build: move e2e dependencies into e2e/go.mod

Several packages are only used while running the e2e suite. These packages are less important to update, as the they can not influence the final executable that is part of the Ceph-CSI container-image. By moving these dependencies out of the main Ceph-CSI go.mod, it is easier to identify if a reported CVE affects Ceph-CSI, or only the testing (like most of the Kubernetes CVEs). Signed-off-by: Niels de Vos <ndevos@ibm.com>
2025-06-13 02:33:34 +00:00 · 2025-03-04 08:57:28 +01:00
parent 15da101b1b
commit bec6090996
8047 changed files with 1407827 additions and 3453 deletions
--- a/e2e/vendor/k8s.io/component-helpers/node/topology/helpers.go
+++ b/e2e/vendor/k8s.io/component-helpers/node/topology/helpers.go
@ -0,0 +1,58 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package topology
+
+import (
+	"k8s.io/api/core/v1"
+)
+
+// GetZoneKey is a helper function that builds a string identifier that is unique per failure-zone;
+// it returns empty-string for no zone.
+// Since there are currently two separate zone keys:
+//   - "failure-domain.beta.kubernetes.io/zone"
+//   - "topology.kubernetes.io/zone"
+//
+// GetZoneKey will first check failure-domain.beta.kubernetes.io/zone and if not exists, will then check
+// topology.kubernetes.io/zone
+func GetZoneKey(node *v1.Node) string {
+	labels := node.Labels
+	if labels == nil {
+		return ""
+	}
+
+	// TODO: "failure-domain.beta..." names are deprecated, but will
+	// stick around a long time due to existing on old extant objects like PVs.
+	// Maybe one day we can stop considering them (see #88493).
+	zone, ok := labels[v1.LabelFailureDomainBetaZone]
+	if !ok {
+		zone, _ = labels[v1.LabelTopologyZone]
+	}
+
+	region, ok := labels[v1.LabelFailureDomainBetaRegion]
+	if !ok {
+		region, _ = labels[v1.LabelTopologyRegion]
+	}
+
+	if region == "" && zone == "" {
+		return ""
+	}
+
+	// We include the null character just in case region or failureDomain has a colon
+	// (We do assume there's no null characters in a region or failureDomain)
+	// As a nice side-benefit, the null character is not printed by fmt.Print or glog
+	return region + ":\x00:" + zone
+}
--- a/e2e/vendor/k8s.io/component-helpers/node/util/sysctl/namespace.go
+++ b/e2e/vendor/k8s.io/component-helpers/node/util/sysctl/namespace.go
@ -0,0 +1,104 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package sysctl
+
+import (
+	"strings"
+)
+
+// Namespace represents a kernel namespace name.
+type Namespace string
+
+const (
+	// refer to https://man7.org/linux/man-pages/man7/ipc_namespaces.7.html
+	// the Linux IPC namespace
+	IPCNamespace = Namespace("IPC")
+
+	// refer to https://man7.org/linux/man-pages/man7/network_namespaces.7.html
+	// the network namespace
+	NetNamespace = Namespace("Net")
+
+	// the zero value if no namespace is known
+	UnknownNamespace = Namespace("")
+)
+
+var nameToNamespace = map[string]Namespace{
+	// kernel semaphore parameters: SEMMSL, SEMMNS, SEMOPM, and SEMMNI.
+	"kernel.sem": IPCNamespace,
+	// kernel shared memory limits include shmall, shmmax, shmmni, and shm_rmid_forced.
+	"kernel.shmall":          IPCNamespace,
+	"kernel.shmmax":          IPCNamespace,
+	"kernel.shmmni":          IPCNamespace,
+	"kernel.shm_rmid_forced": IPCNamespace,
+	// make backward compatibility  to know the namespace of kernel.shm*
+	"kernel.shm": IPCNamespace,
+	// kernel messages include msgmni, msgmax and msgmnb.
+	"kernel.msgmax": IPCNamespace,
+	"kernel.msgmnb": IPCNamespace,
+	"kernel.msgmni": IPCNamespace,
+	// make backward compatibility to know the namespace of kernel.msg*
+	"kernel.msg": IPCNamespace,
+}
+
+var prefixToNamespace = map[string]Namespace{
+	"net": NetNamespace,
+	// mqueue filesystem provides the necessary kernel features to enable the creation
+	// of a user space library that implements the POSIX message queues API.
+	"fs.mqueue": IPCNamespace,
+}
+
+// namespaceOf returns the namespace of the Linux kernel for a sysctl, or
+// unknownNamespace if the sysctl is not known to be namespaced.
+// The second return is prefixed bool.
+// It returns true if the key is prefixed with a key in the prefix map
+func namespaceOf(val string) Namespace {
+	if ns, found := nameToNamespace[val]; found {
+		return ns
+	}
+	for p, ns := range prefixToNamespace {
+		if strings.HasPrefix(val, p+".") {
+			return ns
+		}
+	}
+	return UnknownNamespace
+}
+
+// GetNamespace extracts information from a sysctl string. It returns:
+//  1. The sysctl namespace, which can be one of the following: IPC, Net, or unknown.
+//  2. sysctlOrPrefix: the prefix of the sysctl parameter until the first '*'.
+//     If there is no '*', it will be the original string.
+//  3. 'prefixed' is set to true if the sysctl parameter contains '*' or it is in the prefixToNamespace key list, in most cases, it is a suffix *.
+//
+// For example, if the input sysctl is 'net.ipv6.neigh.*', GetNamespace will return:
+// - The Net namespace
+// - The sysctlOrPrefix as 'net.ipv6.neigh'
+// - 'prefixed' set to true
+//
+// For the input sysctl 'net.ipv6.conf.all.disable_ipv6', GetNamespace will return:
+// - The Net namespace
+// - The sysctlOrPrefix as 'net.ipv6.conf.all.disable_ipv6'
+// - 'prefixed' set to false.
+func GetNamespace(sysctl string) (ns Namespace, sysctlOrPrefix string, prefixed bool) {
+	sysctlOrPrefix = NormalizeName(sysctl)
+	firstIndex := strings.IndexAny(sysctlOrPrefix, "*")
+	if firstIndex != -1 {
+		sysctlOrPrefix = sysctlOrPrefix[:firstIndex]
+		prefixed = true
+	}
+	ns = namespaceOf(sysctlOrPrefix)
+	return
+}
--- a/e2e/vendor/k8s.io/component-helpers/node/util/sysctl/sysctl.go
+++ b/e2e/vendor/k8s.io/component-helpers/node/util/sysctl/sysctl.go
@ -0,0 +1,131 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package sysctl
+
+import (
+	"os"
+	"path"
+	"strconv"
+	"strings"
+)
+
+const (
+	sysctlBase = "/proc/sys"
+	// VMOvercommitMemory refers to the sysctl variable responsible for defining
+	// the memory over-commit policy used by kernel.
+	VMOvercommitMemory = "vm/overcommit_memory"
+	// VMPanicOnOOM refers to the sysctl variable responsible for defining
+	// the OOM behavior used by kernel.
+	VMPanicOnOOM = "vm/panic_on_oom"
+	// KernelPanic refers to the sysctl variable responsible for defining
+	// the timeout after a panic for the kernel to reboot.
+	KernelPanic = "kernel/panic"
+	// KernelPanicOnOops refers to the sysctl variable responsible for defining
+	// the kernel behavior when an oops or BUG is encountered.
+	KernelPanicOnOops = "kernel/panic_on_oops"
+	// RootMaxKeys refers to the sysctl variable responsible for defining
+	// the maximum number of keys that the root user (UID 0 in the root user namespace) may own.
+	RootMaxKeys = "kernel/keys/root_maxkeys"
+	// RootMaxBytes refers to the sysctl variable responsible for defining
+	// the maximum number of bytes of data that the root user (UID 0 in the root user namespace)
+	// can hold in the payloads of the keys owned by root.
+	RootMaxBytes = "kernel/keys/root_maxbytes"
+
+	// VMOvercommitMemoryAlways represents that kernel performs no memory over-commit handling.
+	VMOvercommitMemoryAlways = 1
+	// VMPanicOnOOMInvokeOOMKiller represents that kernel calls the oom_killer function when OOM occurs.
+	VMPanicOnOOMInvokeOOMKiller = 0
+
+	// KernelPanicOnOopsAlways represents that kernel panics on kernel oops.
+	KernelPanicOnOopsAlways = 1
+	// KernelPanicRebootTimeout is the timeout seconds after a panic for the kernel to reboot.
+	KernelPanicRebootTimeout = 10
+
+	// RootMaxKeysSetting is the maximum number of keys that the root user (UID 0 in the root user namespace) may own.
+	// Needed since docker creates a new key per container.
+	RootMaxKeysSetting = 1000000
+	// RootMaxBytesSetting is the maximum number of bytes of data that the root user (UID 0 in the root user namespace)
+	// can hold in the payloads of the keys owned by root.
+	// Allocate 25 bytes per key * number of MaxKeys.
+	RootMaxBytesSetting = RootMaxKeysSetting * 25
+)
+
+// Interface is an injectable interface for running sysctl commands.
+type Interface interface {
+	// GetSysctl returns the value for the specified sysctl setting
+	GetSysctl(sysctl string) (int, error)
+	// SetSysctl modifies the specified sysctl flag to the new value
+	SetSysctl(sysctl string, newVal int) error
+}
+
+// New returns a new Interface for accessing sysctl
+func New() Interface {
+	return &procSysctl{}
+}
+
+// procSysctl implements Interface by reading and writing files under /proc/sys
+type procSysctl struct {
+}
+
+// GetSysctl returns the value for the specified sysctl setting
+func (*procSysctl) GetSysctl(sysctl string) (int, error) {
+	data, err := os.ReadFile(path.Join(sysctlBase, sysctl))
+	if err != nil {
+		return -1, err
+	}
+	val, err := strconv.Atoi(strings.Trim(string(data), " \n"))
+	if err != nil {
+		return -1, err
+	}
+	return val, nil
+}
+
+// SetSysctl modifies the specified sysctl flag to the new value
+func (*procSysctl) SetSysctl(sysctl string, newVal int) error {
+	return os.WriteFile(path.Join(sysctlBase, sysctl), []byte(strconv.Itoa(newVal)), 0640)
+}
+
+// NormalizeName can return sysctl variables in dots separator format.
+// The '/' separator is also accepted in place of a '.'.
+// Convert the sysctl variables to dots separator format for validation.
+// More info:
+//
+//	https://man7.org/linux/man-pages/man8/sysctl.8.html
+//	https://man7.org/linux/man-pages/man5/sysctl.d.5.html
+func NormalizeName(val string) string {
+	if val == "" {
+		return val
+	}
+	firstSepIndex := strings.IndexAny(val, "./")
+	// if the first found is `.` like `net.ipv4.conf.eno2/100.rp_filter`
+	if firstSepIndex == -1 || val[firstSepIndex] == '.' {
+		return val
+	}
+
+	// for `net/ipv4/conf/eno2.100/rp_filter`, swap the use of `.` and `/`
+	// to `net.ipv4.conf.eno2/100.rp_filter`
+	f := func(r rune) rune {
+		switch r {
+		case '.':
+			return '/'
+		case '/':
+			return '.'
+		}
+		return r
+	}
+	return strings.Map(f, val)
+}