diff --git a/go.mod b/go.mod index 5e40c280e5..5087f92a9b 100644 --- a/go.mod +++ b/go.mod @@ -20,12 +20,12 @@ require ( k8s.io/cli-runtime v0.26.5 k8s.io/client-go v0.27.6 k8s.io/code-generator v0.27.6 - knative.dev/client-pkg v0.0.0-20231020123408-9cea6f6e36ce - knative.dev/eventing v0.38.1-0.20231019170735-4d14c2126a20 + knative.dev/client-pkg v0.0.0-20231020141241-a356cde85739 + knative.dev/eventing v0.38.1-0.20231020133954-16a398695622 knative.dev/hack v0.0.0-20231016131700-2c938d4918da knative.dev/networking v0.0.0-20231017124814-2a7676e912b7 knative.dev/pkg v0.0.0-20231017113806-d6ab72900ea5 - knative.dev/serving v0.38.1-0.20231020131030-425abcb95f5a + knative.dev/serving v0.38.1-0.20231020173818-6b844deb81fc sigs.k8s.io/yaml v1.3.0 ) diff --git a/go.sum b/go.sum index cb8f3c62a0..90b0bd03e5 100644 --- a/go.sum +++ b/go.sum @@ -832,18 +832,18 @@ k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5F k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY= k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -knative.dev/client-pkg v0.0.0-20231020123408-9cea6f6e36ce h1:fz2hdUHqSbWpspy1amShnY+7/4ijHQ9crf8TgTwSmX0= -knative.dev/client-pkg v0.0.0-20231020123408-9cea6f6e36ce/go.mod h1:y7QlbxfJzCvepGOCrM4vGco9UP9DaWXqRviXxH3yltM= -knative.dev/eventing v0.38.1-0.20231019170735-4d14c2126a20 h1:j6jW2x0lWlEvQ84mal81dvA6skA085LSFTGfLEdo9U8= -knative.dev/eventing v0.38.1-0.20231019170735-4d14c2126a20/go.mod h1:swWS48qpCQbBkj+2iS0rVa7PbQBWLD9YAy3CSHfevaU= +knative.dev/client-pkg v0.0.0-20231020141241-a356cde85739 h1:Cxo+Us21Je3EIo6AzHOX4+4yivZ8OjbYanhphZKBA7E= +knative.dev/client-pkg v0.0.0-20231020141241-a356cde85739/go.mod h1:y7QlbxfJzCvepGOCrM4vGco9UP9DaWXqRviXxH3yltM= +knative.dev/eventing v0.38.1-0.20231020133954-16a398695622 h1:0zVa3WIigc9Le/K1MVPNLjFo3lOs4ADj30EbNrRO820= +knative.dev/eventing v0.38.1-0.20231020133954-16a398695622/go.mod h1:swWS48qpCQbBkj+2iS0rVa7PbQBWLD9YAy3CSHfevaU= knative.dev/hack v0.0.0-20231016131700-2c938d4918da h1:xy+fvuz2LDOMsZ5UwXRaMF70NYUs9fsG+EF5/ierYBg= knative.dev/hack v0.0.0-20231016131700-2c938d4918da/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q= knative.dev/networking v0.0.0-20231017124814-2a7676e912b7 h1:6+1icZuxiZO1paFZ4d/ysKWVG2M4WB7OxNJNyLG0P/E= knative.dev/networking v0.0.0-20231017124814-2a7676e912b7/go.mod h1:1gcHoIVG47ekQWjkddqRq+/7tWRh+CB9W4k/NAcdRbk= knative.dev/pkg v0.0.0-20231017113806-d6ab72900ea5 h1:9AvFZdEtuwKWDcTV1VSwmrgrRR9f38wbIAm+sNwLivQ= knative.dev/pkg v0.0.0-20231017113806-d6ab72900ea5/go.mod h1:HHRXEd7ZlFpthgE+rwAZ6MUVnuJOAeolnaFSthXloUQ= -knative.dev/serving v0.38.1-0.20231020131030-425abcb95f5a h1:4TQvxDYKxdYOXHCjqx4A8iL/Z+eBAXbGcfrh4ANdwQY= -knative.dev/serving v0.38.1-0.20231020131030-425abcb95f5a/go.mod h1:cuia3pUQNF4sa3g3KsPFgqpLnF1pf9iquDLgk71iLfo= +knative.dev/serving v0.38.1-0.20231020173818-6b844deb81fc h1:lNU0wJatgHEbMBde9VOiWOGENUMZSun30CN4glH7YRc= +knative.dev/serving v0.38.1-0.20231020173818-6b844deb81fc/go.mod h1:cuia3pUQNF4sa3g3KsPFgqpLnF1pf9iquDLgk71iLfo= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/vendor/knative.dev/eventing/pkg/apis/feature/features.go b/vendor/knative.dev/eventing/pkg/apis/feature/features.go index add52ff96f..a93a9a8d10 100644 --- a/vendor/knative.dev/eventing/pkg/apis/feature/features.go +++ b/vendor/knative.dev/eventing/pkg/apis/feature/features.go @@ -51,11 +51,29 @@ const ( // Missing entry in the map means feature is equal to feature not enabled. type Flags map[string]Flag +func newDefaults() Flags { + return map[string]Flag{ + KReferenceGroup: Disabled, + DeliveryRetryAfter: Disabled, + DeliveryTimeout: Enabled, + KReferenceMapping: Disabled, + NewTriggerFilters: Enabled, + TransportEncryption: Disabled, + OIDCAuthentication: Disabled, + EvenTypeAutoCreate: Disabled, + } +} + // IsEnabled returns true if the feature is enabled func (e Flags) IsEnabled(featureName string) bool { return e != nil && e[featureName] == Enabled } +// IsDisabled returns true if the feature is disabled +func (e Flags) IsDisabled(featureName string) bool { + return e != nil && e[featureName] == Disabled +} + // IsAllowed returns true if the feature is enabled or allowed func (e Flags) IsAllowed(featureName string) bool { return e.IsEnabled(featureName) || (e != nil && e[featureName] == Allowed) @@ -86,7 +104,7 @@ func (e Flags) String() string { // NewFlagsConfigFromMap creates a Flags from the supplied Map func NewFlagsConfigFromMap(data map[string]string) (Flags, error) { - flags := Flags{} + flags := newDefaults() for k, v := range data { if strings.HasPrefix(k, "_") { @@ -100,12 +118,12 @@ func NewFlagsConfigFromMap(data map[string]string) (Flags, error) { flags[sanitizedKey] = Disabled } else if strings.EqualFold(v, string(Enabled)) { flags[sanitizedKey] = Enabled - } else if strings.EqualFold(v, string(Permissive)) { + } else if k == TransportEncryption && strings.EqualFold(v, string(Permissive)) { flags[sanitizedKey] = Permissive - } else if strings.EqualFold(v, string(Strict)) { + } else if k == TransportEncryption && strings.EqualFold(v, string(Strict)) { flags[sanitizedKey] = Strict } else { - return Flags{}, fmt.Errorf("cannot parse the boolean flag '%s' = '%s'. Allowed values: [true, false]", k, v) + return flags, fmt.Errorf("cannot parse the feature flag '%s' = '%s'", k, v) } } diff --git a/vendor/knative.dev/serving/pkg/apis/serving/v1/route_lifecycle.go b/vendor/knative.dev/serving/pkg/apis/serving/v1/route_lifecycle.go index fe2a43223b..5a75031eb4 100644 --- a/vendor/knative.dev/serving/pkg/apis/serving/v1/route_lifecycle.go +++ b/vendor/knative.dev/serving/pkg/apis/serving/v1/route_lifecycle.go @@ -174,10 +174,11 @@ func (rs *RouteStatus) MarkCertificateReady(name string) { // MarkCertificateNotReady marks the RouteConditionCertificateProvisioned // condition to indicate that the Certificate is not ready. -func (rs *RouteStatus) MarkCertificateNotReady(name string) { +func (rs *RouteStatus) MarkCertificateNotReady(c *v1alpha1.Certificate) { + certificateCondition := c.Status.GetCondition("Ready") routeCondSet.Manage(rs).MarkUnknown(RouteConditionCertificateProvisioned, "CertificateNotReady", - "Certificate %s is not ready.", name) + "Certificate %s is not ready: %s", c.Name, certificateCondition.GetReason()) } // MarkCertificateNotOwned changes the RouteConditionCertificateProvisioned @@ -190,10 +191,10 @@ func (rs *RouteStatus) MarkCertificateNotOwned(name string) { } const ( - // AutoTLSNotEnabledMessage is the message which is set on the + // ExternalDomainTLSNotEnabledMessage is the message which is set on the // RouteConditionCertificateProvisioned condition when it is set to True - // because AutoTLS was not enabled. - AutoTLSNotEnabledMessage = "auto-tls is not enabled" + // because external-domain-tls was not enabled. + ExternalDomainTLSNotEnabledMessage = "external-domain-tls is not enabled" // TLSNotEnabledForClusterLocalMessage is the message which is set on the // RouteConditionCertificateProvisioned condition when it is set to True @@ -202,7 +203,7 @@ const ( ) // MarkTLSNotEnabled sets RouteConditionCertificateProvisioned to true when -// certificate config such as auto-tls is not enabled or private cluster-local service. +// certificate config such as external-domain-tls is not enabled or private cluster-local service. func (rs *RouteStatus) MarkTLSNotEnabled(msg string) { routeCondSet.Manage(rs).MarkTrueWithReason(RouteConditionCertificateProvisioned, "TLSNotEnabled", msg) diff --git a/vendor/knative.dev/serving/pkg/apis/serving/v1beta1/domainmapping_lifecycle.go b/vendor/knative.dev/serving/pkg/apis/serving/v1beta1/domainmapping_lifecycle.go index 830a65c964..06ede3d315 100644 --- a/vendor/knative.dev/serving/pkg/apis/serving/v1beta1/domainmapping_lifecycle.go +++ b/vendor/knative.dev/serving/pkg/apis/serving/v1beta1/domainmapping_lifecycle.go @@ -59,10 +59,10 @@ func (dms *DomainMappingStatus) InitializeConditions() { } const ( - // AutoTLSNotEnabledMessage is the message which is set on the + // ExternalDomainTLSNotEnabledMessage is the message which is set on the // DomainMappingConditionCertificateProvisioned condition when it is set to True - // because AutoTLS was not enabled. - AutoTLSNotEnabledMessage = "auto-tls is not enabled" + // because external-domain-tls was not enabled. + ExternalDomainTLSNotEnabledMessage = "external-domain-tls is not enabled" // TLSCertificateProvidedExternally indicates that a TLS secret won't be created or managed // instead a reference to an existing TLS secret should have been provided in the DomainMapping spec TLSCertificateProvidedExternally = "TLS certificate was provided externally" diff --git a/vendor/knative.dev/serving/pkg/testing/v1/route.go b/vendor/knative.dev/serving/pkg/testing/v1/route.go index e0cbe353af..429f4f861c 100644 --- a/vendor/knative.dev/serving/pkg/testing/v1/route.go +++ b/vendor/knative.dev/serving/pkg/testing/v1/route.go @@ -173,11 +173,11 @@ func WithInitRouteConditions(rt *v1.Route) { rt.Status.InitializeConditions() } -// WithRouteConditionsAutoTLSDisabled calls MarkTLSNotEnabled with AutoTLSNotEnabledMessage +// WithRouteConditionsExternalDomainTLSDisabled calls MarkTLSNotEnabled with ExternalDomainTLSNotEnabledMessage // after initialized the Service's conditions. -func WithRouteConditionsAutoTLSDisabled(rt *v1.Route) { +func WithRouteConditionsExternalDomainTLSDisabled(rt *v1.Route) { rt.Status.InitializeConditions() - rt.Status.MarkTLSNotEnabled(v1.AutoTLSNotEnabledMessage) + rt.Status.MarkTLSNotEnabled(v1.ExternalDomainTLSNotEnabledMessage) } // WithRouteConditionsTLSNotEnabledForClusterLocalMessage calls @@ -208,7 +208,7 @@ func MarkUnknownTrafficError(msg string) RouteOption { // MarkCertificateNotReady calls the method of the same name on .Status func MarkCertificateNotReady(r *v1.Route) { - r.Status.MarkCertificateNotReady(routenames.Certificate(r)) + r.Status.MarkCertificateNotReady(&netv1alpha1.Certificate{}) } // MarkCertificateNotOwned calls the method of the same name on .Status diff --git a/vendor/knative.dev/serving/test/e2e-common.sh b/vendor/knative.dev/serving/test/e2e-common.sh index 0f48e4cdc6..e2cb492b43 100644 --- a/vendor/knative.dev/serving/test/e2e-common.sh +++ b/vendor/knative.dev/serving/test/e2e-common.sh @@ -30,7 +30,7 @@ export CERTIFICATE_CLASS=${CERTIFICATE_CLASS:-""} # Only build linux/amd64 bit images export KO_FLAGS="${KO_FLAGS:---platform=linux/amd64}" -export RUN_HTTP01_AUTO_TLS_TESTS=${RUN_HTTP01_AUTO_TLS_TESTS:-0} +export RUN_HTTP01_EXTERNAL_DOMAIN_TLS_TESTS=${RUN_HTTP01_EXTERNAL_DOMAIN_TLS_TESTS:-0} export HTTPS=${HTTPS:-0} export SHORT=${SHORT:-0} export ENABLE_HA=${ENABLE_HA:-0} @@ -118,8 +118,14 @@ function parse_flags() { readonly CERTIFICATE_CLASS="cert-manager.certificate.networking.knative.dev" return 2 ;; +# BEGIN: reverse compatibility - drop this after updating knative/infra --run-http01-auto-tls-tests) - readonly RUN_HTTP01_AUTO_TLS_TESTS=1 + readonly RUN_HTTP01_EXTERNAL_DOMAIN_TLS_TESTS=1 + return 1 + ;; +# END + --run-http01-external-domain-tls-tests) + readonly RUN_HTTP01_EXTERNAL_DOMAIN_TLS_TESTS=1 return 1 ;; --mesh) diff --git a/vendor/knative.dev/serving/test/e2e-auto-tls-tests.sh b/vendor/knative.dev/serving/test/e2e-external-domain-tls-tests.sh similarity index 53% rename from vendor/knative.dev/serving/test/e2e-auto-tls-tests.sh rename to vendor/knative.dev/serving/test/e2e-external-domain-tls-tests.sh index 7b6af7ee7e..4d769b02a2 100644 --- a/vendor/knative.dev/serving/test/e2e-auto-tls-tests.sh +++ b/vendor/knative.dev/serving/test/e2e-external-domain-tls-tests.sh @@ -16,17 +16,17 @@ source $(dirname "$0")/e2e-common.sh -function setup_auto_tls_env_variables() { +function setup_external_domain_tls_env_variables() { # DNS zone for the testing domain. - export AUTO_TLS_TEST_DNS_ZONE="knative-e2e" + export EXTERNAL_DOMAIN_TLS_TEST_DNS_ZONE="knative-e2e" # Google Cloud project that hosts the DNS server for the testing domain `kn-e2e.dev` - export AUTO_TLS_TEST_CLOUD_DNS_PROJECT="knative-e2e-dns" + export EXTERNAL_DOMAIN_TLS_TEST_CLOUD_DNS_PROJECT="knative-e2e-dns" # The service account credential file used to access the DNS server. - export AUTO_TLS_TEST_CLOUD_DNS_SERVICE_ACCOUNT_KEY_FILE="${GOOGLE_APPLICATION_CREDENTIALS}" + export EXTERNAL_DOMAIN_TLS_TEST_CLOUD_DNS_SERVICE_ACCOUNT_KEY_FILE="${GOOGLE_APPLICATION_CREDENTIALS}" - export AUTO_TLS_TEST_DOMAIN_NAME="kn-e2e.dev" + export EXTERNAL_DOMAIN_TLS_TEST_DOMAIN_NAME="kn-e2e.dev" - export CUSTOM_DOMAIN_SUFFIX="$(($RANDOM % 10000)).${E2E_PROJECT_ID}.${AUTO_TLS_TEST_DOMAIN_NAME}" + export CUSTOM_DOMAIN_SUFFIX="$(($RANDOM % 10000)).${E2E_PROJECT_ID}.${EXTERNAL_DOMAIN_TLS_TEST_DOMAIN_NAME}" export TLS_TEST_NAMESPACE="tls" @@ -39,11 +39,11 @@ function setup_auto_tls_env_variables() { INGRESS_SERVICE="istio-ingressgateway" fi local IP=$(kubectl get svc -n ${INGRESS_NAMESPACE} ${INGRESS_SERVICE} -o jsonpath="{.status.loadBalancer.ingress[0].ip}") - export AUTO_TLS_TEST_INGRESS_IP=${IP} + export EXTERNAL_DOMAIN_TLS_TEST_INGRESS_IP=${IP} } function setup_custom_domain() { - echo ">> Configuring custom domain for Auto TLS tests: ${CUSTOM_DOMAIN_SUFFIX}" + echo ">> Configuring custom domain for External Domain TLS tests: ${CUSTOM_DOMAIN_SUFFIX}" cat <