Skip to content

Commit

Permalink
Fix: Vulnerability in golang.org/x/net/http2 & `github.com/sirupsen…
Browse files Browse the repository at this point in the history
…/logrus` (#262)

Signed-off-by: Jeongwoo Kim - jekim <jekim@yahoo-corp.jp>
  • Loading branch information
mlajkim authored Oct 10, 2024
1 parent 7e23da5 commit 69b3fb9
Show file tree
Hide file tree
Showing 387 changed files with 12,555 additions and 5,309 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,9 @@ jobs:
- uses: actions/checkout@v3
- uses: WillAbides/setup-go-faster@v1.7.0
with:
go-version: "1.17.7"
go-version: "1.23.2"
- run: |
go install honnef.co/go/tools/cmd/staticcheck@2022.1.3
go install honnef.co/go/tools/cmd/staticcheck@2024.1.1
- uses: extractions/setup-just@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
16 changes: 8 additions & 8 deletions cmd/kube-mgmt/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,16 +80,16 @@ func main() {
rootCmd.Flags().BoolVarP(&params.opaAllowInsecure, "opa-allow-insecure", "", false, "allow insecure https connections to OPA")
rootCmd.Flags().StringVar(&params.logLevel, "log-level", "info", "set log level {debug, info, warn}")

// policy / data
rootCmd.Flags().BoolVarP(&params.enablePolicies, "enable-policies", "", true, "whether to automatically discover policies from labelled ConfigMaps")
rootCmd.Flags().StringVar(&params.policyLabel, "policy-label", "openpolicyagent.org/policy", "label name for filtering ConfigMaps with policies")
rootCmd.Flags().StringVar(&params.policyValue, "policy-value", "rego", "label value for filtering ConfigMaps with policies")
rootCmd.Flags().BoolVarP(&params.enableData, "enable-data", "", true, "whether to automatically discover data from labelled ConfigMaps")
rootCmd.Flags().StringVar(&params.dataLabel, "data-label", "openpolicyagent.org/data", "label name for filtering ConfigMaps with data")
rootCmd.Flags().StringVar(&params.dataValue, "data-value", "opa", "label value for filtering ConfigMaps with data")
// policy / data
rootCmd.Flags().BoolVarP(&params.enablePolicies, "enable-policies", "", true, "whether to automatically discover policies from labelled ConfigMaps")
rootCmd.Flags().StringVar(&params.policyLabel, "policy-label", "openpolicyagent.org/policy", "label name for filtering ConfigMaps with policies")
rootCmd.Flags().StringVar(&params.policyValue, "policy-value", "rego", "label value for filtering ConfigMaps with policies")
rootCmd.Flags().BoolVarP(&params.enableData, "enable-data", "", true, "whether to automatically discover data from labelled ConfigMaps")
rootCmd.Flags().StringVar(&params.dataLabel, "data-label", "openpolicyagent.org/data", "label name for filtering ConfigMaps with data")
rootCmd.Flags().StringVar(&params.dataValue, "data-value", "opa", "label value for filtering ConfigMaps with data")
rootCmd.Flags().StringSliceVarP(&params.namespaces, "namespaces", "", []string{""}, "namespaces to load policies and data from")

// replication
// replication
rootCmd.Flags().VarP(&params.replicateNamespace, "replicate", "", "replicate namespace-level resources")
rootCmd.Flags().VarP(&params.replicateCluster, "replicate-cluster", "", "replicate cluster-level resources")
rootCmd.Flags().StringVarP(&params.replicatePath, "replicate-path", "", "kubernetes", "set path to replicate data into")
Expand Down
12 changes: 6 additions & 6 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
module github.com/open-policy-agent/kube-mgmt

go 1.17
go 1.18

require (
github.com/sirupsen/logrus v1.8.1
github.com/sirupsen/logrus v1.8.3
github.com/spf13/cobra v1.3.0
k8s.io/api v0.23.17
k8s.io/apimachinery v0.23.17
Expand All @@ -28,11 +28,11 @@ require (
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/net v0.23.0 // indirect
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
golang.org/x/sys v0.13.0 // indirect
golang.org/x/term v0.13.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/sys v0.26.0 // indirect
golang.org/x/term v0.25.0 // indirect
golang.org/x/text v0.19.0 // indirect
golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/protobuf v1.33.0 // indirect
Expand Down
87 changes: 11 additions & 76 deletions go.sum

Large diffs are not rendered by default.

60 changes: 30 additions & 30 deletions pkg/configmap/configmap.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@ import (
"fmt"
"hash/fnv"
"sort"
"strconv"
"strings"
"time"
"strconv"

"github.com/open-policy-agent/kube-mgmt/pkg/opa"
"github.com/sirupsen/logrus"
Expand All @@ -31,8 +31,8 @@ import (
)

const (
defaultRetries = 2
statusAnnotationKey = "openpolicyagent.org/kube-mgmt-status"
defaultRetries = 2
statusAnnotationKey = "openpolicyagent.org/kube-mgmt-status"
retriesAnnotationKey = "openpolicyagent.org/kube-mgmt-retries"
// Special namespace in Kubernetes federation that holds scheduling policies.
// commented because staticcheck: 'const kubeFederationSchedulingPolicy is unused (U1000)'
Expand All @@ -43,7 +43,7 @@ const (
)

// Label validator
func CustomLabel(key, value string) error {
func CustomLabel(key, value string) error {
_, err := labels.NewRequirement(key, selection.Equals, []string{value})
if err != nil {
return err
Expand Down Expand Up @@ -135,7 +135,7 @@ func (s *Sync) Run(namespaces []string) (chan struct{}, error) {
}
quit := make(chan struct{})

logrus.Infof("Policy/data ConfigMap processor connected to K8s: namespaces=%v", namespaces)
logrus.Infof("Policy/data ConfigMap processor connected to K8s: namespaces=%v", namespaces)
for _, namespace := range namespaces {
if namespace == "*" {
namespace = v1.NamespaceAll
Expand All @@ -162,19 +162,19 @@ func (s *Sync) Run(namespaces []string) (chan struct{}, error) {
func (s *Sync) add(obj interface{}) {
cm := obj.(*v1.ConfigMap)
if match, isPolicy := s.matcher(cm); match {
logrus.Debugf("OnAdd cm=%v/%v, isPolicy=%v", cm.Namespace, cm.Name, isPolicy)
logrus.Debugf("OnAdd cm=%v/%v, isPolicy=%v", cm.Namespace, cm.Name, isPolicy)
s.syncAdd(cm, isPolicy)
}
}

func (s *Sync) update(oldObj, obj interface{}) {
oldCm, cm := oldObj.(*v1.ConfigMap), obj.(*v1.ConfigMap)
if match, isPolicy := s.matcher(cm); match {
logrus.Debugf("OnUpdate cm=%v/%v, isPolicy=%v, oldVer=%v, newVer=%v",
cm.Namespace, cm.Name, isPolicy, oldCm.GetResourceVersion(), cm.GetResourceVersion())
logrus.Debugf("OnUpdate cm=%v/%v, isPolicy=%v, oldVer=%v, newVer=%v",
cm.Namespace, cm.Name, isPolicy, oldCm.GetResourceVersion(), cm.GetResourceVersion())
if cm.GetResourceVersion() != oldCm.GetResourceVersion() {
newFp, oldFp := fingerprint(cm), fingerprint(oldCm)
rtrVal := cm.Annotations[retriesAnnotationKey]
rtrVal := cm.Annotations[retriesAnnotationKey]
logrus.Debugf("OnUpdate cm=%v/%v, retries=%v, oldFp=%v, newFp=%v", cm.Namespace, cm.Name, rtrVal, oldFp, newFp)
if newFp != oldFp || rtrVal != "0" {
s.syncAdd(cm, isPolicy)
Expand All @@ -194,7 +194,7 @@ func (s *Sync) delete(obj interface{}) {
}
cm := obj.(*v1.ConfigMap)
if match, isPolicy := s.matcher(cm); match {
logrus.Debugf("OnDelete cm=%v/%v", cm.Namespace, cm.Name)
logrus.Debugf("OnDelete cm=%v/%v", cm.Namespace, cm.Name)
s.syncRemove(cm, isPolicy)
}
}
Expand All @@ -215,7 +215,7 @@ func (s *Sync) syncAdd(cm *v1.ConfigMap, isPolicy bool) {
var err error
if isPolicy {
err = s.opa.InsertPolicy(id, []byte(value))
logrus.Infof("Added policy %v, err=%v", id, err)
logrus.Infof("Added policy %v, err=%v", id, err)
} else {
// We don't need to know the JSON structure, just pass it
// directly to the OPA data store.
Expand All @@ -232,22 +232,22 @@ func (s *Sync) syncAdd(cm *v1.ConfigMap, isPolicy bool) {
}
}
if syncErr != nil {
var retries int = 0
if isPolicy {
if rStr, ok := cm.Annotations[retriesAnnotationKey]; ok {
r, err := strconv.Atoi(rStr)
if err == nil && r > 0 {
retries = r - 1
logrus.Debugf("Adding policies error cm=%v, old retry=%v, new retry=%v", path, rStr, retries)
} else if err == nil && r == 0 {
retries = defaultRetries
logrus.Debugf("Adding policies error cm=%v, old retry=%v, new retry=%v", path, rStr, retries)
}
} else {
retries = defaultRetries
logrus.Debugf("Adding policies error cm=%v, no retry annotation, new retry=%v", path, retries)
}
}
var retries int = 0
if isPolicy {
if rStr, ok := cm.Annotations[retriesAnnotationKey]; ok {
r, err := strconv.Atoi(rStr)
if err == nil && r > 0 {
retries = r - 1
logrus.Debugf("Adding policies error cm=%v, old retry=%v, new retry=%v", path, rStr, retries)
} else if err == nil && r == 0 {
retries = defaultRetries
logrus.Debugf("Adding policies error cm=%v, old retry=%v, new retry=%v", path, rStr, retries)
}
} else {
retries = defaultRetries
logrus.Debugf("Adding policies error cm=%v, no retry annotation, new retry=%v", path, retries)
}
}
s.setAnnotations(cm, status{
Status: "error",
Error: syncErr,
Expand All @@ -260,7 +260,7 @@ func (s *Sync) syncAdd(cm *v1.ConfigMap, isPolicy bool) {
}

func (s *Sync) syncRemove(cm *v1.ConfigMap, isPolicy bool) {
logrus.Debugf("Attempting to remove cm=%v/%v, isPolicy=%v", cm.Namespace, cm.Name, isPolicy)
logrus.Debugf("Attempting to remove cm=%v/%v, isPolicy=%v", cm.Namespace, cm.Name, isPolicy)
path := fmt.Sprintf("%v/%v", cm.Namespace, cm.Name)
for key := range cm.Data {
id := fmt.Sprintf("%v/%v", path, key)
Expand All @@ -286,7 +286,7 @@ func (s *Sync) setAnnotations(cm *v1.ConfigMap, st status, retries int) {
patch := map[string]interface{}{
"metadata": map[string]interface{}{
"annotations": map[string]interface{}{
statusAnnotationKey: string(bs),
statusAnnotationKey: string(bs),
retriesAnnotationKey: strconv.Itoa(retries),
},
},
Expand All @@ -303,7 +303,7 @@ func (s *Sync) setAnnotations(cm *v1.ConfigMap, st status, retries int) {
}

func (s *Sync) syncReset(id string) {
logrus.Debugf("Attempting to reset %v", id)
logrus.Debugf("Attempting to reset %v", id)
d := syncResetBackoffMin
for {
if err := s.opa.PutData("/", map[string]interface{}{}); err != nil {
Expand Down
12 changes: 7 additions & 5 deletions vendor/github.com/sirupsen/logrus/README.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 0 additions & 9 deletions vendor/github.com/sirupsen/logrus/buffer_pool.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

21 changes: 16 additions & 5 deletions vendor/github.com/sirupsen/logrus/entry.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 13 additions & 0 deletions vendor/github.com/sirupsen/logrus/logger.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 69b3fb9

Please sign in to comment.