Skip to content

Commit

Permalink
bump: k8s.io 0.23->1.23 go 1.18->1.23 to fix vul cve-2023-44487
Browse files Browse the repository at this point in the history 
Signed-off-by: Jeongwoo Kim - jekim <jekim@lycorp.co.jp>
  • Loading branch information
@mlajkim @eshepelyuk
mlajkim authored and eshepelyuk committed Dec 12, 2024
1 parent 653252e commit ae2e69d
Show file tree
Hide file tree
Showing 2,059 changed files with 222,019 additions and 69,738 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@ bin
*.tgz
tags.json
.idea
.vscode/settings.json
5 changes: 2 additions & 3 deletions cmd/kube-mgmt/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (
"crypto/tls"
"crypto/x509"
"fmt"
"io/ioutil"
"net/http"
"os"
"path"
Expand Down Expand Up @@ -141,7 +140,7 @@ func run(params *params) {
}

if params.opaAuthFile != "" {
file, err := ioutil.ReadFile(params.opaAuthFile)
file, err := os.ReadFile(params.opaAuthFile)
if err != nil {
logrus.Fatalf("Failed to read opa auth token file %s", params.opaAuthFile)
}
Expand All @@ -162,7 +161,7 @@ func run(params *params) {
if rootCAs == nil {
rootCAs = x509.NewCertPool()
}
certs, err := ioutil.ReadFile(params.opaCAFile)
certs, err := os.ReadFile(params.opaCAFile)
if err != nil {
logrus.Fatalf("Failed to read opa certificate authority file %s", params.opaCAFile)
}
Expand Down
58 changes: 34 additions & 24 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,48 +1,58 @@
module github.com/open-policy-agent/kube-mgmt

go 1.18
go 1.23

require (
github.com/sirupsen/logrus v1.8.3
github.com/spf13/cobra v1.3.0
k8s.io/api v0.23.17
k8s.io/apimachinery v0.23.17
k8s.io/client-go v0.23.17
k8s.io/api v0.31.3
k8s.io/apimachinery v0.31.3
k8s.io/client-go v0.31.3
)

require gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
require (
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.22.4 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/x448/float16 v0.8.4 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
)

require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/evanphx/json-patch v5.6.0+incompatible // indirect
github.com/go-logr/logr v1.2.0 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/protobuf v1.5.2 // indirect; indire4ct
github.com/google/go-cmp v0.5.6 // indirect
github.com/google/gofuzz v1.1.0 // indirect
github.com/googleapis/gnostic v0.5.5 // indirect
github.com/imdario/mergo v0.3.5 // indirect
github.com/golang/protobuf v1.5.4 // indirect; indire4ct
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/imdario/mergo v0.3.6 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect
golang.org/x/net v0.23.0 // indirect
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
golang.org/x/net v0.26.0 // indirect
golang.org/x/oauth2 v0.21.0 // indirect
golang.org/x/sys v0.26.0 // indirect
golang.org/x/term v0.25.0 // indirect
golang.org/x/text v0.19.0 // indirect
golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/protobuf v1.33.0 // indirect
golang.org/x/time v0.3.0 // indirect
google.golang.org/protobuf v1.34.2 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/klog/v2 v2.30.0 // indirect
k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect
k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect
sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/yaml v1.2.0 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
)
175 changes: 92 additions & 83 deletions go.sum
View file

Large diffs are not rendered by default.

15 changes: 8 additions & 7 deletions pkg/configmap/configmap.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,20 +140,21 @@ func (s *Sync) Run(namespaces []string) (chan struct{}, error) {
if namespace == "*" {
namespace = v1.NamespaceAll
}
source := cache.NewListWatchFromClient(
listerWatcher := cache.NewListWatchFromClient(
client,
"configmaps",
namespace,
fields.Everything())
_, controller := cache.NewInformer(
source,
&v1.ConfigMap{},
0,
cache.ResourceEventHandlerFuncs{
_, controller := cache.NewInformerWithOptions(cache.InformerOptions{
ListerWatcher: listerWatcher,
ObjectType: &v1.ConfigMap{},
Handler: cache.ResourceEventHandlerFuncs{
AddFunc: s.add,
UpdateFunc: s.update,
DeleteFunc: s.delete,
})
},
ResyncPeriod: 0, // Set to 0 as in the original code
})
go controller.Run(quit)
}
return quit, nil
Expand Down
26 changes: 13 additions & 13 deletions pkg/data/generic.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ type GenericSync struct {
client dynamicClient
opa opa_client.Data
ns types.ResourceType
limiter workqueue.RateLimiter
limiter workqueue.TypedRateLimiter[any]
jitterFactor float64
ignoreNamespaces []string
}
Expand Down Expand Up @@ -70,7 +70,7 @@ func NewFromInterface(client dynamic.Interface, opa opa_client.Data, ns types.Re
opt(s)
}
if s.limiter == nil { // Use default rateLimiter if not configured
s.limiter = workqueue.NewItemExponentialFailureRateLimiter(backoffMin, backoffMax)
s.limiter = workqueue.NewTypedItemExponentialFailureRateLimiter[any](backoffMin, backoffMax)
}
return s
}
Expand All @@ -85,7 +85,7 @@ func WithIgnoreNamespaces(ignoreNamespaces []string) Option {
// WithBackoff tunes the values of exponential backoff and jitter factor
func WithBackoff(min, max time.Duration, jitterFactor float64) Option {
return func(s *GenericSync) {
s.limiter = workqueue.NewItemExponentialFailureRateLimiter(min, max)
s.limiter = workqueue.NewTypedItemExponentialFailureRateLimiter[any](min, max)
s.jitterFactor = jitterFactor
}
}
Expand Down Expand Up @@ -128,13 +128,13 @@ func (s *GenericSync) RunContext(ctx context.Context) error {
}

// setup the store and queue for this GenericSync instance
func (s *GenericSync) setup(ctx context.Context) (cache.Store, workqueue.DelayingInterface) {
func (s *GenericSync) setup(ctx context.Context) (cache.Store, workqueue.TypedDelayingInterface[any]) {
ignoreNs := s.ignoreNs()

resource := s.client.ResourceFor(s.ns, metav1.NamespaceAll)
queue := workqueue.NewNamedDelayingQueue(s.ns.String())
store, controller := cache.NewInformer(
&cache.ListWatch{
store, controller := cache.NewInformerWithOptions(cache.InformerOptions{
ListerWatcher: &cache.ListWatch{
ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
options.FieldSelector = ignoreNs
return resource.List(ctx, options)
Expand All @@ -144,10 +144,10 @@ func (s *GenericSync) setup(ctx context.Context) (cache.Store, workqueue.Delayin
return resource.Watch(ctx, options)
},
},
&unstructured.Unstructured{},
0,
resourceEventQueue{queue},
)
ObjectType: &unstructured.Unstructured{},
Handler: resourceEventQueue{queue},
ResyncPeriod: 0,
})

start, quit := time.Now(), ctx.Done()
go controller.Run(quit)
Expand Down Expand Up @@ -181,7 +181,7 @@ type resourceEventQueue struct {
}

// OnAdd implements ResourceHandler
func (q resourceEventQueue) OnAdd(obj interface{}) {
func (q resourceEventQueue) OnAdd(obj interface{}, isInInitialList bool) {
key, err := cache.MetaNamespaceKeyFunc(obj)
if err != nil {
logrus.Warnf("failed to retrieve key: %v", err)
Expand Down Expand Up @@ -210,7 +210,7 @@ func (q resourceEventQueue) resourceVersionMatch(oldObj, newObj interface{}) boo
// OnUpdate implements ResourceHandler
func (q resourceEventQueue) OnUpdate(oldObj, newObj interface{}) {
if !q.resourceVersionMatch(oldObj, newObj) { // Avoid sync flood on relist. We don't use resync.
q.OnAdd(newObj)
q.OnAdd(newObj, false)
}
}

Expand All @@ -229,7 +229,7 @@ const initPath = ""
// loop starts replicating Kubernetes resources into OPA. If an error occurs
// during the replication process, this function will backoff and reload
// all resources into OPA from scratch.
func (s *GenericSync) loop(store cache.Store, queue workqueue.DelayingInterface) {
func (s *GenericSync) loop(store cache.Store, queue workqueue.TypedDelayingInterface[any]) {

logrus.Infof("Syncing %v.", s.ns)
defer func() {
Expand Down
71 changes: 71 additions & 0 deletions vendor/github.com/emicklei/go-restful/v3/.gitignore
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions vendor/github.com/emicklei/go-restful/v3/.goconvey
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 13 additions & 0 deletions vendor/github.com/emicklei/go-restful/v3/.travis.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit ae2e69d

Please sign in to comment.