From 535476edcf89b61f81e3b0583e1a1e1818cabb3e Mon Sep 17 00:00:00 2001 From: Matt Wise <768067+diranged@users.noreply.github.com> Date: Sat, 17 Jun 2023 08:21:46 -0700 Subject: [PATCH 1/7] chore(deps): k8s.io/cli-runtime@v0.27.2 && k8s.io/client-go@v0.27.2 --- ...crds.wizardofoz.co_podaccesstemplates.yaml | 207 +++++++++++++----- go.mod | 56 ++--- go.sum | 129 ++++++----- .../controllers/podwatcher/handle_test.go | 2 +- internal/webhook/contextual_defaulter.go | 18 +- internal/webhook/contextual_defaulter_test.go | 10 +- internal/webhook/contextual_validator.go | 27 +-- internal/webhook/contextual_validator_test.go | 20 +- 8 files changed, 278 insertions(+), 191 deletions(-) diff --git a/config/crd/bases/crds.wizardofoz.co_podaccesstemplates.yaml b/config/crd/bases/crds.wizardofoz.co_podaccesstemplates.yaml index f3d41d5..543f201 100644 --- a/config/crd/bases/crds.wizardofoz.co_podaccesstemplates.yaml +++ b/config/crd/bases/crds.wizardofoz.co_podaccesstemplates.yaml @@ -280,7 +280,8 @@ spec: description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable." + feature gate. \n This field is immutable. It can only be + set for containers." items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: @@ -317,7 +318,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object type: object @@ -1512,7 +1514,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -1611,7 +1616,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -1693,8 +1701,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -1726,7 +1733,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -1901,8 +1910,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -1934,7 +1942,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -2024,6 +2034,27 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified + resource is resized. If not specified, it defaults + to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' @@ -2033,7 +2064,7 @@ spec: in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field - is immutable." + is immutable. It can only be set for containers." items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -2072,7 +2103,7 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -2289,8 +2320,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -2322,7 +2352,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -2842,7 +2874,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -2941,7 +2976,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -3021,8 +3059,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -3054,7 +3091,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -3220,8 +3259,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -3253,7 +3291,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -3343,6 +3383,27 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified + resource is resized. If not specified, it defaults + to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated @@ -3353,7 +3414,7 @@ spec: in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field - is immutable." + is immutable. It can only be set for containers." items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -3392,7 +3453,7 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -3601,8 +3662,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -3634,7 +3694,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -4185,7 +4247,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -4284,7 +4349,10 @@ spec: header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -4366,8 +4434,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -4399,7 +4466,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -4574,8 +4643,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -4607,7 +4675,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -4697,6 +4767,27 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified + resource is resized. If not specified, it defaults + to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' @@ -4706,7 +4797,7 @@ spec: in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field - is immutable." + is immutable. It can only be set for containers." items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -4745,7 +4836,7 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -4962,8 +5053,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -4995,7 +5085,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -5350,7 +5442,8 @@ spec: x-kubernetes-list-type: map restartPolicy: description: 'Restart policy for all containers within the pod. - One of Always, OnFailure, Never. Default to Always. More info: + One of Always, OnFailure, Never. In some contexts, only a subset + of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' type: string runtimeClassName: @@ -5368,8 +5461,11 @@ spec: type: string schedulingGates: description: "SchedulingGates is an opaque list of values that - if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. - \n This is an alpha-level feature enabled by PodSchedulingReadiness + if specified will block scheduling the pod. If schedulingGates + is not empty, the pod will stay in the SchedulingGated state + and the scheduler will not attempt to schedule the pod. \n SchedulingGates + can only be set at pod creation time, and be removed only afterwards. + \n This is a beta feature enabled by the PodSchedulingReadiness feature gate." items: description: PodSchedulingGate is associated to a Pod to guard @@ -5705,14 +5801,19 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select the pods over which spreading will be calculated. + description: "MatchLabelKeys is a set of pod label keys + to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading - will be calculated for the incoming pod. Keys that don't - exist in the incoming pod labels will be ignored. A null - or empty list means only match against labelSelector. + will be calculated for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't + set. Keys that don't exist in the incoming pod labels + will be ignored. A null or empty list means only match + against labelSelector. \n This is a beta field and requires + the MatchLabelKeysInPodTopologySpread feature gate to + be enabled (enabled by default)." items: type: string type: array @@ -6231,7 +6332,7 @@ spec: value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -6415,7 +6516,8 @@ spec: that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature - gate. \n This field is immutable." + gate. \n This field is immutable. It can + only be set for containers." items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -6457,7 +6559,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: diff --git a/go.mod b/go.mod index e621897..9cbd5d4 100644 --- a/go.mod +++ b/go.mod @@ -10,26 +10,26 @@ require ( github.com/onsi/gomega v1.27.8 github.com/spf13/cobra v1.7.0 go.uber.org/zap v1.24.0 - k8s.io/api v0.26.1 - k8s.io/apimachinery v0.26.1 - k8s.io/cli-runtime v0.26.1 - k8s.io/client-go v0.26.1 - sigs.k8s.io/controller-runtime v0.14.4 + k8s.io/api v0.27.2 + k8s.io/apimachinery v0.27.2 + k8s.io/cli-runtime v0.27.2 + k8s.io/client-go v0.27.2 + sigs.k8s.io/controller-runtime v0.15.0 ) require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/emicklei/go-restful/v3 v3.10.1 // indirect + github.com/emicklei/go-restful/v3 v3.10.2 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/fsnotify/fsnotify v1.6.0 // indirect - github.com/go-errors/errors v1.0.1 // indirect - github.com/go-logr/zapr v1.2.3 // indirect + github.com/go-errors/errors v1.4.2 // indirect + github.com/go-logr/zapr v1.2.4 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-openapi/swag v0.22.4 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -38,11 +38,11 @@ require ( github.com/google/gnostic v0.6.9 // indirect github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect + github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.3.0 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect - github.com/imdario/mergo v0.3.13 // indirect + github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect @@ -57,36 +57,36 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.14.0 // indirect - github.com/prometheus/client_model v0.3.0 // indirect - github.com/prometheus/common v0.40.0 // indirect - github.com/prometheus/procfs v0.9.0 // indirect + github.com/prometheus/client_golang v1.16.0 // indirect + github.com/prometheus/client_model v0.4.0 // indirect + github.com/prometheus/common v0.44.0 // indirect + github.com/prometheus/procfs v0.11.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/xlab/treeprint v1.1.0 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.8.0 // indirect - golang.org/x/net v0.10.0 // indirect - golang.org/x/oauth2 v0.5.0 // indirect + golang.org/x/net v0.11.0 // indirect + golang.org/x/oauth2 v0.9.0 // indirect golang.org/x/sys v0.9.0 // indirect - golang.org/x/term v0.8.0 // indirect - golang.org/x/text v0.9.0 // indirect + golang.org/x/term v0.9.0 // indirect + golang.org/x/text v0.10.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.9.3 // indirect - gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.28.1 // indirect + google.golang.org/protobuf v1.30.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.26.1 // indirect - k8s.io/component-base v0.26.1 // indirect - k8s.io/klog/v2 v2.90.0 // indirect - k8s.io/kube-openapi v0.0.0-20230217203603-ff9a8e8fa21d // indirect - k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect + k8s.io/apiextensions-apiserver v0.27.2 // indirect + k8s.io/component-base v0.27.2 // indirect + k8s.io/klog/v2 v2.100.1 // indirect + k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect + k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.12.1 // indirect - sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect + sigs.k8s.io/kustomize/api v0.13.2 // indirect + sigs.k8s.io/kustomize/kyaml v0.14.1 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/go.sum b/go.sum index 058937a..5df0379 100644 --- a/go.sum +++ b/go.sum @@ -26,15 +26,14 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ= -github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.10.2 h1:hIovbnmBTLjHXkqEBUz3HGpXZdM7ZrE9fJIZIqlJLqE= +github.com/emicklei/go-restful/v3 v3.10.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= @@ -46,20 +45,20 @@ github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= -github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= +github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A= -github.com/go-logr/zapr v1.2.3/go.mod h1:eIauM6P8qSvTw5o2ez6UEAfGjQKrxQTl5EoK+Qa2oG4= +github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= +github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= +github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= @@ -72,7 +71,6 @@ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= @@ -100,8 +98,8 @@ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE= -github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -111,8 +109,8 @@ github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWet github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= -github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= +github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= +github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= @@ -127,8 +125,8 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -167,16 +165,17 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw= -github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= +github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= +github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= -github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= -github.com/prometheus/common v0.40.0 h1:Afz7EVRqGg2Mqqf4JuF9vdvp1pi220m55Pi9T2JnO4Q= -github.com/prometheus/common v0.40.0/go.mod h1:L65ZJPSmfn/UBWLQIHV7dBrKFidB/wPlF1y5TlSt9OE= -github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI= -github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY= +github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= +github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= +github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= +github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= +github.com/prometheus/procfs v0.11.0 h1:5EAgkfkMl659uZPbe9AS2N68a7Cc1TJbPEuGzFuRbyk= +github.com/prometheus/procfs v0.11.0/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= +github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= @@ -191,7 +190,6 @@ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSS github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -206,18 +204,18 @@ github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk= github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee331t6JAXeK2bcyhLOOc= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk= +go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= +go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8= go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= -go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -230,6 +228,7 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -244,18 +243,19 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= +golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.5.0 h1:HuArIo48skDwlrvM3sEdHXElYslAMsf3KwRkkW4MC4s= -golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= +golang.org/x/oauth2 v0.9.0 h1:BPpt2kU7oMRq3kCHAA1tbSEshXRw1LpG2ztgDwrzuAs= +golang.org/x/oauth2 v0.9.0/go.mod h1:qYgFZaFiu6Wg24azG8bdV52QJXJGbZzIIsRCdVKzbLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -275,15 +275,15 @@ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols= -golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28= +golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= +golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -291,18 +291,18 @@ golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY= -gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY= +gomodules.xyz/jsonpatch/v2 v2.3.0 h1:8NFhfS6gzxNqjLIYnZxg319wZ5Qjnx4m/CcX+Klzazc= +gomodules.xyz/jsonpatch/v2 v2.3.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= @@ -331,8 +331,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= +google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -348,37 +348,36 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.26.1 h1:f+SWYiPd/GsiWwVRz+NbFyCgvv75Pk9NK6dlkZgpCRQ= -k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg= -k8s.io/apiextensions-apiserver v0.26.1 h1:cB8h1SRk6e/+i3NOrQgSFij1B2S0Y0wDoNl66bn8RMI= -k8s.io/apiextensions-apiserver v0.26.1/go.mod h1:AptjOSXDGuE0JICx/Em15PaoO7buLwTs0dGleIHixSM= -k8s.io/apimachinery v0.26.1 h1:8EZ/eGJL+hY/MYCNwhmDzVqq2lPl3N3Bo8rvweJwXUQ= -k8s.io/apimachinery v0.26.1/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= -k8s.io/cli-runtime v0.26.1 h1:f9+bRQ1V3elQsx37KmZy5fRAh56mVLbE9A7EMdlqVdI= -k8s.io/cli-runtime v0.26.1/go.mod h1:+e5Ym/ARySKscUhZ8K3hZ+ZBo/wYPIcg+7b5sFYi6Gg= -k8s.io/client-go v0.26.1 h1:87CXzYJnAMGaa/IDDfRdhTzxk/wzGZ+/HUQpqgVSZXU= -k8s.io/client-go v0.26.1/go.mod h1:IWNSglg+rQ3OcvDkhY6+QLeasV4OYHDjdqeWkDQZwGE= -k8s.io/component-base v0.26.1 h1:4ahudpeQXHZL5kko+iDHqLj/FSGAEUnSVO0EBbgDd+4= -k8s.io/component-base v0.26.1/go.mod h1:VHrLR0b58oC035w6YQiBSbtsf0ThuSwXP+p5dD/kAWU= -k8s.io/klog/v2 v2.90.0 h1:VkTxIV/FjRXn1fgNNcKGM8cfmL1Z33ZjXRTVxKCoF5M= -k8s.io/klog/v2 v2.90.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20230217203603-ff9a8e8fa21d h1:oFDpQ7FfzinCtrFOl4izwOWsdTprlS2A9IXBENMW0UA= -k8s.io/kube-openapi v0.0.0-20230217203603-ff9a8e8fa21d/go.mod h1:/BYxry62FuDzmI+i9B+X2pqfySRmSOW2ARmj5Zbqhj0= -k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk= -k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.14.4 h1:Kd/Qgx5pd2XUL08eOV2vwIq3L9GhIbJ5Nxengbd4/0M= -sigs.k8s.io/controller-runtime v0.14.4/go.mod h1:WqIdsAY6JBsjfc/CqO0CORmNtoCtE4S6qbPc9s68h+0= +k8s.io/api v0.27.2 h1:+H17AJpUMvl+clT+BPnKf0E3ksMAzoBBg7CntpSuADo= +k8s.io/api v0.27.2/go.mod h1:ENmbocXfBT2ADujUXcBhHV55RIT31IIEvkntP6vZKS4= +k8s.io/apiextensions-apiserver v0.27.2 h1:iwhyoeS4xj9Y7v8YExhUwbVuBhMr3Q4bd/laClBV6Bo= +k8s.io/apiextensions-apiserver v0.27.2/go.mod h1:Oz9UdvGguL3ULgRdY9QMUzL2RZImotgxvGjdWRq6ZXQ= +k8s.io/apimachinery v0.27.2 h1:vBjGaKKieaIreI+oQwELalVG4d8f3YAMNpWLzDXkxeg= +k8s.io/apimachinery v0.27.2/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= +k8s.io/cli-runtime v0.27.2 h1:9HI8gfReNujKXt16tGOAnb8b4NZ5E+e0mQQHKhFGwYw= +k8s.io/cli-runtime v0.27.2/go.mod h1:9UecpyPDTkhiYY4d9htzRqN+rKomJgyb4wi0OfrmCjw= +k8s.io/client-go v0.27.2 h1:vDLSeuYvCHKeoQRhCXjxXO45nHVv2Ip4Fe0MfioMrhE= +k8s.io/client-go v0.27.2/go.mod h1:tY0gVmUsHrAmjzHX9zs7eCjxcBsf8IiNe7KQ52biTcQ= +k8s.io/component-base v0.27.2 h1:neju+7s/r5O4x4/txeUONNTS9r1HsPbyoPBAtHsDCpo= +k8s.io/component-base v0.27.2/go.mod h1:5UPk7EjfgrfgRIuDBFtsEFAe4DAvP3U+M8RTzoSJkpo= +k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= +k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= +k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= +k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU= +k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.15.0 h1:ML+5Adt3qZnMSYxZ7gAverBLNPSMQEibtzAgp0UPojU= +sigs.k8s.io/controller-runtime v0.15.0/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM= -sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s= -sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk= -sigs.k8s.io/kustomize/kyaml v0.13.9/go.mod h1:QsRbD0/KcU+wdk0/L0fIp2KLnohkVzs6fQ85/nOXac4= +sigs.k8s.io/kustomize/api v0.13.2 h1:kejWfLeJhUsTGioDoFNJET5LQe/ajzXhJGYoU+pJsiA= +sigs.k8s.io/kustomize/api v0.13.2/go.mod h1:DUp325VVMFVcQSq+ZxyDisA8wtldwHxLZbr1g94UHsw= +sigs.k8s.io/kustomize/kyaml v0.14.1 h1:c8iibius7l24G2wVAGZn/Va2wNys03GXLjYVIcFVxKA= +sigs.k8s.io/kustomize/kyaml v0.14.1/go.mod h1:AN1/IpawKilWD7V+YvQwRGUvuUOOWpjsHu6uHwonSF4= sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= diff --git a/internal/controllers/podwatcher/handle_test.go b/internal/controllers/podwatcher/handle_test.go index c8c2e29..4d08b27 100644 --- a/internal/controllers/podwatcher/handle_test.go +++ b/internal/controllers/podwatcher/handle_test.go @@ -18,7 +18,7 @@ import ( ) var _ = Describe("PodWatcher", Ordered, func() { - decoder, _ := admission.NewDecoder(scheme.Scheme) + decoder := admission.NewDecoder(scheme.Scheme) Context("Functional Unit Tests", func() { var ( diff --git a/internal/webhook/contextual_defaulter.go b/internal/webhook/contextual_defaulter.go index c938523..dfa5b8e 100644 --- a/internal/webhook/contextual_defaulter.go +++ b/internal/webhook/contextual_defaulter.go @@ -46,7 +46,7 @@ func RegisterContextualDefaulter( // Create a Webhook{} resource with our Handler. mwh := &admission.Webhook{ - Handler: &defaulterForType{object: obj}, + Handler: &defaulterForType{object: obj, decoder: admission.NewDecoder(mgr.GetScheme())}, } // Insert the path into the webhook server and point it at our mutating @@ -67,23 +67,15 @@ type defaulterForType struct { decoder *admission.Decoder } -// InjectDecoder injects the decoder into a mutatingHandler. -// -// https://github.com/kubernetes-sigs/controller-runtime/blob/v0.13.1/pkg/webhook/admission/inject.go -func (h *defaulterForType) InjectDecoder(d *admission.Decoder) error { - h.decoder = d - return nil -} - -var _ admission.DecoderInjector = &defaulterForType{} - -// Handle manages the inbound request from the API server. It's responsible for // decoding the request into an // [`admission.Request`](https://pkg.go.dev/k8s.io/api/admission/v1#AdmissionRequest) // object, calling the `Default()` function on that object, and then returning // back the patched response to the API server. func (h *defaulterForType) Handle(_ context.Context, req admission.Request) admission.Response { - // https://github.com/kubernetes-sigs/controller-runtime/blob/v0.13.1/pkg/webhook/admission/defaulter.go#L57-L59 + // https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/pkg/webhook/admission/defaulter.go#L49-L54 + if h.decoder == nil { + panic("decoder should never be nil") + } if h.object == nil { panic("object should never be nil") } diff --git a/internal/webhook/contextual_defaulter_test.go b/internal/webhook/contextual_defaulter_test.go index f91c7fe..8a71e2c 100644 --- a/internal/webhook/contextual_defaulter_test.go +++ b/internal/webhook/contextual_defaulter_test.go @@ -18,7 +18,7 @@ import ( var _ = Describe("Defaulter Handler", func() { It("should return mutated object with username in create", func() { obj := &TestDefaulter{} - decoder, _ := admission.NewDecoder(scheme.Scheme) + decoder := admission.NewDecoder(scheme.Scheme) handler := &admission.Webhook{ Handler: &defaulterForType{object: obj, decoder: decoder}, } @@ -46,7 +46,7 @@ var _ = Describe("Defaulter Handler", func() { It("should return ok if received delete verb in defaulter handler", func() { obj := &TestDefaulter{} handler := &admission.Webhook{ - Handler: &defaulterForType{object: obj}, + Handler: &defaulterForType{object: obj, decoder: admission.NewDecoder(scheme.Scheme)}, } resp := handler.Handle(context.TODO(), admission.Request{ @@ -63,7 +63,7 @@ var _ = Describe("Defaulter Handler", func() { It("should fail if decode() fails", func() { obj := &TestDefaulter{} handler := &admission.Webhook{ - Handler: &defaulterForType{object: obj}, + Handler: &defaulterForType{object: obj, decoder: admission.NewDecoder(scheme.Scheme)}, } resp := handler.Handle(context.TODO(), admission.Request{ @@ -79,7 +79,7 @@ var _ = Describe("Defaulter Handler", func() { It("should panic if no object passed in", func() { handler := &admission.Webhook{ - Handler: &defaulterForType{object: nil}, + Handler: &defaulterForType{object: nil, decoder: admission.NewDecoder(scheme.Scheme)}, } Expect(func() { handler.Handle(context.TODO(), admission.Request{ @@ -92,7 +92,7 @@ var _ = Describe("Defaulter Handler", func() { It("should fail if default() returns error", func() { obj := &TestDefaulter{} - decoder, _ := admission.NewDecoder(scheme.Scheme) + decoder := admission.NewDecoder(scheme.Scheme) handler := &admission.Webhook{ Handler: &defaulterForType{object: obj, decoder: decoder}, } diff --git a/internal/webhook/contextual_validator.go b/internal/webhook/contextual_validator.go index 395c29b..49ef7bc 100644 --- a/internal/webhook/contextual_validator.go +++ b/internal/webhook/contextual_validator.go @@ -14,14 +14,14 @@ import ( ) // IContextuallyValidatableObject implements a similar pattern to the -// [`controller-runtime`](https://github.com/kubernetes-sigs/controller-runtime/tree/v0.13.1/pkg/webhook) +// [`controller-runtime`](https://github.com/kubernetes-sigs/controller-runtime/tree/v0.15.0/pkg/webhook) // webhook pattern. The difference is that the `Default()` function is not only // supplied the request resource, but also the request context in the form of // an -// [`admission.Request`](https://github.com/kubernetes-sigs/controller-runtime/blob/v0.13.1/pkg/webhook/admission/webhook.go#L43-L66) +// [`admission.Request`](https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/pkg/webhook/admission/webhook.go#L42C1-L65) // object. // -// Modified from https://github.com/kubernetes-sigs/controller-runtime/blob/v0.13.1/pkg/webhook/admission/defaulter_custom.go#L29-L32 +// Modified from https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/pkg/webhook/admission/defaulter_custom.go#L31-L34 type IContextuallyValidatableObject interface { runtime.Object ValidateCreate(req admission.Request) error @@ -45,7 +45,7 @@ func RegisterContextualValidator( // Create a Webhook{} resource with our Handler. mwh := &admission.Webhook{ - Handler: &validatorForType{object: obj}, + Handler: &validatorForType{object: obj, decoder: admission.NewDecoder(mgr.GetScheme())}, } // Insert the path into the webhook server and point it at our mutating @@ -57,25 +57,15 @@ func RegisterContextualValidator( } // A validatorForType mimics the -// [`validatorForType`](https://github.com/kubernetes-sigs/controller-runtime/blob/v0.13.1/pkg/webhook/admission/defaulter_custom.go) +// [`validatorForType`](https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/pkg/webhook/admission/defaulter_custom.go) // code, but understands to pass the `admission.Request` object into the `Default()` function. // -// https://github.com/kubernetes-sigs/controller-runtime/blob/v0.13.1/pkg/webhook/admission/defaulter_custom.go#L41-L45 +// https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/pkg/webhook/admission/defaulter_custom.go#L43-L47 type validatorForType struct { object IContextuallyValidatableObject decoder *admission.Decoder } -// InjectDecoder injects the decoder into a mutatingHandler. -// -// https://github.com/kubernetes-sigs/controller-runtime/blob/v0.13.1/pkg/webhook/admission/inject.go -func (h *validatorForType) InjectDecoder(d *admission.Decoder) error { - h.decoder = d - return nil -} - -var _ admission.DecoderInjector = &validatorForType{} - // Handle manages the inbound request from the API server. It's responsible for // decoding the request into an // [`admission.Request`](https://pkg.go.dev/k8s.io/api/admission/v1#AdmissionRequest) @@ -85,7 +75,10 @@ var _ admission.DecoderInjector = &validatorForType{} // // revive:disable:cyclomatic Replication of existing code in Controller-Runtime func (h *validatorForType) Handle(_ context.Context, req admission.Request) admission.Response { - // https://github.com/kubernetes-sigs/controller-runtime/blob/v0.13.1/pkg/webhook/admission/validator.go#L59-L62 + // https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/pkg/webhook/admission/validator.go#L69-L74 + if h.decoder == nil { + panic("decoder should never be nil") + } if h.object == nil { panic("object should never be nil") } diff --git a/internal/webhook/contextual_validator_test.go b/internal/webhook/contextual_validator_test.go index 1064a70..8297b27 100644 --- a/internal/webhook/contextual_validator_test.go +++ b/internal/webhook/contextual_validator_test.go @@ -18,7 +18,7 @@ import ( var _ = Describe("Validator Handler", func() { It("validateCreate with username matching request should succeed", func() { obj := &TestValidator{} - decoder, _ := admission.NewDecoder(scheme.Scheme) + decoder := admission.NewDecoder(scheme.Scheme) handler := &admission.Webhook{ Handler: &validatorForType{object: obj, decoder: decoder}, } @@ -39,7 +39,7 @@ var _ = Describe("Validator Handler", func() { }) It("validateCreate with non-matching request should fail", func() { obj := &TestValidator{} - decoder, _ := admission.NewDecoder(scheme.Scheme) + decoder := admission.NewDecoder(scheme.Scheme) handler := &admission.Webhook{ Handler: &validatorForType{object: obj, decoder: decoder}, } @@ -61,7 +61,7 @@ var _ = Describe("Validator Handler", func() { It("validateUpdate with username matching request should succeed", func() { obj := &TestValidator{} - decoder, _ := admission.NewDecoder(scheme.Scheme) + decoder := admission.NewDecoder(scheme.Scheme) handler := &admission.Webhook{ Handler: &validatorForType{object: obj, decoder: decoder}, } @@ -85,7 +85,7 @@ var _ = Describe("Validator Handler", func() { }) It("validateUpdate with non-matching request should fail", func() { obj := &TestValidator{} - decoder, _ := admission.NewDecoder(scheme.Scheme) + decoder := admission.NewDecoder(scheme.Scheme) handler := &admission.Webhook{ Handler: &validatorForType{object: obj, decoder: decoder}, } @@ -107,7 +107,7 @@ var _ = Describe("Validator Handler", func() { }) It("validateUpdate with invalid object should fail", func() { obj := &TestValidator{} - decoder, _ := admission.NewDecoder(scheme.Scheme) + decoder := admission.NewDecoder(scheme.Scheme) handler := &admission.Webhook{ Handler: &validatorForType{object: obj, decoder: decoder}, } @@ -128,7 +128,7 @@ var _ = Describe("Validator Handler", func() { }) It("validateUpdate with invalid oldObject should fail", func() { obj := &TestValidator{} - decoder, _ := admission.NewDecoder(scheme.Scheme) + decoder := admission.NewDecoder(scheme.Scheme) handler := &admission.Webhook{ Handler: &validatorForType{object: obj, decoder: decoder}, } @@ -150,7 +150,7 @@ var _ = Describe("Validator Handler", func() { It("validateDelete with username should succeed", func() { obj := &TestValidator{} - decoder, _ := admission.NewDecoder(scheme.Scheme) + decoder := admission.NewDecoder(scheme.Scheme) handler := &admission.Webhook{ Handler: &validatorForType{object: obj, decoder: decoder}, } @@ -168,7 +168,7 @@ var _ = Describe("Validator Handler", func() { }) It("validateDelete without username should fail", func() { obj := &TestValidator{} - decoder, _ := admission.NewDecoder(scheme.Scheme) + decoder := admission.NewDecoder(scheme.Scheme) handler := &admission.Webhook{ Handler: &validatorForType{object: obj, decoder: decoder}, } @@ -187,7 +187,7 @@ var _ = Describe("Validator Handler", func() { It("validateDelete with invalid oldObject should fail", func() { obj := &TestValidator{} - decoder, _ := admission.NewDecoder(scheme.Scheme) + decoder := admission.NewDecoder(scheme.Scheme) handler := &admission.Webhook{ Handler: &validatorForType{object: obj, decoder: decoder}, } @@ -207,7 +207,7 @@ var _ = Describe("Validator Handler", func() { It("should fail if decode() fails", func() { obj := &TestValidator{} handler := &admission.Webhook{ - Handler: &validatorForType{object: obj}, + Handler: &validatorForType{object: obj, decoder: admission.NewDecoder(scheme.Scheme)}, } resp := handler.Handle(context.TODO(), admission.Request{ From dd1e502be4c4ccc1de01ba58686db440499da5ab Mon Sep 17 00:00:00 2001 From: Matt Wise <768067+diranged@users.noreply.github.com> Date: Sat, 17 Jun 2023 09:34:35 -0700 Subject: [PATCH 2/7] update webhook apis to mimick 0.15.0 release --- .../api/v1alpha1/exec_access_request_test.go | 8 +- .../v1alpha1/exec_access_request_webhook.go | 14 +-- .../api/v1alpha1/pod_access_request_test.go | 8 +- .../v1alpha1/pod_access_request_webhook.go | 12 +-- internal/webhook/contextual_defaulter.go | 18 ++-- internal/webhook/contextual_validator.go | 86 ++++++++++--------- internal/webhook/contextual_validator_test.go | 18 ++-- 7 files changed, 83 insertions(+), 81 deletions(-) diff --git a/internal/api/v1alpha1/exec_access_request_test.go b/internal/api/v1alpha1/exec_access_request_test.go index fe34f65..41c36a5 100644 --- a/internal/api/v1alpha1/exec_access_request_test.go +++ b/internal/api/v1alpha1/exec_access_request_test.go @@ -156,7 +156,7 @@ var _ = Describe("ExecAccessRequest", Ordered, func() { }, }, } - err = request.ValidateCreate(*admissionRequest) + _, err = request.ValidateCreate(*admissionRequest) Expect(err).To(Not(HaveOccurred())) }) @@ -176,7 +176,7 @@ var _ = Describe("ExecAccessRequest", Ordered, func() { }, }, } - err = request.ValidateCreate(*admissionRequest) + _, err = request.ValidateCreate(*admissionRequest) Expect(err).To(Not(HaveOccurred())) }) @@ -203,7 +203,7 @@ var _ = Describe("ExecAccessRequest", Ordered, func() { }, }, } - err = request.ValidateUpdate(*admissionRequest, request) + _, err = request.ValidateUpdate(*admissionRequest, request) Expect(err).To(Not(HaveOccurred())) }) @@ -223,7 +223,7 @@ var _ = Describe("ExecAccessRequest", Ordered, func() { }, }, } - err = request.ValidateUpdate(*admissionRequest, request) + _, err = request.ValidateUpdate(*admissionRequest, request) Expect(err).To(Not(HaveOccurred())) }) }) diff --git a/internal/api/v1alpha1/exec_access_request_webhook.go b/internal/api/v1alpha1/exec_access_request_webhook.go index 17dc669..833f9fd 100644 --- a/internal/api/v1alpha1/exec_access_request_webhook.go +++ b/internal/api/v1alpha1/exec_access_request_webhook.go @@ -61,7 +61,7 @@ func (r *ExecAccessRequest) Default(_ admission.Request) error { var _ webhook.IContextuallyValidatableObject = &ExecAccessRequest{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *ExecAccessRequest) ValidateCreate(req admission.Request) error { +func (r *ExecAccessRequest) ValidateCreate(req admission.Request) (admission.Warnings, error) { if req.UserInfo.Username != "" { execaccessrequestlog.Info( fmt.Sprintf("Create ExecAccessRequest from %s", req.UserInfo.Username), @@ -70,27 +70,27 @@ func (r *ExecAccessRequest) ValidateCreate(req admission.Request) error { // TODO: Make this fail, after we have confidence in the code in a live environment. execaccessrequestlog.Info("WARNING - Create ExecAccessRequest with missing user identity") } - return nil + return nil, nil } // ValidateUpdate prevents immutable updates to the ExecAccessRequest. -func (r *ExecAccessRequest) ValidateUpdate(_ admission.Request, old runtime.Object) error { +func (r *ExecAccessRequest) ValidateUpdate(_ admission.Request, old runtime.Object) (admission.Warnings, error) { execaccessrequestlog.Info("validate update", "name", r.Name) // https://stackoverflow.com/questions/70650677/manage-immutable-fields-in-kubebuilder-validating-webhook oldRequest, _ := old.(*ExecAccessRequest) if r.Spec.TargetPod != oldRequest.Spec.TargetPod { - return fmt.Errorf( + return nil, fmt.Errorf( "error - Spec.TargetPod is an immutable field, create a new PodAccessRequest instead", ) } - return nil + return nil, nil } // ValidateDelete implements webhook.IContextuallyValidatableObject so a webhook will be registered for the type -func (r *ExecAccessRequest) ValidateDelete(req admission.Request) error { +func (r *ExecAccessRequest) ValidateDelete(req admission.Request) (admission.Warnings, error) { execaccessrequestlog.Info( fmt.Sprintf("Delete ExecAccessRequest from %s", req.UserInfo.Username), ) - return nil + return nil, nil } diff --git a/internal/api/v1alpha1/pod_access_request_test.go b/internal/api/v1alpha1/pod_access_request_test.go index ffec0c9..e8bda1a 100644 --- a/internal/api/v1alpha1/pod_access_request_test.go +++ b/internal/api/v1alpha1/pod_access_request_test.go @@ -156,7 +156,7 @@ var _ = Describe("PodAccessRequest", Ordered, func() { }, }, } - err = request.ValidateCreate(*admissionRequest) + _, err = request.ValidateCreate(*admissionRequest) Expect(err).To(Not(HaveOccurred())) }) @@ -176,7 +176,7 @@ var _ = Describe("PodAccessRequest", Ordered, func() { }, }, } - err = request.ValidateCreate(*admissionRequest) + _, err = request.ValidateCreate(*admissionRequest) Expect(err).To(Not(HaveOccurred())) }) @@ -203,7 +203,7 @@ var _ = Describe("PodAccessRequest", Ordered, func() { }, }, } - err = request.ValidateUpdate(*admissionRequest, request) + _, err = request.ValidateUpdate(*admissionRequest, request) Expect(err).To(Not(HaveOccurred())) }) @@ -223,7 +223,7 @@ var _ = Describe("PodAccessRequest", Ordered, func() { }, }, } - err = request.ValidateUpdate(*admissionRequest, request) + _, err = request.ValidateUpdate(*admissionRequest, request) Expect(err).To(Not(HaveOccurred())) }) }) diff --git a/internal/api/v1alpha1/pod_access_request_webhook.go b/internal/api/v1alpha1/pod_access_request_webhook.go index c22aec0..f7ed9ba 100644 --- a/internal/api/v1alpha1/pod_access_request_webhook.go +++ b/internal/api/v1alpha1/pod_access_request_webhook.go @@ -61,7 +61,7 @@ func (r *PodAccessRequest) Default(_ admission.Request) error { var _ webhook.IContextuallyValidatableObject = &PodAccessRequest{} // ValidateCreate implements webhook.IContextuallyValidatableObject so a webhook will be registered for the type -func (r *PodAccessRequest) ValidateCreate(req admission.Request) error { +func (r *PodAccessRequest) ValidateCreate(req admission.Request) (admission.Warnings, error) { if req.UserInfo.Username != "" { podaccessrequestlog.Info( fmt.Sprintf("Create PodAccessRequest from %s", req.UserInfo.Username), @@ -70,11 +70,11 @@ func (r *PodAccessRequest) ValidateCreate(req admission.Request) error { // TODO: Make this fail, after we have confidence in the code in a live environment. podaccessrequestlog.Info("WARNING - Create ExecAccessRequest with missing user identity") } - return nil + return nil, nil } // ValidateUpdate implements webhook.IContextuallyValidatableObject so a webhook will be registered for the type -func (r *PodAccessRequest) ValidateUpdate(req admission.Request, _ runtime.Object) error { +func (r *PodAccessRequest) ValidateUpdate(req admission.Request, _ runtime.Object) (admission.Warnings, error) { if req.UserInfo.Username != "" { podaccessrequestlog.Info( fmt.Sprintf("Update PodAccessRequest from %s", req.UserInfo.Username), @@ -83,13 +83,13 @@ func (r *PodAccessRequest) ValidateUpdate(req admission.Request, _ runtime.Objec // TODO: Make this fail, after we have confidence in the code in a live environment. podaccessrequestlog.Info("WARNING - Update ExecAccessRequest with missing user identity") } - return nil + return nil, nil } // ValidateDelete implements webhook.IContextuallyValidatableObject so a webhook will be registered for the type -func (r *PodAccessRequest) ValidateDelete(req admission.Request) error { +func (r *PodAccessRequest) ValidateDelete(req admission.Request) (admission.Warnings, error) { podaccessrequestlog.Info( fmt.Sprintf("Delete PodAccessRequest from %s", req.UserInfo.Username), ) - return nil + return nil, nil } diff --git a/internal/webhook/contextual_defaulter.go b/internal/webhook/contextual_defaulter.go index dfa5b8e..edefb70 100644 --- a/internal/webhook/contextual_defaulter.go +++ b/internal/webhook/contextual_defaulter.go @@ -6,9 +6,8 @@ import ( "errors" "net/http" - apierrors "k8s.io/apimachinery/pkg/api/errors" - admissionv1 "k8s.io/api/admission/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" @@ -17,14 +16,14 @@ import ( ) // IContextuallyDefaultableObject implements a similar pattern to the -// [`controller-runtime`](https://github.com/kubernetes-sigs/controller-runtime/tree/v0.13.1/pkg/webhook) +// [`controller-runtime`](https://github.com/kubernetes-sigs/controller-runtime/tree/v0.15.0/pkg/webhook) // webhook pattern. The difference is that the `Default()` function is not only // supplied the request resource, but also the request context in the form of // an -// [`admission.Request`](https://github.com/kubernetes-sigs/controller-runtime/blob/v0.13.1/pkg/webhook/admission/webhook.go#L43-L66) +// [`admission.Request`](https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/pkg/webhook/admission/webhook.go#L43-L66) // object. // -// Modified from https://github.com/kubernetes-sigs/controller-runtime/blob/v0.13.1/pkg/webhook/admission/defaulter_custom.go#L29-L32 +// Modified from https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/pkg/webhook/admission/defaulter_custom.go#L31-L34 type IContextuallyDefaultableObject interface { runtime.Object Default(req admission.Request) error @@ -58,10 +57,10 @@ func RegisterContextualDefaulter( } // A defaulterForType mimics the -// [`defaulterForType`](https://github.com/kubernetes-sigs/controller-runtime/blob/v0.13.1/pkg/webhook/admission/defaulter_custom.go) +// [`defaulterForType`](https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/pkg/webhook/admission/defaulter_custom.go) // code, but understands to pass the `admission.Request` object into the `Default()` function. // -// https://github.com/kubernetes-sigs/controller-runtime/blob/v0.13.1/pkg/webhook/admission/defaulter_custom.go#L41-L45 +// https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/pkg/webhook/admission/defaulter_custom.go#L43-L47 type defaulterForType struct { object IContextuallyDefaultableObject decoder *admission.Decoder @@ -82,7 +81,7 @@ func (h *defaulterForType) Handle(_ context.Context, req admission.Request) admi // always skip when a DELETE operation received in mutation handler // describe in https://github.com/kubernetes-sigs/controller-runtime/issues/1762 - // https://github.com/kubernetes-sigs/controller-runtime/blob/v0.13.1/pkg/webhook/admission/defaulter.go#L61-L70 + // https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/pkg/webhook/admission/defaulter.go#L56-L65 if req.Operation == admissionv1.Delete { return admission.Response{AdmissionResponse: admissionv1.AdmissionResponse{ Allowed: true, @@ -93,7 +92,8 @@ func (h *defaulterForType) Handle(_ context.Context, req admission.Request) admi } // Get the object in the request - // https://github.com/kubernetes-sigs/controller-runtime/blob/v0.13.1/pkg/webhook/admission/defaulter.go#L72-L76 + // + // https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/pkg/webhook/admission/defaulter.go#L67-L71 obj := h.object.DeepCopyObject().(IContextuallyDefaultableObject) if err := h.decoder.Decode(req, obj); err != nil { return admission.Errored(http.StatusBadRequest, err) diff --git a/internal/webhook/contextual_validator.go b/internal/webhook/contextual_validator.go index 49ef7bc..6b353e1 100644 --- a/internal/webhook/contextual_validator.go +++ b/internal/webhook/contextual_validator.go @@ -3,6 +3,7 @@ package webhook import ( "context" "errors" + "fmt" "net/http" v1 "k8s.io/api/admission/v1" @@ -24,9 +25,20 @@ import ( // Modified from https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/pkg/webhook/admission/defaulter_custom.go#L31-L34 type IContextuallyValidatableObject interface { runtime.Object - ValidateCreate(req admission.Request) error - ValidateUpdate(req admission.Request, old runtime.Object) error - ValidateDelete(req admission.Request) error + // ValidateCreate validates the object on creation. + // The optional warnings will be added to the response as warning messages. + // Return an error if the object is invalid. + ValidateCreate(req admission.Request) (warnings admission.Warnings, err error) + + // ValidateUpdate validates the object on update. The oldObj is the object before the update. + // The optional warnings will be added to the response as warning messages. + // Return an error if the object is invalid. + ValidateUpdate(req admission.Request, old runtime.Object) (warnings admission.Warnings, err error) + + // ValidateDelete validates the object on deletion. + // The optional warnings will be added to the response as warning messages. + // Return an error if the object is invalid. + ValidateDelete(req admission.Request) (warnings admission.Warnings, err error) } // RegisterContextualValidator leverages many of the patterns and code from the @@ -57,10 +69,10 @@ func RegisterContextualValidator( } // A validatorForType mimics the -// [`validatorForType`](https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/pkg/webhook/admission/defaulter_custom.go) +// [`validatorForType`](https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/pkg/webhook/admission/validator_custom.go) // code, but understands to pass the `admission.Request` object into the `Default()` function. // -// https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/pkg/webhook/admission/defaulter_custom.go#L43-L47 +// https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/pkg/webhook/admission/validator_custom.go#L57-L61 type validatorForType struct { object IContextuallyValidatableObject decoder *admission.Decoder @@ -84,28 +96,25 @@ func (h *validatorForType) Handle(_ context.Context, req admission.Request) admi } // Get the object in the request - // - // https://github.com/kubernetes-sigs/controller-runtime/blob/v0.13.1/pkg/webhook/admission/validator.go#L63-L79 obj := h.object.DeepCopyObject().(IContextuallyValidatableObject) - if req.Operation == v1.Create { - err := h.decoder.Decode(req, obj) - if err != nil { + + var err error + var warnings []string + + switch req.Operation { + case v1.Connect: + // No validation for connect requests. + // TODO(vincepri): Should we validate CONNECT requests? In what cases? + case v1.Create: + if err = h.decoder.Decode(req, obj); err != nil { return admission.Errored(http.StatusBadRequest, err) } - err = obj.ValidateCreate(req) - if err != nil { - var apiStatus apierrors.APIStatus - if errors.As(err, &apiStatus) { - return validationResponseFromStatus(false, apiStatus.Status()) - } - return admission.Denied(err.Error()) - } - } - if req.Operation == v1.Update { + warnings, err = obj.ValidateCreate(req) + case v1.Update: oldObj := obj.DeepCopyObject() - err := h.decoder.DecodeRaw(req.Object, obj) + err = h.decoder.DecodeRaw(req.Object, obj) if err != nil { return admission.Errored(http.StatusBadRequest, err) } @@ -114,33 +123,26 @@ func (h *validatorForType) Handle(_ context.Context, req admission.Request) admi return admission.Errored(http.StatusBadRequest, err) } - err = obj.ValidateUpdate(req, oldObj) - if err != nil { - var apiStatus apierrors.APIStatus - if errors.As(err, &apiStatus) { - return validationResponseFromStatus(false, apiStatus.Status()) - } - return admission.Denied(err.Error()) - } - } - - if req.Operation == v1.Delete { + warnings, err = obj.ValidateUpdate(req, oldObj) + case v1.Delete: // In reference to PR: https://github.com/kubernetes/kubernetes/pull/76346 // OldObject contains the object being deleted - err := h.decoder.DecodeRaw(req.OldObject, obj) + err = h.decoder.DecodeRaw(req.OldObject, obj) if err != nil { return admission.Errored(http.StatusBadRequest, err) } - err = obj.ValidateDelete(req) - if err != nil { - var apiStatus apierrors.APIStatus - if errors.As(err, &apiStatus) { - return validationResponseFromStatus(false, apiStatus.Status()) - } - return admission.Denied(err.Error()) - } + warnings, err = obj.ValidateDelete(req) + default: + return admission.Errored(http.StatusBadRequest, fmt.Errorf("unknown operation %q", req.Operation)) } - return admission.Allowed("") + if err != nil { + var apiStatus apierrors.APIStatus + if errors.As(err, &apiStatus) { + return validationResponseFromStatus(false, apiStatus.Status()).WithWarnings(warnings...) + } + return admission.Denied(err.Error()).WithWarnings(warnings...) + } + return admission.Allowed("").WithWarnings(warnings...) } diff --git a/internal/webhook/contextual_validator_test.go b/internal/webhook/contextual_validator_test.go index 8297b27..b0ed0c1 100644 --- a/internal/webhook/contextual_validator_test.go +++ b/internal/webhook/contextual_validator_test.go @@ -268,24 +268,24 @@ type TestValidatorList struct{} func (*TestValidatorList) GetObjectKind() schema.ObjectKind { return nil } func (*TestValidatorList) DeepCopyObject() runtime.Object { return nil } -func (d *TestValidator) ValidateCreate(req admission.Request) error { +func (d *TestValidator) ValidateCreate(req admission.Request) (warnings admission.Warnings, err error) { if d.Requestor != req.UserInfo.DeepCopy().Username { - return errors.New("must have userinfo context") + return nil, errors.New("must have userinfo context") } - return nil + return nil, nil } -func (d *TestValidator) ValidateDelete(_ admission.Request) error { +func (d *TestValidator) ValidateDelete(_ admission.Request) (warnings admission.Warnings, err error) { if d.Requestor == "" { - return errors.New("cannot delete") + return nil, errors.New("cannot delete") } - return nil + return nil, nil } -func (d *TestValidator) ValidateUpdate(_ admission.Request, oldObj runtime.Object) error { +func (d *TestValidator) ValidateUpdate(_ admission.Request, oldObj runtime.Object) (warnings admission.Warnings, err error) { old := oldObj.(*TestValidator) if d.Requestor != old.Requestor { - return errors.New("requestor field immutable") + return nil, errors.New("requestor field immutable") } - return nil + return nil, nil } From d685bf3a1095e9e3ac6fe41b171a00a947e44553 Mon Sep 17 00:00:00 2001 From: Matt Wise <768067+diranged@users.noreply.github.com> Date: Sat, 17 Jun 2023 09:36:57 -0700 Subject: [PATCH 3/7] --server-side --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 62339ba..f17bb97 100644 --- a/Makefile +++ b/Makefile @@ -153,7 +153,7 @@ endif .PHONY: install install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. - $(KUSTOMIZE) build config/crd | kubectl apply -f - + $(KUSTOMIZE) build config/crd | kubectl apply --server-side -f - .PHONY: uninstall uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. From f04b0da89b72293ac0e29dc625a9a680a0785ca5 Mon Sep 17 00:00:00 2001 From: Matt Wise <768067+diranged@users.noreply.github.com> Date: Sat, 17 Jun 2023 09:49:36 -0700 Subject: [PATCH 4/7] use warnings --- .../api/v1alpha1/exec_access_request_webhook.go | 7 +++++-- .../api/v1alpha1/pod_access_request_webhook.go | 14 ++++++++++---- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/internal/api/v1alpha1/exec_access_request_webhook.go b/internal/api/v1alpha1/exec_access_request_webhook.go index 833f9fd..039e48e 100644 --- a/internal/api/v1alpha1/exec_access_request_webhook.go +++ b/internal/api/v1alpha1/exec_access_request_webhook.go @@ -62,15 +62,18 @@ var _ webhook.IContextuallyValidatableObject = &ExecAccessRequest{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type func (r *ExecAccessRequest) ValidateCreate(req admission.Request) (admission.Warnings, error) { + warnings := admission.Warnings{} if req.UserInfo.Username != "" { execaccessrequestlog.Info( fmt.Sprintf("Create ExecAccessRequest from %s", req.UserInfo.Username), ) } else { // TODO: Make this fail, after we have confidence in the code in a live environment. - execaccessrequestlog.Info("WARNING - Create ExecAccessRequest with missing user identity") + w := "WARNING - Create ExecAccessRequest with missing user identity" + warnings = append(warnings, w) + execaccessrequestlog.Info(w) } - return nil, nil + return warnings, nil } // ValidateUpdate prevents immutable updates to the ExecAccessRequest. diff --git a/internal/api/v1alpha1/pod_access_request_webhook.go b/internal/api/v1alpha1/pod_access_request_webhook.go index f7ed9ba..2e99822 100644 --- a/internal/api/v1alpha1/pod_access_request_webhook.go +++ b/internal/api/v1alpha1/pod_access_request_webhook.go @@ -62,28 +62,34 @@ var _ webhook.IContextuallyValidatableObject = &PodAccessRequest{} // ValidateCreate implements webhook.IContextuallyValidatableObject so a webhook will be registered for the type func (r *PodAccessRequest) ValidateCreate(req admission.Request) (admission.Warnings, error) { + warnings := admission.Warnings{} if req.UserInfo.Username != "" { podaccessrequestlog.Info( fmt.Sprintf("Create PodAccessRequest from %s", req.UserInfo.Username), ) } else { // TODO: Make this fail, after we have confidence in the code in a live environment. - podaccessrequestlog.Info("WARNING - Create ExecAccessRequest with missing user identity") + w := "WARNING - Create ExecAccessRequest with missing user identity" + warnings = append(warnings, w) + podaccessrequestlog.Info(w) } - return nil, nil + return warnings, nil } // ValidateUpdate implements webhook.IContextuallyValidatableObject so a webhook will be registered for the type func (r *PodAccessRequest) ValidateUpdate(req admission.Request, _ runtime.Object) (admission.Warnings, error) { + warnings := admission.Warnings{} if req.UserInfo.Username != "" { podaccessrequestlog.Info( fmt.Sprintf("Update PodAccessRequest from %s", req.UserInfo.Username), ) } else { // TODO: Make this fail, after we have confidence in the code in a live environment. - podaccessrequestlog.Info("WARNING - Update ExecAccessRequest with missing user identity") + w := "WARNING - Update ExecAccessRequest with missing user identity" + warnings = append(warnings, w) + podaccessrequestlog.Info(w) } - return nil, nil + return warnings, nil } // ValidateDelete implements webhook.IContextuallyValidatableObject so a webhook will be registered for the type From 2ea87e9ba41b62f60e4c8b989cfd33a7c2bb2a8c Mon Sep 17 00:00:00 2001 From: Matt Wise <768067+diranged@users.noreply.github.com> Date: Sat, 17 Jun 2023 09:55:22 -0700 Subject: [PATCH 5/7] server side apply --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index f17bb97..d5bb774 100644 --- a/Makefile +++ b/Makefile @@ -162,7 +162,7 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified .PHONY: deploy deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} - $(KUSTOMIZE) build config/default | kubectl apply -f - + $(KUSTOMIZE) build config/default | kubectl apply --server-side -f - kubectl -n oz-system rollout restart deployment -l app.kubernetes.io/component=manager .PHONY: undeploy From 75b7a6571aad80529545561d960c7f1f07b0e9cd Mon Sep 17 00:00:00 2001 From: Matt Wise <768067+diranged@users.noreply.github.com> Date: Sat, 17 Jun 2023 10:40:22 -0700 Subject: [PATCH 6/7] faster e2e tests --- .github/workflows/build.yaml | 8 +++++++- .github/workflows/test-e2e.yaml | 8 +++++++- .github/workflows/test.yaml | 2 +- Custom.mk | 8 +++++++- internal/testing/e2e/e2e_suite_test.go | 6 +----- 5 files changed, 23 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 17f8190..1907a16 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,4 +1,4 @@ -name: Reusable Workflow +name: Build Artifacts on: workflow_call: {} @@ -20,3 +20,9 @@ jobs: - name: Check for diff run: git diff --exit-code + + - name: Upload Artifacts + uses: actions/upload-artifact@v3 + with: + name: dist + path: dist/** diff --git a/.github/workflows/test-e2e.yaml b/.github/workflows/test-e2e.yaml index cb7be8e..09976e7 100644 --- a/.github/workflows/test-e2e.yaml +++ b/.github/workflows/test-e2e.yaml @@ -1,4 +1,4 @@ -name: CI +name: Test (End to End) on: workflow_call: {} @@ -22,6 +22,12 @@ jobs: with: persist-credentials: false + - name: Download artifact + uses: actions/download-artifact@v3 + with: + name: dist + path: dist + - name: Set up Go uses: ./.github/actions/setup-go diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 32a1414..ac0f188 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,4 +1,4 @@ -name: CI +name: Unit Test on: workflow_call: {} diff --git a/Custom.mk b/Custom.mk index 1a1db70..5997cfb 100644 --- a/Custom.mk +++ b/Custom.mk @@ -90,7 +90,13 @@ build: $(GORELEASER) .PHONY: docker-load docker-load: - kind load docker-image $(IMG) + docker load --input dist/docker.tar && kind load docker-image $(IMG) + +dist/docker.tar: + docker save -o dist/docker.tar $(IMG) + +.PHONY: docker-save +docker-save: dist/docker.tar gen-crd-api-reference-docs: $(GEN_CRD_API_DOCS) $(GEN_CRD_API_DOCS): diff --git a/internal/testing/e2e/e2e_suite_test.go b/internal/testing/e2e/e2e_suite_test.go index e2e30e3..ddc12b2 100644 --- a/internal/testing/e2e/e2e_suite_test.go +++ b/internal/testing/e2e/e2e_suite_test.go @@ -27,12 +27,8 @@ func TestE2E(t *testing.T) { var _ = BeforeSuite(func() { _ = exec.Command("kubectl", "create", "ns", namespace) - cmdRelease := exec.Command("make", "release") - _, err := utils.Run(cmdRelease) - ExpectWithOffset(1, err).NotTo(HaveOccurred()) - cmdDockerLoad := exec.Command("make", "docker-load") - _, err = utils.Run(cmdDockerLoad) + _, err := utils.Run(cmdDockerLoad) ExpectWithOffset(1, err).NotTo(HaveOccurred()) cmdDeploy := exec.Command("make", "deploy") From 95c1b3dd782f3e0d07209665e2e8bfd0c5b87b4b Mon Sep 17 00:00:00 2001 From: Matt Wise <768067+diranged@users.noreply.github.com> Date: Sat, 17 Jun 2023 10:44:08 -0700 Subject: [PATCH 7/7] add dist/docker.tar to make build --- Custom.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Custom.mk b/Custom.mk index 5997cfb..540b356 100644 --- a/Custom.mk +++ b/Custom.mk @@ -86,7 +86,7 @@ release: $(GORELEASER) .PHONY: build build: $(GORELEASER) - PUBLISH=false $(MAKE) release + PUBLISH=false $(MAKE) release dist/docker.tar .PHONY: docker-load docker-load: