From f67f5e9e5b4711fdd2aaa54c9c5aaec895a0ffc4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Feb 2024 11:07:59 -0300 Subject: [PATCH 01/83] Bump the google-cloud-sdk group with 1 update (#4896) Bumps the google-cloud-sdk group with 1 update: [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go). Updates `cloud.google.com/go/storage` from 1.37.0 to 1.38.0 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.37.0...spanner/v1.38.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/storage dependency-type: direct:production update-type: version-update:semver-minor dependency-group: google-cloud-sdk ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 09a5d3b47a..eabd023a7f 100644 --- a/go.mod +++ b/go.mod @@ -3,11 +3,11 @@ module github.com/spiffe/spire go 1.21 require ( - cloud.google.com/go/iam v1.1.5 + cloud.google.com/go/iam v1.1.6 cloud.google.com/go/kms v1.15.5 cloud.google.com/go/secretmanager v1.11.4 cloud.google.com/go/security v1.15.4 - cloud.google.com/go/storage v1.37.0 + cloud.google.com/go/storage v1.38.0 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 @@ -328,8 +328,8 @@ require ( golang.org/x/text v0.14.0 // indirect golang.org/x/tools v0.16.1 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 // indirect + google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 // indirect gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index c89d712240..6ac9da36fd 100644 --- a/go.sum +++ b/go.sum @@ -214,8 +214,8 @@ cloud.google.com/go/iam v0.6.0/go.mod h1:+1AH33ueBne5MzYccyMHtEKqLE4/kJOibtffMHD cloud.google.com/go/iam v0.7.0/go.mod h1:H5Br8wRaDGNc8XP3keLc4unfUUZeyH3Sfl9XpQEYOeg= cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE= cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY= -cloud.google.com/go/iam v1.1.5 h1:1jTsCu4bcsNsE4iiqNT5SHwrDRCfRmIaaaVFhRveTJI= -cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8= +cloud.google.com/go/iam v1.1.6 h1:bEa06k05IO4f4uJonbB5iAgKTPpABy1ayxaIZV/GHVc= +cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI= cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= cloud.google.com/go/ids v1.1.0/go.mod h1:WIuwCaYVOzHIj2OhN9HAwvW+DBdmUAdcWlFxRl+KubM= @@ -364,8 +364,8 @@ cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3f cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc= cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= -cloud.google.com/go/storage v1.37.0 h1:WI8CsaFO8Q9KjPVtsZ5Cmi0dXV25zMoX0FklT7c3Jm4= -cloud.google.com/go/storage v1.37.0/go.mod h1:i34TiT2IhiNDmcj65PqwCjcoUX7Z5pLzS8DEmoiFq1k= +cloud.google.com/go/storage v1.38.0 h1:Az68ZRGlnNTpIBbLjSMIV2BDcwwXYlRlQzis0llkpJg= +cloud.google.com/go/storage v1.38.0/go.mod h1:tlUADB0mAb9BgYls9lq+8MGkfzOXuLrnHXlpHmvFJoY= cloud.google.com/go/storagetransfer v1.5.0/go.mod h1:dxNzUopWy7RQevYFHewchb29POFv3/AaBgnhqzqiK0w= cloud.google.com/go/storagetransfer v1.6.0/go.mod h1:y77xm4CQV/ZhFZH75PLEXY0ROiS7Gh6pSKrM8dJyg6I= cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw= @@ -2094,10 +2094,10 @@ google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230223222841-637eb2293923/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= -google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ= -google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= -google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 h1:Lj5rbfG876hIAYFjqiJnPHfhXbv+nzTWfm04Fg/XSVU= -google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA= +google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe h1:USL2DhxfgRchafRvt/wYyyQNzwgL7ZiURcozOE/Pkvo= +google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= +google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 h1:x9PwdEgd11LgK+orcck69WVRo7DezSO4VUMPI4xpc8A= +google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014/go.mod h1:rbHMSEDyoYX62nRVLOCc4Qt1HbsdytAYoVwgjiOhF3I= google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe h1:bQnxqljG/wqi4NTXu2+DJ3n7APcEA882QZ1JvhQAq9o= google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= From 49f8857c7afa28313762b138dbed6c19a503007f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Agust=C3=ADn=20Mart=C3=ADnez=20Fay=C3=B3?= Date: Tue, 27 Feb 2024 17:41:04 -0300 Subject: [PATCH 02/83] Introduce support to IAM authentication in the datastore (#4828) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Introduce support to IAM authentication in the datastore Signed-off-by: Agustín Martínez Fayó --- conf/server/server_full.conf | 12 + doc/plugin_server_datastore_sql.md | 72 ++++ go.mod | 4 + go.sum | 10 + .../datastore/sqldriver/awsrds/auth_token.go | 111 ++++++ .../datastore/sqldriver/awsrds/awsrds.go | 182 +++++++++ .../datastore/sqldriver/awsrds/awsrds_test.go | 368 ++++++++++++++++++ pkg/server/datastore/sqlstore/migration.go | 2 +- pkg/server/datastore/sqlstore/mysql.go | 64 ++- pkg/server/datastore/sqlstore/postgres.go | 42 +- pkg/server/datastore/sqlstore/sqlstore.go | 197 +++++++--- .../datastore/sqlstore/sqlstore_test.go | 29 ++ 12 files changed, 1020 insertions(+), 73 deletions(-) create mode 100644 pkg/server/datastore/sqldriver/awsrds/auth_token.go create mode 100644 pkg/server/datastore/sqldriver/awsrds/awsrds.go create mode 100644 pkg/server/datastore/sqldriver/awsrds/awsrds_test.go diff --git a/conf/server/server_full.conf b/conf/server/server_full.conf index ce33399de9..769db77c16 100644 --- a/conf/server/server_full.conf +++ b/conf/server/server_full.conf @@ -230,6 +230,18 @@ plugins { # database_type: database type, database_type = "sqlite3" + # database_type "". Database type with IAM + # authentication. + # database_type "aws_postgres" { + # region: AWS Region to use. + # region = "" + # } + + # database_type "aws_mysql" { + # region: AWS Region to use. + # region = "" + # } + # connection_string: database specific connection string. The format # depends on the value specified for database_type. connection_string = "./.data/datastore.sqlite3" diff --git a/doc/plugin_server_datastore_sql.md b/doc/plugin_server_datastore_sql.md index 1fef6e3b55..657b2b2497 100644 --- a/doc/plugin_server_datastore_sql.md +++ b/doc/plugin_server_datastore_sql.md @@ -135,6 +135,78 @@ If you need to use custom Root CA, just specify `root_ca_path` in the plugin con } ``` +### IAM Authentication + +Identity and Access Management (IAM) authentication allows for secure authentication to databases hosted on cloud services. Unlike traditional methods, it uses an authentication token instead of a password. When using IAM authentication, it is required to exclude the password from the connection string. + +The `database_type` configuration allows specifying the type of database with IAM authentication support. The configuration always follows this structure: + +```hcl + database_type "dbtype-with-iam-support" { + setting_1 = "value-1" + setting_2 = "value-2" + ... + } +``` + +_Note: Replace `dbtype-with-iam-support` with the specific database type that supports IAM authentication._ + +Supported IAM authentication database types include: + +#### "aws_postgres" + +For PostgreSQL databases on AWS RDS using IAM authentication. The `region` setting is mandatory, specifying the AWS service region. + +This is the complete list of configuration options under the `database_type` setting when `aws_postgres` is set: + +| Configuration | Description | Required | Default | +|-------------------|---------------------------------------|------------------------------------------------------------------------|-----------------------------------------------------| +| access_key_id | AWS access key id. | Required only if AWS_ACCESS_KEY_ID environment variable is not set. | Value of AWS_ACCESS_KEY_ID environment variable. | +| secret_access_key | AWS secret access key. | Required only if AWS_SECRET_ACCESSKEY environment variable is not set. | Value of AWS_SECRET_ACCESSKEY environment variable. | +| region | AWS region of the database. | Yes. | | + +Settings of the [`postgres`](#database_type--postgres) database type also apply here. + +##### Sample configuration + +```hcl + DataStore "sql" { + plugin_data { + database_type "aws_postgres" { + region = "us-east-2" + } + connection_string = "dbname=spire user=test_user host=spire-test.example.us-east-2.rds.amazonaws.com port=5432 sslmode=require" + } + } +``` + +#### "aws_mysql" + +For MySQL databases on AWS RDS using IAM authentication. The `region` setting is required. + +This is the complete list of configuration options under the `database_type` setting when `aws_mysql` is set: + +| Configuration | Description | Required | Default | +|-------------------|---------------------------------------|------------------------------------------------------------------------|-----------------------------------------------------| +| access_key_id | AWS access key id. | Required only if AWS_ACCESS_KEY_ID environment variable is not set. | Value of AWS_ACCESS_KEY_ID environment variable. | +| secret_access_key | AWS secret access key. | Required only if AWS_SECRET_ACCESSKEY environment variable is not set. | Value of AWS_SECRET_ACCESSKEY environment variable. | +| region | AWS region of the database. | Yes. | | + +Settings of the [`mysql`](#database_type--mysql) database type also apply here. + +##### Sample configuration + +```hcl + DataStore "sql" { + plugin_data { + database_type "aws_mysql" { + region = "us-east-2" + } + connection_string="test_user:@tcp(spire-test.example.us-east-2.rds.amazonaws.com:3306)/spire?parseTime=true&allowCleartextPasswords=1&tls=true" + } + } +``` + #### Read Only connection Read Only connection will be used when the optional `ro_connection_string` is set. The formatted string takes the same form as connection_string. This option is not applicable for SQLite3. diff --git a/go.mod b/go.mod index eabd023a7f..6beb5b326f 100644 --- a/go.mod +++ b/go.mod @@ -22,6 +22,7 @@ require ( github.com/aws/aws-sdk-go-v2/config v1.27.0 github.com/aws/aws-sdk-go-v2/credentials v1.17.0 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0 + github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.3.10 github.com/aws/aws-sdk-go-v2/service/acmpca v1.28.0 github.com/aws/aws-sdk-go-v2/service/ec2 v1.148.0 github.com/aws/aws-sdk-go-v2/service/iam v1.30.0 @@ -54,6 +55,7 @@ require ( github.com/hashicorp/vault/sdk v0.11.0 github.com/imdario/mergo v0.3.16 github.com/imkira/go-observer v1.0.3 + github.com/jackc/pgx/v5 v5.5.2 github.com/jinzhu/gorm v1.9.16 github.com/lestrrat-go/jwx/v2 v2.0.19 github.com/lib/pq v1.10.9 @@ -226,6 +228,8 @@ require ( github.com/huandu/xstrings v1.3.3 // indirect github.com/in-toto/in-toto-golang v0.9.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/jackc/pgpassfile v1.0.0 // indirect + github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect github.com/jinzhu/inflection v1.0.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect diff --git a/go.sum b/go.sum index 6ac9da36fd..aa95856d7f 100644 --- a/go.sum +++ b/go.sum @@ -570,6 +570,8 @@ github.com/aws/aws-sdk-go-v2/credentials v1.17.0 h1:lMW2x6sKBsiAJrpi1doOXqWFyEPo github.com/aws/aws-sdk-go-v2/credentials v1.17.0/go.mod h1:uT41FIH8cCIxOdUYIL0PYyHlL1NoneDuDSCwg5VE/5o= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0 h1:xWCwjjvVz2ojYTP4kBKUuUh9ZrXfcAXpflhOUUeXg1k= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0/go.mod h1:j3fACuqXg4oMTQOR2yY7m0NmJY0yBK4L4sLsRXq1Ins= +github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.3.10 h1:z6fAXB4HSuYjrE/P8RU3NdCaN+EPaeq/+80aisCjuF8= +github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.3.10/go.mod h1:PoPjOi7j+/DtKIGC58HRfcdWKBPYYXwdKnRG+po+hzo= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.0 h1:NPs/EqVO+ajwOoq56EfcGKa3L3ruWuazkIw1BqxwOPw= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.0/go.mod h1:D+duLy2ylgatV+yTlQ8JTuLfDD0BnFvnQRc+o6tbZ4M= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.0 h1:ks7KGMVUMoDzcxNWUlEdI+/lokMFD136EL6DWmUOV80= @@ -1079,6 +1081,14 @@ github.com/in-toto/in-toto-golang v0.9.0 h1:tHny7ac4KgtsfrG6ybU8gVOZux2H8jN05AXJ github.com/in-toto/in-toto-golang v0.9.0/go.mod h1:xsBVrVsHNsB61++S6Dy2vWosKhuA3lUTQd+eF9HdeMo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= +github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= +github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk= +github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= +github.com/jackc/pgx/v5 v5.5.2 h1:iLlpgp4Cp/gC9Xuscl7lFL1PhhW+ZLtXZcrfCt4C3tA= +github.com/jackc/pgx/v5 v5.5.2/go.mod h1:ez9gk+OAat140fv9ErkZDYFWmXLfV+++K0uAOiwgm1A= +github.com/jackc/puddle/v2 v2.2.1 h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk= +github.com/jackc/puddle/v2 v2.2.1/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 h1:TMtDYDHKYY15rFihtRfck/bfFqNfvcabqvXAFQfAUpY= github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267/go.mod h1:h1nSAbGFqGVzn6Jyl1R/iCcBUHN4g+gW1u9CoBTrb9E= github.com/jellydator/ttlcache/v3 v3.1.1 h1:RCgYJqo3jgvhl+fEWvjNW8thxGWsgxi+TPhRir1Y9y8= diff --git a/pkg/server/datastore/sqldriver/awsrds/auth_token.go b/pkg/server/datastore/sqldriver/awsrds/auth_token.go new file mode 100644 index 0000000000..5179aed0e7 --- /dev/null +++ b/pkg/server/datastore/sqldriver/awsrds/auth_token.go @@ -0,0 +1,111 @@ +package awsrds + +import ( + "context" + "errors" + "fmt" + "net/url" + "time" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/credentials" + "github.com/aws/aws-sdk-go-v2/feature/rds/auth" +) + +const iso8601BasicFormat = "20060102T150405Z" + +type authTokenBuilder interface { + buildAuthToken(ctx context.Context, endpoint string, region string, dbUser string, creds aws.CredentialsProvider, optFns ...func(options *auth.BuildAuthTokenOptions)) (string, error) +} + +type tokenGetter interface { + getAuthToken(ctx context.Context, params *Config, tokenBuilder authTokenBuilder) (string, error) +} + +type authToken struct { + token string + expiresAt time.Time +} + +func (a *authToken) getAuthToken(ctx context.Context, config *Config, tokenBuilder authTokenBuilder) (string, error) { + if config == nil { + return "", errors.New("missing config") + } + + if tokenBuilder == nil { + return "", errors.New("missing token builder") + } + + if !a.isExpired() { + return a.token, nil + } + + awsClientConfig, err := newAWSClientConfig(ctx, config) + if err != nil { + return "", fmt.Errorf("failed to create AWS Config: %w", err) + } + + authenticationToken, err := tokenBuilder.buildAuthToken(ctx, config.Endpoint, + config.Region, + config.DbUser, + awsClientConfig.Credentials) + if err != nil { + return "", fmt.Errorf("failed to build authentication token: %w", err) + } + + values, err := url.ParseQuery(authenticationToken) + if err != nil { + return "", fmt.Errorf("failed to parse authentication token: %w", err) + } + + dateValues := values["X-Amz-Date"] + if len(dateValues) != 1 { + return "", errors.New("malformed token: could not get X-Amz-Date value") + } + + dateTime, err := time.Parse(iso8601BasicFormat, dateValues[0]) + if err != nil { + return "", fmt.Errorf("failed to parse X-Amz-Date date: %w", err) + } + + durationValues := values["X-Amz-Expires"] + if len(durationValues) != 1 { + return "", errors.New("malformed token: could not get X-Amz-Expires value") + } + + // X-Amz-Expires is expressed as a duration in seconds. + durationTime, err := time.ParseDuration(fmt.Sprintf("%ss", durationValues[0])) + if err != nil { + return "", fmt.Errorf("failed to parse X-Amz-Expires duration: %w", err) + } + a.token = authenticationToken + a.expiresAt = dateTime.Add(durationTime) + return authenticationToken, nil +} + +func (a *authToken) isExpired() bool { + clockSkew := time.Minute // Make sure that the authentication token is valid for one more minute. + return nowFunc().Add(-clockSkew).Sub(a.expiresAt) >= 0 +} + +type awsTokenBuilder struct{} + +func (a *awsTokenBuilder) buildAuthToken(ctx context.Context, endpoint string, region string, dbUser string, creds aws.CredentialsProvider, optFns ...func(options *auth.BuildAuthTokenOptions)) (string, error) { + return auth.BuildAuthToken(ctx, endpoint, region, dbUser, creds, optFns...) +} + +func newAWSClientConfig(ctx context.Context, c *Config) (aws.Config, error) { + cfg, err := config.LoadDefaultConfig(ctx, + config.WithRegion(c.Region), + ) + if err != nil { + return aws.Config{}, err + } + + if c.SecretAccessKey != "" && c.AccessKeyID != "" { + cfg.Credentials = credentials.NewStaticCredentialsProvider(c.AccessKeyID, c.SecretAccessKey, "") + } + + return cfg, nil +} diff --git a/pkg/server/datastore/sqldriver/awsrds/awsrds.go b/pkg/server/datastore/sqldriver/awsrds/awsrds.go new file mode 100644 index 0000000000..c966bba038 --- /dev/null +++ b/pkg/server/datastore/sqldriver/awsrds/awsrds.go @@ -0,0 +1,182 @@ +package awsrds + +import ( + "context" + "database/sql" + "database/sql/driver" + "encoding/json" + "errors" + "fmt" + "strings" + "sync" + "time" + + "github.com/go-sql-driver/mysql" + "github.com/jackc/pgx/v5" + "github.com/jinzhu/gorm" + "github.com/lib/pq" +) + +const ( + MySQLDriverName = "aws-rds-mysql" + PostgresDriverName = "aws-rds-postgres" + getAuthTokenTimeout = time.Second * 30 +) + +// nowFunc returns the current time and can overridden in tests. +var nowFunc = time.Now + +// Config holds the configuration settings to be able to authenticate to a +// database in the AWS RDS service. +type Config struct { + Region string `json:"region"` + AccessKeyID string `json:"access_key_id"` + SecretAccessKey string `json:"secret_access_key"` + Endpoint string `json:"endpoint"` + DbUser string `json:"dbuser"` + DriverName string `json:"driver_name"` + ConnString string `json:"conn_string"` +} + +func init() { + registerPostgres() + registerMySQL() +} + +// FormatDSN returns a DSN string based on the configuration. +func (c *Config) FormatDSN() (string, error) { + dsn, err := json.Marshal(c) + + if err != nil { + return "", fmt.Errorf("could not format DSN: %w", err) + } + + return string(dsn), nil +} + +func (c *Config) getConnStringWithPassword(password string) (string, error) { + switch c.DriverName { + case MySQLDriverName: + return addPasswordToMySQLConnString(c.ConnString, password) + case PostgresDriverName: + return addPasswordToPostgresConnString(c.ConnString, password) + case "": + return "", errors.New("missing driver name") + default: + return "", fmt.Errorf("driver %q is not supported", c.DriverName) + } +} + +type tokens map[string]tokenGetter + +// sqlDriverWrapper is a wrapper for SQL drivers, adding IAM authentication. +type sqlDriverWrapper struct { + sqlDriver driver.Driver + tokenBuilder authTokenBuilder + + tokensMapMtx sync.Mutex + tokensMap tokens +} + +// Open is the overridden method for opening a connection, using +// AWS IAM authentication +func (w *sqlDriverWrapper) Open(name string) (driver.Conn, error) { + if w.sqlDriver == nil { + return nil, errors.New("missing sql driver") + } + + if w.tokenBuilder == nil { + return nil, errors.New("missing token builder") + } + + config := new(Config) + if err := json.Unmarshal([]byte(name), config); err != nil { + return nil, fmt.Errorf("could not unmarshal configuration: %w", err) + } + + w.tokensMapMtx.Lock() + token, ok := w.tokensMap[name] + if !ok { + token = &authToken{} + w.tokensMap[name] = token + } + w.tokensMapMtx.Unlock() + + // We need a context for getting the authentication token. Since there is no + // parent context to derive from, we create a context with a timeout to + // get the authentication token. + ctx, cancel := context.WithTimeout(context.Background(), getAuthTokenTimeout) + defer cancel() + password, err := token.getAuthToken(ctx, config, w.tokenBuilder) + if err != nil { + return nil, fmt.Errorf("could not get authentication token: %w", err) + } + + connStringWithPassword, err := config.getConnStringWithPassword(password) + if err != nil { + return nil, err + } + + return w.sqlDriver.Open(connStringWithPassword) +} + +func addPasswordToPostgresConnString(connString, password string) (string, error) { + cfg, err := pgx.ParseConfig(connString) + if err != nil { + return "", fmt.Errorf("could not parse connection string: %w", err) + } + if cfg.Password != "" { + return "", errors.New("unexpected password in connection string for IAM authentication") + } + return fmt.Sprintf("%s password='%s'", connString, escapeSpecialCharsPostgres(password)), nil +} + +func addPasswordToMySQLConnString(connString, password string) (string, error) { + cfg, err := mysql.ParseDSN(connString) + if err != nil { + return "", fmt.Errorf("could not parse connection string: %w", err) + } + + if cfg.Passwd != "" { + return "", errors.New("unexpected password in connection string for IAM authentication") + } + + cfg.Passwd = password + return cfg.FormatDSN(), nil +} + +// escapeSpecialCharsPostgres escapes special characters within a value of a +// keyword/value postgres connection string. +// Single quotes and backslashes within a value must be escaped with a +// backslash, i.e., \' and \\. +func escapeSpecialCharsPostgres(s string) string { + return strings.ReplaceAll(strings.ReplaceAll(s, `\`, `\\`), `'`, `\'`) +} + +func registerPostgres() { + d, ok := gorm.GetDialect("postgres") + if !ok { + panic("could not find postgres dialect") + } + + gorm.RegisterDialect(PostgresDriverName, d) + sql.Register(PostgresDriverName, &sqlDriverWrapper{ + sqlDriver: &pq.Driver{}, + tokenBuilder: &awsTokenBuilder{}, + tokensMap: make(tokens), + }) +} + +func registerMySQL() { + d, ok := gorm.GetDialect("mysql") + if !ok { + panic("could not find mysql dialect") + } + + gorm.RegisterDialect(MySQLDriverName, d) + sql.Register(MySQLDriverName, &sqlDriverWrapper{ + sqlDriver: &mysql.MySQLDriver{}, + tokenBuilder: &awsTokenBuilder{}, + tokensMap: make(tokens), + }) +} diff --git a/pkg/server/datastore/sqldriver/awsrds/awsrds_test.go b/pkg/server/datastore/sqldriver/awsrds/awsrds_test.go new file mode 100644 index 0000000000..0e754f8968 --- /dev/null +++ b/pkg/server/datastore/sqldriver/awsrds/awsrds_test.go @@ -0,0 +1,368 @@ +package awsrds + +import ( + "context" + "database/sql" + "database/sql/driver" + "errors" + "fmt" + "testing" + "time" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/feature/rds/auth" + "github.com/jinzhu/gorm" + "github.com/stretchr/testify/require" +) + +const ( + fakeSQLDriverName = "fake-sql-driver" + token = "aws-rds-host:1234?Action=connect&DBUser=test_user&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=TESTTESTTESTTESTTEST%2F20240116%2Fus-east-2%2Frds-db%2Faws4_request&X-Amz-Date=20240116T150146Z&X-Amz-Expires=900&X-Amz-SignedHeaders=host&X-Amz-Signature=cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc" //nolint: gosec // for testing + mysqlConnString = "test_user:@tcp(aws-rds-host:1234)/spire?parseTime=true&allowCleartextPasswords=1&tls=true" + postgresConnString = "dbname=postgres user=postgres host=the-host sslmode=require" +) + +var ( + fakeSQLDriverWrapper = &sqlDriverWrapper{ + sqlDriver: &fakeSQLDriver{}, + tokenBuilder: &fakeTokenBuilder{}, + tokensMap: make(tokens), + } +) + +func init() { + sql.Register(fakeSQLDriverName, fakeSQLDriverWrapper) +} + +func TestAWSRDS(t *testing.T) { + // Some GitHub runners may have populated the PGPASSWORD environment + // variable. Have an empty value during the test. + t.Setenv("PGPASSWORD", "") + + testCases := []struct { + name string + config *Config + sqlDriver *fakeSQLDriver + tokenProvider *fakeTokenBuilder + authToken string + expectedError string + }{ + { + name: "mysql - success", + config: &Config{ + DriverName: MySQLDriverName, + ConnString: mysqlConnString, + }, + tokenProvider: &fakeTokenBuilder{ + authToken: token, + }, + }, + { + name: "mysql - success with static credentials", + config: &Config{ + DriverName: MySQLDriverName, + ConnString: mysqlConnString, + AccessKeyID: "access-key-id", + SecretAccessKey: "secret-access-key", + }, + tokenProvider: &fakeTokenBuilder{ + authToken: token, + }, + }, + { + name: "mysql - invalid connection string", + config: &Config{ + DriverName: MySQLDriverName, + ConnString: "not-valid!", + }, + tokenProvider: &fakeTokenBuilder{ + authToken: token, + }, + expectedError: "could not parse connection string: invalid DSN: missing the slash separating the database name", + }, + { + name: "mysql - password already present", + config: &Config{ + DriverName: MySQLDriverName, + ConnString: "test_user:test-password@tcp(aws-rds-host:1234)/spire?parseTime=true&allowCleartextPasswords=1&tls=true", + }, + tokenProvider: &fakeTokenBuilder{ + authToken: token, + }, + expectedError: "unexpected password in connection string for IAM authentication", + }, + { + name: "malformed token", + config: &Config{ + DriverName: MySQLDriverName, + ConnString: mysqlConnString, + }, + tokenProvider: &fakeTokenBuilder{ + authToken: "invalid;token", + }, + expectedError: "could not get authentication token: failed to parse authentication token: invalid semicolon separator in query", + }, + { + name: "no X-Amz-Date", + config: &Config{ + DriverName: MySQLDriverName, + ConnString: mysqlConnString, + }, + tokenProvider: &fakeTokenBuilder{ + authToken: "a&b=c", + }, + expectedError: "could not get authentication token: malformed token: could not get X-Amz-Date value", + }, + { + name: "more than one X-Amz-Date", + config: &Config{ + DriverName: MySQLDriverName, + ConnString: mysqlConnString, + }, + tokenProvider: &fakeTokenBuilder{ + authToken: "a&X-Amz-Date=123&X-Amz-Date=123", + }, + expectedError: "could not get authentication token: malformed token: could not get X-Amz-Date value", + }, + { + name: "invalid X-Amz-Date", + config: &Config{ + DriverName: MySQLDriverName, + ConnString: mysqlConnString, + }, + tokenProvider: &fakeTokenBuilder{ + authToken: "a&X-Amz-Date=invalid", + }, + expectedError: "could not get authentication token: failed to parse X-Amz-Date date: parsing time \"invalid\" as \"20060102T150405Z\": cannot parse \"invalid\" as \"2006\"", + }, + { + name: "no X-Amz-Expires", + config: &Config{ + DriverName: MySQLDriverName, + ConnString: mysqlConnString, + }, + tokenProvider: &fakeTokenBuilder{ + authToken: "a&X-Amz-Date=20240116T150146Z", + }, + expectedError: "could not get authentication token: malformed token: could not get X-Amz-Expires value", + }, + { + name: "more than one X-Amz-Expires", + config: &Config{ + DriverName: MySQLDriverName, + ConnString: mysqlConnString, + }, + tokenProvider: &fakeTokenBuilder{ + authToken: "a&X-Amz-Date=20240116T150146Z&X-Amz-Expires=1&X-Amz-Expires=1", + }, + expectedError: "could not get authentication token: malformed token: could not get X-Amz-Expires value", + }, + { + name: "invalid X-Amz-Expires", + config: &Config{ + DriverName: MySQLDriverName, + ConnString: mysqlConnString, + }, + tokenProvider: &fakeTokenBuilder{ + authToken: "a&X-Amz-Date=20240116T150146Z&X-Amz-Expires=zz", + }, + expectedError: "could not get authentication token: failed to parse X-Amz-Expires duration: time: invalid duration \"zzs\"", + }, + { + name: "build auth token error", + config: &Config{ + DriverName: MySQLDriverName, + ConnString: mysqlConnString, + }, + tokenProvider: &fakeTokenBuilder{ + authToken: token, + err: errors.New("ohno"), + }, + expectedError: "could not get authentication token: failed to build authentication token: ohno", + }, + { + name: "postgres - success", + config: &Config{ + DriverName: PostgresDriverName, + ConnString: postgresConnString, + }, + tokenProvider: &fakeTokenBuilder{ + authToken: token, + }, + }, + { + name: "postgres - password already present", + config: &Config{ + DriverName: PostgresDriverName, + ConnString: "password=the-password", + }, + tokenProvider: &fakeTokenBuilder{ + authToken: token, + }, + expectedError: "unexpected password in connection string for IAM authentication", + }, + { + name: "postgres - invalid connection string", + config: &Config{ + DriverName: PostgresDriverName, + ConnString: "not-valid!", + }, + tokenProvider: &fakeTokenBuilder{ + authToken: token, + }, + expectedError: "could not parse connection string: cannot parse `not-valid!`: failed to parse as DSN (invalid dsn)", + }, + { + name: "postgres - success with static credentials", + config: &Config{ + DriverName: PostgresDriverName, + ConnString: postgresConnString, + AccessKeyID: "access-key-id", + SecretAccessKey: "secret-access-key", + }, + tokenProvider: &fakeTokenBuilder{ + authToken: token, + }, + }, + { + name: "unknown driver", + config: &Config{ + DriverName: "unknown", + }, + tokenProvider: &fakeTokenBuilder{ + authToken: token, + }, + expectedError: "driver \"unknown\" is not supported", + }, + { + name: "no driver", + config: &Config{}, + tokenProvider: &fakeTokenBuilder{ + authToken: token, + }, + expectedError: "missing driver name", + }, + } + + for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + dsn, err := testCase.config.FormatDSN() + require.NoError(t, err) + + fakeSQLDriverWrapper.tokenBuilder = testCase.tokenProvider + + db, err := gorm.Open(fakeSQLDriverName, dsn) + if testCase.expectedError != "" { + require.EqualError(t, err, testCase.expectedError) + return + } + require.NoError(t, err) + require.NotNil(t, db) + }) + } +} + +func TestCacheToken(t *testing.T) { + config := &Config{ + DriverName: MySQLDriverName, + ConnString: mysqlConnString, + } + dsn, err := config.FormatDSN() + require.NoError(t, err) + + now := time.Now().UTC() + nowString := now.Format(iso8601BasicFormat) + + // Set a first token to be always returned by the token builder. + firstToken := fmt.Sprintf("X-Amz-Date=%s&X-Amz-Expires=900&X-Amz-Signature=first-token", nowString) + fakeSQLDriverWrapper.tokenBuilder = &fakeTokenBuilder{ + authToken: firstToken, + } + fakeSQLDriverWrapper.tokensMap = make(tokens) + + // There should be no token for this dsn yet. + require.Empty(t, fakeSQLDriverWrapper.tokensMap[dsn]) + + // Calling to Open should map firstToken to the dsn. + db, err := gorm.Open(fakeSQLDriverName, dsn) + require.NoError(t, err) + require.NotNil(t, db) + + // Retrieve the token. + token, err := fakeSQLDriverWrapper.tokensMap[dsn].getAuthToken(context.Background(), config, fakeSQLDriverWrapper.tokenBuilder) + require.NoError(t, err) + + // The token retrieved should be the same firstToken. + require.Equal(t, firstToken, token) + + // We will now test that we don't call the token builder if we have a valid + // token (not expired) that we can use. For that, we start by setting a new + // token that will be returned by the token builder when getAWSAuthToken is + // called. + newToken := fmt.Sprintf("X-Amz-Date=%s&X-Amz-Expires=900&X-Amz-Signature=second-token", nowString) + fakeSQLDriverWrapper.tokenBuilder = &fakeTokenBuilder{ + authToken: newToken, + } + + // Call Open again, the cached token should be used. + db, err = gorm.Open(fakeSQLDriverName, dsn) + require.NoError(t, err) + require.NotNil(t, db) + + // Retrieve the token. + token, err = fakeSQLDriverWrapper.tokensMap[dsn].getAuthToken(context.Background(), config, fakeSQLDriverWrapper.tokenBuilder) + require.NoError(t, err) + + // The token retrieved should be the cached firstToken. + require.Equal(t, firstToken, token) + + // We will now make firstToken to expire, so we can test that the token + // builder is called to get a new token when the current token has expired. + // For that, we advance the clock one hour. + nowFunc = func() time.Time { return now.Add(time.Hour) } + + // Call Open again, the new token should be used. + db, err = gorm.Open(fakeSQLDriverName, dsn) + require.NoError(t, err) + require.NotNil(t, db) + + // Retrieve the token. + token, err = fakeSQLDriverWrapper.tokensMap[dsn].getAuthToken(context.Background(), config, fakeSQLDriverWrapper.tokenBuilder) + require.NoError(t, err) + + // The token retrieved should be the new token. + require.Equal(t, newToken, token) +} + +func TestFormatDSN(t *testing.T) { + config := &Config{ + Region: "region", + AccessKeyID: "access-key-id", + SecretAccessKey: "secret-access-key", + Endpoint: "endpoint", + DbUser: "dbUser", + DriverName: "driver-name", + ConnString: "connection-string", + } + + dsn, err := config.FormatDSN() + require.NoError(t, err) + require.Equal(t, "{\"region\":\"region\",\"access_key_id\":\"access-key-id\",\"secret_access_key\":\"secret-access-key\",\"endpoint\":\"endpoint\",\"dbuser\":\"dbUser\",\"driver_name\":\"driver-name\",\"conn_string\":\"connection-string\"}", dsn) +} + +type fakeTokenBuilder struct { + authToken string + err error +} + +func (a *fakeTokenBuilder) buildAuthToken(context.Context, string, string, string, aws.CredentialsProvider, ...func(*auth.BuildAuthTokenOptions)) (string, error) { + return a.authToken, a.err +} + +type fakeSQLDriver struct { + err error +} + +func (d *fakeSQLDriver) Open(string) (driver.Conn, error) { + return nil, d.err +} diff --git a/pkg/server/datastore/sqlstore/migration.go b/pkg/server/datastore/sqlstore/migration.go index 4f46ed5361..18e53a89dc 100644 --- a/pkg/server/datastore/sqlstore/migration.go +++ b/pkg/server/datastore/sqlstore/migration.go @@ -413,7 +413,7 @@ func tableOptionsForDialect(tx *gorm.DB, dbType string) *gorm.DB { // This allows for setting table options for a particular DB type. // For MySQL, (for compatibility reasons) we want to make sure that // we can support indexes on strings (varchar(255) in the DB). - if dbType == MySQL { + if isMySQLDbType(dbType) { return tx.Set("gorm:table_options", "ENGINE=InnoDB ROW_FORMAT=DYNAMIC DEFAULT CHARSET=utf8") } return tx diff --git a/pkg/server/datastore/sqlstore/mysql.go b/pkg/server/datastore/sqlstore/mysql.go index a27b0aef8b..ca1d0ae8d6 100644 --- a/pkg/server/datastore/sqlstore/mysql.go +++ b/pkg/server/datastore/sqlstore/mysql.go @@ -8,6 +8,7 @@ import ( "github.com/go-sql-driver/mysql" "github.com/jinzhu/gorm" + "github.com/spiffe/spire/pkg/server/datastore/sqldriver/awsrds" // gorm mysql `cloudsql` dialect, for GCP // Cloud SQL Proxy @@ -24,14 +25,35 @@ const ( ) func (my mysqlDB) connect(cfg *configuration, isReadOnly bool) (db *gorm.DB, version string, supportsCTE bool, err error) { - connString, err := configureConnection(cfg, isReadOnly) + mysqlConfig, err := configureConnection(cfg, isReadOnly) if err != nil { return nil, "", false, err } - db, err = gorm.Open("mysql", connString) - if err != nil { - return nil, "", false, err + var errOpen error + switch { + case cfg.databaseTypeConfig.AWSMySQL != nil: + awsrdsConfig := &awsrds.Config{ + Region: cfg.databaseTypeConfig.AWSMySQL.Region, + AccessKeyID: cfg.databaseTypeConfig.AWSMySQL.AccessKeyID, + SecretAccessKey: cfg.databaseTypeConfig.AWSMySQL.SecretAccessKey, + Endpoint: mysqlConfig.Addr, + DbUser: mysqlConfig.User, + DriverName: awsrds.MySQLDriverName, + ConnString: mysqlConfig.FormatDSN(), + } + + dsn, err := awsrdsConfig.FormatDSN() + if err != nil { + return nil, "", false, err + } + db, errOpen = gorm.Open(awsrds.MySQLDriverName, dsn) + default: + db, errOpen = gorm.Open("mysql", mysqlConfig.FormatDSN()) + } + + if errOpen != nil { + return nil, "", false, errOpen } version, err = queryVersion(db, "SELECT VERSION()") @@ -50,7 +72,7 @@ func (my mysqlDB) connect(cfg *configuration, isReadOnly bool) (db *gorm.DB, ver func (my mysqlDB) supportsCTE(gormDB *gorm.DB) (bool, error) { db := gormDB.DB() if db == nil { - return false, sqlError.New("unable to get raw database object") + return false, errors.New("unable to get raw database object") } var value int64 err := db.QueryRow("WITH a AS (SELECT 1 AS v) SELECT * FROM a;").Scan(&value) @@ -60,7 +82,7 @@ func (my mysqlDB) supportsCTE(gormDB *gorm.DB) (bool, error) { case my.isParseError(err): return false, nil default: - return false, sqlError.Wrap(err) + return false, err } } @@ -78,35 +100,35 @@ func (my mysqlDB) isConstraintViolation(err error) bool { // configureConnection modifies the connection string to support features that // normally require code changes, like custom Root CAs or client certificates -func configureConnection(cfg *configuration, isReadOnly bool) (string, error) { +func configureConnection(cfg *configuration, isReadOnly bool) (*mysql.Config, error) { connectionString := getConnectionString(cfg, isReadOnly) + mysqlConfig, err := mysql.ParseDSN(connectionString) + if err != nil { + // the connection string should have already been validated by now + // (in validateMySQLConfig) + return nil, err + } + if !hasTLSConfig(cfg) { // connection string doesn't have to be modified - return connectionString, nil + return mysqlConfig, nil } // MySQL still allows, and in some places requires, older TLS versions. For example, when built with yaSSL, it is limited to TLSv1 and TLSv1.1. // TODO: consider making this more secure by default tlsConf := tls.Config{} //nolint: gosec // see above - opts, err := mysql.ParseDSN(connectionString) - if err != nil { - // the connection string should have already been validated by now - // (in validateMySQLConfig) - return "", sqlError.Wrap(err) - } - // load and configure Root CA if it exists if len(cfg.RootCAPath) > 0 { rootCertPool := x509.NewCertPool() pem, err := os.ReadFile(cfg.RootCAPath) if err != nil { - return "", sqlError.New("invalid mysql config: cannot find Root CA defined in root_ca_path") + return nil, errors.New("invalid mysql config: cannot find Root CA defined in root_ca_path") } if ok := rootCertPool.AppendCertsFromPEM(pem); !ok { - return "", sqlError.New("invalid mysql config: failed to parse Root CA defined in root_ca_path") + return nil, errors.New("invalid mysql config: failed to parse Root CA defined in root_ca_path") } tlsConf.RootCAs = rootCertPool } @@ -116,7 +138,7 @@ func configureConnection(cfg *configuration, isReadOnly bool) (string, error) { clientCert := make([]tls.Certificate, 0, 1) certs, err := tls.LoadX509KeyPair(cfg.ClientCertPath, cfg.ClientKeyPath) if err != nil { - return "", sqlError.New("invalid mysql config: failed to load client certificate defined in client_cert_path and client_key_path") + return nil, errors.New("invalid mysql config: failed to load client certificate defined in client_cert_path and client_key_path") } clientCert = append(clientCert, certs) tlsConf.Certificates = clientCert @@ -124,13 +146,13 @@ func configureConnection(cfg *configuration, isReadOnly bool) (string, error) { // register a custom TLS config that uses custom Root CAs with the MySQL driver if err := mysql.RegisterTLSConfig(tlsConfigName, &tlsConf); err != nil { - return "", sqlError.New("failed to register mysql TLS config") + return nil, errors.New("failed to register mysql TLS config") } // instruct MySQL driver to use the custom TLS config - opts.TLSConfig = tlsConfigName + mysqlConfig.TLSConfig = tlsConfigName - return opts.FormatDSN(), nil + return mysqlConfig, nil } func hasTLSConfig(cfg *configuration) bool { diff --git a/pkg/server/datastore/sqlstore/postgres.go b/pkg/server/datastore/sqlstore/postgres.go index c2206cdd2b..4a9a8a8c63 100644 --- a/pkg/server/datastore/sqlstore/postgres.go +++ b/pkg/server/datastore/sqlstore/postgres.go @@ -2,9 +2,12 @@ package sqlstore import ( "errors" + "fmt" + "github.com/jackc/pgx/v5" "github.com/jinzhu/gorm" "github.com/lib/pq" + "github.com/spiffe/spire/pkg/server/datastore/sqldriver/awsrds" // gorm postgres dialect init registration _ "github.com/jinzhu/gorm/dialects/postgres" @@ -13,9 +16,42 @@ import ( type postgresDB struct{} func (p postgresDB) connect(cfg *configuration, isReadOnly bool) (db *gorm.DB, version string, supportsCTE bool, err error) { - db, err = gorm.Open("postgres", getConnectionString(cfg, isReadOnly)) - if err != nil { - return nil, "", false, sqlError.Wrap(err) + if cfg.databaseTypeConfig == nil { + return nil, "", false, errors.New("missing datastore configuration") + } + + connString := getConnectionString(cfg, isReadOnly) + var errOpen error + switch { + case cfg.databaseTypeConfig.AWSPostgres != nil: + c, err := pgx.ParseConfig(connString) + if err != nil { + return nil, "", false, err + } + if c.Password != "" { + return nil, "", false, errors.New("invalid postgres configuration: password should not be set when using IAM authentication") + } + + awsrdsConfig := &awsrds.Config{ + Region: cfg.databaseTypeConfig.AWSPostgres.Region, + AccessKeyID: cfg.databaseTypeConfig.AWSPostgres.AccessKeyID, + SecretAccessKey: cfg.databaseTypeConfig.AWSPostgres.SecretAccessKey, + Endpoint: fmt.Sprintf("%s:%d", c.Host, c.Port), + DbUser: c.User, + DriverName: awsrds.PostgresDriverName, + ConnString: connString, + } + dsn, err := awsrdsConfig.FormatDSN() + if err != nil { + return nil, "", false, err + } + db, errOpen = gorm.Open(awsrds.PostgresDriverName, dsn) + default: + db, errOpen = gorm.Open("postgres", connString) + } + + if errOpen != nil { + return nil, "", false, errOpen } version, err = queryVersion(db, "SHOW server_version") diff --git a/pkg/server/datastore/sqlstore/sqlstore.go b/pkg/server/datastore/sqlstore/sqlstore.go index d3c50f0100..5cb6ef3b46 100644 --- a/pkg/server/datastore/sqlstore/sqlstore.go +++ b/pkg/server/datastore/sqlstore/sqlstore.go @@ -17,6 +17,8 @@ import ( "github.com/gofrs/uuid/v5" "github.com/hashicorp/hcl" + "github.com/hashicorp/hcl/hcl/ast" + "github.com/hashicorp/hcl/hcl/printer" "github.com/jinzhu/gorm" "github.com/sirupsen/logrus" @@ -56,26 +58,52 @@ const ( PostgreSQL = "postgres" // SQLite database type SQLite = "sqlite3" + + // MySQL database provided by an AWS service + AWSMySQL = "aws_mysql" + + // PostgreSQL database type provided by an AWS service + AWSPostgreSQL = "aws_postgres" ) // Configuration for the sql datastore implementation. // Pointer values are used to distinguish between "unset" and "zero" values. type configuration struct { - DatabaseType string `hcl:"database_type" json:"database_type"` - ConnectionString string `hcl:"connection_string" json:"connection_string"` - RoConnectionString string `hcl:"ro_connection_string" json:"ro_connection_string"` - RootCAPath string `hcl:"root_ca_path" json:"root_ca_path"` - ClientCertPath string `hcl:"client_cert_path" json:"client_cert_path"` - ClientKeyPath string `hcl:"client_key_path" json:"client_key_path"` - ConnMaxLifetime *string `hcl:"conn_max_lifetime" json:"conn_max_lifetime"` - MaxOpenConns *int `hcl:"max_open_conns" json:"max_open_conns"` - MaxIdleConns *int `hcl:"max_idle_conns" json:"max_idle_conns"` - DisableMigration bool `hcl:"disable_migration" json:"disable_migration"` - + DatabaseTypeNode ast.Node `hcl:"database_type" json:"database_type"` + ConnectionString string `hcl:"connection_string" json:"connection_string"` + RoConnectionString string `hcl:"ro_connection_string" json:"ro_connection_string"` + RootCAPath string `hcl:"root_ca_path" json:"root_ca_path"` + ClientCertPath string `hcl:"client_cert_path" json:"client_cert_path"` + ClientKeyPath string `hcl:"client_key_path" json:"client_key_path"` + ConnMaxLifetime *string `hcl:"conn_max_lifetime" json:"conn_max_lifetime"` + MaxOpenConns *int `hcl:"max_open_conns" json:"max_open_conns"` + MaxIdleConns *int `hcl:"max_idle_conns" json:"max_idle_conns"` + DisableMigration bool `hcl:"disable_migration" json:"disable_migration"` + + databaseTypeConfig *dbTypeConfig // Undocumented flags LogSQL bool `hcl:"log_sql" json:"log_sql"` } +type dbTypeConfig struct { + AWSMySQL *awsConfig `hcl:"aws_mysql" json:"aws_mysql"` + AWSPostgres *awsConfig `hcl:"aws_postgres" json:"aws_postgres"` + databaseType string +} + +type awsConfig struct { + Region string `hcl:"region"` + AccessKeyID string `hcl:"access_key_id"` + SecretAccessKey string `hcl:"secret_access_key"` +} + +func (a *awsConfig) validate() error { + if a.Region == "" { + return sqlError.New("region must be specified") + } + return nil +} + type sqlDB struct { databaseType string connectionString string @@ -759,6 +787,13 @@ func (ds *Plugin) Configure(_ context.Context, hclConfiguration string) error { return err } + dbTypeConfig, err := parseDatabaseTypeASTNode(config.DatabaseTypeNode) + if err != nil { + return err + } + + config.databaseTypeConfig = dbTypeConfig + if err := config.Validate(); err != nil { return err } @@ -788,7 +823,7 @@ func (ds *Plugin) openConnection(config *configuration, isReadOnly bool) error { sqlDb = ds.roDb } - if sqlDb == nil || connectionString != sqlDb.connectionString || config.DatabaseType != ds.db.databaseType { + if sqlDb == nil || connectionString != sqlDb.connectionString || config.databaseTypeConfig.databaseType != ds.db.databaseType { db, version, supportsCTE, dialect, err := ds.openDB(config, isReadOnly) if err != nil { return err @@ -804,7 +839,7 @@ func (ds *Plugin) openConnection(config *configuration, isReadOnly bool) error { } ds.log.WithFields(logrus.Fields{ - telemetry.Type: config.DatabaseType, + telemetry.Type: config.databaseTypeConfig.databaseType, telemetry.Version: version, telemetry.ReadOnly: isReadOnly, }).Info("Connected to SQL database") @@ -812,7 +847,7 @@ func (ds *Plugin) openConnection(config *configuration, isReadOnly bool) error { sqlDb = &sqlDB{ DB: db, raw: raw, - databaseType: config.DatabaseType, + databaseType: config.databaseTypeConfig.databaseType, dialect: dialect, connectionString: connectionString, stmtCache: newStmtCache(raw), @@ -849,8 +884,8 @@ func (ds *Plugin) Close() error { // concurrently. func (ds *Plugin) withReadModifyWriteTx(ctx context.Context, op func(tx *gorm.DB) error) error { return ds.withTx(ctx, func(tx *gorm.DB) error { - switch ds.db.databaseType { - case MySQL: + switch { + case isMySQLDbType(ds.db.databaseType): // MySQL REPEATABLE READ is weaker than that of PostgreSQL. Namely, // PostgreSQL, beyond providing the minimum consistency guarantees // mandated for REPEATABLE READ in the standard, automatically fails @@ -862,7 +897,7 @@ func (ds *Plugin) withReadModifyWriteTx(ctx context.Context, op func(tx *gorm.DB // isolation level, like SERIALIZABLE, which is not supported by // some MySQL-compatible databases (i.e. Percona XtraDB cluster) tx = tx.Set("gorm:query_option", "FOR UPDATE") - case PostgreSQL: + case isPostgresDbType(ds.db.databaseType): // `SELECT .. FOR UPDATE`is also required when PostgreSQL is in // hot standby mode for this operation to work properly (see issue #3039). tx = tx.Set("gorm:query_option", "FOR UPDATE") @@ -941,21 +976,21 @@ func (ds *Plugin) gormToGRPCStatus(err error) error { func (ds *Plugin) openDB(cfg *configuration, isReadOnly bool) (*gorm.DB, string, bool, dialect, error) { var dialect dialect - ds.log.WithField(telemetry.DatabaseType, cfg.DatabaseType).Info("Opening SQL database") - switch cfg.DatabaseType { - case SQLite: + ds.log.WithField(telemetry.DatabaseType, cfg.databaseTypeConfig.databaseType).Info("Opening SQL database") + switch { + case isSQLiteDbType(cfg.databaseTypeConfig.databaseType): dialect = sqliteDB{log: ds.log} - case PostgreSQL: + case isPostgresDbType(cfg.databaseTypeConfig.databaseType): dialect = postgresDB{} - case MySQL: + case isMySQLDbType(cfg.databaseTypeConfig.databaseType): dialect = mysqlDB{} default: - return nil, "", false, nil, sqlError.New("unsupported database_type: %v", cfg.DatabaseType) + return nil, "", false, nil, sqlError.New("unsupported database_type: %v", cfg.databaseTypeConfig.databaseType) } db, version, supportsCTE, err := dialect.connect(cfg, isReadOnly) if err != nil { - return nil, "", false, nil, err + return nil, "", false, nil, sqlError.Wrap(err) } db.SetLogger(gormLogger{ @@ -983,7 +1018,7 @@ func (ds *Plugin) openDB(cfg *configuration, isReadOnly bool) (*gorm.DB, string, } if !isReadOnly { - if err := migrateDB(db, cfg.DatabaseType, cfg.DisableMigration, ds.log); err != nil { + if err := migrateDB(db, cfg.databaseTypeConfig.databaseType, cfg.DisableMigration, ds.log); err != nil { db.Close() return nil, "", false, nil, err } @@ -1710,10 +1745,10 @@ func listAttestedNodesOnce(ctx context.Context, db *sqlDB, req *datastore.ListAt } func buildListAttestedNodesQuery(dbType string, supportsCTE bool, req *datastore.ListAttestedNodesRequest) (string, []any, error) { - switch dbType { - case SQLite: + switch { + case isSQLiteDbType(dbType): return buildListAttestedNodesQueryCTE(req, dbType) - case PostgreSQL: + case isPostgresDbType(dbType): // The PostgreSQL queries unconditionally leverage CTE since all versions // of PostgreSQL supported by the plugin support CTE. query, args, err := buildListAttestedNodesQueryCTE(req, dbType) @@ -1721,7 +1756,7 @@ func buildListAttestedNodesQuery(dbType string, supportsCTE bool, req *datastore return query, args, err } return postgreSQLRebind(query), args, nil - case MySQL: + case isMySQLDbType(dbType): if supportsCTE { return buildListAttestedNodesQueryCTE(req, dbType) } @@ -1837,7 +1872,7 @@ SELECT builder.WriteString("\nWHERE id IN (\n") // MySQL requires a subquery in order to apply pagination - if req.Pagination != nil && dbType == MySQL { + if req.Pagination != nil && isMySQLDbType(dbType) { builder.WriteString("\tSELECT id FROM (\n") } @@ -1861,9 +1896,9 @@ SELECT } case datastore.Exact, datastore.Superset: for i := range req.BySelectorMatch.Selectors { - switch dbType { + switch { // MySQL does not support INTERSECT, so use INNER JOIN instead - case MySQL: + case isMySQLDbType(dbType): if len(req.BySelectorMatch.Selectors) > 1 { builder.WriteString("\t\t(") } @@ -1908,7 +1943,7 @@ SELECT builder.WriteString(fromQuery) } - if dbType == PostgreSQL || + if isPostgresDbType(dbType) || (req.BySelectorMatch != nil && (req.BySelectorMatch.Match == datastore.Subset || req.BySelectorMatch.Match == datastore.MatchAny || len(req.BySelectorMatch.Selectors) == 1)) { builder.WriteString(" AS result_nodes") @@ -1919,7 +1954,7 @@ SELECT builder.WriteString(strconv.FormatInt(int64(req.Pagination.PageSize), 10)) // Add workaround for limit - if dbType == MySQL { + if isMySQLDbType(dbType) { builder.WriteString("\n\t) workaround_for_mysql_subquery_limit") } } @@ -2373,16 +2408,16 @@ func fetchRegistrationEntry(ctx context.Context, db *sqlDB, entryID string) (*co } func buildFetchRegistrationEntryQuery(dbType string, supportsCTE bool, entryID string) (string, []any, error) { - switch dbType { - case SQLite: + switch { + case isSQLiteDbType(dbType): // The SQLite3 queries unconditionally leverage CTE since the // embedded version of SQLite3 supports CTE. return buildFetchRegistrationEntryQuerySQLite3(entryID) - case PostgreSQL: + case isPostgresDbType(dbType): // The PostgreSQL queries unconditionally leverage CTE since all versions // of PostgreSQL supported by the plugin support CTE. return buildFetchRegistrationEntryQueryPostgreSQL(entryID) - case MySQL: + case isMySQLDbType(dbType): if supportsCTE { return buildFetchRegistrationEntryQueryMySQLCTE(entryID) } @@ -2784,16 +2819,16 @@ func listRegistrationEntriesOnce(ctx context.Context, db queryContext, databaseT } func buildListRegistrationEntriesQuery(dbType string, supportsCTE bool, req *datastore.ListRegistrationEntriesRequest) (string, []any, error) { - switch dbType { - case SQLite: + switch { + case isSQLiteDbType(dbType): // The SQLite3 queries unconditionally leverage CTE since the // embedded version of SQLite3 supports CTE. return buildListRegistrationEntriesQuerySQLite3(req) - case PostgreSQL: + case isPostgresDbType(dbType): // The PostgreSQL queries unconditionally leverage CTE since all versions // of PostgreSQL supported by the plugin support CTE. return buildListRegistrationEntriesQueryPostgreSQL(req) - case MySQL: + case isMySQLDbType(dbType): if supportsCTE { return buildListRegistrationEntriesQueryMySQLCTE(req) } @@ -2968,7 +3003,7 @@ ORDER BY e_id, selector_id, dns_name_id } func maybeRebind(dbType, query string) string { - if dbType == PostgreSQL { + if isPostgresDbType(dbType) { return postgreSQLRebind(query) } return query @@ -3169,7 +3204,7 @@ func (n idFilterNode) render(builder *strings.Builder, dbType string, sibling in } child.render(builder, dbType, i, indentation+1, true, true) } - case dbType != MySQL: + case !isMySQLDbType(dbType): builder.WriteString("SELECT e_id FROM (\n") for i, child := range n.children { if i > 0 { @@ -3386,7 +3421,7 @@ func appendListRegistrationEntriesFilterQuery(filterExp string, builder *strings } indentation := 1 - if req.Pagination != nil && dbType == MySQL { + if req.Pagination != nil && isMySQLDbType(dbType) { filter() builder.WriteString("\tSELECT e_id FROM (\n") indentation = 2 @@ -3431,7 +3466,7 @@ func appendListRegistrationEntriesFilterQuery(filterExp string, builder *strings builder.WriteString(strconv.FormatInt(int64(req.Pagination.PageSize), 10)) builder.WriteString("\n") - if dbType == MySQL { + if isMySQLDbType(dbType) { builder.WriteString("\t) workaround_for_mysql_subquery_limit\n") } } @@ -4382,7 +4417,7 @@ func bindVarsFn(fn func(int) string, query string) string { } func (cfg *configuration) Validate() error { - if cfg.DatabaseType == "" { + if cfg.databaseTypeConfig.databaseType == "" { return sqlError.New("database_type must be set") } @@ -4390,7 +4425,7 @@ func (cfg *configuration) Validate() error { return sqlError.New("connection_string must be set") } - if cfg.DatabaseType == MySQL { + if isMySQLDbType(cfg.databaseTypeConfig.databaseType) { if err := validateMySQLConfig(cfg, false); err != nil { return err } @@ -4402,6 +4437,18 @@ func (cfg *configuration) Validate() error { } } + if cfg.databaseTypeConfig.AWSMySQL != nil { + if err := cfg.databaseTypeConfig.AWSMySQL.validate(); err != nil { + return err + } + } + + if cfg.databaseTypeConfig.AWSPostgres != nil { + if err := cfg.databaseTypeConfig.AWSPostgres.validate(); err != nil { + return err + } + } + return nil } @@ -4544,3 +4591,57 @@ func deleteCAJournal(tx *gorm.DB, caJournalID uint) error { } return nil } + +func parseDatabaseTypeASTNode(node ast.Node) (*dbTypeConfig, error) { + lt, ok := node.(*ast.LiteralType) + if ok { + return &dbTypeConfig{databaseType: strings.Trim(lt.Token.Text, "\"")}, nil + } + + // We expect the node to be *ast.ObjectList. + objectList, ok := node.(*ast.ObjectList) + if !ok { + return nil, errors.New("malformed database type configuration") + } + + if len(objectList.Items) != 1 { + return nil, errors.New("exactly one database type is expected") + } + + if len(objectList.Items[0].Keys) != 1 { + return nil, errors.New("exactly one key is expected") + } + + var data bytes.Buffer + if err := printer.DefaultConfig.Fprint(&data, node); err != nil { + return nil, err + } + + dbTypeConfig := new(dbTypeConfig) + if err := hcl.Decode(dbTypeConfig, data.String()); err != nil { + return nil, fmt.Errorf("failed to decode configuration: %w", err) + } + + databaseType := strings.Trim(objectList.Items[0].Keys[0].Token.Text, "\"") + switch databaseType { + case AWSMySQL: + case AWSPostgreSQL: + default: + return nil, fmt.Errorf("unknown database type: %s", databaseType) + } + + dbTypeConfig.databaseType = databaseType + return dbTypeConfig, nil +} + +func isMySQLDbType(dbType string) bool { + return dbType == MySQL || dbType == AWSMySQL +} + +func isPostgresDbType(dbType string) bool { + return dbType == PostgreSQL || dbType == AWSPostgreSQL +} + +func isSQLiteDbType(dbType string) bool { + return dbType == SQLite +} diff --git a/pkg/server/datastore/sqlstore/sqlstore_test.go b/pkg/server/datastore/sqlstore/sqlstore_test.go index 2763849003..482a293880 100644 --- a/pkg/server/datastore/sqlstore/sqlstore_test.go +++ b/pkg/server/datastore/sqlstore/sqlstore_test.go @@ -196,6 +196,35 @@ func (s *PluginSuite) TestInvalidPluginConfiguration() { s.RequireErrorContains(err, "datastore-sql: unsupported database_type: wrong") } +func (s *PluginSuite) TestInvalidAWSConfiguration() { + testCases := []struct { + name string + config string + expectedErr string + }{ + { + name: "aws_mysql - no region", + config: ` + database_type "aws_mysql" {} + connection_string = "test_user:@tcp(localhost:1234)/spire?parseTime=true&allowCleartextPasswords=1&tls=true"`, + expectedErr: "datastore-sql: region must be specified", + }, + { + name: "postgres_mysql - no region", + config: ` + database_type "aws_postgres" {} + connection_string = "dbname=postgres user=postgres host=the-host sslmode=require"`, + expectedErr: "region must be specified", + }, + } + for _, testCase := range testCases { + s.T().Run(testCase.name, func(t *testing.T) { + err := s.ds.Configure(ctx, testCase.config) + s.RequireErrorContains(err, testCase.expectedErr) + }) + } +} + func (s *PluginSuite) TestInvalidMySQLConfiguration() { err := s.ds.Configure(ctx, ` database_type = "mysql" From 31b3cb1d7a9ac0bb56b763d547b7e976fc05ce62 Mon Sep 17 00:00:00 2001 From: Ryan Turner Date: Tue, 27 Feb 2024 14:43:12 -0800 Subject: [PATCH 03/83] Log SPIFFE ID for X.509-SVIDs signed in BatchNewX509SVID (#4902) The audit log emitted on calls to BatchNewX509SVID doesn't include the SPIFFE ID of the X.509-SVIDs that are signed during the API handler execution. It's valuable to include the SPIFFE ID in this log message for traceability and auditing purposes. The SPIFFE ID in signed X.509-SVIDs is currently only included in a DEBUG level log in the server CA. Signed-off-by: Ryan Turner --- pkg/server/api/svid/v1/service.go | 10 ++++++++++ pkg/server/api/svid/v1/service_test.go | 14 ++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/pkg/server/api/svid/v1/service.go b/pkg/server/api/svid/v1/service.go index 76f85f88d4..acb888f20f 100644 --- a/pkg/server/api/svid/v1/service.go +++ b/pkg/server/api/svid/v1/service.go @@ -10,6 +10,7 @@ import ( "github.com/spiffe/go-spiffe/v2/spiffeid" svidv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/svid/v1" "github.com/spiffe/spire-api-sdk/proto/spire/api/types" + "github.com/spiffe/spire/pkg/common/idutil" "github.com/spiffe/spire/pkg/common/jwtsvid" "github.com/spiffe/spire/pkg/common/telemetry" "github.com/spiffe/spire/pkg/common/x509util" @@ -175,10 +176,19 @@ func (s *Service) BatchNewX509SVID(ctx context.Context, req *svidv1.BatchNewX509 // Create new SVID r := s.newX509SVID(ctx, svidParam, entriesMap) results = append(results, r) + spiffeID := "" + if r.Svid != nil { + id, err := idutil.IDProtoString(r.Svid.Id) + if err == nil { + spiffeID = id + } + } + rpccontext.AuditRPCWithTypesStatus(ctx, r.Status, func() logrus.Fields { fields := logrus.Fields{ telemetry.Csr: api.HashByte(svidParam.Csr), telemetry.RegistrationID: svidParam.EntryId, + telemetry.SPIFFEID: spiffeID, } if r.Svid != nil { diff --git a/pkg/server/api/svid/v1/service_test.go b/pkg/server/api/svid/v1/service_test.go index 8b3a5a37d2..8365054a81 100644 --- a/pkg/server/api/svid/v1/service_test.go +++ b/pkg/server/api/svid/v1/service_test.go @@ -1213,6 +1213,7 @@ func TestServiceBatchNewX509SVID(t *testing.T) { telemetry.RegistrationID: "workload", telemetry.Csr: api.HashByte(m["workload"]), telemetry.ExpiresAt: expiresAtFromCAStr, + telemetry.SPIFFEID: "spiffe://example.org/workload1", }, }, } @@ -1236,6 +1237,7 @@ func TestServiceBatchNewX509SVID(t *testing.T) { telemetry.RegistrationID: "ttl", telemetry.Csr: api.HashByte(m["ttl"]), telemetry.ExpiresAt: expiresAtFromTTLEntryStr, + telemetry.SPIFFEID: "spiffe://example.org/ttl", }, }, } @@ -1259,6 +1261,7 @@ func TestServiceBatchNewX509SVID(t *testing.T) { telemetry.RegistrationID: "x509ttl", telemetry.Csr: api.HashByte(m["x509ttl"]), telemetry.ExpiresAt: expiresAtFromX509TTLEntryStr, + telemetry.SPIFFEID: "spiffe://example.org/ttl", }, }, } @@ -1282,6 +1285,7 @@ func TestServiceBatchNewX509SVID(t *testing.T) { telemetry.RegistrationID: "dns", telemetry.Csr: api.HashByte(m["dns"]), telemetry.ExpiresAt: expiresAtFromCAStr, + telemetry.SPIFFEID: "spiffe://example.org/dns", }, }, } @@ -1314,6 +1318,7 @@ func TestServiceBatchNewX509SVID(t *testing.T) { telemetry.RegistrationID: "workload", telemetry.Csr: api.HashByte(m["workload"]), telemetry.ExpiresAt: expiresAtFromCAStr, + telemetry.SPIFFEID: "spiffe://example.org/workload1", }, }, { @@ -1334,6 +1339,7 @@ func TestServiceBatchNewX509SVID(t *testing.T) { telemetry.Csr: api.HashByte(m["invalid"]), telemetry.StatusCode: "Internal", telemetry.StatusMessage: "entry has malformed SPIFFE ID: request must specify SPIFFE ID", + telemetry.SPIFFEID: "", }, }, { @@ -1345,6 +1351,7 @@ func TestServiceBatchNewX509SVID(t *testing.T) { telemetry.RegistrationID: "dns", telemetry.Csr: api.HashByte(m["dns"]), telemetry.ExpiresAt: expiresAtFromCAStr, + telemetry.SPIFFEID: "spiffe://example.org/dns", }, }, } @@ -1477,6 +1484,7 @@ func TestServiceBatchNewX509SVID(t *testing.T) { telemetry.Csr: api.HashByte(m[""]), telemetry.StatusCode: "InvalidArgument", telemetry.StatusMessage: "missing entry ID", + telemetry.SPIFFEID: "", }, }, } @@ -1511,6 +1519,7 @@ func TestServiceBatchNewX509SVID(t *testing.T) { telemetry.Csr: "", telemetry.StatusCode: "InvalidArgument", telemetry.StatusMessage: "missing CSR", + telemetry.SPIFFEID: "", }, }, } @@ -1545,6 +1554,7 @@ func TestServiceBatchNewX509SVID(t *testing.T) { telemetry.Csr: api.HashByte(m["invalid entry"]), telemetry.StatusCode: "NotFound", telemetry.StatusMessage: "entry not found or not authorized", + telemetry.SPIFFEID: "", }, }, } @@ -1583,6 +1593,7 @@ func TestServiceBatchNewX509SVID(t *testing.T) { telemetry.Csr: api.HashByte(m["workload"]), telemetry.StatusCode: "InvalidArgument", telemetry.StatusMessage: fmt.Sprintf("malformed CSR: %v", invalidCsrErr), + telemetry.SPIFFEID: "", }, }, } @@ -1624,6 +1635,7 @@ func TestServiceBatchNewX509SVID(t *testing.T) { telemetry.Csr: api.HashByte(m["workload"]), telemetry.StatusCode: "InvalidArgument", telemetry.StatusMessage: "invalid CSR signature: x509: ECDSA verification failure", + telemetry.SPIFFEID: "", }, }, } @@ -1659,6 +1671,7 @@ func TestServiceBatchNewX509SVID(t *testing.T) { telemetry.Csr: api.HashByte(m["invalid"]), telemetry.StatusCode: "Internal", telemetry.StatusMessage: "entry has malformed SPIFFE ID: request must specify SPIFFE ID", + telemetry.SPIFFEID: "", }, }, } @@ -1696,6 +1709,7 @@ func TestServiceBatchNewX509SVID(t *testing.T) { telemetry.Csr: api.HashByte(m["workload"]), telemetry.StatusCode: "Internal", telemetry.StatusMessage: "failed to sign X509-SVID: oh no", + telemetry.SPIFFEID: "", }, }, } From 61bf130afced94da09b3586b3cbd5a85dabb77e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Agust=C3=ADn=20Mart=C3=ADnez=20Fay=C3=B3?= Date: Tue, 27 Feb 2024 21:36:10 -0300 Subject: [PATCH 04/83] Do not log anymore failures to look up user/group name (#4906) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Agustín Martínez Fayó --- .../workloadattestor/unix/unix_posix.go | 2 -- .../workloadattestor/unix/unix_posix_test.go | 22 ------------------- 2 files changed, 24 deletions(-) diff --git a/pkg/agent/plugin/workloadattestor/unix/unix_posix.go b/pkg/agent/plugin/workloadattestor/unix/unix_posix.go index 6c2d781304..83d2212576 100644 --- a/pkg/agent/plugin/workloadattestor/unix/unix_posix.go +++ b/pkg/agent/plugin/workloadattestor/unix/unix_posix.go @@ -235,7 +235,6 @@ func (p *Plugin) getUID(proc processInfo) (string, error) { func (p *Plugin) getUserName(uid string) (string, bool) { u, err := p.hooks.lookupUserByID(uid) if err != nil { - p.log.Warn("Failed to lookup user name by uid", "uid", uid, "error", err) return "", false } return u.Username, true @@ -260,7 +259,6 @@ func (p *Plugin) getGID(proc processInfo) (string, error) { func (p *Plugin) getGroupName(gid string) (string, bool) { g, err := p.hooks.lookupGroupByID(gid) if err != nil { - p.log.Warn("Failed to lookup group name by gid", "gid", gid, "error", err) return "", false } return g.Name, true diff --git a/pkg/agent/plugin/workloadattestor/unix/unix_posix_test.go b/pkg/agent/plugin/workloadattestor/unix/unix_posix_test.go index c00509491a..d415507c76 100644 --- a/pkg/agent/plugin/workloadattestor/unix/unix_posix_test.go +++ b/pkg/agent/plugin/workloadattestor/unix/unix_posix_test.go @@ -52,7 +52,6 @@ func (s *Suite) TestAttest() { config string expectCode codes.Code expectMsg string - expectLogs []spiretest.LogEntry }{ { name: "pid with no uids", @@ -75,16 +74,6 @@ func (s *Suite) TestAttest() { "group:g2000", }, expectCode: codes.OK, - expectLogs: []spiretest.LogEntry{ - { - Level: logrus.WarnLevel, - Message: "Failed to lookup user name by uid", - Data: logrus.Fields{ - "uid": "1999", - logrus.ErrorKey: "no user with UID 1999", - }, - }, - }, }, { name: "pid with no gids", @@ -107,16 +96,6 @@ func (s *Suite) TestAttest() { "gid:2999", }, expectCode: codes.OK, - expectLogs: []spiretest.LogEntry{ - { - Level: logrus.WarnLevel, - Message: "Failed to lookup group name by gid", - Data: logrus.Fields{ - "gid": "2999", - logrus.ErrorKey: "no group with GID 2999", - }, - }, - }, }, { name: "primary user and gid", @@ -253,7 +232,6 @@ func (s *Suite) TestAttest() { } require.Equal(t, testCase.selectorValues, selectorValues) - spiretest.AssertLogs(t, s.logHook.AllEntries(), testCase.expectLogs) }) } } From dc06ff6c8ba8ddc04f7cd4d7e8e07325a324aabd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Feb 2024 07:37:25 -0300 Subject: [PATCH 05/83] Bump actions/dependency-review-action from 4.0.0 to 4.1.3 (#4897) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.0.0 to 4.1.3. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/4901385134134e04cec5fbe5ddfe3b2c5bd5d976...9129d7d40b8c12c1ed0f60400d00c92d437adcce) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depsreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depsreview.yaml b/.github/workflows/depsreview.yaml index 57255ba00a..46cd58e7d5 100644 --- a/.github/workflows/depsreview.yaml +++ b/.github/workflows/depsreview.yaml @@ -12,4 +12,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: 'Dependency Review' - uses: actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976 # v4.0.0 + uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3 From 20f5e31da191f2cef87756eb10e175016a14e5b1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Feb 2024 08:41:16 -0300 Subject: [PATCH 06/83] Bump actions/download-artifact from 4.1.2 to 4.1.3 (#4913) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.2 to 4.1.3. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/eaceaf801fd36c7dee90939fad912460b18a1ffe...87c55149d96e628cc2ef7e6fc2aab372015aec85) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pr_build.yaml | 8 ++++---- .github/workflows/release_build.yaml | 14 +++++++------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 0080ac4700..fcb6e2f12b 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -135,7 +135,7 @@ jobs: - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Download archived images - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 with: name: images path: . @@ -279,7 +279,7 @@ jobs: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} - name: Download archived images - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 with: name: images path: . @@ -339,7 +339,7 @@ jobs: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} - name: Download archived images - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 with: name: images path: . @@ -397,7 +397,7 @@ jobs: install: >- git base-devel mingw-w64-x86_64-toolchain unzip - name: Download archived images - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 with: name: images-windows path: . diff --git a/.github/workflows/release_build.yaml b/.github/workflows/release_build.yaml index 0d06c3e228..dd04334e9b 100644 --- a/.github/workflows/release_build.yaml +++ b/.github/workflows/release_build.yaml @@ -129,7 +129,7 @@ jobs: - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Download archived images - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 with: name: images path: . @@ -274,7 +274,7 @@ jobs: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} - name: Download archived images - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 with: name: images path: . @@ -334,7 +334,7 @@ jobs: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} - name: Download archived images - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 with: name: images path: . @@ -390,7 +390,7 @@ jobs: install: >- git base-devel mingw-w64-x86_64-toolchain unzip - name: Download archived images - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 with: name: images-windows path: . @@ -557,12 +557,12 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Download archived Linux artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 with: name: binaries-linux path: ./artifacts/ - name: Download archived Windows artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 with: name: binaries-windows path: ./artifacts/ @@ -600,7 +600,7 @@ jobs: - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Download archived images - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 with: name: images path: . From 5094671f04e2622e4ff6b3c1d0e74cfc7c9a27d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Feb 2024 11:00:06 -0300 Subject: [PATCH 07/83] Bump the k8s-io group with 4 updates (#4900) Bumps the k8s-io group with 4 updates: [k8s.io/api](https://github.com/kubernetes/api), [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery), [k8s.io/client-go](https://github.com/kubernetes/client-go) and [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator). Updates `k8s.io/api` from 0.29.1 to 0.29.2 - [Commits](https://github.com/kubernetes/api/compare/v0.29.1...v0.29.2) Updates `k8s.io/apimachinery` from 0.29.1 to 0.29.2 - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.29.1...v0.29.2) Updates `k8s.io/client-go` from 0.29.1 to 0.29.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.29.1...v0.29.2) Updates `k8s.io/kube-aggregator` from 0.29.1 to 0.29.2 - [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.29.1...v0.29.2) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/kube-aggregator dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 6beb5b326f..00219abe30 100644 --- a/go.mod +++ b/go.mod @@ -85,10 +85,10 @@ require ( google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe google.golang.org/grpc v1.62.0 google.golang.org/protobuf v1.32.0 - k8s.io/api v0.29.1 - k8s.io/apimachinery v0.29.1 - k8s.io/client-go v0.29.1 - k8s.io/kube-aggregator v0.29.1 + k8s.io/api v0.29.2 + k8s.io/apimachinery v0.29.2 + k8s.io/client-go v0.29.2 + k8s.io/kube-aggregator v0.29.2 sigs.k8s.io/controller-runtime v0.17.0 ) diff --git a/go.sum b/go.sum index aa95856d7f..472a94dc6e 100644 --- a/go.sum +++ b/go.sum @@ -2211,18 +2211,18 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.29.1 h1:DAjwWX/9YT7NQD4INu49ROJuZAAAP/Ijki48GUPzxqw= -k8s.io/api v0.29.1/go.mod h1:7Kl10vBRUXhnQQI8YR/R327zXC8eJ7887/+Ybta+RoQ= +k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= +k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= -k8s.io/apimachinery v0.29.1 h1:KY4/E6km/wLBguvCZv8cKTeOwwOBqFNjwJIdMkMbbRc= -k8s.io/apimachinery v0.29.1/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= -k8s.io/client-go v0.29.1 h1:19B/+2NGEwnFLzt0uB5kNJnfTsbV8w6TgQRz9l7ti7A= -k8s.io/client-go v0.29.1/go.mod h1:TDG/psL9hdet0TI9mGyHJSgRkW3H9JZk2dNEUS7bRks= +k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= +k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= +k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= +k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= k8s.io/klog/v2 v2.120.0 h1:z+q5mfovBj1fKFxiRzsa2DsJLPIVMk/KFL81LMOfK+8= k8s.io/klog/v2 v2.120.0/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-aggregator v0.29.1 h1:ArCHuHNT2vNOQbrFBjt23nUs+08w1KcLABuWUinOD4U= -k8s.io/kube-aggregator v0.29.1/go.mod h1:Wdf0L0CWYwhUKs+KaYiM+NwqkZTp0Erd/wgefvyZBwQ= +k8s.io/kube-aggregator v0.29.2 h1:z9qJn5wlGmGaX6EfM7OEhr6fq6SBjDKR6tPRZ/qgxeY= +k8s.io/kube-aggregator v0.29.2/go.mod h1:QEuwzmMJJsg0eg1Gv+u4cWcYeJG2+8vN8/nTXBzopUo= k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= From ea07ad095776e22cc01ba6950c199f9009e6a8de Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Feb 2024 12:34:54 -0300 Subject: [PATCH 08/83] Bump github.com/aws/smithy-go from 1.20.0 to 1.20.1 (#4901) Bumps [github.com/aws/smithy-go](https://github.com/aws/smithy-go) from 1.20.0 to 1.20.1. - [Release notes](https://github.com/aws/smithy-go/releases) - [Changelog](https://github.com/aws/smithy-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/smithy-go/compare/v1.20.0...v1.20.1) --- updated-dependencies: - dependency-name: github.com/aws/smithy-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 00219abe30..c02da4e312 100644 --- a/go.mod +++ b/go.mod @@ -30,7 +30,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/s3 v1.50.0 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.27.1 github.com/aws/aws-sdk-go-v2/service/sts v1.27.0 - github.com/aws/smithy-go v1.20.0 + github.com/aws/smithy-go v1.20.1 github.com/blang/semver/v4 v4.0.0 github.com/cenkalti/backoff/v4 v4.2.1 github.com/docker/docker v25.0.3+incompatible diff --git a/go.sum b/go.sum index 472a94dc6e..5379612cd0 100644 --- a/go.sum +++ b/go.sum @@ -610,8 +610,8 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.22.0 h1:6DL0qu5+315wbsAEEmzK+P9l github.com/aws/aws-sdk-go-v2/service/ssooidc v1.22.0/go.mod h1:olUAyg+FaoFaL/zFaeQQONjOZ9HXoxgvI/c7mQTYz7M= github.com/aws/aws-sdk-go-v2/service/sts v1.27.0 h1:cjTRjh700H36MQ8M0LnDn33W3JmwC77mdxIIyPWCdpM= github.com/aws/aws-sdk-go-v2/service/sts v1.27.0/go.mod h1:nXfOBMWPokIbOY+Gi7a1psWMSvskUCemZzI+SMB7Akc= -github.com/aws/smithy-go v1.20.0 h1:6+kZsCXZwKxZS9RfISnPc4EXlHoyAkm2hPuM8X2BrrQ= -github.com/aws/smithy-go v1.20.0/go.mod h1:uo5RKksAl4PzhqaAbjd4rLgFoq5koTsQKYuGe7dklGc= +github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw= +github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 h1:SoFYaT9UyGkR0+nogNyD/Lj+bsixB+SNuAS4ABlEs6M= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8/go.mod h1:2JF49jcDOrLStIXN/j/K1EKRq8a8R2qRnlZA6/o/c7c= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= From bbf1d44835017ec40fd6420c62d8ad27cde4a6d2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Feb 2024 14:12:30 -0300 Subject: [PATCH 09/83] Bump github.com/google/go-tpm-tools from 0.4.2 to 0.4.3 (#4914) Bumps [github.com/google/go-tpm-tools](https://github.com/google/go-tpm-tools) from 0.4.2 to 0.4.3. - [Release notes](https://github.com/google/go-tpm-tools/releases) - [Changelog](https://github.com/google/go-tpm-tools/blob/main/.goreleaser.yaml) - [Commits](https://github.com/google/go-tpm-tools/compare/v0.4.2...v0.4.3) --- updated-dependencies: - dependency-name: github.com/google/go-tpm-tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 5 +++-- go.sum | 10 ++++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index c02da4e312..6aafbc1f94 100644 --- a/go.mod +++ b/go.mod @@ -45,7 +45,7 @@ require ( github.com/google/go-cmp v0.6.0 github.com/google/go-containerregistry v0.19.0 github.com/google/go-tpm v0.9.0 - github.com/google/go-tpm-tools v0.4.2 + github.com/google/go-tpm-tools v0.4.3 github.com/googleapis/gax-go/v2 v2.12.0 github.com/gorilla/handlers v1.5.2 github.com/hashicorp/go-hclog v1.6.2 @@ -204,10 +204,11 @@ require ( github.com/google/certificate-transparency-go v1.1.7 // indirect github.com/google/flatbuffers v23.5.26+incompatible // indirect github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect + github.com/google/go-configfs-tsm v0.2.2 // indirect github.com/google/go-github/v55 v55.0.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/go-sev-guest v0.9.3 // indirect - github.com/google/go-tdx-guest v0.2.3-0.20231011100059-4cf02bed9d33 // indirect + github.com/google/go-tdx-guest v0.3.1 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/logger v1.1.1 // indirect github.com/google/s2a-go v0.1.7 // indirect diff --git a/go.sum b/go.sum index 5379612cd0..7a3da8f6f1 100644 --- a/go.sum +++ b/go.sum @@ -920,6 +920,8 @@ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-configfs-tsm v0.2.2 h1:YnJ9rXIOj5BYD7/0DNnzs8AOp7UcvjfTvt215EWcs98= +github.com/google/go-configfs-tsm v0.2.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= github.com/google/go-containerregistry v0.19.0 h1:uIsMRBV7m/HDkDxE/nXMnv1q+lOOSPlQ/ywc5JbB8Ic= github.com/google/go-containerregistry v0.19.0/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ= github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg= @@ -928,12 +930,12 @@ github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/go-sev-guest v0.9.3 h1:GOJ+EipURdeWFl/YYdgcCxyPeMgQUWlI056iFkBD8UU= github.com/google/go-sev-guest v0.9.3/go.mod h1:hc1R4R6f8+NcJwITs0L90fYWTsBpd1Ix+Gur15sqHDs= -github.com/google/go-tdx-guest v0.2.3-0.20231011100059-4cf02bed9d33 h1:lRlUusuieEuqljjihCXb+Mr73VNitOYPJYWXzJKtBWs= -github.com/google/go-tdx-guest v0.2.3-0.20231011100059-4cf02bed9d33/go.mod h1:84ut3oago/BqPXD4ppiGXdkZNW3WFPkcyAO4my2hXdY= +github.com/google/go-tdx-guest v0.3.1 h1:gl0KvjdsD4RrJzyLefDOvFOUH3NAJri/3qvaL5m83Iw= +github.com/google/go-tdx-guest v0.3.1/go.mod h1:/rc3d7rnPykOPuY8U9saMyEps0PZDThLk/RygXm04nE= github.com/google/go-tpm v0.9.0 h1:sQF6YqWMi+SCXpsmS3fd21oPy/vSddwZry4JnmltHVk= github.com/google/go-tpm v0.9.0/go.mod h1:FkNVkc6C+IsvDI9Jw1OveJmxGZUUaKxtrpOS47QWKfU= -github.com/google/go-tpm-tools v0.4.2 h1:iyaCPKt2N5Rd0yz0G8ANa022SgCNZkMpp+db6QELtvI= -github.com/google/go-tpm-tools v0.4.2/go.mod h1:fGUDZu4tw3V4hUVuFHmiYgRd0c58/IXivn9v3Ea/ck4= +github.com/google/go-tpm-tools v0.4.3 h1:L5dc34fttMIREoKRmnIJfv2NSZDSZ+RfBD+izN0EZoA= +github.com/google/go-tpm-tools v0.4.3/go.mod h1:T8jXkp2s+eltnCDIsXR84/MTcVU9Ja7bh3Mit0pa4AY= github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus= github.com/google/go-tspi v0.3.0/go.mod h1:xfMGI3G0PhxCdNVcYr1C4C+EizojDg/TXuX5by8CiHI= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= From dc3c9516310ff049b98d301c66b4bdf2db21ae41 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Feb 2024 15:45:25 -0300 Subject: [PATCH 10/83] Bump golang.org/x/crypto from 0.19.0 to 0.20.0 (#4915) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.19.0 to 0.20.0. - [Commits](https://github.com/golang/crypto/compare/v0.19.0...v0.20.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 6aafbc1f94..47ac583ec5 100644 --- a/go.mod +++ b/go.mod @@ -75,9 +75,9 @@ require ( github.com/uber-go/tally/v4 v4.1.11 github.com/valyala/fastjson v1.6.4 github.com/zeebo/errs v1.3.0 - golang.org/x/crypto v0.19.0 + golang.org/x/crypto v0.20.0 golang.org/x/exp v0.0.0-20231108232855-2478ac86f678 - golang.org/x/net v0.20.0 + golang.org/x/net v0.21.0 golang.org/x/sync v0.6.0 golang.org/x/sys v0.17.0 golang.org/x/time v0.5.0 diff --git a/go.sum b/go.sum index 7a3da8f6f1..691b3d3f8d 100644 --- a/go.sum +++ b/go.sum @@ -1555,8 +1555,8 @@ golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2Uz golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= -golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= -golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.20.0 h1:jmAMJJZXr5KiCw05dfYK9QnqaqKLYXijU23lsEdcQqg= +golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1666,8 +1666,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= -golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= -golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= From cfad570cab86af95ff6dcb59a0757f78ce55fbc9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Feb 2024 16:52:23 -0300 Subject: [PATCH 11/83] Bump the aws-sdk group with 8 updates (#4918) Bumps the aws-sdk group with 8 updates: | Package | From | To | | --- | --- | --- | | [github.com/aws/aws-sdk-go-v2/feature/rds/auth](https://github.com/aws/aws-sdk-go-v2) | `1.3.10` | `1.4.2` | | [github.com/aws/aws-sdk-go-v2/service/acmpca](https://github.com/aws/aws-sdk-go-v2) | `1.28.0` | `1.29.1` | | [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) | `1.148.0` | `1.149.1` | | [github.com/aws/aws-sdk-go-v2/service/iam](https://github.com/aws/aws-sdk-go-v2) | `1.30.0` | `1.31.1` | | [github.com/aws/aws-sdk-go-v2/service/kms](https://github.com/aws/aws-sdk-go-v2) | `1.28.1` | `1.29.1` | | [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.50.0` | `1.51.1` | | [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) | `1.27.1` | `1.28.1` | | [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) | `1.27.0` | `1.28.1` | Updates `github.com/aws/aws-sdk-go-v2/feature/rds/auth` from 1.3.10 to 1.4.2 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/m2/v1.4.2/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/internal/ini/v1.3.10...service/m2/v1.4.2) Updates `github.com/aws/aws-sdk-go-v2/service/acmpca` from 1.28.0 to 1.29.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.28.0...service/s3/v1.29.1) Updates `github.com/aws/aws-sdk-go-v2/service/ec2` from 1.148.0 to 1.149.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ec2/v1.148.0...service/ec2/v1.149.1) Updates `github.com/aws/aws-sdk-go-v2/service/iam` from 1.30.0 to 1.31.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/s3/v1.31.1/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.30.0...service/s3/v1.31.1) Updates `github.com/aws/aws-sdk-go-v2/service/kms` from 1.28.1 to 1.29.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecs/v1.28.1...service/s3/v1.29.1) Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.50.0 to 1.51.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.50.0...service/s3/v1.51.1) Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.27.1 to 1.28.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/ecs/v1.28.1/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.1...service/ecs/v1.28.1) Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.27.0 to 1.28.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/ecs/v1.28.1/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.0...service/ecs/v1.28.1) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/feature/rds/auth dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: github.com/aws/aws-sdk-go-v2/service/acmpca dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: github.com/aws/aws-sdk-go-v2/service/iam dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: github.com/aws/aws-sdk-go-v2/service/kms dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 34 ++++++++++++++--------------- go.sum | 68 +++++++++++++++++++++++++++++----------------------------- 2 files changed, 51 insertions(+), 51 deletions(-) diff --git a/go.mod b/go.mod index 47ac583ec5..6780f6d450 100644 --- a/go.mod +++ b/go.mod @@ -18,18 +18,18 @@ require ( github.com/Microsoft/go-winio v0.6.1 github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 github.com/armon/go-metrics v0.4.1 - github.com/aws/aws-sdk-go-v2 v1.25.0 + github.com/aws/aws-sdk-go-v2 v1.25.2 github.com/aws/aws-sdk-go-v2/config v1.27.0 github.com/aws/aws-sdk-go-v2/credentials v1.17.0 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0 - github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.3.10 - github.com/aws/aws-sdk-go-v2/service/acmpca v1.28.0 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.148.0 - github.com/aws/aws-sdk-go-v2/service/iam v1.30.0 - github.com/aws/aws-sdk-go-v2/service/kms v1.28.1 - github.com/aws/aws-sdk-go-v2/service/s3 v1.50.0 - github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.27.1 - github.com/aws/aws-sdk-go-v2/service/sts v1.27.0 + github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.4.2 + github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.1 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.149.1 + github.com/aws/aws-sdk-go-v2/service/iam v1.31.1 + github.com/aws/aws-sdk-go-v2/service/kms v1.29.1 + github.com/aws/aws-sdk-go-v2/service/s3 v1.51.1 + github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.1 + github.com/aws/aws-sdk-go-v2/service/sts v1.28.1 github.com/aws/smithy-go v1.20.1 github.com/blang/semver/v4 v4.0.0 github.com/cenkalti/backoff/v4 v4.2.1 @@ -132,17 +132,17 @@ require ( github.com/aliyun/credentials-go v1.3.1 // indirect github.com/armon/go-radix v1.0.0 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.0 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.1 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.0 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.2 // indirect github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7 // indirect github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.0 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.2 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.19.0 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.22.0 // indirect github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect diff --git a/go.sum b/go.sum index 691b3d3f8d..384798b198 100644 --- a/go.sum +++ b/go.sum @@ -560,56 +560,56 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.50.0 h1:HBtrLeO+QyDKnc3t1+5DR1RxodOHCGr8ZcrHudpv7jI= github.com/aws/aws-sdk-go v1.50.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= -github.com/aws/aws-sdk-go-v2 v1.25.0 h1:sv7+1JVJxOu/dD/sz/csHX7jFqmP001TIY7aytBWDSQ= -github.com/aws/aws-sdk-go-v2 v1.25.0/go.mod h1:G104G1Aho5WqF+SR3mDIobTABQzpYV0WxMsKxlMggOA= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.0 h1:2UO6/nT1lCZq1LqM67Oa4tdgP1CvL1sLSxvuD+VrOeE= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.0/go.mod h1:5zGj2eA85ClyedTDK+Whsu+w9yimnVIZvhvBKrDquM8= +github.com/aws/aws-sdk-go-v2 v1.25.2 h1:/uiG1avJRgLGiQM9X3qJM8+Qa6KRGK5rRPuXE0HUM+w= +github.com/aws/aws-sdk-go-v2 v1.25.2/go.mod h1:Evoc5AsmtveRt1komDwIsjHFyrP5tDuF1D1U+6z6pNo= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.1 h1:gTK2uhtAPtFcdRRJilZPx8uJLL2J85xK11nKtWL0wfU= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.1/go.mod h1:sxpLb+nZk7tIfCWChfd+h4QwHNUR57d8hA1cleTkjJo= github.com/aws/aws-sdk-go-v2/config v1.27.0 h1:J5sdGCAHuWKIXLeXiqr8II/adSvetkx0qdZwdbXXpb0= github.com/aws/aws-sdk-go-v2/config v1.27.0/go.mod h1:cfh8v69nuSUohNFMbIISP2fhmblGmYEOKs5V53HiHnk= github.com/aws/aws-sdk-go-v2/credentials v1.17.0 h1:lMW2x6sKBsiAJrpi1doOXqWFyEPoE886DTb1X0wb7So= github.com/aws/aws-sdk-go-v2/credentials v1.17.0/go.mod h1:uT41FIH8cCIxOdUYIL0PYyHlL1NoneDuDSCwg5VE/5o= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0 h1:xWCwjjvVz2ojYTP4kBKUuUh9ZrXfcAXpflhOUUeXg1k= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0/go.mod h1:j3fACuqXg4oMTQOR2yY7m0NmJY0yBK4L4sLsRXq1Ins= -github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.3.10 h1:z6fAXB4HSuYjrE/P8RU3NdCaN+EPaeq/+80aisCjuF8= -github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.3.10/go.mod h1:PoPjOi7j+/DtKIGC58HRfcdWKBPYYXwdKnRG+po+hzo= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.0 h1:NPs/EqVO+ajwOoq56EfcGKa3L3ruWuazkIw1BqxwOPw= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.0/go.mod h1:D+duLy2ylgatV+yTlQ8JTuLfDD0BnFvnQRc+o6tbZ4M= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.0 h1:ks7KGMVUMoDzcxNWUlEdI+/lokMFD136EL6DWmUOV80= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.0/go.mod h1:hL6BWM/d/qz113fVitZjbXR0E+RCTU1+x+1Idyn5NgE= +github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.4.2 h1:TFju6ZoqO3TnX0C42VmYW4TxNcUFfbV/3cnaOxbcc5Y= +github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.4.2/go.mod h1:HLaNMGEhcO6GnJtrozRtluhCVM5/B/ZV5XHQ477uIgA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 h1:bNo4LagzUKbjdxE0tIcR9pMzLR2U/Tgie1Hq1HQ3iH8= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2/go.mod h1:wRQv0nN6v9wDXuWThpovGQjqF1HFdcgWjporw14lS8k= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2 h1:EtOU5jsPdIQNP+6Q2C5e3d65NKT1PeCiQk+9OdzO12Q= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2/go.mod h1:tyF5sKccmDz0Bv4NrstEr+/9YkSPJHrcO7UsUKf7pWM= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.0 h1:TkbRExyKSVHELwG9gz2+gql37jjec2R5vus9faTomwE= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.0/go.mod h1:T3/9xMKudHhnj8it5EqIrhvv11tVZqWYkKcot+BFStc= -github.com/aws/aws-sdk-go-v2/service/acmpca v1.28.0 h1:QjKXOo116XObtcP78Lfc9LoC6+RmFl5PjhUXVVRDJP8= -github.com/aws/aws-sdk-go-v2/service/acmpca v1.28.0/go.mod h1:gh3xN6CaGNnTXceayUKrcSj0ce6zMfmWn5l6sW3fqSQ= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.148.0 h1:7imiXQvuqyUEu6wdcn6xRjR3zIJjDuAnS2e1S3ND+C0= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.148.0/go.mod h1:ntWksNNQcXImRQMdxab74tp+H94neF/TwQJ9Ndxb04k= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.2 h1:en92G0Z7xlksoOylkUhuBSfJgijC7rHVLRdnIlHEs0E= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.2/go.mod h1:HgtQ/wN5G+8QSlK62lbOtNwQ3wTSByJ4wH2rCkPt+AE= +github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.1 h1:XvSeacTm4QJf+bAw0s+t7UHghw6fLv0Mz79cNWZVC0Q= +github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.1/go.mod h1:P+wB/b01+r8pvLQgysfAdxOe1uUrStjCN31IBeMhNw4= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.149.1 h1:OGZUMBYZnz+R5nkW6FS1J8UlfLeM/pKojck+74+ZQGY= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.149.1/go.mod h1:XxJNg7fIkR8cbm89i0zVZSxKpcPYsC8BWRwMIJOWbnk= github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7 h1:3iaT/LnGV6jNtbBkvHZDlzz7Ky3wMHDJAyFtGd5GUJI= github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7/go.mod h1:mtzCLxk6M+KZbkJdq3cUH9GCrudw8qCy5C3EHO+5vLc= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6 h1:h+r5/diSwztgKgxUrntt6AOI5lBYY0ZJv+yzeulGZSU= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6/go.mod h1:7+5MHFC52LC85xKCjCuWDHmIncOOvWnll10OT9EAN/g= -github.com/aws/aws-sdk-go-v2/service/iam v1.30.0 h1:KMXqFKrjs+vU6Zyj1BJnCd8oExUZN315SUsiCjYcZFM= -github.com/aws/aws-sdk-go-v2/service/iam v1.30.0/go.mod h1:vc5DmJnsyyX6UpZwIKT2y1hEhzHoGDjONKhDcDwA49g= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.0 h1:a33HuFlO0KsveiP90IUJh8Xr/cx9US2PqkSroaLc+o8= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.0/go.mod h1:SxIkWpByiGbhbHYTo9CMTUnx2G4p4ZQMrDPcRRy//1c= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.0 h1:UiSyK6ent6OKpkMJN3+k5HZ4sk4UfchEaaW5wv7SblQ= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.0/go.mod h1:l7kzl8n8DXoRyFz5cIMG70HnPauWa649TUhgw8Rq6lo= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.0 h1:SHN/umDLTmFTmYfI+gkanz6da3vK8Kvj/5wkqnTHbuA= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.0/go.mod h1:l8gPU5RYGOFHJqWEpPMoRTP0VoaWQSkJdKo+hwWnnDA= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.0 h1:l5puwOHr7IxECuPMIuZG7UKOzAnF24v6t4l+Z5Moay4= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.0/go.mod h1:Oov79flWa/n7Ni+lQC3z+VM7PoRM47omRqbJU9B5Y7E= -github.com/aws/aws-sdk-go-v2/service/kms v1.28.1 h1:+KE6+fDNH9gwg/t6DRddIZW7MJVqf3/IdZqeNTFehuA= -github.com/aws/aws-sdk-go-v2/service/kms v1.28.1/go.mod h1:Y/mkxhbaWCswchbBBLRwet6uYKl/026DZXS87c0DmuU= -github.com/aws/aws-sdk-go-v2/service/s3 v1.50.0 h1:jZAdMD1ioZdqirzzVVRhpHHWJmcGGCn8JqDYBs5nmYA= -github.com/aws/aws-sdk-go-v2/service/s3 v1.50.0/go.mod h1:1o/W6JFUuREj2ExoQ21vHJgO7wakvjhol91M9eknFgs= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.27.1 h1:ss/HbHbONu0uscM549++4YanT6MnjNN0BGhE5pZRfG4= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.27.1/go.mod h1:JsJDZFHwLGZu6dxhV9EV1gJrMnCeE4GEXubSZA59xdA= +github.com/aws/aws-sdk-go-v2/service/iam v1.31.1 h1:3l4/wmvUjTbGfk/YJBkKub4cVbDdvJ9YMOQmopXc2T8= +github.com/aws/aws-sdk-go-v2/service/iam v1.31.1/go.mod h1:EeqEwkHICgkdmzBAJ46zbS4lhvFy563MOuNlEHU59T4= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibRTVAs6ECHZOw5/wlylS9OcTzwyjeQMudmREjE= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1/go.mod h1:JKpmtYhhPs7D97NL/ltqz7yCkERFW5dOlHyVl66ZYF8= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.2 h1:zSdTXYLwuXDNPUS+V41i1SFDXG7V0ITp0D9UT9Cvl18= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.2/go.mod h1:v8m8k+qVy95nYi7d56uP1QImleIIY25BPiNJYzPBdFE= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2 h1:5ffmXjPtwRExp1zc7gENLgCPyHFbhEPwVTkTiH9niSk= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2/go.mod h1:Ru7vg1iQ7cR4i7SZ/JTLYN9kaXtbL69UdgG0OQWQxW0= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.2 h1:1oY1AVEisRI4HNuFoLdRUB0hC63ylDAN6Me3MrfclEg= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.2/go.mod h1:KZ03VgvZwSjkT7fOetQ/wF3MZUvYFirlI1H5NklUNsY= +github.com/aws/aws-sdk-go-v2/service/kms v1.29.1 h1:OdjJjUWFlMZLAMl54ASxIpZdGEesY4BH3/c0HAPSFdI= +github.com/aws/aws-sdk-go-v2/service/kms v1.29.1/go.mod h1:Cbx2uxEX0bAB7SlSY+ys05ZBkEb8IbmuAOcGVmDfJFs= +github.com/aws/aws-sdk-go-v2/service/s3 v1.51.1 h1:juZ+uGargZOrQGNxkVHr9HHR/0N+Yu8uekQnV7EAVRs= +github.com/aws/aws-sdk-go-v2/service/s3 v1.51.1/go.mod h1:SoR0c7Jnq8Tpmt0KSLXIavhjmaagRqQpe9r70W3POJg= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.1 h1:DtKw4TxZT3VrzYupXQJPBqT9ImyobZZE+JIQPPAVxqs= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.1/go.mod h1:bit9G2ORpSjUTr4PA4usvbBfbOyvMj0LbE1dXF14Sug= github.com/aws/aws-sdk-go-v2/service/sso v1.19.0 h1:u6OkVDxtBPnxPkZ9/63ynEe+8kHbtS5IfaC4PzVxzWM= github.com/aws/aws-sdk-go-v2/service/sso v1.19.0/go.mod h1:YqbU3RS/pkDVu+v+Nwxvn0i1WB0HkNWEePWbmODEbbs= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.22.0 h1:6DL0qu5+315wbsAEEmzK+P9leRwNbkp+lGjPC+CEvb8= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.22.0/go.mod h1:olUAyg+FaoFaL/zFaeQQONjOZ9HXoxgvI/c7mQTYz7M= -github.com/aws/aws-sdk-go-v2/service/sts v1.27.0 h1:cjTRjh700H36MQ8M0LnDn33W3JmwC77mdxIIyPWCdpM= -github.com/aws/aws-sdk-go-v2/service/sts v1.27.0/go.mod h1:nXfOBMWPokIbOY+Gi7a1psWMSvskUCemZzI+SMB7Akc= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.1 h1:3I2cBEYgKhrWlwyZgfpSO2BpaMY1LHPqXYk/QGlu2ew= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.1/go.mod h1:uQ7YYKZt3adCRrdCBREm1CD3efFLOUNH77MrUCvx5oA= github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw= github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 h1:SoFYaT9UyGkR0+nogNyD/Lj+bsixB+SNuAS4ABlEs6M= From d21b0252b1acfe217daa98c2e35e0bcc168b6f4e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Feb 2024 17:51:54 -0300 Subject: [PATCH 12/83] Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 (#4920) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/f95db51fddba0c2d1ec667646a06c2ce06100226...0d103c3126aa41d772a8362f6aa67afac040f80c) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pr_build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index fcb6e2f12b..0c8ff5aa8d 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -179,7 +179,7 @@ jobs: - name: Set up QEMU uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 - name: Build images run: make images-no-load - name: Export images From e474dd6c438fd16e910adb9e8778eb07900ebaa2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Feb 2024 18:45:41 -0300 Subject: [PATCH 13/83] Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 (#4921) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.18.0 to 1.19.0. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/v1.19.0/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.18.0...v1.19.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 5 ++--- go.sum | 10 ++++------ 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 6780f6d450..cbc7c1e482 100644 --- a/go.mod +++ b/go.mod @@ -62,7 +62,7 @@ require ( github.com/mattn/go-sqlite3 v1.14.22 github.com/mitchellh/cli v1.1.5 github.com/open-policy-agent/opa v0.61.0 - github.com/prometheus/client_golang v1.18.0 + github.com/prometheus/client_golang v1.19.0 github.com/shirou/gopsutil/v3 v3.24.1 github.com/sigstore/cosign/v2 v2.2.3 github.com/sigstore/rekor v1.3.5 @@ -249,7 +249,6 @@ require ( github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect github.com/miekg/pkcs11 v1.1.1 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect @@ -274,7 +273,7 @@ require ( github.com/posener/complete v1.2.3 // indirect github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect github.com/prometheus/client_model v0.5.0 // indirect - github.com/prometheus/common v0.45.0 // indirect + github.com/prometheus/common v0.48.0 // indirect github.com/prometheus/procfs v0.12.0 // indirect github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect diff --git a/go.sum b/go.sum index 384798b198..ed5b9f1b63 100644 --- a/go.sum +++ b/go.sum @@ -1186,8 +1186,6 @@ github.com/mattn/go-sqlite3 v1.14.0/go.mod h1:JIl7NbARA7phWnGvh0LKTyg7S9BA+6gx71 github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo= github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= @@ -1289,8 +1287,8 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= -github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= +github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= +github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -1301,8 +1299,8 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= -github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= +github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= +github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= From 79a7cdb921cf4cb2360f4a596e8113a3de7a35cd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Feb 2024 19:33:32 -0300 Subject: [PATCH 14/83] Bump github.com/sigstore/sigstore from 1.8.1 to 1.8.2 (#4922) Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 17 +++++++++-------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index cbc7c1e482..28aec110e5 100644 --- a/go.mod +++ b/go.mod @@ -36,7 +36,7 @@ require ( github.com/docker/docker v25.0.3+incompatible github.com/envoyproxy/go-control-plane v0.12.0 github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa - github.com/go-jose/go-jose/v3 v3.0.1 + github.com/go-jose/go-jose/v3 v3.0.2 github.com/go-sql-driver/mysql v1.7.1 github.com/godbus/dbus/v5 v5.1.0 github.com/gofrs/uuid v4.4.0+incompatible @@ -66,7 +66,7 @@ require ( github.com/shirou/gopsutil/v3 v3.24.1 github.com/sigstore/cosign/v2 v2.2.3 github.com/sigstore/rekor v1.3.5 - github.com/sigstore/sigstore v1.8.1 + github.com/sigstore/sigstore v1.8.2 github.com/sirupsen/logrus v1.9.3 github.com/spiffe/go-spiffe/v2 v2.1.7 github.com/spiffe/spire-api-sdk v1.2.5-0.20231107161112-ba57e0e943a2 @@ -327,7 +327,7 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect golang.org/x/mod v0.14.0 // indirect - golang.org/x/oauth2 v0.16.0 // indirect + golang.org/x/oauth2 v0.17.0 // indirect golang.org/x/term v0.17.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/tools v0.16.1 // indirect diff --git a/go.sum b/go.sum index ed5b9f1b63..05e44bcb61 100644 --- a/go.sum +++ b/go.sum @@ -779,8 +779,8 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= -github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA= -github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= +github.com/go-jose/go-jose/v3 v3.0.2 h1:2Edjn8Nrb44UvTdp84KU0bBPs1cO7noRCybtS3eJEUQ= +github.com/go-jose/go-jose/v3 v3.0.2/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= @@ -816,8 +816,8 @@ github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZC github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= github.com/go-openapi/validate v0.22.6 h1:+NhuwcEYpWdO5Nm4bmvhGLW0rt1Fcc532Mu3wpypXfo= github.com/go-openapi/validate v0.22.6/go.mod h1:eaddXSqKeTg5XpSmj1dYyFTK/95n/XHwcOY+BMxKMyM= -github.com/go-rod/rod v0.114.5 h1:1x6oqnslwFVuXJbJifgxspJUd3O4ntaGhRLHt+4Er9c= -github.com/go-rod/rod v0.114.5/go.mod h1:aiedSEFg5DwG/fnNbUOTPMTTWX3MRj6vIs/a684Mthw= +github.com/go-rod/rod v0.114.7 h1:h4pimzSOUnw7Eo41zdJA788XsawzHjJMyzCE3BrBww0= +github.com/go-rod/rod v0.114.7/go.mod h1:aiedSEFg5DwG/fnNbUOTPMTTWX3MRj6vIs/a684Mthw= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI= github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= @@ -1348,8 +1348,8 @@ github.com/sigstore/fulcio v1.4.3 h1:9JcUCZjjVhRF9fmhVuz6i1RyhCc/EGCD7MOl+iqCJLQ github.com/sigstore/fulcio v1.4.3/go.mod h1:BQPWo7cfxmJwgaHlphUHUpFkp5+YxeJes82oo39m5og= github.com/sigstore/rekor v1.3.5 h1:QoVXcS7NppKY+rpbEFVHr4evGDZBBSh65X0g8PXoUkQ= github.com/sigstore/rekor v1.3.5/go.mod h1:CWqOk/fmnPwORQmm7SyDgB54GTJizqobbZ7yOP1lvw8= -github.com/sigstore/sigstore v1.8.1 h1:mAVposMb14oplk2h/bayPmIVdzbq2IhCgy4g6R0ZSjo= -github.com/sigstore/sigstore v1.8.1/go.mod h1:02SL1158BSj15bZyOFz7m+/nJzLZfFd9A8ab3Kz7w/E= +github.com/sigstore/sigstore v1.8.2 h1:0Ttjcn3V0fVQXlYq7+oHaaHkGFIt3ywm7SF4JTU/l8c= +github.com/sigstore/sigstore v1.8.2/go.mod h1:CHVcSyknCcjI4K2ZhS1SI28r0tcQyBlwtALG536x1DY= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.1 h1:rEDdUefulkIQaMJyzLwtgPDLNXBIltBABiFYfb0YmgQ= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.1/go.mod h1:RCdYCc1IxCYWzh2IdzdA6Yf7JIY0cMRqH08fpQYechw= github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.1 h1:DvRWG99QGWZC5mp42SEde2Xke/Q384Idnj2da7yB+Mk= @@ -1553,6 +1553,7 @@ golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2Uz golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.20.0 h1:jmAMJJZXr5KiCw05dfYK9QnqaqKLYXijU23lsEdcQqg= golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1693,8 +1694,8 @@ golang.org/x/oauth2 v0.0.0-20221006150949-b44042a4b9c1/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= -golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= -golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= +golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= +golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= From e14da06a2a4a62f9423348fb73c1e771f75ac930 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Feb 2024 16:19:55 -0300 Subject: [PATCH 15/83] Bump github.com/jackc/pgx/v5 from 5.5.2 to 5.5.3 (#4924) Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.5.2 to 5.5.3. - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](https://github.com/jackc/pgx/compare/v5.5.2...v5.5.3) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 28aec110e5..f87c4685de 100644 --- a/go.mod +++ b/go.mod @@ -55,7 +55,7 @@ require ( github.com/hashicorp/vault/sdk v0.11.0 github.com/imdario/mergo v0.3.16 github.com/imkira/go-observer v1.0.3 - github.com/jackc/pgx/v5 v5.5.2 + github.com/jackc/pgx/v5 v5.5.3 github.com/jinzhu/gorm v1.9.16 github.com/lestrrat-go/jwx/v2 v2.0.19 github.com/lib/pq v1.10.9 diff --git a/go.sum b/go.sum index 05e44bcb61..a9a2d7ff0d 100644 --- a/go.sum +++ b/go.sum @@ -1087,8 +1087,8 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk= github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= -github.com/jackc/pgx/v5 v5.5.2 h1:iLlpgp4Cp/gC9Xuscl7lFL1PhhW+ZLtXZcrfCt4C3tA= -github.com/jackc/pgx/v5 v5.5.2/go.mod h1:ez9gk+OAat140fv9ErkZDYFWmXLfV+++K0uAOiwgm1A= +github.com/jackc/pgx/v5 v5.5.3 h1:Ces6/M3wbDXYpM8JyyPD57ivTtJACFZJd885pdIaV2s= +github.com/jackc/pgx/v5 v5.5.3/go.mod h1:ez9gk+OAat140fv9ErkZDYFWmXLfV+++K0uAOiwgm1A= github.com/jackc/puddle/v2 v2.2.1 h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk= github.com/jackc/puddle/v2 v2.2.1/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 h1:TMtDYDHKYY15rFihtRfck/bfFqNfvcabqvXAFQfAUpY= From 87cfff9beabc6d0a043488e962b81baab2e0b6d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Feb 2024 22:25:06 -0300 Subject: [PATCH 16/83] Bump google.golang.org/api from 0.162.0 to 0.167.0 (#4926) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.162.0 to 0.167.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.162.0...v0.167.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 28 ++++++++++++++-------------- go.sum | 56 ++++++++++++++++++++++++++++---------------------------- 2 files changed, 42 insertions(+), 42 deletions(-) diff --git a/go.mod b/go.mod index f87c4685de..4dd4251a54 100644 --- a/go.mod +++ b/go.mod @@ -4,9 +4,9 @@ go 1.21 require ( cloud.google.com/go/iam v1.1.6 - cloud.google.com/go/kms v1.15.5 - cloud.google.com/go/secretmanager v1.11.4 - cloud.google.com/go/security v1.15.4 + cloud.google.com/go/kms v1.15.6 + cloud.google.com/go/secretmanager v1.11.5 + cloud.google.com/go/security v1.15.5 cloud.google.com/go/storage v1.38.0 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 @@ -46,7 +46,7 @@ require ( github.com/google/go-containerregistry v0.19.0 github.com/google/go-tpm v0.9.0 github.com/google/go-tpm-tools v0.4.3 - github.com/googleapis/gax-go/v2 v2.12.0 + github.com/googleapis/gax-go/v2 v2.12.1 github.com/gorilla/handlers v1.5.2 github.com/hashicorp/go-hclog v1.6.2 github.com/hashicorp/go-plugin v1.6.0 @@ -81,8 +81,8 @@ require ( golang.org/x/sync v0.6.0 golang.org/x/sys v0.17.0 golang.org/x/time v0.5.0 - google.golang.org/api v0.162.0 - google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe + google.golang.org/api v0.167.0 + google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 google.golang.org/grpc v1.62.0 google.golang.org/protobuf v1.32.0 k8s.io/api v0.29.2 @@ -94,9 +94,9 @@ require ( require ( cloud.google.com/go v0.112.0 // indirect - cloud.google.com/go/compute v1.23.3 // indirect + cloud.google.com/go/compute v1.23.4 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect - cloud.google.com/go/longrunning v0.5.4 // indirect + cloud.google.com/go/longrunning v0.5.5 // indirect filippo.io/edwards25519 v1.1.0 // indirect github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect @@ -314,14 +314,14 @@ require ( github.com/yusufpapurcu/wmi v1.2.3 // indirect go.mongodb.org/mongo-driver v1.13.1 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect - go.opentelemetry.io/otel v1.22.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 // indirect + go.opentelemetry.io/otel v1.23.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0 // indirect - go.opentelemetry.io/otel/metric v1.22.0 // indirect + go.opentelemetry.io/otel/metric v1.23.0 // indirect go.opentelemetry.io/otel/sdk v1.22.0 // indirect - go.opentelemetry.io/otel/trace v1.22.0 // indirect + go.opentelemetry.io/otel/trace v1.23.0 // indirect go.step.sm/crypto v0.42.1 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect @@ -332,7 +332,7 @@ require ( golang.org/x/text v0.14.0 // indirect golang.org/x/tools v0.16.1 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe // indirect + google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 // indirect gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index a9a2d7ff0d..e93daab14f 100644 --- a/go.sum +++ b/go.sum @@ -122,8 +122,8 @@ cloud.google.com/go/compute v1.13.0/go.mod h1:5aPTS0cUNMIc1CE546K+Th6weJUNQErARy cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo= cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63rR+SXhcpA= cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= -cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk= -cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI= +cloud.google.com/go/compute v1.23.4 h1:EBT9Nw4q3zyE7G45Wvv3MzolIrCJEuHys5muLY0wvAw= +cloud.google.com/go/compute v1.23.4/go.mod h1:/EJMj55asU6kAFnuZET8zqgwgJ9FvXWXOkkfQZa4ioI= cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= @@ -225,8 +225,8 @@ cloud.google.com/go/iot v1.4.0/go.mod h1:dIDxPOn0UvNDUMD8Ger7FIaTuvMkj+aGk94RPP0 cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg= cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0= -cloud.google.com/go/kms v1.15.5 h1:pj1sRfut2eRbD9pFRjNnPNg/CzJPuQAzUujMIM1vVeM= -cloud.google.com/go/kms v1.15.5/go.mod h1:cU2H5jnp6G2TDpUGZyqTCoy1n16fbubHZjmVXSMtwDI= +cloud.google.com/go/kms v1.15.6 h1:ktpEMQmsOAYj3VZwH020FcQlm23BVYg8T8O1woG2GcE= +cloud.google.com/go/kms v1.15.6/go.mod h1:yF75jttnIdHfGBoE51AKsD/Yqf+/jICzB9v1s1acsms= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= @@ -236,8 +236,8 @@ cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6 cloud.google.com/go/logging v1.6.1/go.mod h1:5ZO0mHHbvm8gEmeEUHrmDlTDSu5imF6MUP9OfilNXBw= cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE= cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= -cloud.google.com/go/longrunning v0.5.4 h1:w8xEcbZodnA2BbW6sVirkkoC+1gP8wS57EUUgGS0GVg= -cloud.google.com/go/longrunning v0.5.4/go.mod h1:zqNVncI0BOP8ST6XQD1+VcvuShMmq7+xFSzOL++V0dI= +cloud.google.com/go/longrunning v0.5.5 h1:GOE6pZFdSrTb4KAiKnXsJBtlE6mEyaW44oKyMILWnOg= +cloud.google.com/go/longrunning v0.5.5/go.mod h1:WV2LAxD8/rg5Z1cNW6FJ/ZpX4E4VnDnoTk0yawPBB7s= cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE= cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM= cloud.google.com/go/maps v0.1.0/go.mod h1:BQM97WGyfw9FWEmQMpZ5T6cpovXXSd1cGmFma94eubI= @@ -325,15 +325,15 @@ cloud.google.com/go/scheduler v1.7.0/go.mod h1:jyCiBqWW956uBjjPMMuX09n3x37mtyPJe cloud.google.com/go/secretmanager v1.6.0/go.mod h1:awVa/OXF6IiyaU1wQ34inzQNc4ISIDIrId8qE5QGgKA= cloud.google.com/go/secretmanager v1.8.0/go.mod h1:hnVgi/bN5MYHd3Gt0SPuTPPp5ENina1/LxM+2W9U9J4= cloud.google.com/go/secretmanager v1.9.0/go.mod h1:b71qH2l1yHmWQHt9LC80akm86mX8AL6X1MA01dW8ht4= -cloud.google.com/go/secretmanager v1.11.4 h1:krnX9qpG2kR2fJ+u+uNyNo+ACVhplIAS4Pu7u+4gd+k= -cloud.google.com/go/secretmanager v1.11.4/go.mod h1:wreJlbS9Zdq21lMzWmJ0XhWW2ZxgPeahsqeV/vZoJ3w= +cloud.google.com/go/secretmanager v1.11.5 h1:82fpF5vBBvu9XW4qj0FU2C6qVMtj1RM/XHwKXUEAfYY= +cloud.google.com/go/secretmanager v1.11.5/go.mod h1:eAGv+DaCHkeVyQi0BeXgAHOU0RdrMeZIASKc+S7VqH4= cloud.google.com/go/security v1.5.0/go.mod h1:lgxGdyOKKjHL4YG3/YwIL2zLqMFCKs0UbQwgyZmfJl4= cloud.google.com/go/security v1.7.0/go.mod h1:mZklORHl6Bg7CNnnjLH//0UlAlaXqiG7Lb9PsPXLfD0= cloud.google.com/go/security v1.8.0/go.mod h1:hAQOwgmaHhztFhiQ41CjDODdWP0+AE1B3sX4OFlq+GU= cloud.google.com/go/security v1.9.0/go.mod h1:6Ta1bO8LXI89nZnmnsZGp9lVoVWXqsVbIq/t9dzI+2Q= cloud.google.com/go/security v1.10.0/go.mod h1:QtOMZByJVlibUT2h9afNDWRZ1G96gVywH8T5GUSb9IA= -cloud.google.com/go/security v1.15.4 h1:sdnh4Islb1ljaNhpIXlIPgb3eYj70QWgPVDKOUYvzJc= -cloud.google.com/go/security v1.15.4/go.mod h1:oN7C2uIZKhxCLiAAijKUCuHLZbIt/ghYEo8MqwD/Ty4= +cloud.google.com/go/security v1.15.5 h1:wTKJQ10j8EYgvE8Y+KhovxDRVDk2iv/OsxZ6GrLP3kE= +cloud.google.com/go/security v1.15.5/go.mod h1:KS6X2eG3ynWjqcIX976fuToN5juVkF6Ra6c7MPnldtc= cloud.google.com/go/securitycenter v1.13.0/go.mod h1:cv5qNAqjY84FCN6Y9z28WlkKXyWsgLO832YiWwkCWcU= cloud.google.com/go/securitycenter v1.14.0/go.mod h1:gZLAhtyKv85n52XYWt6RmeBdydyxfPeTrpToDPw4Auc= cloud.google.com/go/securitycenter v1.15.0/go.mod h1:PeKJ0t8MoFmmXLXWm41JidyzI3PJjd8sXWaVqg43WWk= @@ -998,8 +998,8 @@ github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8= -github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= -github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= +github.com/googleapis/gax-go/v2 v2.12.1 h1:9F8GV9r9ztXyAi00gsMQHNoF51xPZm8uj1dpYt2ZETM= +github.com/googleapis/gax-go/v2 v2.12.1/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -1493,24 +1493,24 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 h1:UNQQKPfTDe1J81ViolILjTKPr9WetKW6uei2hFgJmFs= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 h1:sv9kVfal0MK0wBMCOGr+HeJm9v803BkJxGrk2au7j08= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw= -go.opentelemetry.io/otel v1.22.0 h1:xS7Ku+7yTFvDfDraDIJVpw7XPyuHlB9MCiqqX5mcJ6Y= -go.opentelemetry.io/otel v1.22.0/go.mod h1:eoV4iAi3Ea8LkAEI9+GFT44O6T/D0GWAVFyZVCC6pMI= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0 h1:P+/g8GpuJGYbOp2tAdKrIPUX9JO02q8Q0YNlHolpibA= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0/go.mod h1:tIKj3DbO8N9Y2xo52og3irLsPI4GW02DSMtrVgNMgxg= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 h1:doUP+ExOpH3spVTLS0FcWGLnQrPct/hD/bCPbDRUEAU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0/go.mod h1:rdENBZMT2OE6Ne/KLwpiXudnAsbdrdBaqBvTN8M8BgA= +go.opentelemetry.io/otel v1.23.0 h1:Df0pqjqExIywbMCMTxkAwzjLZtRf+bBKLbUcpxO2C9E= +go.opentelemetry.io/otel v1.23.0/go.mod h1:YCycw9ZeKhcJFrb34iVSkyT0iczq/zYDtZYFufObyB0= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 h1:9M3+rhx7kZCIQQhQRYaZCdNu1V73tm4TvXs2ntl98C4= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0/go.mod h1:noq80iT8rrHP1SfybmPiRGc9dc5M8RPmGvtwo7Oo7tc= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 h1:tIqheXEFWAZ7O8A7m+J0aPTmpJN3YQ7qetUAdkkkKpk= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0/go.mod h1:nUeKExfxAQVbiVFn32YXpXZZHZ61Cc3s3Rn1pDBGAb0= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0 h1:FyjCyI9jVEfqhUh2MoSkmolPjfh5fp2hnV0b0irxH4Q= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0/go.mod h1:hYwym2nDEeZfG/motx0p7L7J1N1vyzIThemQsb4g2qY= -go.opentelemetry.io/otel/metric v1.22.0 h1:lypMQnGyJYeuYPhOM/bgjbFM6WE44W1/T45er4d8Hhg= -go.opentelemetry.io/otel/metric v1.22.0/go.mod h1:evJGjVpZv0mQ5QBRJoBF64yMuOf4xCWdXjK8pzFvliY= +go.opentelemetry.io/otel/metric v1.23.0 h1:pazkx7ss4LFVVYSxYew7L5I6qvLXHA0Ap2pwV+9Cnpo= +go.opentelemetry.io/otel/metric v1.23.0/go.mod h1:MqUW2X2a6Q8RN96E2/nqNoT+z9BSms20Jb7Bbp+HiTo= go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw= go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc= -go.opentelemetry.io/otel/trace v1.22.0 h1:Hg6pPujv0XG9QaVbGOBVHunyuLcCC3jN7WEhPx83XD0= -go.opentelemetry.io/otel/trace v1.22.0/go.mod h1:RbbHXVqKES9QhzZq/fE5UnOSILqRt40a21sPw2He1xo= +go.opentelemetry.io/otel/trace v1.23.0 h1:37Ik5Ib7xfYVb4V1UtnT97T1jI+AoIYkJyPkuL4iJgI= +go.opentelemetry.io/otel/trace v1.23.0/go.mod h1:GSGTbIClEsuZrGIzoEHqsVfxgn5UkggkflQwDScNUsk= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= @@ -1977,8 +1977,8 @@ google.golang.org/api v0.102.0/go.mod h1:3VFl6/fzoA+qNuS1N1/VfXY4LjoXN/wzeIp7Twe google.golang.org/api v0.103.0/go.mod h1:hGtW6nK1AC+d9si/UBhw8Xli+QMOf6xyNAyJw4qU9w0= google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= -google.golang.org/api v0.162.0 h1:Vhs54HkaEpkMBdgGdOT2P6F0csGG/vxDS0hWHJzmmps= -google.golang.org/api v0.162.0/go.mod h1:6SulDkfoBIg4NFmCuZ39XeeAgSHCPecfSUuDyYlAHs0= +google.golang.org/api v0.167.0 h1:CKHrQD1BLRii6xdkatBDXyKzM0mkawt2QP+H3LtPmSE= +google.golang.org/api v0.167.0/go.mod h1:4FcBc686KFi7QI/U51/2GKKevfZMpM17sCdibqe/bSA= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2105,12 +2105,12 @@ google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230223222841-637eb2293923/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= -google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe h1:USL2DhxfgRchafRvt/wYyyQNzwgL7ZiURcozOE/Pkvo= -google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= +google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 h1:g/4bk7P6TPMkAUbUhquq98xey1slwvuVJPosdBqYJlU= +google.golang.org/genproto v0.0.0-20240205150955-31a09d347014/go.mod h1:xEgQu1e4stdSSsxPDK8Azkrk/ECl5HvdPf6nbZrTS5M= google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 h1:x9PwdEgd11LgK+orcck69WVRo7DezSO4VUMPI4xpc8A= google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014/go.mod h1:rbHMSEDyoYX62nRVLOCc4Qt1HbsdytAYoVwgjiOhF3I= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe h1:bQnxqljG/wqi4NTXu2+DJ3n7APcEA882QZ1JvhQAq9o= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 h1:hZB7eLIaYlW9qXRfCq/qDaPdbeY3757uARz5Vvfv+cY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:YUWgXUFRPfoYK1IHMuxH5K6nPEXSCzIMljnQ59lLRCk= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= From 83c047a422fa6f2f0fc869f105fabb5edad2c7b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Feb 2024 23:01:03 -0300 Subject: [PATCH 17/83] Bump github.com/GoogleCloudPlatform/cloudsql-proxy (#4925) Bumps [github.com/GoogleCloudPlatform/cloudsql-proxy](https://github.com/GoogleCloudPlatform/cloudsql-proxy) from 1.33.16 to 1.34.0. - [Release notes](https://github.com/GoogleCloudPlatform/cloudsql-proxy/releases) - [Changelog](https://github.com/GoogleCloudPlatform/cloud-sql-proxy/blob/v1.34.0/CHANGELOG.md) - [Commits](https://github.com/GoogleCloudPlatform/cloudsql-proxy/compare/v1.33.16...v1.34.0) --- updated-dependencies: - dependency-name: github.com/GoogleCloudPlatform/cloudsql-proxy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 4dd4251a54..9065f8d0e3 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute v1.0.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.1.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 - github.com/GoogleCloudPlatform/cloudsql-proxy v1.33.16 + github.com/GoogleCloudPlatform/cloudsql-proxy v1.34.0 github.com/Microsoft/go-winio v0.6.1 github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 github.com/armon/go-metrics v0.4.1 @@ -325,7 +325,7 @@ require ( go.step.sm/crypto v0.42.1 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.26.0 // indirect + go.uber.org/zap v1.27.0 // indirect golang.org/x/mod v0.14.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect golang.org/x/term v0.17.0 // indirect diff --git a/go.sum b/go.sum index e93daab14f..2bda059137 100644 --- a/go.sum +++ b/go.sum @@ -472,8 +472,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dXCilEuNEeAn20fdD4= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= -github.com/GoogleCloudPlatform/cloudsql-proxy v1.33.16 h1:gCxB0uynRIoPZxAQ+LOp+OIvorqsFuKqTUq+EomIAzY= -github.com/GoogleCloudPlatform/cloudsql-proxy v1.33.16/go.mod h1:wa2mRxdVa5tjgSREvElo+9PgDUXCvEF0KDTDw5dj8+g= +github.com/GoogleCloudPlatform/cloudsql-proxy v1.34.0 h1:JGaDAt7aiz9casDxojbzFLI+3Mfj19R/+4twAKNGubk= +github.com/GoogleCloudPlatform/cloudsql-proxy v1.34.0/go.mod h1:XNDFTVaBS0jJYam3A88dpdzImNh0RRhBF4k05CNEENs= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= @@ -1525,8 +1525,8 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= From 9e85240cf765e66d9da94d3a50cfc95fd3cd1121 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 09:08:33 -0300 Subject: [PATCH 18/83] Bump github.com/googleapis/gax-go/v2 from 2.12.0 to 2.12.2 (#4927) Bumps [github.com/googleapis/gax-go/v2](https://github.com/googleapis/gax-go) from 2.12.0 to 2.12.2. - [Release notes](https://github.com/googleapis/gax-go/releases) - [Commits](https://github.com/googleapis/gax-go/compare/v2.12.0...v2.12.2) --- updated-dependencies: - dependency-name: github.com/googleapis/gax-go/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 9065f8d0e3..621ab08957 100644 --- a/go.mod +++ b/go.mod @@ -46,7 +46,7 @@ require ( github.com/google/go-containerregistry v0.19.0 github.com/google/go-tpm v0.9.0 github.com/google/go-tpm-tools v0.4.3 - github.com/googleapis/gax-go/v2 v2.12.1 + github.com/googleapis/gax-go/v2 v2.12.2 github.com/gorilla/handlers v1.5.2 github.com/hashicorp/go-hclog v1.6.2 github.com/hashicorp/go-plugin v1.6.0 diff --git a/go.sum b/go.sum index 2bda059137..aeed5f9f89 100644 --- a/go.sum +++ b/go.sum @@ -998,8 +998,8 @@ github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8= -github.com/googleapis/gax-go/v2 v2.12.1 h1:9F8GV9r9ztXyAi00gsMQHNoF51xPZm8uj1dpYt2ZETM= -github.com/googleapis/gax-go/v2 v2.12.1/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= +github.com/googleapis/gax-go/v2 v2.12.2 h1:mhN09QQW1jEWeMF74zGR81R30z4VJzjZsfkUhuHF+DA= +github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= From 938072f3d944a7510c43ef487d098f495c655056 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 13:31:46 -0300 Subject: [PATCH 19/83] Bump github.com/lestrrat-go/jwx/v2 from 2.0.19 to 2.0.20 (#4928) Bumps [github.com/lestrrat-go/jwx/v2](https://github.com/lestrrat-go/jwx) from 2.0.19 to 2.0.20. - [Release notes](https://github.com/lestrrat-go/jwx/releases) - [Changelog](https://github.com/lestrrat-go/jwx/blob/develop/v2/Changes) - [Commits](https://github.com/lestrrat-go/jwx/compare/v2.0.19...v2.0.20) --- updated-dependencies: - dependency-name: github.com/lestrrat-go/jwx/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 621ab08957..64dddc0b6e 100644 --- a/go.mod +++ b/go.mod @@ -57,7 +57,7 @@ require ( github.com/imkira/go-observer v1.0.3 github.com/jackc/pgx/v5 v5.5.3 github.com/jinzhu/gorm v1.9.16 - github.com/lestrrat-go/jwx/v2 v2.0.19 + github.com/lestrrat-go/jwx/v2 v2.0.20 github.com/lib/pq v1.10.9 github.com/mattn/go-sqlite3 v1.14.22 github.com/mitchellh/cli v1.1.5 diff --git a/go.sum b/go.sum index aeed5f9f89..af5943bc4b 100644 --- a/go.sum +++ b/go.sum @@ -1151,8 +1151,8 @@ github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJG github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx/v2 v2.0.19 h1:ekv1qEZE6BVct89QA+pRF6+4pCpfVrOnEJnTnT4RXoY= -github.com/lestrrat-go/jwx/v2 v2.0.19/go.mod h1:l3im3coce1lL2cDeAjqmaR+Awx+X8Ih+2k8BuHNJ4CU= +github.com/lestrrat-go/jwx/v2 v2.0.20 h1:sAgXuWS/t8ykxS9Bi2Qtn5Qhpakw1wrcjxChudjolCc= +github.com/lestrrat-go/jwx/v2 v2.0.20/go.mod h1:UlCSmKqw+agm5BsOBfEAbTvKsEApaGNqHAEUTv5PJC4= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 h1:WGrKdjHtWC67RX96eTkYD2f53NDHhrq/7robWTAfk4s= From e6dbd307ce8baea9cc772ef63f015347456dc097 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 2 Mar 2024 14:45:38 -0300 Subject: [PATCH 20/83] Bump the google-cloud-sdk group with 1 update (#4931) Bumps the google-cloud-sdk group with 1 update: [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go). Updates `cloud.google.com/go/storage` from 1.38.0 to 1.39.0 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.38.0...spanner/v1.39.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/storage dependency-type: direct:production update-type: version-update:semver-minor dependency-group: google-cloud-sdk ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 64dddc0b6e..842c59ee4c 100644 --- a/go.mod +++ b/go.mod @@ -4,10 +4,10 @@ go 1.21 require ( cloud.google.com/go/iam v1.1.6 - cloud.google.com/go/kms v1.15.6 + cloud.google.com/go/kms v1.15.7 cloud.google.com/go/secretmanager v1.11.5 cloud.google.com/go/security v1.15.5 - cloud.google.com/go/storage v1.38.0 + cloud.google.com/go/storage v1.39.0 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 @@ -94,7 +94,7 @@ require ( require ( cloud.google.com/go v0.112.0 // indirect - cloud.google.com/go/compute v1.23.4 // indirect + cloud.google.com/go/compute v1.24.0 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect cloud.google.com/go/longrunning v0.5.5 // indirect filippo.io/edwards25519 v1.1.0 // indirect @@ -332,8 +332,8 @@ require ( golang.org/x/text v0.14.0 // indirect golang.org/x/tools v0.16.1 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 // indirect + google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240221002015-b0ce06bbee7c // indirect gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index af5943bc4b..d25b62cbc0 100644 --- a/go.sum +++ b/go.sum @@ -122,8 +122,8 @@ cloud.google.com/go/compute v1.13.0/go.mod h1:5aPTS0cUNMIc1CE546K+Th6weJUNQErARy cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo= cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63rR+SXhcpA= cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= -cloud.google.com/go/compute v1.23.4 h1:EBT9Nw4q3zyE7G45Wvv3MzolIrCJEuHys5muLY0wvAw= -cloud.google.com/go/compute v1.23.4/go.mod h1:/EJMj55asU6kAFnuZET8zqgwgJ9FvXWXOkkfQZa4ioI= +cloud.google.com/go/compute v1.24.0 h1:phWcR2eWzRJaL/kOiJwfFsPs4BaKq1j6vnpZrc1YlVg= +cloud.google.com/go/compute v1.24.0/go.mod h1:kw1/T+h/+tK2LJK0wiPPx1intgdAM3j/g3hFDlscY40= cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= @@ -225,8 +225,8 @@ cloud.google.com/go/iot v1.4.0/go.mod h1:dIDxPOn0UvNDUMD8Ger7FIaTuvMkj+aGk94RPP0 cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg= cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0= -cloud.google.com/go/kms v1.15.6 h1:ktpEMQmsOAYj3VZwH020FcQlm23BVYg8T8O1woG2GcE= -cloud.google.com/go/kms v1.15.6/go.mod h1:yF75jttnIdHfGBoE51AKsD/Yqf+/jICzB9v1s1acsms= +cloud.google.com/go/kms v1.15.7 h1:7caV9K3yIxvlQPAcaFffhlT7d1qpxjB1wHBtjWa13SM= +cloud.google.com/go/kms v1.15.7/go.mod h1:ub54lbsa6tDkUwnu4W7Yt1aAIFLnspgh0kPGToDukeI= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= @@ -364,8 +364,8 @@ cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3f cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc= cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= -cloud.google.com/go/storage v1.38.0 h1:Az68ZRGlnNTpIBbLjSMIV2BDcwwXYlRlQzis0llkpJg= -cloud.google.com/go/storage v1.38.0/go.mod h1:tlUADB0mAb9BgYls9lq+8MGkfzOXuLrnHXlpHmvFJoY= +cloud.google.com/go/storage v1.39.0 h1:brbjUa4hbDHhpQf48tjqMaXEV+f1OGoaTmQau9tmCsA= +cloud.google.com/go/storage v1.39.0/go.mod h1:OAEj/WZwUYjA3YHQ10/YcN9ttGuEpLwvaoyBXIPikEk= cloud.google.com/go/storagetransfer v1.5.0/go.mod h1:dxNzUopWy7RQevYFHewchb29POFv3/AaBgnhqzqiK0w= cloud.google.com/go/storagetransfer v1.6.0/go.mod h1:y77xm4CQV/ZhFZH75PLEXY0ROiS7Gh6pSKrM8dJyg6I= cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw= @@ -2105,10 +2105,10 @@ google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230223222841-637eb2293923/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= -google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 h1:g/4bk7P6TPMkAUbUhquq98xey1slwvuVJPosdBqYJlU= -google.golang.org/genproto v0.0.0-20240205150955-31a09d347014/go.mod h1:xEgQu1e4stdSSsxPDK8Azkrk/ECl5HvdPf6nbZrTS5M= -google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 h1:x9PwdEgd11LgK+orcck69WVRo7DezSO4VUMPI4xpc8A= -google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014/go.mod h1:rbHMSEDyoYX62nRVLOCc4Qt1HbsdytAYoVwgjiOhF3I= +google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y= +google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s= +google.golang.org/genproto/googleapis/api v0.0.0-20240221002015-b0ce06bbee7c h1:9g7erC9qu44ks7UK4gDNlnk4kOxZG707xKm4jVniy6o= +google.golang.org/genproto/googleapis/api v0.0.0-20240221002015-b0ce06bbee7c/go.mod h1:5iCWqnniDlqZHrd3neWVTOwvh/v6s3232omMecelax8= google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 h1:hZB7eLIaYlW9qXRfCq/qDaPdbeY3757uARz5Vvfv+cY= google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:YUWgXUFRPfoYK1IHMuxH5K6nPEXSCzIMljnQ59lLRCk= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= From 7cbc5517f4349c5281527ca35b4fac9dc453d1ec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 2 Mar 2024 17:37:35 -0300 Subject: [PATCH 21/83] Bump the azure-sdk group with 1 update (#4932) Bumps the azure-sdk group with 1 update: [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go). Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.9.2 to 1.10.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.9.2...sdk/azcore/v1.10.0) --- updated-dependencies: - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore dependency-type: direct:production update-type: version-update:semver-minor dependency-group: azure-sdk ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 842c59ee4c..5c92f902ca 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( cloud.google.com/go/secretmanager v1.11.5 cloud.google.com/go/security v1.15.5 cloud.google.com/go/storage v1.39.0 - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute v1.0.0 diff --git a/go.sum b/go.sum index d25b62cbc0..c21bb8ceb1 100644 --- a/go.sum +++ b/go.sum @@ -415,8 +415,8 @@ github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0/go.mod h1:GgeIE+1be8Ivm7Sh4RgwI42aTtC9qrcj+Y9Y6CjJhJs= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2 h1:c4k2FIYIh4xtwqrQwV0Ct1v5+ehlNXj5NI/MWVsiTkQ= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2/go.mod h1:5FDJtLEO/GxwNgUxbwrY3LP0pEoThTQJtk2oysdXHxM= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0 h1:n1DH8TPV4qqPTje2RcUBYwtrTWlabVp4n46+74X2pn4= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0/go.mod h1:HDcZnuGbiyppErN6lB+idp4CKhjbc8gwjto6OPpyggM= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ= From 94b2aecdfd0d68c17f7f7cfa56b7ede7c2adca9d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 3 Mar 2024 08:54:01 -0300 Subject: [PATCH 22/83] Bump github.com/shirou/gopsutil/v3 from 3.24.1 to 3.24.2 (#4933) Bumps [github.com/shirou/gopsutil/v3](https://github.com/shirou/gopsutil) from 3.24.1 to 3.24.2. - [Release notes](https://github.com/shirou/gopsutil/releases) - [Commits](https://github.com/shirou/gopsutil/compare/v3.24.1...v3.24.2) --- updated-dependencies: - dependency-name: github.com/shirou/gopsutil/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 9 ++++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 5c92f902ca..f049476bcf 100644 --- a/go.mod +++ b/go.mod @@ -63,7 +63,7 @@ require ( github.com/mitchellh/cli v1.1.5 github.com/open-policy-agent/opa v0.61.0 github.com/prometheus/client_golang v1.19.0 - github.com/shirou/gopsutil/v3 v3.24.1 + github.com/shirou/gopsutil/v3 v3.24.2 github.com/sigstore/cosign/v2 v2.2.3 github.com/sigstore/rekor v1.3.5 github.com/sigstore/sigstore v1.8.2 @@ -311,7 +311,7 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/yashtewari/glob-intersection v0.2.0 // indirect - github.com/yusufpapurcu/wmi v1.2.3 // indirect + github.com/yusufpapurcu/wmi v1.2.4 // indirect go.mongodb.org/mongo-driver v1.13.1 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0 // indirect diff --git a/go.sum b/go.sum index c21bb8ceb1..86eab00e49 100644 --- a/go.sum +++ b/go.sum @@ -1334,8 +1334,8 @@ github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= github.com/shibumi/go-pathspec v1.3.0 h1:QUyMZhFo0Md5B8zV8x2tesohbb5kfbpTi9rBnKh5dkI= github.com/shibumi/go-pathspec v1.3.0/go.mod h1:Xutfslp817l2I1cZvgcfeMQJG5QnU2lh5tVaaMCl3jE= -github.com/shirou/gopsutil/v3 v3.24.1 h1:R3t6ondCEvmARp3wxODhXMTLC/klMa87h2PHUw5m7QI= -github.com/shirou/gopsutil/v3 v3.24.1/go.mod h1:UU7a2MSBQa+kW1uuDq8DeEBS8kmrnQwsv2b5O513rwU= +github.com/shirou/gopsutil/v3 v3.24.2 h1:kcR0erMbLg5/3LcInpw0X/rrPSqq4CDPyI6A6ZRC18Y= +github.com/shirou/gopsutil/v3 v3.24.2/go.mod h1:tSg/594BcA+8UdQU2XcW803GWYgdtauFFPgJCJKZlVk= github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM= github.com/shoenig/go-m1cpu v0.1.6/go.mod h1:1JJMcUBvfNwpq05QDQVAnx3gUHr9IYF7GNg9SUEw2VQ= github.com/shoenig/test v0.6.4 h1:kVTaSd7WLz5WZ2IaoM0RSzRsUD+m8wRR+5qvntpn4LU= @@ -1476,8 +1476,8 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFiw= -github.com/yusufpapurcu/wmi v1.2.3/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= +github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0= +github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= github.com/zalando/go-keyring v0.2.2 h1:f0xmpYiSrHtSNAVgwip93Cg8tuF45HJM6rHq/A5RI/4= github.com/zalando/go-keyring v0.2.2/go.mod h1:sI3evg9Wvpw3+n4SqplGSJUMwtDeROfD4nsFz4z9PG0= github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs= @@ -1812,7 +1812,6 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= From 2e5aee0d0139e46bda6bc118563cfa27ef2efd0c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 3 Mar 2024 09:34:10 -0300 Subject: [PATCH 23/83] Bump sigs.k8s.io/controller-runtime from 0.17.0 to 0.17.2 (#4935) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.17.0 to 0.17.2. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.17.0...v0.17.2) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f049476bcf..ae690a1230 100644 --- a/go.mod +++ b/go.mod @@ -89,7 +89,7 @@ require ( k8s.io/apimachinery v0.29.2 k8s.io/client-go v0.29.2 k8s.io/kube-aggregator v0.29.2 - sigs.k8s.io/controller-runtime v0.17.0 + sigs.k8s.io/controller-runtime v0.17.2 ) require ( diff --git a/go.sum b/go.sum index 86eab00e49..33d8514b5b 100644 --- a/go.sum +++ b/go.sum @@ -2230,8 +2230,8 @@ k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.17.0 h1:fjJQf8Ukya+VjogLO6/bNX9HE6Y2xpsO5+fyS26ur/s= -sigs.k8s.io/controller-runtime v0.17.0/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= +sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/release-utils v0.7.7 h1:JKDOvhCk6zW8ipEOkpTGDH/mW3TI+XqtPp16aaQ79FU= From 9a2376f5c353d3c93ff6e6cbd0d89522ffc5b0f2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 3 Mar 2024 14:37:01 -0300 Subject: [PATCH 24/83] Bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.0 (#4934) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.61.0 to 0.62.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-policy-agent/opa/compare/v0.61.0...v0.62.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index ae690a1230..e15fa4d44a 100644 --- a/go.mod +++ b/go.mod @@ -61,7 +61,7 @@ require ( github.com/lib/pq v1.10.9 github.com/mattn/go-sqlite3 v1.14.22 github.com/mitchellh/cli v1.1.5 - github.com/open-policy-agent/opa v0.61.0 + github.com/open-policy-agent/opa v0.62.0 github.com/prometheus/client_golang v1.19.0 github.com/shirou/gopsutil/v3 v3.24.2 github.com/sigstore/cosign/v2 v2.2.3 @@ -263,7 +263,7 @@ require ( github.com/oklog/run v1.1.0 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc5 // indirect + github.com/opencontainers/image-spec v1.1.0-rc6 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/pborman/uuid v1.2.1 // indirect github.com/pelletier/go-toml/v2 v2.1.0 // indirect diff --git a/go.sum b/go.sum index 33d8514b5b..831a383e16 100644 --- a/go.sum +++ b/go.sum @@ -759,8 +759,8 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= -github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= -github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= +github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI= +github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= @@ -1186,8 +1186,8 @@ github.com/mattn/go-sqlite3 v1.14.0/go.mod h1:JIl7NbARA7phWnGvh0LKTyg7S9BA+6gx71 github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo= -github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= +github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM= +github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk= github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= @@ -1252,12 +1252,12 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= -github.com/open-policy-agent/opa v0.61.0 h1:nhncQ2CAYtQTV/SMBhDDPsCpCQsUW+zO/1j+T5V7oZg= -github.com/open-policy-agent/opa v0.61.0/go.mod h1:7OUuzJnsS9yHf8lw0ApfcbrnaRG1EkN3J2fuuqi4G/E= +github.com/open-policy-agent/opa v0.62.0 h1:8NAWkrg3tnMBi+pYqL7pEi7h6QmbMmVf/5IyjJS/A2s= +github.com/open-policy-agent/opa v0.62.0/go.mod h1:FD8D++1j1m74Qam2iUnKlfPDeoxWTXANaRUVu8W/tmA= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= -github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= +github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58yxX1Ov9HERHNqU= +github.com/opencontainers/image-spec v1.1.0-rc6/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= From 76ec2f768e745149aa6ef996c97442a2e45cadc7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 3 Mar 2024 16:07:32 -0300 Subject: [PATCH 25/83] Bump actions/cache from 4.0.0 to 4.0.1 (#4929) Bumps [actions/cache](https://github.com/actions/cache) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/13aacd865c20de90d75de3b17ebe84f7a17d57d2...ab5e6d0c87105b4c9c2047343972218f562e4319) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pr_build.yaml | 42 ++++++++++++++-------------- .github/workflows/release_build.yaml | 42 ++++++++++++++-------------- 2 files changed, 42 insertions(+), 42 deletions(-) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 0c8ff5aa8d..1d92b02d58 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -24,7 +24,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Setup dep cache - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -48,12 +48,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Setup build tool cache - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -85,7 +85,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -109,7 +109,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -167,12 +167,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -203,7 +203,7 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Load cached executables - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ./bin/ key: ${{ runner.os }}-executables-${{ hashFiles('**/*.exe') }} @@ -269,12 +269,12 @@ jobs: - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -329,12 +329,12 @@ jobs: - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -379,12 +379,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -423,7 +423,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Setup dep cache - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -450,12 +450,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Setup build tool cache - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -493,7 +493,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -527,12 +527,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -546,7 +546,7 @@ jobs: - name: Build binaries run: make build - name: Setup executables cache - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ./bin/ key: ${{ runner.os }}-executables-${{ hashFiles('**/*.exe') }} diff --git a/.github/workflows/release_build.yaml b/.github/workflows/release_build.yaml index dd04334e9b..12ec3c9e89 100644 --- a/.github/workflows/release_build.yaml +++ b/.github/workflows/release_build.yaml @@ -21,7 +21,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Setup dep cache - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -44,12 +44,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Setup build tool cache - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -80,7 +80,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -103,7 +103,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -160,12 +160,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -191,7 +191,7 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Load cached executables - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ./bin/ key: ${{ runner.os }}-executables-${{ hashFiles('**/*.exe') }} @@ -264,12 +264,12 @@ jobs: - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -324,12 +324,12 @@ jobs: - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -372,12 +372,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -415,7 +415,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Setup dep cache - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -441,12 +441,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Setup build tool cache - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -483,7 +483,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -516,12 +516,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -537,7 +537,7 @@ jobs: - name: Build artifacts run: ./.github/workflows/scripts/build_artifacts.sh ${{ runner.os }} - name: Setup executables cache - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: ./bin/ key: ${{ runner.os }}-executables-${{ hashFiles('**/*.exe') }} From 973448df15935f65aaf874ea855fb7b4166308e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 10:04:03 -0300 Subject: [PATCH 26/83] Bump actions/download-artifact from 4.1.3 to 4.1.4 (#4936) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.3 to 4.1.4. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/87c55149d96e628cc2ef7e6fc2aab372015aec85...c850b930e6ba138125429b7e5c93fc707a7f8427) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pr_build.yaml | 8 ++++---- .github/workflows/release_build.yaml | 14 +++++++------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 1d92b02d58..02765ddf50 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -135,7 +135,7 @@ jobs: - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Download archived images - uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: images path: . @@ -279,7 +279,7 @@ jobs: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} - name: Download archived images - uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: images path: . @@ -339,7 +339,7 @@ jobs: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} - name: Download archived images - uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: images path: . @@ -397,7 +397,7 @@ jobs: install: >- git base-devel mingw-w64-x86_64-toolchain unzip - name: Download archived images - uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: images-windows path: . diff --git a/.github/workflows/release_build.yaml b/.github/workflows/release_build.yaml index 12ec3c9e89..4ac8722d0c 100644 --- a/.github/workflows/release_build.yaml +++ b/.github/workflows/release_build.yaml @@ -129,7 +129,7 @@ jobs: - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Download archived images - uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: images path: . @@ -274,7 +274,7 @@ jobs: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} - name: Download archived images - uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: images path: . @@ -334,7 +334,7 @@ jobs: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} - name: Download archived images - uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: images path: . @@ -390,7 +390,7 @@ jobs: install: >- git base-devel mingw-w64-x86_64-toolchain unzip - name: Download archived images - uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: images-windows path: . @@ -557,12 +557,12 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Download archived Linux artifacts - uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: binaries-linux path: ./artifacts/ - name: Download archived Windows artifacts - uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: binaries-windows path: ./artifacts/ @@ -600,7 +600,7 @@ jobs: - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Download archived images - uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: images path: . From 6cc49ab0681ef4a15d95a6dddc7a9eda9f35230e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 13:15:51 -0800 Subject: [PATCH 27/83] Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#4937) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e15fa4d44a..41ba790eb8 100644 --- a/go.mod +++ b/go.mod @@ -71,7 +71,7 @@ require ( github.com/spiffe/go-spiffe/v2 v2.1.7 github.com/spiffe/spire-api-sdk v1.2.5-0.20231107161112-ba57e0e943a2 github.com/spiffe/spire-plugin-sdk v1.4.4-0.20230721151831-bf67dde4721d - github.com/stretchr/testify v1.8.4 + github.com/stretchr/testify v1.9.0 github.com/uber-go/tally/v4 v4.1.11 github.com/valyala/fastjson v1.6.4 github.com/zeebo/errs v1.3.0 diff --git a/go.sum b/go.sum index 831a383e16..6965ee35e9 100644 --- a/go.sum +++ b/go.sum @@ -1401,8 +1401,9 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -1414,8 +1415,9 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d h1:vfofYNRScrDdvS342BElfbETmL1Aiz3i2t0zfRj16Hs= From 72ca57b925326723695d7695887a23ddf34f24e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 14:04:06 -0800 Subject: [PATCH 28/83] Bump github.com/jackc/pgx/v5 from 5.5.3 to 5.5.4 (#4939) Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.5.3 to 5.5.4. - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](https://github.com/jackc/pgx/compare/v5.5.3...v5.5.4) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 41ba790eb8..f436006ffe 100644 --- a/go.mod +++ b/go.mod @@ -55,7 +55,7 @@ require ( github.com/hashicorp/vault/sdk v0.11.0 github.com/imdario/mergo v0.3.16 github.com/imkira/go-observer v1.0.3 - github.com/jackc/pgx/v5 v5.5.3 + github.com/jackc/pgx/v5 v5.5.4 github.com/jinzhu/gorm v1.9.16 github.com/lestrrat-go/jwx/v2 v2.0.20 github.com/lib/pq v1.10.9 diff --git a/go.sum b/go.sum index 6965ee35e9..4a2a7b0db4 100644 --- a/go.sum +++ b/go.sum @@ -1087,8 +1087,8 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk= github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= -github.com/jackc/pgx/v5 v5.5.3 h1:Ces6/M3wbDXYpM8JyyPD57ivTtJACFZJd885pdIaV2s= -github.com/jackc/pgx/v5 v5.5.3/go.mod h1:ez9gk+OAat140fv9ErkZDYFWmXLfV+++K0uAOiwgm1A= +github.com/jackc/pgx/v5 v5.5.4 h1:Xp2aQS8uXButQdnCMWNmvx6UysWQQC+u1EoizjguY+8= +github.com/jackc/pgx/v5 v5.5.4/go.mod h1:ez9gk+OAat140fv9ErkZDYFWmXLfV+++K0uAOiwgm1A= github.com/jackc/puddle/v2 v2.2.1 h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk= github.com/jackc/puddle/v2 v2.2.1/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 h1:TMtDYDHKYY15rFihtRfck/bfFqNfvcabqvXAFQfAUpY= From 81de95eb71e278edfa12cb5c4e9290b44094426d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 15:31:17 -0800 Subject: [PATCH 29/83] Bump golang.org/x/sys from 0.17.0 to 0.18.0 (#4938) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index f436006ffe..abf111a5cf 100644 --- a/go.mod +++ b/go.mod @@ -79,7 +79,7 @@ require ( golang.org/x/exp v0.0.0-20231108232855-2478ac86f678 golang.org/x/net v0.21.0 golang.org/x/sync v0.6.0 - golang.org/x/sys v0.17.0 + golang.org/x/sys v0.18.0 golang.org/x/time v0.5.0 google.golang.org/api v0.167.0 google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 diff --git a/go.sum b/go.sum index 4a2a7b0db4..da84ed5df9 100644 --- a/go.sum +++ b/go.sum @@ -1814,8 +1814,9 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= From bef1690d90f6fc3145efcb0f7f04b3d99aea9d84 Mon Sep 17 00:00:00 2001 From: Guilherme Carvalho Date: Mon, 4 Mar 2024 21:13:50 -0300 Subject: [PATCH 30/83] Enable gRPC server reflection to agent workload endpoints (#4916) * Add reflection to agent workload endpoints Signed-off-by: Guilherme Carvalho --- pkg/agent/endpoints/endpoints.go | 8 +++-- pkg/agent/endpoints/endpoints_test.go | 50 +++++++++++++++++++++++---- pkg/agent/endpoints/metrics.go | 8 ++--- pkg/common/api/middleware/names.go | 22 ++++++------ 4 files changed, 65 insertions(+), 23 deletions(-) diff --git a/pkg/agent/endpoints/endpoints.go b/pkg/agent/endpoints/endpoints.go index b55ccb9d5e..d800f7ad7c 100644 --- a/pkg/agent/endpoints/endpoints.go +++ b/pkg/agent/endpoints/endpoints.go @@ -8,14 +8,16 @@ import ( secret_v3 "github.com/envoyproxy/go-control-plane/envoy/service/secret/v3" "github.com/sirupsen/logrus" workload_pb "github.com/spiffe/go-spiffe/v2/proto/spiffe/workload" + "google.golang.org/grpc" + "google.golang.org/grpc/health/grpc_health_v1" + "google.golang.org/grpc/reflection" + healthv1 "github.com/spiffe/spire/pkg/agent/api/health/v1" "github.com/spiffe/spire/pkg/agent/endpoints/sdsv3" "github.com/spiffe/spire/pkg/agent/endpoints/workload" "github.com/spiffe/spire/pkg/common/api/middleware" "github.com/spiffe/spire/pkg/common/peertracker" "github.com/spiffe/spire/pkg/common/telemetry" - "google.golang.org/grpc" - "google.golang.org/grpc/health/grpc_health_v1" ) type Server interface { @@ -106,6 +108,8 @@ func (e *Endpoints) ListenAndServe(ctx context.Context) error { secret_v3.RegisterSecretDiscoveryServiceServer(server, e.sdsv3Server) grpc_health_v1.RegisterHealthServer(server, e.healthServer) + reflection.Register(server) + l, err := e.createListener() if err != nil { return err diff --git a/pkg/agent/endpoints/endpoints_test.go b/pkg/agent/endpoints/endpoints_test.go index 4e209b5fbf..bf952d8887 100644 --- a/pkg/agent/endpoints/endpoints_test.go +++ b/pkg/agent/endpoints/endpoints_test.go @@ -13,22 +13,25 @@ import ( "github.com/sirupsen/logrus" "github.com/sirupsen/logrus/hooks/test" workload_pb "github.com/spiffe/go-spiffe/v2/proto/spiffe/workload" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/health/grpc_health_v1" + "google.golang.org/grpc/metadata" + "google.golang.org/grpc/reflection/grpc_reflection_v1" + "google.golang.org/grpc/status" + healthv1 "github.com/spiffe/spire/pkg/agent/api/health/v1" "github.com/spiffe/spire/pkg/agent/api/rpccontext" "github.com/spiffe/spire/pkg/agent/endpoints/sdsv3" "github.com/spiffe/spire/pkg/agent/endpoints/workload" "github.com/spiffe/spire/pkg/agent/manager" + "github.com/spiffe/spire/pkg/common/api/middleware" "github.com/spiffe/spire/pkg/common/telemetry" "github.com/spiffe/spire/pkg/common/util" "github.com/spiffe/spire/test/fakes/fakemetrics" "github.com/spiffe/spire/test/spiretest" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "google.golang.org/grpc" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/health/grpc_health_v1" - "google.golang.org/grpc/metadata" - "google.golang.org/grpc/status" ) func TestEndpoints(t *testing.T) { @@ -126,6 +129,39 @@ func TestEndpoints(t *testing.T) { name: "access denied to remote caller", fromRemote: true, }, + { + name: "reflection enabled", + do: func(t *testing.T, conn *grpc.ClientConn) { + exposedServices := []string{ + middleware.WorkloadAPIServiceName, + middleware.EnvoySDSv3ServiceName, + middleware.HealthServiceName, + middleware.ServerReflectionServiceName, + middleware.ServerReflectionV1AlphaServiceName, + } + client := grpc_reflection_v1.NewServerReflectionClient(conn) + + clientStream, err := client.ServerReflectionInfo(ctx) + require.NoError(t, err) + + err = clientStream.Send(&grpc_reflection_v1.ServerReflectionRequest{ + MessageRequest: &grpc_reflection_v1.ServerReflectionRequest_ListServices{}, + }) + require.NoError(t, err) + + resp, err := clientStream.Recv() + require.NoError(t, err) + + listResp := resp.GetListServicesResponse() + require.NotNil(t, listResp) + + var serviceNames []string + for _, service := range listResp.Service { + serviceNames = append(serviceNames, service.Name) + } + assert.ElementsMatch(t, exposedServices, serviceNames) + }, + }, } { tt := tt t.Run(tt.name, func(t *testing.T) { diff --git a/pkg/agent/endpoints/metrics.go b/pkg/agent/endpoints/metrics.go index 696d2491f9..b8627e562d 100644 --- a/pkg/agent/endpoints/metrics.go +++ b/pkg/agent/endpoints/metrics.go @@ -37,8 +37,8 @@ func (m *connectionMetrics) Preprocess(ctx context.Context, _ string, _ any) (co case middleware.DelegatedIdentityServiceName: adminapi.IncrDelegatedIdentityAPIConnectionCounter(m.metrics) adminapi.SetDelegatedIdentityAPIConnectionGauge(m.metrics, atomic.AddInt32(&m.delegatedIdentityAPIConns, 1)) - case middleware.HealthServiceName: - // Intentionally not emitting metrics for health + case middleware.HealthServiceName, middleware.ServerReflectionServiceName, middleware.ServerReflectionV1AlphaServiceName: + // Intentionally not emitting metrics for health and reflection services default: middleware.LogMisconfiguration(ctx, "unrecognized service for connection metrics: "+names.Service) } @@ -55,8 +55,8 @@ func (m *connectionMetrics) Postprocess(ctx context.Context, _ string, _ bool, _ sdsAPITelemetry.SetSDSAPIConnectionTotalGauge(m.metrics, atomic.AddInt32(&m.sdsAPIConns, -1)) case middleware.DelegatedIdentityServiceName: adminapi.SetDelegatedIdentityAPIConnectionGauge(m.metrics, atomic.AddInt32(&m.delegatedIdentityAPIConns, -1)) - case middleware.HealthServiceName: - // Intentionally not emitting metrics for health + case middleware.HealthServiceName, middleware.ServerReflectionServiceName, middleware.ServerReflectionV1AlphaServiceName: + // Intentionally not emitting metrics for health and reflection services default: middleware.LogMisconfiguration(ctx, "unrecognized service for connection metrics: "+names.Service) } diff --git a/pkg/common/api/middleware/names.go b/pkg/common/api/middleware/names.go index 4975dcca11..d09ee0829f 100644 --- a/pkg/common/api/middleware/names.go +++ b/pkg/common/api/middleware/names.go @@ -13,16 +13,18 @@ import ( const ( serverAPIPrefix = "spire.api.server." - WorkloadAPIServiceName = "SpiffeWorkloadAPI" - WorkloadAPIServiceShortName = "WorkloadAPI" - EnvoySDSv3ServiceName = "envoy.service.secret.v3.SecretDiscoveryService" - EnvoySDSv3ServiceShortName = "SDS.v3" - HealthServiceName = "grpc.health.v1.Health" - HealthServiceShortName = "Health" - DelegatedIdentityServiceName = "spire.api.agent.delegatedidentity.v1.DelegatedIdentity" - DelegatedIdentityServiceShortName = "DelegatedIdentity" - SubscribeToX509SVIDsMethodName = "SubscribeToX509SVIDs" - SubscribeToX509SVIDsMetricKey = "subscribe_to_x509_svids" + WorkloadAPIServiceName = "SpiffeWorkloadAPI" + WorkloadAPIServiceShortName = "WorkloadAPI" + EnvoySDSv3ServiceName = "envoy.service.secret.v3.SecretDiscoveryService" + EnvoySDSv3ServiceShortName = "SDS.v3" + HealthServiceName = "grpc.health.v1.Health" + HealthServiceShortName = "Health" + DelegatedIdentityServiceName = "spire.api.agent.delegatedidentity.v1.DelegatedIdentity" + DelegatedIdentityServiceShortName = "DelegatedIdentity" + ServerReflectionServiceName = "grpc.reflection.v1.ServerReflection" + ServerReflectionV1AlphaServiceName = "grpc.reflection.v1alpha.ServerReflection" + SubscribeToX509SVIDsMethodName = "SubscribeToX509SVIDs" + SubscribeToX509SVIDsMetricKey = "subscribe_to_x509_svids" ) var ( From 61f4270a1f6523aa3a1f1b7c936bf477d15d5b44 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Mar 2024 18:02:58 -0300 Subject: [PATCH 31/83] Bump google.golang.org/api from 0.167.0 to 0.168.0 (#4941) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.167.0 to 0.168.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.167.0...v0.168.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 14 +++++++------- go.sum | 28 ++++++++++++++-------------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/go.mod b/go.mod index abf111a5cf..4dc9b84479 100644 --- a/go.mod +++ b/go.mod @@ -81,8 +81,8 @@ require ( golang.org/x/sync v0.6.0 golang.org/x/sys v0.18.0 golang.org/x/time v0.5.0 - google.golang.org/api v0.167.0 - google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 + google.golang.org/api v0.168.0 + google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78 google.golang.org/grpc v1.62.0 google.golang.org/protobuf v1.32.0 k8s.io/api v0.29.2 @@ -314,14 +314,14 @@ require ( github.com/yusufpapurcu/wmi v1.2.4 // indirect go.mongodb.org/mongo-driver v1.13.1 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 // indirect - go.opentelemetry.io/otel v1.23.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect + go.opentelemetry.io/otel v1.24.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0 // indirect - go.opentelemetry.io/otel/metric v1.23.0 // indirect + go.opentelemetry.io/otel/metric v1.24.0 // indirect go.opentelemetry.io/otel/sdk v1.22.0 // indirect - go.opentelemetry.io/otel/trace v1.23.0 // indirect + go.opentelemetry.io/otel/trace v1.24.0 // indirect go.step.sm/crypto v0.42.1 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect diff --git a/go.sum b/go.sum index da84ed5df9..474cf8f182 100644 --- a/go.sum +++ b/go.sum @@ -1495,24 +1495,24 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0 h1:P+/g8GpuJGYbOp2tAdKrIPUX9JO02q8Q0YNlHolpibA= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0/go.mod h1:tIKj3DbO8N9Y2xo52og3irLsPI4GW02DSMtrVgNMgxg= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 h1:doUP+ExOpH3spVTLS0FcWGLnQrPct/hD/bCPbDRUEAU= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0/go.mod h1:rdENBZMT2OE6Ne/KLwpiXudnAsbdrdBaqBvTN8M8BgA= -go.opentelemetry.io/otel v1.23.0 h1:Df0pqjqExIywbMCMTxkAwzjLZtRf+bBKLbUcpxO2C9E= -go.opentelemetry.io/otel v1.23.0/go.mod h1:YCycw9ZeKhcJFrb34iVSkyT0iczq/zYDtZYFufObyB0= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw= +go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo= +go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 h1:9M3+rhx7kZCIQQhQRYaZCdNu1V73tm4TvXs2ntl98C4= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0/go.mod h1:noq80iT8rrHP1SfybmPiRGc9dc5M8RPmGvtwo7Oo7tc= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 h1:tIqheXEFWAZ7O8A7m+J0aPTmpJN3YQ7qetUAdkkkKpk= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0/go.mod h1:nUeKExfxAQVbiVFn32YXpXZZHZ61Cc3s3Rn1pDBGAb0= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0 h1:FyjCyI9jVEfqhUh2MoSkmolPjfh5fp2hnV0b0irxH4Q= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0/go.mod h1:hYwym2nDEeZfG/motx0p7L7J1N1vyzIThemQsb4g2qY= -go.opentelemetry.io/otel/metric v1.23.0 h1:pazkx7ss4LFVVYSxYew7L5I6qvLXHA0Ap2pwV+9Cnpo= -go.opentelemetry.io/otel/metric v1.23.0/go.mod h1:MqUW2X2a6Q8RN96E2/nqNoT+z9BSms20Jb7Bbp+HiTo= +go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI= +go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco= go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw= go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc= -go.opentelemetry.io/otel/trace v1.23.0 h1:37Ik5Ib7xfYVb4V1UtnT97T1jI+AoIYkJyPkuL4iJgI= -go.opentelemetry.io/otel/trace v1.23.0/go.mod h1:GSGTbIClEsuZrGIzoEHqsVfxgn5UkggkflQwDScNUsk= +go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI= +go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= @@ -1979,8 +1979,8 @@ google.golang.org/api v0.102.0/go.mod h1:3VFl6/fzoA+qNuS1N1/VfXY4LjoXN/wzeIp7Twe google.golang.org/api v0.103.0/go.mod h1:hGtW6nK1AC+d9si/UBhw8Xli+QMOf6xyNAyJw4qU9w0= google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= -google.golang.org/api v0.167.0 h1:CKHrQD1BLRii6xdkatBDXyKzM0mkawt2QP+H3LtPmSE= -google.golang.org/api v0.167.0/go.mod h1:4FcBc686KFi7QI/U51/2GKKevfZMpM17sCdibqe/bSA= +google.golang.org/api v0.168.0 h1:MBRe+Ki4mMN93jhDDbpuRLjRddooArz4FeSObvUMmjY= +google.golang.org/api v0.168.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2111,8 +2111,8 @@ google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJ google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s= google.golang.org/genproto/googleapis/api v0.0.0-20240221002015-b0ce06bbee7c h1:9g7erC9qu44ks7UK4gDNlnk4kOxZG707xKm4jVniy6o= google.golang.org/genproto/googleapis/api v0.0.0-20240221002015-b0ce06bbee7c/go.mod h1:5iCWqnniDlqZHrd3neWVTOwvh/v6s3232omMecelax8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 h1:hZB7eLIaYlW9qXRfCq/qDaPdbeY3757uARz5Vvfv+cY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:YUWgXUFRPfoYK1IHMuxH5K6nPEXSCzIMljnQ59lLRCk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78 h1:Xs9lu+tLXxLIfuci70nG4cpwaRC+mRQPUL7LoIeDJC4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78/go.mod h1:UCOku4NytXMJuLQE5VuqA5lX3PcHCBo8pxNyvkf4xBs= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= From dd5c538bd0511ec5d0894ebe1ba1a21abd94100f Mon Sep 17 00:00:00 2001 From: Marcos Yacob Date: Wed, 6 Mar 2024 13:03:25 -0300 Subject: [PATCH 32/83] Bump SPIRE to 1.9.2 (#4947) Signed-off-by: Marcos Yacob --- .github/workflows/pr_build.yaml | 2 +- .github/workflows/release_build.yaml | 2 +- .go-version | 2 +- CHANGELOG.md | 12 ++++++++++++ pkg/common/version/version.go | 2 +- pkg/server/datastore/sqlstore/migration.go | 4 ++++ test/integration/suites/upgrade/versions.txt | 2 ++ 7 files changed, 22 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 02765ddf50..1ed701fe06 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -3,7 +3,7 @@ on: pull_request: {} workflow_dispatch: {} env: - GO_VERSION: 1.21.5 + GO_VERSION: 1.21.8 permissions: contents: read diff --git a/.github/workflows/release_build.yaml b/.github/workflows/release_build.yaml index 4ac8722d0c..17cea94db6 100644 --- a/.github/workflows/release_build.yaml +++ b/.github/workflows/release_build.yaml @@ -4,7 +4,7 @@ on: tags: - 'v[0-9].[0-9]+.[0-9]+' env: - GO_VERSION: 1.21.5 + GO_VERSION: 1.21.8 jobs: cache-deps: name: cache-deps (linux) diff --git a/.go-version b/.go-version index ce2dd53570..428abfd24f 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.21.5 +1.21.8 diff --git a/CHANGELOG.md b/CHANGELOG.md index 21346ecb12..ad154b27f8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## [1.9.1] - 2024-03-05 + +### Security + +- Update Go to v1.21.8 to patch CVE-2024-24783 + ## [1.9.0] - 2024-02-22 ### Added @@ -36,6 +42,12 @@ - X509-SVIDs issued by the server no longer have the x509UniqueIdentifier attribute as part of the subject (#4862) +## [1.8.8] - 2024-03-05 + +### Security + +- Update Go to v1.21.8 to patch CVE-2024-24783 + ## [1.8.7] - 2023-12-21 ### Added diff --git a/pkg/common/version/version.go b/pkg/common/version/version.go index f4627d4d78..cf59e21c1f 100644 --- a/pkg/common/version/version.go +++ b/pkg/common/version/version.go @@ -8,7 +8,7 @@ const ( // IMPORTANT: When updating, make sure to reconcile the versions list that // is part of the upgrade integration test. See // test/integration/suites/upgrade/README.md for details. - Base = "1.9.1" + Base = "1.9.2" ) var ( diff --git a/pkg/server/datastore/sqlstore/migration.go b/pkg/server/datastore/sqlstore/migration.go index 18e53a89dc..10f29aa50a 100644 --- a/pkg/server/datastore/sqlstore/migration.go +++ b/pkg/server/datastore/sqlstore/migration.go @@ -214,8 +214,12 @@ import ( // | v1.8.6 | | | // |---------| | | // | v1.8.7 | | | +// |---------| | | +// | v1.8.8 | | | // |*********|********|***************************************************************************| // | v1.9.0 | | | +// |---------| | | +// | v1.9.1 | | | // ================================================================================================ const ( diff --git a/test/integration/suites/upgrade/versions.txt b/test/integration/suites/upgrade/versions.txt index 16546e979b..cf13c8a877 100644 --- a/test/integration/suites/upgrade/versions.txt +++ b/test/integration/suites/upgrade/versions.txt @@ -6,4 +6,6 @@ 1.8.5 1.8.6 1.8.7 +1.8.8 1.9.0 +1.9.1 From 62d3114a85687bfb433eb62ba0ce8f3afbd1cf51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Agust=C3=ADn=20Mart=C3=ADnez=20Fay=C3=B3?= Date: Wed, 6 Mar 2024 14:26:15 -0300 Subject: [PATCH 33/83] Add Linkerd to the adopters list (#4907) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Agustín Martínez Fayó --- ADOPTERS.md | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/ADOPTERS.md b/ADOPTERS.md index 21ce0bb192..ba8eab8f39 100644 --- a/ADOPTERS.md +++ b/ADOPTERS.md @@ -42,23 +42,24 @@ SPIFFE and SPIRE have integrations available with a number of open-source projec * [App Mesh Controller](https://github.com/aws/aws-app-mesh-controller-for-k8s) * [Athenz](https://github.com/yahoo/athenz) -* [Cert-Manager](https://github.com/cert-manager/csi-driver-spiffe) -* [Consul](https://github.com/hashicorp/consul) -* [Dapr](https://github.com/dapr) -* [Docker](https://github.com/containerd/containerd) -* [Emissary](https://github.com/github/emissary) -* [Envoy](https://github.com/envoyproxy/envoy) -* [Ghostunnel](https://github.com/square/ghostunnel) +* [Cert-Manager](https://github.com/cert-manager/csi-driver-spiffe) +* [Consul](https://github.com/hashicorp/consul) +* [Dapr](https://github.com/dapr) +* [Docker](https://github.com/containerd/containerd) +* [Emissary](https://github.com/github/emissary) +* [Envoy](https://github.com/envoyproxy/envoy) +* [Ghostunnel](https://github.com/square/ghostunnel) * [gRPC](https://pkg.go.dev/github.com/spiffe/go-spiffe/v2/examples/spiffe-grpc) -* [Hamlet](https://github.com/vmware/hamlet) -* [Istio](https://github.com/istio/istio) -* [Knox](https://github.com/pinterest/knox) -* [Kubernetes](https://github.com/kubernetes/kubernetes) -* [NGINX](http://hg.nginx.org/nginx/) -* [Parsec](https://github.com/parallaxsecond/parsec) -* [Sigstore](https://github.com/sigstore/fulcio) -* [Tekton](https://github.com/tektoncd/chains) -* [Tornjak](https://github.com/spiffe/tornjak) +* [Hamlet](https://github.com/vmware/hamlet) +* [Istio](https://github.com/istio/istio) +* [Knox](https://github.com/pinterest/knox) +* [Kubernetes](https://github.com/kubernetes/kubernetes) +* [Linkerd](https://github.com/linkerd/linkerd2) +* [NGINX](http://hg.nginx.org/nginx/) +* [Parsec](https://github.com/parallaxsecond/parsec) +* [Sigstore](https://github.com/sigstore/fulcio) +* [Tekton](https://github.com/tektoncd/chains) +* [Tornjak](https://github.com/spiffe/tornjak) * [Traefik](https://github.com/traefik/traefik) ## Case Studies/User Stories From a3981212f47becaa990333848a7b4b569ee958d9 Mon Sep 17 00:00:00 2001 From: Andrew Harding Date: Wed, 6 Mar 2024 11:19:12 -0700 Subject: [PATCH 34/83] Assert API availablility on transports (#4944) Resolves #4940 Signed-off-by: Andrew Harding --- pkg/server/endpoints/endpoints_test.go | 430 +++++++++++++++++++------ 1 file changed, 325 insertions(+), 105 deletions(-) diff --git a/pkg/server/endpoints/endpoints_test.go b/pkg/server/endpoints/endpoints_test.go index a54f6959d3..812ff6ee5d 100644 --- a/pkg/server/endpoints/endpoints_test.go +++ b/pkg/server/endpoints/endpoints_test.go @@ -21,6 +21,7 @@ import ( entryv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/entry/v1" svidv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/svid/v1" trustdomainv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/trustdomain/v1" + "github.com/spiffe/spire-api-sdk/proto/spire/api/types" "github.com/spiffe/spire/pkg/common/util" "github.com/spiffe/spire/pkg/server/authpolicy" "github.com/spiffe/spire/pkg/server/ca/manager" @@ -42,6 +43,7 @@ import ( "google.golang.org/grpc/credentials" "google.golang.org/grpc/health/grpc_health_v1" "google.golang.org/grpc/status" + "google.golang.org/protobuf/types/known/emptypb" ) var ( @@ -201,13 +203,13 @@ func TestListenAndServe(t *testing.T) { DataStore: ds, BundleCache: bundle.NewCache(ds, clk), APIServers: APIServers{ - AgentServer: &agentv1.UnimplementedAgentServer{}, - BundleServer: &bundlev1.UnimplementedBundleServer{}, - DebugServer: &debugv1.UnimplementedDebugServer{}, - EntryServer: &entryv1.UnimplementedEntryServer{}, - HealthServer: &grpc_health_v1.UnimplementedHealthServer{}, - SVIDServer: &svidv1.UnimplementedSVIDServer{}, - TrustDomainServer: &trustdomainv1.UnimplementedTrustDomainServer{}, + AgentServer: agentServer{}, + BundleServer: bundleServer{}, + DebugServer: debugServer{}, + EntryServer: entryServer{}, + HealthServer: healthServer{}, + SVIDServer: svidServer{}, + TrustDomainServer: trustDomainServer{}, }, BundleEndpointServer: bundleEndpointServer, Log: log, @@ -264,7 +266,7 @@ func TestListenAndServe(t *testing.T) { defer downstreamConn.Close() federatedAdminConn := dialTCP(tlsconfig.MTLSClientConfig(foreignAdminSVID, ca.X509Bundle(), tlsconfig.AuthorizeID(serverID))) - defer downstreamConn.Close() + defer federatedAdminConn.Close() t.Run("Bad Client SVID", func(t *testing.T) { // Create an SVID from a different CA. This ensures that we verify @@ -281,26 +283,35 @@ func TestListenAndServe(t *testing.T) { } }) + conns := testConns{ + local: localConn, + noAuth: noauthConn, + agent: agentConn, + admin: adminConn, + federatedAdmin: federatedAdminConn, + downstream: downstreamConn, + } + t.Run("Agent", func(t *testing.T) { - testAgentAPI(ctx, t, localConn, noauthConn, agentConn, adminConn, federatedAdminConn, downstreamConn) + testAgentAPI(ctx, t, conns) }) t.Run("Debug", func(t *testing.T) { - testDebugAPI(ctx, t, localConn, noauthConn, agentConn, adminConn, federatedAdminConn, downstreamConn) + testDebugAPI(ctx, t, conns) }) t.Run("Health", func(t *testing.T) { - testHealthAPI(ctx, t, localConn, noauthConn, agentConn, adminConn, federatedAdminConn, downstreamConn) + testHealthAPI(ctx, t, conns) }) t.Run("Bundle", func(t *testing.T) { - testBundleAPI(ctx, t, localConn, noauthConn, agentConn, adminConn, federatedAdminConn, downstreamConn) + testBundleAPI(ctx, t, conns) }) t.Run("Entry", func(t *testing.T) { - testEntryAPI(ctx, t, localConn, noauthConn, agentConn, adminConn, federatedAdminConn, downstreamConn) + testEntryAPI(ctx, t, conns) }) t.Run("SVID", func(t *testing.T) { - testSVIDAPI(ctx, t, localConn, noauthConn, agentConn, adminConn, federatedAdminConn, downstreamConn) + testSVIDAPI(ctx, t, conns) }) t.Run("TrustDomain", func(t *testing.T) { - testTrustDomainAPI(ctx, t, localConn, noauthConn, agentConn, adminConn, federatedAdminConn, downstreamConn) + testTrustDomainAPI(ctx, t, conns) }) t.Run("Access denied to remote caller", func(t *testing.T) { @@ -382,9 +393,18 @@ func prepareDataStore(t *testing.T, ds datastore.DataStore, rootCAs []*testca.CA require.NoError(t, err) } -func testAgentAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentConn, adminConn, federatedAdminConn, downstreamConn *grpc.ClientConn) { - t.Run("UDS", func(t *testing.T) { - testAuthorization(ctx, t, agentv1.NewAgentClient(udsConn), map[string]bool{ +type testConns struct { + local *grpc.ClientConn + noAuth *grpc.ClientConn + agent *grpc.ClientConn + admin *grpc.ClientConn + federatedAdmin *grpc.ClientConn + downstream *grpc.ClientConn +} + +func testAgentAPI(ctx context.Context, t *testing.T, conns testConns) { + t.Run("Local", func(t *testing.T) { + testAuthorization(ctx, t, agentv1.NewAgentClient(conns.local), map[string]bool{ "CountAgents": true, "ListAgents": true, "GetAgent": true, @@ -398,7 +418,7 @@ func testAgentAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentC }) t.Run("NoAuth", func(t *testing.T) { - testAuthorization(ctx, t, agentv1.NewAgentClient(noauthConn), map[string]bool{ + testAuthorization(ctx, t, agentv1.NewAgentClient(conns.noAuth), map[string]bool{ "CountAgents": false, "ListAgents": false, "GetAgent": false, @@ -412,7 +432,7 @@ func testAgentAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentC }) t.Run("Agent", func(t *testing.T) { - testAuthorization(ctx, t, agentv1.NewAgentClient(agentConn), map[string]bool{ + testAuthorization(ctx, t, agentv1.NewAgentClient(conns.agent), map[string]bool{ "CountAgents": false, "ListAgents": false, "GetAgent": false, @@ -427,7 +447,7 @@ func testAgentAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentC }) t.Run("Admin", func(t *testing.T) { - testAuthorization(ctx, t, agentv1.NewAgentClient(adminConn), map[string]bool{ + testAuthorization(ctx, t, agentv1.NewAgentClient(conns.admin), map[string]bool{ "CountAgents": true, "ListAgents": true, "GetAgent": true, @@ -441,7 +461,7 @@ func testAgentAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentC }) t.Run("Federated Admin", func(t *testing.T) { - testAuthorization(ctx, t, agentv1.NewAgentClient(federatedAdminConn), map[string]bool{ + testAuthorization(ctx, t, agentv1.NewAgentClient(conns.federatedAdmin), map[string]bool{ "CountAgents": true, "ListAgents": true, "GetAgent": true, @@ -455,7 +475,7 @@ func testAgentAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentC }) t.Run("Downstream", func(t *testing.T) { - testAuthorization(ctx, t, agentv1.NewAgentClient(downstreamConn), map[string]bool{ + testAuthorization(ctx, t, agentv1.NewAgentClient(conns.downstream), map[string]bool{ "CountAgents": false, "ListAgents": false, "GetAgent": false, @@ -469,91 +489,66 @@ func testAgentAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentC }) } -func testHealthAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentConn, adminConn, federatedAdminConn, downstreamConn *grpc.ClientConn) { - t.Run("UDS", func(t *testing.T) { - testAuthorization(ctx, t, grpc_health_v1.NewHealthClient(udsConn), map[string]bool{ +func testHealthAPI(ctx context.Context, t *testing.T, conns testConns) { + t.Run("Local", func(t *testing.T) { + testAuthorization(ctx, t, grpc_health_v1.NewHealthClient(conns.local), map[string]bool{ "Check": true, "Watch": true, }) }) t.Run("NoAuth", func(t *testing.T) { - testAuthorization(ctx, t, grpc_health_v1.NewHealthClient(noauthConn), map[string]bool{ - "Check": true, - "Watch": true, - }) + assertServiceUnavailable(ctx, t, grpc_health_v1.NewHealthClient(conns.noAuth)) }) t.Run("Agent", func(t *testing.T) { - testAuthorization(ctx, t, grpc_health_v1.NewHealthClient(agentConn), map[string]bool{ - "Check": true, - "Watch": true, - }) + assertServiceUnavailable(ctx, t, grpc_health_v1.NewHealthClient(conns.agent)) }) t.Run("Admin", func(t *testing.T) { - testAuthorization(ctx, t, grpc_health_v1.NewHealthClient(adminConn), map[string]bool{ - "Check": true, - "Watch": true, - }) + assertServiceUnavailable(ctx, t, grpc_health_v1.NewHealthClient(conns.admin)) }) t.Run("Federated Admin", func(t *testing.T) { - testAuthorization(ctx, t, grpc_health_v1.NewHealthClient(federatedAdminConn), map[string]bool{ - "Check": true, - "Watch": true, - }) + assertServiceUnavailable(ctx, t, grpc_health_v1.NewHealthClient(conns.federatedAdmin)) }) t.Run("Downstream", func(t *testing.T) { - testAuthorization(ctx, t, grpc_health_v1.NewHealthClient(downstreamConn), map[string]bool{ - "Check": true, - "Watch": true, - }) + assertServiceUnavailable(ctx, t, grpc_health_v1.NewHealthClient(conns.downstream)) }) } -func testDebugAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentConn, adminConn, federatedAdminConn, downstreamConn *grpc.ClientConn) { - t.Run("UDS", func(t *testing.T) { - testAuthorization(ctx, t, debugv1.NewDebugClient(udsConn), map[string]bool{ +func testDebugAPI(ctx context.Context, t *testing.T, conns testConns) { + t.Run("Local", func(t *testing.T) { + testAuthorization(ctx, t, debugv1.NewDebugClient(conns.local), map[string]bool{ "GetInfo": true, }) }) t.Run("NoAuth", func(t *testing.T) { - testAuthorization(ctx, t, debugv1.NewDebugClient(noauthConn), map[string]bool{ - "GetInfo": true, - }) + assertServiceUnavailable(ctx, t, debugv1.NewDebugClient(conns.noAuth)) }) t.Run("Agent", func(t *testing.T) { - testAuthorization(ctx, t, debugv1.NewDebugClient(agentConn), map[string]bool{ - "GetInfo": true, - }) + assertServiceUnavailable(ctx, t, debugv1.NewDebugClient(conns.agent)) }) t.Run("Admin", func(t *testing.T) { - testAuthorization(ctx, t, debugv1.NewDebugClient(adminConn), map[string]bool{ - "GetInfo": true, - }) + assertServiceUnavailable(ctx, t, debugv1.NewDebugClient(conns.admin)) }) t.Run("Federated Admin", func(t *testing.T) { - testAuthorization(ctx, t, debugv1.NewDebugClient(federatedAdminConn), map[string]bool{ - "GetInfo": true, - }) + assertServiceUnavailable(ctx, t, debugv1.NewDebugClient(conns.federatedAdmin)) }) t.Run("Downstream", func(t *testing.T) { - testAuthorization(ctx, t, debugv1.NewDebugClient(downstreamConn), map[string]bool{ - "GetInfo": true, - }) + assertServiceUnavailable(ctx, t, debugv1.NewDebugClient(conns.downstream)) }) } -func testBundleAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentConn, adminConn, federatedAdminConn, downstreamConn *grpc.ClientConn) { - t.Run("UDS", func(t *testing.T) { - testAuthorization(ctx, t, bundlev1.NewBundleClient(udsConn), map[string]bool{ +func testBundleAPI(ctx context.Context, t *testing.T, conns testConns) { + t.Run("Local", func(t *testing.T) { + testAuthorization(ctx, t, bundlev1.NewBundleClient(conns.local), map[string]bool{ "GetBundle": true, "AppendBundle": true, "PublishJWTAuthority": false, @@ -568,7 +563,7 @@ func testBundleAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agent }) t.Run("NoAuth", func(t *testing.T) { - testAuthorization(ctx, t, bundlev1.NewBundleClient(noauthConn), map[string]bool{ + testAuthorization(ctx, t, bundlev1.NewBundleClient(conns.noAuth), map[string]bool{ "GetBundle": true, "AppendBundle": false, "PublishJWTAuthority": false, @@ -583,7 +578,7 @@ func testBundleAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agent }) t.Run("Agent", func(t *testing.T) { - testAuthorization(ctx, t, bundlev1.NewBundleClient(agentConn), map[string]bool{ + testAuthorization(ctx, t, bundlev1.NewBundleClient(conns.agent), map[string]bool{ "GetBundle": true, "AppendBundle": false, "PublishJWTAuthority": false, @@ -598,7 +593,7 @@ func testBundleAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agent }) t.Run("Admin", func(t *testing.T) { - testAuthorization(ctx, t, bundlev1.NewBundleClient(adminConn), map[string]bool{ + testAuthorization(ctx, t, bundlev1.NewBundleClient(conns.admin), map[string]bool{ "GetBundle": true, "AppendBundle": true, "PublishJWTAuthority": false, @@ -613,7 +608,7 @@ func testBundleAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agent }) t.Run("Federated Admin", func(t *testing.T) { - testAuthorization(ctx, t, bundlev1.NewBundleClient(federatedAdminConn), map[string]bool{ + testAuthorization(ctx, t, bundlev1.NewBundleClient(conns.federatedAdmin), map[string]bool{ "GetBundle": true, "AppendBundle": true, "PublishJWTAuthority": false, @@ -628,7 +623,7 @@ func testBundleAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agent }) t.Run("Downstream", func(t *testing.T) { - testAuthorization(ctx, t, bundlev1.NewBundleClient(downstreamConn), map[string]bool{ + testAuthorization(ctx, t, bundlev1.NewBundleClient(conns.downstream), map[string]bool{ "GetBundle": true, "AppendBundle": false, "PublishJWTAuthority": true, @@ -643,9 +638,9 @@ func testBundleAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agent }) } -func testEntryAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentConn, adminConn, federatedAdminConn, downstreamConn *grpc.ClientConn) { - t.Run("UDS", func(t *testing.T) { - testAuthorization(ctx, t, entryv1.NewEntryClient(udsConn), map[string]bool{ +func testEntryAPI(ctx context.Context, t *testing.T, conns testConns) { + t.Run("Local", func(t *testing.T) { + testAuthorization(ctx, t, entryv1.NewEntryClient(conns.local), map[string]bool{ "CountEntries": true, "ListEntries": true, "GetEntry": true, @@ -658,7 +653,7 @@ func testEntryAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentC }) t.Run("NoAuth", func(t *testing.T) { - testAuthorization(ctx, t, entryv1.NewEntryClient(noauthConn), map[string]bool{ + testAuthorization(ctx, t, entryv1.NewEntryClient(conns.noAuth), map[string]bool{ "CountEntries": false, "ListEntries": false, "GetEntry": false, @@ -671,7 +666,7 @@ func testEntryAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentC }) t.Run("Agent", func(t *testing.T) { - testAuthorization(ctx, t, entryv1.NewEntryClient(agentConn), map[string]bool{ + testAuthorization(ctx, t, entryv1.NewEntryClient(conns.agent), map[string]bool{ "CountEntries": false, "ListEntries": false, "GetEntry": false, @@ -684,7 +679,7 @@ func testEntryAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentC }) t.Run("Admin", func(t *testing.T) { - testAuthorization(ctx, t, entryv1.NewEntryClient(adminConn), map[string]bool{ + testAuthorization(ctx, t, entryv1.NewEntryClient(conns.admin), map[string]bool{ "CountEntries": true, "ListEntries": true, "GetEntry": true, @@ -697,7 +692,7 @@ func testEntryAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentC }) t.Run("Federated Admin", func(t *testing.T) { - testAuthorization(ctx, t, entryv1.NewEntryClient(federatedAdminConn), map[string]bool{ + testAuthorization(ctx, t, entryv1.NewEntryClient(conns.federatedAdmin), map[string]bool{ "CountEntries": true, "ListEntries": true, "GetEntry": true, @@ -710,7 +705,7 @@ func testEntryAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentC }) t.Run("Downstream", func(t *testing.T) { - testAuthorization(ctx, t, entryv1.NewEntryClient(downstreamConn), map[string]bool{ + testAuthorization(ctx, t, entryv1.NewEntryClient(conns.downstream), map[string]bool{ "CountEntries": false, "ListEntries": false, "GetEntry": false, @@ -723,9 +718,9 @@ func testEntryAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentC }) } -func testSVIDAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentConn, adminConn, federatedAdminConn, downstreamConn *grpc.ClientConn) { - t.Run("UDS", func(t *testing.T) { - testAuthorization(ctx, t, svidv1.NewSVIDClient(udsConn), map[string]bool{ +func testSVIDAPI(ctx context.Context, t *testing.T, conns testConns) { + t.Run("Local", func(t *testing.T) { + testAuthorization(ctx, t, svidv1.NewSVIDClient(conns.local), map[string]bool{ "MintX509SVID": true, "MintJWTSVID": true, "BatchNewX509SVID": false, @@ -735,7 +730,7 @@ func testSVIDAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentCo }) t.Run("NoAuth", func(t *testing.T) { - testAuthorization(ctx, t, svidv1.NewSVIDClient(noauthConn), map[string]bool{ + testAuthorization(ctx, t, svidv1.NewSVIDClient(conns.noAuth), map[string]bool{ "MintX509SVID": false, "MintJWTSVID": false, "BatchNewX509SVID": false, @@ -745,7 +740,7 @@ func testSVIDAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentCo }) t.Run("Agent", func(t *testing.T) { - testAuthorization(ctx, t, svidv1.NewSVIDClient(agentConn), map[string]bool{ + testAuthorization(ctx, t, svidv1.NewSVIDClient(conns.agent), map[string]bool{ "MintX509SVID": false, "MintJWTSVID": false, "BatchNewX509SVID": true, @@ -755,7 +750,7 @@ func testSVIDAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentCo }) t.Run("Admin", func(t *testing.T) { - testAuthorization(ctx, t, svidv1.NewSVIDClient(adminConn), map[string]bool{ + testAuthorization(ctx, t, svidv1.NewSVIDClient(conns.admin), map[string]bool{ "MintX509SVID": true, "MintJWTSVID": true, "BatchNewX509SVID": false, @@ -765,7 +760,7 @@ func testSVIDAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentCo }) t.Run("Federated Admin", func(t *testing.T) { - testAuthorization(ctx, t, svidv1.NewSVIDClient(federatedAdminConn), map[string]bool{ + testAuthorization(ctx, t, svidv1.NewSVIDClient(conns.federatedAdmin), map[string]bool{ "MintX509SVID": true, "MintJWTSVID": true, "BatchNewX509SVID": false, @@ -775,7 +770,7 @@ func testSVIDAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentCo }) t.Run("Downstream", func(t *testing.T) { - testAuthorization(ctx, t, svidv1.NewSVIDClient(downstreamConn), map[string]bool{ + testAuthorization(ctx, t, svidv1.NewSVIDClient(conns.downstream), map[string]bool{ "MintX509SVID": false, "MintJWTSVID": false, "BatchNewX509SVID": false, @@ -785,9 +780,9 @@ func testSVIDAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentCo }) } -func testTrustDomainAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, agentConn, adminConn, federatedAdminConn, downstreamConn *grpc.ClientConn) { - t.Run("UDS", func(t *testing.T) { - testAuthorization(ctx, t, trustdomainv1.NewTrustDomainClient(udsConn), map[string]bool{ +func testTrustDomainAPI(ctx context.Context, t *testing.T, conns testConns) { + t.Run("Local", func(t *testing.T) { + testAuthorization(ctx, t, trustdomainv1.NewTrustDomainClient(conns.local), map[string]bool{ "ListFederationRelationships": true, "GetFederationRelationship": true, "BatchCreateFederationRelationship": true, @@ -798,7 +793,7 @@ func testTrustDomainAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, }) t.Run("NoAuth", func(t *testing.T) { - testAuthorization(ctx, t, trustdomainv1.NewTrustDomainClient(noauthConn), map[string]bool{ + testAuthorization(ctx, t, trustdomainv1.NewTrustDomainClient(conns.noAuth), map[string]bool{ "ListFederationRelationships": false, "GetFederationRelationship": false, "BatchCreateFederationRelationship": false, @@ -809,7 +804,7 @@ func testTrustDomainAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, }) t.Run("Agent", func(t *testing.T) { - testAuthorization(ctx, t, trustdomainv1.NewTrustDomainClient(agentConn), map[string]bool{ + testAuthorization(ctx, t, trustdomainv1.NewTrustDomainClient(conns.agent), map[string]bool{ "ListFederationRelationships": false, "GetFederationRelationship": false, "BatchCreateFederationRelationship": false, @@ -820,7 +815,7 @@ func testTrustDomainAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, }) t.Run("Admin", func(t *testing.T) { - testAuthorization(ctx, t, trustdomainv1.NewTrustDomainClient(adminConn), map[string]bool{ + testAuthorization(ctx, t, trustdomainv1.NewTrustDomainClient(conns.admin), map[string]bool{ "ListFederationRelationships": true, "GetFederationRelationship": true, "BatchCreateFederationRelationship": true, @@ -831,7 +826,7 @@ func testTrustDomainAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, }) t.Run("Federated Admin", func(t *testing.T) { - testAuthorization(ctx, t, trustdomainv1.NewTrustDomainClient(federatedAdminConn), map[string]bool{ + testAuthorization(ctx, t, trustdomainv1.NewTrustDomainClient(conns.federatedAdmin), map[string]bool{ "ListFederationRelationships": true, "GetFederationRelationship": true, "BatchCreateFederationRelationship": true, @@ -842,7 +837,7 @@ func testTrustDomainAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, }) t.Run("Downstream", func(t *testing.T) { - testAuthorization(ctx, t, trustdomainv1.NewTrustDomainClient(downstreamConn), map[string]bool{ + testAuthorization(ctx, t, trustdomainv1.NewTrustDomainClient(conns.downstream), map[string]bool{ "ListFederationRelationships": false, "GetFederationRelationship": false, "BatchCreateFederationRelationship": false, @@ -853,10 +848,10 @@ func testTrustDomainAPI(ctx context.Context, t *testing.T, udsConn, noauthConn, }) } -// testAuthorization makes an RPC for each method on the client interface and -// asserts that the RPC was authorized or not. If a method is not represented -// in the expectedAuthResults, or a method in expectedAuthResults does not -// belong to the client interface, the test will fail. +// testAuthorization issues an RPC for each method on the client interface and +// asserts whether the RPC was authorized or not. If a method is not +// represented in the expectedAuthResults, or a method in expectedAuthResults +// does not belong to the client interface, the test will fail. func testAuthorization(ctx context.Context, t *testing.T, client any, expectedAuthResults map[string]bool) { cv := reflect.ValueOf(client) ct := cv.Type() @@ -868,17 +863,20 @@ func testAuthorization(ctx context.Context, t *testing.T, client any, expectedAu // Invoke the RPC and assert the results out := callRPC(ctx, t, mv) require.Len(t, out, 2, "expected two return values") - require.Nil(t, out[0].Interface(), "1st output should have been nil") - err, ok := out[1].Interface().(error) - require.True(t, ok, "2nd output should have been an error") + + var st *status.Status + if !out[1].IsNil() { + err, ok := out[1].Interface().(error) + require.True(t, ok, "2nd output should have been nil or an error") + st = status.Convert(err) + } expectAuthResult, ok := expectedAuthResults[methodName] require.True(t, ok, "%q does not have an expected result", methodName) delete(expectedAuthResults, methodName) - st := status.Convert(err) if expectAuthResult { - if st.Code() != codes.Unimplemented { + if st.Code() != codes.OK { t.Fatalf("should have been authorized; code=%s msg=%s", st.Code(), st.Message()) } } else { @@ -895,6 +893,34 @@ func testAuthorization(ctx context.Context, t *testing.T, client any, expectedAu } } +// assertServiceUnavailable issues an RPC for each method on the client interface and +// asserts that the RPC was unavailable. +func assertServiceUnavailable(ctx context.Context, t *testing.T, client any) { + cv := reflect.ValueOf(client) + ct := cv.Type() + + for i := 0; i < ct.NumMethod(); i++ { + mv := cv.Method(i) + methodName := ct.Method(i).Name + t.Run(methodName, func(t *testing.T) { + // Invoke the RPC and assert the results + out := callRPC(ctx, t, mv) + require.Len(t, out, 2, "expected two return values") + + var st *status.Status + if !out[1].IsNil() { + err, ok := out[1].Interface().(error) + require.True(t, ok, "2nd output should have been nil or an error") + st = status.Convert(err) + } + + if st.Code() != codes.Unimplemented { + t.Fatalf("should have been unavailable; code=%s msg=%s", st.Code(), st.Message()) + } + }) + } +} + // callRPC invokes the RPC and returns the results. For unary RPCs, out will be // the result of the method on the interface. For streams, it will be the // result of the first call to Recv(). @@ -979,3 +1005,197 @@ func (o *svidObserver) State() svid.State { type fakeJWTKeyPublisher struct { manager.JwtKeyPublisher } + +type agentServer struct { + agentv1.UnsafeAgentServer +} + +func (agentServer) CountAgents(_ context.Context, _ *agentv1.CountAgentsRequest) (*agentv1.CountAgentsResponse, error) { + return &agentv1.CountAgentsResponse{}, nil +} + +func (agentServer) ListAgents(_ context.Context, _ *agentv1.ListAgentsRequest) (*agentv1.ListAgentsResponse, error) { + return &agentv1.ListAgentsResponse{}, nil +} + +func (agentServer) GetAgent(_ context.Context, _ *agentv1.GetAgentRequest) (*types.Agent, error) { + return &types.Agent{}, nil +} + +func (agentServer) DeleteAgent(_ context.Context, _ *agentv1.DeleteAgentRequest) (*emptypb.Empty, error) { + return &emptypb.Empty{}, nil +} + +func (agentServer) BanAgent(_ context.Context, _ *agentv1.BanAgentRequest) (*emptypb.Empty, error) { + return &emptypb.Empty{}, nil +} + +func (agentServer) AttestAgent(stream agentv1.Agent_AttestAgentServer) error { + return stream.Send(&agentv1.AttestAgentResponse{}) +} + +func (agentServer) RenewAgent(_ context.Context, _ *agentv1.RenewAgentRequest) (*agentv1.RenewAgentResponse, error) { + return &agentv1.RenewAgentResponse{}, nil +} + +func (agentServer) CreateJoinToken(_ context.Context, _ *agentv1.CreateJoinTokenRequest) (*types.JoinToken, error) { + return &types.JoinToken{}, nil +} + +func (agentServer) PostStatus(_ context.Context, _ *agentv1.PostStatusRequest) (*agentv1.PostStatusResponse, error) { + return &agentv1.PostStatusResponse{}, nil +} + +type bundleServer struct { + bundlev1.UnsafeBundleServer +} + +// Count bundles. +// The caller must be local or present an admin X509-SVID. +func (bundleServer) CountBundles(_ context.Context, _ *bundlev1.CountBundlesRequest) (*bundlev1.CountBundlesResponse, error) { + return &bundlev1.CountBundlesResponse{}, nil +} + +func (bundleServer) GetBundle(_ context.Context, _ *bundlev1.GetBundleRequest) (*types.Bundle, error) { + return &types.Bundle{}, nil +} + +func (bundleServer) AppendBundle(_ context.Context, _ *bundlev1.AppendBundleRequest) (*types.Bundle, error) { + return &types.Bundle{}, nil +} + +func (bundleServer) PublishJWTAuthority(_ context.Context, _ *bundlev1.PublishJWTAuthorityRequest) (*bundlev1.PublishJWTAuthorityResponse, error) { + return &bundlev1.PublishJWTAuthorityResponse{}, nil +} + +func (bundleServer) ListFederatedBundles(_ context.Context, _ *bundlev1.ListFederatedBundlesRequest) (*bundlev1.ListFederatedBundlesResponse, error) { + return &bundlev1.ListFederatedBundlesResponse{}, nil +} + +func (bundleServer) GetFederatedBundle(_ context.Context, _ *bundlev1.GetFederatedBundleRequest) (*types.Bundle, error) { + return &types.Bundle{}, nil +} + +func (bundleServer) BatchCreateFederatedBundle(_ context.Context, _ *bundlev1.BatchCreateFederatedBundleRequest) (*bundlev1.BatchCreateFederatedBundleResponse, error) { + return &bundlev1.BatchCreateFederatedBundleResponse{}, nil +} + +func (bundleServer) BatchUpdateFederatedBundle(_ context.Context, _ *bundlev1.BatchUpdateFederatedBundleRequest) (*bundlev1.BatchUpdateFederatedBundleResponse, error) { + return &bundlev1.BatchUpdateFederatedBundleResponse{}, nil +} + +func (bundleServer) BatchSetFederatedBundle(_ context.Context, _ *bundlev1.BatchSetFederatedBundleRequest) (*bundlev1.BatchSetFederatedBundleResponse, error) { + return &bundlev1.BatchSetFederatedBundleResponse{}, nil +} + +func (bundleServer) BatchDeleteFederatedBundle(_ context.Context, _ *bundlev1.BatchDeleteFederatedBundleRequest) (*bundlev1.BatchDeleteFederatedBundleResponse, error) { + return &bundlev1.BatchDeleteFederatedBundleResponse{}, nil +} + +type debugServer struct { + debugv1.UnsafeDebugServer +} + +func (debugServer) GetInfo(context.Context, *debugv1.GetInfoRequest) (*debugv1.GetInfoResponse, error) { + return &debugv1.GetInfoResponse{}, nil +} + +type entryServer struct { + entryv1.UnsafeEntryServer +} + +func (entryServer) CountEntries(_ context.Context, _ *entryv1.CountEntriesRequest) (*entryv1.CountEntriesResponse, error) { + return &entryv1.CountEntriesResponse{}, nil +} + +func (entryServer) ListEntries(_ context.Context, _ *entryv1.ListEntriesRequest) (*entryv1.ListEntriesResponse, error) { + return &entryv1.ListEntriesResponse{}, nil +} + +func (entryServer) GetEntry(_ context.Context, _ *entryv1.GetEntryRequest) (*types.Entry, error) { + return &types.Entry{}, nil +} + +func (entryServer) BatchCreateEntry(_ context.Context, _ *entryv1.BatchCreateEntryRequest) (*entryv1.BatchCreateEntryResponse, error) { + return &entryv1.BatchCreateEntryResponse{}, nil +} + +func (entryServer) BatchUpdateEntry(_ context.Context, _ *entryv1.BatchUpdateEntryRequest) (*entryv1.BatchUpdateEntryResponse, error) { + return &entryv1.BatchUpdateEntryResponse{}, nil +} + +func (entryServer) BatchDeleteEntry(_ context.Context, _ *entryv1.BatchDeleteEntryRequest) (*entryv1.BatchDeleteEntryResponse, error) { + return &entryv1.BatchDeleteEntryResponse{}, nil +} + +func (entryServer) GetAuthorizedEntries(_ context.Context, _ *entryv1.GetAuthorizedEntriesRequest) (*entryv1.GetAuthorizedEntriesResponse, error) { + return &entryv1.GetAuthorizedEntriesResponse{}, nil +} + +func (entryServer) SyncAuthorizedEntries(stream entryv1.Entry_SyncAuthorizedEntriesServer) error { + return stream.Send(&entryv1.SyncAuthorizedEntriesResponse{}) +} + +type healthServer struct { + grpc_health_v1.UnsafeHealthServer +} + +func (healthServer) Check(_ context.Context, _ *grpc_health_v1.HealthCheckRequest) (*grpc_health_v1.HealthCheckResponse, error) { + return &grpc_health_v1.HealthCheckResponse{}, nil +} + +func (healthServer) Watch(_ *grpc_health_v1.HealthCheckRequest, stream grpc_health_v1.Health_WatchServer) error { + return stream.Send(&grpc_health_v1.HealthCheckResponse{}) +} + +type svidServer struct { + svidv1.UnsafeSVIDServer +} + +func (svidServer) MintX509SVID(_ context.Context, _ *svidv1.MintX509SVIDRequest) (*svidv1.MintX509SVIDResponse, error) { + return &svidv1.MintX509SVIDResponse{}, nil +} + +func (svidServer) MintJWTSVID(_ context.Context, _ *svidv1.MintJWTSVIDRequest) (*svidv1.MintJWTSVIDResponse, error) { + return &svidv1.MintJWTSVIDResponse{}, nil +} + +func (svidServer) BatchNewX509SVID(_ context.Context, _ *svidv1.BatchNewX509SVIDRequest) (*svidv1.BatchNewX509SVIDResponse, error) { + return &svidv1.BatchNewX509SVIDResponse{}, nil +} + +func (svidServer) NewJWTSVID(_ context.Context, _ *svidv1.NewJWTSVIDRequest) (*svidv1.NewJWTSVIDResponse, error) { + return &svidv1.NewJWTSVIDResponse{}, nil +} + +func (svidServer) NewDownstreamX509CA(_ context.Context, _ *svidv1.NewDownstreamX509CARequest) (*svidv1.NewDownstreamX509CAResponse, error) { + return &svidv1.NewDownstreamX509CAResponse{}, nil +} + +type trustDomainServer struct { + trustdomainv1.UnsafeTrustDomainServer +} + +func (trustDomainServer) ListFederationRelationships(_ context.Context, _ *trustdomainv1.ListFederationRelationshipsRequest) (*trustdomainv1.ListFederationRelationshipsResponse, error) { + return &trustdomainv1.ListFederationRelationshipsResponse{}, nil +} + +func (trustDomainServer) GetFederationRelationship(_ context.Context, _ *trustdomainv1.GetFederationRelationshipRequest) (*types.FederationRelationship, error) { + return &types.FederationRelationship{}, nil +} + +func (trustDomainServer) BatchCreateFederationRelationship(_ context.Context, _ *trustdomainv1.BatchCreateFederationRelationshipRequest) (*trustdomainv1.BatchCreateFederationRelationshipResponse, error) { + return &trustdomainv1.BatchCreateFederationRelationshipResponse{}, nil +} + +func (trustDomainServer) BatchUpdateFederationRelationship(_ context.Context, _ *trustdomainv1.BatchUpdateFederationRelationshipRequest) (*trustdomainv1.BatchUpdateFederationRelationshipResponse, error) { + return &trustdomainv1.BatchUpdateFederationRelationshipResponse{}, nil +} + +func (trustDomainServer) BatchDeleteFederationRelationship(_ context.Context, _ *trustdomainv1.BatchDeleteFederationRelationshipRequest) (*trustdomainv1.BatchDeleteFederationRelationshipResponse, error) { + return &trustdomainv1.BatchDeleteFederationRelationshipResponse{}, nil +} + +func (trustDomainServer) RefreshBundle(_ context.Context, _ *trustdomainv1.RefreshBundleRequest) (*emptypb.Empty, error) { + return &emptypb.Empty{}, nil +} From 91fdca2b86004bc585639a7b4f9336a0e4fbee29 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Mar 2024 18:00:23 -0300 Subject: [PATCH 35/83] Bump golang.org/x/net from 0.21.0 to 0.22.0 (#4942) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.22.0. - [Commits](https://github.com/golang/net/compare/v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 11 ++++++----- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 4dc9b84479..b6e96422c6 100644 --- a/go.mod +++ b/go.mod @@ -75,9 +75,9 @@ require ( github.com/uber-go/tally/v4 v4.1.11 github.com/valyala/fastjson v1.6.4 github.com/zeebo/errs v1.3.0 - golang.org/x/crypto v0.20.0 + golang.org/x/crypto v0.21.0 golang.org/x/exp v0.0.0-20231108232855-2478ac86f678 - golang.org/x/net v0.21.0 + golang.org/x/net v0.22.0 golang.org/x/sync v0.6.0 golang.org/x/sys v0.18.0 golang.org/x/time v0.5.0 @@ -328,7 +328,7 @@ require ( go.uber.org/zap v1.27.0 // indirect golang.org/x/mod v0.14.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/term v0.17.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/tools v0.16.1 // indirect google.golang.org/appengine v1.6.8 // indirect diff --git a/go.sum b/go.sum index 474cf8f182..5fe6ee67c2 100644 --- a/go.sum +++ b/go.sum @@ -1556,8 +1556,8 @@ golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.20.0 h1:jmAMJJZXr5KiCw05dfYK9QnqaqKLYXijU23lsEdcQqg= -golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1667,8 +1667,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1826,8 +1826,9 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From 0539584ed8200ddac9f3f065a0586a60e399f89d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Mar 2024 18:10:05 -0800 Subject: [PATCH 36/83] Bump google.golang.org/grpc from 1.62.0 to 1.62.1 (#4948) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.62.0 to 1.62.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.62.0...v1.62.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b6e96422c6..df0a6a4f90 100644 --- a/go.mod +++ b/go.mod @@ -83,7 +83,7 @@ require ( golang.org/x/time v0.5.0 google.golang.org/api v0.168.0 google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78 - google.golang.org/grpc v1.62.0 + google.golang.org/grpc v1.62.1 google.golang.org/protobuf v1.32.0 k8s.io/api v0.29.2 k8s.io/apimachinery v0.29.2 diff --git a/go.sum b/go.sum index 5fe6ee67c2..96debb77d1 100644 --- a/go.sum +++ b/go.sum @@ -2154,8 +2154,8 @@ google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCD google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= -google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk= -google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= +google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk= +google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20/go.mod h1:Nr5H8+MlGWr5+xX/STzdoEqJrO+YteqFbMyCsrb6mH0= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= From 8f0aa14706b8aaea5a7f21c18871d8a3cdc6af2b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Mar 2024 20:35:36 -0800 Subject: [PATCH 37/83] Bump github.com/open-policy-agent/opa from 0.62.0 to 0.62.1 (#4950) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.62.0 to 0.62.1. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-policy-agent/opa/compare/v0.62.0...v0.62.1) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index df0a6a4f90..1d5fff5f0f 100644 --- a/go.mod +++ b/go.mod @@ -61,7 +61,7 @@ require ( github.com/lib/pq v1.10.9 github.com/mattn/go-sqlite3 v1.14.22 github.com/mitchellh/cli v1.1.5 - github.com/open-policy-agent/opa v0.62.0 + github.com/open-policy-agent/opa v0.62.1 github.com/prometheus/client_golang v1.19.0 github.com/shirou/gopsutil/v3 v3.24.2 github.com/sigstore/cosign/v2 v2.2.3 diff --git a/go.sum b/go.sum index 96debb77d1..44f407224b 100644 --- a/go.sum +++ b/go.sum @@ -1252,8 +1252,8 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= -github.com/open-policy-agent/opa v0.62.0 h1:8NAWkrg3tnMBi+pYqL7pEi7h6QmbMmVf/5IyjJS/A2s= -github.com/open-policy-agent/opa v0.62.0/go.mod h1:FD8D++1j1m74Qam2iUnKlfPDeoxWTXANaRUVu8W/tmA= +github.com/open-policy-agent/opa v0.62.1 h1:UcxBQ0fe6NEjkYc775j4PWoUFFhx4f6yXKIKSTAuTVk= +github.com/open-policy-agent/opa v0.62.1/go.mod h1:YqiSIIuvKwyomtnnXkJvy0E3KtVKbavjPJ/hNMuOmeM= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58yxX1Ov9HERHNqU= From b125c0b3334c0844666580d472c47a9cbeae30e0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Mar 2024 10:58:12 -0300 Subject: [PATCH 38/83] Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#4949) * Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * Regen *.pb.go files Signed-off-by: Ryan Turner --------- Signed-off-by: dependabot[bot] Signed-off-by: Ryan Turner Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ryan Turner --- go.mod | 2 +- go.sum | 4 ++-- proto/private/server/journal/journal.pb.go | 2 +- proto/spire/common/common.pb.go | 2 +- proto/spire/common/plugin/plugin.pb.go | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 1d5fff5f0f..c4c7458577 100644 --- a/go.mod +++ b/go.mod @@ -84,7 +84,7 @@ require ( google.golang.org/api v0.168.0 google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78 google.golang.org/grpc v1.62.1 - google.golang.org/protobuf v1.32.0 + google.golang.org/protobuf v1.33.0 k8s.io/api v0.29.2 k8s.io/apimachinery v0.29.2 k8s.io/client-go v0.29.2 diff --git a/go.sum b/go.sum index 44f407224b..84df5a235a 100644 --- a/go.sum +++ b/go.sum @@ -2173,8 +2173,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= -google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/proto/private/server/journal/journal.pb.go b/proto/private/server/journal/journal.pb.go index 36198c8736..addeadc1a6 100644 --- a/proto/private/server/journal/journal.pb.go +++ b/proto/private/server/journal/journal.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.32.0 +// protoc-gen-go v1.33.0 // protoc v4.24.4 // source: private/server/journal/journal.proto diff --git a/proto/spire/common/common.pb.go b/proto/spire/common/common.pb.go index bd17a6aadf..5ddac05b89 100644 --- a/proto/spire/common/common.pb.go +++ b/proto/spire/common/common.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.32.0 +// protoc-gen-go v1.33.0 // protoc v4.24.4 // source: spire/common/common.proto diff --git a/proto/spire/common/plugin/plugin.pb.go b/proto/spire/common/plugin/plugin.pb.go index 8f0fab5409..3fe7897f57 100644 --- a/proto/spire/common/plugin/plugin.pb.go +++ b/proto/spire/common/plugin/plugin.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.32.0 +// protoc-gen-go v1.33.0 // protoc v4.24.4 // source: spire/common/plugin/plugin.proto From 1357a954607cb16e9214475bbb2b532631ec5379 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Mar 2024 12:33:29 -0800 Subject: [PATCH 39/83] Bump github.com/docker/docker (#4952) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.3+incompatible to 25.0.4+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v25.0.3...v25.0.4) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c4c7458577..7385868360 100644 --- a/go.mod +++ b/go.mod @@ -33,7 +33,7 @@ require ( github.com/aws/smithy-go v1.20.1 github.com/blang/semver/v4 v4.0.0 github.com/cenkalti/backoff/v4 v4.2.1 - github.com/docker/docker v25.0.3+incompatible + github.com/docker/docker v25.0.4+incompatible github.com/envoyproxy/go-control-plane v0.12.0 github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa github.com/go-jose/go-jose/v3 v3.0.2 diff --git a/go.sum b/go.sum index 84df5a235a..942c9ddc0f 100644 --- a/go.sum +++ b/go.sum @@ -716,8 +716,8 @@ github.com/docker/cli v24.0.7+incompatible h1:wa/nIwYFW7BVTGa7SWPVyyXU9lgORqUb1x github.com/docker/cli v24.0.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v25.0.3+incompatible h1:D5fy/lYmY7bvZa0XTZ5/UJPljor41F+vdyJG5luQLfQ= -github.com/docker/docker v25.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v25.0.4+incompatible h1:XITZTrq+52tZyZxUOtFIahUf3aH367FLxJzt9vZeAF8= +github.com/docker/docker v25.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8= github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= From 3a90df5845c8165c15eae76d54b41142e3202f71 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Mar 2024 16:09:16 -0800 Subject: [PATCH 40/83] Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 (#4955) Bumps gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3. --- updated-dependencies: - dependency-name: gopkg.in/go-jose/go-jose.v2 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7385868360..506be88bfc 100644 --- a/go.mod +++ b/go.mod @@ -334,7 +334,7 @@ require ( google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240221002015-b0ce06bbee7c // indirect - gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect + gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 942c9ddc0f..1968a703d7 100644 --- a/go.sum +++ b/go.sum @@ -2184,8 +2184,8 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/go-jose/go-jose.v2 v2.6.1 h1:qEzJlIDmG9q5VO0M/o8tGS65QMHMS1w01TQJB1VPJ4U= -gopkg.in/go-jose/go-jose.v2 v2.6.1/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI= +gopkg.in/go-jose/go-jose.v2 v2.6.3 h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKKs= +gopkg.in/go-jose/go-jose.v2 v2.6.3/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.56.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= From 2f37a0f4a20c0f7f1f1ef4f2e71490587165638f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Mar 2024 19:31:32 -0800 Subject: [PATCH 41/83] Bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3 (#4956) Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.2 to 3.0.3. - [Release notes](https://github.com/go-jose/go-jose/releases) - [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md) - [Commits](https://github.com/go-jose/go-jose/compare/v3.0.2...v3.0.3) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 506be88bfc..a683d3aacc 100644 --- a/go.mod +++ b/go.mod @@ -36,7 +36,7 @@ require ( github.com/docker/docker v25.0.4+incompatible github.com/envoyproxy/go-control-plane v0.12.0 github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa - github.com/go-jose/go-jose/v3 v3.0.2 + github.com/go-jose/go-jose/v3 v3.0.3 github.com/go-sql-driver/mysql v1.7.1 github.com/godbus/dbus/v5 v5.1.0 github.com/gofrs/uuid v4.4.0+incompatible diff --git a/go.sum b/go.sum index 1968a703d7..8e777b60c7 100644 --- a/go.sum +++ b/go.sum @@ -779,8 +779,8 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= -github.com/go-jose/go-jose/v3 v3.0.2 h1:2Edjn8Nrb44UvTdp84KU0bBPs1cO7noRCybtS3eJEUQ= -github.com/go-jose/go-jose/v3 v3.0.2/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= +github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= From 03013f240f36f75cda82d3b007aa6ae71803b89b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Mar 2024 09:48:39 -0800 Subject: [PATCH 42/83] Bump github.com/lestrrat-go/jwx/v2 from 2.0.20 to 2.0.21 (#4953) Bumps [github.com/lestrrat-go/jwx/v2](https://github.com/lestrrat-go/jwx) from 2.0.20 to 2.0.21. - [Release notes](https://github.com/lestrrat-go/jwx/releases) - [Changelog](https://github.com/lestrrat-go/jwx/blob/develop/v2/Changes) - [Commits](https://github.com/lestrrat-go/jwx/compare/v2.0.20...v2.0.21) --- updated-dependencies: - dependency-name: github.com/lestrrat-go/jwx/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index a683d3aacc..33ce60c63a 100644 --- a/go.mod +++ b/go.mod @@ -57,7 +57,7 @@ require ( github.com/imkira/go-observer v1.0.3 github.com/jackc/pgx/v5 v5.5.4 github.com/jinzhu/gorm v1.9.16 - github.com/lestrrat-go/jwx/v2 v2.0.20 + github.com/lestrrat-go/jwx/v2 v2.0.21 github.com/lib/pq v1.10.9 github.com/mattn/go-sqlite3 v1.14.22 github.com/mitchellh/cli v1.1.5 @@ -240,7 +240,7 @@ require ( github.com/kylelemons/godebug v1.1.0 // indirect github.com/lestrrat-go/blackmagic v1.0.2 // indirect github.com/lestrrat-go/httpcc v1.0.1 // indirect - github.com/lestrrat-go/httprc v1.0.4 // indirect + github.com/lestrrat-go/httprc v1.0.5 // indirect github.com/lestrrat-go/iter v1.0.2 // indirect github.com/lestrrat-go/option v1.0.1 // indirect github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect diff --git a/go.sum b/go.sum index 8e777b60c7..a4ded350be 100644 --- a/go.sum +++ b/go.sum @@ -1147,12 +1147,12 @@ github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU= github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE= github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E= -github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJGdI8= -github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= +github.com/lestrrat-go/httprc v1.0.5 h1:bsTfiH8xaKOJPrg1R+E3iE/AWZr/x0Phj9PBTG/OLUk= +github.com/lestrrat-go/httprc v1.0.5/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx/v2 v2.0.20 h1:sAgXuWS/t8ykxS9Bi2Qtn5Qhpakw1wrcjxChudjolCc= -github.com/lestrrat-go/jwx/v2 v2.0.20/go.mod h1:UlCSmKqw+agm5BsOBfEAbTvKsEApaGNqHAEUTv5PJC4= +github.com/lestrrat-go/jwx/v2 v2.0.21 h1:jAPKupy4uHgrHFEdjVjNkUgoBKtVDgrQPB/h55FHrR0= +github.com/lestrrat-go/jwx/v2 v2.0.21/go.mod h1:09mLW8zto6bWL9GbwnqAli+ArLf+5M33QLQPDggkUWM= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 h1:WGrKdjHtWC67RX96eTkYD2f53NDHhrq/7robWTAfk4s= From c6645a80cbef0d9f10ec2ddcead67b86354f49fe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Mar 2024 10:41:10 -0800 Subject: [PATCH 43/83] Bump the aws-sdk group with 1 update (#4958) Bumps the aws-sdk group with 1 update: [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2). Updates `github.com/aws/aws-sdk-go-v2/service/ec2` from 1.149.1 to 1.150.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ec2/v1.149.1...service/ec2/v1.150.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk ... Signed-off-by: dependabot[bot] --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 33ce60c63a..627ac10c50 100644 --- a/go.mod +++ b/go.mod @@ -18,13 +18,13 @@ require ( github.com/Microsoft/go-winio v0.6.1 github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 github.com/armon/go-metrics v0.4.1 - github.com/aws/aws-sdk-go-v2 v1.25.2 + github.com/aws/aws-sdk-go-v2 v1.25.3 github.com/aws/aws-sdk-go-v2/config v1.27.0 github.com/aws/aws-sdk-go-v2/credentials v1.17.0 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0 github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.4.2 github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.1 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.149.1 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.150.0 github.com/aws/aws-sdk-go-v2/service/iam v1.31.1 github.com/aws/aws-sdk-go-v2/service/kms v1.29.1 github.com/aws/aws-sdk-go-v2/service/s3 v1.51.1 @@ -133,15 +133,15 @@ require ( github.com/armon/go-radix v1.0.0 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.1 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.2 // indirect github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7 // indirect github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5 // indirect github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.2 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.19.0 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.22.0 // indirect diff --git a/go.sum b/go.sum index a4ded350be..29c046c0a4 100644 --- a/go.sum +++ b/go.sum @@ -560,8 +560,8 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.50.0 h1:HBtrLeO+QyDKnc3t1+5DR1RxodOHCGr8ZcrHudpv7jI= github.com/aws/aws-sdk-go v1.50.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= -github.com/aws/aws-sdk-go-v2 v1.25.2 h1:/uiG1avJRgLGiQM9X3qJM8+Qa6KRGK5rRPuXE0HUM+w= -github.com/aws/aws-sdk-go-v2 v1.25.2/go.mod h1:Evoc5AsmtveRt1komDwIsjHFyrP5tDuF1D1U+6z6pNo= +github.com/aws/aws-sdk-go-v2 v1.25.3 h1:xYiLpZTQs1mzvz5PaI6uR0Wh57ippuEthxS4iK5v0n0= +github.com/aws/aws-sdk-go-v2 v1.25.3/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.1 h1:gTK2uhtAPtFcdRRJilZPx8uJLL2J85xK11nKtWL0wfU= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.1/go.mod h1:sxpLb+nZk7tIfCWChfd+h4QwHNUR57d8hA1cleTkjJo= github.com/aws/aws-sdk-go-v2/config v1.27.0 h1:J5sdGCAHuWKIXLeXiqr8II/adSvetkx0qdZwdbXXpb0= @@ -572,18 +572,18 @@ github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0 h1:xWCwjjvVz2ojYTP4kBKUuUh github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0/go.mod h1:j3fACuqXg4oMTQOR2yY7m0NmJY0yBK4L4sLsRXq1Ins= github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.4.2 h1:TFju6ZoqO3TnX0C42VmYW4TxNcUFfbV/3cnaOxbcc5Y= github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.4.2/go.mod h1:HLaNMGEhcO6GnJtrozRtluhCVM5/B/ZV5XHQ477uIgA= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 h1:bNo4LagzUKbjdxE0tIcR9pMzLR2U/Tgie1Hq1HQ3iH8= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2/go.mod h1:wRQv0nN6v9wDXuWThpovGQjqF1HFdcgWjporw14lS8k= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2 h1:EtOU5jsPdIQNP+6Q2C5e3d65NKT1PeCiQk+9OdzO12Q= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2/go.mod h1:tyF5sKccmDz0Bv4NrstEr+/9YkSPJHrcO7UsUKf7pWM= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3 h1:ifbIbHZyGl1alsAhPIYsHOg5MuApgqOvVeI8wIugXfs= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3/go.mod h1:oQZXg3c6SNeY6OZrDY+xHcF4VGIEoNotX2B4PrDeoJI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3 h1:Qvodo9gHG9F3E8SfYOspPeBt0bjSbsevK8WhRAUHcoY= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3/go.mod h1:vCKrdLXtybdf/uQd/YfVR2r5pcbNuEYKzMQpcxmeSJw= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.2 h1:en92G0Z7xlksoOylkUhuBSfJgijC7rHVLRdnIlHEs0E= github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.2/go.mod h1:HgtQ/wN5G+8QSlK62lbOtNwQ3wTSByJ4wH2rCkPt+AE= github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.1 h1:XvSeacTm4QJf+bAw0s+t7UHghw6fLv0Mz79cNWZVC0Q= github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.1/go.mod h1:P+wB/b01+r8pvLQgysfAdxOe1uUrStjCN31IBeMhNw4= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.149.1 h1:OGZUMBYZnz+R5nkW6FS1J8UlfLeM/pKojck+74+ZQGY= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.149.1/go.mod h1:XxJNg7fIkR8cbm89i0zVZSxKpcPYsC8BWRwMIJOWbnk= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.150.0 h1:9JPrA5MyHUqr5hcU1o/xyryVctoyRrj5eHsxRSSDGfg= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.150.0/go.mod h1:KNJMjsbzK97hci9ev2Vl/27GgUt3ZciRP4RGujAPF2I= github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7 h1:3iaT/LnGV6jNtbBkvHZDlzz7Ky3wMHDJAyFtGd5GUJI= github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7/go.mod h1:mtzCLxk6M+KZbkJdq3cUH9GCrudw8qCy5C3EHO+5vLc= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6 h1:h+r5/diSwztgKgxUrntt6AOI5lBYY0ZJv+yzeulGZSU= @@ -594,8 +594,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibR github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1/go.mod h1:JKpmtYhhPs7D97NL/ltqz7yCkERFW5dOlHyVl66ZYF8= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.2 h1:zSdTXYLwuXDNPUS+V41i1SFDXG7V0ITp0D9UT9Cvl18= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.2/go.mod h1:v8m8k+qVy95nYi7d56uP1QImleIIY25BPiNJYzPBdFE= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2 h1:5ffmXjPtwRExp1zc7gENLgCPyHFbhEPwVTkTiH9niSk= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2/go.mod h1:Ru7vg1iQ7cR4i7SZ/JTLYN9kaXtbL69UdgG0OQWQxW0= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5 h1:K/NXvIftOlX+oGgWGIa3jDyYLDNsdVhsjHmsBH2GLAQ= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5/go.mod h1:cl9HGLV66EnCmMNzq4sYOti+/xo8w34CsgzVtm2GgsY= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.2 h1:1oY1AVEisRI4HNuFoLdRUB0hC63ylDAN6Me3MrfclEg= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.2/go.mod h1:KZ03VgvZwSjkT7fOetQ/wF3MZUvYFirlI1H5NklUNsY= github.com/aws/aws-sdk-go-v2/service/kms v1.29.1 h1:OdjJjUWFlMZLAMl54ASxIpZdGEesY4BH3/c0HAPSFdI= From 7828b656e9008124795d60431f05651285b967ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Mar 2024 12:52:46 -0800 Subject: [PATCH 44/83] Bump google.golang.org/api from 0.168.0 to 0.169.0 (#4960) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.168.0 to 0.169.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.168.0...v0.169.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 627ac10c50..c17477b414 100644 --- a/go.mod +++ b/go.mod @@ -81,7 +81,7 @@ require ( golang.org/x/sync v0.6.0 golang.org/x/sys v0.18.0 golang.org/x/time v0.5.0 - google.golang.org/api v0.168.0 + google.golang.org/api v0.169.0 google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78 google.golang.org/grpc v1.62.1 google.golang.org/protobuf v1.33.0 diff --git a/go.sum b/go.sum index 29c046c0a4..f269a237ac 100644 --- a/go.sum +++ b/go.sum @@ -1980,8 +1980,8 @@ google.golang.org/api v0.102.0/go.mod h1:3VFl6/fzoA+qNuS1N1/VfXY4LjoXN/wzeIp7Twe google.golang.org/api v0.103.0/go.mod h1:hGtW6nK1AC+d9si/UBhw8Xli+QMOf6xyNAyJw4qU9w0= google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= -google.golang.org/api v0.168.0 h1:MBRe+Ki4mMN93jhDDbpuRLjRddooArz4FeSObvUMmjY= -google.golang.org/api v0.168.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg= +google.golang.org/api v0.169.0 h1:QwWPy71FgMWqJN/l6jVlFHUa29a7dcUy02I8o799nPY= +google.golang.org/api v0.169.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= From 6dcb0ecf675fd45d24e97bc93fa24b5a153716df Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Mar 2024 13:59:18 -0800 Subject: [PATCH 45/83] Bump github.com/uber-go/tally/v4 from 4.1.11 to 4.1.12 (#4959) Bumps [github.com/uber-go/tally/v4](https://github.com/uber-go/tally) from 4.1.11 to 4.1.12. - [Release notes](https://github.com/uber-go/tally/releases) - [Commits](https://github.com/uber-go/tally/compare/v4.1.11...v4.1.12) --- updated-dependencies: - dependency-name: github.com/uber-go/tally/v4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c17477b414..d99405dc7c 100644 --- a/go.mod +++ b/go.mod @@ -72,7 +72,7 @@ require ( github.com/spiffe/spire-api-sdk v1.2.5-0.20231107161112-ba57e0e943a2 github.com/spiffe/spire-plugin-sdk v1.4.4-0.20230721151831-bf67dde4721d github.com/stretchr/testify v1.9.0 - github.com/uber-go/tally/v4 v4.1.11 + github.com/uber-go/tally/v4 v4.1.12 github.com/valyala/fastjson v1.6.4 github.com/zeebo/errs v1.3.0 golang.org/x/crypto v0.21.0 diff --git a/go.sum b/go.sum index f269a237ac..ae299834c8 100644 --- a/go.sum +++ b/go.sum @@ -1443,8 +1443,8 @@ github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqri github.com/twmb/murmur3 v1.1.5/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ= github.com/twmb/murmur3 v1.1.6 h1:mqrRot1BRxm+Yct+vavLMou2/iJt0tNVTTC0QoIjaZg= github.com/twmb/murmur3 v1.1.6/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ= -github.com/uber-go/tally/v4 v4.1.11 h1:ktRXNpbia2cKbyAOIEdNdgkfPBzwCzIYJ20Kn6qQr7w= -github.com/uber-go/tally/v4 v4.1.11/go.mod h1:RW5DgqsyEPs0lA4b0YNf4zKj7DveKHd73hnO6zVlyW0= +github.com/uber-go/tally/v4 v4.1.12 h1:SdOe+x8aLNZxsxhuAiKW8eB9ha9BkByxYHVR6nIejLQ= +github.com/uber-go/tally/v4 v4.1.12/go.mod h1:RW5DgqsyEPs0lA4b0YNf4zKj7DveKHd73hnO6zVlyW0= github.com/valyala/fastjson v1.6.4 h1:uAUNq9Z6ymTgGhcm0UynUAB6tlbakBrz6CQFax3BXVQ= github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY= github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts= From 91ddf4fe6b7088493c4056f37a2e8d84ce4b1a2c Mon Sep 17 00:00:00 2001 From: Carlo Teubner Date: Fri, 8 Mar 2024 23:42:06 +0000 Subject: [PATCH 46/83] Document BundlePublisher (#4951) Mention the BundlePublisher plugin type, and its built-in aws_s3 implementation, on the SPIRE Server Configuration Reference page. This plugin type was introduced in spiffe/spire-plugin-sdk#38. See also #2909, #4034. While I'm touching this, a couple of other tweaks: - Add CredentialComposer to plugin type list (its uniqueid implementation was already mentioned in the built-in plugin table). - Reorder the tables of plugin types and built-in plugins to hopefully make a little more sense, and to be consistent with each other. - Change a "sql" to a "SQL". Signed-off-by: Carlo Teubner --- doc/spire_server.md | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/doc/spire_server.md b/doc/spire_server.md index 12d078e07f..9931f5f3a4 100644 --- a/doc/spire_server.md +++ b/doc/spire_server.md @@ -4,23 +4,25 @@ This document is a configuration reference for SPIRE Server. It includes informa ## Plugin types -| Type | Description | -|:------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| DataStore | Provides persistent storage and HA features. **Note:** Pluggability for the DataStore is no longer supported. Only the built-in SQL plugin can be used. | -| KeyManager | Implements both signing and key storage logic for the server's signing operations. Useful for leveraging hardware-based key operations. | -| NodeAttestor | Implements validation logic for nodes attempting to assert their identity. Generally paired with an agent plugin of the same type. | -| UpstreamAuthority | Allows SPIRE server to integrate with existing PKI systems. | -| Notifier | Notified by SPIRE server for certain events that are happening or have happened. For events that are happening, the notifier can advise SPIRE server on the outcome. | +| Type | Description | +|:-------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| DataStore | Provides persistent storage and HA features. **Note:** Pluggability for the DataStore is no longer supported. Only the built-in SQL plugin can be used. | +| KeyManager | Implements both signing and key storage logic for the server's signing operations. Useful for leveraging hardware-based key operations. | +| CredentialComposer | Allows customization of SVID and CA attributes. | +| NodeAttestor | Implements validation logic for nodes attempting to assert their identity. Generally paired with an agent plugin of the same type. | +| UpstreamAuthority | Allows SPIRE server to integrate with existing PKI systems. | +| Notifier | Notified by SPIRE server for certain events that are happening or have happened. For events that are happening, the notifier can advise SPIRE server on the outcome. | +| BundlePublisher | Publishes trust bundles to additional locations. | ## Built-in plugins | Type | Name | Description | |--------------------|----------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------| -| CredentialComposer | [uniqueid](/doc/plugin_server_credentialcomposer_uniqueid.md) | Adds the x509UniqueIdentifier attribute to workload X509-SVIDs. | -| DataStore | [sql](/doc/plugin_server_datastore_sql.md) | An sql database storage for SQLite, PostgreSQL and MySQL databases for the SPIRE datastore | +| DataStore | [sql](/doc/plugin_server_datastore_sql.md) | An SQL database storage for SQLite, PostgreSQL and MySQL databases for the SPIRE datastore | | KeyManager | [aws_kms](/doc/plugin_server_keymanager_aws_kms.md) | A key manager which manages keys in AWS KMS | | KeyManager | [disk](/doc/plugin_server_keymanager_disk.md) | A key manager which manages keys persisted on disk | | KeyManager | [memory](/doc/plugin_server_keymanager_memory.md) | A key manager which manages unpersisted keys in memory | +| CredentialComposer | [uniqueid](/doc/plugin_server_credentialcomposer_uniqueid.md) | Adds the x509UniqueIdentifier attribute to workload X509-SVIDs. | | NodeAttestor | [aws_iid](/doc/plugin_server_nodeattestor_aws_iid.md) | A node attestor which attests agent identity using an AWS Instance Identity Document | | NodeAttestor | [azure_msi](/doc/plugin_server_nodeattestor_azure_msi.md) | A node attestor which attests agent identity using an Azure MSI token | | NodeAttestor | [gcp_iit](/doc/plugin_server_nodeattestor_gcp_iit.md) | A node attestor which attests agent identity using a GCP Instance Identity Token | @@ -30,8 +32,6 @@ This document is a configuration reference for SPIRE Server. It includes informa | NodeAttestor | [sshpop](/doc/plugin_server_nodeattestor_sshpop.md) | A node attestor which attests agent identity using an existing ssh certificate | | NodeAttestor | [tpm_devid](/doc/plugin_server_nodeattestor_tpm_devid.md) | A node attestor which attests agent identity using a TPM that has been provisioned with a DevID certificate | | NodeAttestor | [x509pop](/doc/plugin_server_nodeattestor_x509pop.md) | A node attestor which attests agent identity using an existing X.509 certificate | -| Notifier | [gcs_bundle](/doc/plugin_server_notifier_gcs_bundle.md) | A notifier that pushes the latest trust bundle contents into an object in Google Cloud Storage. | -| Notifier | [k8sbundle](/doc/plugin_server_notifier_k8sbundle.md) | A notifier that pushes the latest trust bundle contents into a Kubernetes ConfigMap. | | UpstreamAuthority | [disk](/doc/plugin_server_upstreamauthority_disk.md) | Uses a CA loaded from disk to sign SPIRE server intermediate certificates. | | UpstreamAuthority | [aws_pca](/doc/plugin_server_upstreamauthority_aws_pca.md) | Uses a Private Certificate Authority from AWS Certificate Manager to sign SPIRE server intermediate certificates. | | UpstreamAuthority | [awssecret](/doc/plugin_server_upstreamauthority_awssecret.md) | Uses a CA loaded from AWS SecretsManager to sign SPIRE server intermediate certificates. | @@ -39,6 +39,9 @@ This document is a configuration reference for SPIRE Server. It includes informa | UpstreamAuthority | [vault](/doc/plugin_server_upstreamauthority_vault.md) | Uses a PKI Secret Engine from HashiCorp Vault to sign SPIRE server intermediate certificates. | | UpstreamAuthority | [spire](/doc/plugin_server_upstreamauthority_spire.md) | Uses an upstream SPIRE server in the same trust domain to obtain intermediate signing certificates for SPIRE server. | | UpstreamAuthority | [cert-manager](/doc/plugin_server_upstreamauthority_cert_manager.md) | Uses a referenced cert-manager Issuer to request intermediate signing certificates. | +| Notifier | [gcs_bundle](/doc/plugin_server_notifier_gcs_bundle.md) | A notifier that pushes the latest trust bundle contents into an object in Google Cloud Storage. | +| Notifier | [k8sbundle](/doc/plugin_server_notifier_k8sbundle.md) | A notifier that pushes the latest trust bundle contents into a Kubernetes ConfigMap. | +| BundlePublisher | [aws_s3](/doc/plugin_server_bundlepublisher_aws_s3.md) | Publishes trust bundles to an Amazon S3 bucket. | ## Server configuration file From a8d547cce68b88761ef79cb4f7f0cec8f7b765df Mon Sep 17 00:00:00 2001 From: Edwin Buck Date: Mon, 11 Mar 2024 11:44:40 -0500 Subject: [PATCH 47/83] Post launch Log level control for the Server (#4880) Signed-off-by: Edwin Buck --- cmd/spire-server/cli/cli.go | 7 + cmd/spire-server/cli/logger/get.go | 59 ++ cmd/spire-server/cli/logger/get_posix_test.go | 12 + cmd/spire-server/cli/logger/get_test.go | 178 ++++ .../cli/logger/get_windows_test.go | 12 + cmd/spire-server/cli/logger/mocks_test.go | 110 +++ cmd/spire-server/cli/logger/printers.go | 40 + cmd/spire-server/cli/logger/printers_test.go | 67 ++ cmd/spire-server/cli/logger/set.go | 84 ++ cmd/spire-server/cli/logger/set_posix_test.go | 14 + cmd/spire-server/cli/logger/set_test.go | 151 +++ .../cli/logger/set_windows_test.go | 14 + cmd/spire-server/cli/run/run.go | 1 + cmd/spire-server/util/util.go | 6 + go.mod | 2 +- go.sum | 4 +- pkg/common/api/middleware/names.go | 3 + pkg/server/api/logger/v1/levels.go | 26 + pkg/server/api/logger/v1/levels_test.go | 107 +++ pkg/server/api/logger/v1/service.go | 78 ++ pkg/server/api/logger/v1/service_test.go | 900 ++++++++++++++++++ pkg/server/authpolicy/policy_data.json | 12 + pkg/server/config.go | 5 +- pkg/server/endpoints/config.go | 15 +- pkg/server/endpoints/endpoints.go | 7 +- pkg/server/endpoints/endpoints_test.go | 53 ++ pkg/server/endpoints/middleware.go | 3 + pkg/server/server.go | 6 + 28 files changed, 1969 insertions(+), 7 deletions(-) create mode 100644 cmd/spire-server/cli/logger/get.go create mode 100644 cmd/spire-server/cli/logger/get_posix_test.go create mode 100644 cmd/spire-server/cli/logger/get_test.go create mode 100644 cmd/spire-server/cli/logger/get_windows_test.go create mode 100644 cmd/spire-server/cli/logger/mocks_test.go create mode 100644 cmd/spire-server/cli/logger/printers.go create mode 100644 cmd/spire-server/cli/logger/printers_test.go create mode 100644 cmd/spire-server/cli/logger/set.go create mode 100644 cmd/spire-server/cli/logger/set_posix_test.go create mode 100644 cmd/spire-server/cli/logger/set_test.go create mode 100644 cmd/spire-server/cli/logger/set_windows_test.go create mode 100644 pkg/server/api/logger/v1/levels.go create mode 100644 pkg/server/api/logger/v1/levels_test.go create mode 100644 pkg/server/api/logger/v1/service.go create mode 100644 pkg/server/api/logger/v1/service_test.go diff --git a/cmd/spire-server/cli/cli.go b/cmd/spire-server/cli/cli.go index 93b5447cda..4fdb631cea 100644 --- a/cmd/spire-server/cli/cli.go +++ b/cmd/spire-server/cli/cli.go @@ -11,6 +11,7 @@ import ( "github.com/spiffe/spire/cmd/spire-server/cli/federation" "github.com/spiffe/spire/cmd/spire-server/cli/healthcheck" "github.com/spiffe/spire/cmd/spire-server/cli/jwt" + "github.com/spiffe/spire/cmd/spire-server/cli/logger" "github.com/spiffe/spire/cmd/spire-server/cli/run" "github.com/spiffe/spire/cmd/spire-server/cli/token" "github.com/spiffe/spire/cmd/spire-server/cli/validate" @@ -96,6 +97,12 @@ func (cc *CLI) Run(ctx context.Context, args []string) int { "federation update": func() (cli.Command, error) { return federation.NewUpdateCommand(), nil }, + "logger get": func() (cli.Command, error) { + return logger.NewGetCommand(), nil + }, + "logger set": func() (cli.Command, error) { + return logger.NewSetCommand(), nil + }, "run": func() (cli.Command, error) { return run.NewRunCommand(ctx, cc.LogOptions, cc.AllowUnknownConfig), nil }, diff --git a/cmd/spire-server/cli/logger/get.go b/cmd/spire-server/cli/logger/get.go new file mode 100644 index 0000000000..b6753a3df6 --- /dev/null +++ b/cmd/spire-server/cli/logger/get.go @@ -0,0 +1,59 @@ +package logger + +import ( + "context" + "flag" + "fmt" + + "github.com/mitchellh/cli" + api "github.com/spiffe/spire-api-sdk/proto/spire/api/server/logger/v1" + "github.com/spiffe/spire/cmd/spire-server/util" + commoncli "github.com/spiffe/spire/pkg/common/cli" + "github.com/spiffe/spire/pkg/common/cliprinter" +) + +type getCommand struct { + env *commoncli.Env + printer cliprinter.Printer +} + +// Returns a cli.command that gets the logger information using +// the default cli environment. +func NewGetCommand() cli.Command { + return NewGetCommandWithEnv(commoncli.DefaultEnv) +} + +// Returns a cli.command that gets the root logger information. +func NewGetCommandWithEnv(env *commoncli.Env) cli.Command { + return util.AdaptCommand(env, &getCommand{env: env}) +} + +// The name of the command. +func (*getCommand) Name() string { + return "logger get" +} + +// The help presented description of the command. +func (*getCommand) Synopsis() string { + return "Gets the logger details" +} + +// Adds additional flags specific to the command. +func (c *getCommand) AppendFlags(fs *flag.FlagSet) { + cliprinter.AppendFlagWithCustomPretty(&c.printer, fs, c.env, c.prettyPrintLogger) +} + +// The routine that executes the command +func (c *getCommand) Run(ctx context.Context, _ *commoncli.Env, serverClient util.ServerClient) error { + logger, err := serverClient.NewLoggerClient().GetLogger(ctx, &api.GetLoggerRequest{}) + if err != nil { + return fmt.Errorf("error fetching logger: %w", err) + } + + return c.printer.PrintProto(logger) +} + +// Formatting for the logger under pretty printing of output. +func (c *getCommand) prettyPrintLogger(env *commoncli.Env, results ...any) error { + return PrettyPrintLogger(env, results...) +} diff --git a/cmd/spire-server/cli/logger/get_posix_test.go b/cmd/spire-server/cli/logger/get_posix_test.go new file mode 100644 index 0000000000..9e5cf4b3db --- /dev/null +++ b/cmd/spire-server/cli/logger/get_posix_test.go @@ -0,0 +1,12 @@ +//go:build !windows + +package logger_test + +var ( + getUsage = `Usage of logger get: + -output value + Desired output format (pretty, json); default: pretty. + -socketPath string + Path to the SPIRE Server API socket (default "/tmp/spire-server/private/api.sock") +` +) diff --git a/cmd/spire-server/cli/logger/get_test.go b/cmd/spire-server/cli/logger/get_test.go new file mode 100644 index 0000000000..b571f785b7 --- /dev/null +++ b/cmd/spire-server/cli/logger/get_test.go @@ -0,0 +1,178 @@ +package logger_test + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/require" + + "github.com/spiffe/spire-api-sdk/proto/spire/api/types" + "github.com/spiffe/spire/cmd/spire-server/cli/logger" +) + +func TestGetHelp(t *testing.T) { + test := setupCliTest(t, nil, logger.NewGetCommandWithEnv) + test.client.Help() + require.Equal(t, "", test.stdout.String()) + require.Equal(t, getUsage, test.stderr.String()) +} + +func TestGetSynopsis(t *testing.T) { + cmd := logger.NewGetCommand() + require.Equal(t, "Gets the logger details", cmd.Synopsis()) +} + +func TestGet(t *testing.T) { + for _, tt := range []struct { + name string + // server state + server *mockLoggerServer + // input + args []string + // expected items + expectReturnCode int + expectStdout string + expectStderr string + }{ + { + name: "configured to info, set to info, using pretty output", + args: []string{"-output", "pretty"}, + server: &mockLoggerServer{ + returnLogger: &types.Logger{ + CurrentLevel: types.LogLevel_INFO, + LaunchLevel: types.LogLevel_INFO, + }, + }, + expectReturnCode: 0, + expectStdout: `Logger Level : info +Launch Level : info + +`, + }, + { + name: "configured to debug, set to warn, using pretty output", + args: []string{"-output", "pretty"}, + server: &mockLoggerServer{ + returnLogger: &types.Logger{ + CurrentLevel: types.LogLevel_WARN, + LaunchLevel: types.LogLevel_DEBUG, + }, + }, + expectReturnCode: 0, + expectStdout: `Logger Level : warning +Launch Level : debug + +`, + }, + { + name: "configured to error, set to trace, using pretty output", + args: []string{"-output", "pretty"}, + server: &mockLoggerServer{ + returnLogger: &types.Logger{ + CurrentLevel: types.LogLevel_TRACE, + LaunchLevel: types.LogLevel_ERROR, + }, + }, + expectReturnCode: 0, + expectStdout: `Logger Level : trace +Launch Level : error + +`, + }, + { + name: "configured to panic, set to fatal, using pretty output", + args: []string{"-output", "pretty"}, + server: &mockLoggerServer{ + returnLogger: &types.Logger{ + CurrentLevel: types.LogLevel_FATAL, + LaunchLevel: types.LogLevel_PANIC, + }, + }, + expectReturnCode: 0, + expectStdout: `Logger Level : fatal +Launch Level : panic + +`, + }, + { + name: "configured to info, set to info, using json output", + args: []string{"-output", "json"}, + server: &mockLoggerServer{ + returnLogger: &types.Logger{ + CurrentLevel: types.LogLevel_INFO, + LaunchLevel: types.LogLevel_INFO, + }, + }, + expectReturnCode: 0, + expectStdout: `{"current_level":"INFO","launch_level":"INFO"} +`, + }, + { + name: "configured to debug, set to warn, using json output", + args: []string{"-output", "json"}, + server: &mockLoggerServer{ + returnLogger: &types.Logger{ + CurrentLevel: types.LogLevel_WARN, + LaunchLevel: types.LogLevel_DEBUG, + }, + }, + expectReturnCode: 0, + expectStdout: `{"current_level":"WARN","launch_level":"DEBUG"} +`, + }, + { + name: "configured to error, set to trace, using json output", + args: []string{"-output", "json"}, + server: &mockLoggerServer{ + returnLogger: &types.Logger{ + CurrentLevel: types.LogLevel_TRACE, + LaunchLevel: types.LogLevel_ERROR, + }, + }, + expectReturnCode: 0, + expectStdout: `{"current_level":"TRACE","launch_level":"ERROR"} +`, + }, + { + name: "configured to panic, set to fatal, using json output", + args: []string{"-output", "json"}, + server: &mockLoggerServer{ + returnLogger: &types.Logger{ + CurrentLevel: types.LogLevel_FATAL, + LaunchLevel: types.LogLevel_PANIC, + }, + }, + expectReturnCode: 0, + expectStdout: `{"current_level":"FATAL","launch_level":"PANIC"} +`, + }, + { + name: "configured to info, set to info, server will error", + args: []string{"-output", "pretty"}, + server: &mockLoggerServer{ + returnErr: errors.New("server is unavailable"), + }, + expectReturnCode: 1, + expectStderr: `Error: error fetching logger: rpc error: code = Unknown desc = server is unavailable +`, + }, + { + name: "bizzarro world, returns neither logger nor error", + args: []string{"-output", "pretty"}, + server: &mockLoggerServer{ + returnLogger: nil, + }, + expectReturnCode: 1, + expectStderr: `Error: internal error: returned current log level is undefined; please report this as a bug +`, + }, + } { + t.Run(tt.name, func(t *testing.T) { + test := setupCliTest(t, tt.server, logger.NewGetCommandWithEnv) + returnCode := test.client.Run(append(test.args, tt.args...)) + require.Equal(t, tt.expectStdout, test.stdout.String()) + require.Equal(t, tt.expectStderr, test.stderr.String()) + require.Equal(t, tt.expectReturnCode, returnCode) + }) + } +} diff --git a/cmd/spire-server/cli/logger/get_windows_test.go b/cmd/spire-server/cli/logger/get_windows_test.go new file mode 100644 index 0000000000..d7a1c53582 --- /dev/null +++ b/cmd/spire-server/cli/logger/get_windows_test.go @@ -0,0 +1,12 @@ +//go:build windows + +package logger_test + +var ( + getUsage = `Usage of logger get: + -namedPipeName string + Pipe name of the SPIRE Server API named pipe (default "\\spire-server\\private\\api") + -output value + Desired output format (pretty, json); default: pretty. +` +) diff --git a/cmd/spire-server/cli/logger/mocks_test.go b/cmd/spire-server/cli/logger/mocks_test.go new file mode 100644 index 0000000000..80eeba4a52 --- /dev/null +++ b/cmd/spire-server/cli/logger/mocks_test.go @@ -0,0 +1,110 @@ +package logger_test + +import ( + "io" + "testing" + + "github.com/spiffe/spire/test/spiretest" + + "bytes" + "context" + + "github.com/mitchellh/cli" + loggerv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/logger/v1" + "github.com/spiffe/spire-api-sdk/proto/spire/api/types" + "github.com/spiffe/spire/cmd/spire-server/cli/common" + commoncli "github.com/spiffe/spire/pkg/common/cli" + "google.golang.org/grpc" +) + +// an input/output capture struct +type loggerTest struct { + stdin *bytes.Buffer + stdout *bytes.Buffer + stderr *bytes.Buffer + args []string + server *mockLoggerServer + client cli.Command +} + +// serialization of capture +func (l *loggerTest) afterTest(t *testing.T) { + t.Logf("TEST:%s", t.Name()) + t.Logf("STDOUT:\n%s", l.stdout.String()) + t.Logf("STDIN:\n%s", l.stdin.String()) + t.Logf("STDERR:\n%s", l.stderr.String()) +} + +// setup of input/output capture +func setupCliTest(t *testing.T, server *mockLoggerServer, newClient func(*commoncli.Env) cli.Command) *loggerTest { + addr := spiretest.StartGRPCServer(t, func(s *grpc.Server) { + loggerv1.RegisterLoggerServer(s, server) + }) + + stdin := new(bytes.Buffer) + stdout := new(bytes.Buffer) + stderr := new(bytes.Buffer) + + client := newClient(&commoncli.Env{ + Stdin: stdin, + Stdout: stdout, + Stderr: stderr, + }) + + test := &loggerTest{ + stdin: stdin, + stdout: stdout, + stderr: stderr, + args: []string{common.AddrArg, common.GetAddr(addr)}, + server: server, + client: client, + } + + t.Cleanup(func() { + test.afterTest(t) + }) + + return test +} + +// a mock grpc logger server +type mockLoggerServer struct { + loggerv1.UnimplementedLoggerServer + + receivedSetValue *types.LogLevel + returnLogger *types.Logger + returnErr error +} + +// mock implementation for GetLogger +func (s *mockLoggerServer) GetLogger(_ context.Context, _ *loggerv1.GetLoggerRequest) (*types.Logger, error) { + return s.returnLogger, s.returnErr +} + +func (s *mockLoggerServer) SetLogLevel(_ context.Context, req *loggerv1.SetLogLevelRequest) (*types.Logger, error) { + s.receivedSetValue = &req.NewLevel + return s.returnLogger, s.returnErr +} + +func (s *mockLoggerServer) ResetLogLevel(_ context.Context, _ *loggerv1.ResetLogLevelRequest) (*types.Logger, error) { + s.receivedSetValue = nil + return s.returnLogger, s.returnErr +} + +var _ io.Writer = &errorWriter{} + +type errorWriter struct { + ReturnError error + Buffer bytes.Buffer +} + +func (e *errorWriter) Write(p []byte) (n int, err error) { + if e.ReturnError != nil { + return 0, e.ReturnError + } + return e.Buffer.Write(p) +} + +func (e *errorWriter) String() string { + return e.Buffer.String() +} diff --git a/cmd/spire-server/cli/logger/printers.go b/cmd/spire-server/cli/logger/printers.go new file mode 100644 index 0000000000..8562dab963 --- /dev/null +++ b/cmd/spire-server/cli/logger/printers.go @@ -0,0 +1,40 @@ +package logger + +import ( + "errors" + "fmt" + + apitype "github.com/spiffe/spire-api-sdk/proto/spire/api/types" + commoncli "github.com/spiffe/spire/pkg/common/cli" + serverlogger "github.com/spiffe/spire/pkg/server/api/logger/v1" +) + +func PrettyPrintLogger(env *commoncli.Env, results ...any) error { + apiLogger, ok := results[0].(*apitype.Logger) + if !ok { + return errors.New("internal error: logger not found; please report this as a bug") + } + + logrusCurrent, found := serverlogger.LogrusLevel[apiLogger.CurrentLevel] + if !found { + return errors.New("internal error: returned current log level is undefined; please report this as a bug") + } + currentText, err := logrusCurrent.MarshalText() + if err != nil { + return fmt.Errorf("internal error: logrus log level %d has no name; please report this as a bug", logrusCurrent) + } + + logrusLaunch, found := serverlogger.LogrusLevel[apiLogger.LaunchLevel] + if !found { + return errors.New("internal error: returned launch log level is undefined; please report this as a bug") + } + launchText, err := logrusLaunch.MarshalText() + if err != nil { + return fmt.Errorf("internal error: logrus log level %d has no name; please report this as a bug", logrusLaunch) + } + + if err := env.Printf("Logger Level : %s\nLaunch Level : %s\n\n", currentText, launchText); err != nil { + return err + } + return nil +} diff --git a/cmd/spire-server/cli/logger/printers_test.go b/cmd/spire-server/cli/logger/printers_test.go new file mode 100644 index 0000000000..cd5df7d3c9 --- /dev/null +++ b/cmd/spire-server/cli/logger/printers_test.go @@ -0,0 +1,67 @@ +package logger_test + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/require" + + "github.com/spiffe/spire-api-sdk/proto/spire/api/types" + "github.com/spiffe/spire/cmd/spire-server/cli/logger" + commoncli "github.com/spiffe/spire/pkg/common/cli" +) + +func TestPrettyPrintLogger(t *testing.T) { + for _, tt := range []struct { + name string + logger interface{} + outWriter errorWriter + errWriter errorWriter + env *commoncli.Env + expectedStdout string + expectedStderr string + expectedError error + }{ + { + name: "test", + logger: &types.Logger{ + CurrentLevel: types.LogLevel_DEBUG, + LaunchLevel: types.LogLevel_INFO, + }, + expectedStdout: `Logger Level : debug +Launch Level : info + +`, + }, + { + name: "test env returning an error", + outWriter: errorWriter{ + ReturnError: errors.New("cannot write"), + }, + logger: &types.Logger{ + CurrentLevel: types.LogLevel_DEBUG, + LaunchLevel: types.LogLevel_INFO, + }, + expectedError: errors.New("cannot write"), + }, + { + name: "test nil logger", + outWriter: errorWriter{ + ReturnError: errors.New("cannot write"), + }, + logger: &types.Entry{}, + expectedError: errors.New("internal error: logger not found; please report this as a bug"), + }, + } { + tt := tt + t.Run(tt.name, func(t *testing.T) { + tt.env = &commoncli.Env{ + Stdout: &tt.outWriter, + Stderr: &tt.errWriter, + } + require.Equal(t, logger.PrettyPrintLogger(tt.env, tt.logger), tt.expectedError) + require.Equal(t, tt.outWriter.String(), tt.expectedStdout) + require.Equal(t, tt.errWriter.String(), tt.expectedStderr) + }) + } +} diff --git a/cmd/spire-server/cli/logger/set.go b/cmd/spire-server/cli/logger/set.go new file mode 100644 index 0000000000..d43220380e --- /dev/null +++ b/cmd/spire-server/cli/logger/set.go @@ -0,0 +1,84 @@ +package logger + +import ( + "context" + "flag" + "fmt" + "strings" + + "github.com/mitchellh/cli" + "github.com/sirupsen/logrus" + api "github.com/spiffe/spire-api-sdk/proto/spire/api/server/logger/v1" + apitype "github.com/spiffe/spire-api-sdk/proto/spire/api/types" + "github.com/spiffe/spire/cmd/spire-server/util" + commoncli "github.com/spiffe/spire/pkg/common/cli" + "github.com/spiffe/spire/pkg/common/cliprinter" + serverlogger "github.com/spiffe/spire/pkg/server/api/logger/v1" +) + +type setCommand struct { + env *commoncli.Env + newLevel string + printer cliprinter.Printer +} + +// Returns a cli.command that sets the log level using the default +// cli environment. +func NewSetCommand() cli.Command { + return NewSetCommandWithEnv(commoncli.DefaultEnv) +} + +// Returns a cli.command that sets the log level. +func NewSetCommandWithEnv(env *commoncli.Env) cli.Command { + return util.AdaptCommand(env, &setCommand{env: env}) +} + +// The name of the command. +func (*setCommand) Name() string { + return "logger set" +} + +// The help presented description of the command. +func (*setCommand) Synopsis() string { + return "Sets the logger details" +} + +// Adds additional flags specific to the command. +func (c *setCommand) AppendFlags(fs *flag.FlagSet) { + fs.StringVar(&c.newLevel, "level", "", "The new log level, one of (panic, fatal, error, warn, info, debug, trace, launch)") + cliprinter.AppendFlagWithCustomPretty(&c.printer, fs, c.env, c.prettyPrintLogger) +} + +// The routine that executes the command +func (c *setCommand) Run(ctx context.Context, _ *commoncli.Env, serverClient util.ServerClient) error { + if c.newLevel == "" { + return fmt.Errorf("a value (-level) must be set") + } + level := strings.ToLower(c.newLevel) + var logger *apitype.Logger + var err error + if level == "launch" { + logger, err = serverClient.NewLoggerClient().ResetLogLevel(ctx, &api.ResetLogLevelRequest{}) + } else { + var logrusLevel logrus.Level + logrusLevel, err = logrus.ParseLevel(level) + if err != nil { + return fmt.Errorf("the value %s is not a valid setting", c.newLevel) + } + apiLevel, found := serverlogger.APILevel[logrusLevel] + if !found { + return fmt.Errorf("the logrus level %d could not be transformed into an api log level", logrusLevel) + } + logger, err = serverClient.NewLoggerClient().SetLogLevel(ctx, &api.SetLogLevelRequest{ + NewLevel: apiLevel, + }) + } + if err != nil { + return fmt.Errorf("error fetching logger: %w", err) + } + return c.printer.PrintProto(logger) +} + +func (c *setCommand) prettyPrintLogger(env *commoncli.Env, results ...any) error { + return PrettyPrintLogger(env, results...) +} diff --git a/cmd/spire-server/cli/logger/set_posix_test.go b/cmd/spire-server/cli/logger/set_posix_test.go new file mode 100644 index 0000000000..1b84c77345 --- /dev/null +++ b/cmd/spire-server/cli/logger/set_posix_test.go @@ -0,0 +1,14 @@ +//go:build !windows + +package logger_test + +var ( + setUsage = `Usage of logger set: + -level string + The new log level, one of (panic, fatal, error, warn, info, debug, trace, launch) + -output value + Desired output format (pretty, json); default: pretty. + -socketPath string + Path to the SPIRE Server API socket (default "/tmp/spire-server/private/api.sock") +` +) diff --git a/cmd/spire-server/cli/logger/set_test.go b/cmd/spire-server/cli/logger/set_test.go new file mode 100644 index 0000000000..3b18d11c3b --- /dev/null +++ b/cmd/spire-server/cli/logger/set_test.go @@ -0,0 +1,151 @@ +package logger_test + +import ( + "testing" + + "github.com/stretchr/testify/require" + + "github.com/spiffe/spire-api-sdk/proto/spire/api/types" + "github.com/spiffe/spire/cmd/spire-server/cli/logger" +) + +func TestSetHelp(t *testing.T) { + test := setupCliTest(t, nil, logger.NewSetCommandWithEnv) + test.client.Help() + require.Equal(t, "", test.stdout.String()) + require.Equal(t, setUsage, test.stderr.String()) +} + +func TestSetSynopsis(t *testing.T) { + cmd := logger.NewSetCommand() + require.Equal(t, "Sets the logger details", cmd.Synopsis()) +} + +func TestSet(t *testing.T) { + for _, tt := range []struct { + name string + // server state + server *mockLoggerServer + // input + args []string + // expected items + expectedSetValue types.LogLevel + expectReturnCode int + expectStdout string + expectStderr string + }{ + { + name: "set to debug, configured to info, using pretty output", + args: []string{"-level", "debug", "-output", "pretty"}, + server: &mockLoggerServer{ + returnLogger: &types.Logger{ + CurrentLevel: types.LogLevel_DEBUG, + LaunchLevel: types.LogLevel_INFO, + }, + }, + expectedSetValue: types.LogLevel_DEBUG, + expectReturnCode: 0, + expectStdout: `Logger Level : debug +Launch Level : info + +`, + }, + { + name: "set to warn, configured to debug, using pretty output", + args: []string{"-level", "warn", "-output", "pretty"}, + server: &mockLoggerServer{ + returnLogger: &types.Logger{ + CurrentLevel: types.LogLevel_WARN, + LaunchLevel: types.LogLevel_DEBUG, + }, + }, + expectedSetValue: types.LogLevel_WARN, + expectReturnCode: 0, + expectStdout: `Logger Level : warning +Launch Level : debug + +`, + }, + { + name: "set to launch, configured to error, using pretty output", + args: []string{"-level", "launch", "-output", "pretty"}, + server: &mockLoggerServer{ + returnLogger: &types.Logger{ + CurrentLevel: types.LogLevel_ERROR, + LaunchLevel: types.LogLevel_ERROR, + }, + }, + expectReturnCode: 0, + expectStdout: `Logger Level : error +Launch Level : error + +`, + }, + { + name: "set to panic, configured to fatal, using pretty output", + args: []string{"-level", "panic", "-output", "pretty"}, + server: &mockLoggerServer{ + returnLogger: &types.Logger{ + CurrentLevel: types.LogLevel_PANIC, + LaunchLevel: types.LogLevel_FATAL, + }, + }, + expectedSetValue: types.LogLevel_PANIC, + expectReturnCode: 0, + expectStdout: `Logger Level : panic +Launch Level : fatal + +`, + }, + { + name: "set with invalid setting of never, logger unadjusted from (info,info)", + args: []string{"-level", "never", "-output", "pretty"}, + server: &mockLoggerServer{ + returnLogger: &types.Logger{ + CurrentLevel: types.LogLevel_INFO, + LaunchLevel: types.LogLevel_INFO, + }, + }, + expectReturnCode: 1, + expectStderr: `Error: the value never is not a valid setting +`, + }, + { + name: "No attribute set, cli returns error", + args: []string{"-output", "pretty"}, + server: &mockLoggerServer{ + returnLogger: &types.Logger{ + CurrentLevel: types.LogLevel_INFO, + LaunchLevel: types.LogLevel_INFO, + }, + }, + expectReturnCode: 1, + expectStderr: `Error: a value (-level) must be set +`, + }, + { + name: "bizzarro world, set to trace, logger unadjusted from (info,info)", + args: []string{"-level", "trace", "-output", "pretty"}, + server: &mockLoggerServer{ + returnLogger: &types.Logger{ + CurrentLevel: types.LogLevel_INFO, + LaunchLevel: types.LogLevel_INFO, + }, + }, + expectedSetValue: types.LogLevel_TRACE, + expectReturnCode: 0, + expectStdout: `Logger Level : info +Launch Level : info + +`, + }, + } { + t.Run(tt.name, func(t *testing.T) { + test := setupCliTest(t, tt.server, logger.NewSetCommandWithEnv) + returnCode := test.client.Run(append(test.args, tt.args...)) + require.Equal(t, tt.expectReturnCode, returnCode) + require.Equal(t, tt.expectStderr, test.stderr.String()) + require.Equal(t, tt.expectStdout, test.stdout.String()) + }) + } +} diff --git a/cmd/spire-server/cli/logger/set_windows_test.go b/cmd/spire-server/cli/logger/set_windows_test.go new file mode 100644 index 0000000000..7a561d3986 --- /dev/null +++ b/cmd/spire-server/cli/logger/set_windows_test.go @@ -0,0 +1,14 @@ +//go:build windows + +package logger_test + +var ( + setUsage = `Usage of logger set: + -level string + The new log level, one of (panic, fatal, error, warn, info, debug, trace, launch) + -namedPipeName string + Pipe name of the SPIRE Server API named pipe (default "\\spire-server\\private\\api") + -output value + Desired output format (pretty, json); default: pretty. +` +) diff --git a/cmd/spire-server/cli/run/run.go b/cmd/spire-server/cli/run/run.go index 2168f270db..0dbab00327 100644 --- a/cmd/spire-server/cli/run/run.go +++ b/cmd/spire-server/cli/run/run.go @@ -385,6 +385,7 @@ func NewServerConfig(c *Config, logOptions []log.Option, allowUnknownConfig bool } logger, err := log.NewLogger(logOptions...) + sc.LaunchLogLevel, _ = logrus.ParseLevel(c.Server.LogLevel) if err != nil { return nil, fmt.Errorf("could not start logger: %w", err) } diff --git a/cmd/spire-server/util/util.go b/cmd/spire-server/util/util.go index 791359f49d..258dfbc1c3 100644 --- a/cmd/spire-server/util/util.go +++ b/cmd/spire-server/util/util.go @@ -14,6 +14,7 @@ import ( agentv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/agent/v1" bundlev1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/bundle/v1" entryv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/entry/v1" + loggerv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/logger/v1" svidv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/svid/v1" trustdomainv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/trustdomain/v1" api_types "github.com/spiffe/spire-api-sdk/proto/spire/api/types" @@ -45,6 +46,7 @@ type ServerClient interface { NewAgentClient() agentv1.AgentClient NewBundleClient() bundlev1.BundleClient NewEntryClient() entryv1.EntryClient + NewLoggerClient() loggerv1.LoggerClient NewSVIDClient() svidv1.SVIDClient NewTrustDomainClient() trustdomainv1.TrustDomainClient NewHealthClient() grpc_health_v1.HealthClient @@ -78,6 +80,10 @@ func (c *serverClient) NewEntryClient() entryv1.EntryClient { return entryv1.NewEntryClient(c.conn) } +func (c *serverClient) NewLoggerClient() loggerv1.LoggerClient { + return loggerv1.NewLoggerClient(c.conn) +} + func (c *serverClient) NewSVIDClient() svidv1.SVIDClient { return svidv1.NewSVIDClient(c.conn) } diff --git a/go.mod b/go.mod index d99405dc7c..5f77fb8128 100644 --- a/go.mod +++ b/go.mod @@ -69,7 +69,7 @@ require ( github.com/sigstore/sigstore v1.8.2 github.com/sirupsen/logrus v1.9.3 github.com/spiffe/go-spiffe/v2 v2.1.7 - github.com/spiffe/spire-api-sdk v1.2.5-0.20231107161112-ba57e0e943a2 + github.com/spiffe/spire-api-sdk v1.2.5-0.20240222231036-08f5a1ab98c6 github.com/spiffe/spire-plugin-sdk v1.4.4-0.20230721151831-bf67dde4721d github.com/stretchr/testify v1.9.0 github.com/uber-go/tally/v4 v4.1.12 diff --git a/go.sum b/go.sum index ae299834c8..31ab9cdab5 100644 --- a/go.sum +++ b/go.sum @@ -1393,8 +1393,8 @@ github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMV github.com/spiffe/go-spiffe/v2 v2.1.6/go.mod h1:eVDqm9xFvyqao6C+eQensb9ZPkyNEeaUbqbBpOhBnNk= github.com/spiffe/go-spiffe/v2 v2.1.7 h1:VUkM1yIyg/x8X7u1uXqSRVRCdMdfRIEdFBzpqoeASGk= github.com/spiffe/go-spiffe/v2 v2.1.7/go.mod h1:QJDGdhXllxjxvd5B+2XnhhXB/+rC8gr+lNrtOryiWeE= -github.com/spiffe/spire-api-sdk v1.2.5-0.20231107161112-ba57e0e943a2 h1:EKSBig+9oEvyLUi80aE/88UHjoNCqlNGTFTjm02F+fk= -github.com/spiffe/spire-api-sdk v1.2.5-0.20231107161112-ba57e0e943a2/go.mod h1:4uuhFlN6KBWjACRP3xXwrOTNnvaLp1zJs8Lribtr4fI= +github.com/spiffe/spire-api-sdk v1.2.5-0.20240222231036-08f5a1ab98c6 h1:gCctMhffEF4KcrLP85qQwOeQoHCMMYlDL1HR0fEZ+sE= +github.com/spiffe/spire-api-sdk v1.2.5-0.20240222231036-08f5a1ab98c6/go.mod h1:4uuhFlN6KBWjACRP3xXwrOTNnvaLp1zJs8Lribtr4fI= github.com/spiffe/spire-plugin-sdk v1.4.4-0.20230721151831-bf67dde4721d h1:LCRQGU6vOqKLfRrG+GJQrwMwDILcAddAEIf4/1PaSVc= github.com/spiffe/spire-plugin-sdk v1.4.4-0.20230721151831-bf67dde4721d/go.mod h1:GA6o2PVLwyJdevT6KKt5ZXCY/ziAPna13y/seGk49Ik= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/pkg/common/api/middleware/names.go b/pkg/common/api/middleware/names.go index d09ee0829f..acacbbfa37 100644 --- a/pkg/common/api/middleware/names.go +++ b/pkg/common/api/middleware/names.go @@ -19,6 +19,8 @@ const ( EnvoySDSv3ServiceShortName = "SDS.v3" HealthServiceName = "grpc.health.v1.Health" HealthServiceShortName = "Health" + LoggerServiceName = "logger.v1.Logger" + LoggerServiceShortName = "Logger" DelegatedIdentityServiceName = "spire.api.agent.delegatedidentity.v1.DelegatedIdentity" DelegatedIdentityServiceShortName = "DelegatedIdentity" ServerReflectionServiceName = "grpc.reflection.v1.ServerReflection" @@ -33,6 +35,7 @@ var ( WorkloadAPIServiceName, WorkloadAPIServiceShortName, EnvoySDSv3ServiceName, EnvoySDSv3ServiceShortName, HealthServiceName, HealthServiceShortName, + LoggerServiceName, LoggerServiceShortName, DelegatedIdentityServiceName, DelegatedIdentityServiceShortName, ) diff --git a/pkg/server/api/logger/v1/levels.go b/pkg/server/api/logger/v1/levels.go new file mode 100644 index 0000000000..c8f0c06dcc --- /dev/null +++ b/pkg/server/api/logger/v1/levels.go @@ -0,0 +1,26 @@ +package logger + +import ( + logrus "github.com/sirupsen/logrus" + apitype "github.com/spiffe/spire-api-sdk/proto/spire/api/types" +) + +var APILevel = map[logrus.Level]apitype.LogLevel{ + logrus.PanicLevel: apitype.LogLevel_PANIC, + logrus.FatalLevel: apitype.LogLevel_FATAL, + logrus.ErrorLevel: apitype.LogLevel_ERROR, + logrus.WarnLevel: apitype.LogLevel_WARN, + logrus.InfoLevel: apitype.LogLevel_INFO, + logrus.DebugLevel: apitype.LogLevel_DEBUG, + logrus.TraceLevel: apitype.LogLevel_TRACE, +} + +var LogrusLevel = map[apitype.LogLevel]logrus.Level{ + apitype.LogLevel_PANIC: logrus.PanicLevel, + apitype.LogLevel_FATAL: logrus.FatalLevel, + apitype.LogLevel_ERROR: logrus.ErrorLevel, + apitype.LogLevel_WARN: logrus.WarnLevel, + apitype.LogLevel_INFO: logrus.InfoLevel, + apitype.LogLevel_DEBUG: logrus.DebugLevel, + apitype.LogLevel_TRACE: logrus.TraceLevel, +} diff --git a/pkg/server/api/logger/v1/levels_test.go b/pkg/server/api/logger/v1/levels_test.go new file mode 100644 index 0000000000..9b40ec879a --- /dev/null +++ b/pkg/server/api/logger/v1/levels_test.go @@ -0,0 +1,107 @@ +package logger_test + +import ( + "testing" + + "github.com/stretchr/testify/require" + + "github.com/sirupsen/logrus" + "github.com/spiffe/spire-api-sdk/proto/spire/api/types" + "github.com/spiffe/spire/pkg/server/api/logger/v1" +) + +func TestAPILevelValues(t *testing.T) { + for _, tt := range []struct { + name string + logrusLevel logrus.Level + expectedLevel types.LogLevel + }{ + { + name: "test logrus.PanicLevel fetches types.LogLevel_PANIC", + logrusLevel: logrus.PanicLevel, + expectedLevel: types.LogLevel_PANIC, + }, + { + name: "test logrus.FatalLevel fetches types.LogLevel_FATAL", + logrusLevel: logrus.FatalLevel, + expectedLevel: types.LogLevel_FATAL, + }, + { + name: "test logrus.ErrorLevel fetches types.LogLevel_ERROR", + logrusLevel: logrus.ErrorLevel, + expectedLevel: types.LogLevel_ERROR, + }, + { + name: "test logrus.WarnLevel fetches types.LogLevel_WARN", + logrusLevel: logrus.WarnLevel, + expectedLevel: types.LogLevel_WARN, + }, + { + name: "test logrus.InfoLevel fetches types.LogLevel_INFO", + logrusLevel: logrus.InfoLevel, + expectedLevel: types.LogLevel_INFO, + }, + { + name: "test logrus.DebugLevel fetches types.LogLevel_DEBUG", + logrusLevel: logrus.DebugLevel, + expectedLevel: types.LogLevel_DEBUG, + }, + { + name: "test logrus.TraceLevel fetches types.LogLevel_TRACE", + logrusLevel: logrus.TraceLevel, + expectedLevel: types.LogLevel_TRACE, + }, + } { + t.Run(tt.name, func(t *testing.T) { + require.Equal(t, logger.APILevel[tt.logrusLevel], tt.expectedLevel) + }) + } +} + +func TestLogrusLevelValues(t *testing.T) { + for _, tt := range []struct { + name string + apiLevel types.LogLevel + expectedLevel logrus.Level + }{ + { + name: "test types.LogLevel_PANIC fetches logrus.PanicLevel", + apiLevel: types.LogLevel_PANIC, + expectedLevel: logrus.PanicLevel, + }, + { + name: "test types.LogLevel_FATAL fetches logrus.FatalLevel", + apiLevel: types.LogLevel_FATAL, + expectedLevel: logrus.FatalLevel, + }, + { + name: "test types.LogLevel_ERROR fetches logrus.ErrorLevel", + apiLevel: types.LogLevel_ERROR, + expectedLevel: logrus.ErrorLevel, + }, + { + name: "test types.LogLevel_WARN fetches logrus.WarnLevel", + apiLevel: types.LogLevel_WARN, + expectedLevel: logrus.WarnLevel, + }, + { + name: "test types.LogLevel_INFO fetches logrus.InfoLevel", + apiLevel: types.LogLevel_INFO, + expectedLevel: logrus.InfoLevel, + }, + { + name: "test types.LogLevel_DEBUG fetches logrus.DebugLevel", + apiLevel: types.LogLevel_DEBUG, + expectedLevel: logrus.DebugLevel, + }, + { + name: "test types.LogLevel_TRACE fetches logrus.TraceLevel", + apiLevel: types.LogLevel_TRACE, + expectedLevel: logrus.TraceLevel, + }, + } { + t.Run(tt.name, func(t *testing.T) { + require.Equal(t, logger.LogrusLevel[tt.apiLevel], tt.expectedLevel) + }) + } +} diff --git a/pkg/server/api/logger/v1/service.go b/pkg/server/api/logger/v1/service.go new file mode 100644 index 0000000000..c18bdd7e61 --- /dev/null +++ b/pkg/server/api/logger/v1/service.go @@ -0,0 +1,78 @@ +package logger + +import ( + "context" + "fmt" + + loggerv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/logger/v1" + apitype "github.com/spiffe/spire-api-sdk/proto/spire/api/types" + + "github.com/sirupsen/logrus" + "google.golang.org/grpc" +) + +type Logger interface { + logrus.FieldLogger + GetLevel() logrus.Level + SetLevel(level logrus.Level) +} + +type Config struct { + Log Logger + LaunchLevel logrus.Level +} + +type Service struct { + loggerv1.UnsafeLoggerServer + + log Logger + launchLevel logrus.Level +} + +func New(config Config) *Service { + config.Log.WithFields(logrus.Fields{ + "LaunchLevel": config.LaunchLevel, + }).Info("Logger service configured") + return &Service{ + log: config.Log, + launchLevel: config.LaunchLevel, + } +} + +func RegisterService(s grpc.ServiceRegistrar, service *Service) { + loggerv1.RegisterLoggerServer(s, service) +} + +func (service *Service) GetLogger(_ context.Context, _ *loggerv1.GetLoggerRequest) (*apitype.Logger, error) { + service.log.Info("GetLogger Called") + logger := &apitype.Logger{ + CurrentLevel: APILevel[service.log.GetLevel()], + LaunchLevel: APILevel[service.launchLevel], + } + return logger, nil +} + +func (service *Service) SetLogLevel(_ context.Context, req *loggerv1.SetLogLevelRequest) (*apitype.Logger, error) { + if req.NewLevel == apitype.LogLevel_UNSPECIFIED { + return nil, fmt.Errorf("Invalid request, NewLevel value cannot be LogLevel_UNSPECIFIED") + } + service.log.WithFields(logrus.Fields{ + "NewLevel": LogrusLevel[req.NewLevel].String(), + }).Info("SetLogLevel Called") + service.log.SetLevel(LogrusLevel[req.NewLevel]) + logger := &apitype.Logger{ + CurrentLevel: APILevel[service.log.GetLevel()], + LaunchLevel: APILevel[service.launchLevel], + } + return logger, nil +} + +func (service *Service) ResetLogLevel(_ context.Context, _ *loggerv1.ResetLogLevelRequest) (*apitype.Logger, error) { + service.log.Info("ResetLogLevel Called") + service.log.SetLevel(service.launchLevel) + logger := &apitype.Logger{ + CurrentLevel: APILevel[service.log.GetLevel()], + LaunchLevel: APILevel[service.launchLevel], + } + return logger, nil +} diff --git a/pkg/server/api/logger/v1/service_test.go b/pkg/server/api/logger/v1/service_test.go new file mode 100644 index 0000000000..35e75d29fc --- /dev/null +++ b/pkg/server/api/logger/v1/service_test.go @@ -0,0 +1,900 @@ +package logger_test + +import ( + "context" + "testing" + + "github.com/sirupsen/logrus/hooks/test" + "github.com/spiffe/spire/test/grpctest" + "github.com/spiffe/spire/test/spiretest" + "github.com/stretchr/testify/require" + + "github.com/sirupsen/logrus" + loggerv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/logger/v1" + apitype "github.com/spiffe/spire-api-sdk/proto/spire/api/types" + "github.com/spiffe/spire/pkg/server/api/logger/v1" + "github.com/spiffe/spire/pkg/server/api/rpccontext" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" +) + +func TestGetLogger(t *testing.T) { + for _, tt := range []struct { + name string + launchLevel logrus.Level + + expectedErr error + expectedResponse *apitype.Logger + expectedLogs []spiretest.LogEntry + }{ + { + name: "test GetLogger on initialized to PANIC", + launchLevel: logrus.PanicLevel, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_PANIC, + LaunchLevel: apitype.LogLevel_PANIC, + }, + // no outputted log messages, as the are at INFO level + expectedLogs: nil, + }, + { + name: "test GetLogger on initialized to FATAL", + launchLevel: logrus.FatalLevel, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_FATAL, + LaunchLevel: apitype.LogLevel_FATAL, + }, + // no outputted log messages, as the are at INFO level + expectedLogs: nil, + }, + { + name: "test GetLogger on initialized to ERROR", + launchLevel: logrus.ErrorLevel, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_ERROR, + LaunchLevel: apitype.LogLevel_ERROR, + }, + // no outputted log messages, as the are at INFO level + expectedLogs: nil, + }, + { + name: "test GetLogger on initialized to WARN", + launchLevel: logrus.WarnLevel, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_WARN, + LaunchLevel: apitype.LogLevel_WARN, + }, + // no outputted log messages, as the are at INFO level + expectedLogs: nil, + }, + { + name: "test GetLogger on initialized to INFO", + launchLevel: logrus.InfoLevel, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_INFO, + LaunchLevel: apitype.LogLevel_INFO, + }, + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "info", + }, + }, + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + }, + }, + { + name: "test GetLogger on initialized to DEBUG", + launchLevel: logrus.DebugLevel, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_DEBUG, + LaunchLevel: apitype.LogLevel_DEBUG, + }, + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "debug", + }, + }, + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + }, + }, + { + name: "test GetLogger on initialized to TRACE", + launchLevel: logrus.TraceLevel, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_TRACE, + LaunchLevel: apitype.LogLevel_TRACE, + }, + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "trace", + }, + }, + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + }, + }, + } { + tt := tt + t.Run(tt.name, func(t *testing.T) { + test := setupServiceTest(t, tt.launchLevel) + defer test.Cleanup() + + resp, err := test.client.GetLogger(context.Background(), &loggerv1.GetLoggerRequest{}) + require.Equal(t, err, tt.expectedErr) + spiretest.AssertLogs(t, test.logHook.AllEntries(), tt.expectedLogs) + spiretest.RequireProtoEqual(t, resp, tt.expectedResponse) + }) + } +} + +// After changing the log level, gets the logger to check the log impact +func TestSetLoggerThenGetLogger(t *testing.T) { + for _, tt := range []struct { + name string + launchLevel logrus.Level + setLogLevelRequest *loggerv1.SetLogLevelRequest + + expectedErr error + expectedResponse *apitype.Logger + expectedLogs []spiretest.LogEntry + }{ + { + name: "test SetLogger to FATAL on initialized to PANIC", + launchLevel: logrus.PanicLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_FATAL, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_FATAL, + LaunchLevel: apitype.LogLevel_PANIC, + }, + expectedLogs: nil, + }, + { + name: "test SetLogger to INFO on initialized to PANIC", + launchLevel: logrus.PanicLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_INFO, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_INFO, + LaunchLevel: apitype.LogLevel_PANIC, + }, + // only the ending get logger will log + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + }, + }, + { + name: "test SetLogger to DEBUG on initialized to PANIC", + launchLevel: logrus.PanicLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_DEBUG, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_DEBUG, + LaunchLevel: apitype.LogLevel_PANIC, + }, + // only the ending get logger will log + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + }, + }, + { + name: "test SetLogger to PANIC on initialized to INFO", + launchLevel: logrus.InfoLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_PANIC, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_PANIC, + LaunchLevel: apitype.LogLevel_INFO, + }, + // the ending getlogger will be suppressed + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "info", + }, + }, + { + Level: logrus.InfoLevel, + Message: "SetLogLevel Called", + Data: logrus.Fields{ + "NewLevel": "panic", + }, + }, + }, + }, + { + name: "test SetLogger to INFO on initialized to INFO", + launchLevel: logrus.InfoLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_INFO, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_INFO, + LaunchLevel: apitype.LogLevel_INFO, + }, + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "info", + }, + }, + { + Level: logrus.InfoLevel, + Message: "SetLogLevel Called", + Data: logrus.Fields{ + "NewLevel": "info", + }, + }, + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + }, + }, + { + name: "test SetLogger to DEBUG on initialized to INFO", + launchLevel: logrus.InfoLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_DEBUG, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_DEBUG, + LaunchLevel: apitype.LogLevel_INFO, + }, + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "info", + }, + }, + { + Level: logrus.InfoLevel, + Message: "SetLogLevel Called", + Data: logrus.Fields{ + "NewLevel": "debug", + }, + }, + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + }, + }, + { + name: "test SetLogger to PANIC on initialized to TRACE", + launchLevel: logrus.TraceLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_PANIC, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_PANIC, + LaunchLevel: apitype.LogLevel_TRACE, + }, + // the ending getlogger will be suppressed + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "trace", + }, + }, + { + Level: logrus.InfoLevel, + Message: "SetLogLevel Called", + Data: logrus.Fields{ + "NewLevel": "panic", + }, + }, + }, + }, + { + name: "test SetLogger to INFO on initialized to TRACE", + launchLevel: logrus.TraceLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_INFO, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_INFO, + LaunchLevel: apitype.LogLevel_TRACE, + }, + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "trace", + }, + }, + { + Level: logrus.InfoLevel, + Message: "SetLogLevel Called", + Data: logrus.Fields{ + "NewLevel": "info", + }, + }, + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + }, + }, + { + name: "test SetLogger to DEBUG on initialized to TRACE", + launchLevel: logrus.TraceLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_DEBUG, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_DEBUG, + LaunchLevel: apitype.LogLevel_TRACE, + }, + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "trace", + }, + }, + { + Level: logrus.InfoLevel, + Message: "SetLogLevel Called", + Data: logrus.Fields{ + "NewLevel": "debug", + }, + }, + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + }, + }, + } { + tt := tt + t.Run(tt.name, func(t *testing.T) { + test := setupServiceTest(t, tt.launchLevel) + defer test.Cleanup() + + resp, _ := test.client.SetLogLevel(context.Background(), tt.setLogLevelRequest) + spiretest.RequireProtoEqual(t, resp, tt.expectedResponse) + resp, err := test.client.GetLogger(context.Background(), &loggerv1.GetLoggerRequest{}) + require.Equal(t, err, tt.expectedErr) + spiretest.RequireProtoEqual(t, resp, tt.expectedResponse) + + spiretest.AssertLogs(t, test.logHook.AllEntries(), tt.expectedLogs) + }) + } +} + +// After changing the log level, gets the logger to check the log impact +// After resetting the log level, gets the logger to check the log impact +func TestResetLogger(t *testing.T) { + for _, tt := range []struct { + name string + launchLevel logrus.Level + setLogLevelRequest *loggerv1.SetLogLevelRequest + + expectedErr error + expectedResponse *apitype.Logger + expectedLogs []spiretest.LogEntry + }{ + { + name: "test PANIC Logger set to FATAL then RESET", + launchLevel: logrus.PanicLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_FATAL, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_PANIC, + LaunchLevel: apitype.LogLevel_PANIC, + }, + expectedLogs: nil, + }, + { + name: "test PANIC Logger set to INFO then RESET", + launchLevel: logrus.PanicLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_INFO, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_PANIC, + LaunchLevel: apitype.LogLevel_PANIC, + }, + // only the ending get logger will log + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + { + Level: logrus.InfoLevel, + Message: "ResetLogLevel Called", + }, + }, + }, + { + name: "test PANIC Logger set to DEBUG then RESET", + launchLevel: logrus.PanicLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_DEBUG, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_PANIC, + LaunchLevel: apitype.LogLevel_PANIC, + }, + // only the ending get logger will log + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + { + Level: logrus.InfoLevel, + Message: "ResetLogLevel Called", + }, + }, + }, + { + name: "test INFO Logger set to PANIC and then RESET", + launchLevel: logrus.InfoLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_PANIC, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_INFO, + LaunchLevel: apitype.LogLevel_INFO, + }, + // the ending getlogger will be suppressed + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "info", + }, + }, + { + Level: logrus.InfoLevel, + Message: "SetLogLevel Called", + Data: logrus.Fields{ + "NewLevel": "panic", + }, + }, + // the second get, after the reset + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + }, + }, + { + name: "test INFO Logger set to INFO and then RESET", + launchLevel: logrus.InfoLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_INFO, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_INFO, + LaunchLevel: apitype.LogLevel_INFO, + }, + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "info", + }, + }, + { + Level: logrus.InfoLevel, + Message: "SetLogLevel Called", + Data: logrus.Fields{ + "NewLevel": "info", + }, + }, + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + { + Level: logrus.InfoLevel, + Message: "ResetLogLevel Called", + }, + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + }, + }, + { + name: "test INFO Logger set to DEBUG and then RESET", + launchLevel: logrus.InfoLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_DEBUG, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_INFO, + LaunchLevel: apitype.LogLevel_INFO, + }, + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "info", + }, + }, + { + Level: logrus.InfoLevel, + Message: "SetLogLevel Called", + Data: logrus.Fields{ + "NewLevel": "debug", + }, + }, + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + { + Level: logrus.InfoLevel, + Message: "ResetLogLevel Called", + }, + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + }, + }, + { + name: "test TRACE Logger set to PANIC and then RESET", + launchLevel: logrus.TraceLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_PANIC, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_TRACE, + LaunchLevel: apitype.LogLevel_TRACE, + }, + // the ending getlogger will be suppressed + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "trace", + }, + }, + { + Level: logrus.InfoLevel, + Message: "SetLogLevel Called", + Data: logrus.Fields{ + "NewLevel": "panic", + }, + }, + // the second get logger, after the reset + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + }, + }, + { + name: "test TRACE Logger set to INFO and then RESET", + launchLevel: logrus.TraceLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_INFO, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_TRACE, + LaunchLevel: apitype.LogLevel_TRACE, + }, + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "trace", + }, + }, + { + Level: logrus.InfoLevel, + Message: "SetLogLevel Called", + Data: logrus.Fields{ + "NewLevel": "info", + }, + }, + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + { + Level: logrus.InfoLevel, + Message: "ResetLogLevel Called", + }, + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + }, + }, + { + name: "test TRACE Logger set to DEBUG and then RESET", + launchLevel: logrus.TraceLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_DEBUG, + }, + + expectedResponse: &apitype.Logger{ + CurrentLevel: apitype.LogLevel_TRACE, + LaunchLevel: apitype.LogLevel_TRACE, + }, + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "trace", + }, + }, + { + Level: logrus.InfoLevel, + Message: "SetLogLevel Called", + Data: logrus.Fields{ + "NewLevel": "debug", + }, + }, + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + { + Level: logrus.InfoLevel, + Message: "ResetLogLevel Called", + }, + { + Level: logrus.InfoLevel, + Message: "GetLogger Called", + }, + }, + }, + } { + tt := tt + t.Run(tt.name, func(t *testing.T) { + test := setupServiceTest(t, tt.launchLevel) + defer test.Cleanup() + + _, _ = test.client.SetLogLevel(context.Background(), tt.setLogLevelRequest) + _, _ = test.client.GetLogger(context.Background(), &loggerv1.GetLoggerRequest{}) + resp, err := test.client.ResetLogLevel(context.Background(), &loggerv1.ResetLogLevelRequest{}) + + require.Equal(t, err, tt.expectedErr) + spiretest.RequireProtoEqual(t, resp, tt.expectedResponse) + _, _ = test.client.GetLogger(context.Background(), &loggerv1.GetLoggerRequest{}) + spiretest.AssertLogs(t, test.logHook.AllEntries(), tt.expectedLogs) + }) + } +} + +func TestUnsetSetLogLevelRequest(t *testing.T) { + for _, tt := range []struct { + name string + launchLevel logrus.Level + setLogLevelRequest *loggerv1.SetLogLevelRequest + + code codes.Code + expectedErr string + expectedResponse *apitype.Logger + expectedLogs []spiretest.LogEntry + }{ + { + name: "test PANIC Logger set without a log level", + launchLevel: logrus.PanicLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{}, + + code: codes.Unknown, + expectedErr: "Invalid request, NewLevel value cannot be LogLevel_UNSPECIFIED", + expectedResponse: nil, + // the error seems to clear the log capture + expectedLogs: nil, + }, + { + name: "test PANIC Logger set to UNSPECIFIED", + launchLevel: logrus.PanicLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_UNSPECIFIED, + }, + + code: codes.Unknown, + expectedErr: "Invalid request, NewLevel value cannot be LogLevel_UNSPECIFIED", + expectedResponse: nil, + // the error seems to clear the log capture + expectedLogs: nil, + }, + { + name: "test INFO Logger set without a log level", + launchLevel: logrus.InfoLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{}, + + code: codes.Unknown, + expectedErr: "Invalid request, NewLevel value cannot be LogLevel_UNSPECIFIED", + expectedResponse: nil, + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "info", + }, + }, + }, + }, + { + name: "test INFO Logger set to UNSPECIFIED", + launchLevel: logrus.InfoLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_UNSPECIFIED, + }, + + code: codes.Unknown, + expectedErr: "Invalid request, NewLevel value cannot be LogLevel_UNSPECIFIED", + expectedResponse: nil, + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "info", + }, + }, + }, + }, + { + name: "test DEBUG Logger set without a log level", + launchLevel: logrus.DebugLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{}, + + code: codes.Unknown, + expectedErr: "Invalid request, NewLevel value cannot be LogLevel_UNSPECIFIED", + expectedResponse: nil, + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "debug", + }, + }, + }, + }, + { + name: "test DEBUG Logger set to UNSPECIFIED", + launchLevel: logrus.DebugLevel, + setLogLevelRequest: &loggerv1.SetLogLevelRequest{ + NewLevel: apitype.LogLevel_UNSPECIFIED, + }, + + code: codes.Unknown, + expectedErr: "Invalid request, NewLevel value cannot be LogLevel_UNSPECIFIED", + expectedResponse: nil, + expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Logger service configured", + Data: logrus.Fields{ + "LaunchLevel": "debug", + }, + }, + }, + }, + } { + tt := tt + t.Run(tt.name, func(t *testing.T) { + test := setupServiceTest(t, tt.launchLevel) + defer test.Cleanup() + + resp, err := test.client.SetLogLevel(context.Background(), tt.setLogLevelRequest) + spiretest.RequireGRPCStatusContains(t, err, tt.code, tt.expectedErr) + require.Nil(t, resp) + + spiretest.RequireProtoEqual(t, resp, tt.expectedResponse) + spiretest.AssertLogs(t, test.logHook.AllEntries(), tt.expectedLogs) + }) + } +} + +type serviceTest struct { + client loggerv1.LoggerClient + done func() + + logHook *test.Hook +} + +func (s *serviceTest) Cleanup() { + s.done() +} + +func setupServiceTest(t *testing.T, launchLevel logrus.Level) *serviceTest { + log, logHook := test.NewNullLogger() + // logger level should initially match the launch level + log.SetLevel(launchLevel) + service := logger.New(logger.Config{ + Log: log, + LaunchLevel: launchLevel, + }) + + registerFn := func(s grpc.ServiceRegistrar) { + logger.RegisterService(s, service) + } + overrideContext := func(ctx context.Context) context.Context { + ctx = rpccontext.WithLogger(ctx, log) + return ctx + } + server := grpctest.StartServer(t, registerFn, grpctest.OverrideContext(overrideContext)) + conn := server.Dial(t) + + test := &serviceTest{ + done: server.Stop, + logHook: logHook, + client: loggerv1.NewLoggerClient(conn), + } + + return test +} diff --git a/pkg/server/authpolicy/policy_data.json b/pkg/server/authpolicy/policy_data.json index 9b3556cf4f..d2363a1653 100644 --- a/pkg/server/authpolicy/policy_data.json +++ b/pkg/server/authpolicy/policy_data.json @@ -113,6 +113,18 @@ "full_method": "/spire.api.server.entry.v1.Entry/SyncAuthorizedEntries", "allow_agent": true }, + { + "full_method": "/spire.api.server.logger.v1.Logger/GetLogger", + "allow_local": true + }, + { + "full_method": "/spire.api.server.logger.v1.Logger/SetLogLevel", + "allow_local": true + }, + { + "full_method": "/spire.api.server.logger.v1.Logger/ResetLogLevel", + "allow_local": true + }, { "full_method": "/spire.api.server.agent.v1.Agent/CountAgents", "allow_admin": true, diff --git a/pkg/server/config.go b/pkg/server/config.go index ae2dffc231..c973151b56 100644 --- a/pkg/server/config.go +++ b/pkg/server/config.go @@ -11,6 +11,7 @@ import ( common "github.com/spiffe/spire/pkg/common/catalog" "github.com/spiffe/spire/pkg/common/health" "github.com/spiffe/spire/pkg/common/telemetry" + loggerv1 "github.com/spiffe/spire/pkg/server/api/logger/v1" "github.com/spiffe/spire/pkg/server/authpolicy" bundle_client "github.com/spiffe/spire/pkg/server/bundle/client" "github.com/spiffe/spire/pkg/server/endpoints" @@ -22,7 +23,9 @@ type Config struct { // Configurations for server plugins PluginConfigs common.PluginConfigs - Log logrus.FieldLogger + Log loggerv1.Logger + + LaunchLogLevel logrus.Level // LogReopener facilitates handling a signal to rotate log file. LogReopener func(context.Context) error diff --git a/pkg/server/endpoints/config.go b/pkg/server/endpoints/config.go index 4ae690d856..20d205a3ff 100644 --- a/pkg/server/endpoints/config.go +++ b/pkg/server/endpoints/config.go @@ -20,6 +20,7 @@ import ( debugv1 "github.com/spiffe/spire/pkg/server/api/debug/v1" entryv1 "github.com/spiffe/spire/pkg/server/api/entry/v1" healthv1 "github.com/spiffe/spire/pkg/server/api/health/v1" + loggerv1 "github.com/spiffe/spire/pkg/server/api/logger/v1" svidv1 "github.com/spiffe/spire/pkg/server/api/svid/v1" trustdomainv1 "github.com/spiffe/spire/pkg/server/api/trustdomain/v1" "github.com/spiffe/spire/pkg/server/authpolicy" @@ -61,7 +62,15 @@ type Config struct { // Makes policy decisions AuthPolicyEngine *authpolicy.Engine - Log logrus.FieldLogger + // The logger for the endpoints subsystem + Log logrus.FieldLogger + + // The root logger for the entire process + RootLog loggerv1.Logger + + // The default (original config) log level + LaunchLogLevel logrus.Level + Metrics telemetry.Metrics // RateLimit holds rate limiting configurations. @@ -157,6 +166,10 @@ func (c *Config) makeAPIServers(entryFetcher api.AuthorizedEntryFetcher) APIServ TrustDomain: c.TrustDomain, DataStore: ds, }), + LoggerServer: loggerv1.New(loggerv1.Config{ + Log: c.RootLog, + LaunchLevel: c.LaunchLogLevel, + }), SVIDServer: svidv1.New(svidv1.Config{ TrustDomain: c.TrustDomain, EntryFetcher: entryFetcher, diff --git a/pkg/server/endpoints/endpoints.go b/pkg/server/endpoints/endpoints.go index a6c5429758..1d767999e5 100644 --- a/pkg/server/endpoints/endpoints.go +++ b/pkg/server/endpoints/endpoints.go @@ -25,6 +25,7 @@ import ( bundlev1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/bundle/v1" debugv1_pb "github.com/spiffe/spire-api-sdk/proto/spire/api/server/debug/v1" entryv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/entry/v1" + loggerv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/logger/v1" svidv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/svid/v1" trustdomainv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/trustdomain/v1" "github.com/spiffe/spire/pkg/common/auth" @@ -86,6 +87,7 @@ type APIServers struct { DebugServer debugv1_pb.DebugServer EntryServer entryv1.EntryServer HealthServer grpc_health_v1.HealthServer + LoggerServer loggerv1.LoggerServer SVIDServer svidv1.SVIDServer TrustDomainServer trustdomainv1.TrustDomainServer } @@ -175,7 +177,7 @@ func (e *Endpoints) ListenAndServe(ctx context.Context) error { tcpServer := e.createTCPServer(ctx, unaryInterceptor, streamInterceptor) udsServer := e.createUDSServer(unaryInterceptor, streamInterceptor) - // New APIs + // TCP and UDS agentv1.RegisterAgentServer(tcpServer, e.APIServers.AgentServer) agentv1.RegisterAgentServer(udsServer, e.APIServers.AgentServer) bundlev1.RegisterBundleServer(tcpServer, e.APIServers.BundleServer) @@ -187,7 +189,8 @@ func (e *Endpoints) ListenAndServe(ctx context.Context) error { trustdomainv1.RegisterTrustDomainServer(tcpServer, e.APIServers.TrustDomainServer) trustdomainv1.RegisterTrustDomainServer(udsServer, e.APIServers.TrustDomainServer) - // Register Health and Debug only on UDS server + // UDS only + loggerv1.RegisterLoggerServer(udsServer, e.APIServers.LoggerServer) grpc_health_v1.RegisterHealthServer(udsServer, e.APIServers.HealthServer) debugv1_pb.RegisterDebugServer(udsServer, e.APIServers.DebugServer) diff --git a/pkg/server/endpoints/endpoints_test.go b/pkg/server/endpoints/endpoints_test.go index 812ff6ee5d..542aafba4a 100644 --- a/pkg/server/endpoints/endpoints_test.go +++ b/pkg/server/endpoints/endpoints_test.go @@ -19,6 +19,7 @@ import ( bundlev1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/bundle/v1" debugv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/debug/v1" entryv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/entry/v1" + loggerv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/logger/v1" svidv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/svid/v1" trustdomainv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/trustdomain/v1" "github.com/spiffe/spire-api-sdk/proto/spire/api/types" @@ -95,6 +96,7 @@ func TestNew(t *testing.T) { BundleEndpoint: bundle.EndpointConfig{Address: tcpAddr}, JWTKeyPublisher: &fakeJWTKeyPublisher{}, Log: log, + RootLog: log, Metrics: metrics, RateLimit: rateLimit, Clock: clk, @@ -110,6 +112,7 @@ func TestNew(t *testing.T) { assert.NotNil(t, endpoints.APIServers.DebugServer) assert.NotNil(t, endpoints.APIServers.EntryServer) assert.NotNil(t, endpoints.APIServers.HealthServer) + assert.NotNil(t, endpoints.APIServers.LoggerServer) assert.NotNil(t, endpoints.APIServers.SVIDServer) assert.NotNil(t, endpoints.BundleEndpointServer) assert.NotNil(t, endpoints.EntryFetcherPruneEventsTask) @@ -208,6 +211,7 @@ func TestListenAndServe(t *testing.T) { DebugServer: debugServer{}, EntryServer: entryServer{}, HealthServer: healthServer{}, + LoggerServer: loggerServer{}, SVIDServer: svidServer{}, TrustDomainServer: trustDomainServer{}, }, @@ -301,6 +305,9 @@ func TestListenAndServe(t *testing.T) { t.Run("Health", func(t *testing.T) { testHealthAPI(ctx, t, conns) }) + t.Run("Logger", func(t *testing.T) { + testLoggerAPI(ctx, t, conns) + }) t.Run("Bundle", func(t *testing.T) { testBundleAPI(ctx, t, conns) }) @@ -518,6 +525,36 @@ func testHealthAPI(ctx context.Context, t *testing.T, conns testConns) { }) } +func testLoggerAPI(ctx context.Context, t *testing.T, conns testConns) { + t.Run("Local", func(t *testing.T) { + testAuthorization(ctx, t, loggerv1.NewLoggerClient(conns.local), map[string]bool{ + "GetLogger": true, + "SetLogLevel": true, + "ResetLogLevel": true, + }) + }) + + t.Run("NoAuth", func(t *testing.T) { + assertServiceUnavailable(ctx, t, loggerv1.NewLoggerClient(conns.noAuth)) + }) + + t.Run("Agent", func(t *testing.T) { + assertServiceUnavailable(ctx, t, loggerv1.NewLoggerClient(conns.agent)) + }) + + t.Run("Admin", func(t *testing.T) { + assertServiceUnavailable(ctx, t, loggerv1.NewLoggerClient(conns.admin)) + }) + + t.Run("Federated Admin", func(t *testing.T) { + assertServiceUnavailable(ctx, t, loggerv1.NewLoggerClient(conns.federatedAdmin)) + }) + + t.Run("Downstream", func(t *testing.T) { + assertServiceUnavailable(ctx, t, loggerv1.NewLoggerClient(conns.downstream)) + }) +} + func testDebugAPI(ctx context.Context, t *testing.T, conns testConns) { t.Run("Local", func(t *testing.T) { testAuthorization(ctx, t, debugv1.NewDebugClient(conns.local), map[string]bool{ @@ -1148,6 +1185,22 @@ func (healthServer) Watch(_ *grpc_health_v1.HealthCheckRequest, stream grpc_heal return stream.Send(&grpc_health_v1.HealthCheckResponse{}) } +type loggerServer struct { + loggerv1.UnsafeLoggerServer +} + +func (loggerServer) GetLogger(context.Context, *loggerv1.GetLoggerRequest) (*types.Logger, error) { + return &types.Logger{}, nil +} + +func (loggerServer) SetLogLevel(context.Context, *loggerv1.SetLogLevelRequest) (*types.Logger, error) { + return &types.Logger{}, nil +} + +func (loggerServer) ResetLogLevel(context.Context, *loggerv1.ResetLogLevelRequest) (*types.Logger, error) { + return &types.Logger{}, nil +} + type svidServer struct { svidv1.UnsafeSVIDServer } diff --git a/pkg/server/endpoints/middleware.go b/pkg/server/endpoints/middleware.go index 38d36ad2c4..c8df56389d 100644 --- a/pkg/server/endpoints/middleware.go +++ b/pkg/server/endpoints/middleware.go @@ -153,6 +153,9 @@ func RateLimits(config RateLimitConfig) map[string]api.RateLimiter { "/spire.api.server.entry.v1.Entry/BatchDeleteEntry": noLimit, "/spire.api.server.entry.v1.Entry/GetAuthorizedEntries": noLimit, "/spire.api.server.entry.v1.Entry/SyncAuthorizedEntries": noLimit, + "/spire.api.server.logger.v1.Logger/GetLogger": noLimit, + "/spire.api.server.logger.v1.Logger/SetLogLevel": noLimit, + "/spire.api.server.logger.v1.Logger/ResetLogLevel": noLimit, "/spire.api.server.agent.v1.Agent/CountAgents": noLimit, "/spire.api.server.agent.v1.Agent/ListAgents": noLimit, "/spire.api.server.agent.v1.Agent/GetAgent": noLimit, diff --git a/pkg/server/server.go b/pkg/server/server.go index 0c0c7a3959..304736e255 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -75,6 +75,10 @@ func (s *Server) run(ctx context.Context) (err error) { telemetry.DataDir: s.config.DataDir, }).Info("Configured") + s.config.Log.WithFields(logrus.Fields{ + "LaunchLogLevel": s.config.LaunchLogLevel, + }).Info("Log Level") + // create the data directory if needed if err := diskutil.CreateDataDirectory(s.config.DataDir); err != nil { return err @@ -386,6 +390,8 @@ func (s *Server) newEndpointsServer(ctx context.Context, catalog catalog.Catalog Catalog: catalog, ServerCA: serverCA, Log: s.config.Log.WithField(telemetry.SubsystemName, telemetry.Endpoints), + RootLog: s.config.Log, + LaunchLogLevel: s.config.LaunchLogLevel, Metrics: metrics, JWTKeyPublisher: jwtKeyPublisher, RateLimit: s.config.RateLimit, From e231f674513ad8e080e49389c6f65fd738e6d836 Mon Sep 17 00:00:00 2001 From: Marcos Yacob Date: Mon, 11 Mar 2024 18:07:07 -0300 Subject: [PATCH 48/83] Resolve some issues in logger API and add reset logger CLI (#4966) Signed-off-by: Marcos Yacob --- cmd/spire-server/cli/cli.go | 3 + cmd/spire-server/cli/logger/get_test.go | 22 +- cmd/spire-server/cli/logger/mocks_test.go | 12 +- cmd/spire-server/cli/logger/printers.go | 2 +- cmd/spire-server/cli/logger/printers_test.go | 2 +- cmd/spire-server/cli/logger/reset.go | 57 +++ .../cli/logger/reset_posix_test.go | 12 + cmd/spire-server/cli/logger/reset_test.go | 69 +++ .../cli/logger/reset_windows_test.go | 12 + cmd/spire-server/cli/logger/set.go | 38 +- cmd/spire-server/cli/logger/set_posix_test.go | 2 +- cmd/spire-server/cli/logger/set_test.go | 47 +- .../cli/logger/set_windows_test.go | 2 +- cmd/spire-server/cli/run/run.go | 2 +- cmd/spire-server/cli/run/run_test.go | 4 +- pkg/common/telemetry/names.go | 6 + pkg/server/api/logger/v1/service.go | 91 ++-- pkg/server/api/logger/v1/service_test.go | 403 +++++++----------- pkg/server/config.go | 3 - pkg/server/endpoints/config.go | 3 +- pkg/server/server.go | 10 +- 21 files changed, 425 insertions(+), 377 deletions(-) create mode 100644 cmd/spire-server/cli/logger/reset.go create mode 100644 cmd/spire-server/cli/logger/reset_posix_test.go create mode 100644 cmd/spire-server/cli/logger/reset_test.go create mode 100644 cmd/spire-server/cli/logger/reset_windows_test.go diff --git a/cmd/spire-server/cli/cli.go b/cmd/spire-server/cli/cli.go index 4fdb631cea..1ce382cf71 100644 --- a/cmd/spire-server/cli/cli.go +++ b/cmd/spire-server/cli/cli.go @@ -103,6 +103,9 @@ func (cc *CLI) Run(ctx context.Context, args []string) int { "logger set": func() (cli.Command, error) { return logger.NewSetCommand(), nil }, + "logger reset": func() (cli.Command, error) { + return logger.NewResetCommand(), nil + }, "run": func() (cli.Command, error) { return run.NewRunCommand(ctx, cc.LogOptions, cc.AllowUnknownConfig), nil }, diff --git a/cmd/spire-server/cli/logger/get_test.go b/cmd/spire-server/cli/logger/get_test.go index b571f785b7..d3e8b677cc 100644 --- a/cmd/spire-server/cli/logger/get_test.go +++ b/cmd/spire-server/cli/logger/get_test.go @@ -26,7 +26,7 @@ func TestGet(t *testing.T) { for _, tt := range []struct { name string // server state - server *mockLoggerServer + server *mockLoggerService // input args []string // expected items @@ -37,7 +37,7 @@ func TestGet(t *testing.T) { { name: "configured to info, set to info, using pretty output", args: []string{"-output", "pretty"}, - server: &mockLoggerServer{ + server: &mockLoggerService{ returnLogger: &types.Logger{ CurrentLevel: types.LogLevel_INFO, LaunchLevel: types.LogLevel_INFO, @@ -52,7 +52,7 @@ Launch Level : info { name: "configured to debug, set to warn, using pretty output", args: []string{"-output", "pretty"}, - server: &mockLoggerServer{ + server: &mockLoggerService{ returnLogger: &types.Logger{ CurrentLevel: types.LogLevel_WARN, LaunchLevel: types.LogLevel_DEBUG, @@ -67,7 +67,7 @@ Launch Level : debug { name: "configured to error, set to trace, using pretty output", args: []string{"-output", "pretty"}, - server: &mockLoggerServer{ + server: &mockLoggerService{ returnLogger: &types.Logger{ CurrentLevel: types.LogLevel_TRACE, LaunchLevel: types.LogLevel_ERROR, @@ -82,7 +82,7 @@ Launch Level : error { name: "configured to panic, set to fatal, using pretty output", args: []string{"-output", "pretty"}, - server: &mockLoggerServer{ + server: &mockLoggerService{ returnLogger: &types.Logger{ CurrentLevel: types.LogLevel_FATAL, LaunchLevel: types.LogLevel_PANIC, @@ -97,7 +97,7 @@ Launch Level : panic { name: "configured to info, set to info, using json output", args: []string{"-output", "json"}, - server: &mockLoggerServer{ + server: &mockLoggerService{ returnLogger: &types.Logger{ CurrentLevel: types.LogLevel_INFO, LaunchLevel: types.LogLevel_INFO, @@ -110,7 +110,7 @@ Launch Level : panic { name: "configured to debug, set to warn, using json output", args: []string{"-output", "json"}, - server: &mockLoggerServer{ + server: &mockLoggerService{ returnLogger: &types.Logger{ CurrentLevel: types.LogLevel_WARN, LaunchLevel: types.LogLevel_DEBUG, @@ -123,7 +123,7 @@ Launch Level : panic { name: "configured to error, set to trace, using json output", args: []string{"-output", "json"}, - server: &mockLoggerServer{ + server: &mockLoggerService{ returnLogger: &types.Logger{ CurrentLevel: types.LogLevel_TRACE, LaunchLevel: types.LogLevel_ERROR, @@ -136,7 +136,7 @@ Launch Level : panic { name: "configured to panic, set to fatal, using json output", args: []string{"-output", "json"}, - server: &mockLoggerServer{ + server: &mockLoggerService{ returnLogger: &types.Logger{ CurrentLevel: types.LogLevel_FATAL, LaunchLevel: types.LogLevel_PANIC, @@ -149,7 +149,7 @@ Launch Level : panic { name: "configured to info, set to info, server will error", args: []string{"-output", "pretty"}, - server: &mockLoggerServer{ + server: &mockLoggerService{ returnErr: errors.New("server is unavailable"), }, expectReturnCode: 1, @@ -159,7 +159,7 @@ Launch Level : panic { name: "bizzarro world, returns neither logger nor error", args: []string{"-output", "pretty"}, - server: &mockLoggerServer{ + server: &mockLoggerService{ returnLogger: nil, }, expectReturnCode: 1, diff --git a/cmd/spire-server/cli/logger/mocks_test.go b/cmd/spire-server/cli/logger/mocks_test.go index 80eeba4a52..69a5db83bb 100644 --- a/cmd/spire-server/cli/logger/mocks_test.go +++ b/cmd/spire-server/cli/logger/mocks_test.go @@ -23,7 +23,7 @@ type loggerTest struct { stdout *bytes.Buffer stderr *bytes.Buffer args []string - server *mockLoggerServer + server *mockLoggerService client cli.Command } @@ -36,7 +36,7 @@ func (l *loggerTest) afterTest(t *testing.T) { } // setup of input/output capture -func setupCliTest(t *testing.T, server *mockLoggerServer, newClient func(*commoncli.Env) cli.Command) *loggerTest { +func setupCliTest(t *testing.T, server *mockLoggerService, newClient func(*commoncli.Env) cli.Command) *loggerTest { addr := spiretest.StartGRPCServer(t, func(s *grpc.Server) { loggerv1.RegisterLoggerServer(s, server) }) @@ -68,7 +68,7 @@ func setupCliTest(t *testing.T, server *mockLoggerServer, newClient func(*common } // a mock grpc logger server -type mockLoggerServer struct { +type mockLoggerService struct { loggerv1.UnimplementedLoggerServer receivedSetValue *types.LogLevel @@ -77,16 +77,16 @@ type mockLoggerServer struct { } // mock implementation for GetLogger -func (s *mockLoggerServer) GetLogger(_ context.Context, _ *loggerv1.GetLoggerRequest) (*types.Logger, error) { +func (s *mockLoggerService) GetLogger(context.Context, *loggerv1.GetLoggerRequest) (*types.Logger, error) { return s.returnLogger, s.returnErr } -func (s *mockLoggerServer) SetLogLevel(_ context.Context, req *loggerv1.SetLogLevelRequest) (*types.Logger, error) { +func (s *mockLoggerService) SetLogLevel(_ context.Context, req *loggerv1.SetLogLevelRequest) (*types.Logger, error) { s.receivedSetValue = &req.NewLevel return s.returnLogger, s.returnErr } -func (s *mockLoggerServer) ResetLogLevel(_ context.Context, _ *loggerv1.ResetLogLevelRequest) (*types.Logger, error) { +func (s *mockLoggerService) ResetLogLevel(context.Context, *loggerv1.ResetLogLevelRequest) (*types.Logger, error) { s.receivedSetValue = nil return s.returnLogger, s.returnErr } diff --git a/cmd/spire-server/cli/logger/printers.go b/cmd/spire-server/cli/logger/printers.go index 8562dab963..bbd1ca0a40 100644 --- a/cmd/spire-server/cli/logger/printers.go +++ b/cmd/spire-server/cli/logger/printers.go @@ -12,7 +12,7 @@ import ( func PrettyPrintLogger(env *commoncli.Env, results ...any) error { apiLogger, ok := results[0].(*apitype.Logger) if !ok { - return errors.New("internal error: logger not found; please report this as a bug") + return fmt.Errorf("internal error: unexpected type %T returned; please report this as a bug", results[0]) } logrusCurrent, found := serverlogger.LogrusLevel[apiLogger.CurrentLevel] diff --git a/cmd/spire-server/cli/logger/printers_test.go b/cmd/spire-server/cli/logger/printers_test.go index cd5df7d3c9..2d98f31918 100644 --- a/cmd/spire-server/cli/logger/printers_test.go +++ b/cmd/spire-server/cli/logger/printers_test.go @@ -50,7 +50,7 @@ Launch Level : info ReturnError: errors.New("cannot write"), }, logger: &types.Entry{}, - expectedError: errors.New("internal error: logger not found; please report this as a bug"), + expectedError: errors.New("internal error: unexpected type *types.Entry returned; please report this as a bug"), }, } { tt := tt diff --git a/cmd/spire-server/cli/logger/reset.go b/cmd/spire-server/cli/logger/reset.go new file mode 100644 index 0000000000..e319579bb0 --- /dev/null +++ b/cmd/spire-server/cli/logger/reset.go @@ -0,0 +1,57 @@ +package logger + +import ( + "context" + "flag" + "fmt" + + "github.com/mitchellh/cli" + api "github.com/spiffe/spire-api-sdk/proto/spire/api/server/logger/v1" + "github.com/spiffe/spire/cmd/spire-server/util" + commoncli "github.com/spiffe/spire/pkg/common/cli" + "github.com/spiffe/spire/pkg/common/cliprinter" +) + +type resetCommand struct { + env *commoncli.Env + printer cliprinter.Printer +} + +// Returns a cli.command that sets the log level using the default +// cli environment. +func NewResetCommand() cli.Command { + return NewResetCommandWithEnv(commoncli.DefaultEnv) +} + +// Returns a cli.command that sets the log level. +func NewResetCommandWithEnv(env *commoncli.Env) cli.Command { + return util.AdaptCommand(env, &resetCommand{env: env}) +} + +// The name of the command. +func (*resetCommand) Name() string { + return "logger reset" +} + +// The help presented description of the command. +func (*resetCommand) Synopsis() string { + return "Reset the logger details to launch level" +} + +// Adds additional flags specific to the command. +func (c *resetCommand) AppendFlags(fs *flag.FlagSet) { + cliprinter.AppendFlagWithCustomPretty(&c.printer, fs, c.env, c.prettyPrintLogger) +} + +// The routine that executes the command +func (c *resetCommand) Run(ctx context.Context, _ *commoncli.Env, serverClient util.ServerClient) error { + logger, err := serverClient.NewLoggerClient().ResetLogLevel(ctx, &api.ResetLogLevelRequest{}) + if err != nil { + return fmt.Errorf("failed to reset logger: %w", err) + } + return c.printer.PrintProto(logger) +} + +func (c *resetCommand) prettyPrintLogger(env *commoncli.Env, results ...any) error { + return PrettyPrintLogger(env, results...) +} diff --git a/cmd/spire-server/cli/logger/reset_posix_test.go b/cmd/spire-server/cli/logger/reset_posix_test.go new file mode 100644 index 0000000000..a52d116d7b --- /dev/null +++ b/cmd/spire-server/cli/logger/reset_posix_test.go @@ -0,0 +1,12 @@ +//go:build !windows + +package logger_test + +var ( + resetUsage = `Usage of logger reset: + -output value + Desired output format (pretty, json); default: pretty. + -socketPath string + Path to the SPIRE Server API socket (default "/tmp/spire-server/private/api.sock") +` +) diff --git a/cmd/spire-server/cli/logger/reset_test.go b/cmd/spire-server/cli/logger/reset_test.go new file mode 100644 index 0000000000..c5360567d8 --- /dev/null +++ b/cmd/spire-server/cli/logger/reset_test.go @@ -0,0 +1,69 @@ +package logger_test + +import ( + "testing" + + "github.com/spiffe/spire-api-sdk/proto/spire/api/types" + "github.com/spiffe/spire/cmd/spire-server/cli/logger" + "github.com/stretchr/testify/require" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" +) + +func TestResetHelp(t *testing.T) { + test := setupCliTest(t, nil, logger.NewResetCommandWithEnv) + test.client.Help() + require.Equal(t, "", test.stdout.String()) + require.Equal(t, resetUsage, test.stderr.String()) +} + +func TestResetSynopsis(t *testing.T) { + cmd := logger.NewResetCommand() + require.Equal(t, "Reset the logger details to launch level", cmd.Synopsis()) +} + +func TestReset(t *testing.T) { + for _, tt := range []struct { + name string + args []string + service *mockLoggerService + + expectReturnCode int + expectStdout string + expectStderr string + }{ + { + name: "reset successfully", + args: []string{"-output", "pretty"}, + service: &mockLoggerService{ + returnLogger: &types.Logger{ + CurrentLevel: types.LogLevel_INFO, + LaunchLevel: types.LogLevel_INFO, + }, + }, + expectReturnCode: 0, + expectStdout: `Logger Level : info +Launch Level : info + +`, + }, + { + name: "service failed", + args: []string{"-output", "pretty"}, + service: &mockLoggerService{ + returnErr: status.Error(codes.Internal, "oh no"), + }, + expectReturnCode: 1, + expectStderr: `Error: failed to reset logger: rpc error: code = Internal desc = oh no +`, + }, + } { + t.Run(tt.name, func(t *testing.T) { + test := setupCliTest(t, tt.service, logger.NewResetCommandWithEnv) + returnCode := test.client.Run(append(test.args, tt.args...)) + require.Equal(t, tt.expectReturnCode, returnCode) + require.Equal(t, tt.expectStderr, test.stderr.String()) + require.Equal(t, tt.expectStdout, test.stdout.String()) + }) + } +} diff --git a/cmd/spire-server/cli/logger/reset_windows_test.go b/cmd/spire-server/cli/logger/reset_windows_test.go new file mode 100644 index 0000000000..e33892c48a --- /dev/null +++ b/cmd/spire-server/cli/logger/reset_windows_test.go @@ -0,0 +1,12 @@ +//go:build windows + +package logger_test + +var ( + resetUsage = `Usage of logger reset: + -namedPipeName string + Pipe name of the SPIRE Server API named pipe (default "\\spire-server\\private\\api") + -output value + Desired output format (pretty, json); default: pretty. +` +) diff --git a/cmd/spire-server/cli/logger/set.go b/cmd/spire-server/cli/logger/set.go index d43220380e..c62a9ce2a8 100644 --- a/cmd/spire-server/cli/logger/set.go +++ b/cmd/spire-server/cli/logger/set.go @@ -2,6 +2,7 @@ package logger import ( "context" + "errors" "flag" "fmt" "strings" @@ -9,7 +10,6 @@ import ( "github.com/mitchellh/cli" "github.com/sirupsen/logrus" api "github.com/spiffe/spire-api-sdk/proto/spire/api/server/logger/v1" - apitype "github.com/spiffe/spire-api-sdk/proto/spire/api/types" "github.com/spiffe/spire/cmd/spire-server/util" commoncli "github.com/spiffe/spire/pkg/common/cli" "github.com/spiffe/spire/pkg/common/cliprinter" @@ -45,37 +45,33 @@ func (*setCommand) Synopsis() string { // Adds additional flags specific to the command. func (c *setCommand) AppendFlags(fs *flag.FlagSet) { - fs.StringVar(&c.newLevel, "level", "", "The new log level, one of (panic, fatal, error, warn, info, debug, trace, launch)") + fs.StringVar(&c.newLevel, "level", "", "The new log level, one of (panic, fatal, error, warn, info, debug, trace)") cliprinter.AppendFlagWithCustomPretty(&c.printer, fs, c.env, c.prettyPrintLogger) } // The routine that executes the command func (c *setCommand) Run(ctx context.Context, _ *commoncli.Env, serverClient util.ServerClient) error { if c.newLevel == "" { - return fmt.Errorf("a value (-level) must be set") + return errors.New("a value (-level) must be set") } + level := strings.ToLower(c.newLevel) - var logger *apitype.Logger - var err error - if level == "launch" { - logger, err = serverClient.NewLoggerClient().ResetLogLevel(ctx, &api.ResetLogLevelRequest{}) - } else { - var logrusLevel logrus.Level - logrusLevel, err = logrus.ParseLevel(level) - if err != nil { - return fmt.Errorf("the value %s is not a valid setting", c.newLevel) - } - apiLevel, found := serverlogger.APILevel[logrusLevel] - if !found { - return fmt.Errorf("the logrus level %d could not be transformed into an api log level", logrusLevel) - } - logger, err = serverClient.NewLoggerClient().SetLogLevel(ctx, &api.SetLogLevelRequest{ - NewLevel: apiLevel, - }) + logrusLevel, err := logrus.ParseLevel(level) + if err != nil { + return fmt.Errorf("the value %q is not a valid setting", c.newLevel) } + + apiLevel, found := serverlogger.APILevel[logrusLevel] + if !found { + return fmt.Errorf("the logrus level %q could not be transformed into an api log level", level) + } + logger, err := serverClient.NewLoggerClient().SetLogLevel(ctx, &api.SetLogLevelRequest{ + NewLevel: apiLevel, + }) if err != nil { - return fmt.Errorf("error fetching logger: %w", err) + return fmt.Errorf("failed to set log level: %w", err) } + return c.printer.PrintProto(logger) } diff --git a/cmd/spire-server/cli/logger/set_posix_test.go b/cmd/spire-server/cli/logger/set_posix_test.go index 1b84c77345..4776830e8a 100644 --- a/cmd/spire-server/cli/logger/set_posix_test.go +++ b/cmd/spire-server/cli/logger/set_posix_test.go @@ -5,7 +5,7 @@ package logger_test var ( setUsage = `Usage of logger set: -level string - The new log level, one of (panic, fatal, error, warn, info, debug, trace, launch) + The new log level, one of (panic, fatal, error, warn, info, debug, trace) -output value Desired output format (pretty, json); default: pretty. -socketPath string diff --git a/cmd/spire-server/cli/logger/set_test.go b/cmd/spire-server/cli/logger/set_test.go index 3b18d11c3b..c0c53afb59 100644 --- a/cmd/spire-server/cli/logger/set_test.go +++ b/cmd/spire-server/cli/logger/set_test.go @@ -4,6 +4,8 @@ import ( "testing" "github.com/stretchr/testify/require" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" "github.com/spiffe/spire-api-sdk/proto/spire/api/types" "github.com/spiffe/spire/cmd/spire-server/cli/logger" @@ -24,8 +26,8 @@ func TestSetSynopsis(t *testing.T) { func TestSet(t *testing.T) { for _, tt := range []struct { name string - // server state - server *mockLoggerServer + // service state + service *mockLoggerService // input args []string // expected items @@ -37,7 +39,7 @@ func TestSet(t *testing.T) { { name: "set to debug, configured to info, using pretty output", args: []string{"-level", "debug", "-output", "pretty"}, - server: &mockLoggerServer{ + service: &mockLoggerService{ returnLogger: &types.Logger{ CurrentLevel: types.LogLevel_DEBUG, LaunchLevel: types.LogLevel_INFO, @@ -53,7 +55,7 @@ Launch Level : info { name: "set to warn, configured to debug, using pretty output", args: []string{"-level", "warn", "-output", "pretty"}, - server: &mockLoggerServer{ + service: &mockLoggerService{ returnLogger: &types.Logger{ CurrentLevel: types.LogLevel_WARN, LaunchLevel: types.LogLevel_DEBUG, @@ -64,27 +66,12 @@ Launch Level : info expectStdout: `Logger Level : warning Launch Level : debug -`, - }, - { - name: "set to launch, configured to error, using pretty output", - args: []string{"-level", "launch", "-output", "pretty"}, - server: &mockLoggerServer{ - returnLogger: &types.Logger{ - CurrentLevel: types.LogLevel_ERROR, - LaunchLevel: types.LogLevel_ERROR, - }, - }, - expectReturnCode: 0, - expectStdout: `Logger Level : error -Launch Level : error - `, }, { name: "set to panic, configured to fatal, using pretty output", args: []string{"-level", "panic", "-output", "pretty"}, - server: &mockLoggerServer{ + service: &mockLoggerService{ returnLogger: &types.Logger{ CurrentLevel: types.LogLevel_PANIC, LaunchLevel: types.LogLevel_FATAL, @@ -100,20 +87,20 @@ Launch Level : fatal { name: "set with invalid setting of never, logger unadjusted from (info,info)", args: []string{"-level", "never", "-output", "pretty"}, - server: &mockLoggerServer{ + service: &mockLoggerService{ returnLogger: &types.Logger{ CurrentLevel: types.LogLevel_INFO, LaunchLevel: types.LogLevel_INFO, }, }, expectReturnCode: 1, - expectStderr: `Error: the value never is not a valid setting + expectStderr: `Error: the value "never" is not a valid setting `, }, { name: "No attribute set, cli returns error", args: []string{"-output", "pretty"}, - server: &mockLoggerServer{ + service: &mockLoggerService{ returnLogger: &types.Logger{ CurrentLevel: types.LogLevel_INFO, LaunchLevel: types.LogLevel_INFO, @@ -126,7 +113,7 @@ Launch Level : fatal { name: "bizzarro world, set to trace, logger unadjusted from (info,info)", args: []string{"-level", "trace", "-output", "pretty"}, - server: &mockLoggerServer{ + service: &mockLoggerService{ returnLogger: &types.Logger{ CurrentLevel: types.LogLevel_INFO, LaunchLevel: types.LogLevel_INFO, @@ -137,11 +124,21 @@ Launch Level : fatal expectStdout: `Logger Level : info Launch Level : info +`, + }, + { + name: "service failed to set", + args: []string{"-level", "trace", "-output", "pretty"}, + service: &mockLoggerService{ + returnErr: status.Error(codes.Internal, "oh no"), + }, + expectReturnCode: 1, + expectStderr: `Error: failed to set log level: rpc error: code = Internal desc = oh no `, }, } { t.Run(tt.name, func(t *testing.T) { - test := setupCliTest(t, tt.server, logger.NewSetCommandWithEnv) + test := setupCliTest(t, tt.service, logger.NewSetCommandWithEnv) returnCode := test.client.Run(append(test.args, tt.args...)) require.Equal(t, tt.expectReturnCode, returnCode) require.Equal(t, tt.expectStderr, test.stderr.String()) diff --git a/cmd/spire-server/cli/logger/set_windows_test.go b/cmd/spire-server/cli/logger/set_windows_test.go index 7a561d3986..492be43c99 100644 --- a/cmd/spire-server/cli/logger/set_windows_test.go +++ b/cmd/spire-server/cli/logger/set_windows_test.go @@ -5,7 +5,7 @@ package logger_test var ( setUsage = `Usage of logger set: -level string - The new log level, one of (panic, fatal, error, warn, info, debug, trace, launch) + The new log level, one of (panic, fatal, error, warn, info, debug, trace) -namedPipeName string Pipe name of the SPIRE Server API named pipe (default "\\spire-server\\private\\api") -output value diff --git a/cmd/spire-server/cli/run/run.go b/cmd/spire-server/cli/run/run.go index 0dbab00327..153773821e 100644 --- a/cmd/spire-server/cli/run/run.go +++ b/cmd/spire-server/cli/run/run.go @@ -385,11 +385,11 @@ func NewServerConfig(c *Config, logOptions []log.Option, allowUnknownConfig bool } logger, err := log.NewLogger(logOptions...) - sc.LaunchLogLevel, _ = logrus.ParseLevel(c.Server.LogLevel) if err != nil { return nil, fmt.Errorf("could not start logger: %w", err) } sc.Log = logger + if reopenableFile != nil { sc.LogReopener = log.ReopenOnSignal(logger, reopenableFile) } diff --git a/cmd/spire-server/cli/run/run_test.go b/cmd/spire-server/cli/run/run_test.go index 3d9e5f144d..b039991aef 100644 --- a/cmd/spire-server/cli/run/run_test.go +++ b/cmd/spire-server/cli/run/run_test.go @@ -1526,10 +1526,10 @@ func TestLogOptions(t *testing.T) { log.WithReopenableOutputFile(logFile), } - agentConfig, err := NewServerConfig(defaultValidConfig(), logOptions, false) + serverConfig, err := NewServerConfig(defaultValidConfig(), logOptions, false) require.NoError(t, err) - logger := agentConfig.Log.(*log.Logger).Logger + logger := serverConfig.Log.(*log.Logger).Logger // defaultConfig() sets level to info, which should override DEBUG set above require.Equal(t, logrus.InfoLevel, logger.Level) diff --git a/pkg/common/telemetry/names.go b/pkg/common/telemetry/names.go index 88e13c83e6..abeee56c4a 100644 --- a/pkg/common/telemetry/names.go +++ b/pkg/common/telemetry/names.go @@ -360,12 +360,18 @@ const ( // Kid tags some key ID Kid = "kid" + // LaunchLogLevel log level when service started + LaunchLogLevel = "launch_log_level" + // LocalAuthorityID tags a local authority ID LocalAuthorityID = "local_authority_id" // Mode tags a bundle deletion mode Mode = "mode" + // NewLogLevel tags a new log level + NewLogLevel = "new_log_level" + // Network tags some network name ("tcp", "udp") Network = "network" diff --git a/pkg/server/api/logger/v1/service.go b/pkg/server/api/logger/v1/service.go index c18bdd7e61..5d22224a99 100644 --- a/pkg/server/api/logger/v1/service.go +++ b/pkg/server/api/logger/v1/service.go @@ -2,24 +2,30 @@ package logger import ( "context" - "fmt" + "github.com/sirupsen/logrus" loggerv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/logger/v1" apitype "github.com/spiffe/spire-api-sdk/proto/spire/api/types" - - "github.com/sirupsen/logrus" + "github.com/spiffe/spire/pkg/common/telemetry" + "github.com/spiffe/spire/pkg/server/api" + "github.com/spiffe/spire/pkg/server/api/rpccontext" "google.golang.org/grpc" + "google.golang.org/grpc/codes" ) type Logger interface { logrus.FieldLogger + GetLevel() logrus.Level SetLevel(level logrus.Level) } +func RegisterService(s grpc.ServiceRegistrar, service *Service) { + loggerv1.RegisterLoggerServer(s, service) +} + type Config struct { - Log Logger - LaunchLevel logrus.Level + Log Logger } type Service struct { @@ -29,50 +35,61 @@ type Service struct { launchLevel logrus.Level } -func New(config Config) *Service { - config.Log.WithFields(logrus.Fields{ - "LaunchLevel": config.LaunchLevel, +func New(c Config) *Service { + launchLogLevel := c.Log.GetLevel() + c.Log.WithFields(logrus.Fields{ + telemetry.LaunchLogLevel: launchLogLevel, }).Info("Logger service configured") + return &Service{ - log: config.Log, - launchLevel: config.LaunchLevel, + log: c.Log, + launchLevel: launchLogLevel, } } -func RegisterService(s grpc.ServiceRegistrar, service *Service) { - loggerv1.RegisterLoggerServer(s, service) -} +func (s *Service) GetLogger(ctx context.Context, _ *loggerv1.GetLoggerRequest) (*apitype.Logger, error) { + log := rpccontext.Logger(ctx) + log.Info("GetLogger Called") -func (service *Service) GetLogger(_ context.Context, _ *loggerv1.GetLoggerRequest) (*apitype.Logger, error) { - service.log.Info("GetLogger Called") - logger := &apitype.Logger{ - CurrentLevel: APILevel[service.log.GetLevel()], - LaunchLevel: APILevel[service.launchLevel], - } - return logger, nil + rpccontext.AuditRPC(ctx) + return s.createAPILogger(), nil } -func (service *Service) SetLogLevel(_ context.Context, req *loggerv1.SetLogLevelRequest) (*apitype.Logger, error) { +func (s *Service) SetLogLevel(ctx context.Context, req *loggerv1.SetLogLevelRequest) (*apitype.Logger, error) { + rpccontext.AddRPCAuditFields(ctx, logrus.Fields{telemetry.NewLogLevel: req.NewLevel}) + log := rpccontext.Logger(ctx) + if req.NewLevel == apitype.LogLevel_UNSPECIFIED { - return nil, fmt.Errorf("Invalid request, NewLevel value cannot be LogLevel_UNSPECIFIED") + return nil, api.MakeErr(log, codes.InvalidArgument, "newLevel value cannot be LogLevel_UNSPECIFIED", nil) } - service.log.WithFields(logrus.Fields{ - "NewLevel": LogrusLevel[req.NewLevel].String(), - }).Info("SetLogLevel Called") - service.log.SetLevel(LogrusLevel[req.NewLevel]) - logger := &apitype.Logger{ - CurrentLevel: APILevel[service.log.GetLevel()], - LaunchLevel: APILevel[service.launchLevel], + + newLogLevel, ok := LogrusLevel[req.NewLevel] + if !ok { + return nil, api.MakeErr(log, codes.InvalidArgument, "unsupported log level", nil) } - return logger, nil + + log.WithFields(logrus.Fields{ + telemetry.NewLogLevel: newLogLevel.String(), + }).Info("SetLogLevel Called") + s.log.SetLevel(newLogLevel) + + rpccontext.AuditRPC(ctx) + return s.createAPILogger(), nil +} + +func (s *Service) ResetLogLevel(ctx context.Context, _ *loggerv1.ResetLogLevelRequest) (*apitype.Logger, error) { + log := rpccontext.Logger(ctx) + log.WithField(telemetry.LaunchLogLevel, s.launchLevel).Info("ResetLogLevel Called") + + s.log.SetLevel(s.launchLevel) + + rpccontext.AuditRPC(ctx) + return s.createAPILogger(), nil } -func (service *Service) ResetLogLevel(_ context.Context, _ *loggerv1.ResetLogLevelRequest) (*apitype.Logger, error) { - service.log.Info("ResetLogLevel Called") - service.log.SetLevel(service.launchLevel) - logger := &apitype.Logger{ - CurrentLevel: APILevel[service.log.GetLevel()], - LaunchLevel: APILevel[service.launchLevel], +func (s *Service) createAPILogger() *apitype.Logger { + return &apitype.Logger{ + CurrentLevel: APILevel[s.log.GetLevel()], + LaunchLevel: APILevel[s.launchLevel], } - return logger, nil } diff --git a/pkg/server/api/logger/v1/service_test.go b/pkg/server/api/logger/v1/service_test.go index 35e75d29fc..4f602c226a 100644 --- a/pkg/server/api/logger/v1/service_test.go +++ b/pkg/server/api/logger/v1/service_test.go @@ -4,16 +4,17 @@ import ( "context" "testing" - "github.com/sirupsen/logrus/hooks/test" - "github.com/spiffe/spire/test/grpctest" - "github.com/spiffe/spire/test/spiretest" - "github.com/stretchr/testify/require" - "github.com/sirupsen/logrus" + "github.com/sirupsen/logrus/hooks/test" loggerv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/logger/v1" apitype "github.com/spiffe/spire-api-sdk/proto/spire/api/types" + "github.com/spiffe/spire/pkg/common/telemetry" "github.com/spiffe/spire/pkg/server/api/logger/v1" + "github.com/spiffe/spire/pkg/server/api/middleware" "github.com/spiffe/spire/pkg/server/api/rpccontext" + "github.com/spiffe/spire/test/grpctest" + "github.com/spiffe/spire/test/spiretest" + "github.com/stretchr/testify/require" "google.golang.org/grpc" "google.golang.org/grpc/codes" ) @@ -23,7 +24,6 @@ func TestGetLogger(t *testing.T) { name string launchLevel logrus.Level - expectedErr error expectedResponse *apitype.Logger expectedLogs []spiretest.LogEntry }{ @@ -82,14 +82,15 @@ func TestGetLogger(t *testing.T) { expectedLogs: []spiretest.LogEntry{ { Level: logrus.InfoLevel, - Message: "Logger service configured", - Data: logrus.Fields{ - "LaunchLevel": "info", - }, + Message: "GetLogger Called", }, { Level: logrus.InfoLevel, - Message: "GetLogger Called", + Message: "API accessed", + Data: logrus.Fields{ + telemetry.Status: "success", + telemetry.Type: "audit", + }, }, }, }, @@ -104,14 +105,15 @@ func TestGetLogger(t *testing.T) { expectedLogs: []spiretest.LogEntry{ { Level: logrus.InfoLevel, - Message: "Logger service configured", - Data: logrus.Fields{ - "LaunchLevel": "debug", - }, + Message: "GetLogger Called", }, { Level: logrus.InfoLevel, - Message: "GetLogger Called", + Message: "API accessed", + Data: logrus.Fields{ + telemetry.Status: "success", + telemetry.Type: "audit", + }, }, }, }, @@ -126,14 +128,15 @@ func TestGetLogger(t *testing.T) { expectedLogs: []spiretest.LogEntry{ { Level: logrus.InfoLevel, - Message: "Logger service configured", - Data: logrus.Fields{ - "LaunchLevel": "trace", - }, + Message: "GetLogger Called", }, { Level: logrus.InfoLevel, - Message: "GetLogger Called", + Message: "API accessed", + Data: logrus.Fields{ + telemetry.Status: "success", + telemetry.Type: "audit", + }, }, }, }, @@ -144,7 +147,7 @@ func TestGetLogger(t *testing.T) { defer test.Cleanup() resp, err := test.client.GetLogger(context.Background(), &loggerv1.GetLoggerRequest{}) - require.Equal(t, err, tt.expectedErr) + require.NoError(t, err) spiretest.AssertLogs(t, test.logHook.AllEntries(), tt.expectedLogs) spiretest.RequireProtoEqual(t, resp, tt.expectedResponse) }) @@ -173,7 +176,6 @@ func TestSetLoggerThenGetLogger(t *testing.T) { CurrentLevel: apitype.LogLevel_FATAL, LaunchLevel: apitype.LogLevel_PANIC, }, - expectedLogs: nil, }, { name: "test SetLogger to INFO on initialized to PANIC", @@ -190,7 +192,12 @@ func TestSetLoggerThenGetLogger(t *testing.T) { expectedLogs: []spiretest.LogEntry{ { Level: logrus.InfoLevel, - Message: "GetLogger Called", + Message: "API accessed", + Data: logrus.Fields{ + telemetry.NewLogLevel: "INFO", + telemetry.Status: "success", + telemetry.Type: "audit", + }, }, }, }, @@ -209,7 +216,12 @@ func TestSetLoggerThenGetLogger(t *testing.T) { expectedLogs: []spiretest.LogEntry{ { Level: logrus.InfoLevel, - Message: "GetLogger Called", + Message: "API accessed", + Data: logrus.Fields{ + telemetry.NewLogLevel: "DEBUG", + telemetry.Status: "success", + telemetry.Type: "audit", + }, }, }, }, @@ -226,18 +238,11 @@ func TestSetLoggerThenGetLogger(t *testing.T) { }, // the ending getlogger will be suppressed expectedLogs: []spiretest.LogEntry{ - { - Level: logrus.InfoLevel, - Message: "Logger service configured", - Data: logrus.Fields{ - "LaunchLevel": "info", - }, - }, { Level: logrus.InfoLevel, Message: "SetLogLevel Called", Data: logrus.Fields{ - "NewLevel": "panic", + telemetry.NewLogLevel: "panic", }, }, }, @@ -256,22 +261,20 @@ func TestSetLoggerThenGetLogger(t *testing.T) { expectedLogs: []spiretest.LogEntry{ { Level: logrus.InfoLevel, - Message: "Logger service configured", + Message: "SetLogLevel Called", Data: logrus.Fields{ - "LaunchLevel": "info", + telemetry.NewLogLevel: "info", }, }, { Level: logrus.InfoLevel, - Message: "SetLogLevel Called", + Message: "API accessed", Data: logrus.Fields{ - "NewLevel": "info", + telemetry.NewLogLevel: "INFO", + telemetry.Status: "success", + telemetry.Type: "audit", }, }, - { - Level: logrus.InfoLevel, - Message: "GetLogger Called", - }, }, }, { @@ -288,22 +291,20 @@ func TestSetLoggerThenGetLogger(t *testing.T) { expectedLogs: []spiretest.LogEntry{ { Level: logrus.InfoLevel, - Message: "Logger service configured", + Message: "SetLogLevel Called", Data: logrus.Fields{ - "LaunchLevel": "info", + telemetry.NewLogLevel: "debug", }, }, { Level: logrus.InfoLevel, - Message: "SetLogLevel Called", + Message: "API accessed", Data: logrus.Fields{ - "NewLevel": "debug", + telemetry.NewLogLevel: "DEBUG", + telemetry.Status: "success", + telemetry.Type: "audit", }, }, - { - Level: logrus.InfoLevel, - Message: "GetLogger Called", - }, }, }, { @@ -319,18 +320,11 @@ func TestSetLoggerThenGetLogger(t *testing.T) { }, // the ending getlogger will be suppressed expectedLogs: []spiretest.LogEntry{ - { - Level: logrus.InfoLevel, - Message: "Logger service configured", - Data: logrus.Fields{ - "LaunchLevel": "trace", - }, - }, { Level: logrus.InfoLevel, Message: "SetLogLevel Called", Data: logrus.Fields{ - "NewLevel": "panic", + telemetry.NewLogLevel: "panic", }, }, }, @@ -349,22 +343,20 @@ func TestSetLoggerThenGetLogger(t *testing.T) { expectedLogs: []spiretest.LogEntry{ { Level: logrus.InfoLevel, - Message: "Logger service configured", + Message: "SetLogLevel Called", Data: logrus.Fields{ - "LaunchLevel": "trace", + telemetry.NewLogLevel: "info", }, }, { Level: logrus.InfoLevel, - Message: "SetLogLevel Called", + Message: "API accessed", Data: logrus.Fields{ - "NewLevel": "info", + telemetry.NewLogLevel: "INFO", + telemetry.Status: "success", + telemetry.Type: "audit", }, }, - { - Level: logrus.InfoLevel, - Message: "GetLogger Called", - }, }, }, { @@ -381,22 +373,20 @@ func TestSetLoggerThenGetLogger(t *testing.T) { expectedLogs: []spiretest.LogEntry{ { Level: logrus.InfoLevel, - Message: "Logger service configured", + Message: "SetLogLevel Called", Data: logrus.Fields{ - "LaunchLevel": "trace", + telemetry.NewLogLevel: "debug", }, }, { Level: logrus.InfoLevel, - Message: "SetLogLevel Called", + Message: "API accessed", Data: logrus.Fields{ - "NewLevel": "debug", + telemetry.NewLogLevel: "DEBUG", + telemetry.Status: "success", + telemetry.Type: "audit", }, }, - { - Level: logrus.InfoLevel, - Message: "GetLogger Called", - }, }, }, } { @@ -405,13 +395,15 @@ func TestSetLoggerThenGetLogger(t *testing.T) { test := setupServiceTest(t, tt.launchLevel) defer test.Cleanup() - resp, _ := test.client.SetLogLevel(context.Background(), tt.setLogLevelRequest) - spiretest.RequireProtoEqual(t, resp, tt.expectedResponse) - resp, err := test.client.GetLogger(context.Background(), &loggerv1.GetLoggerRequest{}) - require.Equal(t, err, tt.expectedErr) + resp, err := test.client.SetLogLevel(context.Background(), tt.setLogLevelRequest) + require.NoError(t, err) spiretest.RequireProtoEqual(t, resp, tt.expectedResponse) - spiretest.AssertLogs(t, test.logHook.AllEntries(), tt.expectedLogs) + + // Verify using get + getResp, err := test.client.GetLogger(context.Background(), &loggerv1.GetLoggerRequest{}) + require.Equal(t, err, tt.expectedErr) + spiretest.RequireProtoEqual(t, getResp, tt.expectedResponse) }) } } @@ -424,7 +416,6 @@ func TestResetLogger(t *testing.T) { launchLevel logrus.Level setLogLevelRequest *loggerv1.SetLogLevelRequest - expectedErr error expectedResponse *apitype.Logger expectedLogs []spiretest.LogEntry }{ @@ -439,7 +430,6 @@ func TestResetLogger(t *testing.T) { CurrentLevel: apitype.LogLevel_PANIC, LaunchLevel: apitype.LogLevel_PANIC, }, - expectedLogs: nil, }, { name: "test PANIC Logger set to INFO then RESET", @@ -454,13 +444,12 @@ func TestResetLogger(t *testing.T) { }, // only the ending get logger will log expectedLogs: []spiretest.LogEntry{ - { - Level: logrus.InfoLevel, - Message: "GetLogger Called", - }, { Level: logrus.InfoLevel, Message: "ResetLogLevel Called", + Data: logrus.Fields{ + telemetry.LaunchLogLevel: "panic", + }, }, }, }, @@ -477,13 +466,12 @@ func TestResetLogger(t *testing.T) { }, // only the ending get logger will log expectedLogs: []spiretest.LogEntry{ - { - Level: logrus.InfoLevel, - Message: "GetLogger Called", - }, { Level: logrus.InfoLevel, Message: "ResetLogLevel Called", + Data: logrus.Fields{ + telemetry.LaunchLogLevel: "panic", + }, }, }, }, @@ -502,23 +490,12 @@ func TestResetLogger(t *testing.T) { expectedLogs: []spiretest.LogEntry{ { Level: logrus.InfoLevel, - Message: "Logger service configured", - Data: logrus.Fields{ - "LaunchLevel": "info", - }, - }, - { - Level: logrus.InfoLevel, - Message: "SetLogLevel Called", + Message: "API accessed", Data: logrus.Fields{ - "NewLevel": "panic", + telemetry.Status: "success", + telemetry.Type: "audit", }, }, - // the second get, after the reset - { - Level: logrus.InfoLevel, - Message: "GetLogger Called", - }, }, }, { @@ -535,30 +512,19 @@ func TestResetLogger(t *testing.T) { expectedLogs: []spiretest.LogEntry{ { Level: logrus.InfoLevel, - Message: "Logger service configured", + Message: "ResetLogLevel Called", Data: logrus.Fields{ - "LaunchLevel": "info", + telemetry.LaunchLogLevel: "info", }, }, { Level: logrus.InfoLevel, - Message: "SetLogLevel Called", + Message: "API accessed", Data: logrus.Fields{ - "NewLevel": "info", + telemetry.Status: "success", + telemetry.Type: "audit", }, }, - { - Level: logrus.InfoLevel, - Message: "GetLogger Called", - }, - { - Level: logrus.InfoLevel, - Message: "ResetLogLevel Called", - }, - { - Level: logrus.InfoLevel, - Message: "GetLogger Called", - }, }, }, { @@ -575,30 +541,19 @@ func TestResetLogger(t *testing.T) { expectedLogs: []spiretest.LogEntry{ { Level: logrus.InfoLevel, - Message: "Logger service configured", + Message: "ResetLogLevel Called", Data: logrus.Fields{ - "LaunchLevel": "info", + telemetry.LaunchLogLevel: "info", }, }, { Level: logrus.InfoLevel, - Message: "SetLogLevel Called", + Message: "API accessed", Data: logrus.Fields{ - "NewLevel": "debug", + telemetry.Status: "success", + telemetry.Type: "audit", }, }, - { - Level: logrus.InfoLevel, - Message: "GetLogger Called", - }, - { - Level: logrus.InfoLevel, - Message: "ResetLogLevel Called", - }, - { - Level: logrus.InfoLevel, - Message: "GetLogger Called", - }, }, }, { @@ -616,23 +571,12 @@ func TestResetLogger(t *testing.T) { expectedLogs: []spiretest.LogEntry{ { Level: logrus.InfoLevel, - Message: "Logger service configured", - Data: logrus.Fields{ - "LaunchLevel": "trace", - }, - }, - { - Level: logrus.InfoLevel, - Message: "SetLogLevel Called", + Message: "API accessed", Data: logrus.Fields{ - "NewLevel": "panic", + telemetry.Status: "success", + telemetry.Type: "audit", }, }, - // the second get logger, after the reset - { - Level: logrus.InfoLevel, - Message: "GetLogger Called", - }, }, }, { @@ -649,30 +593,19 @@ func TestResetLogger(t *testing.T) { expectedLogs: []spiretest.LogEntry{ { Level: logrus.InfoLevel, - Message: "Logger service configured", + Message: "ResetLogLevel Called", Data: logrus.Fields{ - "LaunchLevel": "trace", + telemetry.LaunchLogLevel: "trace", }, }, { Level: logrus.InfoLevel, - Message: "SetLogLevel Called", + Message: "API accessed", Data: logrus.Fields{ - "NewLevel": "info", + telemetry.Status: "success", + telemetry.Type: "audit", }, }, - { - Level: logrus.InfoLevel, - Message: "GetLogger Called", - }, - { - Level: logrus.InfoLevel, - Message: "ResetLogLevel Called", - }, - { - Level: logrus.InfoLevel, - Message: "GetLogger Called", - }, }, }, { @@ -689,30 +622,19 @@ func TestResetLogger(t *testing.T) { expectedLogs: []spiretest.LogEntry{ { Level: logrus.InfoLevel, - Message: "Logger service configured", + Message: "ResetLogLevel Called", Data: logrus.Fields{ - "LaunchLevel": "trace", + telemetry.LaunchLogLevel: "trace", }, }, { Level: logrus.InfoLevel, - Message: "SetLogLevel Called", + Message: "API accessed", Data: logrus.Fields{ - "NewLevel": "debug", + telemetry.Status: "success", + telemetry.Type: "audit", }, }, - { - Level: logrus.InfoLevel, - Message: "GetLogger Called", - }, - { - Level: logrus.InfoLevel, - Message: "ResetLogLevel Called", - }, - { - Level: logrus.InfoLevel, - Message: "GetLogger Called", - }, }, }, } { @@ -721,14 +643,22 @@ func TestResetLogger(t *testing.T) { test := setupServiceTest(t, tt.launchLevel) defer test.Cleanup() - _, _ = test.client.SetLogLevel(context.Background(), tt.setLogLevelRequest) - _, _ = test.client.GetLogger(context.Background(), &loggerv1.GetLoggerRequest{}) + _, err := test.client.SetLogLevel(context.Background(), tt.setLogLevelRequest) + require.NoError(t, err) + // Remove logs before calling reset + test.logHook.Reset() + + // Call Reset resp, err := test.client.ResetLogLevel(context.Background(), &loggerv1.ResetLogLevelRequest{}) + require.NoError(t, err) - require.Equal(t, err, tt.expectedErr) spiretest.RequireProtoEqual(t, resp, tt.expectedResponse) - _, _ = test.client.GetLogger(context.Background(), &loggerv1.GetLoggerRequest{}) spiretest.AssertLogs(t, test.logHook.AllEntries(), tt.expectedLogs) + + // Verify it was really updated + getResp, err := test.client.GetLogger(context.Background(), &loggerv1.GetLoggerRequest{}) + require.NoError(t, err) + spiretest.AssertProtoEqual(t, tt.expectedResponse, getResp) }) } } @@ -745,101 +675,55 @@ func TestUnsetSetLogLevelRequest(t *testing.T) { expectedLogs []spiretest.LogEntry }{ { - name: "test PANIC Logger set without a log level", - launchLevel: logrus.PanicLevel, - setLogLevelRequest: &loggerv1.SetLogLevelRequest{}, - - code: codes.Unknown, - expectedErr: "Invalid request, NewLevel value cannot be LogLevel_UNSPECIFIED", - expectedResponse: nil, - // the error seems to clear the log capture - expectedLogs: nil, - }, - { - name: "test PANIC Logger set to UNSPECIFIED", - launchLevel: logrus.PanicLevel, - setLogLevelRequest: &loggerv1.SetLogLevelRequest{ - NewLevel: apitype.LogLevel_UNSPECIFIED, - }, - - code: codes.Unknown, - expectedErr: "Invalid request, NewLevel value cannot be LogLevel_UNSPECIFIED", - expectedResponse: nil, - // the error seems to clear the log capture - expectedLogs: nil, - }, - { - name: "test INFO Logger set without a log level", - launchLevel: logrus.InfoLevel, + name: "logger no set without a log level", + launchLevel: logrus.DebugLevel, setLogLevelRequest: &loggerv1.SetLogLevelRequest{}, - code: codes.Unknown, - expectedErr: "Invalid request, NewLevel value cannot be LogLevel_UNSPECIFIED", + code: codes.InvalidArgument, + expectedErr: "newLevel value cannot be LogLevel_UNSPECIFIED", expectedResponse: nil, expectedLogs: []spiretest.LogEntry{ { - Level: logrus.InfoLevel, - Message: "Logger service configured", - Data: logrus.Fields{ - "LaunchLevel": "info", - }, - }, - }, - }, - { - name: "test INFO Logger set to UNSPECIFIED", - launchLevel: logrus.InfoLevel, - setLogLevelRequest: &loggerv1.SetLogLevelRequest{ - NewLevel: apitype.LogLevel_UNSPECIFIED, - }, - - code: codes.Unknown, - expectedErr: "Invalid request, NewLevel value cannot be LogLevel_UNSPECIFIED", - expectedResponse: nil, - expectedLogs: []spiretest.LogEntry{ - { - Level: logrus.InfoLevel, - Message: "Logger service configured", - Data: logrus.Fields{ - "LaunchLevel": "info", - }, + Level: logrus.ErrorLevel, + Message: "Invalid argument: newLevel value cannot be LogLevel_UNSPECIFIED", }, - }, - }, - { - name: "test DEBUG Logger set without a log level", - launchLevel: logrus.DebugLevel, - setLogLevelRequest: &loggerv1.SetLogLevelRequest{}, - - code: codes.Unknown, - expectedErr: "Invalid request, NewLevel value cannot be LogLevel_UNSPECIFIED", - expectedResponse: nil, - expectedLogs: []spiretest.LogEntry{ { Level: logrus.InfoLevel, - Message: "Logger service configured", + Message: "API accessed", Data: logrus.Fields{ - "LaunchLevel": "debug", + telemetry.Status: "error", + telemetry.Type: "audit", + telemetry.NewLogLevel: "UNSPECIFIED", + telemetry.StatusCode: "InvalidArgument", + telemetry.StatusMessage: "newLevel value cannot be LogLevel_UNSPECIFIED", }, }, }, }, { - name: "test DEBUG Logger set to UNSPECIFIED", + name: "logger no set to UNSPECIFIED", launchLevel: logrus.DebugLevel, setLogLevelRequest: &loggerv1.SetLogLevelRequest{ NewLevel: apitype.LogLevel_UNSPECIFIED, }, - code: codes.Unknown, - expectedErr: "Invalid request, NewLevel value cannot be LogLevel_UNSPECIFIED", + code: codes.InvalidArgument, + expectedErr: "newLevel value cannot be LogLevel_UNSPECIFIED", expectedResponse: nil, expectedLogs: []spiretest.LogEntry{ + { + Level: logrus.ErrorLevel, + Message: "Invalid argument: newLevel value cannot be LogLevel_UNSPECIFIED", + }, { Level: logrus.InfoLevel, - Message: "Logger service configured", + Message: "API accessed", Data: logrus.Fields{ - "LaunchLevel": "debug", + telemetry.Status: "error", + telemetry.Type: "audit", + telemetry.NewLogLevel: "UNSPECIFIED", + telemetry.StatusCode: "InvalidArgument", + telemetry.StatusMessage: "newLevel value cannot be LogLevel_UNSPECIFIED", }, }, }, @@ -876,8 +760,7 @@ func setupServiceTest(t *testing.T, launchLevel logrus.Level) *serviceTest { // logger level should initially match the launch level log.SetLevel(launchLevel) service := logger.New(logger.Config{ - Log: log, - LaunchLevel: launchLevel, + Log: log, }) registerFn := func(s grpc.ServiceRegistrar) { @@ -887,8 +770,12 @@ func setupServiceTest(t *testing.T, launchLevel logrus.Level) *serviceTest { ctx = rpccontext.WithLogger(ctx, log) return ctx } - server := grpctest.StartServer(t, registerFn, grpctest.OverrideContext(overrideContext)) + server := grpctest.StartServer(t, registerFn, + grpctest.OverrideContext(overrideContext), + grpctest.Middleware(middleware.WithAuditLog(false))) conn := server.Dial(t) + // Remove configuration logs + logHook.Reset() test := &serviceTest{ done: server.Stop, diff --git a/pkg/server/config.go b/pkg/server/config.go index c973151b56..6140c605e9 100644 --- a/pkg/server/config.go +++ b/pkg/server/config.go @@ -6,7 +6,6 @@ import ( "net" "time" - "github.com/sirupsen/logrus" "github.com/spiffe/go-spiffe/v2/spiffeid" common "github.com/spiffe/spire/pkg/common/catalog" "github.com/spiffe/spire/pkg/common/health" @@ -25,8 +24,6 @@ type Config struct { Log loggerv1.Logger - LaunchLogLevel logrus.Level - // LogReopener facilitates handling a signal to rotate log file. LogReopener func(context.Context) error diff --git a/pkg/server/endpoints/config.go b/pkg/server/endpoints/config.go index 20d205a3ff..f23c6dc668 100644 --- a/pkg/server/endpoints/config.go +++ b/pkg/server/endpoints/config.go @@ -167,8 +167,7 @@ func (c *Config) makeAPIServers(entryFetcher api.AuthorizedEntryFetcher) APIServ DataStore: ds, }), LoggerServer: loggerv1.New(loggerv1.Config{ - Log: c.RootLog, - LaunchLevel: c.LaunchLogLevel, + Log: c.RootLog, }), SVIDServer: svidv1.New(svidv1.Config{ TrustDomain: c.TrustDomain, diff --git a/pkg/server/server.go b/pkg/server/server.go index 304736e255..a1c7368355 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -71,14 +71,11 @@ func (s *Server) Run(ctx context.Context) error { func (s *Server) run(ctx context.Context) (err error) { // Log configuration values that are useful for debugging s.config.Log.WithFields(logrus.Fields{ - telemetry.AdminIDs: s.config.AdminIDs, - telemetry.DataDir: s.config.DataDir, + telemetry.AdminIDs: s.config.AdminIDs, + telemetry.DataDir: s.config.DataDir, + telemetry.LaunchLogLevel: s.config.Log.GetLevel(), }).Info("Configured") - s.config.Log.WithFields(logrus.Fields{ - "LaunchLogLevel": s.config.LaunchLogLevel, - }).Info("Log Level") - // create the data directory if needed if err := diskutil.CreateDataDirectory(s.config.DataDir); err != nil { return err @@ -391,7 +388,6 @@ func (s *Server) newEndpointsServer(ctx context.Context, catalog catalog.Catalog ServerCA: serverCA, Log: s.config.Log.WithField(telemetry.SubsystemName, telemetry.Endpoints), RootLog: s.config.Log, - LaunchLogLevel: s.config.LaunchLogLevel, Metrics: metrics, JWTKeyPublisher: jwtKeyPublisher, RateLimit: s.config.RateLimit, From 8ce7702f9288ff7ac7beaa57320738c8e5e0221a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Mar 2024 10:48:29 -0300 Subject: [PATCH 49/83] Bump github.com/jackc/pgx/v5 from 5.5.4 to 5.5.5 (#4964) Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.5.4 to 5.5.5. - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](https://github.com/jackc/pgx/compare/v5.5.4...v5.5.5) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 5f77fb8128..5af6455727 100644 --- a/go.mod +++ b/go.mod @@ -55,7 +55,7 @@ require ( github.com/hashicorp/vault/sdk v0.11.0 github.com/imdario/mergo v0.3.16 github.com/imkira/go-observer v1.0.3 - github.com/jackc/pgx/v5 v5.5.4 + github.com/jackc/pgx/v5 v5.5.5 github.com/jinzhu/gorm v1.9.16 github.com/lestrrat-go/jwx/v2 v2.0.21 github.com/lib/pq v1.10.9 diff --git a/go.sum b/go.sum index 31ab9cdab5..1b9db12659 100644 --- a/go.sum +++ b/go.sum @@ -1087,8 +1087,8 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk= github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= -github.com/jackc/pgx/v5 v5.5.4 h1:Xp2aQS8uXButQdnCMWNmvx6UysWQQC+u1EoizjguY+8= -github.com/jackc/pgx/v5 v5.5.4/go.mod h1:ez9gk+OAat140fv9ErkZDYFWmXLfV+++K0uAOiwgm1A= +github.com/jackc/pgx/v5 v5.5.5 h1:amBjrZVmksIdNjxGW/IiIMzxMKZFelXbUoPNb+8sjQw= +github.com/jackc/pgx/v5 v5.5.5/go.mod h1:ez9gk+OAat140fv9ErkZDYFWmXLfV+++K0uAOiwgm1A= github.com/jackc/puddle/v2 v2.2.1 h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk= github.com/jackc/puddle/v2 v2.2.1/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 h1:TMtDYDHKYY15rFihtRfck/bfFqNfvcabqvXAFQfAUpY= From 76029776469106b0c6863fad66de326ffcf0bee8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Mar 2024 14:23:55 -0300 Subject: [PATCH 50/83] Bump github.com/go-sql-driver/mysql from 1.7.1 to 1.8.0 (#4965) Bumps [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql) from 1.7.1 to 1.8.0. - [Release notes](https://github.com/go-sql-driver/mysql/releases) - [Changelog](https://github.com/go-sql-driver/mysql/blob/master/CHANGELOG.md) - [Commits](https://github.com/go-sql-driver/mysql/compare/v1.7.1...v1.8.0) --- updated-dependencies: - dependency-name: github.com/go-sql-driver/mysql dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 5af6455727..fc9a00ab72 100644 --- a/go.mod +++ b/go.mod @@ -37,7 +37,7 @@ require ( github.com/envoyproxy/go-control-plane v0.12.0 github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa github.com/go-jose/go-jose/v3 v3.0.3 - github.com/go-sql-driver/mysql v1.7.1 + github.com/go-sql-driver/mysql v1.8.0 github.com/godbus/dbus/v5 v5.1.0 github.com/gofrs/uuid v4.4.0+incompatible github.com/gofrs/uuid/v5 v5.0.0 diff --git a/go.sum b/go.sum index 1b9db12659..8292b30e84 100644 --- a/go.sum +++ b/go.sum @@ -819,8 +819,8 @@ github.com/go-openapi/validate v0.22.6/go.mod h1:eaddXSqKeTg5XpSmj1dYyFTK/95n/XH github.com/go-rod/rod v0.114.7 h1:h4pimzSOUnw7Eo41zdJA788XsawzHjJMyzCE3BrBww0= github.com/go-rod/rod v0.114.7/go.mod h1:aiedSEFg5DwG/fnNbUOTPMTTWX3MRj6vIs/a684Mthw= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= -github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI= -github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= +github.com/go-sql-driver/mysql v1.8.0 h1:UtktXaU2Nb64z/pLiGIxY4431SJ4/dR5cjMmlVHgnT4= +github.com/go-sql-driver/mysql v1.8.0/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= From 826cf561b18eccd7c705360cc7ff02840dd342e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Mar 2024 11:29:30 -0300 Subject: [PATCH 51/83] Bump actions/checkout from 4.1.1 to 4.1.2 (#4971) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/b4ffde65f46336ab88eb53be808477a3936bae11...9bb56186c3b09b4f86b1c65136769dd318469633) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depsreview.yaml | 2 +- .github/workflows/nightly_build.yaml | 2 +- .github/workflows/pr_build.yaml | 30 ++++++++++++------------ .github/workflows/release_build.yaml | 34 ++++++++++++++-------------- 4 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/workflows/depsreview.yaml b/.github/workflows/depsreview.yaml index 46cd58e7d5..badc9c3416 100644 --- a/.github/workflows/depsreview.yaml +++ b/.github/workflows/depsreview.yaml @@ -10,6 +10,6 @@ jobs: steps: - name: 'Checkout Repository' - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: 'Dependency Review' uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3 diff --git a/.github/workflows/nightly_build.yaml b/.github/workflows/nightly_build.yaml index 6bd36578e8..6a31dc82b7 100644 --- a/.github/workflows/nightly_build.yaml +++ b/.github/workflows/nightly_build.yaml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Install cosign uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 with: diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 1ed701fe06..4c534dbda3 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -42,7 +42,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -79,7 +79,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -103,7 +103,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -127,7 +127,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -161,7 +161,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -201,7 +201,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Load cached executables uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: @@ -227,7 +227,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - id: set-matrix name: Collect versions run: | @@ -255,7 +255,7 @@ jobs: runner_id: [1, 2, 3, 4, 5] steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: # The "upgrade" integration test needs the history to ensure # that the version number in the source code has been bumped as @@ -315,7 +315,7 @@ jobs: test: ${{ fromJson(needs.build-matrix.outputs.test) }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: # The "upgrade" integration test needs the history to ensure # that the version number in the source code has been bumped as @@ -373,7 +373,7 @@ jobs: shell: msys2 {0} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -417,7 +417,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -444,7 +444,7 @@ jobs: shell: msys2 {0} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -487,7 +487,7 @@ jobs: shell: msys2 {0} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -521,7 +521,7 @@ jobs: shell: msys2 {0} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: diff --git a/.github/workflows/release_build.yaml b/.github/workflows/release_build.yaml index 17cea94db6..fd2e4bea43 100644 --- a/.github/workflows/release_build.yaml +++ b/.github/workflows/release_build.yaml @@ -15,7 +15,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -74,7 +74,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -97,7 +97,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -121,7 +121,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -154,7 +154,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -189,7 +189,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Load cached executables uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: @@ -215,7 +215,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - id: set-matrix name: Collect versions run: | @@ -241,7 +241,7 @@ jobs: runner_id: [1, 2, 3, 4, 5] steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: # The "upgrade" integration test needs the history to ensure # that the version number in the source code has been bumped as @@ -310,7 +310,7 @@ jobs: test: ${{ fromJson(needs.build-matrix.outputs.test) }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: # The "upgrade" integration test needs the history to ensure # that the version number in the source code has been bumped as @@ -366,7 +366,7 @@ jobs: shell: msys2 {0} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -409,7 +409,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -435,7 +435,7 @@ jobs: shell: msys2 {0} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -477,7 +477,7 @@ jobs: shell: msys2 {0} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -510,7 +510,7 @@ jobs: shell: msys2 {0} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Setup go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: @@ -555,7 +555,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Download archived Linux artifacts uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: @@ -592,7 +592,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Install cosign uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 with: From 29d3ca9bf1d6f776fdeb3b877c0c336591499076 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Mar 2024 12:29:09 -0300 Subject: [PATCH 52/83] Bump docker/login-action from 3.0.0 to 3.1.0 (#4974) Bumps [docker/login-action](https://github.com/docker/login-action) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/343f7c4344506bcbf9b4de18042ae17996df046d...e92390c5fb421da1463c202d546fed0ec5c39f20) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/nightly_build.yaml | 2 +- .github/workflows/release_build.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nightly_build.yaml b/.github/workflows/nightly_build.yaml index 6a31dc82b7..d07c50eaee 100644 --- a/.github/workflows/nightly_build.yaml +++ b/.github/workflows/nightly_build.yaml @@ -32,7 +32,7 @@ jobs: - name: Build images run: make images - name: Log in to GHCR - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/release_build.yaml b/.github/workflows/release_build.yaml index fd2e4bea43..dcde65e424 100644 --- a/.github/workflows/release_build.yaml +++ b/.github/workflows/release_build.yaml @@ -605,7 +605,7 @@ jobs: name: images path: . - name: Log in to GHCR - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: registry: ghcr.io username: ${{ github.actor }} From b893124b541cda1cca3e28317558f6e5441cdfe7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Mar 2024 14:37:33 -0300 Subject: [PATCH 53/83] Bump github.com/hashicorp/vault/api from 1.12.0 to 1.12.1 (#4979) Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.12.0 to 1.12.1. - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/vault/compare/v1.12.0...v1.12.1) --- updated-dependencies: - dependency-name: github.com/hashicorp/vault/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index fc9a00ab72..8c189c0562 100644 --- a/go.mod +++ b/go.mod @@ -51,7 +51,7 @@ require ( github.com/hashicorp/go-hclog v1.6.2 github.com/hashicorp/go-plugin v1.6.0 github.com/hashicorp/hcl v1.0.1-vault-5 - github.com/hashicorp/vault/api v1.12.0 + github.com/hashicorp/vault/api v1.12.1 github.com/hashicorp/vault/sdk v0.11.0 github.com/imdario/mergo v0.3.16 github.com/imkira/go-observer v1.0.3 @@ -174,7 +174,7 @@ require ( github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.8.0 // indirect - github.com/fatih/color v1.15.0 // indirect + github.com/fatih/color v1.16.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-chi/chi v4.1.2+incompatible // indirect diff --git a/go.sum b/go.sum index 8292b30e84..21fb066915 100644 --- a/go.sum +++ b/go.sum @@ -753,8 +753,8 @@ github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1 github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= -github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= +github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= +github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= @@ -1057,8 +1057,8 @@ github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uG github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= -github.com/hashicorp/vault/api v1.12.0 h1:meCpJSesvzQyao8FCOgk2fGdoADAnbDu2WPJN1lDLJ4= -github.com/hashicorp/vault/api v1.12.0/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck= +github.com/hashicorp/vault/api v1.12.1 h1:WzGN4X5jrJdNO39g6Sa55djNio3I9DxEBOTmCZE7tm0= +github.com/hashicorp/vault/api v1.12.1/go.mod h1:1pqP/sErScodde+ybJCyP+ONC4jzEg7Dmawg/QLWo1k= github.com/hashicorp/vault/sdk v0.11.0 h1:KP/tBUywaVcvOebAfMPNCCiXKeCNEbm3JauYmrZd7RI= github.com/hashicorp/vault/sdk v0.11.0/go.mod h1:cG0OZ7Ebq09Xn2N7OWtHbVqq6LpYP6fkyWo0PIvkLsA= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= From 2d42b0c9cd0b600d74e52434df22fa95afc5fe90 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Mar 2024 15:21:36 -0300 Subject: [PATCH 54/83] Bump the aws-sdk group with 1 update (#4977) Bumps the aws-sdk group with 1 update: [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2). Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.51.1 to 1.52.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.51.1...service/s3/v1.52.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 8c189c0562..d2f69c053d 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/ec2 v1.150.0 github.com/aws/aws-sdk-go-v2/service/iam v1.31.1 github.com/aws/aws-sdk-go-v2/service/kms v1.29.1 - github.com/aws/aws-sdk-go-v2/service/s3 v1.51.1 + github.com/aws/aws-sdk-go-v2/service/s3 v1.52.0 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.1 github.com/aws/aws-sdk-go-v2/service/sts v1.28.1 github.com/aws/smithy-go v1.20.1 @@ -136,13 +136,13 @@ require ( github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.2 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.3 // indirect github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7 // indirect github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.5 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.3 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.19.0 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.22.0 // indirect github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect diff --git a/go.sum b/go.sum index 21fb066915..9d2c214b9a 100644 --- a/go.sum +++ b/go.sum @@ -578,8 +578,8 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3 h1:Qvodo9gHG9F3E8SfYOs github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3/go.mod h1:vCKrdLXtybdf/uQd/YfVR2r5pcbNuEYKzMQpcxmeSJw= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.2 h1:en92G0Z7xlksoOylkUhuBSfJgijC7rHVLRdnIlHEs0E= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.2/go.mod h1:HgtQ/wN5G+8QSlK62lbOtNwQ3wTSByJ4wH2rCkPt+AE= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.3 h1:mDnFOE2sVkyphMWtTH+stv0eW3k0OTx94K63xpxHty4= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.3/go.mod h1:V8MuRVcCRt5h1S+Fwu8KbC7l/gBGo3yBAyUbJM2IJOk= github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.1 h1:XvSeacTm4QJf+bAw0s+t7UHghw6fLv0Mz79cNWZVC0Q= github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.1/go.mod h1:P+wB/b01+r8pvLQgysfAdxOe1uUrStjCN31IBeMhNw4= github.com/aws/aws-sdk-go-v2/service/ec2 v1.150.0 h1:9JPrA5MyHUqr5hcU1o/xyryVctoyRrj5eHsxRSSDGfg= @@ -592,16 +592,16 @@ github.com/aws/aws-sdk-go-v2/service/iam v1.31.1 h1:3l4/wmvUjTbGfk/YJBkKub4cVbDd github.com/aws/aws-sdk-go-v2/service/iam v1.31.1/go.mod h1:EeqEwkHICgkdmzBAJ46zbS4lhvFy563MOuNlEHU59T4= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibRTVAs6ECHZOw5/wlylS9OcTzwyjeQMudmREjE= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1/go.mod h1:JKpmtYhhPs7D97NL/ltqz7yCkERFW5dOlHyVl66ZYF8= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.2 h1:zSdTXYLwuXDNPUS+V41i1SFDXG7V0ITp0D9UT9Cvl18= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.2/go.mod h1:v8m8k+qVy95nYi7d56uP1QImleIIY25BPiNJYzPBdFE= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.5 h1:mbWNpfRUTT6bnacmvOTKXZjR/HycibdWzNpfbrbLDIs= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.5/go.mod h1:FCOPWGjsshkkICJIn9hq9xr6dLKtyaWpuUojiN3W1/8= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5 h1:K/NXvIftOlX+oGgWGIa3jDyYLDNsdVhsjHmsBH2GLAQ= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5/go.mod h1:cl9HGLV66EnCmMNzq4sYOti+/xo8w34CsgzVtm2GgsY= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.2 h1:1oY1AVEisRI4HNuFoLdRUB0hC63ylDAN6Me3MrfclEg= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.2/go.mod h1:KZ03VgvZwSjkT7fOetQ/wF3MZUvYFirlI1H5NklUNsY= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.3 h1:4t+QEX7BsXz98W8W1lNvMAG+NX8qHz2CjLBxQKku40g= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.3/go.mod h1:oFcjjUq5Hm09N9rpxTdeMeLeQcxS7mIkBkL8qUKng+A= github.com/aws/aws-sdk-go-v2/service/kms v1.29.1 h1:OdjJjUWFlMZLAMl54ASxIpZdGEesY4BH3/c0HAPSFdI= github.com/aws/aws-sdk-go-v2/service/kms v1.29.1/go.mod h1:Cbx2uxEX0bAB7SlSY+ys05ZBkEb8IbmuAOcGVmDfJFs= -github.com/aws/aws-sdk-go-v2/service/s3 v1.51.1 h1:juZ+uGargZOrQGNxkVHr9HHR/0N+Yu8uekQnV7EAVRs= -github.com/aws/aws-sdk-go-v2/service/s3 v1.51.1/go.mod h1:SoR0c7Jnq8Tpmt0KSLXIavhjmaagRqQpe9r70W3POJg= +github.com/aws/aws-sdk-go-v2/service/s3 v1.52.0 h1:k7gL76sSR0e2pLphjfmjD/+pDDtoOHvWp8ezpTsdyes= +github.com/aws/aws-sdk-go-v2/service/s3 v1.52.0/go.mod h1:MGTaf3x/+z7ZGugCGvepnx2DS6+caCYYqKhzVoLNYPk= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.1 h1:DtKw4TxZT3VrzYupXQJPBqT9ImyobZZE+JIQPPAVxqs= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.1/go.mod h1:bit9G2ORpSjUTr4PA4usvbBfbOyvMj0LbE1dXF14Sug= github.com/aws/aws-sdk-go-v2/service/sso v1.19.0 h1:u6OkVDxtBPnxPkZ9/63ynEe+8kHbtS5IfaC4PzVxzWM= From c173037fcc97e10280cdbbe73b2fddabe17ddf6a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Mar 2024 17:01:49 -0300 Subject: [PATCH 55/83] Bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1 (#4978) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.19.0 to 0.19.1. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.19.0...v0.19.1) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d2f69c053d..6b1af79eca 100644 --- a/go.mod +++ b/go.mod @@ -43,7 +43,7 @@ require ( github.com/gofrs/uuid/v5 v5.0.0 github.com/google/btree v1.1.2 github.com/google/go-cmp v0.6.0 - github.com/google/go-containerregistry v0.19.0 + github.com/google/go-containerregistry v0.19.1 github.com/google/go-tpm v0.9.0 github.com/google/go-tpm-tools v0.4.3 github.com/googleapis/gax-go/v2 v2.12.2 diff --git a/go.sum b/go.sum index 9d2c214b9a..b82eb3b977 100644 --- a/go.sum +++ b/go.sum @@ -922,8 +922,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-configfs-tsm v0.2.2 h1:YnJ9rXIOj5BYD7/0DNnzs8AOp7UcvjfTvt215EWcs98= github.com/google/go-configfs-tsm v0.2.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= -github.com/google/go-containerregistry v0.19.0 h1:uIsMRBV7m/HDkDxE/nXMnv1q+lOOSPlQ/ywc5JbB8Ic= -github.com/google/go-containerregistry v0.19.0/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ= +github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY= +github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg= github.com/google/go-github/v55 v55.0.0/go.mod h1:JLahOTA1DnXzhxEymmFF5PP2tSS9JVNj68mSZNDwskA= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= From 198e9f3c2082f96ce731bc9bc9aff4ad1627daef Mon Sep 17 00:00:00 2001 From: Ryan Turner Date: Thu, 14 Mar 2024 13:39:36 -0700 Subject: [PATCH 56/83] Change go-metrics dependency (#4981) github.com/armon/go-metrics was renamed to github.com/hashicorp/go-metrics on June 8, 2023 as part of the v0.5.0 release. Update to the latest package name so we can keep getting updates. Signed-off-by: Ryan Turner --- go.mod | 2 +- go.sum | 4 ++-- pkg/agent/endpoints/endpoints_test.go | 2 +- pkg/common/telemetry/dogstatsd.go | 2 +- pkg/common/telemetry/inmem.go | 2 +- pkg/common/telemetry/metrics.go | 2 +- pkg/common/telemetry/prometheus.go | 2 +- pkg/common/telemetry/prometheus_test.go | 2 +- pkg/common/telemetry/statsd.go | 2 +- 9 files changed, 10 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 6b1af79eca..af39907c83 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,6 @@ require ( github.com/GoogleCloudPlatform/cloudsql-proxy v1.34.0 github.com/Microsoft/go-winio v0.6.1 github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 - github.com/armon/go-metrics v0.4.1 github.com/aws/aws-sdk-go-v2 v1.25.3 github.com/aws/aws-sdk-go-v2/config v1.27.0 github.com/aws/aws-sdk-go-v2/credentials v1.17.0 @@ -49,6 +48,7 @@ require ( github.com/googleapis/gax-go/v2 v2.12.2 github.com/gorilla/handlers v1.5.2 github.com/hashicorp/go-hclog v1.6.2 + github.com/hashicorp/go-metrics v0.5.3 github.com/hashicorp/go-plugin v1.6.0 github.com/hashicorp/hcl v1.0.1-vault-5 github.com/hashicorp/vault/api v1.12.1 diff --git a/go.sum b/go.sum index b82eb3b977..0acf886b56 100644 --- a/go.sum +++ b/go.sum @@ -551,8 +551,6 @@ github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9Pq github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= -github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA= -github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= @@ -1028,6 +1026,8 @@ github.com/hashicorp/go-hclog v1.6.2/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVH github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-metrics v0.5.3 h1:M5uADWMOGCTUNU1YuC4hfknOeHNaX54LDm4oYSucoNE= +github.com/hashicorp/go-metrics v0.5.3/go.mod h1:KEjodfebIOuBYSAe/bHTm+HChmKSxAOXPBieMLYozDE= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= diff --git a/pkg/agent/endpoints/endpoints_test.go b/pkg/agent/endpoints/endpoints_test.go index bf952d8887..fb924edc30 100644 --- a/pkg/agent/endpoints/endpoints_test.go +++ b/pkg/agent/endpoints/endpoints_test.go @@ -7,9 +7,9 @@ import ( "testing" "time" - "github.com/armon/go-metrics" discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" secret_v3 "github.com/envoyproxy/go-control-plane/envoy/service/secret/v3" + "github.com/hashicorp/go-metrics" "github.com/sirupsen/logrus" "github.com/sirupsen/logrus/hooks/test" workload_pb "github.com/spiffe/go-spiffe/v2/proto/spiffe/workload" diff --git a/pkg/common/telemetry/dogstatsd.go b/pkg/common/telemetry/dogstatsd.go index 5e07b7397a..d0eae2df0a 100644 --- a/pkg/common/telemetry/dogstatsd.go +++ b/pkg/common/telemetry/dogstatsd.go @@ -3,7 +3,7 @@ package telemetry import ( "context" - "github.com/armon/go-metrics/datadog" + "github.com/hashicorp/go-metrics/datadog" ) type dogStatsdRunner struct { diff --git a/pkg/common/telemetry/inmem.go b/pkg/common/telemetry/inmem.go index dfba826d42..26905e4c32 100644 --- a/pkg/common/telemetry/inmem.go +++ b/pkg/common/telemetry/inmem.go @@ -5,7 +5,7 @@ import ( "io" "time" - "github.com/armon/go-metrics" + "github.com/hashicorp/go-metrics" "github.com/sirupsen/logrus" ) diff --git a/pkg/common/telemetry/metrics.go b/pkg/common/telemetry/metrics.go index de6bec9bb0..1cf1dcf041 100644 --- a/pkg/common/telemetry/metrics.go +++ b/pkg/common/telemetry/metrics.go @@ -5,7 +5,7 @@ import ( "errors" "time" - "github.com/armon/go-metrics" + "github.com/hashicorp/go-metrics" "github.com/spiffe/spire/pkg/common/util" ) diff --git a/pkg/common/telemetry/prometheus.go b/pkg/common/telemetry/prometheus.go index 438d01844e..1d5f36e089 100644 --- a/pkg/common/telemetry/prometheus.go +++ b/pkg/common/telemetry/prometheus.go @@ -8,7 +8,7 @@ import ( "sync" "time" - prommetrics "github.com/armon/go-metrics/prometheus" + prommetrics "github.com/hashicorp/go-metrics/prometheus" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promhttp" "github.com/sirupsen/logrus" diff --git a/pkg/common/telemetry/prometheus_test.go b/pkg/common/telemetry/prometheus_test.go index e52f7e2db8..9a58b21d04 100644 --- a/pkg/common/telemetry/prometheus_test.go +++ b/pkg/common/telemetry/prometheus_test.go @@ -5,7 +5,7 @@ import ( "testing" "time" - prommetrics "github.com/armon/go-metrics/prometheus" + prommetrics "github.com/hashicorp/go-metrics/prometheus" "github.com/prometheus/client_golang/prometheus" "github.com/sirupsen/logrus/hooks/test" "github.com/stretchr/testify/assert" diff --git a/pkg/common/telemetry/statsd.go b/pkg/common/telemetry/statsd.go index 7e3b7f7be7..69d1108d61 100644 --- a/pkg/common/telemetry/statsd.go +++ b/pkg/common/telemetry/statsd.go @@ -3,7 +3,7 @@ package telemetry import ( "context" - "github.com/armon/go-metrics" + "github.com/hashicorp/go-metrics" ) type statsdRunner struct { From bfec9b68bce41223608833e37f621b2d36a02496 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 11:24:48 -0300 Subject: [PATCH 57/83] Bump github.com/hashicorp/vault/sdk from 0.11.0 to 0.11.1 (#4980) Bumps [github.com/hashicorp/vault/sdk](https://github.com/hashicorp/vault) from 0.11.0 to 0.11.1. - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG-v0.md) - [Commits](https://github.com/hashicorp/vault/compare/v0.11.0...v0.11.1) --- updated-dependencies: - dependency-name: github.com/hashicorp/vault/sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index af39907c83..7f9f40436f 100644 --- a/go.mod +++ b/go.mod @@ -52,7 +52,7 @@ require ( github.com/hashicorp/go-plugin v1.6.0 github.com/hashicorp/hcl v1.0.1-vault-5 github.com/hashicorp/vault/api v1.12.1 - github.com/hashicorp/vault/sdk v0.11.0 + github.com/hashicorp/vault/sdk v0.11.1 github.com/imdario/mergo v0.3.16 github.com/imkira/go-observer v1.0.3 github.com/jackc/pgx/v5 v5.5.5 diff --git a/go.sum b/go.sum index 0acf886b56..d8192fe677 100644 --- a/go.sum +++ b/go.sum @@ -1059,8 +1059,8 @@ github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31 github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/hashicorp/vault/api v1.12.1 h1:WzGN4X5jrJdNO39g6Sa55djNio3I9DxEBOTmCZE7tm0= github.com/hashicorp/vault/api v1.12.1/go.mod h1:1pqP/sErScodde+ybJCyP+ONC4jzEg7Dmawg/QLWo1k= -github.com/hashicorp/vault/sdk v0.11.0 h1:KP/tBUywaVcvOebAfMPNCCiXKeCNEbm3JauYmrZd7RI= -github.com/hashicorp/vault/sdk v0.11.0/go.mod h1:cG0OZ7Ebq09Xn2N7OWtHbVqq6LpYP6fkyWo0PIvkLsA= +github.com/hashicorp/vault/sdk v0.11.1 h1:mH/MYHBSrl594e+KT6Qhj5+kTmG02n1aZ3mYwCL0mdI= +github.com/hashicorp/vault/sdk v0.11.1/go.mod h1:t+Jt1xvh48cuew8eYjM0F2+MFcjNvG4Ow60K7/2yaUU= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE= github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= From 7c822c336891fec91987d0d4393381c2deb3a055 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 13:42:19 -0300 Subject: [PATCH 58/83] Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 (#4983) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/0d103c3126aa41d772a8362f6aa67afac040f80c...2b51285047da1547ffb1b2203d8be4c0af6b1f20) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pr_build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 4c534dbda3..dbbef7b8e1 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -179,7 +179,7 @@ jobs: - name: Set up QEMU uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 + uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 - name: Build images run: make images-no-load - name: Export images From f9463779d4ac19fb9e612c7fb245c62165e7c537 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 14:50:38 -0300 Subject: [PATCH 59/83] Bump github.com/googleapis/gax-go/v2 from 2.12.2 to 2.12.3 (#4987) Bumps [github.com/googleapis/gax-go/v2](https://github.com/googleapis/gax-go) from 2.12.2 to 2.12.3. - [Release notes](https://github.com/googleapis/gax-go/releases) - [Commits](https://github.com/googleapis/gax-go/compare/v2.12.2...v2.12.3) --- updated-dependencies: - dependency-name: github.com/googleapis/gax-go/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 7f9f40436f..0ab6d93a09 100644 --- a/go.mod +++ b/go.mod @@ -45,7 +45,7 @@ require ( github.com/google/go-containerregistry v0.19.1 github.com/google/go-tpm v0.9.0 github.com/google/go-tpm-tools v0.4.3 - github.com/googleapis/gax-go/v2 v2.12.2 + github.com/googleapis/gax-go/v2 v2.12.3 github.com/gorilla/handlers v1.5.2 github.com/hashicorp/go-hclog v1.6.2 github.com/hashicorp/go-metrics v0.5.3 @@ -82,7 +82,7 @@ require ( golang.org/x/sys v0.18.0 golang.org/x/time v0.5.0 google.golang.org/api v0.169.0 - google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78 + google.golang.org/genproto/googleapis/rpc v0.0.0-20240311132316-a219d84964c2 google.golang.org/grpc v1.62.1 google.golang.org/protobuf v1.33.0 k8s.io/api v0.29.2 @@ -333,7 +333,7 @@ require ( golang.org/x/tools v0.16.1 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240221002015-b0ce06bbee7c // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 // indirect gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index d8192fe677..4614e5cf37 100644 --- a/go.sum +++ b/go.sum @@ -996,8 +996,8 @@ github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8= -github.com/googleapis/gax-go/v2 v2.12.2 h1:mhN09QQW1jEWeMF74zGR81R30z4VJzjZsfkUhuHF+DA= -github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= +github.com/googleapis/gax-go/v2 v2.12.3 h1:5/zPPDvw8Q1SuXjrqrZslrqT7dL/uJT2CQii/cLCKqA= +github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -2110,10 +2110,10 @@ google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ google.golang.org/genproto v0.0.0-20230223222841-637eb2293923/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y= google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s= -google.golang.org/genproto/googleapis/api v0.0.0-20240221002015-b0ce06bbee7c h1:9g7erC9qu44ks7UK4gDNlnk4kOxZG707xKm4jVniy6o= -google.golang.org/genproto/googleapis/api v0.0.0-20240221002015-b0ce06bbee7c/go.mod h1:5iCWqnniDlqZHrd3neWVTOwvh/v6s3232omMecelax8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78 h1:Xs9lu+tLXxLIfuci70nG4cpwaRC+mRQPUL7LoIeDJC4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78/go.mod h1:UCOku4NytXMJuLQE5VuqA5lX3PcHCBo8pxNyvkf4xBs= +google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 h1:rIo7ocm2roD9DcFIX67Ym8icoGCKSARAiPljFhh5suQ= +google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2/go.mod h1:O1cOfN1Cy6QEYr7VxtjOyP5AdAuR0aJ/MYZaaof623Y= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240311132316-a219d84964c2 h1:9IZDv+/GcI6u+a4jRFRLxQs0RUCfavGfoOgEW6jpkI0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240311132316-a219d84964c2/go.mod h1:UCOku4NytXMJuLQE5VuqA5lX3PcHCBo8pxNyvkf4xBs= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= From 6832ce77f459d6f9851687ad1976b6a746480b02 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 15:31:15 -0300 Subject: [PATCH 60/83] Bump the aws-sdk group with 1 update (#4993) Bumps the aws-sdk group with 1 update: [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2). Updates `github.com/aws/aws-sdk-go-v2/service/ec2` from 1.150.0 to 1.151.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ec2/v1.150.0...service/ec2/v1.151.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0ab6d93a09..85c4560ecf 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0 github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.4.2 github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.1 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.150.0 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.151.0 github.com/aws/aws-sdk-go-v2/service/iam v1.31.1 github.com/aws/aws-sdk-go-v2/service/kms v1.29.1 github.com/aws/aws-sdk-go-v2/service/s3 v1.52.0 diff --git a/go.sum b/go.sum index 4614e5cf37..5c5412b280 100644 --- a/go.sum +++ b/go.sum @@ -580,8 +580,8 @@ github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.3 h1:mDnFOE2sVkyphMWtTH+stv0eW3k0 github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.3/go.mod h1:V8MuRVcCRt5h1S+Fwu8KbC7l/gBGo3yBAyUbJM2IJOk= github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.1 h1:XvSeacTm4QJf+bAw0s+t7UHghw6fLv0Mz79cNWZVC0Q= github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.1/go.mod h1:P+wB/b01+r8pvLQgysfAdxOe1uUrStjCN31IBeMhNw4= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.150.0 h1:9JPrA5MyHUqr5hcU1o/xyryVctoyRrj5eHsxRSSDGfg= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.150.0/go.mod h1:KNJMjsbzK97hci9ev2Vl/27GgUt3ZciRP4RGujAPF2I= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.151.0 h1:gH571JR1hMfIER4zK457aNjCfi1FCuVwriKx0bAyw/I= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.151.0/go.mod h1:KNJMjsbzK97hci9ev2Vl/27GgUt3ZciRP4RGujAPF2I= github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7 h1:3iaT/LnGV6jNtbBkvHZDlzz7Ky3wMHDJAyFtGd5GUJI= github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7/go.mod h1:mtzCLxk6M+KZbkJdq3cUH9GCrudw8qCy5C3EHO+5vLc= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6 h1:h+r5/diSwztgKgxUrntt6AOI5lBYY0ZJv+yzeulGZSU= From 5b40ef7bef6c17affc1d97b0381f0813bbb19012 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Mar 2024 10:26:54 -0300 Subject: [PATCH 61/83] Bump google.golang.org/api from 0.169.0 to 0.170.0 (#4988) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.169.0 to 0.170.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.169.0...v0.170.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 85c4560ecf..d9e33bca93 100644 --- a/go.mod +++ b/go.mod @@ -81,7 +81,7 @@ require ( golang.org/x/sync v0.6.0 golang.org/x/sys v0.18.0 golang.org/x/time v0.5.0 - google.golang.org/api v0.169.0 + google.golang.org/api v0.170.0 google.golang.org/genproto/googleapis/rpc v0.0.0-20240311132316-a219d84964c2 google.golang.org/grpc v1.62.1 google.golang.org/protobuf v1.33.0 @@ -327,7 +327,7 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/mod v0.14.0 // indirect - golang.org/x/oauth2 v0.17.0 // indirect + golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/tools v0.16.1 // indirect diff --git a/go.sum b/go.sum index 5c5412b280..0de530e811 100644 --- a/go.sum +++ b/go.sum @@ -1696,8 +1696,8 @@ golang.org/x/oauth2 v0.0.0-20221006150949-b44042a4b9c1/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= -golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= -golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= +golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= +golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1980,8 +1980,8 @@ google.golang.org/api v0.102.0/go.mod h1:3VFl6/fzoA+qNuS1N1/VfXY4LjoXN/wzeIp7Twe google.golang.org/api v0.103.0/go.mod h1:hGtW6nK1AC+d9si/UBhw8Xli+QMOf6xyNAyJw4qU9w0= google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= -google.golang.org/api v0.169.0 h1:QwWPy71FgMWqJN/l6jVlFHUa29a7dcUy02I8o799nPY= -google.golang.org/api v0.169.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg= +google.golang.org/api v0.170.0 h1:zMaruDePM88zxZBG+NG8+reALO2rfLhe/JShitLyT48= +google.golang.org/api v0.170.0/go.mod h1:/xql9M2btF85xac/VAm4PsLMTLVGUOpq4BE9R8jyNy8= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= From 2f219878fbbc47f1f9b99e8555e0a679942458e4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Mar 2024 11:37:25 -0300 Subject: [PATCH 62/83] Bump the k8s-io group with 4 updates (#4994) Bumps the k8s-io group with 4 updates: [k8s.io/api](https://github.com/kubernetes/api), [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery), [k8s.io/client-go](https://github.com/kubernetes/client-go) and [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator). Updates `k8s.io/api` from 0.29.2 to 0.29.3 - [Commits](https://github.com/kubernetes/api/compare/v0.29.2...v0.29.3) Updates `k8s.io/apimachinery` from 0.29.2 to 0.29.3 - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.29.2...v0.29.3) Updates `k8s.io/client-go` from 0.29.2 to 0.29.3 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.29.2...v0.29.3) Updates `k8s.io/kube-aggregator` from 0.29.2 to 0.29.3 - [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.29.2...v0.29.3) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io - dependency-name: k8s.io/kube-aggregator dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-io ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index d9e33bca93..8ca84d9f57 100644 --- a/go.mod +++ b/go.mod @@ -85,10 +85,10 @@ require ( google.golang.org/genproto/googleapis/rpc v0.0.0-20240311132316-a219d84964c2 google.golang.org/grpc v1.62.1 google.golang.org/protobuf v1.33.0 - k8s.io/api v0.29.2 - k8s.io/apimachinery v0.29.2 - k8s.io/client-go v0.29.2 - k8s.io/kube-aggregator v0.29.2 + k8s.io/api v0.29.3 + k8s.io/apimachinery v0.29.3 + k8s.io/client-go v0.29.3 + k8s.io/kube-aggregator v0.29.3 sigs.k8s.io/controller-runtime v0.17.2 ) @@ -199,7 +199,7 @@ require ( github.com/golang-jwt/jwt/v5 v5.2.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/mock v1.6.0 // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/golang/snappy v0.0.4 // indirect github.com/google/certificate-transparency-go v1.1.7 // indirect github.com/google/flatbuffers v23.5.26+incompatible // indirect diff --git a/go.sum b/go.sum index 0de530e811..87aff93cb7 100644 --- a/go.sum +++ b/go.sum @@ -883,8 +883,8 @@ github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= @@ -2215,18 +2215,18 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= -k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= +k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= +k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= -k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= -k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= +k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= +k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= +k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= +k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= k8s.io/klog/v2 v2.120.0 h1:z+q5mfovBj1fKFxiRzsa2DsJLPIVMk/KFL81LMOfK+8= k8s.io/klog/v2 v2.120.0/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-aggregator v0.29.2 h1:z9qJn5wlGmGaX6EfM7OEhr6fq6SBjDKR6tPRZ/qgxeY= -k8s.io/kube-aggregator v0.29.2/go.mod h1:QEuwzmMJJsg0eg1Gv+u4cWcYeJG2+8vN8/nTXBzopUo= +k8s.io/kube-aggregator v0.29.3 h1:5KvTyFN8sQq2imq8tMAHWEKoE64Zg9WSMaGX78KV6ps= +k8s.io/kube-aggregator v0.29.3/go.mod h1:xGJqV/SJJ1fbwTGfQLAZfwgqX1EMoaqfotDTkDrqqSk= k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= From ea8b30c6286935477f88a256b56fc3dfbe3e213a Mon Sep 17 00:00:00 2001 From: Max Lambrecht Date: Tue, 19 Mar 2024 10:22:29 -0700 Subject: [PATCH 63/83] Add --static to verify binaries (#4972) Signed-off-by: Max Lambrecht --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 972b628412..bf3eaeffab 100644 --- a/Dockerfile +++ b/Dockerfile @@ -62,7 +62,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \ --mount=type=cache,target=/go/pkg/mod \ if [ "$TARGETARCH" = "arm64" ]; then CC=aarch64-alpine-linux-musl; elif [ "$TARGETARCH" = "s390x" ]; then CC=s390x-alpine-linux-musl; fi && \ make build-static git_tag=$TAG git_dirty="" && \ - for f in $(find bin -executable -type f); do xx-verify $f; done + for f in $(find bin -executable -type f); do xx-verify --static $f; done FROM --platform=${BUILDPLATFORM} scratch AS spire-base WORKDIR /opt/spire From 6861e547e4583acac437dc2741b52e012b51f6e7 Mon Sep 17 00:00:00 2001 From: Ryan Turner Date: Tue, 19 Mar 2024 11:37:06 -0700 Subject: [PATCH 64/83] Try out GitHub merge queue (#4945) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Ryan Turner Co-authored-by: Agustín Martínez Fayó --- .github/workflows/pr_build.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index dbbef7b8e1..1e7c824355 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -2,6 +2,9 @@ name: PR Build on: pull_request: {} workflow_dispatch: {} + merge_group: + types: + - checks_requested env: GO_VERSION: 1.21.8 permissions: From 439d33617424c60536ad455c9534dda0c4df8a47 Mon Sep 17 00:00:00 2001 From: Ryan Turner Date: Wed, 20 Mar 2024 04:13:34 -0700 Subject: [PATCH 65/83] Remove duplicate github.com/gofrs/uuid v4 dependency (#5002) Signed-off-by: Ryan Turner --- go.mod | 1 - go.sum | 2 -- pkg/server/plugin/keymanager/azurekeyvault/azure_key_vault.go | 4 ++-- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 8ca84d9f57..bb053c9d20 100644 --- a/go.mod +++ b/go.mod @@ -38,7 +38,6 @@ require ( github.com/go-jose/go-jose/v3 v3.0.3 github.com/go-sql-driver/mysql v1.8.0 github.com/godbus/dbus/v5 v5.1.0 - github.com/gofrs/uuid v4.4.0+incompatible github.com/gofrs/uuid/v5 v5.0.0 github.com/google/btree v1.1.2 github.com/google/go-cmp v0.6.0 diff --git a/go.sum b/go.sum index 87aff93cb7..d5cc2e25d1 100644 --- a/go.sum +++ b/go.sum @@ -831,8 +831,6 @@ github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gofrs/uuid v4.4.0+incompatible h1:3qXRTX8/NbyulANqlc0lchS1gqAVxRgsuW1YrTJupqA= -github.com/gofrs/uuid v4.4.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gofrs/uuid/v5 v5.0.0 h1:p544++a97kEL+svbcFbCQVM9KFu0Yo25UoISXGNNH9M= github.com/gofrs/uuid/v5 v5.0.0/go.mod h1:CDOjlDMVAtN56jqyRUZh58JT31Tiw7/oQyEXZV+9bD8= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= diff --git a/pkg/server/plugin/keymanager/azurekeyvault/azure_key_vault.go b/pkg/server/plugin/keymanager/azurekeyvault/azure_key_vault.go index d63fa1959f..6cec0c7099 100644 --- a/pkg/server/plugin/keymanager/azurekeyvault/azure_key_vault.go +++ b/pkg/server/plugin/keymanager/azurekeyvault/azure_key_vault.go @@ -19,7 +19,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys" "github.com/andres-erbsen/clock" - "github.com/gofrs/uuid" + "github.com/gofrs/uuid/v5" "github.com/hashicorp/go-hclog" "github.com/hashicorp/hcl" "github.com/lestrrat-go/jwx/v2/jwk" @@ -141,7 +141,7 @@ func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) return nil, err } - var serverID = config.KeyIdentifierValue + serverID := config.KeyIdentifierValue if serverID == "" && config.KeyMetadataFile != "" { p.log.Warn("'key_metadata_file' is deprecated in favor of 'key_identifier_file' and will be removed in a future version") serverID, err = getOrCreateServerID(config.KeyMetadataFile) From 6e1bfc40f7d7f26d704068235ebcb5b7f60e55a2 Mon Sep 17 00:00:00 2001 From: Ryan Turner Date: Thu, 21 Mar 2024 06:59:55 -0700 Subject: [PATCH 66/83] Update Go to 1.22.1 (#4970) Signed-off-by: Ryan Turner --- .github/workflows/pr_build.yaml | 2 +- .github/workflows/release_build.yaml | 2 +- .go-version | 2 +- go.mod | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 1e7c824355..1b11628b17 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -6,7 +6,7 @@ on: types: - checks_requested env: - GO_VERSION: 1.21.8 + GO_VERSION: 1.22.1 permissions: contents: read diff --git a/.github/workflows/release_build.yaml b/.github/workflows/release_build.yaml index dcde65e424..3dd73f8fea 100644 --- a/.github/workflows/release_build.yaml +++ b/.github/workflows/release_build.yaml @@ -4,7 +4,7 @@ on: tags: - 'v[0-9].[0-9]+.[0-9]+' env: - GO_VERSION: 1.21.8 + GO_VERSION: 1.22.1 jobs: cache-deps: name: cache-deps (linux) diff --git a/.go-version b/.go-version index 428abfd24f..6245beecd3 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.21.8 +1.22.1 diff --git a/go.mod b/go.mod index bb053c9d20..54d9348b47 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/spiffe/spire -go 1.21 +go 1.22 require ( cloud.google.com/go/iam v1.1.6 From 69c941a72efc059e2f3b01c8cc1119a5cac2108f Mon Sep 17 00:00:00 2001 From: Andrew Harding Date: Tue, 26 Mar 2024 08:21:59 -0600 Subject: [PATCH 67/83] Bump version after v1.9.2 (#5016) * CHANGELOG update for version v1.9.2 (#5013) * Use cosign v2.2.3 (#5015) Also, auto-accept cosign prompts for non-destructive actions needed to push to the transparency log when running from CI/CD. Signed-off-by: Andrew Harding --- .github/workflows/nightly_build.yaml | 5 +---- .github/workflows/release_build.yaml | 5 +---- .github/workflows/scripts/push-images.sh | 2 +- CHANGELOG.md | 10 ++++++++++ pkg/common/version/version.go | 2 +- pkg/server/datastore/sqlstore/migration.go | 2 ++ test/integration/suites/upgrade/versions.txt | 1 + 7 files changed, 17 insertions(+), 10 deletions(-) diff --git a/.github/workflows/nightly_build.yaml b/.github/workflows/nightly_build.yaml index d07c50eaee..d38acbe382 100644 --- a/.github/workflows/nightly_build.yaml +++ b/.github/workflows/nightly_build.yaml @@ -17,16 +17,13 @@ jobs: id-token: write packages: write - env: - COSIGN_EXPERIMENTAL: 1 - steps: - name: Checkout uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Install cosign uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 with: - cosign-release: v1.13.1 + cosign-release: v2.2.3 - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Build images diff --git a/.github/workflows/release_build.yaml b/.github/workflows/release_build.yaml index 3dd73f8fea..38e81e5bbe 100644 --- a/.github/workflows/release_build.yaml +++ b/.github/workflows/release_build.yaml @@ -587,16 +587,13 @@ jobs: id-token: write packages: write - env: - COSIGN_EXPERIMENTAL: 1 - steps: - name: Checkout uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Install cosign uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 with: - cosign-release: v1.13.1 + cosign-release: v2.2.3 - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Download archived images diff --git a/.github/workflows/scripts/push-images.sh b/.github/workflows/scripts/push-images.sh index 57759bf666..8999d636b4 100755 --- a/.github/workflows/scripts/push-images.sh +++ b/.github/workflows/scripts/push-images.sh @@ -68,5 +68,5 @@ for img in "${OCI_IMAGES[@]}"; do image_digest="$(jq -r '.manifests[0].digest' "${ROOTDIR}oci/${img}/index.json")" - cosign sign "${registry}/${img}@${image_digest}" + cosign sign -y "${registry}/${img}@${image_digest}" done diff --git a/CHANGELOG.md b/CHANGELOG.md index ad154b27f8..d18c7940b8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,15 @@ # Changelog +## [1.9.2] - 2024-03-25 + +### Added + +- Support for AWS IAM-based authentication with AWS RDS backed databases (#4828) +- Support for adjusting the SPIRE Server log level at runtime (#4880) +- New `retry_bootstrap` option to SPIRE Agent to retry failed bootstrapping with SPIRE Server, with a backoff, in lieu of failing the startup process (#4597) +- Improved logging (#4902, #4906) +- Documentation improvements (#4895, #4951, #4907) + ## [1.9.1] - 2024-03-05 ### Security diff --git a/pkg/common/version/version.go b/pkg/common/version/version.go index cf59e21c1f..d00f272fff 100644 --- a/pkg/common/version/version.go +++ b/pkg/common/version/version.go @@ -8,7 +8,7 @@ const ( // IMPORTANT: When updating, make sure to reconcile the versions list that // is part of the upgrade integration test. See // test/integration/suites/upgrade/README.md for details. - Base = "1.9.2" + Base = "1.9.3" ) var ( diff --git a/pkg/server/datastore/sqlstore/migration.go b/pkg/server/datastore/sqlstore/migration.go index 10f29aa50a..2b2b2f5462 100644 --- a/pkg/server/datastore/sqlstore/migration.go +++ b/pkg/server/datastore/sqlstore/migration.go @@ -220,6 +220,8 @@ import ( // | v1.9.0 | | | // |---------| | | // | v1.9.1 | | | +// |---------| | | +// | v1.9.2 | | | // ================================================================================================ const ( diff --git a/test/integration/suites/upgrade/versions.txt b/test/integration/suites/upgrade/versions.txt index cf13c8a877..926c682ab9 100644 --- a/test/integration/suites/upgrade/versions.txt +++ b/test/integration/suites/upgrade/versions.txt @@ -9,3 +9,4 @@ 1.8.8 1.9.0 1.9.1 +1.9.2 From 14ab9eece4dad819831d0a49fdb49bda5c048513 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Mar 2024 06:35:42 -0600 Subject: [PATCH 68/83] Bump github.com/GoogleCloudPlatform/cloudsql-proxy from 1.34.0 to 1.34.1 (#4995) Bumps [github.com/GoogleCloudPlatform/cloudsql-proxy](https://github.com/GoogleCloudPlatform/cloudsql-proxy) from 1.34.0 to 1.34.1. - [Release notes](https://github.com/GoogleCloudPlatform/cloudsql-proxy/releases) - [Changelog](https://github.com/GoogleCloudPlatform/cloud-sql-proxy/blob/v1.34.1/CHANGELOG.md) - [Commits](https://github.com/GoogleCloudPlatform/cloudsql-proxy/compare/v1.34.0...v1.34.1) --- updated-dependencies: - dependency-name: github.com/GoogleCloudPlatform/cloudsql-proxy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 54d9348b47..3ade12593d 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute v1.0.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.1.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 - github.com/GoogleCloudPlatform/cloudsql-proxy v1.34.0 + github.com/GoogleCloudPlatform/cloudsql-proxy v1.34.1 github.com/Microsoft/go-winio v0.6.1 github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 github.com/aws/aws-sdk-go-v2 v1.25.3 diff --git a/go.sum b/go.sum index d5cc2e25d1..ce2cf52d5f 100644 --- a/go.sum +++ b/go.sum @@ -472,8 +472,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dXCilEuNEeAn20fdD4= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= -github.com/GoogleCloudPlatform/cloudsql-proxy v1.34.0 h1:JGaDAt7aiz9casDxojbzFLI+3Mfj19R/+4twAKNGubk= -github.com/GoogleCloudPlatform/cloudsql-proxy v1.34.0/go.mod h1:XNDFTVaBS0jJYam3A88dpdzImNh0RRhBF4k05CNEENs= +github.com/GoogleCloudPlatform/cloudsql-proxy v1.34.1 h1:90Jox0L8bVNGamrVXYhDB7QTA6QPA5VEF1jjb8lcouc= +github.com/GoogleCloudPlatform/cloudsql-proxy v1.34.1/go.mod h1:it45nTiDFKCsdKU+zc0Ae90YNYETK8yenKbzDD5fjdw= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= From 4b3f7030b23fd19a087cf5a1faa6314bf587174e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Mar 2024 09:17:18 -0600 Subject: [PATCH 69/83] Bump github.com/aws/aws-sdk-go-v2 from 1.25.3 to 1.26.0 (#4999) Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.25.3 to 1.26.0. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.25.3...v1.26.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 3ade12593d..c51a8ec290 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/GoogleCloudPlatform/cloudsql-proxy v1.34.1 github.com/Microsoft/go-winio v0.6.1 github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 - github.com/aws/aws-sdk-go-v2 v1.25.3 + github.com/aws/aws-sdk-go-v2 v1.26.0 github.com/aws/aws-sdk-go-v2/config v1.27.0 github.com/aws/aws-sdk-go-v2/credentials v1.17.0 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0 diff --git a/go.sum b/go.sum index ce2cf52d5f..9a24d079cf 100644 --- a/go.sum +++ b/go.sum @@ -558,8 +558,8 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.50.0 h1:HBtrLeO+QyDKnc3t1+5DR1RxodOHCGr8ZcrHudpv7jI= github.com/aws/aws-sdk-go v1.50.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= -github.com/aws/aws-sdk-go-v2 v1.25.3 h1:xYiLpZTQs1mzvz5PaI6uR0Wh57ippuEthxS4iK5v0n0= -github.com/aws/aws-sdk-go-v2 v1.25.3/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I= +github.com/aws/aws-sdk-go-v2 v1.26.0 h1:/Ce4OCiM3EkpW7Y+xUnfAFpchU78K7/Ug01sZni9PgA= +github.com/aws/aws-sdk-go-v2 v1.26.0/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.1 h1:gTK2uhtAPtFcdRRJilZPx8uJLL2J85xK11nKtWL0wfU= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.1/go.mod h1:sxpLb+nZk7tIfCWChfd+h4QwHNUR57d8hA1cleTkjJo= github.com/aws/aws-sdk-go-v2/config v1.27.0 h1:J5sdGCAHuWKIXLeXiqr8II/adSvetkx0qdZwdbXXpb0= From 51050c3438335cd444d2e2fa9e7157df586abf23 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Mar 2024 10:24:24 -0600 Subject: [PATCH 70/83] Bump github.com/hashicorp/vault/api from 1.12.1 to 1.12.2 (#5000) Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.12.1 to 1.12.2. - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/vault/compare/v1.12.1...v1.12.2) --- updated-dependencies: - dependency-name: github.com/hashicorp/vault/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c51a8ec290..ee02e1ac6b 100644 --- a/go.mod +++ b/go.mod @@ -50,7 +50,7 @@ require ( github.com/hashicorp/go-metrics v0.5.3 github.com/hashicorp/go-plugin v1.6.0 github.com/hashicorp/hcl v1.0.1-vault-5 - github.com/hashicorp/vault/api v1.12.1 + github.com/hashicorp/vault/api v1.12.2 github.com/hashicorp/vault/sdk v0.11.1 github.com/imdario/mergo v0.3.16 github.com/imkira/go-observer v1.0.3 diff --git a/go.sum b/go.sum index 9a24d079cf..943dfb59b2 100644 --- a/go.sum +++ b/go.sum @@ -1055,8 +1055,8 @@ github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uG github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= -github.com/hashicorp/vault/api v1.12.1 h1:WzGN4X5jrJdNO39g6Sa55djNio3I9DxEBOTmCZE7tm0= -github.com/hashicorp/vault/api v1.12.1/go.mod h1:1pqP/sErScodde+ybJCyP+ONC4jzEg7Dmawg/QLWo1k= +github.com/hashicorp/vault/api v1.12.2 h1:7YkCTE5Ni90TcmYHDBExdt4WGJxhpzaHqR6uGbQb/rE= +github.com/hashicorp/vault/api v1.12.2/go.mod h1:LSGf1NGT1BnvFFnKVtnvcaLBM2Lz+gJdpL6HUYed8KE= github.com/hashicorp/vault/sdk v0.11.1 h1:mH/MYHBSrl594e+KT6Qhj5+kTmG02n1aZ3mYwCL0mdI= github.com/hashicorp/vault/sdk v0.11.1/go.mod h1:t+Jt1xvh48cuew8eYjM0F2+MFcjNvG4Ow60K7/2yaUU= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= From 0c7807f878d3b22d941ec8a69c149338625b0403 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Mar 2024 11:38:29 -0600 Subject: [PATCH 71/83] Bump actions/cache from 4.0.1 to 4.0.2 (#5001) Bumps [actions/cache](https://github.com/actions/cache) from 4.0.1 to 4.0.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/ab5e6d0c87105b4c9c2047343972218f562e4319...0c45773b623bea8c8e75f6c82b208c3cf94ea4f9) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pr_build.yaml | 42 ++++++++++++++-------------- .github/workflows/release_build.yaml | 42 ++++++++++++++-------------- 2 files changed, 42 insertions(+), 42 deletions(-) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 1b11628b17..f6a29a1180 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -27,7 +27,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Setup dep cache - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -51,12 +51,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Setup build tool cache - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -88,7 +88,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -112,7 +112,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -170,12 +170,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -206,7 +206,7 @@ jobs: - name: Checkout uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Load cached executables - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ./bin/ key: ${{ runner.os }}-executables-${{ hashFiles('**/*.exe') }} @@ -272,12 +272,12 @@ jobs: - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -332,12 +332,12 @@ jobs: - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -382,12 +382,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -426,7 +426,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Setup dep cache - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -453,12 +453,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Setup build tool cache - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -496,7 +496,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -530,12 +530,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -549,7 +549,7 @@ jobs: - name: Build binaries run: make build - name: Setup executables cache - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ./bin/ key: ${{ runner.os }}-executables-${{ hashFiles('**/*.exe') }} diff --git a/.github/workflows/release_build.yaml b/.github/workflows/release_build.yaml index 38e81e5bbe..4cf8575ca4 100644 --- a/.github/workflows/release_build.yaml +++ b/.github/workflows/release_build.yaml @@ -21,7 +21,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Setup dep cache - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -44,12 +44,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Setup build tool cache - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -80,7 +80,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -103,7 +103,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -160,12 +160,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -191,7 +191,7 @@ jobs: - name: Checkout uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Load cached executables - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ./bin/ key: ${{ runner.os }}-executables-${{ hashFiles('**/*.exe') }} @@ -264,12 +264,12 @@ jobs: - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -324,12 +324,12 @@ jobs: - name: Install regctl uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -372,12 +372,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -415,7 +415,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Setup dep cache - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -441,12 +441,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Setup build tool cache - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -483,7 +483,7 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -516,12 +516,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - name: Load cached deps - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - name: Load cached build tools - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: .build key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} @@ -537,7 +537,7 @@ jobs: - name: Build artifacts run: ./.github/workflows/scripts/build_artifacts.sh ${{ runner.os }} - name: Setup executables cache - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ./bin/ key: ${{ runner.os }}-executables-${{ hashFiles('**/*.exe') }} From 0d28fe87c9a3d8ef77a46e0df2ed1e45d74902f3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Mar 2024 13:51:08 -0600 Subject: [PATCH 72/83] Bump the google-cloud-sdk group with 1 update (#5004) Bumps the google-cloud-sdk group with 1 update: [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go). Updates `cloud.google.com/go/secretmanager` from 1.11.5 to 1.12.0 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/secretmanager/v1.11.5...dlp/v1.12.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/secretmanager dependency-type: direct:production update-type: version-update:semver-minor dependency-group: google-cloud-sdk ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ee02e1ac6b..0a6c1f3bde 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.22 require ( cloud.google.com/go/iam v1.1.6 cloud.google.com/go/kms v1.15.7 - cloud.google.com/go/secretmanager v1.11.5 + cloud.google.com/go/secretmanager v1.12.0 cloud.google.com/go/security v1.15.5 cloud.google.com/go/storage v1.39.0 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0 diff --git a/go.sum b/go.sum index 943dfb59b2..9b12f37434 100644 --- a/go.sum +++ b/go.sum @@ -325,8 +325,8 @@ cloud.google.com/go/scheduler v1.7.0/go.mod h1:jyCiBqWW956uBjjPMMuX09n3x37mtyPJe cloud.google.com/go/secretmanager v1.6.0/go.mod h1:awVa/OXF6IiyaU1wQ34inzQNc4ISIDIrId8qE5QGgKA= cloud.google.com/go/secretmanager v1.8.0/go.mod h1:hnVgi/bN5MYHd3Gt0SPuTPPp5ENina1/LxM+2W9U9J4= cloud.google.com/go/secretmanager v1.9.0/go.mod h1:b71qH2l1yHmWQHt9LC80akm86mX8AL6X1MA01dW8ht4= -cloud.google.com/go/secretmanager v1.11.5 h1:82fpF5vBBvu9XW4qj0FU2C6qVMtj1RM/XHwKXUEAfYY= -cloud.google.com/go/secretmanager v1.11.5/go.mod h1:eAGv+DaCHkeVyQi0BeXgAHOU0RdrMeZIASKc+S7VqH4= +cloud.google.com/go/secretmanager v1.12.0 h1:e5pIo/QEgiFiHPVJPxM5jbtUr4O/u5h2zLHYtkFQr24= +cloud.google.com/go/secretmanager v1.12.0/go.mod h1:Y1Gne3Ag+fZ2TDTiJc8ZJCMFbi7k1rYT4Rw30GXfvlk= cloud.google.com/go/security v1.5.0/go.mod h1:lgxGdyOKKjHL4YG3/YwIL2zLqMFCKs0UbQwgyZmfJl4= cloud.google.com/go/security v1.7.0/go.mod h1:mZklORHl6Bg7CNnnjLH//0UlAlaXqiG7Lb9PsPXLfD0= cloud.google.com/go/security v1.8.0/go.mod h1:hAQOwgmaHhztFhiQ41CjDODdWP0+AE1B3sX4OFlq+GU= From 0727fa64f7af0330c3b4e1404d2e240bdd44cfe5 Mon Sep 17 00:00:00 2001 From: Federico Nahuel Quijada <63385953+FedeNQ@users.noreply.github.com> Date: Wed, 27 Mar 2024 19:22:59 -0300 Subject: [PATCH 73/83] Add more filtering options to entry count/show and agent count/list (#4714) * add filtering options to count command Signed-off-by: FedeNQ * add more fields Signed-off-by: FedeNQ * Add filtering to entry & agent count/show/list commands Signed-off-by: FedeNQ * fix lint Signed-off-by: FedeNQ * add more unit test Signed-off-by: FedeNQ * Change count & list for entries Signed-off-by: FedeNQ * rollback Signed-off-by: FedeNQ * fix Signed-off-by: FedeNQ * fix lint Signed-off-by: FedeNQ * update go.mod & go.sum Signed-off-by: FedeNQ * fix windows message Signed-off-by: FedeNQ * update agent & entry message Signed-off-by: FedeNQ * update agent message Signed-off-by: FedeNQ * count entries & agent now uses pagination Signed-off-by: FedeNQ * remove comment Signed-off-by: FedeNQ * fix lint Signed-off-by: FedeNQ * rollback Signed-off-by: FedeNQ --------- Signed-off-by: FedeNQ Signed-off-by: Federico Nahuel Quijada <63385953+FedeNQ@users.noreply.github.com> --- .../cli/agent/agent_posix_test.go | 20 ++ cmd/spire-server/cli/agent/agent_test.go | 51 ++++ .../cli/agent/agent_windows_test.go | 20 ++ cmd/spire-server/cli/agent/count.go | 86 +++++- cmd/spire-server/cli/agent/list.go | 57 +++- cmd/spire-server/cli/entry/count.go | 97 ++++++- cmd/spire-server/cli/entry/count_test.go | 259 +++++++++++++++++- cmd/spire-server/cli/entry/show.go | 2 + cmd/spire-server/cli/entry/show_test.go | 24 +- cmd/spire-server/cli/entry/util_posix_test.go | 16 ++ .../cli/entry/util_windows_test.go | 16 ++ doc/spire_server.md | 25 +- go.mod | 2 +- go.sum | 4 +- pkg/common/cli/flags.go | 26 ++ .../telemetry/server/datastore/wrapper.go | 8 +- .../server/datastore/wrapper_test.go | 4 +- pkg/server/api/agent/v1/service.go | 83 +++++- pkg/server/api/debug/v1/service.go | 5 +- pkg/server/api/entry/v1/service.go | 110 +++++++- pkg/server/datastore/datastore.go | 24 +- pkg/server/datastore/sqlstore/sqlstore.go | 188 +++++++++++-- .../datastore/sqlstore/sqlstore_test.go | 8 +- test/fakes/fakedatastore/fakedatastore.go | 8 +- 24 files changed, 1065 insertions(+), 78 deletions(-) diff --git a/cmd/spire-server/cli/agent/agent_posix_test.go b/cmd/spire-server/cli/agent/agent_posix_test.go index a1e6568bc6..43ac27f7ad 100644 --- a/cmd/spire-server/cli/agent/agent_posix_test.go +++ b/cmd/spire-server/cli/agent/agent_posix_test.go @@ -14,6 +14,14 @@ var ( Path to the SPIRE Server API socket (default "/tmp/spire-server/private/api.sock") ` listUsage = `Usage of agent list: + -attestationType string + Filter by attestation type, like join_token or x509pop. + -banned value + Filter based on string received, 'true': banned agents, 'false': not banned agents, other value will return all. + -canReattest value + Filter based on string received, 'true': agents that can reattest, 'false': agents that can't reattest, other value will return all. + -expiresBefore string + Filter by expiration time (format: "2006-01-02 15:04:05 -0700 -07") -matchSelectorsOn string The match mode used when filtering by selectors. Options: exact, any, superset and subset (default "superset") -output value @@ -40,8 +48,20 @@ var ( The SPIFFE ID of the agent to evict (agent identity) ` countUsage = `Usage of agent count: + -attestationType string + Filter by attestation type, like join_token or x509pop. + -banned value + Filter based on string received, 'true': banned agents, 'false': not banned agents, other value will return all. + -canReattest value + Filter based on string received, 'true': agents that can reattest, 'false': agents that can't reattest, other value will return all. + -expiresBefore string + Filter by expiration time (format: "2006-01-02 15:04:05 -0700 -07") + -matchSelectorsOn string + The match mode used when filtering by selectors. Options: exact, any, superset and subset (default "superset") -output value Desired output format (pretty, json); default: pretty. + -selector value + A colon-delimited type:value selector. Can be used more than once -socketPath string Path to the SPIRE Server API socket (default "/tmp/spire-server/private/api.sock") ` diff --git a/cmd/spire-server/cli/agent/agent_test.go b/cmd/spire-server/cli/agent/agent_test.go index bf63ba0fd3..6110a88bfd 100644 --- a/cmd/spire-server/cli/agent/agent_test.go +++ b/cmd/spire-server/cli/agent/agent_test.go @@ -225,6 +225,12 @@ func TestCount(t *testing.T) { expectedReturnCode: 1, expectedStderr: common.AddrError, }, + { + name: "Count by expiresBefore: month out of range", + args: []string{"-expiresBefore", "2001-13-05"}, + expectedReturnCode: 1, + expectedStderr: "Error: date is not valid: parsing time \"2001-13-05\": month out of range\n", + }, } { for _, format := range availableFormats { t.Run(fmt.Sprintf("%s using %s format", tt.name, format), func(t *testing.T) { @@ -389,6 +395,45 @@ func TestList(t *testing.T) { expectedStdoutPretty: "Found 1 attested agent:\n\nSPIFFE ID : spiffe://example.org/spire/agent/agent1", expectedStdoutJSON: `{"agents":[{"id":{"trust_domain":"example.org","path":"/spire/agent/agent1"},"attestation_type":"","x509svid_serial_number":"","x509svid_expires_at":"0","selectors":[],"banned":false,"can_reattest":true}],"next_page_token":""}`, }, + { + name: "by expiresBefore", + args: []string{"-expiresBefore", "2000-01-01 15:04:05 -0700 -07"}, + expectReq: &agentv1.ListAgentsRequest{ + Filter: &agentv1.ListAgentsRequest_Filter{ + ByExpiresBefore: "2000-01-01 15:04:05 -0700 -07", + }, + PageSize: 1000, + }, + existentAgents: testAgents, + expectedStdoutPretty: "Found 1 attested agent:\n\nSPIFFE ID : spiffe://example.org/spire/agent/agent1", + expectedStdoutJSON: `{"agents":[{"id":{"trust_domain":"example.org","path":"/spire/agent/agent1"},"attestation_type":"","x509svid_serial_number":"","x509svid_expires_at":"0","selectors":[],"banned":false,"can_reattest":true}],"next_page_token":""}`, + }, + { + name: "by banned", + args: []string{"-banned", "true"}, + expectReq: &agentv1.ListAgentsRequest{ + Filter: &agentv1.ListAgentsRequest_Filter{ + ByBanned: wrapperspb.Bool(true), + }, + PageSize: 1000, + }, + existentAgents: testAgentsWithBanned, + expectedStdoutPretty: "Found 1 attested agent:\n\nSPIFFE ID : spiffe://example.org/spire/agent/banned", + expectedStdoutJSON: `{"agents":[{"id":{"trust_domain":"example.org","path":"/spire/agent/banned"},"attestation_type":"","x509svid_serial_number":"","x509svid_expires_at":"0","selectors":[],"banned":true,"can_reattest":false}],"next_page_token":""}`, + }, + { + name: "by canReattest", + args: []string{"-canReattest", "true"}, + expectReq: &agentv1.ListAgentsRequest{ + Filter: &agentv1.ListAgentsRequest_Filter{ + ByCanReattest: wrapperspb.Bool(true), + }, + PageSize: 1000, + }, + existentAgents: testAgents, + expectedStdoutPretty: "Found 1 attested agent:\n\nSPIFFE ID : spiffe://example.org/spire/agent/agent1", + expectedStdoutJSON: `{"agents":[{"id":{"trust_domain":"example.org","path":"/spire/agent/agent1"},"attestation_type":"","x509svid_serial_number":"","x509svid_expires_at":"0","selectors":[],"banned":false,"can_reattest":true}],"next_page_token":""}`, + }, { name: "List by selectors: Invalid matcher", args: []string{"-selector", "foo:bar", "-selector", "bar:baz", "-matchSelectorsOn", "NO-MATCHER"}, @@ -407,6 +452,12 @@ func TestList(t *testing.T) { expectedReturnCode: 1, expectedStderr: common.AddrError, }, + { + name: "List by expiresBefore: month out of range", + args: []string{"-expiresBefore", "2001-13-05"}, + expectedReturnCode: 1, + expectedStderr: "Error: date is not valid: parsing time \"2001-13-05\": month out of range\n", + }, } { for _, format := range availableFormats { t.Run(fmt.Sprintf("%s using %s format", tt.name, format), func(t *testing.T) { diff --git a/cmd/spire-server/cli/agent/agent_windows_test.go b/cmd/spire-server/cli/agent/agent_windows_test.go index 965ab5c3a7..7b98b75005 100644 --- a/cmd/spire-server/cli/agent/agent_windows_test.go +++ b/cmd/spire-server/cli/agent/agent_windows_test.go @@ -14,6 +14,14 @@ var ( Desired output format (pretty, json); default: pretty. ` listUsage = `Usage of agent list: + -attestationType string + Filter by attestation type, like join_token or x509pop. + -banned value + Filter based on string received, 'true': banned agents, 'false': not banned agents, other value will return all. + -canReattest value + Filter based on string received, 'true': agents that can reattest, 'false': agents that can't reattest, other value will return all. + -expiresBefore string + Filter by expiration time (format: "2006-01-02 15:04:05 -0700 -07") -matchSelectorsOn string The match mode used when filtering by selectors. Options: exact, any, superset and subset (default "superset") -namedPipeName string @@ -40,10 +48,22 @@ var ( The SPIFFE ID of the agent to evict (agent identity) ` countUsage = `Usage of agent count: + -attestationType string + Filter by attestation type, like join_token or x509pop. + -banned value + Filter based on string received, 'true': banned agents, 'false': not banned agents, other value will return all. + -canReattest value + Filter based on string received, 'true': agents that can reattest, 'false': agents that can't reattest, other value will return all. + -expiresBefore string + Filter by expiration time (format: "2006-01-02 15:04:05 -0700 -07") + -matchSelectorsOn string + The match mode used when filtering by selectors. Options: exact, any, superset and subset (default "superset") -namedPipeName string Pipe name of the SPIRE Server API named pipe (default "\\spire-server\\private\\api") -output value Desired output format (pretty, json); default: pretty. + -selector value + A colon-delimited type:value selector. Can be used more than once ` showUsage = `Usage of agent show: -namedPipeName string diff --git a/cmd/spire-server/cli/agent/count.go b/cmd/spire-server/cli/agent/count.go index 4b46f77f0d..ef59d0de7b 100644 --- a/cmd/spire-server/cli/agent/count.go +++ b/cmd/spire-server/cli/agent/count.go @@ -5,16 +5,39 @@ import ( "errors" "flag" "fmt" + "time" "github.com/mitchellh/cli" agentv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/agent/v1" + "github.com/spiffe/spire-api-sdk/proto/spire/api/types" "github.com/spiffe/spire/cmd/spire-server/util" commoncli "github.com/spiffe/spire/pkg/common/cli" "github.com/spiffe/spire/pkg/common/cliprinter" + "google.golang.org/protobuf/types/known/wrapperspb" ) type countCommand struct { - env *commoncli.Env + // Type and value are delimited by a colon (:) + // ex. "unix:uid:1000" or "spiffe_id:spiffe://example.org/foo" + selectors commoncli.StringsFlag + + // Match used when filtering by selectors + matchSelectorsOn string + + // Filters agents to those that are banned. + banned commoncli.BoolFlag + + // Filters agents by those expires before. + expiresBefore string + + // Filters agents to those matching the attestation type. + attestationType string + + // Filters agents that can re-attest. + canReattest commoncli.BoolFlag + + env *commoncli.Env + printer cliprinter.Printer } @@ -39,8 +62,61 @@ func (*countCommand) Synopsis() string { // Run counts attested agents func (c *countCommand) Run(ctx context.Context, _ *commoncli.Env, serverClient util.ServerClient) error { + filter := &agentv1.CountAgentsRequest_Filter{} + if len(c.selectors) > 0 { + matchBehavior, err := parseToSelectorMatch(c.matchSelectorsOn) + if err != nil { + return err + } + + selectors := make([]*types.Selector, len(c.selectors)) + for i, sel := range c.selectors { + selector, err := util.ParseSelector(sel) + if err != nil { + return fmt.Errorf("error parsing selector %q: %w", sel, err) + } + selectors[i] = selector + } + filter.BySelectorMatch = &types.SelectorMatch{ + Selectors: selectors, + Match: matchBehavior, + } + } + + if c.expiresBefore != "" { + // Parse the time string into a time.Time object + _, err := time.Parse("2006-01-02 15:04:05 -0700 -07", c.expiresBefore) + if err != nil { + return fmt.Errorf("date is not valid: %w", err) + } + filter.ByExpiresBefore = c.expiresBefore + } + + if c.attestationType != "" { + filter.ByAttestationType = c.attestationType + } + + // 0: all, 1: can't reattest, 2: can reattest + if c.canReattest == 1 { + filter.ByCanReattest = wrapperspb.Bool(false) + } + if c.canReattest == 2 { + filter.ByCanReattest = wrapperspb.Bool(true) + } + + // 0: all, 1: no-banned, 2: banned + if c.banned == 1 { + filter.ByBanned = wrapperspb.Bool(false) + } + if c.banned == 2 { + filter.ByBanned = wrapperspb.Bool(true) + } + agentClient := serverClient.NewAgentClient() - countResponse, err := agentClient.CountAgents(ctx, &agentv1.CountAgentsRequest{}) + + countResponse, err := agentClient.CountAgents(ctx, &agentv1.CountAgentsRequest{ + Filter: filter, + }) if err != nil { return err } @@ -49,6 +125,12 @@ func (c *countCommand) Run(ctx context.Context, _ *commoncli.Env, serverClient u } func (c *countCommand) AppendFlags(fs *flag.FlagSet) { + fs.Var(&c.selectors, "selector", "A colon-delimited type:value selector. Can be used more than once") + fs.StringVar(&c.attestationType, "attestationType", "", "Filter by attestation type, like join_token or x509pop.") + fs.Var(&c.canReattest, "canReattest", "Filter based on string received, 'true': agents that can reattest, 'false': agents that can't reattest, other value will return all.") + fs.Var(&c.banned, "banned", "Filter based on string received, 'true': banned agents, 'false': not banned agents, other value will return all.") + fs.StringVar(&c.expiresBefore, "expiresBefore", "", "Filter by expiration time (format: \"2006-01-02 15:04:05 -0700 -07\")") + fs.StringVar(&c.matchSelectorsOn, "matchSelectorsOn", "superset", "The match mode used when filtering by selectors. Options: exact, any, superset and subset") cliprinter.AppendFlagWithCustomPretty(&c.printer, fs, c.env, prettyPrintCount) } diff --git a/cmd/spire-server/cli/agent/list.go b/cmd/spire-server/cli/agent/list.go index 80b66989ec..8062294c43 100644 --- a/cmd/spire-server/cli/agent/list.go +++ b/cmd/spire-server/cli/agent/list.go @@ -14,16 +14,32 @@ import ( commoncli "github.com/spiffe/spire/pkg/common/cli" "github.com/spiffe/spire/pkg/common/cliprinter" "github.com/spiffe/spire/pkg/common/idutil" + "google.golang.org/protobuf/types/known/wrapperspb" ) type listCommand struct { - env *commoncli.Env // Type and value are delimited by a colon (:) // ex. "unix:uid:1000" or "spiffe_id:spiffe://example.org/foo" selectors commoncli.StringsFlag - // Match used when filtering agents by selectors + + // Match used when filtering by selectors matchSelectorsOn string - printer cliprinter.Printer + + // Filters agents to those that are banned. + banned commoncli.BoolFlag + + // Filters agents by those expires before. + expiresBefore string + + // Filters agents to those matching the attestation type. + attestationType string + + // Filters agents that can re-attest. + canReattest commoncli.BoolFlag + + env *commoncli.Env + + printer cliprinter.Printer } // NewListCommand creates a new "list" subcommand for "agent" command. @@ -68,6 +84,35 @@ func (c *listCommand) Run(ctx context.Context, _ *commoncli.Env, serverClient ut } } + if c.expiresBefore != "" { + // Parse the time string into a time.Time object + _, err := time.Parse("2006-01-02 15:04:05 -0700 -07", c.expiresBefore) + if err != nil { + return fmt.Errorf("date is not valid: %w", err) + } + filter.ByExpiresBefore = c.expiresBefore + } + + if c.attestationType != "" { + filter.ByAttestationType = c.attestationType + } + + // 0: all, 1: can't reattest, 2: can reattest + if c.canReattest == 1 { + filter.ByCanReattest = wrapperspb.Bool(false) + } + if c.canReattest == 2 { + filter.ByCanReattest = wrapperspb.Bool(true) + } + + // 0: all, 1: no-banned, 2: banned + if c.banned == 1 { + filter.ByBanned = wrapperspb.Bool(false) + } + if c.banned == 2 { + filter.ByBanned = wrapperspb.Bool(true) + } + agentClient := serverClient.NewAgentClient() pageToken := "" @@ -91,8 +136,12 @@ func (c *listCommand) Run(ctx context.Context, _ *commoncli.Env, serverClient ut } func (c *listCommand) AppendFlags(fs *flag.FlagSet) { - fs.StringVar(&c.matchSelectorsOn, "matchSelectorsOn", "superset", "The match mode used when filtering by selectors. Options: exact, any, superset and subset") fs.Var(&c.selectors, "selector", "A colon-delimited type:value selector. Can be used more than once") + fs.StringVar(&c.attestationType, "attestationType", "", "Filter by attestation type, like join_token or x509pop.") + fs.Var(&c.canReattest, "canReattest", "Filter based on string received, 'true': agents that can reattest, 'false': agents that can't reattest, other value will return all.") + fs.Var(&c.banned, "banned", "Filter based on string received, 'true': banned agents, 'false': not banned agents, other value will return all.") + fs.StringVar(&c.expiresBefore, "expiresBefore", "", "Filter by expiration time (format: \"2006-01-02 15:04:05 -0700 -07\")") + fs.StringVar(&c.matchSelectorsOn, "matchSelectorsOn", "superset", "The match mode used when filtering by selectors. Options: exact, any, superset and subset") cliprinter.AppendFlagWithCustomPretty(&c.printer, fs, c.env, prettyPrintAgents) } diff --git a/cmd/spire-server/cli/entry/count.go b/cmd/spire-server/cli/entry/count.go index c095e76899..ce3f8153f6 100644 --- a/cmd/spire-server/cli/entry/count.go +++ b/cmd/spire-server/cli/entry/count.go @@ -7,12 +7,39 @@ import ( "github.com/mitchellh/cli" entryv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/entry/v1" + "github.com/spiffe/spire-api-sdk/proto/spire/api/types" "github.com/spiffe/spire/cmd/spire-server/util" commoncli "github.com/spiffe/spire/pkg/common/cli" "github.com/spiffe/spire/pkg/common/cliprinter" + "google.golang.org/protobuf/types/known/wrapperspb" ) type countCommand struct { + // Type and value are delimited by a colon (:) + // ex. "unix:uid:1000" or "spiffe_id:spiffe://example.org/foo" + selectors StringsFlag + + // Workload parent spiffeID + parentID string + + // Workload spiffeID + spiffeID string + + // Entry hint + hint string + + // List of SPIFFE IDs of trust domains the registration entry is federated with + federatesWith StringsFlag + + // Whether or not the entry is for a downstream SPIRE server + downstream bool + + // Match used when filtering by federates with + matchFederatesWithOn string + + // Match used when filtering by selectors + matchSelectorsOn string + printer cliprinter.Printer env *commoncli.Env } @@ -39,7 +66,66 @@ func (*countCommand) Synopsis() string { // Run counts attested entries func (c *countCommand) Run(ctx context.Context, _ *commoncli.Env, serverClient util.ServerClient) error { entryClient := serverClient.NewEntryClient() - countResponse, err := entryClient.CountEntries(ctx, &entryv1.CountEntriesRequest{}) + + filter := &entryv1.CountEntriesRequest_Filter{} + if c.parentID != "" { + id, err := idStringToProto(c.parentID) + if err != nil { + return fmt.Errorf("error parsing parent ID %q: %w", c.parentID, err) + } + filter.ByParentId = id + } + + if c.spiffeID != "" { + id, err := idStringToProto(c.spiffeID) + if err != nil { + return fmt.Errorf("error parsing SPIFFE ID %q: %w", c.spiffeID, err) + } + filter.BySpiffeId = id + } + + if len(c.selectors) != 0 { + matchSelectorBehavior, err := parseToSelectorMatch(c.matchSelectorsOn) + if err != nil { + return err + } + + selectors := make([]*types.Selector, len(c.selectors)) + for i, sel := range c.selectors { + selector, err := util.ParseSelector(sel) + if err != nil { + return fmt.Errorf("error parsing selectors: %w", err) + } + selectors[i] = selector + } + filter.BySelectors = &types.SelectorMatch{ + Selectors: selectors, + Match: matchSelectorBehavior, + } + } + + filter.ByDownstream = wrapperspb.Bool(c.downstream) + + if len(c.federatesWith) > 0 { + matchFederatesWithBehavior, err := parseToFederatesWithMatch(c.matchFederatesWithOn) + if err != nil { + return err + } + + filter.ByFederatesWith = &types.FederatesWithMatch{ + TrustDomains: c.federatesWith, + Match: matchFederatesWithBehavior, + } + } + + if c.hint != "" { + filter.ByHint = wrapperspb.String(c.hint) + } + + countResponse, err := entryClient.CountEntries(ctx, &entryv1.CountEntriesRequest{ + Filter: filter, + }) + if err != nil { return err } @@ -48,6 +134,15 @@ func (c *countCommand) Run(ctx context.Context, _ *commoncli.Env, serverClient u } func (c *countCommand) AppendFlags(fs *flag.FlagSet) { + fs.StringVar(&c.parentID, "parentID", "", "The Parent ID of the records to count") + fs.StringVar(&c.spiffeID, "spiffeID", "", "The SPIFFE ID of the records to count") + fs.BoolVar(&c.downstream, "downstream", false, "A boolean value that, when set, indicates that the entry describes a downstream SPIRE server") + fs.Var(&c.selectors, "selector", "A colon-delimited type:value selector. Can be used more than once") + fs.Var(&c.federatesWith, "federatesWith", "SPIFFE ID of a trust domain an entry is federate with. Can be used more than once") + fs.StringVar(&c.matchFederatesWithOn, "matchFederatesWithOn", "superset", "The match mode used when filtering by federates with. Options: exact, any, superset and subset") + fs.StringVar(&c.matchSelectorsOn, "matchSelectorsOn", "superset", "The match mode used when filtering by selectors. Options: exact, any, superset and subset") + fs.StringVar(&c.hint, "hint", "", "The Hint of the records to count (optional)") + cliprinter.AppendFlagWithCustomPretty(&c.printer, fs, c.env, c.prettyPrintCount) } diff --git a/cmd/spire-server/cli/entry/count_test.go b/cmd/spire-server/cli/entry/count_test.go index cfff9ca6f7..e162bd4a96 100644 --- a/cmd/spire-server/cli/entry/count_test.go +++ b/cmd/spire-server/cli/entry/count_test.go @@ -5,9 +5,11 @@ import ( "testing" entryv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/entry/v1" + "github.com/spiffe/spire-api-sdk/proto/spire/api/types" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" + "google.golang.org/protobuf/types/known/wrapperspb" ) func TestCountHelp(t *testing.T) { @@ -31,12 +33,262 @@ func TestCount(t *testing.T) { for _, tt := range []struct { name string args []string + expCountReq *entryv1.CountEntriesRequest fakeCountResp *entryv1.CountEntriesResponse serverErr error expOutPretty string expOutJSON string expErr string }{ + { + name: "Count all entries (empty filter)", + expCountReq: &entryv1.CountEntriesRequest{ + Filter: &entryv1.CountEntriesRequest_Filter{ + ByDownstream: wrapperspb.Bool(false), + }, + }, + fakeCountResp: fakeResp4, + expOutPretty: "4 registration entries", + expOutJSON: `{"count":4}`, + }, + { + name: "Count by parentID", + args: []string{"-parentID", "spiffe://example.org/father"}, + expCountReq: &entryv1.CountEntriesRequest{ + Filter: &entryv1.CountEntriesRequest_Filter{ + ByParentId: &types.SPIFFEID{TrustDomain: "example.org", Path: "/father"}, + ByDownstream: wrapperspb.Bool(false), + }, + }, + fakeCountResp: fakeResp2, + expOutPretty: "2 registration entries", + expOutJSON: `{"count":2}`, + }, + { + name: "Count by parent ID using invalid ID", + args: []string{"-parentID", "invalid-id"}, + expErr: "Error: error parsing parent ID \"invalid-id\": scheme is missing or invalid\n", + }, + { + name: "Count by SPIFFE ID", + args: []string{"-spiffeID", "spiffe://example.org/daughter"}, + expCountReq: &entryv1.CountEntriesRequest{ + Filter: &entryv1.CountEntriesRequest_Filter{ + BySpiffeId: &types.SPIFFEID{TrustDomain: "example.org", Path: "/daughter"}, + ByDownstream: wrapperspb.Bool(false), + }, + }, + fakeCountResp: fakeResp2, + expOutPretty: "2 registration entries", + expOutJSON: `{"count":2}`, + }, + { + name: "Count by SPIFFE ID using invalid ID", + args: []string{"-spiffeID", "invalid-id"}, + expErr: "Error: error parsing SPIFFE ID \"invalid-id\": scheme is missing or invalid\n", + }, + { + name: "Count by selectors: default matcher", + args: []string{"-selector", "foo:bar", "-selector", "bar:baz"}, + expCountReq: &entryv1.CountEntriesRequest{ + Filter: &entryv1.CountEntriesRequest_Filter{ + BySelectors: &types.SelectorMatch{ + Selectors: []*types.Selector{ + {Type: "foo", Value: "bar"}, + {Type: "bar", Value: "baz"}, + }, + Match: types.SelectorMatch_MATCH_SUPERSET, + }, + ByDownstream: wrapperspb.Bool(false), + }, + }, + fakeCountResp: fakeResp1, + expOutPretty: "1 registration entry", + expOutJSON: `{"count":1}`, + }, + { + name: "Count by selectors: exact matcher", + args: []string{"-selector", "foo:bar", "-selector", "bar:baz", "-matchSelectorsOn", "exact"}, + expCountReq: &entryv1.CountEntriesRequest{ + Filter: &entryv1.CountEntriesRequest_Filter{ + BySelectors: &types.SelectorMatch{ + Selectors: []*types.Selector{ + {Type: "foo", Value: "bar"}, + {Type: "bar", Value: "baz"}, + }, + Match: types.SelectorMatch_MATCH_EXACT, + }, + ByDownstream: wrapperspb.Bool(false), + }, + }, + fakeCountResp: fakeResp1, + expOutPretty: "1 registration entry", + expOutJSON: `{"count":1}`, + }, + { + name: "Count by selectors: superset matcher", + args: []string{"-selector", "foo:bar", "-selector", "bar:baz", "-matchSelectorsOn", "superset"}, + expCountReq: &entryv1.CountEntriesRequest{ + Filter: &entryv1.CountEntriesRequest_Filter{ + BySelectors: &types.SelectorMatch{ + Selectors: []*types.Selector{ + {Type: "foo", Value: "bar"}, + {Type: "bar", Value: "baz"}, + }, + Match: types.SelectorMatch_MATCH_SUPERSET, + }, + ByDownstream: wrapperspb.Bool(false), + }, + }, + fakeCountResp: fakeResp1, + expOutPretty: "1 registration entry", + expOutJSON: `{"count":1}`, + }, + { + name: "Count by selectors: subset matcher", + args: []string{"-selector", "foo:bar", "-selector", "bar:baz", "-matchSelectorsOn", "subset"}, + expCountReq: &entryv1.CountEntriesRequest{ + Filter: &entryv1.CountEntriesRequest_Filter{ + BySelectors: &types.SelectorMatch{ + Selectors: []*types.Selector{ + {Type: "foo", Value: "bar"}, + {Type: "bar", Value: "baz"}, + }, + Match: types.SelectorMatch_MATCH_SUBSET, + }, + ByDownstream: wrapperspb.Bool(false), + }, + }, + fakeCountResp: fakeResp1, + expOutPretty: "1 registration entry", + expOutJSON: `{"count":1}`, + }, + { + name: "Count by selectors: Any matcher", + args: []string{"-selector", "foo:bar", "-selector", "bar:baz", "-matchSelectorsOn", "any"}, + expCountReq: &entryv1.CountEntriesRequest{ + Filter: &entryv1.CountEntriesRequest_Filter{ + BySelectors: &types.SelectorMatch{ + Selectors: []*types.Selector{ + {Type: "foo", Value: "bar"}, + {Type: "bar", Value: "baz"}, + }, + Match: types.SelectorMatch_MATCH_ANY, + }, + ByDownstream: wrapperspb.Bool(false), + }, + }, + fakeCountResp: fakeResp1, + expOutPretty: "1 registration entry", + expOutJSON: `{"count":1}`, + }, + { + name: "Count by selectors: Invalid matcher", + args: []string{"-selector", "foo:bar", "-selector", "bar:baz", "-matchSelectorsOn", "NO-MATCHER"}, + expErr: "Error: match behavior \"NO-MATCHER\" unknown\n", + }, + { + name: "Count by selector using invalid selector", + args: []string{"-selector", "invalid-selector"}, + expErr: "Error: error parsing selectors: selector \"invalid-selector\" must be formatted as type:value\n", + }, + { + name: "Server error", + args: []string{"-spiffeID", "spiffe://example.org/daughter"}, + expCountReq: &entryv1.CountEntriesRequest{ + Filter: &entryv1.CountEntriesRequest_Filter{ + BySpiffeId: &types.SPIFFEID{TrustDomain: "example.org", Path: "/daughter"}, + ByDownstream: wrapperspb.Bool(false), + }, + }, + serverErr: status.Error(codes.Internal, "internal server error"), + expErr: "Error: rpc error: code = Internal desc = internal server error\n", + }, + { + name: "Count by Federates With: default matcher", + args: []string{"-federatesWith", "spiffe://domain.test"}, + expCountReq: &entryv1.CountEntriesRequest{ + Filter: &entryv1.CountEntriesRequest_Filter{ + ByFederatesWith: &types.FederatesWithMatch{ + TrustDomains: []string{"spiffe://domain.test"}, + Match: types.FederatesWithMatch_MATCH_SUPERSET, + }, + ByDownstream: wrapperspb.Bool(false), + }, + }, + fakeCountResp: fakeResp1, + expOutPretty: "1 registration entry", + expOutJSON: `{"count":1}`, + }, + { + name: "Count by Federates With: exact matcher", + args: []string{"-federatesWith", "spiffe://domain.test", "-matchFederatesWithOn", "exact"}, + expCountReq: &entryv1.CountEntriesRequest{ + Filter: &entryv1.CountEntriesRequest_Filter{ + ByFederatesWith: &types.FederatesWithMatch{ + TrustDomains: []string{"spiffe://domain.test"}, + Match: types.FederatesWithMatch_MATCH_EXACT, + }, + ByDownstream: wrapperspb.Bool(false), + }, + }, + fakeCountResp: fakeResp1, + expOutPretty: "1 registration entry", + expOutJSON: `{"count":1}`, + }, + { + name: "Count by Federates With: Any matcher", + args: []string{"-federatesWith", "spiffe://domain.test", "-matchFederatesWithOn", "any"}, + expCountReq: &entryv1.CountEntriesRequest{ + Filter: &entryv1.CountEntriesRequest_Filter{ + ByFederatesWith: &types.FederatesWithMatch{ + TrustDomains: []string{"spiffe://domain.test"}, + Match: types.FederatesWithMatch_MATCH_ANY, + }, + ByDownstream: wrapperspb.Bool(false), + }, + }, + fakeCountResp: fakeResp1, + expOutPretty: "1 registration entry", + expOutJSON: `{"count":1}`, + }, + { + name: "Count by Federates With: superset matcher", + args: []string{"-federatesWith", "spiffe://domain.test", "-matchFederatesWithOn", "superset"}, + expCountReq: &entryv1.CountEntriesRequest{ + Filter: &entryv1.CountEntriesRequest_Filter{ + ByFederatesWith: &types.FederatesWithMatch{ + TrustDomains: []string{"spiffe://domain.test"}, + Match: types.FederatesWithMatch_MATCH_SUPERSET, + }, + ByDownstream: wrapperspb.Bool(false), + }, + }, + fakeCountResp: fakeResp1, + expOutPretty: "1 registration entry", + expOutJSON: `{"count":1}`, + }, + { + name: "Count by Federates With: subset matcher", + args: []string{"-federatesWith", "spiffe://domain.test", "-matchFederatesWithOn", "subset"}, + expCountReq: &entryv1.CountEntriesRequest{ + Filter: &entryv1.CountEntriesRequest_Filter{ + ByFederatesWith: &types.FederatesWithMatch{ + TrustDomains: []string{"spiffe://domain.test"}, + Match: types.FederatesWithMatch_MATCH_SUBSET, + }, + ByDownstream: wrapperspb.Bool(false), + }, + }, + fakeCountResp: fakeResp1, + expOutPretty: "1 registration entry", + expOutJSON: `{"count":1}`, + }, + { + name: "Count by Federates With: Invalid matcher", + args: []string{"-federatesWith", "spiffe://domain.test", "-matchFederatesWithOn", "NO-MATCHER"}, + expErr: "Error: match behavior \"NO-MATCHER\" unknown\n", + }, { name: "4 entries", fakeCountResp: fakeResp4, @@ -73,13 +325,16 @@ func TestCount(t *testing.T) { test.server.err = tt.serverErr test.server.countEntriesResp = tt.fakeCountResp - rc := test.client.Run(test.args(tt.args...)) + args := tt.args + args = append(args, "-output", format) + + rc := test.client.Run(test.args(args...)) if tt.expErr != "" { require.Equal(t, 1, rc) require.Equal(t, tt.expErr, test.stderr.String()) return } - requireOutputBasedOnFormat(t, test.stdout.String(), format, tt.expOutPretty, tt.expOutJSON) + requireOutputBasedOnFormat(t, format, test.stdout.String(), tt.expOutPretty, tt.expOutJSON) require.Equal(t, 0, rc) }) } diff --git a/cmd/spire-server/cli/entry/show.go b/cmd/spire-server/cli/entry/show.go index 5cbfdf10e8..94f5503854 100644 --- a/cmd/spire-server/cli/entry/show.go +++ b/cmd/spire-server/cli/entry/show.go @@ -175,6 +175,8 @@ func (c *showCommand) fetchEntries(ctx context.Context, client entryv1.EntryClie filter.ByHint = wrapperspb.String(c.hint) } + filter.ByDownstream = wrapperspb.Bool(c.downstream) + pageToken := "" for { diff --git a/cmd/spire-server/cli/entry/show_test.go b/cmd/spire-server/cli/entry/show_test.go index 418889cb3f..d2fee9b325 100644 --- a/cmd/spire-server/cli/entry/show_test.go +++ b/cmd/spire-server/cli/entry/show_test.go @@ -10,6 +10,7 @@ import ( "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" + "google.golang.org/protobuf/types/known/wrapperspb" ) func TestShowHelp(t *testing.T) { @@ -61,7 +62,9 @@ func TestShow(t *testing.T) { name: "List all entries (empty filter)", expListReq: &entryv1.ListEntriesRequest{ PageSize: listEntriesRequestPageSize, - Filter: &entryv1.ListEntriesRequest_Filter{}, + Filter: &entryv1.ListEntriesRequest_Filter{ + ByDownstream: wrapperspb.Bool(false), + }, }, fakeListResp: fakeRespAll, expOutPretty: fmt.Sprintf("Found 4 entries\n%s%s%s%s", @@ -103,7 +106,8 @@ func TestShow(t *testing.T) { expListReq: &entryv1.ListEntriesRequest{ PageSize: listEntriesRequestPageSize, Filter: &entryv1.ListEntriesRequest_Filter{ - ByParentId: &types.SPIFFEID{TrustDomain: "example.org", Path: "/father"}, + ByParentId: &types.SPIFFEID{TrustDomain: "example.org", Path: "/father"}, + ByDownstream: wrapperspb.Bool(false), }, }, fakeListResp: fakeRespFather, @@ -124,7 +128,8 @@ func TestShow(t *testing.T) { expListReq: &entryv1.ListEntriesRequest{ PageSize: listEntriesRequestPageSize, Filter: &entryv1.ListEntriesRequest_Filter{ - BySpiffeId: &types.SPIFFEID{TrustDomain: "example.org", Path: "/daughter"}, + BySpiffeId: &types.SPIFFEID{TrustDomain: "example.org", Path: "/daughter"}, + ByDownstream: wrapperspb.Bool(false), }, }, fakeListResp: fakeRespDaughter, @@ -152,6 +157,7 @@ func TestShow(t *testing.T) { }, Match: types.SelectorMatch_MATCH_SUPERSET, }, + ByDownstream: wrapperspb.Bool(false), }, }, fakeListResp: fakeRespFatherDaughter, @@ -173,6 +179,7 @@ func TestShow(t *testing.T) { }, Match: types.SelectorMatch_MATCH_EXACT, }, + ByDownstream: wrapperspb.Bool(false), }, }, fakeListResp: fakeRespFatherDaughter, @@ -194,6 +201,7 @@ func TestShow(t *testing.T) { }, Match: types.SelectorMatch_MATCH_SUPERSET, }, + ByDownstream: wrapperspb.Bool(false), }, }, fakeListResp: fakeRespFatherDaughter, @@ -215,6 +223,7 @@ func TestShow(t *testing.T) { }, Match: types.SelectorMatch_MATCH_SUBSET, }, + ByDownstream: wrapperspb.Bool(false), }, }, fakeListResp: fakeRespFatherDaughter, @@ -236,6 +245,7 @@ func TestShow(t *testing.T) { }, Match: types.SelectorMatch_MATCH_ANY, }, + ByDownstream: wrapperspb.Bool(false), }, }, fakeListResp: fakeRespFatherDaughter, @@ -260,7 +270,8 @@ func TestShow(t *testing.T) { expListReq: &entryv1.ListEntriesRequest{ PageSize: listEntriesRequestPageSize, Filter: &entryv1.ListEntriesRequest_Filter{ - BySpiffeId: &types.SPIFFEID{TrustDomain: "example.org", Path: "/daughter"}, + BySpiffeId: &types.SPIFFEID{TrustDomain: "example.org", Path: "/daughter"}, + ByDownstream: wrapperspb.Bool(false), }, }, serverErr: status.Error(codes.Internal, "internal server error"), @@ -276,6 +287,7 @@ func TestShow(t *testing.T) { TrustDomains: []string{"spiffe://domain.test"}, Match: types.FederatesWithMatch_MATCH_SUPERSET, }, + ByDownstream: wrapperspb.Bool(false), }, }, fakeListResp: fakeRespMotherDaughter, @@ -294,6 +306,7 @@ func TestShow(t *testing.T) { TrustDomains: []string{"spiffe://domain.test"}, Match: types.FederatesWithMatch_MATCH_EXACT, }, + ByDownstream: wrapperspb.Bool(false), }, }, fakeListResp: fakeRespMotherDaughter, @@ -312,6 +325,7 @@ func TestShow(t *testing.T) { TrustDomains: []string{"spiffe://domain.test"}, Match: types.FederatesWithMatch_MATCH_ANY, }, + ByDownstream: wrapperspb.Bool(false), }, }, fakeListResp: fakeRespMotherDaughter, @@ -330,6 +344,7 @@ func TestShow(t *testing.T) { TrustDomains: []string{"spiffe://domain.test"}, Match: types.FederatesWithMatch_MATCH_SUPERSET, }, + ByDownstream: wrapperspb.Bool(false), }, }, fakeListResp: fakeRespMotherDaughter, @@ -348,6 +363,7 @@ func TestShow(t *testing.T) { TrustDomains: []string{"spiffe://domain.test"}, Match: types.FederatesWithMatch_MATCH_SUBSET, }, + ByDownstream: wrapperspb.Bool(false), }, }, fakeListResp: fakeRespMotherDaughter, diff --git a/cmd/spire-server/cli/entry/util_posix_test.go b/cmd/spire-server/cli/entry/util_posix_test.go index d3825c1298..7b04cb3f96 100644 --- a/cmd/spire-server/cli/entry/util_posix_test.go +++ b/cmd/spire-server/cli/entry/util_posix_test.go @@ -112,9 +112,25 @@ const ( Path to the SPIRE Server API socket (default "/tmp/spire-server/private/api.sock") ` countUsage = `Usage of entry count: + -downstream + A boolean value that, when set, indicates that the entry describes a downstream SPIRE server + -federatesWith value + SPIFFE ID of a trust domain an entry is federate with. Can be used more than once + -hint string + The Hint of the records to count (optional) + -matchFederatesWithOn string + The match mode used when filtering by federates with. Options: exact, any, superset and subset (default "superset") + -matchSelectorsOn string + The match mode used when filtering by selectors. Options: exact, any, superset and subset (default "superset") -output value Desired output format (pretty, json); default: pretty. + -parentID string + The Parent ID of the records to count + -selector value + A colon-delimited type:value selector. Can be used more than once -socketPath string Path to the SPIRE Server API socket (default "/tmp/spire-server/private/api.sock") + -spiffeID string + The SPIFFE ID of the records to count ` ) diff --git a/cmd/spire-server/cli/entry/util_windows_test.go b/cmd/spire-server/cli/entry/util_windows_test.go index 75e1d1929b..18f5c88af4 100644 --- a/cmd/spire-server/cli/entry/util_windows_test.go +++ b/cmd/spire-server/cli/entry/util_windows_test.go @@ -112,9 +112,25 @@ const ( Desired output format (pretty, json); default: pretty. ` countUsage = `Usage of entry count: + -downstream + A boolean value that, when set, indicates that the entry describes a downstream SPIRE server + -federatesWith value + SPIFFE ID of a trust domain an entry is federate with. Can be used more than once + -hint string + The Hint of the records to count (optional) + -matchFederatesWithOn string + The match mode used when filtering by federates with. Options: exact, any, superset and subset (default "superset") + -matchSelectorsOn string + The match mode used when filtering by selectors. Options: exact, any, superset and subset (default "superset") -namedPipeName string Pipe name of the SPIRE Server API named pipe (default "\\spire-server\\private\\api") -output value Desired output format (pretty, json); default: pretty. + -parentID string + The Parent ID of the records to count + -selector value + A colon-delimited type:value selector. Can be used more than once + -spiffeID string + The SPIFFE ID of the records to count ` ) diff --git a/doc/spire_server.md b/doc/spire_server.md index 9931f5f3a4..5b716f4d26 100644 --- a/doc/spire_server.md +++ b/doc/spire_server.md @@ -356,9 +356,14 @@ Updates registration entries. Displays the total number of registration entries. -| Command | Action | Default | -|:--------------|:------------------------------------|:-----------------------------------| -| `-socketPath` | Path to the SPIRE Server API socket | /tmp/spire-server/private/api.sock | +| Command | Action | Default | +|:-----------------|:-------------------------------------------------------------------------------------------------|:-----------------------------------| +| `-downstream` | A boolean value that, when set, indicates that the entry describes a downstream SPIRE server | | +| `-federatesWith` | SPIFFE ID of a trust domain an entry is federate with. Can be used more than once | | +| `-parentID` | The Parent ID of the records to count. | | +| `-selector` | A colon-delimited type:value selector. Can be used more than once to specify multiple selectors. | | +| `-socketPath` | Path to the SPIRE Server API socket | /tmp/spire-server/private/api.sock | +| `-spiffeID` | The SPIFFE ID of the records to count. | | ### `spire-server entry delete` @@ -512,7 +517,11 @@ Displays the total number of attested nodes. | Command | Action | Default | |:--------------|:------------------------------------|:-----------------------------------| -| `-socketPath` | Path to the SPIRE Server API socket | /tmp/spire-server/private/api.sock | +| `-selector` | A colon-delimited type:value selector. Can be used more than once to specify multiple selectors. | | +| `-canReattest` | Filter based on string received, 'true': agents that can reattest, 'false': agents that can't reattest, other value will return all | | +| `-banned` | Filter based on string received, 'true': banned agents, 'false': not banned agents, other value will return all | | +| `-expiresBefore` | Filter by expiration time (format: "2006-01-02 15:04:05 -0700 -07") | | +| `-spiffeID` | The SPIFFE ID of the records to count. | | ### `spire-server agent evict` @@ -529,7 +538,13 @@ Displays attested nodes. | Command | Action | Default | |:--------------|:------------------------------------|:-----------------------------------| -| `-socketPath` | Path to the SPIRE Server API socket | /tmp/spire-server/private/api.sock | +| Command | Action | Default | +|:--------------|:------------------------------------|:-----------------------------------| +| `-selector` | A colon-delimited type:value selector. Can be used more than once to specify multiple selectors. | | +| `-canReattest` | Filter based on string received, 'true': agents that can reattest, 'false': agents that can't reattest, other value will return all | | +| `-banned` | Filter based on string received, 'true': banned agents, 'false': not banned agents, other value will return all | | +| `-expiresBefore` | Filter by expiration time (format: "2006-01-02 15:04:05 -0700 -07")| | +| `-attestationType` | Filters agents to those matching the attestation type, like join_token or x509pop. | | ### `spire-server agent show` diff --git a/go.mod b/go.mod index 0a6c1f3bde..5bd3a19f00 100644 --- a/go.mod +++ b/go.mod @@ -68,7 +68,7 @@ require ( github.com/sigstore/sigstore v1.8.2 github.com/sirupsen/logrus v1.9.3 github.com/spiffe/go-spiffe/v2 v2.1.7 - github.com/spiffe/spire-api-sdk v1.2.5-0.20240222231036-08f5a1ab98c6 + github.com/spiffe/spire-api-sdk v1.2.5-0.20240301205221-967353a5c821 github.com/spiffe/spire-plugin-sdk v1.4.4-0.20230721151831-bf67dde4721d github.com/stretchr/testify v1.9.0 github.com/uber-go/tally/v4 v4.1.12 diff --git a/go.sum b/go.sum index 9b12f37434..07a63f0355 100644 --- a/go.sum +++ b/go.sum @@ -1391,8 +1391,8 @@ github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMV github.com/spiffe/go-spiffe/v2 v2.1.6/go.mod h1:eVDqm9xFvyqao6C+eQensb9ZPkyNEeaUbqbBpOhBnNk= github.com/spiffe/go-spiffe/v2 v2.1.7 h1:VUkM1yIyg/x8X7u1uXqSRVRCdMdfRIEdFBzpqoeASGk= github.com/spiffe/go-spiffe/v2 v2.1.7/go.mod h1:QJDGdhXllxjxvd5B+2XnhhXB/+rC8gr+lNrtOryiWeE= -github.com/spiffe/spire-api-sdk v1.2.5-0.20240222231036-08f5a1ab98c6 h1:gCctMhffEF4KcrLP85qQwOeQoHCMMYlDL1HR0fEZ+sE= -github.com/spiffe/spire-api-sdk v1.2.5-0.20240222231036-08f5a1ab98c6/go.mod h1:4uuhFlN6KBWjACRP3xXwrOTNnvaLp1zJs8Lribtr4fI= +github.com/spiffe/spire-api-sdk v1.2.5-0.20240301205221-967353a5c821 h1:ws5/mYxmiZtw/67nymx5hnSJo8Kx2Q1UkQqiSt8TU74= +github.com/spiffe/spire-api-sdk v1.2.5-0.20240301205221-967353a5c821/go.mod h1:4uuhFlN6KBWjACRP3xXwrOTNnvaLp1zJs8Lribtr4fI= github.com/spiffe/spire-plugin-sdk v1.4.4-0.20230721151831-bf67dde4721d h1:LCRQGU6vOqKLfRrG+GJQrwMwDILcAddAEIf4/1PaSVc= github.com/spiffe/spire-plugin-sdk v1.4.4-0.20230721151831-bf67dde4721d/go.mod h1:GA6o2PVLwyJdevT6KKt5ZXCY/ziAPna13y/seGk49Ik= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/pkg/common/cli/flags.go b/pkg/common/cli/flags.go index 0b336e7f46..9770f821a2 100644 --- a/pkg/common/cli/flags.go +++ b/pkg/common/cli/flags.go @@ -45,3 +45,29 @@ func (s *StringsFlag) Set(val string) error { *s = append(*s, val) return nil } + +// BoolFlag is used to define 3 possible states: true, false, or all. +// Take care that false=1, and true=2 +type BoolFlag int + +const BoolFlagAll = 0 +const BoolFlagFalse = 1 +const BoolFlagTrue = 2 + +func (b *BoolFlag) String() string { + return "" +} + +func (b *BoolFlag) Set(val string) error { + if val == "false" { + *b = BoolFlagFalse + return nil + } + if val == "true" { + *b = BoolFlagTrue + return nil + } + // if the value received isn't true or false, it will set the default value + *b = BoolFlagAll + return nil +} diff --git a/pkg/common/telemetry/server/datastore/wrapper.go b/pkg/common/telemetry/server/datastore/wrapper.go index 645b8501a2..d97ce5bf88 100644 --- a/pkg/common/telemetry/server/datastore/wrapper.go +++ b/pkg/common/telemetry/server/datastore/wrapper.go @@ -186,10 +186,10 @@ func (w metricsWrapper) ListRegistrationEntriesEvents(ctx context.Context, req * return w.ds.ListRegistrationEntriesEvents(ctx, req) } -func (w metricsWrapper) CountAttestedNodes(ctx context.Context) (_ int32, err error) { +func (w metricsWrapper) CountAttestedNodes(ctx context.Context, req *datastore.CountAttestedNodesRequest) (_ int32, err error) { callCounter := StartCountNodeCall(w.m) defer callCounter.Done(&err) - return w.ds.CountAttestedNodes(ctx) + return w.ds.CountAttestedNodes(ctx, req) } func (w metricsWrapper) CountBundles(ctx context.Context) (_ int32, err error) { @@ -198,10 +198,10 @@ func (w metricsWrapper) CountBundles(ctx context.Context) (_ int32, err error) { return w.ds.CountBundles(ctx) } -func (w metricsWrapper) CountRegistrationEntries(ctx context.Context) (_ int32, err error) { +func (w metricsWrapper) CountRegistrationEntries(ctx context.Context, req *datastore.CountRegistrationEntriesRequest) (_ int32, err error) { callCounter := StartCountRegistrationCall(w.m) defer callCounter.Done(&err) - return w.ds.CountRegistrationEntries(ctx) + return w.ds.CountRegistrationEntries(ctx, req) } func (w metricsWrapper) PruneAttestedNodesEvents(ctx context.Context, olderThan time.Duration) (err error) { diff --git a/pkg/common/telemetry/server/datastore/wrapper_test.go b/pkg/common/telemetry/server/datastore/wrapper_test.go index d085ee34d4..8c7d7fcc24 100644 --- a/pkg/common/telemetry/server/datastore/wrapper_test.go +++ b/pkg/common/telemetry/server/datastore/wrapper_test.go @@ -318,7 +318,7 @@ func (ds *fakeDataStore) AppendBundle(context.Context, *common.Bundle) (*common. return &common.Bundle{}, ds.err } -func (ds *fakeDataStore) CountAttestedNodes(context.Context) (int32, error) { +func (ds *fakeDataStore) CountAttestedNodes(context.Context, *datastore.CountAttestedNodesRequest) (int32, error) { return 0, ds.err } @@ -326,7 +326,7 @@ func (ds *fakeDataStore) CountBundles(context.Context) (int32, error) { return 0, ds.err } -func (ds *fakeDataStore) CountRegistrationEntries(context.Context) (int32, error) { +func (ds *fakeDataStore) CountRegistrationEntries(context.Context, *datastore.CountRegistrationEntriesRequest) (int32, error) { return 0, ds.err } diff --git a/pkg/server/api/agent/v1/service.go b/pkg/server/api/agent/v1/service.go index 0cc4b6629e..b9889c056b 100644 --- a/pkg/server/api/agent/v1/service.go +++ b/pkg/server/api/agent/v1/service.go @@ -69,8 +69,44 @@ func RegisterService(s grpc.ServiceRegistrar, service *Service) { } // CountAgents returns the total number of agents. -func (s *Service) CountAgents(ctx context.Context, _ *agentv1.CountAgentsRequest) (*agentv1.CountAgentsResponse, error) { - count, err := s.ds.CountAttestedNodes(ctx) +func (s *Service) CountAgents(ctx context.Context, req *agentv1.CountAgentsRequest) (*agentv1.CountAgentsResponse, error) { + log := rpccontext.Logger(ctx) + + countReq := &datastore.CountAttestedNodesRequest{} + + // Parse proto filter into datastore request + if req.Filter != nil { + filter := req.Filter + rpccontext.AddRPCAuditFields(ctx, fieldsFromCountAgentsRequest(filter)) + + if filter.ByBanned != nil { + countReq.ByBanned = &req.Filter.ByBanned.Value + } + if filter.ByCanReattest != nil { + countReq.ByCanReattest = &req.Filter.ByCanReattest.Value + } + + if filter.ByAttestationType != "" { + countReq.ByAttestationType = filter.ByAttestationType + } + + if filter.ByExpiresBefore != "" { + countReq.ByExpiresBefore, _ = time.Parse("2006-01-02 15:04:05 -0700 -07", filter.ByExpiresBefore) + } + + if filter.BySelectorMatch != nil { + selectors, err := api.SelectorsFromProto(filter.BySelectorMatch.Selectors) + if err != nil { + return nil, api.MakeErr(log, codes.InvalidArgument, "failed to parse selectors", err) + } + countReq.BySelectorMatch = &datastore.BySelectors{ + Match: datastore.MatchBehavior(filter.BySelectorMatch.Match), + Selectors: selectors, + } + } + } + + count, err := s.ds.CountAttestedNodes(ctx, countReq) if err != nil { log := rpccontext.Logger(ctx) return nil, api.MakeErr(log, codes.Internal, "failed to count agents", err) @@ -92,20 +128,22 @@ func (s *Service) ListAgents(ctx context.Context, req *agentv1.ListAgentsRequest // Parse proto filter into datastore request if req.Filter != nil { filter := req.Filter - rpccontext.AddRPCAuditFields(ctx, fieldsFromFilterRequest(filter)) + rpccontext.AddRPCAuditFields(ctx, fieldsFromListAgentsRequest(filter)) - var byBanned *bool if filter.ByBanned != nil { - byBanned = &filter.ByBanned.Value + listReq.ByBanned = &req.Filter.ByBanned.Value } - var byCanReattest *bool if filter.ByCanReattest != nil { - byCanReattest = &filter.ByCanReattest.Value + listReq.ByCanReattest = &req.Filter.ByCanReattest.Value + } + + if filter.ByAttestationType != "" { + listReq.ByAttestationType = filter.ByAttestationType } - listReq.ByAttestationType = filter.ByAttestationType - listReq.ByBanned = byBanned - listReq.ByCanReattest = byCanReattest + if filter.ByExpiresBefore != "" { + listReq.ByExpiresBefore, _ = time.Parse("2006-01-02 15:04:05 -0700 -07", filter.ByExpiresBefore) + } if filter.BySelectorMatch != nil { selectors, err := api.SelectorsFromProto(filter.BySelectorMatch.Selectors) @@ -686,7 +724,30 @@ func getAttestAgentResponse(spiffeID spiffeid.ID, certificates []*x509.Certifica } } -func fieldsFromFilterRequest(filter *agentv1.ListAgentsRequest_Filter) logrus.Fields { +func fieldsFromListAgentsRequest(filter *agentv1.ListAgentsRequest_Filter) logrus.Fields { + fields := logrus.Fields{} + + if filter.ByAttestationType != "" { + fields[telemetry.NodeAttestorType] = filter.ByAttestationType + } + + if filter.ByBanned != nil { + fields[telemetry.ByBanned] = filter.ByBanned.Value + } + + if filter.ByCanReattest != nil { + fields[telemetry.ByCanReattest] = filter.ByCanReattest.Value + } + + if filter.BySelectorMatch != nil { + fields[telemetry.BySelectorMatch] = filter.BySelectorMatch.Match.String() + fields[telemetry.BySelectors] = api.SelectorFieldFromProto(filter.BySelectorMatch.Selectors) + } + + return fields +} + +func fieldsFromCountAgentsRequest(filter *agentv1.CountAgentsRequest_Filter) logrus.Fields { fields := logrus.Fields{} if filter.ByAttestationType != "" { diff --git a/pkg/server/api/debug/v1/service.go b/pkg/server/api/debug/v1/service.go index c1ab073b19..163be708d3 100644 --- a/pkg/server/api/debug/v1/service.go +++ b/pkg/server/api/debug/v1/service.go @@ -78,12 +78,11 @@ func (s *Service) GetInfo(ctx context.Context, _ *debugv1.GetInfoRequest) (*debu // Update cache when expired or does not exists if s.getInfoResp.ts.IsZero() || s.clock.Now().Sub(s.getInfoResp.ts) >= cacheExpiry { - nodes, err := s.ds.CountAttestedNodes(ctx) + nodes, err := s.ds.CountAttestedNodes(ctx, &datastore.CountAttestedNodesRequest{}) if err != nil { return nil, api.MakeErr(log, codes.Internal, "failed to count agents", err) } - - entries, err := s.ds.CountRegistrationEntries(ctx) + entries, err := s.ds.CountRegistrationEntries(ctx, &datastore.CountRegistrationEntriesRequest{}) if err != nil { return nil, api.MakeErr(log, codes.Internal, "failed to count entries", err) } diff --git a/pkg/server/api/entry/v1/service.go b/pkg/server/api/entry/v1/service.go index 2ff683af8c..180d66c241 100644 --- a/pkg/server/api/entry/v1/service.go +++ b/pkg/server/api/entry/v1/service.go @@ -61,8 +61,70 @@ func RegisterService(s grpc.ServiceRegistrar, service *Service) { } // CountEntries returns the total number of entries. -func (s *Service) CountEntries(ctx context.Context, _ *entryv1.CountEntriesRequest) (*entryv1.CountEntriesResponse, error) { - count, err := s.ds.CountRegistrationEntries(ctx) +func (s *Service) CountEntries(ctx context.Context, req *entryv1.CountEntriesRequest) (*entryv1.CountEntriesResponse, error) { + log := rpccontext.Logger(ctx) + countReq := &datastore.CountRegistrationEntriesRequest{} + + if req.Filter != nil { + rpccontext.AddRPCAuditFields(ctx, fieldsFromCountEntryFilter(ctx, s.td, req.Filter)) + if req.Filter.ByHint != nil { + countReq.ByHint = req.Filter.ByHint.GetValue() + } + + if req.Filter.ByParentId != nil { + parentID, err := api.TrustDomainMemberIDFromProto(ctx, s.td, req.Filter.ByParentId) + if err != nil { + return nil, api.MakeErr(log, codes.InvalidArgument, "malformed parent ID filter", err) + } + countReq.ByParentID = parentID.String() + } + + if req.Filter.BySpiffeId != nil { + spiffeID, err := api.TrustDomainWorkloadIDFromProto(ctx, s.td, req.Filter.BySpiffeId) + if err != nil { + return nil, api.MakeErr(log, codes.InvalidArgument, "malformed SPIFFE ID filter", err) + } + countReq.BySpiffeID = spiffeID.String() + } + + if req.Filter.BySelectors != nil { + dsSelectors, err := api.SelectorsFromProto(req.Filter.BySelectors.Selectors) + if err != nil { + return nil, api.MakeErr(log, codes.InvalidArgument, "malformed selectors filter", err) + } + if len(dsSelectors) == 0 { + return nil, api.MakeErr(log, codes.InvalidArgument, "malformed selectors filter", errors.New("empty selector set")) + } + countReq.BySelectors = &datastore.BySelectors{ + Match: datastore.MatchBehavior(req.Filter.BySelectors.Match), + Selectors: dsSelectors, + } + } + + if req.Filter.ByFederatesWith != nil { + trustDomains := make([]string, 0, len(req.Filter.ByFederatesWith.TrustDomains)) + for _, tdStr := range req.Filter.ByFederatesWith.TrustDomains { + td, err := spiffeid.TrustDomainFromString(tdStr) + if err != nil { + return nil, api.MakeErr(log, codes.InvalidArgument, "malformed federates with filter", err) + } + trustDomains = append(trustDomains, td.IDString()) + } + if len(trustDomains) == 0 { + return nil, api.MakeErr(log, codes.InvalidArgument, "malformed federates with filter", errors.New("empty trust domain set")) + } + countReq.ByFederatesWith = &datastore.ByFederatesWith{ + Match: datastore.MatchBehavior(req.Filter.ByFederatesWith.Match), + TrustDomains: trustDomains, + } + } + + if req.Filter.ByDownstream != nil { + countReq.ByDownstream = &req.Filter.ByDownstream.Value + } + } + + count, err := s.ds.CountRegistrationEntries(ctx, countReq) if err != nil { log := rpccontext.Logger(ctx) return nil, api.MakeErr(log, codes.Internal, "failed to count entries", err) @@ -139,6 +201,10 @@ func (s *Service) ListEntries(ctx context.Context, req *entryv1.ListEntriesReque TrustDomains: trustDomains, } } + + if req.Filter.ByDownstream != nil { + listReq.ByDownstream = &req.Filter.ByDownstream.Value + } } dsResp, err := s.ds.ListRegistrationEntries(ctx, listReq) @@ -725,6 +791,46 @@ func fieldsFromListEntryFilter(ctx context.Context, td spiffeid.TrustDomain, fil fields[telemetry.FederatesWith] = strings.Join(filter.ByFederatesWith.TrustDomains, ",") } + if filter.ByDownstream != nil { + fields[telemetry.Downstream] = &filter.ByDownstream.Value + } + + return fields +} + +func fieldsFromCountEntryFilter(ctx context.Context, td spiffeid.TrustDomain, filter *entryv1.CountEntriesRequest_Filter) logrus.Fields { + fields := logrus.Fields{} + + if filter.ByHint != nil { + fields[telemetry.Hint] = filter.ByHint.Value + } + + if filter.ByParentId != nil { + if parentID, err := api.TrustDomainMemberIDFromProto(ctx, td, filter.ByParentId); err == nil { + fields[telemetry.ParentID] = parentID.String() + } + } + + if filter.BySpiffeId != nil { + if id, err := api.TrustDomainWorkloadIDFromProto(ctx, td, filter.BySpiffeId); err == nil { + fields[telemetry.SPIFFEID] = id.String() + } + } + + if filter.BySelectors != nil { + fields[telemetry.BySelectorMatch] = filter.BySelectors.Match.String() + fields[telemetry.BySelectors] = api.SelectorFieldFromProto(filter.BySelectors.Selectors) + } + + if filter.ByFederatesWith != nil { + fields[telemetry.FederatesWithMatch] = filter.ByFederatesWith.Match.String() + fields[telemetry.FederatesWith] = strings.Join(filter.ByFederatesWith.TrustDomains, ",") + } + + if filter.ByDownstream != nil { + fields[telemetry.Downstream] = &filter.ByDownstream.Value + } + return fields } diff --git a/pkg/server/datastore/datastore.go b/pkg/server/datastore/datastore.go index db96a1976a..4b81e85cf5 100644 --- a/pkg/server/datastore/datastore.go +++ b/pkg/server/datastore/datastore.go @@ -31,7 +31,7 @@ type DataStore interface { RevokeJWTKey(ctx context.Context, trustDomainID string, authorityID string) (*common.PublicKey, error) // Entries - CountRegistrationEntries(context.Context) (int32, error) + CountRegistrationEntries(context.Context, *CountRegistrationEntriesRequest) (int32, error) CreateRegistrationEntry(context.Context, *common.RegistrationEntry) (*common.RegistrationEntry, error) CreateOrReturnRegistrationEntry(context.Context, *common.RegistrationEntry) (*common.RegistrationEntry, bool, error) DeleteRegistrationEntry(ctx context.Context, entryID string) (*common.RegistrationEntry, error) @@ -46,7 +46,7 @@ type DataStore interface { GetLatestRegistrationEntryEventID(ctx context.Context) (uint, error) // Nodes - CountAttestedNodes(context.Context) (int32, error) + CountAttestedNodes(context.Context, *CountAttestedNodesRequest) (int32, error) CreateAttestedNode(context.Context, *common.AttestedNode) (*common.AttestedNode, error) DeleteAttestedNode(ctx context.Context, spiffeID string) (*common.AttestedNode, error) FetchAttestedNode(ctx context.Context, spiffeID string) (*common.AttestedNode, error) @@ -206,6 +206,7 @@ type ListRegistrationEntriesRequest struct { Pagination *Pagination ByFederatesWith *ByFederatesWith ByHint string + ByDownstream *bool } type CAJournal struct { @@ -242,6 +243,25 @@ type ListFederationRelationshipsResponse struct { Pagination *Pagination } +type CountAttestedNodesRequest struct { + ByAttestationType string + ByBanned *bool + ByExpiresBefore time.Time + BySelectorMatch *BySelectors + FetchSelectors bool + ByCanReattest *bool +} + +type CountRegistrationEntriesRequest struct { + DataConsistency DataConsistency + ByParentID string + BySelectors *BySelectors + BySpiffeID string + ByFederatesWith *ByFederatesWith + ByHint string + ByDownstream *bool +} + type BundleEndpointType string const ( diff --git a/pkg/server/datastore/sqlstore/sqlstore.go b/pkg/server/datastore/sqlstore/sqlstore.go index 5cb6ef3b46..096a59717d 100644 --- a/pkg/server/datastore/sqlstore/sqlstore.go +++ b/pkg/server/datastore/sqlstore/sqlstore.go @@ -310,7 +310,11 @@ func (ds *Plugin) FetchAttestedNode(ctx context.Context, spiffeID string) (attes } // CountAttestedNodes counts all attested nodes -func (ds *Plugin) CountAttestedNodes(ctx context.Context) (count int32, err error) { +func (ds *Plugin) CountAttestedNodes(ctx context.Context, req *datastore.CountAttestedNodesRequest) (count int32, err error) { + if countAttestedNodesHasFilters(req) { + resp, err := countAttestedNodesWithFilters(ctx, ds.db, ds.log, req) + return resp, err + } if err = ds.withReadTx(ctx, func(tx *gorm.DB) (err error) { count, err = countAttestedNodes(tx) return err @@ -474,15 +478,14 @@ func (ds *Plugin) FetchRegistrationEntry(ctx context.Context, } // CountRegistrationEntries counts all registrations (pagination available) -func (ds *Plugin) CountRegistrationEntries(ctx context.Context) (count int32, err error) { - if err = ds.withReadTx(ctx, func(tx *gorm.DB) (err error) { - count, err = countRegistrationEntries(tx) - return err - }); err != nil { - return 0, err +func (ds *Plugin) CountRegistrationEntries(ctx context.Context, req *datastore.CountRegistrationEntriesRequest) (count int32, err error) { + var actDb = ds.db + if req.DataConsistency == datastore.TolerateStale && ds.roDb != nil { + actDb = ds.roDb } - return count, nil + resp, err := countRegistrationEntries(ctx, actDb, ds.log, req) + return resp, err } // ListRegistrationEntries lists all registrations (pagination available) @@ -1550,6 +1553,16 @@ func countAttestedNodes(tx *gorm.DB) (int32, error) { return int32(count), nil } +func countAttestedNodesHasFilters(req *datastore.CountAttestedNodesRequest) bool { + if req.ByAttestationType != "" || req.ByBanned != nil || !req.ByExpiresBefore.IsZero() { + return true + } + if req.BySelectorMatch != nil || !req.FetchSelectors || req.ByCanReattest != nil { + return true + } + return false +} + func listAttestedNodes(ctx context.Context, db *sqlDB, log logrus.FieldLogger, req *datastore.ListAttestedNodesRequest) (*datastore.ListAttestedNodesResponse, error) { if req.Pagination != nil && req.Pagination.PageSize == 0 { return nil, status.Error(codes.InvalidArgument, "cannot paginate with pagesize = 0") @@ -1600,6 +1613,48 @@ func listAttestedNodes(ctx context.Context, db *sqlDB, log logrus.FieldLogger, r } } +func countAttestedNodesWithFilters(ctx context.Context, db *sqlDB, _ logrus.FieldLogger, req *datastore.CountAttestedNodesRequest) (int32, error) { + if req.BySelectorMatch != nil && len(req.BySelectorMatch.Selectors) == 0 { + return -1, status.Error(codes.InvalidArgument, "cannot list by empty selectors set") + } + + var val int32 + listReq := &datastore.ListAttestedNodesRequest{ + ByAttestationType: req.ByAttestationType, + ByBanned: req.ByBanned, + ByExpiresBefore: req.ByExpiresBefore, + BySelectorMatch: req.BySelectorMatch, + FetchSelectors: req.FetchSelectors, + ByCanReattest: req.ByCanReattest, + Pagination: &datastore.Pagination{ + Token: "", + PageSize: 1000, + }, + } + for { + resp, err := listAttestedNodesOnce(ctx, db, listReq) + if err != nil { + return -1, err + } + + if len(resp.Nodes) == 0 { + return val, nil + } + + if req.BySelectorMatch != nil { + switch req.BySelectorMatch.Match { + case datastore.Exact, datastore.Subset: + resp.Nodes = filterNodesBySelectorSet(resp.Nodes, req.BySelectorMatch.Selectors) + default: + } + } + + val += int32(len(resp.Nodes)) + + listReq.Pagination = resp.Pagination + } +} + func createAttestedNodeEvent(tx *gorm.DB, spiffeID string) error { newAttestedNodeEvent := AttestedNodeEvent{ SpiffeID: spiffeID, @@ -1740,7 +1795,6 @@ func listAttestedNodesOnce(ctx context.Context, db *sqlDB, req *datastore.ListAt resp.Pagination.Token = strconv.FormatUint(lastEID, 10) } } - return resp, nil } @@ -1798,7 +1852,6 @@ func buildListAttestedNodesQueryCTE(req *datastore.ListAttestedNodesRequest, dbT builder.WriteString("\t\tAND data_type = ?\n") args = append(args, req.ByAttestationType) } - // Filter by banned, an Attestation Node is banned when serial number is empty. // This filter allows 3 outputs: // - nil: returns all @@ -1811,8 +1864,11 @@ func buildListAttestedNodesQueryCTE(req *datastore.ListAttestedNodesRequest, dbT builder.WriteString("\t\tAND serial_number <> ''\n") } } - - // Filter by CanReattest. This is similar to ByBanned + // Filter by canReattest, + // This filter allows 3 outputs: + // - nil: returns all + // - true: returns nodes with canReattest=true + // - false: returns nodes with canReattest=false if req.ByCanReattest != nil { if *req.ByCanReattest { builder.WriteString("\t\tAND can_reattest = true\n") @@ -1960,7 +2016,6 @@ SELECT } builder.WriteString("\n) ORDER BY id ASC\n") - return builder.String(), args, nil } @@ -2654,15 +2709,6 @@ ORDER BY selector_id, dns_name_id return query, []any{entryID}, nil } -func countRegistrationEntries(tx *gorm.DB) (int32, error) { - var count int - if err := tx.Model(&RegisteredEntry{}).Count(&count).Error; err != nil { - return 0, sqlError.Wrap(err) - } - - return int32(count), nil -} - func listRegistrationEntries(ctx context.Context, db *sqlDB, log logrus.FieldLogger, req *datastore.ListRegistrationEntriesRequest) (*datastore.ListRegistrationEntriesResponse, error) { if req.Pagination != nil && req.Pagination.PageSize == 0 { return nil, status.Error(codes.InvalidArgument, "cannot paginate with pagesize = 0") @@ -2757,7 +2803,6 @@ func listRegistrationEntriesOnce(ctx context.Context, db queryContext, databaseT return nil, sqlError.Wrap(err) } defer rows.Close() - var entries []*common.RegistrationEntry if req.Pagination != nil { entries = make([]*common.RegistrationEntry, 0, req.Pagination.PageSize) @@ -2840,8 +2885,12 @@ func buildListRegistrationEntriesQuery(dbType string, supportsCTE bool, req *dat func buildListRegistrationEntriesQuerySQLite3(req *datastore.ListRegistrationEntriesRequest) (string, []any, error) { builder := new(strings.Builder) - filtered, args, err := appendListRegistrationEntriesFilterQuery("\nWITH listing AS (\n", builder, SQLite, req) + var downstream = false + if req.ByDownstream != nil { + downstream = *req.ByDownstream + } + if err != nil { return "", nil, err } @@ -2873,9 +2922,17 @@ SELECT FROM registered_entries `) + if filtered { builder.WriteString("WHERE id IN (SELECT e_id FROM listing)\n") } + if downstream { + if !filtered { + builder.WriteString("\t\tWHERE downstream = true\n") + } else { + builder.WriteString("\t\tAND downstream = true\n") + } + } builder.WriteString(` UNION @@ -2924,6 +2981,11 @@ func buildListRegistrationEntriesQueryPostgreSQL(req *datastore.ListRegistration builder := new(strings.Builder) filtered, args, err := appendListRegistrationEntriesFilterQuery("\nWITH listing AS (\n", builder, PostgreSQL, req) + var downstream = false + if req.ByDownstream != nil { + downstream = *req.ByDownstream + } + if err != nil { return "", nil, err } @@ -2958,6 +3020,13 @@ FROM if filtered { builder.WriteString("WHERE id IN (SELECT e_id FROM listing)\n") } + if downstream { + if !filtered { + builder.WriteString("\t\tWHERE downstream = true\n") + } else { + builder.WriteString("\t\tAND downstream = true\n") + } + } builder.WriteString(` UNION ALL @@ -3051,6 +3120,11 @@ LEFT JOIN `) filtered, args, err := appendListRegistrationEntriesFilterQuery("WHERE E.id IN (\n", builder, MySQL, req) + var downstream = false + if req.ByDownstream != nil { + downstream = *req.ByDownstream + } + if err != nil { return "", nil, err } @@ -3058,7 +3132,13 @@ LEFT JOIN if filtered { builder.WriteString(")") } - + if downstream { + if !filtered { + builder.WriteString("\t\tWHERE downstream = true\n") + } else { + builder.WriteString("\t\tAND downstream = true\n") + } + } builder.WriteString("\nORDER BY e_id, selector_id, dns_name_id\n;") return builder.String(), args, nil @@ -3068,6 +3148,11 @@ func buildListRegistrationEntriesQueryMySQLCTE(req *datastore.ListRegistrationEn builder := new(strings.Builder) filtered, args, err := appendListRegistrationEntriesFilterQuery("\nWITH listing AS (\n", builder, MySQL, req) + var downstream = false + if req.ByDownstream != nil { + downstream = *req.ByDownstream + } + if err != nil { return "", nil, err } @@ -3102,6 +3187,13 @@ FROM if filtered { builder.WriteString("WHERE id IN (SELECT e_id FROM listing)\n") } + if downstream { + if !filtered { + builder.WriteString("\t\tWHERE downstream = true\n") + } else { + builder.WriteString("\t\tAND downstream = true\n") + } + } builder.WriteString(` UNION @@ -3146,6 +3238,52 @@ ORDER BY e_id, selector_id, dns_name_id return builder.String(), args, nil } +// Count Registration Entries +func countRegistrationEntries(ctx context.Context, db *sqlDB, _ logrus.FieldLogger, req *datastore.CountRegistrationEntriesRequest) (int32, error) { + if req.BySelectors != nil && len(req.BySelectors.Selectors) == 0 { + return 0, status.Error(codes.InvalidArgument, "cannot list by empty selector set") + } + + var val int32 + listReq := &datastore.ListRegistrationEntriesRequest{ + DataConsistency: req.DataConsistency, + ByParentID: req.ByParentID, + BySelectors: req.BySelectors, + BySpiffeID: req.BySpiffeID, + ByFederatesWith: req.ByFederatesWith, + ByHint: req.ByHint, + ByDownstream: req.ByDownstream, + Pagination: &datastore.Pagination{ + Token: "", + PageSize: 1000, + }, + } + + for { + resp, err := listRegistrationEntriesOnce(ctx, db.raw, db.databaseType, db.supportsCTE, listReq) + + if err != nil { + return -1, err + } + + if len(resp.Entries) == 0 { + return val, nil + } + + if req.BySelectors != nil { + switch req.BySelectors.Match { + case datastore.Exact, datastore.Subset: + resp.Entries = filterEntriesBySelectorSet(resp.Entries, req.BySelectors.Selectors) + default: + } + } + + val += int32(len(resp.Entries)) + + listReq.Pagination = resp.Pagination + } +} + type idFilterNode struct { idColumn string diff --git a/pkg/server/datastore/sqlstore/sqlstore_test.go b/pkg/server/datastore/sqlstore/sqlstore_test.go index 482a293880..a600dc3c36 100644 --- a/pkg/server/datastore/sqlstore/sqlstore_test.go +++ b/pkg/server/datastore/sqlstore/sqlstore_test.go @@ -507,7 +507,7 @@ func (s *PluginSuite) TestCountBundles() { func (s *PluginSuite) TestCountAttestedNodes() { // Count empty attested nodes - count, err := s.ds.CountAttestedNodes(ctx) + count, err := s.ds.CountAttestedNodes(ctx, &datastore.CountAttestedNodesRequest{}) s.Require().NoError(err) s.Require().Equal(int32(0), count) @@ -531,14 +531,14 @@ func (s *PluginSuite) TestCountAttestedNodes() { s.Require().NoError(err) // Count all - count, err = s.ds.CountAttestedNodes(ctx) + count, err = s.ds.CountAttestedNodes(ctx, &datastore.CountAttestedNodesRequest{}) s.Require().NoError(err) s.Require().Equal(int32(2), count) } func (s *PluginSuite) TestCountRegistrationEntries() { // Count empty registration entries - count, err := s.ds.CountRegistrationEntries(ctx) + count, err := s.ds.CountRegistrationEntries(ctx, &datastore.CountRegistrationEntriesRequest{}) s.Require().NoError(err) s.Require().Equal(int32(0), count) @@ -560,7 +560,7 @@ func (s *PluginSuite) TestCountRegistrationEntries() { s.Require().NoError(err) // Count all - count, err = s.ds.CountRegistrationEntries(ctx) + count, err = s.ds.CountRegistrationEntries(ctx, &datastore.CountRegistrationEntriesRequest{}) s.Require().NoError(err) s.Require().Equal(int32(2), count) } diff --git a/test/fakes/fakedatastore/fakedatastore.go b/test/fakes/fakedatastore/fakedatastore.go index b0f8d89440..404958983e 100644 --- a/test/fakes/fakedatastore/fakedatastore.go +++ b/test/fakes/fakedatastore/fakedatastore.go @@ -121,11 +121,11 @@ func (s *DataStore) PruneBundle(ctx context.Context, trustDomainID string, expir return s.ds.PruneBundle(ctx, trustDomainID, expiresBefore) } -func (s *DataStore) CountAttestedNodes(ctx context.Context) (int32, error) { +func (s *DataStore) CountAttestedNodes(ctx context.Context, req *datastore.CountAttestedNodesRequest) (int32, error) { if err := s.getNextError(); err != nil { return 0, err } - return s.ds.CountAttestedNodes(ctx) + return s.ds.CountAttestedNodes(ctx, req) } func (s *DataStore) CreateAttestedNode(ctx context.Context, node *common.AttestedNode) (*common.AttestedNode, error) { @@ -238,11 +238,11 @@ func (s *DataStore) GetNodeSelectors(ctx context.Context, spiffeID string, dataC return selectors, err } -func (s *DataStore) CountRegistrationEntries(ctx context.Context) (int32, error) { +func (s *DataStore) CountRegistrationEntries(ctx context.Context, req *datastore.CountRegistrationEntriesRequest) (int32, error) { if err := s.getNextError(); err != nil { return 0, err } - return s.ds.CountRegistrationEntries(ctx) + return s.ds.CountRegistrationEntries(ctx, req) } func (s *DataStore) CreateRegistrationEntry(ctx context.Context, entry *common.RegistrationEntry) (*common.RegistrationEntry, error) { From 36f26c85751992cc81dddbf93e3314607ecf14fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Agust=C3=ADn=20Mart=C3=ADnez=20Fay=C3=B3?= Date: Thu, 28 Mar 2024 15:44:39 -0300 Subject: [PATCH 74/83] Introduce the `gcp_cloudstorage` BundlePublisher plugin (#4961) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Introduce the `gcp_cloudstorage` BundlePublisher plugin Signed-off-by: Agustín Martínez Fayó * Address PR comments Signed-off-by: Agustín Martínez Fayó --------- Signed-off-by: Agustín Martínez Fayó Co-authored-by: Marcos Yacob --- ...server_bundlepublisher_gcp_cloudstorage.md | 69 +++ doc/spire_server.md | 55 +-- pkg/server/catalog/bundlepublisher.go | 2 + .../bundlepublisher/gcpcloudstorage/client.go | 22 + .../gcpcloudstorage/gcpcloudstorage.go | 263 ++++++++++++ .../gcpcloudstorage/gcpcloudstorage_test.go | 406 ++++++++++++++++++ 6 files changed, 790 insertions(+), 27 deletions(-) create mode 100644 doc/plugin_server_bundlepublisher_gcp_cloudstorage.md create mode 100644 pkg/server/plugin/bundlepublisher/gcpcloudstorage/client.go create mode 100644 pkg/server/plugin/bundlepublisher/gcpcloudstorage/gcpcloudstorage.go create mode 100644 pkg/server/plugin/bundlepublisher/gcpcloudstorage/gcpcloudstorage_test.go diff --git a/doc/plugin_server_bundlepublisher_gcp_cloudstorage.md b/doc/plugin_server_bundlepublisher_gcp_cloudstorage.md new file mode 100644 index 0000000000..dfe7d530f1 --- /dev/null +++ b/doc/plugin_server_bundlepublisher_gcp_cloudstorage.md @@ -0,0 +1,69 @@ +# Server plugin: BundlePublisher "gcp_cloudstorage" + +The `gcp_cloudstorage` plugin puts the current trust bundle of the server in a designated +Google Cloud Storage bucket, keeping it updated. + +The plugin accepts the following configuration options: + +| Configuration | Description | Required | Default | +|----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------|----------------------------------------------------------------| +| service_account_file | Path to the service account file used to authenticate with the Cloud Storage API. | No. | Value of `GOOGLE_APPLICATION_CREDENTIALS` environment variable.| +| bucket_name | The Google Cloud Storage bucket name to which the trust bundle is uploaded. | Yes. | | +| object_name | The object name inside the bucket. | Yes. | | +| format | Format in which the trust bundle is stored, <spiffe | jwks | pem>. See [Supported bundle formats](#supported-bundle-formats) for more details. | Yes. | | + +## Supported bundle formats + +The following bundle formats are supported: + +### SPIFFE format + +The trust bundle is represented as an RFC 7517 compliant JWK Set, with the specific parameters defined in the [SPIFFE Trust Domain and Bundle specification](https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE_Trust_Domain_and_Bundle.md#4-spiffe-bundle-format). Both the JWT authorities and the X.509 authorities are included. + +### JWKS format + +The trust bundle is encoded as an RFC 7517 compliant JWK Set, omitting SPIFFE-specific parameters. Both the JWT authorities and the X.509 authorities are included. + +### PEM format + +The trust bundle is formatted using PEM encoding. Only the X.509 authorities are included. + +## Required permissions + +The plugin requires the following IAM permissions be granted to the authenticated service account in the configured bucket: + +```text +storage.objects.create +storage.objects.delete +``` + +The `storage.objects.delete` permission is required to overwrite the object when the bundle is updated. + +## Sample configuration using Application Default Credentials + +The following configuration uploads the local trust bundle contents to the `example.org` object in the `spire-bundle` bucket. Since `service_account_file` is not configured, [Application Default Credentials](https://cloud.google.com/docs/authentication/client-libraries#adc) are used. + +```hcl + BundlePublisher "gcp_cloudstorage" { + plugin_data { + bucket = "spire-bundle" + object_name = "example.org" + format = "spiffe" + } + } +``` + +## Sample configuration using service account file + +The following configuration uploads the local trust bundle contents to the `example.org` object in the `spire-bundle` bucket. Since `service_account_file` is configured, authentication to the Cloud Storage API is done with the given service account file. + +```hcl + BundlePublisher "gcp_cloudstorage" { + plugin_data { + service_account_file = "/path/to/service/account/file" + bucket = "spire-bundle" + object_name = "example.org" + format = "spiffe" + } + } +``` diff --git a/doc/spire_server.md b/doc/spire_server.md index 5b716f4d26..2b94a0397a 100644 --- a/doc/spire_server.md +++ b/doc/spire_server.md @@ -12,36 +12,37 @@ This document is a configuration reference for SPIRE Server. It includes informa | NodeAttestor | Implements validation logic for nodes attempting to assert their identity. Generally paired with an agent plugin of the same type. | | UpstreamAuthority | Allows SPIRE server to integrate with existing PKI systems. | | Notifier | Notified by SPIRE server for certain events that are happening or have happened. For events that are happening, the notifier can advise SPIRE server on the outcome. | -| BundlePublisher | Publishes trust bundles to additional locations. | +| BundlePublisher | Publishes the local trust bundle to a store. | ## Built-in plugins -| Type | Name | Description | -|--------------------|----------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------| -| DataStore | [sql](/doc/plugin_server_datastore_sql.md) | An SQL database storage for SQLite, PostgreSQL and MySQL databases for the SPIRE datastore | -| KeyManager | [aws_kms](/doc/plugin_server_keymanager_aws_kms.md) | A key manager which manages keys in AWS KMS | -| KeyManager | [disk](/doc/plugin_server_keymanager_disk.md) | A key manager which manages keys persisted on disk | -| KeyManager | [memory](/doc/plugin_server_keymanager_memory.md) | A key manager which manages unpersisted keys in memory | -| CredentialComposer | [uniqueid](/doc/plugin_server_credentialcomposer_uniqueid.md) | Adds the x509UniqueIdentifier attribute to workload X509-SVIDs. | -| NodeAttestor | [aws_iid](/doc/plugin_server_nodeattestor_aws_iid.md) | A node attestor which attests agent identity using an AWS Instance Identity Document | -| NodeAttestor | [azure_msi](/doc/plugin_server_nodeattestor_azure_msi.md) | A node attestor which attests agent identity using an Azure MSI token | -| NodeAttestor | [gcp_iit](/doc/plugin_server_nodeattestor_gcp_iit.md) | A node attestor which attests agent identity using a GCP Instance Identity Token | -| NodeAttestor | [join_token](/doc/plugin_server_nodeattestor_jointoken.md) | A node attestor which validates agents attesting with server-generated join tokens | -| NodeAttestor | [k8s_sat](/doc/plugin_server_nodeattestor_k8s_sat.md) (deprecated) | A node attestor which attests agent identity using a Kubernetes Service Account token | -| NodeAttestor | [k8s_psat](/doc/plugin_server_nodeattestor_k8s_psat.md) | A node attestor which attests agent identity using a Kubernetes Projected Service Account token | -| NodeAttestor | [sshpop](/doc/plugin_server_nodeattestor_sshpop.md) | A node attestor which attests agent identity using an existing ssh certificate | -| NodeAttestor | [tpm_devid](/doc/plugin_server_nodeattestor_tpm_devid.md) | A node attestor which attests agent identity using a TPM that has been provisioned with a DevID certificate | -| NodeAttestor | [x509pop](/doc/plugin_server_nodeattestor_x509pop.md) | A node attestor which attests agent identity using an existing X.509 certificate | -| UpstreamAuthority | [disk](/doc/plugin_server_upstreamauthority_disk.md) | Uses a CA loaded from disk to sign SPIRE server intermediate certificates. | -| UpstreamAuthority | [aws_pca](/doc/plugin_server_upstreamauthority_aws_pca.md) | Uses a Private Certificate Authority from AWS Certificate Manager to sign SPIRE server intermediate certificates. | -| UpstreamAuthority | [awssecret](/doc/plugin_server_upstreamauthority_awssecret.md) | Uses a CA loaded from AWS SecretsManager to sign SPIRE server intermediate certificates. | -| UpstreamAuthority | [gcp_cas](/doc/plugin_server_upstreamauthority_gcp_cas.md) | Uses a Private Certificate Authority from GCP Certificate Authority Service to sign SPIRE Server intermediate certificates. | -| UpstreamAuthority | [vault](/doc/plugin_server_upstreamauthority_vault.md) | Uses a PKI Secret Engine from HashiCorp Vault to sign SPIRE server intermediate certificates. | -| UpstreamAuthority | [spire](/doc/plugin_server_upstreamauthority_spire.md) | Uses an upstream SPIRE server in the same trust domain to obtain intermediate signing certificates for SPIRE server. | -| UpstreamAuthority | [cert-manager](/doc/plugin_server_upstreamauthority_cert_manager.md) | Uses a referenced cert-manager Issuer to request intermediate signing certificates. | -| Notifier | [gcs_bundle](/doc/plugin_server_notifier_gcs_bundle.md) | A notifier that pushes the latest trust bundle contents into an object in Google Cloud Storage. | -| Notifier | [k8sbundle](/doc/plugin_server_notifier_k8sbundle.md) | A notifier that pushes the latest trust bundle contents into a Kubernetes ConfigMap. | -| BundlePublisher | [aws_s3](/doc/plugin_server_bundlepublisher_aws_s3.md) | Publishes trust bundles to an Amazon S3 bucket. | +| Type | Name | Description | +|--------------------|----------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------| +| DataStore | [sql](/doc/plugin_server_datastore_sql.md) | An SQL database storage for SQLite, PostgreSQL and MySQL databases for the SPIRE datastore | +| KeyManager | [aws_kms](/doc/plugin_server_keymanager_aws_kms.md) | A key manager which manages keys in AWS KMS | +| KeyManager | [disk](/doc/plugin_server_keymanager_disk.md) | A key manager which manages keys persisted on disk | +| KeyManager | [memory](/doc/plugin_server_keymanager_memory.md) | A key manager which manages unpersisted keys in memory | +| CredentialComposer | [uniqueid](/doc/plugin_server_credentialcomposer_uniqueid.md) | Adds the x509UniqueIdentifier attribute to workload X509-SVIDs. | +| NodeAttestor | [aws_iid](/doc/plugin_server_nodeattestor_aws_iid.md) | A node attestor which attests agent identity using an AWS Instance Identity Document | +| NodeAttestor | [azure_msi](/doc/plugin_server_nodeattestor_azure_msi.md) | A node attestor which attests agent identity using an Azure MSI token | +| NodeAttestor | [gcp_iit](/doc/plugin_server_nodeattestor_gcp_iit.md) | A node attestor which attests agent identity using a GCP Instance Identity Token | +| NodeAttestor | [join_token](/doc/plugin_server_nodeattestor_jointoken.md) | A node attestor which validates agents attesting with server-generated join tokens | +| NodeAttestor | [k8s_sat](/doc/plugin_server_nodeattestor_k8s_sat.md) (deprecated) | A node attestor which attests agent identity using a Kubernetes Service Account token | +| NodeAttestor | [k8s_psat](/doc/plugin_server_nodeattestor_k8s_psat.md) | A node attestor which attests agent identity using a Kubernetes Projected Service Account token | +| NodeAttestor | [sshpop](/doc/plugin_server_nodeattestor_sshpop.md) | A node attestor which attests agent identity using an existing ssh certificate | +| NodeAttestor | [tpm_devid](/doc/plugin_server_nodeattestor_tpm_devid.md) | A node attestor which attests agent identity using a TPM that has been provisioned with a DevID certificate | +| NodeAttestor | [x509pop](/doc/plugin_server_nodeattestor_x509pop.md) | A node attestor which attests agent identity using an existing X.509 certificate | +| UpstreamAuthority | [disk](/doc/plugin_server_upstreamauthority_disk.md) | Uses a CA loaded from disk to sign SPIRE server intermediate certificates. | +| UpstreamAuthority | [aws_pca](/doc/plugin_server_upstreamauthority_aws_pca.md) | Uses a Private Certificate Authority from AWS Certificate Manager to sign SPIRE server intermediate certificates. | +| UpstreamAuthority | [awssecret](/doc/plugin_server_upstreamauthority_awssecret.md) | Uses a CA loaded from AWS SecretsManager to sign SPIRE server intermediate certificates. | +| UpstreamAuthority | [gcp_cas](/doc/plugin_server_upstreamauthority_gcp_cas.md) | Uses a Private Certificate Authority from GCP Certificate Authority Service to sign SPIRE Server intermediate certificates. | +| UpstreamAuthority | [vault](/doc/plugin_server_upstreamauthority_vault.md) | Uses a PKI Secret Engine from HashiCorp Vault to sign SPIRE server intermediate certificates. | +| UpstreamAuthority | [spire](/doc/plugin_server_upstreamauthority_spire.md) | Uses an upstream SPIRE server in the same trust domain to obtain intermediate signing certificates for SPIRE server. | +| UpstreamAuthority | [cert-manager](/doc/plugin_server_upstreamauthority_cert_manager.md) | Uses a referenced cert-manager Issuer to request intermediate signing certificates. | +| Notifier | [gcs_bundle](/doc/plugin_server_notifier_gcs_bundle.md) | A notifier that pushes the latest trust bundle contents into an object in Google Cloud Storage. | +| Notifier | [k8sbundle](/doc/plugin_server_notifier_k8sbundle.md) | A notifier that pushes the latest trust bundle contents into a Kubernetes ConfigMap. | +| BundlePublisher | [aws_s3](/doc/plugin_server_bundlepublisher_aws_s3.md) | Publishes the trust bundle to an Amazon S3 bucket. | +| BundlePublisher | [gcp_cloudstorage](/doc/plugin_server_bundlepublisher_gcp_cloudstorage.md) | Publishes the trust bundle to a Google Cloud Storage bucket. | ## Server configuration file diff --git a/pkg/server/catalog/bundlepublisher.go b/pkg/server/catalog/bundlepublisher.go index 1cdfcd44bd..fd425749f7 100644 --- a/pkg/server/catalog/bundlepublisher.go +++ b/pkg/server/catalog/bundlepublisher.go @@ -4,6 +4,7 @@ import ( "github.com/spiffe/spire/pkg/common/catalog" "github.com/spiffe/spire/pkg/server/plugin/bundlepublisher" "github.com/spiffe/spire/pkg/server/plugin/bundlepublisher/awss3" + "github.com/spiffe/spire/pkg/server/plugin/bundlepublisher/gcpcloudstorage" ) type bundlePublisherRepository struct { @@ -25,6 +26,7 @@ func (repo *bundlePublisherRepository) Versions() []catalog.Version { func (repo *bundlePublisherRepository) BuiltIns() []catalog.BuiltIn { return []catalog.BuiltIn{ awss3.BuiltIn(), + gcpcloudstorage.BuiltIn(), } } diff --git a/pkg/server/plugin/bundlepublisher/gcpcloudstorage/client.go b/pkg/server/plugin/bundlepublisher/gcpcloudstorage/client.go new file mode 100644 index 0000000000..bb647fbce4 --- /dev/null +++ b/pkg/server/plugin/bundlepublisher/gcpcloudstorage/client.go @@ -0,0 +1,22 @@ +package gcpcloudstorage + +import ( + "context" + "io" + + "cloud.google.com/go/storage" + "google.golang.org/api/option" +) + +type gcsService interface { + Bucket(name string) *storage.BucketHandle + Close() error +} + +func newGCSClient(ctx context.Context, opts ...option.ClientOption) (gcsService, error) { + return storage.NewClient(ctx, opts...) +} + +func newStorageWriter(ctx context.Context, o *storage.ObjectHandle) io.WriteCloser { + return o.NewWriter(ctx) +} diff --git a/pkg/server/plugin/bundlepublisher/gcpcloudstorage/gcpcloudstorage.go b/pkg/server/plugin/bundlepublisher/gcpcloudstorage/gcpcloudstorage.go new file mode 100644 index 0000000000..ea0c304e8f --- /dev/null +++ b/pkg/server/plugin/bundlepublisher/gcpcloudstorage/gcpcloudstorage.go @@ -0,0 +1,263 @@ +package gcpcloudstorage + +import ( + "context" + "io" + "sync" + + "cloud.google.com/go/storage" + "github.com/hashicorp/go-hclog" + "github.com/hashicorp/hcl" + "github.com/spiffe/spire-plugin-sdk/pluginsdk/support/bundleformat" + bundlepublisherv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/bundlepublisher/v1" + "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/types" + configv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/service/common/config/v1" + "github.com/spiffe/spire/pkg/common/catalog" + "github.com/spiffe/spire/pkg/common/telemetry" + "google.golang.org/api/option" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + "google.golang.org/protobuf/proto" +) + +const ( + pluginName = "gcp_cloudstorage" +) + +type pluginHooks struct { + newGCSClientFunc func(ctx context.Context, opts ...option.ClientOption) (gcsService, error) + newStorageWriterFunc func(ctx context.Context, o *storage.ObjectHandle) io.WriteCloser + wroteObjectFunc func() // Test hook called when an object was written. +} + +func BuiltIn() catalog.BuiltIn { + return builtin(New()) +} + +func New() *Plugin { + return newPlugin(newGCSClient, newStorageWriter) +} + +// Config holds the configuration of the plugin. +type Config struct { + BucketName string `hcl:"bucket_name" json:"bucket_name"` + ObjectName string `hcl:"object_name" json:"object_name"` + Format string `hcl:"format" json:"format"` + ServiceAccountFile string `hcl:"service_account_file" json:"service_account_file"` + + // bundleFormat is used to store the content of Format, parsed + // as bundleformat.Format. + bundleFormat bundleformat.Format +} + +// Plugin is the main representation of this bundle publisher plugin. +type Plugin struct { + bundlepublisherv1.UnsafeBundlePublisherServer + configv1.UnsafeConfigServer + + config *Config + configMtx sync.RWMutex + + bundle *types.Bundle + bundleMtx sync.RWMutex + + hooks pluginHooks + gcsClient gcsService + log hclog.Logger +} + +// SetLogger sets a logger in the plugin. +func (p *Plugin) SetLogger(log hclog.Logger) { + p.log = log +} + +// Configure configures the plugin. +func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) (*configv1.ConfigureResponse, error) { + config, err := parseAndValidateConfig(req.HclConfiguration) + if err != nil { + return nil, err + } + + var opts []option.ClientOption + if config.ServiceAccountFile != "" { + opts = append(opts, option.WithCredentialsFile(config.ServiceAccountFile)) + } + + gcsClient, err := p.hooks.newGCSClientFunc(ctx, opts...) + if err != nil { + return nil, status.Errorf(codes.Internal, "failed to create client: %v", err) + } + p.gcsClient = gcsClient + + p.setConfig(config) + p.setBundle(nil) + return &configv1.ConfigureResponse{}, nil +} + +// PublishBundle puts the bundle in the configured GCS bucket and object name. +func (p *Plugin) PublishBundle(ctx context.Context, req *bundlepublisherv1.PublishBundleRequest) (*bundlepublisherv1.PublishBundleResponse, error) { + config, err := p.getConfig() + if err != nil { + return nil, err + } + + if req.Bundle == nil { + return nil, status.Error(codes.InvalidArgument, "missing bundle in request") + } + + currentBundle := p.getBundle() + if proto.Equal(req.Bundle, currentBundle) { + // Bundle not changed. No need to publish. + return &bundlepublisherv1.PublishBundleResponse{}, nil + } + + formatter := bundleformat.NewFormatter(req.Bundle) + bundleBytes, err := formatter.Format(config.bundleFormat) + if err != nil { + return nil, status.Errorf(codes.Internal, "could not format bundle: %v", err.Error()) + } + + bucketHandle := p.gcsClient.Bucket(config.BucketName) + if bucketHandle == nil { // Purely defensive, the Bucket function implemented in GCS always returns a BucketHandle. + return nil, status.Error(codes.Internal, "could not get bucket handle") + } + + objectHandle := bucketHandle.Object(config.ObjectName) + if objectHandle == nil { // Purely defensive, the Object function implemented in GCS always returns an ObjectHandle. + return nil, status.Error(codes.Internal, "could not get object handle") + } + + storageWriter := p.hooks.newStorageWriterFunc(ctx, objectHandle) + if storageWriter == nil { // Purely defensive, the NewWriter function implemented in GCS always returns a storage writer + return nil, status.Error(codes.Internal, "could not initialize storage writer") + } + + log := p.log.With( + "bucket_name", config.BucketName, + "object_name", config.ObjectName) + + _, err = storageWriter.Write(bundleBytes) + // The number of bytes written can be safely ignored. To determine if an + // object was successfully uploaded, we need to look at the error returned + // from storageWriter.Close(). + if err != nil { + // Close the storage writer before returning. + if closeErr := storageWriter.Close(); closeErr != nil { + log.With(telemetry.Error, closeErr).Error("Failed to close storage writer") + } + return nil, status.Errorf(codes.Internal, "failed to write bundle: %v", err) + } + + if err := storageWriter.Close(); err != nil { + return nil, status.Errorf(codes.Internal, "failed to close storage writer: %v", err) + } + + if p.hooks.wroteObjectFunc != nil { + p.hooks.wroteObjectFunc() + } + + p.setBundle(req.Bundle) + log.Debug("Bundle published") + return &bundlepublisherv1.PublishBundleResponse{}, nil +} + +// Close is called when the plugin is unloaded. Closes the client. +func (p *Plugin) Close() error { + if p.gcsClient == nil { + return nil + } + p.log.Debug("Closing the connection to the Cloud Storage API service") + return p.gcsClient.Close() +} + +// getBundle gets the latest bundle that the plugin has. +func (p *Plugin) getBundle() *types.Bundle { + p.configMtx.RLock() + defer p.configMtx.RUnlock() + + return p.bundle +} + +// getConfig gets the configuration of the plugin. +func (p *Plugin) getConfig() (*Config, error) { + p.configMtx.RLock() + defer p.configMtx.RUnlock() + + if p.config == nil { + return nil, status.Error(codes.FailedPrecondition, "not configured") + } + return p.config, nil +} + +// setBundle updates the current bundle in the plugin with the provided bundle. +func (p *Plugin) setBundle(bundle *types.Bundle) { + p.bundleMtx.Lock() + defer p.bundleMtx.Unlock() + + p.bundle = bundle +} + +// setConfig sets the configuration for the plugin. +func (p *Plugin) setConfig(config *Config) { + p.configMtx.Lock() + defer p.configMtx.Unlock() + + p.config = config +} + +// builtin creates a new BundlePublisher built-in plugin. +func builtin(p *Plugin) catalog.BuiltIn { + return catalog.MakeBuiltIn(pluginName, + bundlepublisherv1.BundlePublisherPluginServer(p), + configv1.ConfigServiceServer(p), + ) +} + +// newPlugin returns a new plugin instance. +func newPlugin(newGCSClientFunc func(ctx context.Context, opts ...option.ClientOption) (gcsService, error), + newStorageWriterFunc func(ctx context.Context, o *storage.ObjectHandle) io.WriteCloser) *Plugin { + return &Plugin{ + hooks: pluginHooks{ + newGCSClientFunc: newGCSClientFunc, + newStorageWriterFunc: newStorageWriterFunc, + }, + } +} + +// parseAndValidateConfig returns an error if any configuration provided does +// not meet acceptable criteria +func parseAndValidateConfig(c string) (*Config, error) { + config := new(Config) + + if err := hcl.Decode(config, c); err != nil { + return nil, status.Errorf(codes.InvalidArgument, "unable to decode configuration: %v", err) + } + + if config.BucketName == "" { + return nil, status.Error(codes.InvalidArgument, "configuration is missing the bucket name") + } + + if config.ObjectName == "" { + return nil, status.Error(codes.InvalidArgument, "configuration is missing the object name") + } + + if config.Format == "" { + return nil, status.Error(codes.InvalidArgument, "configuration is missing the bundle format") + } + bundleFormat, err := bundleformat.FromString(config.Format) + if err != nil { + return nil, status.Errorf(codes.InvalidArgument, "could not parse bundle format from configuration: %v", err) + } + // The bundleformat package may support formats that this plugin does not + // support. Validate that the format is a supported format in this plugin. + switch bundleFormat { + case bundleformat.JWKS: + case bundleformat.SPIFFE: + case bundleformat.PEM: + default: + return nil, status.Errorf(codes.InvalidArgument, "format not supported %q", config.Format) + } + + config.bundleFormat = bundleFormat + return config, nil +} diff --git a/pkg/server/plugin/bundlepublisher/gcpcloudstorage/gcpcloudstorage_test.go b/pkg/server/plugin/bundlepublisher/gcpcloudstorage/gcpcloudstorage_test.go new file mode 100644 index 0000000000..a8233217ab --- /dev/null +++ b/pkg/server/plugin/bundlepublisher/gcpcloudstorage/gcpcloudstorage_test.go @@ -0,0 +1,406 @@ +package gcpcloudstorage + +import ( + "context" + "crypto/x509" + "errors" + "io" + "testing" + + "cloud.google.com/go/storage" + "github.com/spiffe/go-spiffe/v2/spiffeid" + "github.com/spiffe/spire-plugin-sdk/pluginsdk/support/bundleformat" + bundlepublisherv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/bundlepublisher/v1" + "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/types" + configv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/service/common/config/v1" + "github.com/spiffe/spire/pkg/common/catalog" + "github.com/spiffe/spire/test/plugintest" + "github.com/spiffe/spire/test/spiretest" + "github.com/spiffe/spire/test/util" + "github.com/stretchr/testify/require" + "google.golang.org/api/option" + "google.golang.org/grpc/codes" +) + +func TestConfigure(t *testing.T) { + for _, tt := range []struct { + name string + + configureRequest *configv1.ConfigureRequest + newClientErr error + expectCode codes.Code + expectMsg string + config *Config + }{ + { + name: "success", + config: &Config{ + ServiceAccountFile: "service-account-file", + BucketName: "bucket-name", + ObjectName: "object-name", + Format: "spiffe", + }, + }, + { + name: "no bucket", + config: &Config{ + ObjectName: "object-name", + Format: "spiffe", + }, + expectCode: codes.InvalidArgument, + expectMsg: "configuration is missing the bucket name", + }, + { + name: "no object name", + config: &Config{ + BucketName: "bucket-name", + Format: "spiffe", + }, + expectCode: codes.InvalidArgument, + expectMsg: "configuration is missing the object name", + }, + { + name: "no bundle format", + config: &Config{ + ObjectName: "object-name", + BucketName: "bucket-name", + }, + expectCode: codes.InvalidArgument, + expectMsg: "configuration is missing the bundle format", + }, + { + name: "client error", + config: &Config{ + ServiceAccountFile: "service-account-file", + BucketName: "bucket-name", + ObjectName: "object-name", + Format: "spiffe", + }, + expectCode: codes.Internal, + expectMsg: "failed to create client: client creation error", + newClientErr: errors.New("client creation error"), + }, + { + name: "invalid format", + config: &Config{ + BucketName: "bucket-name", + ObjectName: "object-name", + Format: "invalid-format", + }, + expectCode: codes.InvalidArgument, + expectMsg: "could not parse bundle format from configuration: unknown bundle format: \"invalid-format\"", + }, + } { + t.Run(tt.name, func(t *testing.T) { + var err error + options := []plugintest.Option{ + plugintest.CaptureConfigureError(&err), + plugintest.CoreConfig(catalog.CoreConfig{ + TrustDomain: spiffeid.RequireTrustDomainFromString("example.org"), + }), + plugintest.ConfigureJSON(tt.config), + } + + newClient := func(ctx context.Context, opts ...option.ClientOption) (gcsService, error) { + if tt.newClientErr != nil { + return nil, tt.newClientErr + } + return &fakeClient{ + clientOptions: opts, + }, nil + } + + newStorageWriter := func(ctx context.Context, o *storage.ObjectHandle) io.WriteCloser { + return &fakeStorageWriter{} + } + p := newPlugin(newClient, newStorageWriter) + + plugintest.Load(t, builtin(p), nil, options...) + spiretest.RequireGRPCStatusHasPrefix(t, err, tt.expectCode, tt.expectMsg) + + if tt.expectMsg != "" { + require.Nil(t, p.config) + return + } + + // Check that the plugin has the expected configuration. + tt.config.bundleFormat, err = bundleformat.FromString(tt.config.Format) + require.NoError(t, err) + require.Equal(t, tt.config, p.config) + + client, ok := p.gcsClient.(*fakeClient) + require.True(t, ok) + + // It's important to check that the configuration has been wired + // up to the gcs config, that needs to have the specified service + // account file. + require.Equal(t, []option.ClientOption{option.WithCredentialsFile(tt.config.ServiceAccountFile)}, client.clientOptions) + }) + } +} + +func TestPublishBundle(t *testing.T) { + testBundle := getTestBundle(t) + config := &Config{ + BucketName: "bucket-name", + ObjectName: "object-name", + Format: "spiffe", + } + + for _, tt := range []struct { + name string + + newClientErr error + expectCode codes.Code + expectMsg string + noConfig bool + bundle *types.Bundle + writeErr error + closeErr error + }{ + { + name: "success", + bundle: testBundle, + }, + { + name: "multiple times", + bundle: testBundle, + }, + { + name: "write failure", + bundle: testBundle, + writeErr: errors.New("write error"), + expectCode: codes.Internal, + expectMsg: "failed to write bundle: write error", + }, + { + name: "close failure", + bundle: testBundle, + closeErr: errors.New("close error"), + expectCode: codes.Internal, + expectMsg: "failed to close storage writer: close error", + }, + { + name: "not configured", + noConfig: true, + expectCode: codes.FailedPrecondition, + expectMsg: "not configured", + }, + { + name: "missing bundle", + expectCode: codes.InvalidArgument, + expectMsg: "missing bundle in request", + }, + } { + t.Run(tt.name, func(t *testing.T) { + var err error + options := []plugintest.Option{ + plugintest.CaptureConfigureError(&err), + plugintest.CoreConfig(catalog.CoreConfig{ + TrustDomain: spiffeid.RequireTrustDomainFromString("example.org"), + }), + plugintest.ConfigureJSON(config), + } + + newClient := func(ctx context.Context, opts ...option.ClientOption) (gcsService, error) { + return &fakeClient{ + clientOptions: opts, + }, nil + } + + newStorageWriter := func(ctx context.Context, o *storage.ObjectHandle) io.WriteCloser { + return &fakeStorageWriter{ + writeErr: tt.writeErr, + closeErr: tt.closeErr, + } + } + p := newPlugin(newClient, newStorageWriter) + + if !tt.noConfig { + plugintest.Load(t, builtin(p), nil, options...) + require.NoError(t, err) + } + + resp, err := p.PublishBundle(context.Background(), &bundlepublisherv1.PublishBundleRequest{ + Bundle: tt.bundle, + }) + + if tt.expectMsg != "" { + spiretest.RequireGRPCStatusContains(t, err, tt.expectCode, tt.expectMsg) + return + } + require.NoError(t, err) + require.NotNil(t, resp) + }) + } +} + +func TestPublishMultiple(t *testing.T) { + config := &Config{ + BucketName: "bucket-name", + ObjectName: "object-name", + Format: "spiffe", + } + + var err error + options := []plugintest.Option{ + plugintest.CaptureConfigureError(&err), + plugintest.CoreConfig(catalog.CoreConfig{ + TrustDomain: spiffeid.RequireTrustDomainFromString("example.org"), + }), + plugintest.ConfigureJSON(config), + } + + newClient := func(ctx context.Context, opts ...option.ClientOption) (gcsService, error) { + return &fakeClient{ + clientOptions: opts, + }, nil + } + newStorageWriter := getFakeNewStorageWriterFunc(nil, nil) + p := newPlugin(newClient, newStorageWriter) + + var testWriteObjectCount int + p.hooks.wroteObjectFunc = func() { testWriteObjectCount++ } + plugintest.Load(t, builtin(p), nil, options...) + require.NoError(t, err) + + // Test multiple write operations, and check that only a call to Write is + // done when there is a modified bundle that was not successfully published + // before. + + // Have an initial bundle with SequenceNumber = 1. + bundle := getTestBundle(t) + bundle.SequenceNumber = 1 + + // Reset the testWriteObjectCount counter. + testWriteObjectCount = 0 + resp, err := p.PublishBundle(context.Background(), &bundlepublisherv1.PublishBundleRequest{ + Bundle: bundle, + }) + require.NoError(t, err) + require.NotNil(t, resp) + require.Equal(t, 1, testWriteObjectCount) + + // Call PublishBundle with the same bundle. + resp, err = p.PublishBundle(context.Background(), &bundlepublisherv1.PublishBundleRequest{ + Bundle: bundle, + }) + require.NoError(t, err) + require.NotNil(t, resp) + + // The same bundle was used, the testWriteObjectCount counter should be still 1. + require.Equal(t, 1, testWriteObjectCount) + + // Have a new bundle and call PublishBundle. + bundle = getTestBundle(t) + bundle.SequenceNumber = 2 + resp, err = p.PublishBundle(context.Background(), &bundlepublisherv1.PublishBundleRequest{ + Bundle: bundle, + }) + require.NoError(t, err) + require.NotNil(t, resp) + + // PublishBundle was called with a different bundle, testWriteObjectCount should + // be incremented to be 2. + require.Equal(t, 2, testWriteObjectCount) + + // Simulate that there is an error writing to the storage. + p.hooks.newStorageWriterFunc = getFakeNewStorageWriterFunc(errors.New("write error"), nil) + + resp, err = p.PublishBundle(context.Background(), &bundlepublisherv1.PublishBundleRequest{ + Bundle: bundle, + }) + // Since there is no change in the bundle, Write should not be called + // and there should be no error. + require.NoError(t, err) + require.NotNil(t, resp) + + // The same bundle was used, the testWriteObjectCount counter should be still 2. + require.Equal(t, 2, testWriteObjectCount) + + // Have a new bundle and call PublishBundle. Write should be called this + // time and return an error. + bundle = getTestBundle(t) + bundle.SequenceNumber = 3 + resp, err = p.PublishBundle(context.Background(), &bundlepublisherv1.PublishBundleRequest{ + Bundle: bundle, + }) + require.Error(t, err) + require.Nil(t, resp) + + // Since the bundle could not be published, testWriteObjectCount should be + // still 2. + require.Equal(t, 2, testWriteObjectCount) + + // Clear the Write error and call PublishBundle. + p.hooks.newStorageWriterFunc = getFakeNewStorageWriterFunc(nil, nil) + resp, err = p.PublishBundle(context.Background(), &bundlepublisherv1.PublishBundleRequest{ + Bundle: bundle, + }) + + // No error should happen this time. + require.NoError(t, err) + require.NotNil(t, resp) + + // The testWriteObjectCount counter should be incremented to 3, since the bundle + // should have been published successfully. + require.Equal(t, 3, testWriteObjectCount) +} + +type fakeClient struct { + clientOptions []option.ClientOption +} + +func (c *fakeClient) Bucket(string) *storage.BucketHandle { + return &storage.BucketHandle{} +} + +func (c *fakeClient) Close() error { + return nil +} + +type fakeStorageWriter struct { + writeErr error + closeErr error +} + +func (s *fakeStorageWriter) Write(p []byte) (n int, err error) { + if s.writeErr == nil { + return len(p), nil + } + return 0, s.writeErr +} + +func (s *fakeStorageWriter) Close() error { + return s.closeErr +} + +func getFakeNewStorageWriterFunc(writeErr, closeErr error) func(ctx context.Context, o *storage.ObjectHandle) io.WriteCloser { + return func(ctx context.Context, o *storage.ObjectHandle) io.WriteCloser { + return &fakeStorageWriter{ + writeErr: writeErr, + closeErr: closeErr, + } + } +} + +func getTestBundle(t *testing.T) *types.Bundle { + cert, _, err := util.LoadCAFixture() + require.NoError(t, err) + + keyPkix, err := x509.MarshalPKIXPublicKey(cert.PublicKey) + require.NoError(t, err) + + return &types.Bundle{ + TrustDomain: "example.org", + X509Authorities: []*types.X509Certificate{{Asn1: cert.Raw}}, + JwtAuthorities: []*types.JWTKey{ + { + KeyId: "KID", + PublicKey: keyPkix, + }, + }, + RefreshHint: 1440, + SequenceNumber: 100, + } +} From 6608f339ae77c4cc6444640093076ae3a86e494f Mon Sep 17 00:00:00 2001 From: Marcos Yacob Date: Thu, 28 Mar 2024 16:52:42 -0300 Subject: [PATCH 75/83] Allow reload logfile by signal (#4975) * Resolve issue causing spire server to no reload log file when receiving a signal Signed-off-by: Marcos Yacob * Add unit test Signed-off-by: Marcos Yacob * Run Reopen log tests only on posix, since windows does not support signals, it is not possible to apply that logic Signed-off-by: Marcos Yacob * Move server run test case to posix Signed-off-by: Marcos Yacob --------- Signed-off-by: Marcos Yacob Signed-off-by: Marcos Yacob Co-authored-by: Andrew Harding --- cmd/spire-agent/cli/run/run.go | 3 ++- cmd/spire-agent/cli/run/run_posix_test.go | 15 ++++++++++++++- cmd/spire-agent/cli/run/run_test.go | 2 +- cmd/spire-agent/cli/run/run_windows_test.go | 2 +- cmd/spire-server/cli/run/run.go | 3 ++- cmd/spire-server/cli/run/run_posix_test.go | 15 ++++++++++++++- cmd/spire-server/cli/run/run_test.go | 2 +- cmd/spire-server/cli/run/run_windows_test.go | 2 +- 8 files changed, 36 insertions(+), 8 deletions(-) diff --git a/cmd/spire-agent/cli/run/run.go b/cmd/spire-agent/cli/run/run.go index 96cc97f83f..21ed89d9f9 100644 --- a/cmd/spire-agent/cli/run/run.go +++ b/cmd/spire-agent/cli/run/run.go @@ -493,7 +493,8 @@ func NewAgentConfig(c *Config, logOptions []log.Option, allowUnknownConfig bool) } var reopenableFile *log.ReopenableFile if c.Agent.LogFile != "" { - reopenableFile, err := log.NewReopenableFile(c.Agent.LogFile) + var err error + reopenableFile, err = log.NewReopenableFile(c.Agent.LogFile) if err != nil { return nil, err } diff --git a/cmd/spire-agent/cli/run/run_posix_test.go b/cmd/spire-agent/cli/run/run_posix_test.go index cd24c8ebac..7442f9b133 100644 --- a/cmd/spire-agent/cli/run/run_posix_test.go +++ b/cmd/spire-agent/cli/run/run_posix_test.go @@ -6,6 +6,7 @@ import ( "bytes" "fmt" "os" + "path" "testing" "github.com/spiffe/spire/pkg/agent" @@ -271,7 +272,9 @@ func mergeInputCasesOS() []mergeInputCase { } } -func newAgentConfigCasesOS() []newAgentConfigCase { +func newAgentConfigCasesOS(t *testing.T) []newAgentConfigCase { + testDir := t.TempDir() + return []newAgentConfigCase{ { msg: "socket_path should be correctly configured", @@ -359,5 +362,15 @@ func newAgentConfigCasesOS() []newAgentConfigCase { require.Nil(t, c.AdminBindAddress) }, }, + { + msg: "log_file allows to reopen", + input: func(c *Config) { + c.Agent.LogFile = path.Join(testDir, "foo") + }, + test: func(t *testing.T, c *agent.Config) { + require.NotNil(t, c.Log) + require.NotNil(t, c.LogReopener) + }, + }, } } diff --git a/cmd/spire-agent/cli/run/run_test.go b/cmd/spire-agent/cli/run/run_test.go index 48dd220d87..dd45548da4 100644 --- a/cmd/spire-agent/cli/run/run_test.go +++ b/cmd/spire-agent/cli/run/run_test.go @@ -1041,7 +1041,7 @@ func TestNewAgentConfig(t *testing.T) { }, }, } - cases = append(cases, newAgentConfigCasesOS()...) + cases = append(cases, newAgentConfigCasesOS(t)...) for _, testCase := range cases { testCase := testCase diff --git a/cmd/spire-agent/cli/run/run_windows_test.go b/cmd/spire-agent/cli/run/run_windows_test.go index cde7f985aa..2014ae5587 100644 --- a/cmd/spire-agent/cli/run/run_windows_test.go +++ b/cmd/spire-agent/cli/run/run_windows_test.go @@ -258,7 +258,7 @@ func mergeInputCasesOS() []mergeInputCase { } } -func newAgentConfigCasesOS() []newAgentConfigCase { +func newAgentConfigCasesOS(*testing.T) []newAgentConfigCase { return []newAgentConfigCase{ { msg: "named_pipe_name should be correctly configured", diff --git a/cmd/spire-server/cli/run/run.go b/cmd/spire-server/cli/run/run.go index 153773821e..2173020f6e 100644 --- a/cmd/spire-server/cli/run/run.go +++ b/cmd/spire-server/cli/run/run.go @@ -377,7 +377,8 @@ func NewServerConfig(c *Config, logOptions []log.Option, allowUnknownConfig bool } var reopenableFile *log.ReopenableFile if c.Server.LogFile != "" { - reopenableFile, err := log.NewReopenableFile(c.Server.LogFile) + var err error + reopenableFile, err = log.NewReopenableFile(c.Server.LogFile) if err != nil { return nil, err } diff --git a/cmd/spire-server/cli/run/run_posix_test.go b/cmd/spire-server/cli/run/run_posix_test.go index e321571b67..23f5a6362b 100644 --- a/cmd/spire-server/cli/run/run_posix_test.go +++ b/cmd/spire-server/cli/run/run_posix_test.go @@ -8,6 +8,7 @@ import ( "net" "net/netip" "os" + "path" "strconv" "strings" "testing" @@ -255,7 +256,9 @@ func mergeInputCasesOS(*testing.T) []mergeInputCase { } } -func newServerConfigCasesOS() []newServerConfigCase { +func newServerConfigCasesOS(t *testing.T) []newServerConfigCase { + testDir := t.TempDir() + return []newServerConfigCase{ { msg: "socket_path should be correctly configured", @@ -267,6 +270,16 @@ func newServerConfigCasesOS() []newServerConfigCase { require.Equal(t, "unix", c.BindLocalAddress.Network()) }, }, + { + msg: "log_file allows to reopen", + input: func(c *Config) { + c.Server.LogFile = path.Join(testDir, "foo") + }, + test: func(t *testing.T, c *server.Config) { + require.NotNil(t, c.Log) + require.NotNil(t, c.LogReopener) + }, + }, } } diff --git a/cmd/spire-server/cli/run/run_test.go b/cmd/spire-server/cli/run/run_test.go index b039991aef..bde25d4b11 100644 --- a/cmd/spire-server/cli/run/run_test.go +++ b/cmd/spire-server/cli/run/run_test.go @@ -1144,7 +1144,7 @@ func TestNewServerConfig(t *testing.T) { }, }, } - cases = append(cases, newServerConfigCasesOS()...) + cases = append(cases, newServerConfigCasesOS(t)...) for _, testCase := range cases { testCase := testCase diff --git a/cmd/spire-server/cli/run/run_windows_test.go b/cmd/spire-server/cli/run/run_windows_test.go index 3f4731fcd0..6931e4d48b 100644 --- a/cmd/spire-server/cli/run/run_windows_test.go +++ b/cmd/spire-server/cli/run/run_windows_test.go @@ -180,7 +180,7 @@ func mergeInputCasesOS(*testing.T) []mergeInputCase { } } -func newServerConfigCasesOS() []newServerConfigCase { +func newServerConfigCasesOS(*testing.T) []newServerConfigCase { return []newServerConfigCase{ { msg: "named_pipe_name should be correctly configured", From 0f1310bcb992fd2f28e1425a3fcdf1cd51e716d8 Mon Sep 17 00:00:00 2001 From: Ryan Turner Date: Thu, 28 Mar 2024 14:21:44 -0700 Subject: [PATCH 76/83] Try out github.com/christophebedard/dco-check (#5010) * Try out github.com/christophebedard/dco-check The DCO app currently used in the repository doesn't support GitHub merge queues. Try out this other DCO check script which will run as our own managed job that we can configure to run for PRs added to the merge queue. We can try running this check in parallel to the existing check to ensure it's stable before trying to rely on it. Signed-off-by: Ryan Turner * Fix YAML syntax Signed-off-by: Ryan Turner * Allow to run on workflow_dispatch Signed-off-by: Ryan Turner --------- Signed-off-by: Ryan Turner Co-authored-by: Andrew Harding --- .github/workflows/dco.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/workflows/dco.yaml diff --git a/.github/workflows/dco.yaml b/.github/workflows/dco.yaml new file mode 100644 index 0000000000..5141f09d56 --- /dev/null +++ b/.github/workflows/dco.yaml @@ -0,0 +1,23 @@ +name: DCO +on: + pull_request: {} + workflow_dispatch: {} + merge_group: + types: + - checks_requested +jobs: + check-dco: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - name: Set up Python 3.x + uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + with: + python-version: '3.x' + - name: Check DCO + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + pip3 install -U dco-check + dco-check From 95e07c114f216baa710b04e7191824303d5b39ab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 Mar 2024 17:43:50 -0600 Subject: [PATCH 77/83] Bump actions/dependency-review-action from 4.1.3 to 4.2.5 (#5018) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.1.3 to 4.2.5. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/9129d7d40b8c12c1ed0f60400d00c92d437adcce...5bbc3ba658137598168acb2ab73b21c432dd411b) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depsreview.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depsreview.yaml b/.github/workflows/depsreview.yaml index badc9c3416..a4b16bee89 100644 --- a/.github/workflows/depsreview.yaml +++ b/.github/workflows/depsreview.yaml @@ -12,4 +12,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3 + uses: actions/dependency-review-action@5bbc3ba658137598168acb2ab73b21c432dd411b # v4.2.5 From cafce4dbdc4278c69d125cca9d240a6e9d5dde8e Mon Sep 17 00:00:00 2001 From: Ryan Turner Date: Fri, 29 Mar 2024 05:25:16 -0700 Subject: [PATCH 78/83] Exclude dependabot author from new DCO check (#5026) Signed-off-by: Ryan Turner --- .github/workflows/dco.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dco.yaml b/.github/workflows/dco.yaml index 5141f09d56..1941000ea4 100644 --- a/.github/workflows/dco.yaml +++ b/.github/workflows/dco.yaml @@ -20,4 +20,4 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | pip3 install -U dco-check - dco-check + dco-check --exclude-pattern 'dependabot\[bot\]@users\.noreply\.github\.com' From 5b5b0006d1a755ebe70c0fca8f21ad0fd243f882 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 29 Mar 2024 15:51:47 -0600 Subject: [PATCH 79/83] Bump the aws-sdk group with 4 updates (#5029) Bumps the aws-sdk group with 4 updates: [github.com/aws/aws-sdk-go-v2/feature/ec2/imds](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/service/kms](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2). Updates `github.com/aws/aws-sdk-go-v2/feature/ec2/imds` from 1.15.0 to 1.16.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/v1.16.0/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.15.0...v1.16.0) Updates `github.com/aws/aws-sdk-go-v2/service/ec2` from 1.151.0 to 1.155.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ec2/v1.151.0...service/ec2/v1.155.0) Updates `github.com/aws/aws-sdk-go-v2/service/kms` from 1.29.1 to 1.30.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/s3/v1.30.0/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.29.1...service/s3/v1.30.0) Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.52.0 to 1.53.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.52.0...service/s3/v1.53.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/feature/ec2/imds dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: github.com/aws/aws-sdk-go-v2/service/kms dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 20 ++++++++++---------- go.sum | 40 ++++++++++++++++++++-------------------- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/go.mod b/go.mod index 5bd3a19f00..3edfacb8d5 100644 --- a/go.mod +++ b/go.mod @@ -20,13 +20,13 @@ require ( github.com/aws/aws-sdk-go-v2 v1.26.0 github.com/aws/aws-sdk-go-v2/config v1.27.0 github.com/aws/aws-sdk-go-v2/credentials v1.17.0 - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0 + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0 github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.4.2 github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.1 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.151.0 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.155.0 github.com/aws/aws-sdk-go-v2/service/iam v1.31.1 - github.com/aws/aws-sdk-go-v2/service/kms v1.29.1 - github.com/aws/aws-sdk-go-v2/service/s3 v1.52.0 + github.com/aws/aws-sdk-go-v2/service/kms v1.30.0 + github.com/aws/aws-sdk-go-v2/service/s3 v1.53.0 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.1 github.com/aws/aws-sdk-go-v2/service/sts v1.28.1 github.com/aws/smithy-go v1.20.1 @@ -132,16 +132,16 @@ require ( github.com/armon/go-radix v1.0.0 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.1 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.4 // indirect github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7 // indirect github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.5 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.3 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.6 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.4 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.19.0 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.22.0 // indirect github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect diff --git a/go.sum b/go.sum index 07a63f0355..acd5c110d8 100644 --- a/go.sum +++ b/go.sum @@ -566,22 +566,22 @@ github.com/aws/aws-sdk-go-v2/config v1.27.0 h1:J5sdGCAHuWKIXLeXiqr8II/adSvetkx0q github.com/aws/aws-sdk-go-v2/config v1.27.0/go.mod h1:cfh8v69nuSUohNFMbIISP2fhmblGmYEOKs5V53HiHnk= github.com/aws/aws-sdk-go-v2/credentials v1.17.0 h1:lMW2x6sKBsiAJrpi1doOXqWFyEPoE886DTb1X0wb7So= github.com/aws/aws-sdk-go-v2/credentials v1.17.0/go.mod h1:uT41FIH8cCIxOdUYIL0PYyHlL1NoneDuDSCwg5VE/5o= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0 h1:xWCwjjvVz2ojYTP4kBKUuUh9ZrXfcAXpflhOUUeXg1k= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0/go.mod h1:j3fACuqXg4oMTQOR2yY7m0NmJY0yBK4L4sLsRXq1Ins= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0 h1:af5YzcLf80tv4Em4jWVD75lpnOHSBkPUZxZfGkrI3HI= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0/go.mod h1:nQ3how7DMnFMWiU1SpECohgC82fpn4cKZ875NDMmwtA= github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.4.2 h1:TFju6ZoqO3TnX0C42VmYW4TxNcUFfbV/3cnaOxbcc5Y= github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.4.2/go.mod h1:HLaNMGEhcO6GnJtrozRtluhCVM5/B/ZV5XHQ477uIgA= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3 h1:ifbIbHZyGl1alsAhPIYsHOg5MuApgqOvVeI8wIugXfs= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3/go.mod h1:oQZXg3c6SNeY6OZrDY+xHcF4VGIEoNotX2B4PrDeoJI= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3 h1:Qvodo9gHG9F3E8SfYOspPeBt0bjSbsevK8WhRAUHcoY= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3/go.mod h1:vCKrdLXtybdf/uQd/YfVR2r5pcbNuEYKzMQpcxmeSJw= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 h1:0ScVK/4qZ8CIW0k8jOeFVsyS/sAiXpYxRBLolMkuLQM= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4/go.mod h1:84KyjNZdHC6QZW08nfHI6yZgPd+qRgaWcYsyLUo3QY8= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 h1:sHmMWWX5E7guWEFQ9SVo6A3S4xpPrWnd77a6y4WM6PU= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4/go.mod h1:WjpDrhWisWOIoS9n3nk67A3Ll1vfULJ9Kq6h29HTD48= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.3 h1:mDnFOE2sVkyphMWtTH+stv0eW3k0OTx94K63xpxHty4= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.3/go.mod h1:V8MuRVcCRt5h1S+Fwu8KbC7l/gBGo3yBAyUbJM2IJOk= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.4 h1:SIkD6T4zGQ+1YIit22wi37CGNkrE7mXV1vNA5VpI3TI= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.4/go.mod h1:XfeqbsG0HNedNs0GT+ju4Bs+pFAwsrlzcRdMvdNVf5s= github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.1 h1:XvSeacTm4QJf+bAw0s+t7UHghw6fLv0Mz79cNWZVC0Q= github.com/aws/aws-sdk-go-v2/service/acmpca v1.29.1/go.mod h1:P+wB/b01+r8pvLQgysfAdxOe1uUrStjCN31IBeMhNw4= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.151.0 h1:gH571JR1hMfIER4zK457aNjCfi1FCuVwriKx0bAyw/I= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.151.0/go.mod h1:KNJMjsbzK97hci9ev2Vl/27GgUt3ZciRP4RGujAPF2I= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.155.0 h1:MuQr3lq2n/5lAdDcIYMANNpYNkFo6HDGq7S9+aRy9uc= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.155.0/go.mod h1:TeZ9dVQzGaLG+SBIgdLIDbJ6WmfFvksLeG3EHGnNfZM= github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7 h1:3iaT/LnGV6jNtbBkvHZDlzz7Ky3wMHDJAyFtGd5GUJI= github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7/go.mod h1:mtzCLxk6M+KZbkJdq3cUH9GCrudw8qCy5C3EHO+5vLc= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6 h1:h+r5/diSwztgKgxUrntt6AOI5lBYY0ZJv+yzeulGZSU= @@ -590,16 +590,16 @@ github.com/aws/aws-sdk-go-v2/service/iam v1.31.1 h1:3l4/wmvUjTbGfk/YJBkKub4cVbDd github.com/aws/aws-sdk-go-v2/service/iam v1.31.1/go.mod h1:EeqEwkHICgkdmzBAJ46zbS4lhvFy563MOuNlEHU59T4= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibRTVAs6ECHZOw5/wlylS9OcTzwyjeQMudmREjE= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1/go.mod h1:JKpmtYhhPs7D97NL/ltqz7yCkERFW5dOlHyVl66ZYF8= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.5 h1:mbWNpfRUTT6bnacmvOTKXZjR/HycibdWzNpfbrbLDIs= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.5/go.mod h1:FCOPWGjsshkkICJIn9hq9xr6dLKtyaWpuUojiN3W1/8= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5 h1:K/NXvIftOlX+oGgWGIa3jDyYLDNsdVhsjHmsBH2GLAQ= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5/go.mod h1:cl9HGLV66EnCmMNzq4sYOti+/xo8w34CsgzVtm2GgsY= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.3 h1:4t+QEX7BsXz98W8W1lNvMAG+NX8qHz2CjLBxQKku40g= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.3/go.mod h1:oFcjjUq5Hm09N9rpxTdeMeLeQcxS7mIkBkL8qUKng+A= -github.com/aws/aws-sdk-go-v2/service/kms v1.29.1 h1:OdjJjUWFlMZLAMl54ASxIpZdGEesY4BH3/c0HAPSFdI= -github.com/aws/aws-sdk-go-v2/service/kms v1.29.1/go.mod h1:Cbx2uxEX0bAB7SlSY+ys05ZBkEb8IbmuAOcGVmDfJFs= -github.com/aws/aws-sdk-go-v2/service/s3 v1.52.0 h1:k7gL76sSR0e2pLphjfmjD/+pDDtoOHvWp8ezpTsdyes= -github.com/aws/aws-sdk-go-v2/service/s3 v1.52.0/go.mod h1:MGTaf3x/+z7ZGugCGvepnx2DS6+caCYYqKhzVoLNYPk= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.6 h1:NkHCgg0Ck86c5PTOzBZ0JRccI51suJDg5lgFtxBu1ek= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.6/go.mod h1:mjTpxjC8v4SeINTngrnKFgm2QUi+Jm+etTbCxh8W4uU= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6 h1:b+E7zIUHMmcB4Dckjpkapoy47W6C9QBv/zoUP+Hn8Kc= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6/go.mod h1:S2fNV0rxrP78NhPbCZeQgY8H9jdDMeGtwcfZIRxzBqU= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.4 h1:uDj2K47EM1reAYU9jVlQ1M5YENI1u6a/TxJpf6AeOLA= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.4/go.mod h1:XKCODf4RKHppc96c2EZBGV/oCUC7OClxAo2MEyg4pIk= +github.com/aws/aws-sdk-go-v2/service/kms v1.30.0 h1:yS0JkEdV6h9JOo8sy2JSpjX+i7vsKifU8SIeHrqiDhU= +github.com/aws/aws-sdk-go-v2/service/kms v1.30.0/go.mod h1:+I8VUUSVD4p5ISQtzpgSva4I8cJ4SQ4b1dcBcof7O+g= +github.com/aws/aws-sdk-go-v2/service/s3 v1.53.0 h1:r3o2YsgW9zRcIP3Q0WCmttFVhTuugeKIvT5z9xDspc0= +github.com/aws/aws-sdk-go-v2/service/s3 v1.53.0/go.mod h1:w2E4f8PUfNtyjfL6Iu+mWI96FGttE03z3UdNcUEC4tA= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.1 h1:DtKw4TxZT3VrzYupXQJPBqT9ImyobZZE+JIQPPAVxqs= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.1/go.mod h1:bit9G2ORpSjUTr4PA4usvbBfbOyvMj0LbE1dXF14Sug= github.com/aws/aws-sdk-go-v2/service/sso v1.19.0 h1:u6OkVDxtBPnxPkZ9/63ynEe+8kHbtS5IfaC4PzVxzWM= From 7cc02729e14000ea5f84bc9f2ce77e308d96e4a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Apr 2024 10:48:25 -0300 Subject: [PATCH 80/83] Bump github.com/cenkalti/backoff/v4 from 4.2.1 to 4.3.0 (#5023) Bumps [github.com/cenkalti/backoff/v4](https://github.com/cenkalti/backoff) from 4.2.1 to 4.3.0. - [Commits](https://github.com/cenkalti/backoff/compare/v4.2.1...v4.3.0) --- updated-dependencies: - dependency-name: github.com/cenkalti/backoff/v4 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 3edfacb8d5..e8c490900b 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/sts v1.28.1 github.com/aws/smithy-go v1.20.1 github.com/blang/semver/v4 v4.0.0 - github.com/cenkalti/backoff/v4 v4.2.1 + github.com/cenkalti/backoff/v4 v4.3.0 github.com/docker/docker v25.0.4+incompatible github.com/envoyproxy/go-control-plane v0.12.0 github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa diff --git a/go.sum b/go.sum index acd5c110d8..c92a4df01d 100644 --- a/go.sum +++ b/go.sum @@ -630,8 +630,8 @@ github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyz github.com/cactus/go-statsd-client/v5 v5.0.0/go.mod h1:COEvJ1E+/E2L4q6QE5CkjWPi4eeDw9maJBMIuMPBZbY= github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M= github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= From 60bc01899c0289dfae5bc45ea9a1abd3f1ed064c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Apr 2024 11:55:58 -0300 Subject: [PATCH 81/83] Bump github.com/uber-go/tally/v4 from 4.1.12 to 4.1.16 (#5025) Bumps [github.com/uber-go/tally/v4](https://github.com/uber-go/tally) from 4.1.12 to 4.1.16. - [Release notes](https://github.com/uber-go/tally/releases) - [Commits](https://github.com/uber-go/tally/compare/v4.1.12...v4.1.16) --- updated-dependencies: - dependency-name: github.com/uber-go/tally/v4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e8c490900b..8892d253a3 100644 --- a/go.mod +++ b/go.mod @@ -71,7 +71,7 @@ require ( github.com/spiffe/spire-api-sdk v1.2.5-0.20240301205221-967353a5c821 github.com/spiffe/spire-plugin-sdk v1.4.4-0.20230721151831-bf67dde4721d github.com/stretchr/testify v1.9.0 - github.com/uber-go/tally/v4 v4.1.12 + github.com/uber-go/tally/v4 v4.1.16 github.com/valyala/fastjson v1.6.4 github.com/zeebo/errs v1.3.0 golang.org/x/crypto v0.21.0 diff --git a/go.sum b/go.sum index c92a4df01d..732dfdf5bc 100644 --- a/go.sum +++ b/go.sum @@ -1441,8 +1441,8 @@ github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqri github.com/twmb/murmur3 v1.1.5/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ= github.com/twmb/murmur3 v1.1.6 h1:mqrRot1BRxm+Yct+vavLMou2/iJt0tNVTTC0QoIjaZg= github.com/twmb/murmur3 v1.1.6/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ= -github.com/uber-go/tally/v4 v4.1.12 h1:SdOe+x8aLNZxsxhuAiKW8eB9ha9BkByxYHVR6nIejLQ= -github.com/uber-go/tally/v4 v4.1.12/go.mod h1:RW5DgqsyEPs0lA4b0YNf4zKj7DveKHd73hnO6zVlyW0= +github.com/uber-go/tally/v4 v4.1.16 h1:by2hveWRh/cUReButk6ns1sHK/hiKry7BuOV6iY16XI= +github.com/uber-go/tally/v4 v4.1.16/go.mod h1:RW5DgqsyEPs0lA4b0YNf4zKj7DveKHd73hnO6zVlyW0= github.com/valyala/fastjson v1.6.4 h1:uAUNq9Z6ymTgGhcm0UynUAB6tlbakBrz6CQFax3BXVQ= github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY= github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts= From 4afca59230c944472df5a47e993490a094377b35 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Apr 2024 14:51:33 -0300 Subject: [PATCH 82/83] Bump actions/setup-python from 5.0.0 to 5.1.0 (#5027) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.0.0 to 5.1.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/0a5c61591373683505ea898e09a3ea4f39ef2b9c...82c7e631bb3cdc910f68e0081d67478d79c6982d) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dco.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dco.yaml b/.github/workflows/dco.yaml index 1941000ea4..9fa22dde30 100644 --- a/.github/workflows/dco.yaml +++ b/.github/workflows/dco.yaml @@ -12,7 +12,7 @@ jobs: - name: Checkout uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Set up Python 3.x - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: '3.x' - name: Check DCO From 3264a23a624c98b729d8e39ea731d81fc3a06d9f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Apr 2024 10:56:29 -0300 Subject: [PATCH 83/83] Bump the google-cloud-sdk group with 1 update (#5028) Bumps the google-cloud-sdk group with 1 update: [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go). Updates `cloud.google.com/go/storage` from 1.39.0 to 1.40.0 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.39.0...spanner/v1.40.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/storage dependency-type: direct:production update-type: version-update:semver-minor dependency-group: google-cloud-sdk ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 8892d253a3..a85b5ca89a 100644 --- a/go.mod +++ b/go.mod @@ -3,11 +3,11 @@ module github.com/spiffe/spire go 1.22 require ( - cloud.google.com/go/iam v1.1.6 + cloud.google.com/go/iam v1.1.7 cloud.google.com/go/kms v1.15.7 cloud.google.com/go/secretmanager v1.12.0 cloud.google.com/go/security v1.15.5 - cloud.google.com/go/storage v1.39.0 + cloud.google.com/go/storage v1.40.0 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 @@ -92,7 +92,7 @@ require ( ) require ( - cloud.google.com/go v0.112.0 // indirect + cloud.google.com/go v0.112.1 // indirect cloud.google.com/go/compute v1.24.0 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect cloud.google.com/go/longrunning v0.5.5 // indirect @@ -332,7 +332,7 @@ require ( golang.org/x/tools v0.16.1 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c // indirect gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index 732dfdf5bc..de5b3df113 100644 --- a/go.sum +++ b/go.sum @@ -35,8 +35,8 @@ cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34h cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA= cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= -cloud.google.com/go v0.112.0 h1:tpFCD7hpHFlQ8yPwT3x+QeXqc2T6+n6T+hmABHfDUSM= -cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4= +cloud.google.com/go v0.112.1 h1:uJSeirPke5UNZHIb4SxfZklVSiWWVqW4oXlETwZziwM= +cloud.google.com/go v0.112.1/go.mod h1:+Vbu+Y1UU+I1rjmzeMOb/8RfkKJK2Gyxi1X6jJCZLo4= cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= cloud.google.com/go/accesscontextmanager v1.3.0/go.mod h1:TgCBehyr5gNMz7ZaH9xubp+CE8dkrszb4oK9CWyvD4o= @@ -214,8 +214,8 @@ cloud.google.com/go/iam v0.6.0/go.mod h1:+1AH33ueBne5MzYccyMHtEKqLE4/kJOibtffMHD cloud.google.com/go/iam v0.7.0/go.mod h1:H5Br8wRaDGNc8XP3keLc4unfUUZeyH3Sfl9XpQEYOeg= cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE= cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY= -cloud.google.com/go/iam v1.1.6 h1:bEa06k05IO4f4uJonbB5iAgKTPpABy1ayxaIZV/GHVc= -cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI= +cloud.google.com/go/iam v1.1.7 h1:z4VHOhwKLF/+UYXAJDFwGtNF0b6gjsW1Pk9Ml0U/IoM= +cloud.google.com/go/iam v1.1.7/go.mod h1:J4PMPg8TtyurAUvSmPj8FF3EDgY1SPRZxcUGrn7WXGA= cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= cloud.google.com/go/ids v1.1.0/go.mod h1:WIuwCaYVOzHIj2OhN9HAwvW+DBdmUAdcWlFxRl+KubM= @@ -364,8 +364,8 @@ cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3f cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc= cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= -cloud.google.com/go/storage v1.39.0 h1:brbjUa4hbDHhpQf48tjqMaXEV+f1OGoaTmQau9tmCsA= -cloud.google.com/go/storage v1.39.0/go.mod h1:OAEj/WZwUYjA3YHQ10/YcN9ttGuEpLwvaoyBXIPikEk= +cloud.google.com/go/storage v1.40.0 h1:VEpDQV5CJxFmJ6ueWNsKxcr1QAYOXEgxDa+sBbJahPw= +cloud.google.com/go/storage v1.40.0/go.mod h1:Rrj7/hKlG87BLqDJYtwR0fbPld8uJPbQ2ucUMY7Ir0g= cloud.google.com/go/storagetransfer v1.5.0/go.mod h1:dxNzUopWy7RQevYFHewchb29POFv3/AaBgnhqzqiK0w= cloud.google.com/go/storagetransfer v1.6.0/go.mod h1:y77xm4CQV/ZhFZH75PLEXY0ROiS7Gh6pSKrM8dJyg6I= cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw= @@ -2108,8 +2108,8 @@ google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ google.golang.org/genproto v0.0.0-20230223222841-637eb2293923/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y= google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s= -google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 h1:rIo7ocm2roD9DcFIX67Ym8icoGCKSARAiPljFhh5suQ= -google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2/go.mod h1:O1cOfN1Cy6QEYr7VxtjOyP5AdAuR0aJ/MYZaaof623Y= +google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c h1:kaI7oewGK5YnVwj+Y+EJBO/YN1ht8iTL9XkFHtVZLsc= +google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c/go.mod h1:VQW3tUculP/D4B+xVCo+VgSq8As6wA9ZjHl//pmk+6s= google.golang.org/genproto/googleapis/rpc v0.0.0-20240311132316-a219d84964c2 h1:9IZDv+/GcI6u+a4jRFRLxQs0RUCfavGfoOgEW6jpkI0= google.golang.org/genproto/googleapis/rpc v0.0.0-20240311132316-a219d84964c2/go.mod h1:UCOku4NytXMJuLQE5VuqA5lX3PcHCBo8pxNyvkf4xBs= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=