From 4016ca2b091cf8dea0e60c5ac3d92976094b1b2e Mon Sep 17 00:00:00 2001 From: Jimmi Dyson Date: Thu, 31 Aug 2023 19:29:40 +0100 Subject: [PATCH 1/2] feat: Add API server cert SANs patch --- charts/capi-runtime-extensions/README.md | 2 + .../values.schema.json | 45 +++++++ charts/capi-runtime-extensions/values.yaml | 4 + cmd/capi-runtime-extensions/main.go | 3 + docs/content/apiserver-cert-sans.md | 47 +++++++ docs/content/http-proxy.md | 14 +- pkg/handlers/apiservercertsans/inject.go | 106 +++++++++++++++ pkg/handlers/apiservercertsans/inject_test.go | 121 ++++++++++++++++++ pkg/handlers/apiservercertsans/variables.go | 65 ++++++++++ .../apiservercertsans/variables_test.go | 30 +++++ pkg/handlers/auditpolicy/inject_test.go | 64 ++++----- 11 files changed, 464 insertions(+), 37 deletions(-) create mode 100644 docs/content/apiserver-cert-sans.md create mode 100644 pkg/handlers/apiservercertsans/inject.go create mode 100644 pkg/handlers/apiservercertsans/inject_test.go create mode 100644 pkg/handlers/apiservercertsans/variables.go create mode 100644 pkg/handlers/apiservercertsans/variables_test.go diff --git a/charts/capi-runtime-extensions/README.md b/charts/capi-runtime-extensions/README.md index 9d07222df..f7b2d9e80 100644 --- a/charts/capi-runtime-extensions/README.md +++ b/charts/capi-runtime-extensions/README.md @@ -31,6 +31,8 @@ A Helm chart for capi-runtime-extensions | controllers.enableLeaderElection | bool | `false` | | | deployment.replicas | int | `1` | | | env | object | `{}` | | +| handlers.APIServerCertSANsPatch.enabled | bool | `true` | | +| handlers.APIServerCertSANsVars.enabled | bool | `true` | | | handlers.AuditPolicyPatch.enabled | bool | `true` | | | handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.content | string | `""` | | | handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.name | string | `"calico-cni-installation-dockercluster"` | | diff --git a/charts/capi-runtime-extensions/values.schema.json b/charts/capi-runtime-extensions/values.schema.json index 49710b0c5..688a3c7d5 100644 --- a/charts/capi-runtime-extensions/values.schema.json +++ b/charts/capi-runtime-extensions/values.schema.json @@ -104,6 +104,51 @@ "default": true } } + }, + "HTTPProxyVars": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "default": true + } + } + }, + "HTTPProxyPatch": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "default": true + } + } + }, + "AuditPolicyPatch": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "default": true + } + } + }, + "APIServerCertSANsVars": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "default": true + } + } + }, + "APIServerCertSANsPatch": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "default": true + } + } } } }, diff --git a/charts/capi-runtime-extensions/values.yaml b/charts/capi-runtime-extensions/values.yaml index 2d9102953..bd8c8a723 100644 --- a/charts/capi-runtime-extensions/values.yaml +++ b/charts/capi-runtime-extensions/values.yaml @@ -21,6 +21,10 @@ handlers: enabled: true AuditPolicyPatch: enabled: true + APIServerCertSANsVars: + enabled: true + APIServerCertSANsPatch: + enabled: true deployment: replicas: 1 diff --git a/cmd/capi-runtime-extensions/main.go b/cmd/capi-runtime-extensions/main.go index 763f4edc2..39fc0bf75 100644 --- a/cmd/capi-runtime-extensions/main.go +++ b/cmd/capi-runtime-extensions/main.go @@ -25,6 +25,7 @@ import ( ctrclient "sigs.k8s.io/controller-runtime/pkg/client" "github.com/d2iq-labs/capi-runtime-extensions/internal/controllermanager" + "github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/apiservercertsans" "github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/cni/calico" "github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/httpproxy" "github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/servicelbgc" @@ -79,6 +80,8 @@ func main() { calico.New(client, calicoCNIConfig), httpproxy.NewVariable(), httpproxy.NewPatch(), + apiservercertsans.NewVariable(), + apiservercertsans.NewPatch(), ) // Initialize and parse command line flags. diff --git a/docs/content/apiserver-cert-sans.md b/docs/content/apiserver-cert-sans.md new file mode 100644 index 000000000..023720fad --- /dev/null +++ b/docs/content/apiserver-cert-sans.md @@ -0,0 +1,47 @@ +--- +title: "API Server Certificate SANs" +--- + +If the API server can be accessed by alternative DNS addresses then setting additional SANs on the API server +certificate is necessary in order for clients to successfully validate the API server certificate. + +To enable the API server certificate SANs enable the `apiservercertsansvars` and `apiservercertsanspatch` external +patches on `ClusterClass`. + +```yaml +apiVersion: cluster.x-k8s.io/v1beta1 +kind: ClusterClass +metadata: + name: +spec: + patches: + - name: apiserver-cert-sans + external: + generateExtension: "apiservercertsanspatch." + discoverVariablesExtension: "apiservercertsansvars." +``` + +On the cluster resource then specify desired certificate SANs values: + +```yaml +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: +spec: + topology: + variables: + - name: apiServerCertSANs + value: + - a.b.c.example.com + - d.e.f.example.com +``` + +Applying this configuration will result in the certificate SANs being correctly set in the +`KubeadmControlPlaneTemplate`. + +This hook is enabled by default, and can be explicitly disabled by omitting the `APIServerCertSANsVars` +and `APIServerCertSANsPatch` hook from the `--runtimehooks.enabled-handlers` flag. + +If deploying via Helm, then this can be disabled by setting `handlers.APIServerCertSANsVars.enabled=false` and +`handlers.APIServerCertSANsPatch.enabled=false`. diff --git a/docs/content/http-proxy.md b/docs/content/http-proxy.md index e2322ede7..8b1c03ba4 100644 --- a/docs/content/http-proxy.md +++ b/docs/content/http-proxy.md @@ -31,13 +31,13 @@ metadata: spec: topology: variables: - name: proxy - values: - http: http://example.com - https: http://example.com - no: - - http://no-proxy-1.example.com - - http://no-proxy-2.example.com + - name: proxy + value: + http: http://example.com + https: http://example.com + no: + - http://no-proxy-1.example.com + - http://no-proxy-2.example.com ``` Applying this configuration will result in new bootstrap files on the `KubeadmControlPlaneTemplate` diff --git a/pkg/handlers/apiservercertsans/inject.go b/pkg/handlers/apiservercertsans/inject.go new file mode 100644 index 000000000..b440ace7f --- /dev/null +++ b/pkg/handlers/apiservercertsans/inject.go @@ -0,0 +1,106 @@ +// Copyright 2023 D2iQ, Inc. All rights reserved. +// SPDX-License-Identifier: Apache-2.0 + +package apiservercertsans + +import ( + "context" + _ "embed" + + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/serializer" + "k8s.io/apimachinery/pkg/types" + bootstrapv1 "sigs.k8s.io/cluster-api/bootstrap/kubeadm/api/v1beta1" + controlplanev1 "sigs.k8s.io/cluster-api/controlplane/kubeadm/api/v1beta1" + runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1" + "sigs.k8s.io/cluster-api/exp/runtime/topologymutation" + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/d2iq-labs/capi-runtime-extensions/pkg/capi/clustertopology/patches" + "github.com/d2iq-labs/capi-runtime-extensions/pkg/capi/clustertopology/patches/selectors" + "github.com/d2iq-labs/capi-runtime-extensions/pkg/capi/clustertopology/variables" + "github.com/d2iq-labs/capi-runtime-extensions/server/pkg/handlers" +) + +const ( + // HandlerNamePatch is the name of the inject handler. + HandlerNamePatch = "APIServerCertSANsPatch" +) + +type apiServerCertSANsPatchHandler struct { + decoder runtime.Decoder +} + +var ( + _ handlers.NamedHandler = &apiServerCertSANsPatchHandler{} + _ handlers.GeneratePatchesMutationHandler = &apiServerCertSANsPatchHandler{} +) + +func NewPatch() *apiServerCertSANsPatchHandler { + scheme := runtime.NewScheme() + _ = bootstrapv1.AddToScheme(scheme) + _ = controlplanev1.AddToScheme(scheme) + return &apiServerCertSANsPatchHandler{ + decoder: serializer.NewCodecFactory(scheme).UniversalDecoder( + controlplanev1.GroupVersion, + bootstrapv1.GroupVersion, + ), + } +} + +func (h *apiServerCertSANsPatchHandler) Name() string { + return HandlerNamePatch +} + +func (h *apiServerCertSANsPatchHandler) GeneratePatches( + ctx context.Context, + req *runtimehooksv1.GeneratePatchesRequest, + resp *runtimehooksv1.GeneratePatchesResponse, +) { + topologymutation.WalkTemplates( + ctx, + h.decoder, + req, + resp, + func( + ctx context.Context, + obj runtime.Object, + vars map[string]apiextensionsv1.JSON, + holderRef runtimehooksv1.HolderReference, + ) error { + log := ctrl.LoggerFrom(ctx).WithValues( + "holderRef", holderRef, + ) + + apiServerCertSANsVar, found, err := variables.Get[APIServerCertSANsVariables]( + vars, + VariableName, + ) + if err != nil { + return err + } + if !found { + log.Info("API server cert SANs variable not defined") + return nil + } + + return patches.Generate( + obj, vars, &holderRef, selectors.ControlPlane(), log, + func(obj *controlplanev1.KubeadmControlPlaneTemplate) error { + log.WithValues("namespacedName", types.NamespacedName{ + Name: obj.Name, + Namespace: obj.Namespace, + }).Info("adding API server extra cert SANs in kubeadm config spec") + + if obj.Spec.Template.Spec.KubeadmConfigSpec.ClusterConfiguration == nil { + obj.Spec.Template.Spec.KubeadmConfigSpec.ClusterConfiguration = &bootstrapv1.ClusterConfiguration{} + } + obj.Spec.Template.Spec.KubeadmConfigSpec.ClusterConfiguration.APIServer.CertSANs = apiServerCertSANsVar + + return nil + }, + ) + }, + ) +} diff --git a/pkg/handlers/apiservercertsans/inject_test.go b/pkg/handlers/apiservercertsans/inject_test.go new file mode 100644 index 000000000..30f73db89 --- /dev/null +++ b/pkg/handlers/apiservercertsans/inject_test.go @@ -0,0 +1,121 @@ +// Copyright 2023 D2iQ, Inc. All rights reserved. +// SPDX-License-Identifier: Apache-2.0 + +package apiservercertsans + +import ( + "bytes" + "context" + "encoding/json" + "testing" + + . "github.com/onsi/gomega" + . "github.com/onsi/gomega/gstruct" + "gomodules.xyz/jsonpatch/v2" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" + controlplanev1 "sigs.k8s.io/cluster-api/controlplane/kubeadm/api/v1beta1" + runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1" +) + +func TestGeneratePatches(t *testing.T) { + g := NewWithT(t) + h := NewPatch() + req := &runtimehooksv1.GeneratePatchesRequest{} + resp := &runtimehooksv1.GeneratePatchesResponse{} + h.GeneratePatches(context.Background(), req, resp) + g.Expect(resp.Status).To(Equal(runtimehooksv1.ResponseStatusSuccess)) + g.Expect(resp.Items).To(BeEmpty()) +} + +func TestGeneratePatches_KubeadmControlPlaneTemplate(t *testing.T) { + g := NewWithT(t) + h := NewPatch() + req := &runtimehooksv1.GeneratePatchesRequest{ + Variables: []runtimehooksv1.Variable{ + newVariable( + VariableName, + APIServerCertSANsVariables{"a.b.c.example.com", "d.e.f.example.com"}, + ), + }, + Items: []runtimehooksv1.GeneratePatchesRequestItem{ + requestItem( + "1", + &controlplanev1.KubeadmControlPlaneTemplate{ + TypeMeta: v1.TypeMeta{ + Kind: "KubeadmControlPlaneTemplate", + APIVersion: controlplanev1.GroupVersion.String(), + }, + }, + &runtimehooksv1.HolderReference{ + Kind: "Cluster", + FieldPath: "spec.controlPlaneRef", + }, + ), + }, + } + resp := &runtimehooksv1.GeneratePatchesResponse{} + h.GeneratePatches(context.Background(), req, resp) + g.Expect(resp.Status).To(Equal(runtimehooksv1.ResponseStatusSuccess)) + g.Expect(resp.Items).To(ContainElement(MatchFields(IgnoreExtras, Fields{ + "UID": Equal(types.UID("1")), + "PatchType": Equal(runtimehooksv1.JSONPatchType), + "Patch": WithTransform( + func(data []byte) ([]jsonpatch.Operation, error) { + operations := []jsonpatch.Operation{} + if err := json.Unmarshal(data, &operations); err != nil { + return nil, err + } + return operations, nil + }, + ConsistOf(MatchAllFields(Fields{ + "Operation": Equal("add"), + "Path": Equal("/spec/template/spec/kubeadmConfigSpec/clusterConfiguration"), + "Value": HaveKeyWithValue( + "apiServer", + HaveKeyWithValue( + "certSANs", + []interface{}{"a.b.c.example.com", "d.e.f.example.com"}, + ), + ), + })), + ), + }))) +} + +func toJSON(v any) []byte { + data, err := json.Marshal(v) + if err != nil { + panic(err) + } + compacted := &bytes.Buffer{} + if err := json.Compact(compacted, data); err != nil { + panic(err) + } + return compacted.Bytes() +} + +// requestItem returns a GeneratePatchesRequestItem with the given uid, variables and object. +func requestItem( + uid string, + object any, + holderRef *runtimehooksv1.HolderReference, +) runtimehooksv1.GeneratePatchesRequestItem { + return runtimehooksv1.GeneratePatchesRequestItem{ + UID: types.UID(uid), + Object: runtime.RawExtension{ + Raw: toJSON(object), + }, + HolderReference: *holderRef, + } +} + +// newVariable returns a runtimehooksv1.Variable with the passed name and value. +func newVariable(name string, value any) runtimehooksv1.Variable { + return runtimehooksv1.Variable{ + Name: name, + Value: apiextensionsv1.JSON{Raw: toJSON(value)}, + } +} diff --git a/pkg/handlers/apiservercertsans/variables.go b/pkg/handlers/apiservercertsans/variables.go new file mode 100644 index 000000000..b0644d804 --- /dev/null +++ b/pkg/handlers/apiservercertsans/variables.go @@ -0,0 +1,65 @@ +// Copyright 2023 D2iQ, Inc. All rights reserved. +// SPDX-License-Identifier: Apache-2.0 + +package apiservercertsans + +import ( + "context" + + clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1" + + "github.com/d2iq-labs/capi-runtime-extensions/server/pkg/handlers" +) + +var ( + _ handlers.NamedHandler = &apiServerCertSANsVariableHandler{} + _ handlers.DiscoverVariablesMutationHandler = &apiServerCertSANsVariableHandler{} +) + +const ( + // VariableName is http proxy external patch variable name. + VariableName = "apiServerCertSANs" + + // HandlerNameVariable is the name of the variable handler. + HandlerNameVariable = "APIServerCertSANsVars" +) + +func NewVariable() *apiServerCertSANsVariableHandler { + return &apiServerCertSANsVariableHandler{} +} + +type apiServerCertSANsVariableHandler struct{} + +func (h *apiServerCertSANsVariableHandler) Name() string { + return HandlerNameVariable +} + +func (h *apiServerCertSANsVariableHandler) DiscoverVariables( + ctx context.Context, + _ *runtimehooksv1.DiscoverVariablesRequest, + resp *runtimehooksv1.DiscoverVariablesResponse, +) { + variable := APIServerCertSANsVariables{} + resp.Variables = append(resp.Variables, clusterv1.ClusterClassVariable{ + Name: VariableName, + Required: false, + Schema: variable.VariableSchema(), + }) + resp.SetStatus(runtimehooksv1.ResponseStatusSuccess) +} + +// APIServerCertSANsVariables required for providing API server cert SANs. +type APIServerCertSANsVariables []string + +// VariableSchema provides Cluster Class variable schema definition. +func (APIServerCertSANsVariables) VariableSchema() clusterv1.VariableSchema { + return clusterv1.VariableSchema{ + OpenAPIV3Schema: clusterv1.JSONSchemaProps{ + Type: "array", + Items: &clusterv1.JSONSchemaProps{ + Type: "string", + }, + }, + } +} diff --git a/pkg/handlers/apiservercertsans/variables_test.go b/pkg/handlers/apiservercertsans/variables_test.go new file mode 100644 index 000000000..83b128465 --- /dev/null +++ b/pkg/handlers/apiservercertsans/variables_test.go @@ -0,0 +1,30 @@ +// Copyright 2023 D2iQ, Inc. All rights reserved. +// SPDX-License-Identifier: Apache-2.0 + +package apiservercertsans + +import ( + "context" + "testing" + + . "github.com/onsi/gomega" + . "github.com/onsi/gomega/gstruct" + runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1" +) + +func TestDiscoverVariables(t *testing.T) { + g := NewWithT(t) + h := NewVariable() + resp := &runtimehooksv1.DiscoverVariablesResponse{} + h.DiscoverVariables(context.Background(), &runtimehooksv1.DiscoverVariablesRequest{}, resp) + + g.Expect(resp.Status).To(Equal(runtimehooksv1.ResponseStatusSuccess)) + g.Expect(resp.Variables).To(HaveLen(1)) + + variable := resp.Variables[0] + g.Expect(variable).To(MatchFields(IgnoreExtras, Fields{ + "Name": Equal(VariableName), + "Required": BeFalse(), + "Schema": Equal(APIServerCertSANsVariables{}.VariableSchema()), + })) +} diff --git a/pkg/handlers/auditpolicy/inject_test.go b/pkg/handlers/auditpolicy/inject_test.go index f204c021a..dcc24755c 100644 --- a/pkg/handlers/auditpolicy/inject_test.go +++ b/pkg/handlers/auditpolicy/inject_test.go @@ -70,39 +70,43 @@ func TestGeneratePatches_KubeadmControlPlaneTemplate(t *testing.T) { "Path": Equal("/spec/template/spec/kubeadmConfigSpec/files"), "Value": HaveLen(1), }), - jsonpatch.NewOperation( - "add", - "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration", - map[string]interface{}{ - "scheduler": map[string]interface{}{}, - "apiServer": map[string]interface{}{ - "extraArgs": map[string]interface{}{ - "audit-log-maxbackup": "10", - "audit-log-maxsize": "100", - "audit-log-path": "/var/log/audit/kube-apiserver-audit.log", - "audit-policy-file": "/etc/kubernetes/audit-policy/apiserver-audit-policy.yaml", - "audit-log-maxage": "30", - }, - "extraVolumes": []interface{}{ + MatchAllFields(Fields{ + "Operation": Equal("add"), + "Path": Equal( + "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration", + ), + "Value": HaveKeyWithValue( + "apiServer", + SatisfyAll( + HaveKeyWithValue( + "extraArgs", map[string]interface{}{ - "hostPath": "/etc/kubernetes/audit-policy/", - "mountPath": "/etc/kubernetes/audit-policy/", - "name": "audit-policy", - "readOnly": true, + "audit-log-maxbackup": "10", + "audit-log-maxsize": "100", + "audit-log-path": "/var/log/audit/kube-apiserver-audit.log", + "audit-policy-file": "/etc/kubernetes/audit-policy/apiserver-audit-policy.yaml", + "audit-log-maxage": "30", }, - map[string]interface{}{ - "name": "audit-logs", - "hostPath": "/var/log/kubernetes/audit", - "mountPath": "/var/log/audit/", + ), + HaveKeyWithValue( + "extraVolumes", + []interface{}{ + map[string]interface{}{ + "hostPath": "/etc/kubernetes/audit-policy/", + "mountPath": "/etc/kubernetes/audit-policy/", + "name": "audit-policy", + "readOnly": true, + }, + map[string]interface{}{ + "name": "audit-logs", + "hostPath": "/var/log/kubernetes/audit", + "mountPath": "/var/log/audit/", + }, }, - }, - }, - "controllerManager": map[string]interface{}{}, - "dns": map[string]interface{}{}, - "etcd": map[string]interface{}{}, - "networking": map[string]interface{}{}, - }, - ), + ), + ), + ), + }), ), ), }))) From 1b975478fee2a2514d73c21704598111f1c06eb3 Mon Sep 17 00:00:00 2001 From: Jimmi Dyson Date: Fri, 1 Sep 2023 11:34:01 +0100 Subject: [PATCH 2/2] test: Add variable validation tests --- capi-runtime-extensions.code-workspace | 2 +- charts/capi-runtime-extensions/README.md | 4 +- charts/capi-runtime-extensions/values.yaml | 4 +- cmd/capi-runtime-extensions/main.go | 8 +- {server => common}/go.mod | 38 ++-- {server => common}/go.sum | 197 +++++----------- {server => common}/pkg/handlers/interfaces.go | 0 common/pkg/openapi/patterns/anchored.go | 8 + common/pkg/openapi/patterns/dns1123.go | 12 + {server => common}/pkg/server/server.go | 2 +- common/pkg/testutils/openapi/convert.go | 212 ++++++++++++++++++ common/pkg/testutils/openapi/validate.go | 129 +++++++++++ ...t-sans.md => extra-apiserver-cert-sans.md} | 20 +- go.mod | 13 +- go.sum | 60 +---- pkg/capi/clustertopology/patches/generator.go | 2 +- pkg/handlers/apiservercertsans/variables.go | 65 ------ .../apiservercertsans/variables_test.go | 30 --- pkg/handlers/auditpolicy/inject.go | 12 +- pkg/handlers/cni/calico/handler.go | 2 +- .../inject.go | 43 ++-- .../inject_test.go | 4 +- .../extraapiservercertsans/variables.go | 69 ++++++ .../extraapiservercertsans/variables_test.go | 85 +++++++ pkg/handlers/httpproxy/inject.go | 22 +- pkg/handlers/httpproxy/variables.go | 2 +- pkg/handlers/servicelbgc/handler.go | 2 +- 27 files changed, 673 insertions(+), 374 deletions(-) rename {server => common}/go.mod (64%) rename {server => common}/go.sum (53%) rename {server => common}/pkg/handlers/interfaces.go (100%) create mode 100644 common/pkg/openapi/patterns/anchored.go create mode 100644 common/pkg/openapi/patterns/dns1123.go rename {server => common}/pkg/server/server.go (98%) create mode 100644 common/pkg/testutils/openapi/convert.go create mode 100644 common/pkg/testutils/openapi/validate.go rename docs/content/{apiserver-cert-sans.md => extra-apiserver-cert-sans.md} (58%) delete mode 100644 pkg/handlers/apiservercertsans/variables.go delete mode 100644 pkg/handlers/apiservercertsans/variables_test.go rename pkg/handlers/{apiservercertsans => extraapiservercertsans}/inject.go (64%) rename pkg/handlers/{apiservercertsans => extraapiservercertsans}/inject_test.go (96%) create mode 100644 pkg/handlers/extraapiservercertsans/variables.go create mode 100644 pkg/handlers/extraapiservercertsans/variables_test.go diff --git a/capi-runtime-extensions.code-workspace b/capi-runtime-extensions.code-workspace index b73c1b457..bd4ad6bd1 100644 --- a/capi-runtime-extensions.code-workspace +++ b/capi-runtime-extensions.code-workspace @@ -7,7 +7,7 @@ "path": "." }, { - "path": "./server" + "path": "./common" } ], "settings": { diff --git a/charts/capi-runtime-extensions/README.md b/charts/capi-runtime-extensions/README.md index f7b2d9e80..cd4f1368a 100644 --- a/charts/capi-runtime-extensions/README.md +++ b/charts/capi-runtime-extensions/README.md @@ -31,8 +31,6 @@ A Helm chart for capi-runtime-extensions | controllers.enableLeaderElection | bool | `false` | | | deployment.replicas | int | `1` | | | env | object | `{}` | | -| handlers.APIServerCertSANsPatch.enabled | bool | `true` | | -| handlers.APIServerCertSANsVars.enabled | bool | `true` | | | handlers.AuditPolicyPatch.enabled | bool | `true` | | | handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.content | string | `""` | | | handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.name | string | `"calico-cni-installation-dockercluster"` | | @@ -40,6 +38,8 @@ A Helm chart for capi-runtime-extensions | handlers.CalicoCNI.defaultPodSubnet | string | `"192.168.0.0/16"` | | | handlers.CalicoCNI.defaultTigeraOperatorConfigMap.name | string | `"tigera-operator"` | | | handlers.CalicoCNI.enabled | bool | `true` | | +| handlers.ExtraAPIServerCertSANsPatch.enabled | bool | `true` | | +| handlers.ExtraAPIServerCertSANsVars.enabled | bool | `true` | | | handlers.HTTPProxyPatch.enabled | bool | `true` | | | handlers.HTTPProxyVars.enabled | bool | `true` | | | handlers.ServiceLoadBalancerGC.enabled | bool | `true` | | diff --git a/charts/capi-runtime-extensions/values.yaml b/charts/capi-runtime-extensions/values.yaml index bd8c8a723..d0b45fecc 100644 --- a/charts/capi-runtime-extensions/values.yaml +++ b/charts/capi-runtime-extensions/values.yaml @@ -21,9 +21,9 @@ handlers: enabled: true AuditPolicyPatch: enabled: true - APIServerCertSANsVars: + ExtraAPIServerCertSANsVars: enabled: true - APIServerCertSANsPatch: + ExtraAPIServerCertSANsPatch: enabled: true deployment: diff --git a/cmd/capi-runtime-extensions/main.go b/cmd/capi-runtime-extensions/main.go index 39fc0bf75..0abb23aa3 100644 --- a/cmd/capi-runtime-extensions/main.go +++ b/cmd/capi-runtime-extensions/main.go @@ -24,12 +24,12 @@ import ( ctrl "sigs.k8s.io/controller-runtime" ctrclient "sigs.k8s.io/controller-runtime/pkg/client" + "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/server" "github.com/d2iq-labs/capi-runtime-extensions/internal/controllermanager" - "github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/apiservercertsans" "github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/cni/calico" + "github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/extraapiservercertsans" "github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/httpproxy" "github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/servicelbgc" - "github.com/d2iq-labs/capi-runtime-extensions/server/pkg/server" ) var ( @@ -80,8 +80,8 @@ func main() { calico.New(client, calicoCNIConfig), httpproxy.NewVariable(), httpproxy.NewPatch(), - apiservercertsans.NewVariable(), - apiservercertsans.NewPatch(), + extraapiservercertsans.NewVariable(), + extraapiservercertsans.NewPatch(), ) // Initialize and parse command line flags. diff --git a/server/go.mod b/common/go.mod similarity index 64% rename from server/go.mod rename to common/go.mod index 938996dc5..0174061de 100644 --- a/server/go.mod +++ b/common/go.mod @@ -1,17 +1,22 @@ // Copyright 2023 D2iQ, Inc. All rights reserved. // SPDX-License-Identifier: Apache-2.0 -module github.com/d2iq-labs/capi-runtime-extensions/server +module github.com/d2iq-labs/capi-runtime-extensions/common go 1.21 require ( github.com/spf13/pflag v1.0.5 + k8s.io/apiextensions-apiserver v0.28.1 + k8s.io/apimachinery v0.28.1 + k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 sigs.k8s.io/cluster-api v1.5.1 - sigs.k8s.io/controller-runtime v0.15.1 + sigs.k8s.io/controller-runtime v0.16.1 ) require ( + github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect + github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/blang/semver/v4 v4.0.0 // indirect @@ -22,12 +27,13 @@ require ( github.com/fsnotify/fsnotify v1.6.0 // indirect github.com/go-logr/logr v1.2.4 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.1 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/google/gnostic v0.6.9 // indirect + github.com/google/cel-go v0.16.0 // indirect + github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.3.0 // indirect @@ -42,28 +48,30 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/client_golang v1.16.0 // indirect github.com/prometheus/client_model v0.4.0 // indirect - github.com/prometheus/common v0.42.0 // indirect + github.com/prometheus/common v0.44.0 // indirect github.com/prometheus/procfs v0.10.1 // indirect + github.com/stoewer/go-strcase v1.2.0 // indirect + golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect golang.org/x/net v0.13.0 // indirect golang.org/x/oauth2 v0.10.0 // indirect - golang.org/x/sys v0.10.0 // indirect + golang.org/x/sys v0.11.0 // indirect golang.org/x/term v0.10.0 // indirect golang.org/x/text v0.11.0 // indirect golang.org/x/time v0.3.0 // indirect - gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.7 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.27.2 // indirect - k8s.io/apiextensions-apiserver v0.27.2 // indirect - k8s.io/apimachinery v0.27.2 // indirect - k8s.io/client-go v0.27.2 // indirect - k8s.io/component-base v0.27.2 // indirect - k8s.io/klog/v2 v2.90.1 // indirect - k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect - k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect + k8s.io/api v0.28.1 // indirect + k8s.io/apiserver v0.28.1 // indirect + k8s.io/client-go v0.28.1 // indirect + k8s.io/component-base v0.28.1 // indirect + k8s.io/klog/v2 v2.100.1 // indirect + k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect diff --git a/server/go.sum b/common/go.sum similarity index 53% rename from server/go.sum rename to common/go.sum index c1a05e878..41c77a0a1 100644 --- a/server/go.sum +++ b/common/go.sum @@ -1,44 +1,27 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= +github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18= +github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= +github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA= +github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= -github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -46,41 +29,25 @@ github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8= -github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0= -github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/cel-go v0.16.0 h1:DG9YQ8nFCFXAs/FDDwBxmL1tpKNrdlGUM9U3537bX/Y= +github.com/google/cel-go v0.16.0/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -89,10 +56,8 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= @@ -102,7 +67,6 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -123,8 +87,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU= github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= -github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc= -github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ= +github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= +github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -132,19 +96,17 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= -github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM= -github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= +github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= +github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= @@ -153,85 +115,55 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= +github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= -go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= -go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8= -go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= -go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= -go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c= +go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA= +golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8= golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI= +golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= +golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c= golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= @@ -241,76 +173,53 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gomodules.xyz/jsonpatch/v2 v2.3.0 h1:8NFhfS6gzxNqjLIYnZxg319wZ5Qjnx4m/CcX+Klzazc= -gomodules.xyz/jsonpatch/v2 v2.3.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= +gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9 h1:m8v1xLLLzMe1m5P+gCTF8nJB9epwZQUBERm20Oy1poQ= +google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 h1:0nDDozoAU19Qb2HwhXadU8OcsiO/09cnTqhUtq2MEOM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.27.2 h1:+H17AJpUMvl+clT+BPnKf0E3ksMAzoBBg7CntpSuADo= -k8s.io/api v0.27.2/go.mod h1:ENmbocXfBT2ADujUXcBhHV55RIT31IIEvkntP6vZKS4= -k8s.io/apiextensions-apiserver v0.27.2 h1:iwhyoeS4xj9Y7v8YExhUwbVuBhMr3Q4bd/laClBV6Bo= -k8s.io/apiextensions-apiserver v0.27.2/go.mod h1:Oz9UdvGguL3ULgRdY9QMUzL2RZImotgxvGjdWRq6ZXQ= -k8s.io/apimachinery v0.27.2 h1:vBjGaKKieaIreI+oQwELalVG4d8f3YAMNpWLzDXkxeg= -k8s.io/apimachinery v0.27.2/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= -k8s.io/client-go v0.27.2 h1:vDLSeuYvCHKeoQRhCXjxXO45nHVv2Ip4Fe0MfioMrhE= -k8s.io/client-go v0.27.2/go.mod h1:tY0gVmUsHrAmjzHX9zs7eCjxcBsf8IiNe7KQ52biTcQ= -k8s.io/component-base v0.27.2 h1:neju+7s/r5O4x4/txeUONNTS9r1HsPbyoPBAtHsDCpo= -k8s.io/component-base v0.27.2/go.mod h1:5UPk7EjfgrfgRIuDBFtsEFAe4DAvP3U+M8RTzoSJkpo= -k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= -k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= -k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY= -k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/api v0.28.1 h1:i+0O8k2NPBCPYaMB+uCkseEbawEt/eFaiRqUx8aB108= +k8s.io/api v0.28.1/go.mod h1:uBYwID+66wiL28Kn2tBjBYQdEU0Xk0z5qF8bIBqk/Dg= +k8s.io/apiextensions-apiserver v0.28.1 h1:l2ThkBRjrWpw4f24uq0Da2HaEgqJZ7pcgiEUTKSmQZw= +k8s.io/apiextensions-apiserver v0.28.1/go.mod h1:sVvrI+P4vxh2YBBcm8n2ThjNyzU4BQGilCQ/JAY5kGs= +k8s.io/apimachinery v0.28.1 h1:EJD40og3GizBSV3mkIoXQBsws32okPOy+MkRyzh6nPY= +k8s.io/apimachinery v0.28.1/go.mod h1:X0xh/chESs2hP9koe+SdIAcXWcQ+RM5hy0ZynB+yEvw= +k8s.io/apiserver v0.28.1 h1:dw2/NKauDZCnOUAzIo2hFhtBRUo6gQK832NV8kuDbGM= +k8s.io/apiserver v0.28.1/go.mod h1:d8aizlSRB6yRgJ6PKfDkdwCy2DXt/d1FDR6iJN9kY1w= +k8s.io/client-go v0.28.1 h1:pRhMzB8HyLfVwpngWKE8hDcXRqifh1ga2Z/PU9SXVK8= +k8s.io/client-go v0.28.1/go.mod h1:pEZA3FqOsVkCc07pFVzK076R+P/eXqsgx5zuuRWukNE= +k8s.io/component-base v0.28.1 h1:LA4AujMlK2mr0tZbQDZkjWbdhTV5bRyEyAFe0TJxlWg= +k8s.io/component-base v0.28.1/go.mod h1:jI11OyhbX21Qtbav7JkhehyBsIRfnO8oEgoAR12ArIU= +k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= +k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= +k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= +k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= +k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/cluster-api v1.5.1 h1:+oO4EbVQcbBJr5wjqmdjvewPHSTbVLigXZqPk3ZO8t0= sigs.k8s.io/cluster-api v1.5.1/go.mod h1:EGJUNpFWi7dF426tO8MG/jE+w7T0UO5KyMnOwQ5riUY= -sigs.k8s.io/controller-runtime v0.15.1 h1:9UvgKD4ZJGcj24vefUFgZFP3xej/3igL9BsOUTb/+4c= -sigs.k8s.io/controller-runtime v0.15.1/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk= +sigs.k8s.io/controller-runtime v0.16.1 h1:+15lzrmHsE0s2kNl0Dl8cTchI5Cs8qofo5PGcPrV9z0= +sigs.k8s.io/controller-runtime v0.16.1/go.mod h1:vpMu3LpI5sYWtujJOa2uPK61nB5rbwlN7BAB8aSLvGU= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= diff --git a/server/pkg/handlers/interfaces.go b/common/pkg/handlers/interfaces.go similarity index 100% rename from server/pkg/handlers/interfaces.go rename to common/pkg/handlers/interfaces.go diff --git a/common/pkg/openapi/patterns/anchored.go b/common/pkg/openapi/patterns/anchored.go new file mode 100644 index 000000000..201dba17c --- /dev/null +++ b/common/pkg/openapi/patterns/anchored.go @@ -0,0 +1,8 @@ +// Copyright 2023 D2iQ, Inc. All rights reserved. +// SPDX-License-Identifier: Apache-2.0 + +package patterns + +func Anchored(pattern string) string { + return "^" + pattern + "$" +} diff --git a/common/pkg/openapi/patterns/dns1123.go b/common/pkg/openapi/patterns/dns1123.go new file mode 100644 index 000000000..3652ce90e --- /dev/null +++ b/common/pkg/openapi/patterns/dns1123.go @@ -0,0 +1,12 @@ +// Copyright 2023 D2iQ, Inc. All rights reserved. +// SPDX-License-Identifier: Apache-2.0 + +package patterns + +const ( + // See: https://github.com/kubernetes/apimachinery/blob/v0.28.1/pkg/util/validation/validation.go#L178 + DNS1123Label = `[a-z0-9]([-a-z0-9]*[a-z0-9])?` + + // See: https://github.com/kubernetes/apimachinery/blob/v0.28.1/pkg/util/validation/validation.go#L205 + DNS1123Subdomain = DNS1123Label + `(\.` + DNS1123Label + `)*` +) diff --git a/server/pkg/server/server.go b/common/pkg/server/server.go similarity index 98% rename from server/pkg/server/server.go rename to common/pkg/server/server.go index 2f3d61cad..50fdbe8ab 100644 --- a/server/pkg/server/server.go +++ b/common/pkg/server/server.go @@ -14,7 +14,7 @@ import ( "sigs.k8s.io/cluster-api/exp/runtime/server" ctrl "sigs.k8s.io/controller-runtime" - "github.com/d2iq-labs/capi-runtime-extensions/server/pkg/handlers" + "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/handlers" ) type Server struct { diff --git a/common/pkg/testutils/openapi/convert.go b/common/pkg/testutils/openapi/convert.go new file mode 100644 index 000000000..2e111f7fb --- /dev/null +++ b/common/pkg/testutils/openapi/convert.go @@ -0,0 +1,212 @@ +// Copyright 2023 D2iQ, Inc. All rights reserved. +// SPDX-License-Identifier: Apache-2.0 + +package openapi + +import ( + "encoding/json" + "fmt" + + "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "k8s.io/apimachinery/pkg/util/validation/field" + "k8s.io/utils/pointer" + clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" +) + +// convertToAPIExtensionsJSONSchemaProps converts a clusterv1.JSONSchemaProps to apiextensions.JSONSchemaProp. +// NOTE: This is used whenever we want to use one of the upstream libraries, as they use apiextensions.JSONSchemaProp. +// NOTE: If new fields are added to clusterv1.JSONSchemaProps (e.g. to support complex types), the corresponding +// schema validation must be added to validateRootSchema too. +// See: https://github.com/kubernetes-sigs/cluster-api/blob/v1.5.1/internal/topology/variables/schema.go#L35 +func ConvertToAPIExtensionsJSONSchemaProps( + schema *clusterv1.JSONSchemaProps, fldPath *field.Path, +) (*apiextensions.JSONSchemaProps, field.ErrorList) { + var allErrs field.ErrorList + + props := &apiextensions.JSONSchemaProps{ + Type: schema.Type, + Required: schema.Required, + MaxItems: schema.MaxItems, + MinItems: schema.MinItems, + UniqueItems: schema.UniqueItems, + Format: schema.Format, + MaxLength: schema.MaxLength, + MinLength: schema.MinLength, + Pattern: schema.Pattern, + ExclusiveMaximum: schema.ExclusiveMaximum, + ExclusiveMinimum: schema.ExclusiveMinimum, + } + + // Only set XPreserveUnknownFields to true if it's true. + // apiextensions.JSONSchemaProps only allows setting XPreserveUnknownFields + // to true or undefined, false is forbidden. + if schema.XPreserveUnknownFields { + props.XPreserveUnknownFields = pointer.Bool(true) + } + + if schema.Default != nil && schema.Default.Raw != nil { + var v interface{} + if err := json.Unmarshal(schema.Default.Raw, &v); err != nil { + allErrs = append( + allErrs, + field.Invalid( + fldPath.Child("default"), + string(schema.Default.Raw), + fmt.Sprintf("default is not valid JSON: %v", err), + ), + ) + } else { + var v apiextensions.JSON + err := apiextensionsv1.Convert_v1_JSON_To_apiextensions_JSON(schema.Default, &v, nil) + if err != nil { + allErrs = append( + allErrs, + field.Invalid( + fldPath.Child("default"), + string(schema.Default.Raw), + fmt.Sprintf("failed to convert default: %v", err), + ), + ) + } else { + props.Default = &v + } + } + } + + if len(schema.Enum) > 0 { + for i, enum := range schema.Enum { + if enum.Raw == nil { + continue + } + + var v interface{} + if err := json.Unmarshal(enum.Raw, &v); err != nil { + allErrs = append( + allErrs, + field.Invalid(fldPath.Child("enum").Index(i), string(enum.Raw), + fmt.Sprintf("enum value is not valid JSON: %v", err)), + ) + } else { + var v apiextensions.JSON + err := apiextensionsv1.Convert_v1_JSON_To_apiextensions_JSON(&schema.Enum[i], &v, nil) + if err != nil { + allErrs = append( + allErrs, + field.Invalid( + fldPath.Child("enum").Index(i), + string(enum.Raw), + fmt.Sprintf("failed to convert enum value: %v", err), + ), + ) + } else { + props.Enum = append(props.Enum, v) + } + } + } + } + + if schema.Example != nil && schema.Example.Raw != nil { + var v interface{} + if err := json.Unmarshal(schema.Example.Raw, &v); err != nil { + allErrs = append( + allErrs, + field.Invalid(fldPath.Child("example"), string(schema.Example.Raw), + fmt.Sprintf("example is not valid JSON: %v", err)), + ) + } else { + var value apiextensions.JSON + err := apiextensionsv1.Convert_v1_JSON_To_apiextensions_JSON(schema.Example, &value, nil) + if err != nil { + allErrs = append( + allErrs, + field.Invalid( + fldPath.Child("example"), + string(schema.Example.Raw), + fmt.Sprintf("failed to convert example value: %v", err), + ), + ) + } else { + props.Example = &value + } + } + } + if schema.Maximum != nil { + f := float64(*schema.Maximum) + props.Maximum = &f + } + + if schema.Minimum != nil { + f := float64(*schema.Minimum) + props.Minimum = &f + } + + if schema.AdditionalProperties != nil { + apiExtensionsSchema, err := ConvertToAPIExtensionsJSONSchemaProps( + schema.AdditionalProperties, fldPath.Child("additionalProperties"), + ) + if err != nil { + allErrs = append( + allErrs, + field.Invalid( + fldPath.Child("additionalProperties"), + "", + fmt.Sprintf("failed to convert schema: %v", err), + ), + ) + } else { + props.AdditionalProperties = &apiextensions.JSONSchemaPropsOrBool{ + // Allows must be true to allow "additional properties". + // Otherwise only the ones from .Properties are allowed. + Allows: true, + Schema: apiExtensionsSchema, + } + } + } + + if len(schema.Properties) > 0 { + props.Properties = map[string]apiextensions.JSONSchemaProps{} + for propertyName := range schema.Properties { + p := schema.Properties[propertyName] + apiExtensionsSchema, err := ConvertToAPIExtensionsJSONSchemaProps( + &p, + fldPath.Child("properties").Key(propertyName), + ) + if err != nil { + allErrs = append( + allErrs, + field.Invalid( + fldPath.Child("properties").Key(propertyName), + "", + fmt.Sprintf("failed to convert schema: %v", err), + ), + ) + } else { + props.Properties[propertyName] = *apiExtensionsSchema + } + } + } + + if schema.Items != nil { + apiExtensionsSchema, err := ConvertToAPIExtensionsJSONSchemaProps( + schema.Items, + fldPath.Child("items"), + ) + if err != nil { + allErrs = append( + allErrs, + field.Invalid( + fldPath.Child("items"), + "", + fmt.Sprintf("failed to convert schema: %v", err), + ), + ) + } else { + props.Items = &apiextensions.JSONSchemaPropsOrArray{ + Schema: apiExtensionsSchema, + } + } + } + + return props, allErrs +} diff --git a/common/pkg/testutils/openapi/validate.go b/common/pkg/testutils/openapi/validate.go new file mode 100644 index 000000000..9ef8f4ea8 --- /dev/null +++ b/common/pkg/testutils/openapi/validate.go @@ -0,0 +1,129 @@ +// Copyright 2023 D2iQ, Inc. All rights reserved. +// SPDX-License-Identifier: Apache-2.0 + +package openapi + +import ( + "encoding/json" + "fmt" + "strings" + + "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions" + structuralschema "k8s.io/apiextensions-apiserver/pkg/apiserver/schema" + structuralpruning "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/pruning" + "k8s.io/apiextensions-apiserver/pkg/apiserver/validation" + "k8s.io/apimachinery/pkg/util/validation/field" + clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" +) + +// ValidateClusterVariable validates a clusterVariable. +// See: https://github.com/kubernetes-sigs/cluster-api/blob/v1.5.1/internal/topology/variables/cluster_variable_validation.go#L118 +// +//nolint:lll // Adding for URL above, does not work when adding to end of line in a comment block. +func ValidateClusterVariable( + value *clusterv1.ClusterVariable, + definition *clusterv1.ClusterClassVariable, + fldPath *field.Path, +) field.ErrorList { + // Parse JSON value. + var variableValue interface{} + // Only try to unmarshal the clusterVariable if it is not nil, otherwise the variableValue is nil. + // Note: A clusterVariable with a nil value is the result of setting the variable value to "null" via YAML. + if value.Value.Raw != nil { + if err := json.Unmarshal(value.Value.Raw, &variableValue); err != nil { + return field.ErrorList{field.Invalid(fldPath.Child("value"), string(value.Value.Raw), + fmt.Sprintf("variable %q could not be parsed: %v", value.Name, err))} + } + } + + // Convert schema to Kubernetes APIExtensions Schema. + apiExtensionsSchema, allErrs := ConvertToAPIExtensionsJSONSchemaProps( + &definition.Schema.OpenAPIV3Schema, field.NewPath("schema"), + ) + if len(allErrs) > 0 { + return field.ErrorList{field.InternalError(fldPath, + fmt.Errorf( + "failed to convert schema definition for variable %q; ClusterClass should be checked: %v", + definition.Name, + allErrs, + ), + )} + } + + // Create validator for schema. + validator, _, err := validation.NewSchemaValidator(apiExtensionsSchema) + if err != nil { + return field.ErrorList{field.InternalError(fldPath, + fmt.Errorf( + "failed to create schema validator for variable %q; ClusterClass should be checked: %v", + value.Name, + err, + ), + )} + } + + // Validate variable against the schema. + // NOTE: We're reusing a library func used in CRD validation. + if err := validation.ValidateCustomResource(fldPath, variableValue, validator); err != nil { + return err + } + + return validateUnknownFields(fldPath, value, variableValue, apiExtensionsSchema) +} + +// validateUnknownFields validates the given variableValue for unknown fields. +// This func returns an error if there are variable fields in variableValue that are not defined in +// variableSchema and if x-kubernetes-preserve-unknown-fields is not set. +// See: https://github.com/kubernetes-sigs/cluster-api/blob/v1.5.1/internal/topology/variables/cluster_variable_validation.go#L158 +// +//nolint:lll // Adding for URL above, does not work when adding to end of line in a comment block. +func validateUnknownFields( + fldPath *field.Path, + clusterVariable *clusterv1.ClusterVariable, + variableValue interface{}, + variableSchema *apiextensions.JSONSchemaProps, +) field.ErrorList { + // Structural schema pruning does not work with scalar values, + // so we wrap the schema and the variable in objects. + // : + wrappedVariable := map[string]interface{}{ + clusterVariable.Name: variableValue, + } + // type: object + // properties: + // : + wrappedSchema := &apiextensions.JSONSchemaProps{ + Type: "object", + Properties: map[string]apiextensions.JSONSchemaProps{ + clusterVariable.Name: *variableSchema, + }, + } + ss, err := structuralschema.NewStructural(wrappedSchema) + if err != nil { + return field.ErrorList{field.Invalid(fldPath, "", + fmt.Sprintf("failed defaulting variable %q: %v", clusterVariable.Name, err))} + } + + // Run Prune to check if it would drop any unknown fields. + opts := structuralschema.UnknownFieldPathOptions{ + // TrackUnknownFieldPaths has to be true so PruneWithOptions returns the unknown fields. + TrackUnknownFieldPaths: true, + } + prunedUnknownFields := structuralpruning.PruneWithOptions(wrappedVariable, ss, false, opts) + if len(prunedUnknownFields) > 0 { + // If prune dropped any unknown fields, return an error. + // This means that not all variable fields have been defined in the variable schema and + // x-kubernetes-preserve-unknown-fields was not set. + return field.ErrorList{ + field.Invalid(fldPath, "", + fmt.Sprintf( + "failed validation: %q fields are not specified in the variable schema of variable %q", + strings.Join(prunedUnknownFields, ","), + clusterVariable.Name, + ), + ), + } + } + + return nil +} diff --git a/docs/content/apiserver-cert-sans.md b/docs/content/extra-apiserver-cert-sans.md similarity index 58% rename from docs/content/apiserver-cert-sans.md rename to docs/content/extra-apiserver-cert-sans.md index 023720fad..5dc9c76dc 100644 --- a/docs/content/apiserver-cert-sans.md +++ b/docs/content/extra-apiserver-cert-sans.md @@ -1,12 +1,12 @@ --- -title: "API Server Certificate SANs" +title: "Extra API Server Certificate SANs" --- If the API server can be accessed by alternative DNS addresses then setting additional SANs on the API server certificate is necessary in order for clients to successfully validate the API server certificate. -To enable the API server certificate SANs enable the `apiservercertsansvars` and `apiservercertsanspatch` external -patches on `ClusterClass`. +To enable the API server certificate SANs enable the `extraapiservercertsansvars` and `extraapiservercertsanspatch` +external patches on `ClusterClass`. ```yaml apiVersion: cluster.x-k8s.io/v1beta1 @@ -17,8 +17,8 @@ spec: patches: - name: apiserver-cert-sans external: - generateExtension: "apiservercertsanspatch." - discoverVariablesExtension: "apiservercertsansvars." + generateExtension: "extraapiservercertsanspatch." + discoverVariablesExtension: "extraapiservercertsansvars." ``` On the cluster resource then specify desired certificate SANs values: @@ -31,7 +31,7 @@ metadata: spec: topology: variables: - - name: apiServerCertSANs + - name: extraAPIServerCertSANs value: - a.b.c.example.com - d.e.f.example.com @@ -40,8 +40,8 @@ spec: Applying this configuration will result in the certificate SANs being correctly set in the `KubeadmControlPlaneTemplate`. -This hook is enabled by default, and can be explicitly disabled by omitting the `APIServerCertSANsVars` -and `APIServerCertSANsPatch` hook from the `--runtimehooks.enabled-handlers` flag. +This hook is enabled by default, and can be explicitly disabled by omitting the `ExtraAPIServerCertSANsVars` +and `ExtraAPIServerCertSANsPatch` hook from the `--runtimehooks.enabled-handlers` flag. -If deploying via Helm, then this can be disabled by setting `handlers.APIServerCertSANsVars.enabled=false` and -`handlers.APIServerCertSANsPatch.enabled=false`. +If deploying via Helm, then this can be disabled by setting `handlers.ExtraAPIServerCertSANsVars.enabled=false` and +`handlers.ExtraAPIServerCertSANsPatch.enabled=false`. diff --git a/go.mod b/go.mod index 751a410ce..ef993ba1c 100644 --- a/go.mod +++ b/go.mod @@ -5,10 +5,10 @@ module github.com/d2iq-labs/capi-runtime-extensions go 1.21 -replace github.com/d2iq-labs/capi-runtime-extensions/server => ./server +replace github.com/d2iq-labs/capi-runtime-extensions/common => ./common require ( - github.com/d2iq-labs/capi-runtime-extensions/server v0.0.0-00010101000000-000000000000 + github.com/d2iq-labs/capi-runtime-extensions/common v0.0.0-00010101000000-000000000000 github.com/go-logr/logr v1.2.4 github.com/onsi/gomega v1.27.10 github.com/spf13/pflag v1.0.5 @@ -22,10 +22,12 @@ require ( k8s.io/component-base v0.28.1 k8s.io/klog/v2 v2.100.1 sigs.k8s.io/cluster-api v1.5.1 - sigs.k8s.io/controller-runtime v0.16.0 + sigs.k8s.io/controller-runtime v0.16.1 ) require ( + github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect + github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/blang/semver/v4 v4.0.0 // indirect @@ -45,6 +47,7 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect + github.com/google/cel-go v0.16.0 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.2.0 // indirect @@ -66,6 +69,7 @@ require ( github.com/prometheus/common v0.44.0 // indirect github.com/prometheus/procfs v0.10.1 // indirect github.com/spf13/cobra v1.7.0 // indirect + github.com/stoewer/go-strcase v1.2.0 // indirect github.com/valyala/fastjson v1.6.4 // indirect golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect golang.org/x/net v0.13.0 // indirect @@ -75,10 +79,13 @@ require ( golang.org/x/text v0.11.0 // indirect golang.org/x/time v0.3.0 // indirect google.golang.org/appengine v1.6.7 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/apiserver v0.28.1 // indirect k8s.io/cluster-bootstrap v0.27.2 // indirect k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect diff --git a/go.sum b/go.sum index 05e15400f..992cd0277 100644 --- a/go.sum +++ b/go.sum @@ -21,12 +21,9 @@ github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7Y github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= -github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I= -github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 h1:yL7+Jz0jTC6yykIK/Wh74gnTJnrGr5AyrNMXuA0gves= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= @@ -44,8 +41,6 @@ github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdn github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -57,12 +52,7 @@ github.com/coredns/corefile-migration v1.0.21/go.mod h1:XnhgULOEouimnzgn0t4WPuFD github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= -github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU= -github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= -github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -81,8 +71,6 @@ github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLi github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= -github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= @@ -95,8 +83,6 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= -github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= @@ -155,12 +141,8 @@ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5m github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 h1:BZHcxBETFHIdVyhyEfOvn/RdU/QGdLI4y34qQGjGWO0= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -311,6 +293,7 @@ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSS github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= @@ -324,34 +307,8 @@ github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/etcd/api/v3 v3.5.9 h1:4wSsluwyTbGGmyjJktOf3wFQoTBIURXHnq9n/G/JQHs= -go.etcd.io/etcd/api/v3 v3.5.9/go.mod h1:uyAal843mC8uUVSLWz6eHa/d971iDGnCRpmKd2Z+X8k= -go.etcd.io/etcd/client/pkg/v3 v3.5.9 h1:oidDC4+YEuSIQbsR94rY9gur91UPL6DnxDCIYd2IGsE= -go.etcd.io/etcd/client/pkg/v3 v3.5.9/go.mod h1:y+CzeSmkMpWN2Jyu1npecjB9BBnABxGM4pN8cGuJeL4= -go.etcd.io/etcd/client/v3 v3.5.9 h1:r5xghnU7CwbUxD/fbUtRyJGaYNfDun8sp/gTr1hew6E= -go.etcd.io/etcd/client/v3 v3.5.9/go.mod h1:i/Eo5LrZ5IKqpbtpPDuaUnDOUv471oDg8cjQaUr2MbA= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0 h1:xFSRQBbXF6VvYRf2lqMJXxoB72XI1K/azav8TekHHSw= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0/go.mod h1:h8TWwRAhQpOd0aM5nYsRD8+flnkj+526GEIVlarH7eY= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1 h1:sxoY9kG1s1WpSYNyzm24rlwH4lnRYFXUVVBmKMBfRgw= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1/go.mod h1:9NiG9I2aHTKkcxqCILhjtyNA1QEiCjdBACv4IvrFQ+c= -go.opentelemetry.io/otel v1.10.0 h1:Y7DTJMR6zs1xkS/upamJYk0SxxN4C9AqRd77jmZnyY4= -go.opentelemetry.io/otel v1.10.0/go.mod h1:NbvWjCthWHKBEUMpf0/v8ZRZlni86PpGFEMA9pnQSnQ= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0 h1:TaB+1rQhddO1sF71MpZOZAuSPW1klK2M8XxfrBMfK7Y= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0/go.mod h1:78XhIg8Ht9vR4tbLNUhXsiOnE2HOuSeKAiAcoVQEpOY= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0 h1:pDDYmo0QadUPal5fwXoY1pmMpFcdyhXOmL5drCrI3vU= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0/go.mod h1:Krqnjl22jUJ0HgMzw5eveuCvFDXY4nSYb4F8t5gdrag= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0 h1:KtiUEhQmj/Pa874bVYKGNVdq8NPKiacPbaRRtgXi+t4= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0/go.mod h1:OfUCyyIiDvNXHWpcWgbF+MWvqPZiNa3YDEnivcnYsV0= -go.opentelemetry.io/otel/metric v0.31.0 h1:6SiklT+gfWAwWUR0meEMxQBtihpiEs4c+vL9spDTqUs= -go.opentelemetry.io/otel/metric v0.31.0/go.mod h1:ohmwj9KTSIeBnDBm/ZwH2PSZxZzoOaG2xZeekTRzL5A= -go.opentelemetry.io/otel/sdk v1.10.0 h1:jZ6K7sVn04kk/3DNUdJ4mqRlGDiXAVuIG+MMENpTNdY= -go.opentelemetry.io/otel/sdk v1.10.0/go.mod h1:vO06iKzD5baltJz1zarxMCNHFpUlUiOy4s65ECtn6kE= -go.opentelemetry.io/otel/trace v1.10.0 h1:npQMbR8o7mum8uF95yFbOEJffhs1sbCOfDh8zAJiH5E= -go.opentelemetry.io/otel/trace v1.10.0/go.mod h1:Sij3YYczqAdz+EhmGhE6TpTxUO5/F/AzrK+kxfGqySM= -go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw= -go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= @@ -501,8 +458,6 @@ google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54 h1:9NWlQfY2ePejTmfwUH1OWwmznFa+0kKcHGPDvcPza9M= -google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54/go.mod h1:zqTuNwFlFRsw5zIts5VnzLQxSRqh+CGOTVMlYbY0Eyk= google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9 h1:m8v1xLLLzMe1m5P+gCTF8nJB9epwZQUBERm20Oy1poQ= google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 h1:0nDDozoAU19Qb2HwhXadU8OcsiO/09cnTqhUtq2MEOM= @@ -510,8 +465,6 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go. google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag= -google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= @@ -525,11 +478,10 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc= -gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= @@ -558,19 +510,15 @@ k8s.io/component-base v0.28.1 h1:LA4AujMlK2mr0tZbQDZkjWbdhTV5bRyEyAFe0TJxlWg= k8s.io/component-base v0.28.1/go.mod h1:jI11OyhbX21Qtbav7JkhehyBsIRfnO8oEgoAR12ArIU= k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kms v0.28.1 h1:QLNTIc0k7Yebkt9yobj9Y9qBoRCMB4dq+pFCxVXVBnY= -k8s.io/kms v0.28.1/go.mod h1:I2TwA8oerDRInHWWBOqSUzv1EJDC1+55FQKYkxaPxh0= k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 h1:trsWhjU5jZrx6UvFu4WzQDrN7Pga4a7Qg+zcfcj64PA= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2/go.mod h1:+qG7ISXqCDVVcyO8hLn12AKVYYUjM7ftlqsqmrhMZE0= sigs.k8s.io/cluster-api v1.5.1 h1:+oO4EbVQcbBJr5wjqmdjvewPHSTbVLigXZqPk3ZO8t0= sigs.k8s.io/cluster-api v1.5.1/go.mod h1:EGJUNpFWi7dF426tO8MG/jE+w7T0UO5KyMnOwQ5riUY= -sigs.k8s.io/controller-runtime v0.16.0 h1:5koYaaRVBHDr0LZAJjO5dWzUjMsh6cwa7q1Mmusrdvk= -sigs.k8s.io/controller-runtime v0.16.0/go.mod h1:77DnuwA8+J7AO0njzv3wbNlMOnGuLrwFr8JPNwx3J7g= +sigs.k8s.io/controller-runtime v0.16.1 h1:+15lzrmHsE0s2kNl0Dl8cTchI5Cs8qofo5PGcPrV9z0= +sigs.k8s.io/controller-runtime v0.16.1/go.mod h1:vpMu3LpI5sYWtujJOa2uPK61nB5rbwlN7BAB8aSLvGU= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= diff --git a/pkg/capi/clustertopology/patches/generator.go b/pkg/capi/clustertopology/patches/generator.go index 9c8790e0f..a4a09d4f6 100644 --- a/pkg/capi/clustertopology/patches/generator.go +++ b/pkg/capi/clustertopology/patches/generator.go @@ -33,7 +33,7 @@ func Generate[T runtime.Object]( } if !matchers.MatchesSelector(patchSelector, obj, holderRef, vars) { - log.WithValues("selector", patchSelector).Info("not matching selector") + log.V(5).WithValues("selector", patchSelector).Info("not matching selector") return nil } diff --git a/pkg/handlers/apiservercertsans/variables.go b/pkg/handlers/apiservercertsans/variables.go deleted file mode 100644 index b0644d804..000000000 --- a/pkg/handlers/apiservercertsans/variables.go +++ /dev/null @@ -1,65 +0,0 @@ -// Copyright 2023 D2iQ, Inc. All rights reserved. -// SPDX-License-Identifier: Apache-2.0 - -package apiservercertsans - -import ( - "context" - - clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" - runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1" - - "github.com/d2iq-labs/capi-runtime-extensions/server/pkg/handlers" -) - -var ( - _ handlers.NamedHandler = &apiServerCertSANsVariableHandler{} - _ handlers.DiscoverVariablesMutationHandler = &apiServerCertSANsVariableHandler{} -) - -const ( - // VariableName is http proxy external patch variable name. - VariableName = "apiServerCertSANs" - - // HandlerNameVariable is the name of the variable handler. - HandlerNameVariable = "APIServerCertSANsVars" -) - -func NewVariable() *apiServerCertSANsVariableHandler { - return &apiServerCertSANsVariableHandler{} -} - -type apiServerCertSANsVariableHandler struct{} - -func (h *apiServerCertSANsVariableHandler) Name() string { - return HandlerNameVariable -} - -func (h *apiServerCertSANsVariableHandler) DiscoverVariables( - ctx context.Context, - _ *runtimehooksv1.DiscoverVariablesRequest, - resp *runtimehooksv1.DiscoverVariablesResponse, -) { - variable := APIServerCertSANsVariables{} - resp.Variables = append(resp.Variables, clusterv1.ClusterClassVariable{ - Name: VariableName, - Required: false, - Schema: variable.VariableSchema(), - }) - resp.SetStatus(runtimehooksv1.ResponseStatusSuccess) -} - -// APIServerCertSANsVariables required for providing API server cert SANs. -type APIServerCertSANsVariables []string - -// VariableSchema provides Cluster Class variable schema definition. -func (APIServerCertSANsVariables) VariableSchema() clusterv1.VariableSchema { - return clusterv1.VariableSchema{ - OpenAPIV3Schema: clusterv1.JSONSchemaProps{ - Type: "array", - Items: &clusterv1.JSONSchemaProps{ - Type: "string", - }, - }, - } -} diff --git a/pkg/handlers/apiservercertsans/variables_test.go b/pkg/handlers/apiservercertsans/variables_test.go deleted file mode 100644 index 83b128465..000000000 --- a/pkg/handlers/apiservercertsans/variables_test.go +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright 2023 D2iQ, Inc. All rights reserved. -// SPDX-License-Identifier: Apache-2.0 - -package apiservercertsans - -import ( - "context" - "testing" - - . "github.com/onsi/gomega" - . "github.com/onsi/gomega/gstruct" - runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1" -) - -func TestDiscoverVariables(t *testing.T) { - g := NewWithT(t) - h := NewVariable() - resp := &runtimehooksv1.DiscoverVariablesResponse{} - h.DiscoverVariables(context.Background(), &runtimehooksv1.DiscoverVariablesRequest{}, resp) - - g.Expect(resp.Status).To(Equal(runtimehooksv1.ResponseStatusSuccess)) - g.Expect(resp.Variables).To(HaveLen(1)) - - variable := resp.Variables[0] - g.Expect(variable).To(MatchFields(IgnoreExtras, Fields{ - "Name": Equal(VariableName), - "Required": BeFalse(), - "Schema": Equal(APIServerCertSANsVariables{}.VariableSchema()), - })) -} diff --git a/pkg/handlers/auditpolicy/inject.go b/pkg/handlers/auditpolicy/inject.go index 1c3ffd56f..a2ed10e6f 100644 --- a/pkg/handlers/auditpolicy/inject.go +++ b/pkg/handlers/auditpolicy/inject.go @@ -10,16 +10,16 @@ import ( apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" - "k8s.io/apimachinery/pkg/types" bootstrapv1 "sigs.k8s.io/cluster-api/bootstrap/kubeadm/api/v1beta1" controlplanev1 "sigs.k8s.io/cluster-api/controlplane/kubeadm/api/v1beta1" runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1" "sigs.k8s.io/cluster-api/exp/runtime/topologymutation" ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/handlers" "github.com/d2iq-labs/capi-runtime-extensions/pkg/capi/clustertopology/patches" "github.com/d2iq-labs/capi-runtime-extensions/pkg/capi/clustertopology/patches/selectors" - "github.com/d2iq-labs/capi-runtime-extensions/server/pkg/handlers" ) const ( @@ -80,10 +80,10 @@ func (h *auditPolicyPatchHandler) GeneratePatches( return patches.Generate( obj, vars, &holderRef, selectors.ControlPlane(), log, func(obj *controlplanev1.KubeadmControlPlaneTemplate) error { - log.WithValues("namespacedName", types.NamespacedName{ - Name: obj.Name, - Namespace: obj.Namespace, - }).Info("adding files and updating API server extra args in kubeadm config spec") + log.WithValues( + "patchedObjectKind", obj.GetObjectKind().GroupVersionKind().String(), + "patchedObjectName", client.ObjectKeyFromObject(obj), + ).Info("adding files and updating API server extra args in kubeadm config spec") obj.Spec.Template.Spec.KubeadmConfigSpec.Files = append( obj.Spec.Template.Spec.KubeadmConfigSpec.Files, diff --git a/pkg/handlers/cni/calico/handler.go b/pkg/handlers/cni/calico/handler.go index 5288dd2d7..335109d46 100644 --- a/pkg/handlers/cni/calico/handler.go +++ b/pkg/handlers/cni/calico/handler.go @@ -23,10 +23,10 @@ import ( ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/handlers" "github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/cni" "github.com/d2iq-labs/capi-runtime-extensions/pkg/k8s/client" "github.com/d2iq-labs/capi-runtime-extensions/pkg/k8s/parser" - "github.com/d2iq-labs/capi-runtime-extensions/server/pkg/handlers" ) const ( diff --git a/pkg/handlers/apiservercertsans/inject.go b/pkg/handlers/extraapiservercertsans/inject.go similarity index 64% rename from pkg/handlers/apiservercertsans/inject.go rename to pkg/handlers/extraapiservercertsans/inject.go index b440ace7f..5d3350020 100644 --- a/pkg/handlers/apiservercertsans/inject.go +++ b/pkg/handlers/extraapiservercertsans/inject.go @@ -1,7 +1,7 @@ // Copyright 2023 D2iQ, Inc. All rights reserved. // SPDX-License-Identifier: Apache-2.0 -package apiservercertsans +package extraapiservercertsans import ( "context" @@ -10,38 +10,38 @@ import ( apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" - "k8s.io/apimachinery/pkg/types" bootstrapv1 "sigs.k8s.io/cluster-api/bootstrap/kubeadm/api/v1beta1" controlplanev1 "sigs.k8s.io/cluster-api/controlplane/kubeadm/api/v1beta1" runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1" "sigs.k8s.io/cluster-api/exp/runtime/topologymutation" ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/handlers" "github.com/d2iq-labs/capi-runtime-extensions/pkg/capi/clustertopology/patches" "github.com/d2iq-labs/capi-runtime-extensions/pkg/capi/clustertopology/patches/selectors" "github.com/d2iq-labs/capi-runtime-extensions/pkg/capi/clustertopology/variables" - "github.com/d2iq-labs/capi-runtime-extensions/server/pkg/handlers" ) const ( // HandlerNamePatch is the name of the inject handler. - HandlerNamePatch = "APIServerCertSANsPatch" + HandlerNamePatch = "ExtraAPIServerCertSANsPatch" ) -type apiServerCertSANsPatchHandler struct { +type extraAPIServerCertSANsPatchHandler struct { decoder runtime.Decoder } var ( - _ handlers.NamedHandler = &apiServerCertSANsPatchHandler{} - _ handlers.GeneratePatchesMutationHandler = &apiServerCertSANsPatchHandler{} + _ handlers.NamedHandler = &extraAPIServerCertSANsPatchHandler{} + _ handlers.GeneratePatchesMutationHandler = &extraAPIServerCertSANsPatchHandler{} ) -func NewPatch() *apiServerCertSANsPatchHandler { +func NewPatch() *extraAPIServerCertSANsPatchHandler { scheme := runtime.NewScheme() _ = bootstrapv1.AddToScheme(scheme) _ = controlplanev1.AddToScheme(scheme) - return &apiServerCertSANsPatchHandler{ + return &extraAPIServerCertSANsPatchHandler{ decoder: serializer.NewCodecFactory(scheme).UniversalDecoder( controlplanev1.GroupVersion, bootstrapv1.GroupVersion, @@ -49,11 +49,11 @@ func NewPatch() *apiServerCertSANsPatchHandler { } } -func (h *apiServerCertSANsPatchHandler) Name() string { +func (h *extraAPIServerCertSANsPatchHandler) Name() string { return HandlerNamePatch } -func (h *apiServerCertSANsPatchHandler) GeneratePatches( +func (h *extraAPIServerCertSANsPatchHandler) GeneratePatches( ctx context.Context, req *runtimehooksv1.GeneratePatchesRequest, resp *runtimehooksv1.GeneratePatchesResponse, @@ -73,7 +73,7 @@ func (h *apiServerCertSANsPatchHandler) GeneratePatches( "holderRef", holderRef, ) - apiServerCertSANsVar, found, err := variables.Get[APIServerCertSANsVariables]( + extraAPIServerCertSANsVar, found, err := variables.Get[ExtraAPIServerCertSANsVariables]( vars, VariableName, ) @@ -81,22 +81,29 @@ func (h *apiServerCertSANsPatchHandler) GeneratePatches( return err } if !found { - log.Info("API server cert SANs variable not defined") + log.V(5).Info("Extra API server cert SANs variable not defined") return nil } + log = log.WithValues( + "variableName", + VariableName, + "variableValue", + extraAPIServerCertSANsVar, + ) + return patches.Generate( obj, vars, &holderRef, selectors.ControlPlane(), log, func(obj *controlplanev1.KubeadmControlPlaneTemplate) error { - log.WithValues("namespacedName", types.NamespacedName{ - Name: obj.Name, - Namespace: obj.Namespace, - }).Info("adding API server extra cert SANs in kubeadm config spec") + log.WithValues( + "patchedObjectKind", obj.GetObjectKind().GroupVersionKind().String(), + "patchedObjectName", client.ObjectKeyFromObject(obj), + ).Info("adding API server extra cert SANs in kubeadm config spec") if obj.Spec.Template.Spec.KubeadmConfigSpec.ClusterConfiguration == nil { obj.Spec.Template.Spec.KubeadmConfigSpec.ClusterConfiguration = &bootstrapv1.ClusterConfiguration{} } - obj.Spec.Template.Spec.KubeadmConfigSpec.ClusterConfiguration.APIServer.CertSANs = apiServerCertSANsVar + obj.Spec.Template.Spec.KubeadmConfigSpec.ClusterConfiguration.APIServer.CertSANs = extraAPIServerCertSANsVar return nil }, diff --git a/pkg/handlers/apiservercertsans/inject_test.go b/pkg/handlers/extraapiservercertsans/inject_test.go similarity index 96% rename from pkg/handlers/apiservercertsans/inject_test.go rename to pkg/handlers/extraapiservercertsans/inject_test.go index 30f73db89..14d2c7374 100644 --- a/pkg/handlers/apiservercertsans/inject_test.go +++ b/pkg/handlers/extraapiservercertsans/inject_test.go @@ -1,7 +1,7 @@ // Copyright 2023 D2iQ, Inc. All rights reserved. // SPDX-License-Identifier: Apache-2.0 -package apiservercertsans +package extraapiservercertsans import ( "bytes" @@ -37,7 +37,7 @@ func TestGeneratePatches_KubeadmControlPlaneTemplate(t *testing.T) { Variables: []runtimehooksv1.Variable{ newVariable( VariableName, - APIServerCertSANsVariables{"a.b.c.example.com", "d.e.f.example.com"}, + ExtraAPIServerCertSANsVariables{"a.b.c.example.com", "d.e.f.example.com"}, ), }, Items: []runtimehooksv1.GeneratePatchesRequestItem{ diff --git a/pkg/handlers/extraapiservercertsans/variables.go b/pkg/handlers/extraapiservercertsans/variables.go new file mode 100644 index 000000000..05d748953 --- /dev/null +++ b/pkg/handlers/extraapiservercertsans/variables.go @@ -0,0 +1,69 @@ +// Copyright 2023 D2iQ, Inc. All rights reserved. +// SPDX-License-Identifier: Apache-2.0 + +package extraapiservercertsans + +import ( + "context" + + clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1" + + "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/handlers" + "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/openapi/patterns" +) + +var ( + _ handlers.NamedHandler = &extraAPIServerCertSANsVariableHandler{} + _ handlers.DiscoverVariablesMutationHandler = &extraAPIServerCertSANsVariableHandler{} +) + +const ( + // VariableName is http proxy external patch variable name. + VariableName = "extraAPIServerCertSANs" + + // HandlerNameVariable is the name of the variable handler. + HandlerNameVariable = "ExtraAPIServerCertSANsVars" +) + +func NewVariable() *extraAPIServerCertSANsVariableHandler { + return &extraAPIServerCertSANsVariableHandler{} +} + +type extraAPIServerCertSANsVariableHandler struct{} + +func (h *extraAPIServerCertSANsVariableHandler) Name() string { + return HandlerNameVariable +} + +func (h *extraAPIServerCertSANsVariableHandler) DiscoverVariables( + ctx context.Context, + _ *runtimehooksv1.DiscoverVariablesRequest, + resp *runtimehooksv1.DiscoverVariablesResponse, +) { + variable := ExtraAPIServerCertSANsVariables{} + resp.Variables = append(resp.Variables, clusterv1.ClusterClassVariable{ + Name: VariableName, + Required: false, + Schema: variable.VariableSchema(), + }) + resp.SetStatus(runtimehooksv1.ResponseStatusSuccess) +} + +// ExtraAPIServerCertSANsVariables required for providing API server cert SANs. +type ExtraAPIServerCertSANsVariables []string + +// VariableSchema provides Cluster Class variable schema definition. +func (ExtraAPIServerCertSANsVariables) VariableSchema() clusterv1.VariableSchema { + return clusterv1.VariableSchema{ + OpenAPIV3Schema: clusterv1.JSONSchemaProps{ + Description: "Extra Subject Alternative Names for the API Server signing cert", + Type: "array", + UniqueItems: true, + Items: &clusterv1.JSONSchemaProps{ + Type: "string", + Pattern: patterns.Anchored(patterns.DNS1123Subdomain), + }, + }, + } +} diff --git a/pkg/handlers/extraapiservercertsans/variables_test.go b/pkg/handlers/extraapiservercertsans/variables_test.go new file mode 100644 index 000000000..3881cbe4b --- /dev/null +++ b/pkg/handlers/extraapiservercertsans/variables_test.go @@ -0,0 +1,85 @@ +// Copyright 2023 D2iQ, Inc. All rights reserved. +// SPDX-License-Identifier: Apache-2.0 + +package extraapiservercertsans + +import ( + "context" + "encoding/json" + "testing" + + . "github.com/onsi/gomega" + . "github.com/onsi/gomega/gstruct" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "k8s.io/apimachinery/pkg/util/validation/field" + clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1" + + "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/testutils/openapi" +) + +func TestVariableValidation_extraAPIServerCertSANs(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + vals []string + expectError bool + }{{ + name: "single valid SAN", + vals: []string{"a.b.c.example.com"}, + }, { + name: "single invalid SAN", + vals: []string{"invalid:san"}, + expectError: true, + }, { + name: "duplicate valid SANs", + vals: []string{"a.b.c.example.com", "a.b.c.example.com"}, + expectError: true, + }} + + for idx := range tests { + tt := tests[idx] + + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + g := NewWithT(t) + h := NewVariable() + resp := &runtimehooksv1.DiscoverVariablesResponse{} + h.DiscoverVariables( + context.Background(), + &runtimehooksv1.DiscoverVariablesRequest{}, + resp, + ) + + g.Expect(resp.Status).To(Equal(runtimehooksv1.ResponseStatusSuccess)) + g.Expect(resp.Variables).To(HaveLen(1)) + + variable := resp.Variables[0] + g.Expect(variable).To(MatchFields(IgnoreExtras, Fields{ + "Name": Equal(VariableName), + "Required": BeFalse(), + "Schema": Equal(ExtraAPIServerCertSANsVariables{}.VariableSchema()), + })) + + encodedVals, err := json.Marshal(tt.vals) + g.Expect(err).NotTo(HaveOccurred()) + + validateErr := openapi.ValidateClusterVariable( + &clusterv1.ClusterVariable{ + Name: VariableName, + Value: apiextensionsv1.JSON{Raw: encodedVals}, + }, + &variable, + field.NewPath(VariableName), + ).ToAggregate() + + if tt.expectError { + g.Expect(validateErr).To(HaveOccurred()) + } else { + g.Expect(validateErr).NotTo(HaveOccurred()) + } + }) + } +} diff --git a/pkg/handlers/httpproxy/inject.go b/pkg/handlers/httpproxy/inject.go index ec108af10..c164330c2 100644 --- a/pkg/handlers/httpproxy/inject.go +++ b/pkg/handlers/httpproxy/inject.go @@ -9,17 +9,17 @@ import ( apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" - "k8s.io/apimachinery/pkg/types" bootstrapv1 "sigs.k8s.io/cluster-api/bootstrap/kubeadm/api/v1beta1" controlplanev1 "sigs.k8s.io/cluster-api/controlplane/kubeadm/api/v1beta1" runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1" "sigs.k8s.io/cluster-api/exp/runtime/topologymutation" ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/handlers" "github.com/d2iq-labs/capi-runtime-extensions/pkg/capi/clustertopology/patches" "github.com/d2iq-labs/capi-runtime-extensions/pkg/capi/clustertopology/patches/selectors" "github.com/d2iq-labs/capi-runtime-extensions/pkg/capi/clustertopology/variables" - "github.com/d2iq-labs/capi-runtime-extensions/server/pkg/handlers" ) const ( @@ -84,15 +84,15 @@ func (h *httpProxyPatchHandler) GeneratePatches( return nil } - log = log.WithValues("httpProxyVariable", httpProxyVariable) + log = log.WithValues("variableName", VariableName, "variableValue", httpProxyVariable) if err := patches.Generate( obj, vars, &holderRef, selectors.ControlPlane(), log, func(obj *controlplanev1.KubeadmControlPlaneTemplate) error { - log.WithValues("namespacedName", types.NamespacedName{ - Name: obj.Name, - Namespace: obj.Namespace, - }).Info("adding files to kubeadm config spec") + log.WithValues( + "patchedObjectKind", obj.GetObjectKind().GroupVersionKind().String(), + "patchedObjectName", client.ObjectKeyFromObject(obj), + ).Info("adding files to control plane kubeadm config spec") obj.Spec.Template.Spec.KubeadmConfigSpec.Files = append( obj.Spec.Template.Spec.KubeadmConfigSpec.Files, generateSystemdFiles(httpProxyVariable)..., @@ -105,10 +105,10 @@ func (h *httpProxyPatchHandler) GeneratePatches( if err := patches.Generate( obj, vars, &holderRef, selectors.AllWorkersSelector(), log, func(obj *bootstrapv1.KubeadmConfigTemplate) error { - log.WithValues("namespacedName", types.NamespacedName{ - Name: obj.Name, - Namespace: obj.Namespace, - }).Info("adding files to worker node kubeadm config template") + log.WithValues( + "patchedObjectKind", obj.GetObjectKind().GroupVersionKind().String(), + "patchedObjectName", client.ObjectKeyFromObject(obj), + ).Info("adding files to worker node kubeadm config template") obj.Spec.Template.Spec.Files = append( obj.Spec.Template.Spec.Files, generateSystemdFiles(httpProxyVariable)..., diff --git a/pkg/handlers/httpproxy/variables.go b/pkg/handlers/httpproxy/variables.go index 85fd3597b..cf5ed7ed0 100644 --- a/pkg/handlers/httpproxy/variables.go +++ b/pkg/handlers/httpproxy/variables.go @@ -9,7 +9,7 @@ import ( clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1" - "github.com/d2iq-labs/capi-runtime-extensions/server/pkg/handlers" + "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/handlers" ) var ( diff --git a/pkg/handlers/servicelbgc/handler.go b/pkg/handlers/servicelbgc/handler.go index c65250e96..bf5c8e20d 100644 --- a/pkg/handlers/servicelbgc/handler.go +++ b/pkg/handlers/servicelbgc/handler.go @@ -13,7 +13,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" - "github.com/d2iq-labs/capi-runtime-extensions/server/pkg/handlers" + "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/handlers" ) type ServiceLoadBalancerGC struct {