*TLS, ctrl.Result, error) { apiService := make(map[service.Endpoint]Service) // Ensure service SecretName exists for each service in the map or return an error for serviceName, service := range serviceMap { - if service.SecretName != "" { - secretData, _, err := secret.GetSecret(ctx, h, service.SecretName, namespace) + if service.SecretName != nil { + _, ctrlResult, err := service.ValidateCertSecret(ctx, h, namespace) if err != nil { - return nil, fmt.Errorf("error ensuring secret %s exists for service '%s': %w", service.SecretName, serviceName, err) - } - - _, keyOk := secretData.Data["tls.key"] - _, certOk := secretData.Data["tls.crt"] - if !keyOk || !certOk { - return nil, fmt.Errorf("secret %s for service '%s' does not contain both tls.key and tls.crt", service.SecretName, serviceName) + return nil, ctrlResult, err + } else if (ctrlResult != ctrl.Result{}) { + return nil, ctrlResult, nil } } // Use the endpointMap to get the correct Endpoint type for the apiService key endpoint, ok := endpointMap[serviceName] if !ok { - return nil, fmt.Errorf("no endpoint defined for service '%s'", serviceName) + return nil, ctrl.Result{}, fmt.Errorf("no endpoint defined for service '%s'", serviceName) } apiService[endpoint] = service } @@ -186,41 +146,104 @@ func NewTLS(ctx context.Context, h *helper.Helper, namespace string, serviceMap APIService: apiService, Service: serviceMap, Ca: ca, - }, nil + }, ctrl.Result{}, nil +} + +// ValidateCertSecret - validates the content of the cert secret to make sure "tls.key", "tls.crt" and optional "ca.crt" keys exist +func (s *Service) ValidateCertSecret(ctx context.Context, h *helper.Helper, namespace string) (string, ctrl.Result, error) { + // define keys to expect in cert secret + keys := []string{PrivateKey, CertKey} + if s.CaMount != nil { + keys = append(keys, CAKey) + } + + if s.SecretName != nil { + hash, ctrlResult, err := secret.VerifySecret( + ctx, + types.NamespacedName{Name: *s.SecretName, Namespace: namespace}, + keys, + h.GetClient(), + 5*time.Second) + if err != nil { + return "", ctrlResult, err + } else if (ctrlResult != ctrl.Result{}) { + return "", ctrlResult, nil + } + + return hash, ctrl.Result{}, nil + } + + return "", ctrl.Result{}, nil +} + +// Enabled - returns true if the tls is not disabled for the service and +// TLS endpoint configuration is available +func (s *API) Enabled() bool { + return (s.Disable == nil || (s.Disable != nil && !*s.Disable)) && + s.Endpoint != nil +} + +// ValidateEndpointCerts - validates all services from an endpointCfgs and +// returns the hash of hashes for all the certificates +func ValidateEndpointCerts( + ctx context.Context, + h *helper.Helper, + namespace string, + endpointCfgs map[service.Endpoint]Service, +) (string, ctrl.Result, error) { + certHashes := map[string]env.Setter{} + for endpt, endpointTLSCfg := range endpointCfgs { + // validate the cert secret has the expected keys + hash, ctrlResult, err := endpointTLSCfg.ValidateCertSecret(ctx, h, namespace) + if err != nil { + return "", ctrlResult, err + } else if (ctrlResult != ctrl.Result{}) { + return "", ctrlResult, nil + } + + certHashes["cert-"+endpt.String()] = env.SetValue(hash) + } + + certsHash, err := util.HashOfInputHashes(certHashes) + if err != nil { + return "", ctrl.Result{}, err + } + return certsHash, ctrl.Result{}, nil } // CreateVolumeMounts - add volume mount for TLS certificates and CA certificate for the service -func (s *Service) CreateVolumeMounts() []corev1.VolumeMount { +func (s *Service) CreateVolumeMounts(serviceID string) []corev1.VolumeMount { var volumeMounts []corev1.VolumeMount - if s.SecretName != "" { - certMountPath := "/etc/pki/tls/certs/tls.crt" + if s.SecretName != nil { + certMountPath := fmt.Sprintf("/etc/pki/tls/certs/%s.crt", serviceID) if s.CertMount != nil { certMountPath = *s.CertMount } - keyMountPath := "/etc/pki/tls/private/tls.key" + keyMountPath := fmt.Sprintf("/etc/pki/tls/private/%s.key", serviceID) if s.KeyMount != nil { keyMountPath = *s.KeyMount } volumeMounts = append(volumeMounts, corev1.VolumeMount{ - Name: "tls-crt", + Name: serviceID + "-tls-certs", MountPath: certMountPath, - SubPath: "tls.crt", + SubPath: CertKey, ReadOnly: true, }, corev1.VolumeMount{ - Name: "tls-key", + Name: serviceID + "-tls-certs", MountPath: keyMountPath, - SubPath: "tls.key", + SubPath: PrivateKey, ReadOnly: true, }) } if s.CaMount != nil { volumeMounts = append(volumeMounts, corev1.VolumeMount{ - Name: "ca-certs", + Name: serviceID + "-tls-certs", MountPath: *s.CaMount, + SubPath: CAKey, ReadOnly: true, }) } @@ -228,37 +251,42 @@ func (s *Service) CreateVolumeMounts() []corev1.VolumeMount { return volumeMounts } -// CreateVolumes - add volume for TLS certificates and CA certificate for the service -func (s *Service) CreateVolumes() []corev1.Volume { - var volumes []corev1.Volume - - if s.SecretName != "" { - volume := corev1.Volume{ - Name: "tls-certs", +// CreateVolume - add volume for TLS certificates and CA certificate for the service +func (s *Service) CreateVolume(prefix string) corev1.Volume { + if s.SecretName != nil { + return corev1.Volume{ + Name: prefix + "-tls-certs", VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ - SecretName: s.SecretName, + SecretName: *s.SecretName, DefaultMode: ptr.To[int32](0440), }, }, } - volumes = append(volumes, volume) } - if s.CaMount != nil { - caVolume := corev1.Volume{ - Name: "ca-certs", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - SecretName: *s.CaMount, - DefaultMode: ptr.To[int32](0444), - }, - }, + return corev1.Volume{} +} + +// ValidateCACertSecret - validates the content of the cert secret to make sure "tls-ca-bundle.pem" key exist +func (c *Ca) ValidateCACertSecret(ctx context.Context, h *helper.Helper, namespace string) (string, ctrl.Result, error) { + if c.CaBundleSecretName != "" { + hash, ctrlResult, err := secret.VerifySecret( + ctx, + types.NamespacedName{Name: c.CaBundleSecretName, Namespace: namespace}, + []string{CABundleKey}, + h.GetClient(), + 5*time.Second) + if err != nil { + return "", ctrlResult, err + } else if (ctrlResult != ctrl.Result{}) { + return "", ctrlResult, nil } - volumes = append(volumes, caVolume) + + return hash, ctrl.Result{}, nil } - return volumes + return "", ctrl.Result{}, nil } // CreateVolumeMounts creates volume mounts for CA bundle file @@ -269,6 +297,7 @@ func (c *Ca) CreateVolumeMounts() []corev1.VolumeMount { volumeMounts = append(volumeMounts, corev1.VolumeMount{ Name: CABundleLabel, MountPath: *c.CaBundleMount, + SubPath: CABundleKey, ReadOnly: true, }) } @@ -276,12 +305,10 @@ func (c *Ca) CreateVolumeMounts() []corev1.VolumeMount { return volumeMounts } -// CreateVolumes creates volumes for CA bundle file -func (c *Ca) CreateVolumes() []corev1.Volume { - var volumes []corev1.Volume - - if c.CaBundleSecretName != "" && c.CaBundleMount != nil { - volume := corev1.Volume{ +// CreateVolume creates volumes for CA bundle file +func (c *Ca) CreateVolume() corev1.Volume { + if c.CaBundleSecretName != "" { + return corev1.Volume{ Name: CABundleLabel, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ @@ -290,10 +317,9 @@ func (c *Ca) CreateVolumes() []corev1.Volume { }, }, } - volumes = append(volumes, volume) } - return volumes + return corev1.Volume{} } // CreateDatabaseClientConfig - connection flags for the MySQL client @@ -306,7 +332,7 @@ func (t *TLS) CreateDatabaseClientConfig() string { // This assumes certificates are always injected in // a common directory for all services for _, service := range t.Service { - if service.SecretName != "" { + if service.SecretName != nil { certPath := "/etc/pki/tls/certs/tls.crt" keyPath := "/etc/pki/tls/private/tls.key" diff --git a/modules/common/tls/tls_test.go b/modules/common/tls/tls_test.go index b2aaf77c..1b948e85 100644 --- a/modules/common/tls/tls_test.go +++ b/modules/common/tls/tls_test.go @@ -21,6 +21,7 @@ import ( "testing" corev1 "k8s.io/api/core/v1" + "k8s.io/utils/ptr" ) func TestCreateVolumeMounts(t *testing.T) { @@ -37,7 +38,7 @@ func TestCreateVolumeMounts(t *testing.T) { }, { name: "Only TLS Secret", - service: &Service{SecretName: "test-tls-secret"}, + service: &Service{SecretName: ptr.To("test-tls-secret")}, wantMountsLen: 2, }, { @@ -50,7 +51,7 @@ func TestCreateVolumeMounts(t *testing.T) { { name: "TLS and CA Secrets", service: &Service{ - SecretName: "test-tls-secret", + SecretName: ptr.To("test-tls-secret"), CaMount: &caCert, }, wantMountsLen: 3, @@ -59,7 +60,7 @@ func TestCreateVolumeMounts(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - mounts := tt.service.CreateVolumeMounts() + mounts := tt.service.CreateVolumeMounts("foo") if len(mounts) != tt.wantMountsLen { t.Errorf("CreateVolumeMounts() got = %v mounts, want %v mounts", len(mounts), tt.wantMountsLen) } @@ -82,7 +83,7 @@ func TestCreateVolumes(t *testing.T) { }, { name: "Only TLS Secret", - serviceMap: map[string]Service{"test-service": {SecretName: "test-tls-secret"}}, + serviceMap: map[string]Service{"test-service": {SecretName: ptr.To("test-tls-secret")}}, ca: &Ca{}, wantVolLen: 1, }, @@ -111,7 +112,7 @@ func TestCreateVolumes(t *testing.T) { tlsInstance := &TLS{Service: tt.serviceMap, Ca: tt.ca} volumes := make([]corev1.Volume, 0) for _, svc := range tlsInstance.Service { - volumes = append(volumes, svc.CreateVolumes()...) + volumes = append(volumes, svc.CreateVolume("foo")) } if len(volumes) != tt.wantVolLen { t.Errorf("CreateVolumes() got = %v volumes, want %v volumes", len(volumes), tt.wantVolLen) @@ -137,7 +138,7 @@ func TestGenerateTLSConnectionConfig(t *testing.T) { }, { name: "Only TLS Secret", - services: map[string]Service{"service1": {SecretName: "test-tls-secret"}}, + services: map[string]Service{"service1": {SecretName: ptr.To("test-tls-secret")}}, ca: &Ca{}, wantStmts: []string{"ssl=1", "ssl-cert=", "ssl-key="}, excludeStmts: []string{"ssl-ca="}, @@ -151,7 +152,7 @@ func TestGenerateTLSConnectionConfig(t *testing.T) { }, { name: "TLS and CA Secrets", - services: map[string]Service{"service1": {SecretName: "test-tls-secret"}}, + services: map[string]Service{"service1": {SecretName: ptr.To("test-tls-secret")}}, ca: &Ca{CaBundleSecretName: "test-ca1"}, wantStmts: []string{"ssl=1", "ssl-cert=", "ssl-key=", "ssl-ca="}, excludeStmts: []string{}, diff --git a/modules/common/tls/zz_generated.deepcopy.go b/modules/common/tls/zz_generated.deepcopy.go index d026da91..d197fcee 100644 --- a/modules/common/tls/zz_generated.deepcopy.go +++ b/modules/common/tls/zz_generated.deepcopy.go @@ -25,6 +25,34 @@ import ( "github.com/openstack-k8s-operators/lib-common/modules/common/service" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *API) DeepCopyInto(out *API) { + *out = *in + if in.Disable != nil { + in, out := &in.Disable, &out.Disable + *out = new(bool) + **out = **in + } + if in.Endpoint != nil { + in, out := &in.Endpoint, &out.Endpoint + *out = make(map[service.Endpoint]Service, len(*in)) + for key, val := range *in { + (*out)[key] = *val.DeepCopy() + } + } + in.Ca.DeepCopyInto(&out.Ca) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new API. +func (in *API) DeepCopy() *API { + if in == nil { + return nil + } + out := new(API) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Ca) DeepCopyInto(out *Ca) { *out = *in @@ -48,6 +76,11 @@ func (in *Ca) DeepCopy() *Ca { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Service) DeepCopyInto(out *Service) { *out = *in + if in.SecretName != nil { + in, out := &in.SecretName, &out.SecretName + *out = new(string) + **out = **in + } if in.IssuerName != nil { in, out := &in.IssuerName, &out.IssuerName *out = new(string) diff --git a/modules/storage/go.mod b/modules/storage/go.mod index 668bda1d..82d6740b 100644 --- a/modules/storage/go.mod +++ b/modules/storage/go.mod @@ -10,6 +10,7 @@ require ( require ( github.com/onsi/ginkgo/v2 v2.13.1 // indirect github.com/rogpeppe/go-internal v1.10.0 // indirect + golang.org/x/tools v0.15.0 // indirect ) require ( @@ -23,8 +24,8 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/stretchr/testify v1.8.1 // indirect - golang.org/x/net v0.17.0 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/net v0.18.0 // indirect + golang.org/x/text v0.14.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/modules/storage/go.sum b/modules/storage/go.sum index ebe54dc3..eea80a21 100644 --- a/modules/storage/go.sum +++ b/modules/storage/go.sum @@ -65,8 +65,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= +golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -77,13 +77,14 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= +golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= +golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/modules/test/go.mod b/modules/test/go.mod index b9a9a35b..01955851 100644 --- a/modules/test/go.mod +++ b/modules/test/go.mod @@ -5,7 +5,7 @@ go 1.19 require ( github.com/go-logr/logr v1.3.0 github.com/onsi/gomega v1.30.0 - golang.org/x/mod v0.13.0 + golang.org/x/mod v0.14.0 ) require ( @@ -14,8 +14,9 @@ require ( github.com/kr/pretty v0.3.1 // indirect github.com/onsi/ginkgo/v2 v2.13.1 // indirect github.com/rogpeppe/go-internal v1.10.0 // indirect - golang.org/x/net v0.17.0 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/net v0.18.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/tools v0.15.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/modules/test/go.sum b/modules/test/go.sum index 4252f967..10a0722f 100644 --- a/modules/test/go.sum +++ b/modules/test/go.sum @@ -25,15 +25,16 @@ github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsK github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= -golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= -golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= +golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= +golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=