mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-01-19 03:09:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #70 from ceph/devel

Browse Source 
Sync rhs:devel with ceph:devel
This commit is contained in:
OpenShift Merge Robot 2022-01-27 01:42:48 -05:00 committed by GitHub
commit d87da1253d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
75 changed files with 17129 additions and 1638 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -54,6 +54,7 @@ environments.
| Ceph CSI Version | Container Orchestrator Name | Version Tested|
| -----------------| --------------------------- | --------------|
| v3.5.1 | Kubernetes | v1.21, v1.22, v1.23|
| v3.5.0 | Kubernetes | v1.21, v1.22, v1.23|
| v3.4.0 | Kubernetes | v1.20, v1.21, v1.22|
@ -119,6 +120,7 @@ in the Kubernetes documentation.
| Ceph CSI Release/Branch | Container image name | Image Tag |
| ----------------------- | ---------------------------- | --------- |
| devel (Branch) | quay.io/cephcsi/cephcsi | canary |
| v3.5.1 (Release) | quay.io/cephcsi/cephcsi | v3.5.1 |
| v3.5.0 (Release) | quay.io/cephcsi/cephcsi | v3.5.0 |
| v3.4.0 (Release) | quay.io/cephcsi/cephcsi | v3.4.0 |

12
build.env
View File

@ -12,7 +12,7 @@
CSI_IMAGE_VERSION=canary
# Ceph version to use
BASE_IMAGE=docker.io/ceph/ceph:v16
BASE_IMAGE=quay.io/ceph/ceph:v16
CEPH_VERSION=pacific
# standard Golang options
@ -23,7 +23,7 @@ GO111MODULE=on
COMMITLINT_VERSION=latest
# static checks and linters
GOLANGCI_VERSION=v1.39.0
GOLANGCI_VERSION=v1.43.0
# external snapshotter version
# Refer: https://github.com/kubernetes-csi/external-snapshotter/releases
@ -38,20 +38,20 @@ SNAPSHOT_VERSION=v4.0.0
HELM_VERSION=v3.1.2
# minikube settings
MINIKUBE_VERSION=v1.24.0
MINIKUBE_VERSION=v1.25.0
VM_DRIVER=none
CHANGE_MINIKUBE_NONE_USER=true
# Rook options
ROOK_VERSION=v1.6.2
ROOK_VERSION=v1.8.2
# Provide ceph image path
ROOK_CEPH_CLUSTER_IMAGE=docker.io/ceph/ceph:v16
ROOK_CEPH_CLUSTER_IMAGE=quay.io/ceph/ceph:v16
# CSI sidecar version
CSI_ATTACHER_VERSION=v3.4.0
CSI_SNAPSHOTTER_VERSION=v4.2.0
CSI_PROVISIONER_VERSION=v3.1.0
CSI_RESIZER_VERSION=v1.3.0
CSI_RESIZER_VERSION=v1.4.0
CSI_NODE_DRIVER_REGISTRAR_VERSION=v2.4.0
# e2e settings

2
charts/ceph-csi-cephfs/values.yaml
View File

@ -179,7 +179,7 @@ provisioner:
enabled: true
image:
repository: k8s.gcr.io/sig-storage/csi-resizer
tag: v1.3.0
tag: v1.4.0
pullPolicy: IfNotPresent
resources: {}

2
charts/ceph-csi-rbd/values.yaml
View File

@ -216,7 +216,7 @@ provisioner:
enabled: true
image:
repository: k8s.gcr.io/sig-storage/csi-resizer
tag: v1.3.0
tag: v1.4.0
pullPolicy: IfNotPresent
resources: {}

2
deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml
View File

@ -60,7 +60,7 @@ spec:
- name: socket-dir
mountPath: /csi
- name: csi-resizer
image: k8s.gcr.io/sig-storage/csi-resizer:v1.3.0
image: k8s.gcr.io/sig-storage/csi-resizer:v1.4.0
args:
- "--csi-address=$(ADDRESS)"
- "--v=5"

2
deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml
View File

@ -95,7 +95,7 @@ spec:
- name: socket-dir
mountPath: /csi
- name: csi-resizer
image: k8s.gcr.io/sig-storage/csi-resizer:v1.3.0
image: k8s.gcr.io/sig-storage/csi-resizer:v1.4.0
args:
- "--csi-address=$(ADDRESS)"
- "--v=5"

4
docs/ceph-csi-upgrade.md
View File

@ -84,12 +84,12 @@ compatibility support and without prior notice.
**Also, we do not recommend any direct upgrades to 3.5 except from 3.4 to 3.5.**
For example, upgrading from 3.3 to 3.5 is not recommended.
git checkout v3.5.0 tag
git checkout v3.5.1 tag
```bash
git clone https://github.com/ceph/ceph-csi.git
cd ./ceph-csi
git checkout v3.5.0
git checkout v3.5.1
```
```console

5
e2e/cephfs.go
View File

@ -19,7 +19,6 @@ package e2e
import (
"context"
"fmt"
"io/ioutil"
"os"
"strings"
"sync"
@ -79,7 +78,7 @@ func deleteCephfsPlugin() {
}
func createORDeleteCephfsResources(action kubectlAction) {
csiDriver, err := ioutil.ReadFile(cephFSDirPath + csiDriverObject)
csiDriver, err := os.ReadFile(cephFSDirPath + csiDriverObject)
if err != nil {
// createORDeleteRbdResources is used for upgrade testing as csidriverObject is
// newly added, discarding file not found error.
@ -92,7 +91,7 @@ func createORDeleteCephfsResources(action kubectlAction) {
e2elog.Failf("failed to %s CSIDriver object: %v", action, err)
}
}
cephConf, err := ioutil.ReadFile(examplePath + cephConfconfigMap)
cephConf, err := os.ReadFile(examplePath + cephConfconfigMap)
if err != nil {
// createORDeleteCephfsResources is used for upgrade testing as cephConfConfigmap is
// newly added, discarding file not found error.

2
e2e/cephfs_helper.go
View File

@ -75,7 +75,7 @@ func createCephfsStorageClass(
sc.Parameters["csi.storage.k8s.io/node-stage-secret-name"] = cephFSNodePluginSecretName
if enablePool {
sc.Parameters["pool"] = "myfs-data0"
sc.Parameters["pool"] = "myfs-replicated"
}
// overload any parameters that were passed

4
e2e/namespace.go
View File

@ -19,7 +19,7 @@ package e2e
import (
"context"
"fmt"
"io/ioutil"
"os"
"strings"
"time"
@ -87,7 +87,7 @@ func deleteNamespace(c kubernetes.Interface, name string) error {
}
func replaceNamespaceInTemplate(filePath string) (string, error) {
read, err := ioutil.ReadFile(filePath)
read, err := os.ReadFile(filePath)
if err != nil {
return "", err
}

5
e2e/rbd.go
View File

@ -20,7 +20,6 @@ import (
"context"
"errors"
"fmt"
"io/ioutil"
"os"
"strings"
"time"
@ -120,7 +119,7 @@ func deleteRBDPlugin() {
}
func createORDeleteRbdResources(action kubectlAction) {
csiDriver, err := ioutil.ReadFile(rbdDirPath + csiDriverObject)
csiDriver, err := os.ReadFile(rbdDirPath + csiDriverObject)
if err != nil {
// createORDeleteRbdResources is used for upgrade testing as csidriverObject is
// newly added, discarding file not found error.
@ -133,7 +132,7 @@ func createORDeleteRbdResources(action kubectlAction) {
e2elog.Failf("failed to %s CSIDriver object: %v", action, err)
}
}
cephConf, err := ioutil.ReadFile(examplePath + cephConfconfigMap)
cephConf, err := os.ReadFile(examplePath + cephConfconfigMap)
if err != nil {
// createORDeleteRbdResources is used for upgrade testing as cephConf Configmap is
// newly added, discarding file not found error.

4
e2e/rbd_helper.go
View File

@ -695,12 +695,12 @@ func deletePool(name string, cephFS bool, f *framework.Framework) error {
// ceph fs rm myfs --yes-i-really-mean-it
// ceph osd pool delete myfs-metadata myfs-metadata
// --yes-i-really-mean-it
// ceph osd pool delete myfs-data0 myfs-data0
// ceph osd pool delete myfs-replicated myfs-replicated
// --yes-i-really-mean-it
cmds = append(cmds, fmt.Sprintf("ceph fs fail %s", name),
fmt.Sprintf("ceph fs rm %s --yes-i-really-mean-it", name),
fmt.Sprintf("ceph osd pool delete %s-metadata %s-metadata --yes-i-really-really-mean-it", name, name),
fmt.Sprintf("ceph osd pool delete %s-data0 %s-data0 --yes-i-really-really-mean-it", name, name))
fmt.Sprintf("ceph osd pool delete %s-replicated %s-replicated --yes-i-really-really-mean-it", name, name))
} else {
// ceph osd pool delete replicapool replicapool
// --yes-i-really-mean-it

5
e2e/utils.go
View File

@ -23,7 +23,7 @@ import (
"encoding/json"
"errors"
"fmt"
"io/ioutil"
"os"
"regexp"
"strconv"
"strings"
@ -160,7 +160,7 @@ func deleteResource(scPath string) error {
}
func unmarshal(fileName string, obj interface{}) error {
f, err := ioutil.ReadFile(fileName)
f, err := os.ReadFile(fileName)
if err != nil {
return err
}
@ -333,6 +333,7 @@ func validateNormalUserPVCAccess(pvcPath string, f *framework.Framework) error {
},
},
Spec: v1.PodSpec{
SecurityContext: &v1.PodSecurityContext{FSGroup: &user},
Containers: []v1.Container{
{
Name: "write-pod",

4
examples/kms/vault/csi-kms-connection-details.yaml
View File

@ -60,9 +60,9 @@ data:
"IBM_KP_SECRET_NAME": "ceph-csi-aws-credentials",
"AWS_REGION": "us-west-2"
}
kp-metadata-test: |-
ibmkeyprotect-test: |-
{
"KMS_PROVIDER": "kp-metadata",
"KMS_PROVIDER": "ibmkeyprotect",
"IBM_KP_SECRET_NAME": "ceph-csi-kp-credentials",
"IBM_KP_SERVICE_INSTANCE_ID": "7abef064-01dd-4237-9ea5-8b3890970be3",
"IBM_KP_BASE_URL": "https://us-south.kms.cloud.ibm.com",

4
examples/kms/vault/kms-config.yaml
View File

@ -91,8 +91,8 @@ data:
"encryptionKMSType": "metadata",
"secretName": "storage-encryption-secret"
},
"kp-metadata-test": {
"encryptionKMSType": "kp-metadata",
"ibmkeyprotect-test": {
"encryptionKMSType": "ibmkeyprotect",
"secretName": "ceph-csi-kp-credentials",
"keyProtectRegionKey": "us-south-2",
"keyProtectServiceInstanceID": "7abef064-01dd-4237-9ea5-8b3890970be3"

78
go.mod
View File

@ -4,7 +4,7 @@ go 1.17
require (
github.com/IBM/keyprotect-go-client v0.7.0
github.com/aws/aws-sdk-go v1.42.7
github.com/aws/aws-sdk-go v1.42.40
github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000
github.com/ceph/go-ceph v0.13.0
github.com/container-storage-interface/spec v1.5.0
@ -13,7 +13,7 @@ require (
github.com/golang/protobuf v1.5.2
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
github.com/hashicorp/vault/api v1.3.0
github.com/hashicorp/vault/api v1.3.1
github.com/kubernetes-csi/csi-lib-utils v0.10.0
github.com/kubernetes-csi/external-snapshotter/client/v4 v4.2.0
github.com/libopenstorage/secrets v0.0.0-20210908194121-a1d19aa9713a
@ -26,16 +26,16 @@ require (
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9
google.golang.org/grpc v1.43.0
google.golang.org/protobuf v1.27.1
k8s.io/api v0.23.0
k8s.io/apimachinery v0.23.0
k8s.io/api v0.23.2
k8s.io/apimachinery v0.23.2
k8s.io/client-go v12.0.0+incompatible
k8s.io/cloud-provider v0.23.0
k8s.io/cloud-provider v0.23.2
k8s.io/klog/v2 v2.40.1
//
// when updating k8s.io/kubernetes, make sure to update the replace section too
//
k8s.io/kubernetes v1.23.1
k8s.io/mount-utils v0.23.0
k8s.io/kubernetes v1.23.2
k8s.io/mount-utils v0.23.2
k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b
sigs.k8s.io/controller-runtime v0.11.0-beta.0.0.20211208212546-f236f0345ad2
)
@ -67,7 +67,7 @@ require (
github.com/googleapis/gnostic v0.5.5 // indirect
github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.1 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-hclog v0.16.2 // indirect
github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
@ -126,7 +126,7 @@ require (
go.opentelemetry.io/otel/trace v0.20.0 // indirect
go.opentelemetry.io/proto/otlp v0.7.0 // indirect
go.uber.org/atomic v1.9.0 // indirect
golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f // indirect
golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f // indirect
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b // indirect
golang.org/x/text v0.3.7 // indirect
@ -139,15 +139,15 @@ require (
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
k8s.io/apiserver v0.23.0 // indirect
k8s.io/component-base v0.23.0 // indirect
k8s.io/component-helpers v0.23.0 // indirect
k8s.io/apiserver v0.23.2 // indirect
k8s.io/component-base v0.23.2 // indirect
k8s.io/component-helpers v0.23.2 // indirect
k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect
k8s.io/kubectl v0.0.0 // indirect
k8s.io/kubelet v0.0.0 // indirect
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.25 // indirect
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.27 // indirect
sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.0 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)
@ -160,31 +160,31 @@ replace (
//
// k8s.io/kubernetes depends on these k8s.io packages, but unversioned
//
k8s.io/api => k8s.io/api v0.23.0
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.23.0
k8s.io/apimachinery => k8s.io/apimachinery v0.23.0
k8s.io/apiserver => k8s.io/apiserver v0.23.0
k8s.io/cli-runtime => k8s.io/cli-runtime v0.23.0
k8s.io/client-go => k8s.io/client-go v0.23.0
k8s.io/cloud-provider => k8s.io/cloud-provider v0.23.0
k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.23.0
k8s.io/code-generator => k8s.io/code-generator v0.23.0
k8s.io/component-base => k8s.io/component-base v0.23.0
k8s.io/component-helpers => k8s.io/component-helpers v0.23.0
k8s.io/controller-manager => k8s.io/controller-manager v0.23.0
k8s.io/cri-api => k8s.io/cri-api v0.23.0
k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.23.0
k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.23.0
k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.23.0
k8s.io/kube-proxy => k8s.io/kube-proxy v0.23.0
k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.23.0
k8s.io/kubectl => k8s.io/kubectl v0.23.0
k8s.io/kubelet => k8s.io/kubelet v0.23.0
k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.23.0
k8s.io/metrics => k8s.io/metrics v0.23.0
k8s.io/mount-utils => k8s.io/mount-utils v0.23.0
k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.23.0
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.23.0
k8s.io/api => k8s.io/api v0.23.2
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.23.2
k8s.io/apimachinery => k8s.io/apimachinery v0.23.2
k8s.io/apiserver => k8s.io/apiserver v0.23.2
k8s.io/cli-runtime => k8s.io/cli-runtime v0.23.2
k8s.io/client-go => k8s.io/client-go v0.23.2
k8s.io/cloud-provider => k8s.io/cloud-provider v0.23.2
k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.23.2
k8s.io/code-generator => k8s.io/code-generator v0.23.2
k8s.io/component-base => k8s.io/component-base v0.23.2
k8s.io/component-helpers => k8s.io/component-helpers v0.23.2
k8s.io/controller-manager => k8s.io/controller-manager v0.23.2
k8s.io/cri-api => k8s.io/cri-api v0.23.2
k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.23.2
k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.23.2
k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.23.2
k8s.io/kube-proxy => k8s.io/kube-proxy v0.23.2
k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.23.2
k8s.io/kubectl => k8s.io/kubectl v0.23.2
k8s.io/kubelet => k8s.io/kubelet v0.23.2
k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.23.2
k8s.io/metrics => k8s.io/metrics v0.23.2
k8s.io/mount-utils => k8s.io/mount-utils v0.23.2
k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.23.2
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.23.2
// layeh.com seems to be misbehaving
layeh.com/radius => github.com/layeh/radius v0.0.0-20190322222518-890bc1058917
)

100
go.sum
View File

@ -138,8 +138,8 @@ github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k=
github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
github.com/aws/aws-sdk-go v1.42.7 h1:Ee7QC4Y/eGebVGO/5IGN3fSXXSrheesZYYj2pYJG7Zk=
github.com/aws/aws-sdk-go v1.42.7/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
github.com/aws/aws-sdk-go v1.42.40 h1:oZ+hyhorrkYdT23YO8s0eWBp9Fg8k4HsAFL3n0V25WA=
github.com/aws/aws-sdk-go v1.42.40/go.mod h1:OGr6lGMAKGlG9CVrYnWYDKIyb829c6EVBRjxqjmPepc=
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
@ -513,8 +513,9 @@ github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brv
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM=
github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
github.com/hashicorp/go-gatedio v0.5.0/go.mod h1:Lr3t8L6IyxD3DAeaUxGcgl2JnRUpWMCsmBl4Omu/2t4=
github.com/hashicorp/go-gcp-common v0.5.0/go.mod h1:IDGUI2N/OS3PiU4qZcXJeWKPI6O/9Y8hOrbSiMcqyYw=
github.com/hashicorp/go-gcp-common v0.6.0/go.mod h1:RuZi18562/z30wxOzpjeRrGcmk9Ro/rBzixaSZDhIhY=
@ -633,8 +634,8 @@ github.com/hashicorp/vault/api v1.0.5-0.20191122173911-80fcc7907c78/go.mod h1:Uf
github.com/hashicorp/vault/api v1.0.5-0.20200215224050-f6547fa8e820/go.mod h1:3f12BMfgDGjTsTtIUj+ZKZwSobQpZtYGFIEehOv5z1o=
github.com/hashicorp/vault/api v1.0.5-0.20200317185738-82f498082f02/go.mod h1:3f12BMfgDGjTsTtIUj+ZKZwSobQpZtYGFIEehOv5z1o=
github.com/hashicorp/vault/api v1.0.5-0.20200902155336-f9d5ce5a171a/go.mod h1:R3Umvhlxi2TN7Ex2hzOowyeNb+SfbVWI973N+ctaFMk=
github.com/hashicorp/vault/api v1.3.0 h1:uDy39PLSvy6gtKyjOCRPizy2QdFiIYSWBR2pxCEzYL8=
github.com/hashicorp/vault/api v1.3.0/go.mod h1:EabNQLI0VWbWoGlA+oBLC8PXmR9D60aUVgQGvangFWQ=
github.com/hashicorp/vault/api v1.3.1 h1:pkDkcgTh47PRjY1NEFeofqR4W/HkNUi9qIakESO2aRM=
github.com/hashicorp/vault/api v1.3.1/go.mod h1:QeJoWxMFt+MsuWcYhmwRLwKEXrjwAFFywzhptMsTIUw=
github.com/hashicorp/vault/sdk v0.1.8/go.mod h1:tHZfc6St71twLizWNHvnnbiGFo1aq0eD2jGPLtP8kAU=
github.com/hashicorp/vault/sdk v0.1.14-0.20190730042320-0dc007d98cc8/go.mod h1:B+hVj7TpuQY1Y/GPbCpffmgd+tSEwvhkWnjtSYCaS2M=
github.com/hashicorp/vault/sdk v0.1.14-0.20191108161836-82f2b5571044/go.mod h1:PcekaFGiPJyHnFy+NZhP6ll650zEw51Ag7g/YEa+EOU=
@ -1258,11 +1259,11 @@ golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT
golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY=
golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM=
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190130055435-99b60b757ec1/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@ -1614,7 +1615,6 @@ google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9K
google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
google.golang.org/grpc v1.43.0 h1:Eeu7bZtDZ2DpRCsLhUlcrLnvYaMK1Gz86a+hMVvELmM=
google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
@ -1684,28 +1684,28 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
k8s.io/api v0.23.0 h1:WrL1gb73VSC8obi8cuYETJGXEoFNEh3LU0Pt+Sokgro=
k8s.io/api v0.23.0/go.mod h1:8wmDdLBHBNxtOIytwLstXt5E9PddnZb0GaMcqsvDBpg=
k8s.io/apiextensions-apiserver v0.23.0 h1:uii8BYmHYiT2ZTAJxmvc3X8UhNYMxl2A0z0Xq3Pm+WY=
k8s.io/apiextensions-apiserver v0.23.0/go.mod h1:xIFAEEDlAZgpVBl/1VSjGDmLoXAWRG40+GsWhKhAxY4=
k8s.io/apimachinery v0.23.0 h1:mIfWRMjBuMdolAWJ3Fd+aPTMv3X9z+waiARMpvvb0HQ=
k8s.io/apimachinery v0.23.0/go.mod h1:fFCTTBKvKcwTPFzjlcxp91uPFZr+JA0FubU4fLzzFYc=
k8s.io/apiserver v0.23.0 h1:Ds/QveXWi9aJ8ISB0CJa4zBNc5njxAs5u3rmMIexqCY=
k8s.io/apiserver v0.23.0/go.mod h1:Cec35u/9zAepDPPFyT+UMrgqOCjgJ5qtfVJDxjZYmt4=
k8s.io/cli-runtime v0.23.0/go.mod h1:B5N3YH0KP1iKr6gEuJ/RRmGjO0mJQ/f/JrsmEiPQAlU=
k8s.io/client-go v0.23.0 h1:vcsOqyPq7XV3QmQRCBH/t9BICJM9Q1M18qahjv+rebY=
k8s.io/client-go v0.23.0/go.mod h1:hrDnpnK1mSr65lHHcUuIZIXDgEbzc7/683c6hyG4jTA=
k8s.io/cloud-provider v0.23.0 h1:9LATZJu57XanN7po4Xfj6jTLp44uhKiu5Xa3+3Cutz0=
k8s.io/cloud-provider v0.23.0/go.mod h1:vY9zulPUCjwCg9TBMh5Qi42JUZUNecQNF7FojNELWws=
k8s.io/cluster-bootstrap v0.23.0/go.mod h1:VltEnKWfrRTiKgOXp3ts3vh7yqNlH6KFKFflo9GtCBg=
k8s.io/code-generator v0.23.0/go.mod h1:vQvOhDXhuzqiVfM/YHp+dmg10WDZCchJVObc9MvowsE=
k8s.io/component-base v0.23.0 h1:UAnyzjvVZ2ZR1lF35YwtNY6VMN94WtOnArcXBu34es8=
k8s.io/component-base v0.23.0/go.mod h1:DHH5uiFvLC1edCpvcTDV++NKULdYYU6pR9Tt3HIKMKI=
k8s.io/component-helpers v0.23.0 h1:qNbqN10QTefiWcCOPkHL/0nn81sdKVv6ZgEXcSyot/U=
k8s.io/component-helpers v0.23.0/go.mod h1:liXMh6FZS4qamKtMJQ7uLHnFe3tlC86RX5mJEk/aerg=
k8s.io/controller-manager v0.23.0/go.mod h1:6/IKItSv6p9FY3mSbHgsOYmt4y+HDxiC5hEFg9rJVc8=
k8s.io/cri-api v0.23.0/go.mod h1:2edENu3/mkyW3c6fVPPPaVGEFbLRacJizBbSp7ZOLOo=
k8s.io/csi-translation-lib v0.23.0/go.mod h1:ho0ljka+BEcdlvFrG08L8FpYi6QJeSGgQLWeVOAeeM8=
k8s.io/api v0.23.2 h1:62cpzreV3dCuj0hqPi8r4dyWh48ogMcyh+ga9jEGij4=
k8s.io/api v0.23.2/go.mod h1:sYuDb3flCtRPI8ghn6qFrcK5ZBu2mhbElxRE95qpwlI=
k8s.io/apiextensions-apiserver v0.23.2 h1:N6CIVAhmF0ahgFKUMDdV/AUyckhUb4nIyVPohPtdUPk=
k8s.io/apiextensions-apiserver v0.23.2/go.mod h1:9cs7avT6+GfzbB0pambTvH11wcaR85QQg4ovl9s15UU=
k8s.io/apimachinery v0.23.2 h1:dBmjCOeYBdg2ibcQxMuUq+OopZ9fjfLIR5taP/XKeTs=
k8s.io/apimachinery v0.23.2/go.mod h1:zDqeV0AK62LbCI0CI7KbWCAYdLg+E+8UXJ0rIz5gmS8=
k8s.io/apiserver v0.23.2 h1:vGFCojjwSLyunapA7FWuzyekml/s0nAsoh4iBpzWzOs=
k8s.io/apiserver v0.23.2/go.mod h1:Kdt8gafkPev9Gfh+H6lCPbmRu42f7BfhOfHKKa3dtyU=
k8s.io/cli-runtime v0.23.2/go.mod h1:Ag70akCDvwux4HxY+nH2J3UqE2e6iwSSdG1HE6p1VTU=
k8s.io/client-go v0.23.2 h1:BNbOcxa99jxHH8mM1cPKGIrrKRnCSAfAtyonYGsbFtE=
k8s.io/client-go v0.23.2/go.mod h1:k3YbsWg6GWdHF1THHTQP88X9RhB1DWPo3Dq7KfU/D1c=
k8s.io/cloud-provider v0.23.2 h1:bXZWXLjtzz2EMaPWIOwqS18XHYTMZSTDYHR48Ibrxz8=
k8s.io/cloud-provider v0.23.2/go.mod h1:ZJO37TsfHzOz+uQqxnnaR4S94ac9chjar8uHP+kUu2w=
k8s.io/cluster-bootstrap v0.23.2/go.mod h1:KSwHnKiP0O5VSkhXLpdNTiTga9/Yyb2/w7g1V1ZcXUk=
k8s.io/code-generator v0.23.2/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk=
k8s.io/component-base v0.23.2 h1:dAYmUhWIBWO762etTjBEEKtYYHi5CoQInSLtK6LM1Zs=
k8s.io/component-base v0.23.2/go.mod h1:wS9Z03MO3oJ0RU8bB/dbXTiluGju+SC/F5i660gxB8c=
k8s.io/component-helpers v0.23.2 h1:R1PaugmLBCMpc7+srxGL8DsH1NEo/KUSJPY62LVH8CU=
k8s.io/component-helpers v0.23.2/go.mod h1:J6CMwiaf0izLoNwiLl2OymB4+rGTsTpWp6PL/AqOM4U=
k8s.io/controller-manager v0.23.2/go.mod h1:l4+ZujXlzNpY1E9TkwaCB6BncYKyq2jD8OW6m8x35B0=
k8s.io/cri-api v0.23.2/go.mod h1:REJE3PSU0h/LOV1APBrupxrEJqnoxZC8KWzkBUHwrK4=
k8s.io/csi-translation-lib v0.23.2/go.mod h1:n3igp3ZXcg5XLwPjK03QTSWBIoksKo6oTKMdtRbVvx8=
k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
@ -1718,26 +1718,26 @@ k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec=
k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
k8s.io/klog/v2 v2.40.1 h1:P4RRucWk/lFOlDdkAr3mc7iWFkgKrZY9qZMAgek06S4=
k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
k8s.io/kube-aggregator v0.23.0/go.mod h1:b1vpoaTWKZjCzvbe1KXFw3vPbISrghJsg7/RI8oZUME=
k8s.io/kube-controller-manager v0.23.0/go.mod h1:iHapRJJBe+fWu6hG3ye43YMFEeZcnIlRxDUS72bwJoE=
k8s.io/kube-aggregator v0.23.2/go.mod h1:hoxP4rZREnjCJmrb0pHFPqm7+pkxoFjh8IpXL7OBWRA=
k8s.io/kube-controller-manager v0.23.2/go.mod h1:vlHhiAlUMI4OMyu/qsmEKb+hklNOjj/ffh5dYufqfHk=
k8s.io/kube-openapi v0.0.0-20180731170545-e3762e86a74c/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc=
k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 h1:E3J9oCLlaobFUqsjG9DfKbP2BmgwBL2p7pn0A3dG9W4=
k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk=
k8s.io/kube-proxy v0.23.0/go.mod h1:AFPfNIiOeDhHVtfN7ZfE1Wd8aP5qYov3khPu4VFeBb4=
k8s.io/kube-scheduler v0.23.0/go.mod h1:BXDjbJEXtr9PU5/XzLtWMNG6Mid4GYBSGVWzP72UxKk=
k8s.io/kubectl v0.23.0 h1:WABWfj+Z4tC3SfKBCtZr5sIVHsFtkU9Azii4DR9IT6Y=
k8s.io/kubectl v0.23.0/go.mod h1:TfcGEs3u4dkmoC2eku1GYymdGaMtPMcaLLFrX/RB2kI=
k8s.io/kubelet v0.23.0 h1:hHdHe/Hp3R2HzxnYI8/f173gDUOTRYERd7S7+to9MZw=
k8s.io/kubelet v0.23.0/go.mod h1:A4DxfIt5Ka+rz54HAFhs1bgiFjJT6lcaAYUcACZl1/k=
k8s.io/kubernetes v1.23.1 h1:iJfubd03CDap4m69Ue+u2I6quNUYiYlC8+TakEHATjc=
k8s.io/kubernetes v1.23.1/go.mod h1:baMGbPpwwP0kT/+eAPtdqoWNRoXyyTJ2Zf+fw/Y8t04=
k8s.io/legacy-cloud-providers v0.23.0/go.mod h1:tM5owPlhLyEYJC2FLHgcGu1jks5ANvH2JlY03mnUYU4=
k8s.io/metrics v0.23.0/go.mod h1:NDiZTwppEtAuKJ1Rxt3S4dhyRzdp6yUcJf0vo023dPo=
k8s.io/mount-utils v0.23.0 h1:8sGMlbbQOA268SidZVoL7wOgEcbByoa6+bvFZCywhbg=
k8s.io/mount-utils v0.23.0/go.mod h1:9pFhzVjxle1osJUo++9MFDat9HPkQUOoHCn+eExZ3Ew=
k8s.io/pod-security-admission v0.23.0/go.mod h1:vGExA081PHZFK9Yma4kuPtfWwy5zxbEUhniiUDKFicM=
k8s.io/sample-apiserver v0.23.0/go.mod h1:o0U/1hkfndbnLg1OfVHQiG08lmDkYJq7qljCuwjoTrI=
k8s.io/kube-proxy v0.23.2/go.mod h1:doKBcqhM+EgvOo145oP02zP1Hk11jOSKK+FiAS5zdlo=
k8s.io/kube-scheduler v0.23.2/go.mod h1:K70jKh9XukwUJNxXA6k+WJUAW9zZkGR3CGdUApZg0dc=
k8s.io/kubectl v0.23.2 h1:YakGzFN1csIOW/Us5VsLxjcu5Q6Vh5rqcvukcNuBwFk=
k8s.io/kubectl v0.23.2/go.mod h1:zWm5wt8PdRmHiVhE9a7q7XYW4WFX9StkZGnC18+1v3M=
k8s.io/kubelet v0.23.2 h1:hrixnMsh1yv7P/UZ/2QCBp7x6G4y3Fr5FiavF3a0MIw=
k8s.io/kubelet v0.23.2/go.mod h1:/Huumr8/3hz46AuMI64UBwns2t/dcogiR5XWF6yrHo0=
k8s.io/kubernetes v1.23.2 h1:Kp3cpKrv6VRQbaZoD6tVDjpKPIfNb5P34DLv7qQzf7U=
k8s.io/kubernetes v1.23.2/go.mod h1:UNnyc4mwldo0ipufrTkGbL06VQRtN9w9mLLTZLh56+w=
k8s.io/legacy-cloud-providers v0.23.2/go.mod h1:b4r2DrP+PT0D4kxenynayJ7kJQLwzoVHh1Lqw3cozwE=
k8s.io/metrics v0.23.2/go.mod h1:idJHc+lLK5teHUC6Z2+d6qTKA12d5FLDxmC/DHiUYKc=
k8s.io/mount-utils v0.23.2 h1:f6jSJ8Z/tKTLOEzBzpxd+QKP6swdH9/Z0DTfMxlKnR0=
k8s.io/mount-utils v0.23.2/go.mod h1:9pFhzVjxle1osJUo++9MFDat9HPkQUOoHCn+eExZ3Ew=
k8s.io/pod-security-admission v0.23.2/go.mod h1:qbwG5XF7vHgTTk8XemjkR1GXAmyNHQQAo5bHWAJSskE=
k8s.io/sample-apiserver v0.23.2/go.mod h1:E6yG+7Y6Y9ElyFOXUQb3CyO63FW20U0ut5fR4I8c70Y=
k8s.io/system-validators v1.6.0/go.mod h1:bPldcLgkIUK22ALflnsXk8pvkTEndYdNuaHH6gRrl0Q=
k8s.io/utils v0.0.0-20190506122338-8fab8cb257d5/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
@ -1753,8 +1753,8 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8
rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.25 h1:DEQ12ZRxJjsglk5JIi5bLgpKaHihGervKmg5uryaEHw=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.25/go.mod h1:Mlj9PNLmG9bZ6BHFwFKDo5afkpWyUISkb9Me0GnK66I=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.27 h1:KQOkVzXrLNb0EP6W0FD6u3CCPAwgXFYwZitbj7K0P0Y=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.27/go.mod h1:tq2nT0Kx7W+/f2JVE+zxYtUhdjuELJkVpNz+x/QN5R4=
sigs.k8s.io/controller-runtime v0.2.2/go.mod h1:9dyohw3ZtoXQuV1e766PHUn+cmrRCIcBh6XIMFNMZ+I=
sigs.k8s.io/controller-runtime v0.11.0-beta.0.0.20211208212546-f236f0345ad2 h1:+ReKrjTrd57mtAU19BJkxSAaWRIQkFlaWcO6dGFVP1g=
sigs.k8s.io/controller-runtime v0.11.0-beta.0.0.20211208212546-f236f0345ad2/go.mod h1:KKwLiTooNGu+JmLZGn9Sl3Gjmfj66eMbCQznLP5zcqA=
@ -1765,9 +1765,9 @@ sigs.k8s.io/kustomize/cmd/config v0.10.2/go.mod h1:K2aW7nXJ0AaT+VA/eO0/dzFLxmpFc
sigs.k8s.io/kustomize/kustomize/v4 v4.4.1/go.mod h1:qOKJMMz2mBP+vcS7vK+mNz4HBLjaQSWRY22EF6Tb7Io=
sigs.k8s.io/kustomize/kyaml v0.13.0/go.mod h1:FTJxEZ86ScK184NpGSAQcfEqee0nul8oLCK30D47m4E=
sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
sigs.k8s.io/structured-merge-diff/v4 v4.2.0 h1:kDvPBbnPk+qYmkHmSo8vKGp438IASWofnbbUKDE/bv0=
sigs.k8s.io/structured-merge-diff/v4 v4.2.0/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y=
sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
sigs.k8s.io/testing_frameworks v0.1.1/go.mod h1:VVBKrHmJ6Ekkfz284YKhQePcdycOzNH9qL6ht1zEr/U=
sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=

2
internal/journal/voljournal.go
View File

@ -280,7 +280,7 @@ func (conn *Connection) CheckReservation(ctx context.Context,
snapSource bool
objUUID string
savedImagePool string
savedImagePoolID int64 = util.InvalidPoolID
savedImagePoolID = util.InvalidPoolID
cj = conn.config
)

20
internal/kms/keyprotect.go
View File

@ -23,14 +23,15 @@ import (
"fmt"
"github.com/ceph/ceph-csi/internal/util/k8s"
"github.com/ceph/ceph-csi/internal/util/log"
kp "github.com/IBM/keyprotect-go-client"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
const (
kmsTypeKeyProtectMetadata = "kp-metadata"
kmsTypeKeyProtectMetadata = "ibmkeyprotect"
kmsTypeKeyProtectMetadataOld = "kp-metadata"
// keyProtectMetadataDefaultSecretsName is the default name of the Kubernetes Secret
// that contains the credentials to access the Key Protect KMS. The name of
// the Secret can be configured by setting the `IBM_KP_SECRET_NAME`
@ -62,6 +63,21 @@ var _ = RegisterProvider(Provider{
Initializer: initKeyProtectKMS,
})
// RegisterProvider for kmsTypeKeyProtectMetadataOld is kept here for backward compatibility.
var _ = RegisterProvider(Provider{
UniqueID: kmsTypeKeyProtectMetadataOld,
Initializer: initKeyProtectKMSOld,
})
// initKeyProtectKMSOld is the wrapper with a warning log.
func initKeyProtectKMSOld(args ProviderInitArgs) (EncryptionKMS, error) {
log.WarningLogMsg("%q is deprecated provider for IBM key Protect,"+
"use new provider name %q in the configuration, proceeding with %q",
kmsTypeKeyProtectMetadataOld, kmsTypeKeyProtectMetadata, kmsTypeKeyProtectMetadata)
return initKeyProtectKMS(args)
}
// KeyProtectKMS store the KMS connection information retrieved from the kms configmap.
type KeyProtectKMS struct {
// basic options to get the secret

3
internal/kms/kms.go
View File

@ -20,7 +20,6 @@ import (
"context"
"encoding/json"
"fmt"
"io/ioutil"
"os"
"github.com/ceph/ceph-csi/internal/util/k8s"
@ -94,7 +93,7 @@ func GetKMS(tenant, kmsID string, secrets map[string]string) (EncryptionKMS, err
func getKMSConfiguration() (map[string]interface{}, error) {
var config map[string]interface{}
// #nosec
content, err := ioutil.ReadFile(kmsConfigPath)
content, err := os.ReadFile(kmsConfigPath)
if err == nil {
// kmsConfigPath exists and was successfully read
err = json.Unmarshal(content, &config)

2
internal/kms/vault_sa.go
View File

@ -320,7 +320,7 @@ func (kms *VaultTenantSA) getTokenPath() (string, error) {
return "", err
}
err = ioutil.WriteFile(dir+"/token", []byte(token), 0600)
err = os.WriteFile(dir+"/token", []byte(token), 0o600)
if err != nil {
return "", fmt.Errorf("failed to write token for ServiceAccount %s/%s: %w", kms.tenantSAName, kms.Tenant, err)
}

16
internal/rbd/nodeserver.go
View File

@ -366,7 +366,6 @@ func (ns *NodeServer) stageTransaction(
transaction := &stageTransaction{}
var err error
var readOnly bool
// Allow image to be mounted on multiple nodes if it is ROX
if req.VolumeCapability.AccessMode.Mode == csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY {
@ -421,7 +420,7 @@ func (ns *NodeServer) stageTransaction(
transaction.isStagePathCreated = true
// nodeStage Path
readOnly, err = ns.mountVolumeToStagePath(ctx, req, staticVol, stagingTargetPath, devicePath)
err = ns.mountVolumeToStagePath(ctx, req, staticVol, stagingTargetPath, devicePath)
if err != nil {
return transaction, err
}
@ -436,11 +435,6 @@ func (ns *NodeServer) stageTransaction(
return transaction, err
}
if !readOnly {
// #nosec - allow anyone to write inside the target path
err = os.Chmod(stagingTargetPath, 0o777)
}
return transaction, err
}
@ -684,7 +678,7 @@ func (ns *NodeServer) mountVolumeToStagePath(
ctx context.Context,
req *csi.NodeStageVolumeRequest,
staticVol bool,
stagingPath, devicePath string) (bool, error) {
stagingPath, devicePath string) error {
readOnly := false
fsType := req.GetVolumeCapability().GetMount().GetFsType()
diskMounter := &mount.SafeFormatAndMount{Interface: ns.Mounter, Exec: utilexec.New()}
@ -702,7 +696,7 @@ func (ns *NodeServer) mountVolumeToStagePath(
if err != nil {
log.ErrorLog(ctx, "failed to get disk format for path %s, error: %v", devicePath, err)
return readOnly, err
return err
}
opt := []string{"_netdev"}
@ -742,7 +736,7 @@ func (ns *NodeServer) mountVolumeToStagePath(
if cmdErr != nil {
log.ErrorLog(ctx, "failed to run mkfs error: %v, output: %v", cmdErr, string(cmdOut))
return readOnly, cmdErr
return cmdErr
}
}
}
@ -763,7 +757,7 @@ func (ns *NodeServer) mountVolumeToStagePath(
err)
}
return readOnly, err
return err
}
func (ns *NodeServer) mountVolume(ctx context.Context, stagingPath string, req *csi.NodePublishVolumeRequest) error {

9
internal/rbd/rbd_util.go
View File

@ -21,7 +21,6 @@ import (
"encoding/json"
"errors"
"fmt"
"io/ioutil"
"os"
"path/filepath"
"strconv"
@ -244,7 +243,7 @@ func GetKrbdSupportedFeatures() (string, error) {
return "", err
}
}
val, err := ioutil.ReadFile(krbdSupportedFeaturesFile)
val, err := os.ReadFile(krbdSupportedFeaturesFile)
if err != nil {
log.ErrorLogMsg("reading file %q failed: %v", krbdSupportedFeaturesFile, err)
@ -1625,7 +1624,7 @@ func stashRBDImageMetadata(volOptions *rbdVolume, metaDataPath string) error {
}
fPath := filepath.Join(metaDataPath, stashFileName)
err = ioutil.WriteFile(fPath, encodedBytes, 0o600)
err = os.WriteFile(fPath, encodedBytes, 0o600)
if err != nil {
return fmt.Errorf("failed to stash JSON image metadata for image (%s) at path (%s): %w", volOptions, fPath, err)
}
@ -1638,7 +1637,7 @@ func lookupRBDImageMetadataStash(metaDataPath string) (rbdImageMetadataStash, er
var imgMeta rbdImageMetadataStash
fPath := filepath.Join(metaDataPath, stashFileName)
encodedBytes, err := ioutil.ReadFile(fPath) // #nosec - intended reading from fPath
encodedBytes, err := os.ReadFile(fPath) // #nosec - intended reading from fPath
if err != nil {
if !os.IsNotExist(err) {
return imgMeta, fmt.Errorf("failed to read stashed JSON image metadata from path (%s): %w", fPath, err)
@ -1673,7 +1672,7 @@ func updateRBDImageMetadataStash(metaDataPath, device string) error {
}
fPath := filepath.Join(metaDataPath, stashFileName)
err = ioutil.WriteFile(fPath, encodedBytes, 0600)
err = os.WriteFile(fPath, encodedBytes, 0o600)
if err != nil {
return fmt.Errorf("failed to stash JSON image metadata at path: (%s) for spec:(%s) : %w",
fPath, imgMeta.String(), err)

3
internal/util/cephconf.go
View File

@ -17,7 +17,6 @@ limitations under the License.
package util
import (
"io/ioutil"
"os"
)
@ -57,7 +56,7 @@ func WriteCephConfig() error {
// create config file if it does not exist to support backward compatibility
if _, err = os.Stat(CephConfigPath); os.IsNotExist(err) {
err = ioutil.WriteFile(CephConfigPath, cephConfig, 0o600)
err = os.WriteFile(CephConfigPath, cephConfig, 0o600)
}
if err != nil {

3
internal/util/cluster_mapping.go
View File

@ -21,7 +21,6 @@ import (
"encoding/json"
"errors"
"fmt"
"io/ioutil"
"os"
"github.com/ceph/ceph-csi/internal/util/log"
@ -70,7 +69,7 @@ type ClusterMappingInfo struct {
func readClusterMappingInfo(filename string) (*[]ClusterMappingInfo, error) {
var info []ClusterMappingInfo
content, err := ioutil.ReadFile(filename) // #nosec:G304, file inclusion via variable.
content, err := os.ReadFile(filename) // #nosec:G304, file inclusion via variable.
if err != nil {
err = fmt.Errorf("error fetching clusterID mapping %w", err)

10
internal/util/cluster_mapping_test.go
View File

@ -20,7 +20,7 @@ import (
"context"
"encoding/json"
"fmt"
"io/ioutil"
"os"
"reflect"
"strings"
"testing"
@ -142,7 +142,7 @@ func TestGetClusterMappingInfo(t *testing.T) {
t.Parallel()
mappingConfigFile := fmt.Sprintf("%s/mapping-%d.json", mappingBasePath, currentI)
if len(currentTT.mappingFilecontent) != 0 {
err = ioutil.WriteFile(mappingConfigFile, currentTT.mappingFilecontent, 0o600)
err = os.WriteFile(mappingConfigFile, currentTT.mappingFilecontent, 0o600)
if err != nil {
t.Errorf("failed to write to %q, error = %v", mappingConfigFile, err)
}
@ -158,7 +158,7 @@ func TestGetClusterMappingInfo(t *testing.T) {
}
clusterMappingConfigFile = fmt.Sprintf("%s/mapping.json", mappingBasePath)
err = ioutil.WriteFile(clusterMappingConfigFile, mappingFileContent, 0o600)
err = os.WriteFile(clusterMappingConfigFile, mappingFileContent, 0o600)
if err != nil {
t.Errorf("failed to write mapping content error = %v", err)
}
@ -318,7 +318,7 @@ func TestFetchMappedClusterIDAndMons(t *testing.T) {
if err != nil {
t.Errorf("failed to marshal csi config info %v", err)
}
err = ioutil.WriteFile(csiConfigFile, csiConfigFileContent, 0o600)
err = os.WriteFile(csiConfigFile, csiConfigFileContent, 0o600)
if err != nil {
t.Errorf("failed to write %s file content: %v", CsiConfigFile, err)
}
@ -351,7 +351,7 @@ func TestFetchMappedClusterIDAndMons(t *testing.T) {
if err != nil {
t.Errorf("failed to marshal mapping info %v", err)
}
err = ioutil.WriteFile(clusterMappingConfigFile, clusterMappingFileContent, 0o600)
err = os.WriteFile(clusterMappingConfigFile, clusterMappingFileContent, 0o600)
if err != nil {
t.Errorf("failed to write %s file content: %v", clusterMappingFileContent, err)
}

4
internal/util/conn_pool.go
View File

@ -18,7 +18,7 @@ package util
import (
"fmt"
"io/ioutil"
"os"
"sync"
"time"
@ -96,7 +96,7 @@ func (cp *ConnPool) Destroy() {
func (cp *ConnPool) generateUniqueKey(monitors, user, keyfile string) (string, error) {
// the keyfile can be unique for operations, contents will be the same
key, err := ioutil.ReadFile(keyfile) // #nosec:G304, file inclusion via variable.
key, err := os.ReadFile(keyfile) // #nosec:G304, file inclusion via variable.
if err != nil {
return "", fmt.Errorf("could not open keyfile %s: %w", keyfile, err)
}

3
internal/util/conn_pool_test.go
View File

@ -17,7 +17,6 @@ limitations under the License.
package util
import (
"io/ioutil"
"os"
"testing"
"time"
@ -81,7 +80,7 @@ func TestConnPool(t *testing.T) {
// create a keyfile with some contents
keyfile := "/tmp/conn_utils.keyfile"
err := ioutil.WriteFile(keyfile, []byte("the-key"), 0o600)
err := os.WriteFile(keyfile, []byte("the-key"), 0o600)
if err != nil {
t.Errorf("failed to create keyfile: %v", err)

2
internal/util/credentials.go
View File

@ -54,7 +54,7 @@ func storeKey(key string) (string, error) {
}
}()
if _, err = tmpfile.Write([]byte(key)); err != nil {
if _, err = tmpfile.WriteString(key); err != nil {
return "", fmt.Errorf("error writing key to temporary keyfile: %w", err)
}

4
internal/util/csiconfig.go
View File

@ -20,7 +20,7 @@ import (
"context"
"encoding/json"
"fmt"
"io/ioutil"
"os"
"strings"
)
@ -72,7 +72,7 @@ func readClusterInfo(pathToConfig, clusterID string) (*ClusterInfo, error) {
var config []ClusterInfo
// #nosec
content, err := ioutil.ReadFile(pathToConfig)
content, err := os.ReadFile(pathToConfig)
if err != nil {
err = fmt.Errorf("error fetching configuration for cluster ID %q: %w", clusterID, err)

15
internal/util/csiconfig_test.go
View File

@ -17,7 +17,6 @@ limitations under the License.
package util
import (
"io/ioutil"
"os"
"testing"
)
@ -54,7 +53,7 @@ func TestCSIConfig(t *testing.T) {
}
data = ""
err = ioutil.WriteFile(basePath+"/"+csiClusters, []byte(data), 0o600)
err = os.WriteFile(basePath+"/"+csiClusters, []byte(data), 0o600)
if err != nil {
t.Errorf("Test setup error %s", err)
}
@ -66,7 +65,7 @@ func TestCSIConfig(t *testing.T) {
}
data = "[{\"clusterIDBad\":\"" + clusterID2 + "\",\"monitors\":[\"mon1\",\"mon2\",\"mon3\"]}]"
err = ioutil.WriteFile(basePath+"/"+csiClusters, []byte(data), 0o600)
err = os.WriteFile(basePath+"/"+csiClusters, []byte(data), 0o600)
if err != nil {
t.Errorf("Test setup error %s", err)
}
@ -78,7 +77,7 @@ func TestCSIConfig(t *testing.T) {
}
data = "[{\"clusterID\":\"" + clusterID2 + "\",\"monitorsBad\":[\"mon1\",\"mon2\",\"mon3\"]}]"
err = ioutil.WriteFile(basePath+"/"+csiClusters, []byte(data), 0o600)
err = os.WriteFile(basePath+"/"+csiClusters, []byte(data), 0o600)
if err != nil {
t.Errorf("Test setup error %s", err)
}
@ -90,7 +89,7 @@ func TestCSIConfig(t *testing.T) {
}
data = "[{\"clusterID\":\"" + clusterID2 + "\",\"monitors\":[\"mon1\",2,\"mon3\"]}]"
err = ioutil.WriteFile(basePath+"/"+csiClusters, []byte(data), 0o600)
err = os.WriteFile(basePath+"/"+csiClusters, []byte(data), 0o600)
if err != nil {
t.Errorf("Test setup error %s", err)
}
@ -102,7 +101,7 @@ func TestCSIConfig(t *testing.T) {
}
data = "[{\"clusterID\":\"" + clusterID2 + "\",\"monitors\":[\"mon1\",\"mon2\",\"mon3\"]}]"
err = ioutil.WriteFile(basePath+"/"+csiClusters, []byte(data), 0o600)
err = os.WriteFile(basePath+"/"+csiClusters, []byte(data), 0o600)
if err != nil {
t.Errorf("Test setup error %s", err)
}
@ -121,7 +120,7 @@ func TestCSIConfig(t *testing.T) {
data = "[{\"clusterID\":\"" + clusterID2 + "\",\"monitors\":[\"mon1\",\"mon2\",\"mon3\"]}," +
"{\"clusterID\":\"" + clusterID1 + "\",\"monitors\":[\"mon4\",\"mon5\",\"mon6\"]}]"
err = ioutil.WriteFile(basePath+"/"+csiClusters, []byte(data), 0o600)
err = os.WriteFile(basePath+"/"+csiClusters, []byte(data), 0o600)
if err != nil {
t.Errorf("Test setup error %s", err)
}
@ -134,7 +133,7 @@ func TestCSIConfig(t *testing.T) {
data = "[{\"clusterID\":\"" + clusterID2 + "\",\"monitors\":[\"mon1\",\"mon2\",\"mon3\"]}," +
"{\"clusterID\":\"" + clusterID1 + "\",\"monitors\":[\"mon4\",\"mon5\",\"mon6\"]}]"
err = ioutil.WriteFile(basePath+"/"+csiClusters, []byte(data), 0o600)
err = os.WriteFile(basePath+"/"+csiClusters, []byte(data), 0o600)
if err != nil {
t.Errorf("Test setup error %s", err)
}

10
internal/util/errors.go
View File

@ -39,27 +39,27 @@ var (
ErrMissingConfigForMonitor = errors.New("missing configuration of cluster ID for monitor")
)
type errorPair struct {
type pairError struct {
first error
second error
}
func (e errorPair) Error() string {
func (e pairError) Error() string {
return fmt.Sprintf("%v: %v", e.first, e.second)
}
// Is checks if target error is wrapped in the first error.
func (e errorPair) Is(target error) bool {
func (e pairError) Is(target error) bool {
return errors.Is(e.first, target)
}
// Unwrap returns the second error.
func (e errorPair) Unwrap() error {
func (e pairError) Unwrap() error {
return e.second
}
// JoinErrors combines two errors. Of the returned error, Is() follows the first
// branch, Unwrap() follows the second branch.
func JoinErrors(e1, e2 error) error {
return errorPair{e1, e2}
return pairError{e1, e2}
}

3
internal/util/log/log_utils.go
View File

@ -15,7 +15,6 @@ package log
import (
"compress/gzip"
"io/ioutil"
"os"
"strings"
)
@ -24,7 +23,7 @@ import (
// compressed format.
func GzipLogFile(pathToFile string) error {
// Get all the bytes from the file.
content, err := ioutil.ReadFile(pathToFile) // #nosec:G304, file inclusion via variable.
content, err := os.ReadFile(pathToFile) // #nosec:G304, file inclusion via variable.
if err != nil {
return err
}

2
internal/util/util_test.go
View File

@ -274,7 +274,7 @@ func TestParseKernelRelease(t *testing.T) {
for i, release := range goodReleases {
version, patchlevel, sublevel, extraversion, err := parseKernelRelease(release)
if err != nil {
t.Errorf("parsing error for release %q: %w", release, err)
t.Errorf("parsing error for release %q: %s", release, err)
}
good := goodVersions[i]
if version != good[0] || patchlevel != good[1] || sublevel != good[2] || extraversion != good[3] {

7
scripts/golangci.yml.in
View File

@ -179,3 +179,10 @@ linters:
# TODO: enable wrapcheck linter
# See: https://github.com/ceph/ceph-csi/pull/2268
- wrapcheck
# TODO: enable linters added in golangci-lint 1.43
- contextcheck
- gomnd
- ireturn
- tagliatelle
- varnamelen
- nilnil

5
scripts/minikube.sh
View File

@ -168,6 +168,9 @@ CSI_PROVISIONER_VERSION=${CSI_PROVISIONER_VERSION:-"v2.2.2"}
CSI_RESIZER_VERSION=${CSI_RESIZER_VERSION:-"v1.2.0"}
CSI_NODE_DRIVER_REGISTRAR_VERSION=${CSI_NODE_DRIVER_REGISTRAR_VERSION:-"v2.2.0"}
# configure csi image version
CSI_IMAGE_VERSION=${CSI_IMAGE_VERSION:-"canary"}
#feature-gates for kube
K8S_FEATURE_GATES=${K8S_FEATURE_GATES:-""}
@ -284,7 +287,7 @@ teardown-rook)
;;
cephcsi)
echo "copying the cephcsi image"
copy_image_to_cluster "${CEPHCSI_IMAGE_REPO}"/cephcsi:canary "${CEPHCSI_IMAGE_REPO}"/cephcsi:canary
copy_image_to_cluster "${CEPHCSI_IMAGE_REPO}"/cephcsi:"${CSI_IMAGE_VERSION}" "${CEPHCSI_IMAGE_REPO}"/cephcsi:"${CSI_IMAGE_VERSION}"
;;
k8s-sidecar)
echo "copying the kubernetes sidecar images"

47
scripts/rook.sh
View File

@ -2,7 +2,8 @@
ROOK_VERSION=${ROOK_VERSION:-"v1.6.2"}
ROOK_DEPLOY_TIMEOUT=${ROOK_DEPLOY_TIMEOUT:-300}
ROOK_URL="https://raw.githubusercontent.com/rook/rook/${ROOK_VERSION}/cluster/examples/kubernetes/ceph"
ROOK_URL="https://raw.githubusercontent.com/rook/rook/${ROOK_VERSION}/"
ROOK_DEPLOYMENT_PATH="cluster/examples/kubernetes/ceph"
ROOK_BLOCK_POOL_NAME=${ROOK_BLOCK_POOL_NAME:-"newrbdpool"}
ROOK_BLOCK_EC_POOL_NAME=${ROOK_BLOCK_EC_POOL_NAME:-"ec-pool"}
@ -20,7 +21,7 @@ function log_errors() {
kubectl get nodes
kubectl -n rook-ceph get events
kubectl -n rook-ceph describe pods
kubectl -n rook-ceph logs -l app=rook-ceph-operator
kubectl -n rook-ceph logs -l app=rook-ceph-operator --tail=-1
kubectl -n rook-ceph get CephClusters -oyaml
kubectl -n rook-ceph get CephFilesystems -oyaml
kubectl -n rook-ceph get CephBlockPools -oyaml
@ -33,14 +34,25 @@ rook_version() {
echo "${ROOK_VERSION#v}" | cut -d'.' -f"${1}"
}
function update_rook_url() {
ROOK_MAJOR=$(rook_version 1)
ROOK_MINOR=$(rook_version 2)
# If rook version is => 1.8 update deployment path.
if [ "${ROOK_MAJOR}" -eq 1 ] && [ "${ROOK_MINOR}" -ge 8 ]; then
ROOK_DEPLOYMENT_PATH="deploy/examples"
fi
ROOK_URL+=${ROOK_DEPLOYMENT_PATH}
}
function deploy_rook() {
kubectl_retry create -f "${ROOK_URL}/common.yaml"
# If rook version is > 1.5 , we will apply CRDs.
ROOK_MAJOR=$(rook_version 1)
ROOK_MINOR=$(rook_version 2)
if [ "${ROOK_MAJOR}" -eq 1 ] && [ "${ROOK_MINOR}" -ge 5 ];
then
# If rook version is > 1.5 , we will apply CRDs.
if [ "${ROOK_MAJOR}" -eq 1 ] && [ "${ROOK_MINOR}" -ge 5 ]; then
kubectl_retry create -f "${ROOK_URL}/crds.yaml"
fi
TEMP_DIR="$(mktemp -d)"
@ -51,8 +63,7 @@ function deploy_rook() {
kubectl_retry create -f "${TEMP_DIR}/operator.yaml"
# Override the ceph version which rook installs by default.
if [ -z "${ROOK_CEPH_CLUSTER_IMAGE}" ]
then
if [ -z "${ROOK_CEPH_CLUSTER_IMAGE}" ]; then
kubectl_retry create -f "${ROOK_URL}/cluster-test.yaml"
else
ROOK_CEPH_CLUSTER_VERSION_IMAGE_PATH="image: ${ROOK_CEPH_CLUSTER_IMAGE}"
@ -60,7 +71,7 @@ function deploy_rook() {
curl -o "${TEMP_DIR}"/cluster-test.yaml "${ROOK_URL}/cluster-test.yaml"
sed -i "s|image.*|${ROOK_CEPH_CLUSTER_VERSION_IMAGE_PATH}|g" "${TEMP_DIR}"/cluster-test.yaml
sed -i "s/config: |/config: |\n \[mon\]\n mon_warn_on_insecure_global_id_reclaim_allowed = false/g" "${TEMP_DIR}"/cluster-test.yaml
sed -i "s/healthCheck:/healthCheck:\n livenessProbe:\n mon:\n disabled: true\n mgr:\n disabled: true\n mds:\n disabled: true/g" "${TEMP_DIR}"/cluster-test.yaml
sed -i "s/healthCheck:/healthCheck:\n livenessProbe:\n mon:\n disabled: true\n mgr:\n disabled: true\n mds:\n disabled: true\n startupProbe:\n mon:\n disabled: true\n mgr:\n disabled: true\n mds:\n disabled: true/g" "${TEMP_DIR}"/cluster-test.yaml
cat "${TEMP_DIR}"/cluster-test.yaml
kubectl_retry create -f "${TEMP_DIR}/cluster-test.yaml"
fi
@ -94,8 +105,7 @@ function teardown_rook() {
kubectl delete -f "${ROOK_URL}/operator.yaml"
ROOK_MAJOR=$(rook_version 1)
ROOK_MINOR=$(rook_version 2)
if [ "${ROOK_MAJOR}" -eq 1 ] && [ "${ROOK_MINOR}" -ge 5 ];
then
if [ "${ROOK_MAJOR}" -eq 1 ] && [ "${ROOK_MINOR}" -ge 5 ]; then
kubectl delete -f "${ROOK_URL}/crds.yaml"
fi
kubectl delete -f "${ROOK_URL}/common.yaml"
@ -120,6 +130,7 @@ function delete_block_pool() {
function create_block_ec_pool() {
curl -o block-pool-ec.yaml "${ROOK_URL}/pool-ec.yaml"
sed -i "s/ec-pool/${ROOK_BLOCK_EC_POOL_NAME}/g" block-pool-ec.yaml
sed -i "s/failureDomain: host/failureDomain: osd/g" block-pool-ec.yaml
kubectl_retry create -f "./block-pool-ec.yaml"
rm -f "./block-pool-ec.yaml"
@ -188,12 +199,21 @@ function check_rbd_stat() {
else
RBD_POOL_NAME=$1
fi
# Rook creates a detault pool with name device_health_metrics for
# device-health-metrics CephBlockPool CR
if [[ "${RBD_POOL_NAME}" == "device-health-metrics" ]]; then
RBD_POOL_NAME="device_health_metrics"
fi
echo "Checking RBD ($RBD_POOL_NAME) stats... ${retry}s" && sleep 5
TOOLBOX_POD=$(kubectl_retry -n rook-ceph get pods -l app=rook-ceph-tools -o jsonpath='{.items[0].metadata.name}')
TOOLBOX_POD_STATUS=$(kubectl_retry -n rook-ceph get pod "$TOOLBOX_POD" -ojsonpath='{.status.phase}')
[[ "$TOOLBOX_POD_STATUS" != "Running" ]] && \
{ echo "Toolbox POD ($TOOLBOX_POD) status: [$TOOLBOX_POD_STATUS]"; continue; }
[[ "$TOOLBOX_POD_STATUS" != "Running" ]] &&
{
echo "Toolbox POD ($TOOLBOX_POD) status: [$TOOLBOX_POD_STATUS]"
continue
}
if kubectl_retry exec -n rook-ceph "$TOOLBOX_POD" -it -- rbd pool stats "$RBD_POOL_NAME" &>/dev/null; then
echo "RBD ($RBD_POOL_NAME) is successfully created..."
@ -208,6 +228,9 @@ function check_rbd_stat() {
echo ""
}
# update rook URL before doing any operation.
update_rook_url
case "${1:-}" in
deploy)
deploy_rook

40
vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go generated vendored
View File

@ -28,7 +28,7 @@ const (
// compare test values.
var now = time.Now
// TokenFetcher shuold return WebIdentity token bytes or an error
// TokenFetcher should return WebIdentity token bytes or an error
type TokenFetcher interface {
FetchToken(credentials.Context) ([]byte, error)
}
@ -50,6 +50,8 @@ func (f FetchTokenPath) FetchToken(ctx credentials.Context) ([]byte, error) {
// an OIDC token.
type WebIdentityRoleProvider struct {
credentials.Expiry
// The policy ARNs to use with the web identity assumed role.
PolicyArns []*sts.PolicyDescriptorType
// Duration the STS credentials will be valid for. Truncated to seconds.
@ -74,6 +76,9 @@ type WebIdentityRoleProvider struct {
// NewWebIdentityCredentials will return a new set of credentials with a given
// configuration, role arn, and token file path.
//
// Deprecated: Use NewWebIdentityRoleProviderWithOptions for flexible
// functional options, and wrap with credentials.NewCredentials helper.
func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName, path string) *credentials.Credentials {
svc := sts.New(c)
p := NewWebIdentityRoleProvider(svc, roleARN, roleSessionName, path)
@ -82,19 +87,42 @@ func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName
// NewWebIdentityRoleProvider will return a new WebIdentityRoleProvider with the
// provided stsiface.STSAPI
//
// Deprecated: Use NewWebIdentityRoleProviderWithOptions for flexible
// functional options.
func NewWebIdentityRoleProvider(svc stsiface.STSAPI, roleARN, roleSessionName, path string) *WebIdentityRoleProvider {
return NewWebIdentityRoleProviderWithToken(svc, roleARN, roleSessionName, FetchTokenPath(path))
return NewWebIdentityRoleProviderWithOptions(svc, roleARN, roleSessionName, FetchTokenPath(path))
}
// NewWebIdentityRoleProviderWithToken will return a new WebIdentityRoleProvider with the
// provided stsiface.STSAPI and a TokenFetcher
//
// Deprecated: Use NewWebIdentityRoleProviderWithOptions for flexible
// functional options.
func NewWebIdentityRoleProviderWithToken(svc stsiface.STSAPI, roleARN, roleSessionName string, tokenFetcher TokenFetcher) *WebIdentityRoleProvider {
return &WebIdentityRoleProvider{
return NewWebIdentityRoleProviderWithOptions(svc, roleARN, roleSessionName, tokenFetcher)
}
// NewWebIdentityRoleProviderWithOptions will return an initialize
// WebIdentityRoleProvider with the provided stsiface.STSAPI, role ARN, and a
// TokenFetcher. Additional options can be provided as functional options.
//
// TokenFetcher is the implementation that will retrieve the JWT token from to
// assume the role with. Use the provided FetchTokenPath implementation to
// retrieve the JWT token using a file system path.
func NewWebIdentityRoleProviderWithOptions(svc stsiface.STSAPI, roleARN, roleSessionName string, tokenFetcher TokenFetcher, optFns ...func(*WebIdentityRoleProvider)) *WebIdentityRoleProvider {
p := WebIdentityRoleProvider{
client: svc,
tokenFetcher: tokenFetcher,
roleARN: roleARN,
roleSessionName: roleSessionName,
}
for _, fn := range optFns {
fn(&p)
}
return &p
}
// Retrieve will attempt to assume a role from a token which is located at
@ -104,9 +132,9 @@ func (p *WebIdentityRoleProvider) Retrieve() (credentials.Value, error) {
return p.RetrieveWithContext(aws.BackgroundContext())
}
// RetrieveWithContext will attempt to assume a role from a token which is located at
// 'WebIdentityTokenFilePath' specified destination and if that is empty an
// error will be returned.
// RetrieveWithContext will attempt to assume a role from a token which is
// located at 'WebIdentityTokenFilePath' specified destination and if that is
// empty an error will be returned.
func (p *WebIdentityRoleProvider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
b, err := p.tokenFetcher.FetchToken(ctx)
if err != nil {

988
vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go generated vendored
View File

File diff suppressed because it is too large Load Diff

29
vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go generated vendored
View File

@ -14,8 +14,17 @@ import (
"github.com/aws/aws-sdk-go/aws/defaults"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/internal/shareddefaults"
"github.com/aws/aws-sdk-go/service/sts"
)
// CredentialsProviderOptions specifies additional options for configuring
// credentials providers.
type CredentialsProviderOptions struct {
// WebIdentityRoleProviderOptions configures a WebIdentityRoleProvider,
// such as setting its ExpiryWindow.
WebIdentityRoleProviderOptions func(*stscreds.WebIdentityRoleProvider)
}
func resolveCredentials(cfg *aws.Config,
envCfg envConfig, sharedCfg sharedConfig,
handlers request.Handlers,
@ -40,6 +49,7 @@ func resolveCredentials(cfg *aws.Config,
envCfg.WebIdentityTokenFilePath,
envCfg.RoleARN,
envCfg.RoleSessionName,
sessOpts.CredentialsProviderOptions,
)
default:
@ -59,6 +69,7 @@ var WebIdentityEmptyTokenFilePathErr = awserr.New(stscreds.ErrCodeWebIdentity, "
func assumeWebIdentity(cfg *aws.Config, handlers request.Handlers,
filepath string,
roleARN, sessionName string,
credOptions *CredentialsProviderOptions,
) (*credentials.Credentials, error) {
if len(filepath) == 0 {
@ -69,17 +80,18 @@ func assumeWebIdentity(cfg *aws.Config, handlers request.Handlers,
return nil, WebIdentityEmptyRoleARNErr
}
creds := stscreds.NewWebIdentityCredentials(
&Session{
svc := sts.New(&Session{
Config: cfg,
Handlers: handlers.Copy(),
},
roleARN,
sessionName,
filepath,
)
})
return creds, nil
var optFns []func(*stscreds.WebIdentityRoleProvider)
if credOptions != nil && credOptions.WebIdentityRoleProviderOptions != nil {
optFns = append(optFns, credOptions.WebIdentityRoleProviderOptions)
}
p := stscreds.NewWebIdentityRoleProviderWithOptions(svc, roleARN, sessionName, stscreds.FetchTokenPath(filepath), optFns...)
return credentials.NewCredentials(p), nil
}
func resolveCredsFromProfile(cfg *aws.Config,
@ -114,6 +126,7 @@ func resolveCredsFromProfile(cfg *aws.Config,
sharedCfg.WebIdentityTokenFile,
sharedCfg.RoleARN,
sharedCfg.RoleSessionName,
sessOpts.CredentialsProviderOptions,
)
case sharedCfg.hasSSOConfiguration():

5
vendor/github.com/aws/aws-sdk-go/aws/session/session.go generated vendored
View File

@ -304,6 +304,11 @@ type Options struct {
//
// AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6
EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
// Specifies options for creating credential providers.
// These are only used if the aws.Config does not already
// include credentials.
CredentialsProviderOptions *CredentialsProviderOptions
}
// NewSessionWithOptions returns a new Session created from SDK defaults, config files,

2
vendor/github.com/aws/aws-sdk-go/aws/version.go generated vendored
View File

@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK
const SDKVersion = "1.42.7"
const SDKVersion = "1.42.40"

2
vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go generated vendored
View File

@ -140,7 +140,7 @@ func unmarshalLocationElements(resp *http.Response, v reflect.Value, lowerCaseHe
prefix := field.Tag.Get("locationName")
err := unmarshalHeaderMap(m, resp.Header, prefix, lowerCaseHeaderMaps)
if err != nil {
awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
}
}
}

16479
vendor/github.com/aws/aws-sdk-go/service/ec2/api.go generated vendored
View File

File diff suppressed because it is too large Load Diff

21
vendor/github.com/aws/aws-sdk-go/service/ec2/doc.go generated vendored
View File

@ -4,14 +4,15 @@
// requests to Amazon Elastic Compute Cloud.
//
// Amazon Elastic Compute Cloud (Amazon EC2) provides secure and resizable computing
// capacity in the AWS Cloud. Using Amazon EC2 eliminates the need to invest
// in hardware up front, so you can develop and deploy applications faster.
// Amazon Virtual Private Cloud (Amazon VPC) enables you to provision a logically
// isolated section of the AWS Cloud where you can launch AWS resources in a
// virtual network that you've defined. Amazon Elastic Block Store (Amazon EBS)
// provides block level storage volumes for use with EC2 instances. EBS volumes
// are highly available and reliable storage volumes that can be attached to
// any running instance and used like a hard drive.
// capacity in the Amazon Web Services Cloud. Using Amazon EC2 eliminates the
// need to invest in hardware up front, so you can develop and deploy applications
// faster. Amazon Virtual Private Cloud (Amazon VPC) enables you to provision
// a logically isolated section of the Amazon Web Services Cloud where you can
// launch Amazon Web Services resources in a virtual network that you've defined.
// Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes
// for use with EC2 instances. EBS volumes are highly available and reliable
// storage volumes that can be attached to any running instance and used like
// a hard drive.
//
// To learn more, see the following resources:
//
@ -24,8 +25,8 @@
// * Amazon VPC: Amazon VPC product page (http://aws.amazon.com/vpc), Amazon
// VPC documentation (http://aws.amazon.com/documentation/vpc)
//
// * AWS VPN: AWS VPN product page (http://aws.amazon.com/vpn), AWS VPN documentation
// (http://aws.amazon.com/documentation/vpn)
// * Amazon Web Services VPN: Amazon Web Services VPN product page (http://aws.amazon.com/vpn),
// Amazon Web Services VPN documentation (http://aws.amazon.com/documentation/vpn)
//
// See https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15 for more information on this service.
//

4
vendor/github.com/aws/aws-sdk-go/service/ec2/service.go generated vendored
View File

@ -48,6 +48,10 @@ const (
// svc := ec2.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
func New(p client.ConfigProvider, cfgs ...*aws.Config) *EC2 {
c := p.ClientConfig(EndpointsID, cfgs...)
if c.SigningNameDerived || len(c.SigningName) == 0 {
c.SigningName = EndpointsID
// No Fallback
}
return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
}

51
vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go generated vendored
View File

@ -738,6 +738,57 @@ func (c *EC2) WaitUntilInstanceTerminatedWithContext(ctx aws.Context, input *Des
return w.WaitWithContext(ctx)
}
// WaitUntilInternetGatewayExists uses the Amazon EC2 API operation
// DescribeInternetGateways to wait for a condition to be met before returning.
// If the condition is not met within the max attempt window, an error will
// be returned.
func (c *EC2) WaitUntilInternetGatewayExists(input *DescribeInternetGatewaysInput) error {
return c.WaitUntilInternetGatewayExistsWithContext(aws.BackgroundContext(), input)
}
// WaitUntilInternetGatewayExistsWithContext is an extended version of WaitUntilInternetGatewayExists.
// With the support for passing in a context and options to configure the
// Waiter and the underlying request options.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *EC2) WaitUntilInternetGatewayExistsWithContext(ctx aws.Context, input *DescribeInternetGatewaysInput, opts ...request.WaiterOption) error {
w := request.Waiter{
Name: "WaitUntilInternetGatewayExists",
MaxAttempts: 6,
Delay: request.ConstantWaiterDelay(5 * time.Second),
Acceptors: []request.WaiterAcceptor{
{
State: request.SuccessWaiterState,
Matcher: request.PathWaiterMatch, Argument: "length(InternetGateways[].InternetGatewayId) > `0`",
Expected: true,
},
{
State: request.RetryWaiterState,
Matcher: request.ErrorWaiterMatch,
Expected: "InvalidInternetGateway.NotFound",
},
},
Logger: c.Config.Logger,
NewRequest: func(opts []request.Option) (*request.Request, error) {
var inCpy *DescribeInternetGatewaysInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.DescribeInternetGatewaysRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
w.ApplyOptions(opts...)
return w.WaitWithContext(ctx)
}
// WaitUntilKeyPairExists uses the Amazon EC2 API operation
// DescribeKeyPairs to wait for a condition to be met before returning.
// If the condition is not met within the max attempt window, an error will

4
vendor/github.com/aws/aws-sdk-go/service/kms/service.go generated vendored
View File

@ -49,6 +49,10 @@ const (
// svc := kms.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
func New(p client.ConfigProvider, cfgs ...*aws.Config) *KMS {
c := p.ClientConfig(EndpointsID, cfgs...)
if c.SigningNameDerived || len(c.SigningName) == 0 {
c.SigningName = EndpointsID
// No Fallback
}
return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
}

168
vendor/github.com/aws/aws-sdk-go/service/sts/api.go generated vendored
View File

@ -63,14 +63,15 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// or for cross-account access. For a comparison of AssumeRole with other API
// operations that produce temporary credentials, see Requesting Temporary Security
// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide.
//
// Permissions
//
// The temporary security credentials created by AssumeRole can be used to make
// API calls to any Amazon Web Services service with the following exception:
// You cannot call the STS GetFederationToken or GetSessionToken API operations.
// You cannot call the Amazon Web Services STS GetFederationToken or GetSessionToken
// API operations.
//
// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
@ -86,26 +87,33 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide.
//
// To assume a role from a different account, your account must be trusted by
// the role. The trust relationship is defined in the role's trust policy when
// the role is created. That trust policy states which accounts are allowed
// to delegate that access to users in the account.
// When you create a role, you create two policies: A role trust policy that
// specifies who can assume the role and a permissions policy that specifies
// what can be done with the role. You specify the trusted principal who is
// allowed to assume the role in the role trust policy.
//
// To assume a role from a different account, your Amazon Web Services account
// must be trusted by the role. The trust relationship is defined in the role's
// trust policy when the role is created. That trust policy states which accounts
// are allowed to delegate that access to users in the account.
//
// A user who wants to access a role in a different account must also have permissions
// that are delegated from the user account administrator. The administrator
// must attach a policy that allows the user to call AssumeRole for the ARN
// of the role in the other account. If the user is in the same account as the
// role, then you can do either of the following:
// of the role in the other account.
//
// * Attach a policy to the user (identical to the previous user in a different
// account).
// To allow a user to assume a role in the same account, you can do either of
// the following:
//
// * Attach a policy to the user that allows the user to call AssumeRole
// (as long as the role's trust policy trusts the account).
//
// * Add the user as a principal directly in the role's trust policy.
//
// In this case, the trust policy acts as an IAM resource-based policy. Users
// in the same account as the role do not need explicit permission to assume
// the role. For more information about trust policies and resource-based policies,
// see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
// You can do either because the roles trust policy acts as an IAM resource-based
// policy. When a resource-based policy grants access to a principal in the
// same account, no additional identity-based policy is required. For more information
// about trust policies and resource-based policies, see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
// in the IAM User Guide.
//
// Tags
@ -170,7 +178,7 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
//
// You could receive this error even though you meet other defined session policy
// and session tag limits. For more information, see IAM and STS Entity Character
// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
// in the IAM User Guide.
//
// * ErrCodeRegionDisabledException "RegionDisabledException"
@ -258,7 +266,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// Services access without user-specific credentials or configuration. For a
// comparison of AssumeRoleWithSAML with the other API operations that produce
// temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide.
//
// The temporary security credentials returned by this operation consist of
@ -403,7 +411,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
//
// You could receive this error even though you meet other defined session policy
// and session tag limits. For more information, see IAM and STS Entity Character
// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
// in the IAM User Guide.
//
// * ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
@ -523,7 +531,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// by using a token from the web identity provider. For a comparison of AssumeRoleWithWebIdentity
// with the other API operations that produce temporary credentials, see Requesting
// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide.
//
// The temporary security credentials returned by this API consist of an access
@ -661,7 +669,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
//
// You could receive this error even though you meet other defined session policy
// and session tag limits. For more information, see IAM and STS Entity Character
// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
// in the IAM User Guide.
//
// * ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
@ -776,10 +784,11 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag
// code.
//
// The message is encoded because the details of the authorization status can
// constitute privileged information that the user who requested the operation
// contain privileged information that the user who requested the operation
// should not see. To decode an authorization status message, a user must be
// granted permissions via an IAM policy to request the DecodeAuthorizationMessage
// (sts:DecodeAuthorizationMessage) action.
// granted permissions through an IAM policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
// to request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage)
// action.
//
// The decoded message includes the following type of information:
//
@ -1065,7 +1074,7 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
// For a comparison of GetFederationToken with the other API operations that
// produce temporary credentials, see Requesting Temporary Security Credentials
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide.
//
// You can create a mobile-based or browser-based app that can authenticate
@ -1088,9 +1097,9 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
//
// The temporary credentials are valid for the specified duration, from 900
// seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default
// session duration is 43,200 seconds (12 hours). Temporary credentials that
// are obtained by using Amazon Web Services account root user credentials have
// a maximum duration of 3,600 seconds (1 hour).
// session duration is 43,200 seconds (12 hours). Temporary credentials obtained
// by using the Amazon Web Services account root user credentials have a maximum
// duration of 3,600 seconds (1 hour).
//
// Permissions
//
@ -1141,63 +1150,6 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
// in the IAM User Guide.
//
// You can also call GetFederationToken using the security credentials of an
// Amazon Web Services account root user, but we do not recommend it. Instead,
// we recommend that you create an IAM user for the purpose of the proxy application.
// Then attach a policy to the IAM user that limits federated users to only
// the actions and resources that they need to access. For more information,
// see IAM Best Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)
// in the IAM User Guide.
//
// Session duration
//
// The temporary credentials are valid for the specified duration, from 900
// seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default
// session duration is 43,200 seconds (12 hours). Temporary credentials that
// are obtained by using Amazon Web Services account root user credentials have
// a maximum duration of 3,600 seconds (1 hour).
//
// Permissions
//
// You can use the temporary credentials created by GetFederationToken in any
// Amazon Web Services service except the following:
//
// * You cannot call any IAM operations using the CLI or the Amazon Web Services
// API.
//
// * You cannot call any STS operations except GetCallerIdentity.
//
// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to
// use as managed session policies. The plain text that you use for both inline
// and managed session policies can't exceed 2,048 characters.
//
// Though the session policy parameters are optional, if you do not pass a policy,
// then the resulting federated user session has no permissions. When you pass
// session policies, the session permissions are the intersection of the IAM
// user policies and the session policies that you pass. This gives you a way
// to further restrict the permissions for a federated user. You cannot use
// session policies to grant more permissions than those that are defined in
// the permissions policy of the IAM user. For more information, see Session
// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. For information about using GetFederationToken to
// create temporary security credentials, see GetFederationToken—Federation
// Through a Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken).
//
// You can use the credentials to access a resource that has a resource-based
// policy. If that policy specifically references the federated user session
// in the Principal element of the policy, the session has the permissions allowed
// by the policy. These permissions are granted in addition to the permissions
// granted by the session policies.
//
// Tags
//
// (Optional) You can pass tag key-value pairs to your session. These are called
// session tags. For more information about session tags, see Passing Session
// Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// in the IAM User Guide.
//
// An administrator must grant you the permissions necessary to pass session
// tags. The administrator can also create granular permissions to allow you
// to pass only specific session tags. For more information, see Tutorial: Using
@ -1234,7 +1186,7 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
//
// You could receive this error even though you meet other defined session policy
// and session tag limits. For more information, see IAM and STS Entity Character
// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
// in the IAM User Guide.
//
// * ErrCodeRegionDisabledException "RegionDisabledException"
@ -1323,7 +1275,7 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
// then the API returns an access denied error. For a comparison of GetSessionToken
// with the other API operations that produce temporary credentials, see Requesting
// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide.
//
// Session Duration
@ -1404,15 +1356,23 @@ func (c *STS) GetSessionTokenWithContext(ctx aws.Context, input *GetSessionToken
type AssumeRoleInput struct {
_ struct{} `type:"structure"`
// The duration, in seconds, of the role session. The value specified can can
// range from 900 seconds (15 minutes) up to the maximum session duration that
// is set for the role. The maximum session duration setting can have a value
// from 1 hour to 12 hours. If you specify a value higher than this setting
// or the administrator setting (whichever is lower), the operation fails. For
// example, if you specify a session duration of 12 hours, but your administrator
// set the maximum session duration to 6 hours, your operation fails. To learn
// how to view the maximum value for your role, see View the Maximum Session
// Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// The duration, in seconds, of the role session. The value specified can range
// from 900 seconds (15 minutes) up to the maximum session duration set for
// the role. The maximum session duration setting can have a value from 1 hour
// to 12 hours. If you specify a value higher than this setting or the administrator
// setting (whichever is lower), the operation fails. For example, if you specify
// a session duration of 12 hours, but your administrator set the maximum session
// duration to 6 hours, your operation fails.
//
// Role chaining limits your Amazon Web Services CLI or Amazon Web Services
// API role session to a maximum of one hour. When you use the AssumeRole API
// operation to assume a role, you can specify the duration of your role session
// with the DurationSeconds parameter. You can specify a parameter value of
// up to 43200 seconds (12 hours), depending on the maximum session duration
// setting for your role. However, if you assume a role using role chaining
// and provide a DurationSeconds parameter value greater than one hour, the
// operation fails. To learn how to view the maximum value for your role, see
// View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// in the IAM User Guide.
//
// By default, the value is set to 3600 seconds.
@ -1422,7 +1382,7 @@ type AssumeRoleInput struct {
// to the federation endpoint for a console sign-in token takes a SessionDuration
// parameter that specifies the maximum length of the console session. For more
// information, see Creating a URL that Enables Federated Users to Access the
// Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
// in the IAM User Guide.
DurationSeconds *int64 `min:"900" type:"integer"`
@ -1548,7 +1508,7 @@ type AssumeRoleInput struct {
// A list of session tags that you want to pass. Each session tag consists of
// a key name and an associated value. For more information about session tags,
// see Tagging STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// see Tagging Amazon Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// in the IAM User Guide.
//
// This parameter is optional. You can pass up to 50 session tags. The plaintext
@ -1858,7 +1818,7 @@ type AssumeRoleWithSAMLInput struct {
// to the federation endpoint for a console sign-in token takes a SessionDuration
// parameter that specifies the maximum length of the console session. For more
// information, see Creating a URL that Enables Federated Users to Access the
// Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
// in the IAM User Guide.
DurationSeconds *int64 `min:"900" type:"integer"`
@ -2205,7 +2165,7 @@ type AssumeRoleWithWebIdentityInput struct {
// to the federation endpoint for a console sign-in token takes a SessionDuration
// parameter that specifies the maximum length of the console session. For more
// information, see Creating a URL that Enables Federated Users to Access the
// Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
// in the IAM User Guide.
DurationSeconds *int64 `min:"900" type:"integer"`
@ -2705,7 +2665,7 @@ func (s *DecodeAuthorizationMessageInput) SetEncodedMessage(v string) *DecodeAut
type DecodeAuthorizationMessageOutput struct {
_ struct{} `type:"structure"`
// An XML document that contains the decoded message.
// The API returns a response with the decoded message.
DecodedMessage *string `type:"string"`
}
@ -3237,8 +3197,8 @@ type GetSessionTokenInput struct {
// user has a policy that requires MFA authentication. The value is either the
// serial number for a hardware device (such as GAHT12345678) or an Amazon Resource
// Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user).
// You can find the device for an IAM user by going to the Management Console
// and viewing the user's security credentials.
// You can find the device for an IAM user by going to the Amazon Web Services
// Management Console and viewing the user's security credentials.
//
// The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can
@ -3400,9 +3360,9 @@ func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType {
// You can pass custom key-value pair attributes when you assume a role or federate
// a user. These are called session tags. You can then use the session tags
// to control access to resources. For more information, see Tagging STS Sessions
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in
// the IAM User Guide.
// to control access to resources. For more information, see Tagging Amazon
// Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// in the IAM User Guide.
type Tag struct {
_ struct{} `type:"structure"`

2
vendor/github.com/aws/aws-sdk-go/service/sts/errors.go generated vendored
View File

@ -67,7 +67,7 @@ const (
//
// You could receive this error even though you meet other defined session policy
// and session tag limits. For more information, see IAM and STS Entity Character
// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
// in the IAM User Guide.
ErrCodePackedPolicyTooLargeException = "PackedPolicyTooLarge"

4
vendor/github.com/aws/aws-sdk-go/service/sts/service.go generated vendored
View File

@ -48,6 +48,10 @@ const (
// svc := sts.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
func New(p client.ConfigProvider, cfgs ...*aws.Config) *STS {
c := p.ClientConfig(EndpointsID, cfgs...)
if c.SigningNameDerived || len(c.SigningName) == 0 {
c.SigningName = EndpointsID
// No Fallback
}
return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
}

1
vendor/github.com/hashicorp/go-cleanhttp/cleanhttp.go generated vendored
View File

@ -32,6 +32,7 @@ func DefaultPooledTransport() *http.Transport {
IdleConnTimeout: 90 * time.Second,
TLSHandshakeTimeout: 10 * time.Second,
ExpectContinueTimeout: 1 * time.Second,
ForceAttemptHTTP2: true,
MaxIdleConnsPerHost: runtime.GOMAXPROCS(0) + 1,
}
return transport

2
vendor/github.com/hashicorp/vault/api/README.md generated vendored
View File

@ -3,6 +3,6 @@ Vault API
This provides the `github.com/hashicorp/vault/api` package which contains code useful for interacting with a Vault server.
For examples of how to use this module, see the [vault-examples](https://github.com/hashicorp/vault-examples/tree/main/go) repo.
For examples of how to use this module, see the [vault-examples](https://github.com/hashicorp/vault-examples) repo.
[![GoDoc](https://godoc.org/github.com/hashicorp/vault/api?status.png)](https://godoc.org/github.com/hashicorp/vault/api)

4
vendor/github.com/hashicorp/vault/api/auth_token.go generated vendored
View File

@ -1,6 +1,8 @@
package api
import "context"
import (
"context"
)
// TokenAuth is used to perform token backend operations on Vault
type TokenAuth struct {

10
vendor/github.com/hashicorp/vault/api/client.go generated vendored
View File

@ -20,9 +20,9 @@ import (
"unicode"
"github.com/hashicorp/errwrap"
cleanhttp "github.com/hashicorp/go-cleanhttp"
retryablehttp "github.com/hashicorp/go-retryablehttp"
rootcerts "github.com/hashicorp/go-rootcerts"
"github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/go-retryablehttp"
"github.com/hashicorp/go-rootcerts"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"golang.org/x/net/http2"
"golang.org/x/time/rate"
@ -880,8 +880,10 @@ func (c *Client) SetReadYourWrites(preventStaleReads bool) {
c.config.modifyLock.Lock()
defer c.config.modifyLock.Unlock()
if preventStaleReads && c.replicationStateStore == nil {
if preventStaleReads {
if c.replicationStateStore == nil {
c.replicationStateStore = &replicationStateStore{}
}
} else {
c.replicationStateStore = nil
}

6
vendor/github.com/hashicorp/vault/api/logical.go generated vendored
View File

@ -8,6 +8,7 @@ import (
"net/http"
"net/url"
"os"
"strings"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/vault/sdk/helper/jsonutil"
@ -235,12 +236,13 @@ func (c *Logical) DeleteWithData(path string, data map[string][]string) (*Secret
func (c *Logical) Unwrap(wrappingToken string) (*Secret, error) {
var data map[string]interface{}
wt := strings.TrimSpace(wrappingToken)
if wrappingToken != "" {
if c.c.Token() == "" {
c.c.SetToken(wrappingToken)
c.c.SetToken(wt)
} else if wrappingToken != c.c.Token() {
data = map[string]interface{}{
"token": wrappingToken,
"token": wt,
}
}
}

34
vendor/github.com/hashicorp/vault/api/sys_hastatus.go generated vendored Normal file
View File

@ -0,0 +1,34 @@
package api
import (
"context"
"time"
)
func (c *Sys) HAStatus() (*HAStatusResponse, error) {
r := c.c.NewRequest("GET", "/v1/sys/ha-status")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
defer resp.Body.Close()
var result HAStatusResponse
err = resp.DecodeJSON(&result)
return &result, err
}
type HAStatusResponse struct {
Nodes []HANode
}
type HANode struct {
Hostname string `json:"hostname"`
APIAddress string `json:"api_address"`
ClusterAddress string `json:"cluster_address"`
ActiveNode bool `json:"active_node"`
LastEcho *time.Time `json:"last_echo"`
}

2
vendor/github.com/hashicorp/vault/api/sys_mounts.go generated vendored
View File

@ -154,6 +154,7 @@ type MountConfigInput struct {
PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
AllowedResponseHeaders []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"`
TokenType string `json:"token_type,omitempty" mapstructure:"token_type"`
AllowedManagedKeys []string `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"`
// Deprecated: This field will always be blank for newer server responses.
PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"`
@ -181,6 +182,7 @@ type MountConfigOutput struct {
PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
AllowedResponseHeaders []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"`
TokenType string `json:"token_type,omitempty" mapstructure:"token_type"`
AllowedManagedKeys []string `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"`
// Deprecated: This field will always be blank for newer server responses.
PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"`

19
vendor/github.com/hashicorp/vault/api/sys_raft.go generated vendored
View File

@ -368,3 +368,22 @@ func (c *Sys) RaftAutopilotConfiguration() (*AutopilotConfig, error) {
return &result, err
}
// PutRaftAutopilotConfiguration allows modifying the raft autopilot configuration
func (c *Sys) PutRaftAutopilotConfiguration(opts *AutopilotConfig) error {
r := c.c.NewRequest("POST", "/v1/sys/storage/raft/autopilot/configuration")
if err := r.SetJSONBody(opts); err != nil {
return err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
if err != nil {
return err
}
defer resp.Body.Close()
return nil
}

2
vendor/golang.org/x/net/http2/server.go generated vendored
View File

@ -722,7 +722,7 @@ func (sc *serverConn) canonicalHeader(v string) string {
// maxCachedCanonicalHeaders is an arbitrarily-chosen limit on the number of
// entries in the canonHeader cache. This should be larger than the number
// of unique, uncommon header keys likely to be sent by the peer, while not
// so high as to permit unreaasonable memory usage if the peer sends an unbounded
// so high as to permit unreasonable memory usage if the peer sends an unbounded
// number of unique header keys.
const maxCachedCanonicalHeaders = 32
if len(sc.canonHeader) < maxCachedCanonicalHeaders {

2
vendor/k8s.io/api/autoscaling/v2beta1/types.go generated vendored
View File

@ -449,7 +449,7 @@ type ExternalMetricStatus struct {
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +k8s:prerelease-lifecycle-gen:introduced=1.8
// +k8s:prerelease-lifecycle-gen:deprecated=1.22
// +k8s:prerelease-lifecycle-gen:replacement=autoscaling,v2beta2,HorizontalPodAutoscaler
// +k8s:prerelease-lifecycle-gen:replacement=autoscaling,v2,HorizontalPodAutoscaler
// HorizontalPodAutoscaler is the configuration for a horizontal pod
// autoscaler, which automatically manages the replica count of any resource

2
vendor/k8s.io/api/autoscaling/v2beta1/zz_generated.prerelease-lifecycle.go generated vendored
View File

@ -40,7 +40,7 @@ func (in *HorizontalPodAutoscaler) APILifecycleDeprecated() (major, minor int) {
// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type.
// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=<group>,<version>,<kind>" tags in types.go.
func (in *HorizontalPodAutoscaler) APILifecycleReplacement() schema.GroupVersionKind {
return schema.GroupVersionKind{Group: "autoscaling", Version: "v2beta2", Kind: "HorizontalPodAutoscaler"}
return schema.GroupVersionKind{Group: "autoscaling", Version: "v2", Kind: "HorizontalPodAutoscaler"}
}
// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.

1
vendor/k8s.io/api/autoscaling/v2beta2/types.go generated vendored
View File

@ -28,6 +28,7 @@ import (
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +k8s:prerelease-lifecycle-gen:introduced=1.12
// +k8s:prerelease-lifecycle-gen:deprecated=1.23
// +k8s:prerelease-lifecycle-gen:replacement=autoscaling,v2,HorizontalPodAutoscaler
// HorizontalPodAutoscaler is the configuration for a horizontal pod
// autoscaler, which automatically manages the replica count of any resource

10
vendor/k8s.io/api/autoscaling/v2beta2/zz_generated.prerelease-lifecycle.go generated vendored
View File

@ -21,6 +21,10 @@ limitations under the License.
package v2beta2
import (
schema "k8s.io/apimachinery/pkg/runtime/schema"
)
// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
func (in *HorizontalPodAutoscaler) APILifecycleIntroduced() (major, minor int) {
@ -33,6 +37,12 @@ func (in *HorizontalPodAutoscaler) APILifecycleDeprecated() (major, minor int) {
return 1, 23
}
// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type.
// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=<group>,<version>,<kind>" tags in types.go.
func (in *HorizontalPodAutoscaler) APILifecycleReplacement() schema.GroupVersionKind {
return schema.GroupVersionKind{Group: "autoscaling", Version: "v2", Kind: "HorizontalPodAutoscaler"}
}
// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
func (in *HorizontalPodAutoscaler) APILifecycleRemoved() (major, minor int) {

8
vendor/k8s.io/api/flowcontrol/v1alpha1/types.go generated vendored
View File

@ -63,7 +63,7 @@ const (
// +k8s:prerelease-lifecycle-gen:introduced=1.18
// +k8s:prerelease-lifecycle-gen:deprecated=1.20
// +k8s:prerelease-lifecycle-gen:removed=1.21
// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta1,FlowSchema
// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta2,FlowSchema
// FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with
// similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher".
@ -87,7 +87,7 @@ type FlowSchema struct {
// +k8s:prerelease-lifecycle-gen:introduced=1.18
// +k8s:prerelease-lifecycle-gen:deprecated=1.20
// +k8s:prerelease-lifecycle-gen:removed=1.21
// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta1,FlowSchemaList
// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta2,FlowSchemaList
// FlowSchemaList is a list of FlowSchema objects.
type FlowSchemaList struct {
@ -344,7 +344,7 @@ type FlowSchemaConditionType string
// +k8s:prerelease-lifecycle-gen:introduced=1.18
// +k8s:prerelease-lifecycle-gen:deprecated=1.20
// +k8s:prerelease-lifecycle-gen:removed=1.21
// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta1,PriorityLevelConfiguration
// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta2,PriorityLevelConfiguration
// PriorityLevelConfiguration represents the configuration of a priority level.
type PriorityLevelConfiguration struct {
@ -367,7 +367,7 @@ type PriorityLevelConfiguration struct {
// +k8s:prerelease-lifecycle-gen:introduced=1.18
// +k8s:prerelease-lifecycle-gen:deprecated=1.20
// +k8s:prerelease-lifecycle-gen:removed=1.21
// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta1,PriorityLevelConfigurationList
// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta2,PriorityLevelConfigurationList
// PriorityLevelConfigurationList is a list of PriorityLevelConfiguration objects.
type PriorityLevelConfigurationList struct {

8
vendor/k8s.io/api/flowcontrol/v1alpha1/zz_generated.prerelease-lifecycle.go generated vendored
View File

@ -40,7 +40,7 @@ func (in *FlowSchema) APILifecycleDeprecated() (major, minor int) {
// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type.
// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=<group>,<version>,<kind>" tags in types.go.
func (in *FlowSchema) APILifecycleReplacement() schema.GroupVersionKind {
return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta1", Kind: "FlowSchema"}
return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Kind: "FlowSchema"}
}
// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
@ -64,7 +64,7 @@ func (in *FlowSchemaList) APILifecycleDeprecated() (major, minor int) {
// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type.
// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=<group>,<version>,<kind>" tags in types.go.
func (in *FlowSchemaList) APILifecycleReplacement() schema.GroupVersionKind {
return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta1", Kind: "FlowSchemaList"}
return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Kind: "FlowSchemaList"}
}
// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
@ -88,7 +88,7 @@ func (in *PriorityLevelConfiguration) APILifecycleDeprecated() (major, minor int
// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type.
// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=<group>,<version>,<kind>" tags in types.go.
func (in *PriorityLevelConfiguration) APILifecycleReplacement() schema.GroupVersionKind {
return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta1", Kind: "PriorityLevelConfiguration"}
return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Kind: "PriorityLevelConfiguration"}
}
// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
@ -112,7 +112,7 @@ func (in *PriorityLevelConfigurationList) APILifecycleDeprecated() (major, minor
// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type.
// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=<group>,<version>,<kind>" tags in types.go.
func (in *PriorityLevelConfigurationList) APILifecycleReplacement() schema.GroupVersionKind {
return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta1", Kind: "PriorityLevelConfigurationList"}
return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Kind: "PriorityLevelConfigurationList"}
}
// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.

4
vendor/k8s.io/api/flowcontrol/v1beta1/types.go generated vendored
View File

@ -105,6 +105,7 @@ const (
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +k8s:prerelease-lifecycle-gen:introduced=1.20
// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta2,FlowSchema
// FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with
// similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher".
@ -126,6 +127,7 @@ type FlowSchema struct {
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +k8s:prerelease-lifecycle-gen:introduced=1.20
// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta2,FlowSchemaList
// FlowSchemaList is a list of FlowSchema objects.
type FlowSchemaList struct {
@ -380,6 +382,7 @@ type FlowSchemaConditionType string
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +k8s:prerelease-lifecycle-gen:introduced=1.20
// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta2,PriorityLevelConfiguration
// PriorityLevelConfiguration represents the configuration of a priority level.
type PriorityLevelConfiguration struct {
@ -400,6 +403,7 @@ type PriorityLevelConfiguration struct {
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +k8s:prerelease-lifecycle-gen:introduced=1.20
// +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta2,PriorityLevelConfigurationList
// PriorityLevelConfigurationList is a list of PriorityLevelConfiguration objects.
type PriorityLevelConfigurationList struct {

28
vendor/k8s.io/api/flowcontrol/v1beta1/zz_generated.prerelease-lifecycle.go generated vendored
View File

@ -21,6 +21,10 @@ limitations under the License.
package v1beta1
import (
schema "k8s.io/apimachinery/pkg/runtime/schema"
)
// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
func (in *FlowSchema) APILifecycleIntroduced() (major, minor int) {
@ -33,6 +37,12 @@ func (in *FlowSchema) APILifecycleDeprecated() (major, minor int) {
return 1, 23
}
// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type.
// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=<group>,<version>,<kind>" tags in types.go.
func (in *FlowSchema) APILifecycleReplacement() schema.GroupVersionKind {
return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Kind: "FlowSchema"}
}
// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
func (in *FlowSchema) APILifecycleRemoved() (major, minor int) {
@ -51,6 +61,12 @@ func (in *FlowSchemaList) APILifecycleDeprecated() (major, minor int) {
return 1, 23
}
// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type.
// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=<group>,<version>,<kind>" tags in types.go.
func (in *FlowSchemaList) APILifecycleReplacement() schema.GroupVersionKind {
return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Kind: "FlowSchemaList"}
}
// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
func (in *FlowSchemaList) APILifecycleRemoved() (major, minor int) {
@ -69,6 +85,12 @@ func (in *PriorityLevelConfiguration) APILifecycleDeprecated() (major, minor int
return 1, 23
}
// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type.
// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=<group>,<version>,<kind>" tags in types.go.
func (in *PriorityLevelConfiguration) APILifecycleReplacement() schema.GroupVersionKind {
return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Kind: "PriorityLevelConfiguration"}
}
// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
func (in *PriorityLevelConfiguration) APILifecycleRemoved() (major, minor int) {
@ -87,6 +109,12 @@ func (in *PriorityLevelConfigurationList) APILifecycleDeprecated() (major, minor
return 1, 23
}
// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type.
// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=<group>,<version>,<kind>" tags in types.go.
func (in *PriorityLevelConfigurationList) APILifecycleReplacement() schema.GroupVersionKind {
return schema.GroupVersionKind{Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Kind: "PriorityLevelConfigurationList"}
}
// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
func (in *PriorityLevelConfigurationList) APILifecycleRemoved() (major, minor int) {

5
vendor/k8s.io/client-go/tools/pager/pager.go generated vendored
View File

@ -78,6 +78,7 @@ func (p *ListPager) List(ctx context.Context, options metav1.ListOptions) (runti
options.Limit = p.PageSize
}
requestedResourceVersion := options.ResourceVersion
requestedResourceVersionMatch := options.ResourceVersionMatch
var list *metainternalversion.List
paginatedResult := false
@ -102,6 +103,7 @@ func (p *ListPager) List(ctx context.Context, options metav1.ListOptions) (runti
options.Limit = 0
options.Continue = ""
options.ResourceVersion = requestedResourceVersion
options.ResourceVersionMatch = requestedResourceVersionMatch
result, err := p.PageFn(ctx, options)
return result, paginatedResult, err
}
@ -135,10 +137,11 @@ func (p *ListPager) List(ctx context.Context, options metav1.ListOptions) (runti
// set the next loop up
options.Continue = m.GetContinue()
// Clear the ResourceVersion on the subsequent List calls to avoid the
// Clear the ResourceVersion(Match) on the subsequent List calls to avoid the
// `specifying resource version is not allowed when using continue` error.
// See https://github.com/kubernetes/kubernetes/issues/85221#issuecomment-553748143.
options.ResourceVersion = ""
options.ResourceVersionMatch = ""
// At this point, result is already paginated.
paginatedResult = true
}

14
vendor/k8s.io/mount-utils/mount_helper_common.go generated vendored
View File

@ -135,17 +135,3 @@ func removePathIfNotMountPoint(mountPath string, mounter Interface, extensiveMou
}
return notMnt, nil
}
// PathExists returns true if the specified path exists.
// TODO: clean this up to use pkg/util/file/FileExists
func PathExists(path string) (bool, error) {
_, err := os.Stat(path)
if err == nil {
return true, nil
} else if os.IsNotExist(err) {
return false, nil
} else if IsCorruptedMnt(err) {
return true, err
}
return false, err
}

28
vendor/k8s.io/mount-utils/mount_helper_unix.go generated vendored
View File

@ -20,12 +20,15 @@ limitations under the License.
package mount
import (
"errors"
"fmt"
"io/fs"
"os"
"strconv"
"strings"
"syscall"
"k8s.io/klog/v2"
utilio "k8s.io/utils/io"
)
@ -51,6 +54,8 @@ func IsCorruptedMnt(err error) bool {
underlyingError = pe.Err
case *os.SyscallError:
underlyingError = pe.Err
case syscall.Errno:
underlyingError = err
}
return underlyingError == syscall.ENOTCONN || underlyingError == syscall.ESTALE || underlyingError == syscall.EIO || underlyingError == syscall.EACCES || underlyingError == syscall.EHOSTDOWN
@ -157,3 +162,26 @@ func isMountPointMatch(mp MountPoint, dir string) bool {
deletedDir := fmt.Sprintf("%s\\040(deleted)", dir)
return ((mp.Path == dir) || (mp.Path == deletedDir))
}
// PathExists returns true if the specified path exists.
// TODO: clean this up to use pkg/util/file/FileExists
func PathExists(path string) (bool, error) {
_, err := os.Stat(path)
if err == nil {
return true, nil
} else if errors.Is(err, fs.ErrNotExist) {
err = syscall.Access(path, syscall.F_OK)
if err == nil {
// The access syscall says the file exists, the stat syscall says it
// doesn't. This was observed on CIFS when the path was removed at
// the server somehow. POSIX calls this a stale file handle, let's fake
// that error and treat the path as existing but corrupted.
klog.Warningf("Potential stale file handle detected: %s", path)
return true, syscall.ESTALE
}
return false, nil
} else if IsCorruptedMnt(err) {
return true, err
}
return false, err
}

14
vendor/k8s.io/mount-utils/mount_helper_windows.go generated vendored
View File

@ -95,3 +95,17 @@ func ValidateDiskNumber(disk string) error {
func isMountPointMatch(mp MountPoint, dir string) bool {
return mp.Path == dir
}
// PathExists returns true if the specified path exists.
// TODO: clean this up to use pkg/util/file/FileExists
func PathExists(path string) (bool, error) {
_, err := os.Stat(path)
if err == nil {
return true, nil
} else if os.IsNotExist(err) {
return false, nil
} else if IsCorruptedMnt(err) {
return true, err
}
return false, err
}

86
vendor/modules.txt vendored
View File

@ -8,7 +8,7 @@ github.com/armon/go-metrics
# github.com/armon/go-radix v1.0.0
## explicit
github.com/armon/go-radix
# github.com/aws/aws-sdk-go v1.42.7
# github.com/aws/aws-sdk-go v1.42.40
## explicit; go 1.11
github.com/aws/aws-sdk-go/aws
github.com/aws/aws-sdk-go/aws/awserr
@ -182,8 +182,8 @@ github.com/grpc-ecosystem/grpc-gateway/utilities
# github.com/hashicorp/errwrap v1.1.0
## explicit
github.com/hashicorp/errwrap
# github.com/hashicorp/go-cleanhttp v0.5.1
## explicit
# github.com/hashicorp/go-cleanhttp v0.5.2
## explicit; go 1.13
github.com/hashicorp/go-cleanhttp
# github.com/hashicorp/go-hclog v0.16.2
## explicit; go 1.13
@ -241,7 +241,7 @@ github.com/hashicorp/hcl/json/token
## explicit; go 1.13
github.com/hashicorp/vault/command/agent/auth
github.com/hashicorp/vault/command/agent/auth/kubernetes
# github.com/hashicorp/vault/api v1.3.0
# github.com/hashicorp/vault/api v1.3.1
## explicit; go 1.13
github.com/hashicorp/vault/api
# github.com/hashicorp/vault/sdk v0.3.0
@ -519,7 +519,7 @@ golang.org/x/crypto/poly1305
golang.org/x/crypto/scrypt
golang.org/x/crypto/ssh
golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
# golang.org/x/net v0.0.0-20211209124913-491a49abca63
# golang.org/x/net v0.0.0-20211216030914-fe4d6282115f
## explicit; go 1.17
golang.org/x/net/context
golang.org/x/net/context/ctxhttp
@ -695,7 +695,7 @@ gopkg.in/yaml.v2
# gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
## explicit
gopkg.in/yaml.v3
# k8s.io/api v0.23.0 => k8s.io/api v0.23.0
# k8s.io/api v0.23.2 => k8s.io/api v0.23.2
## explicit; go 1.16
k8s.io/api/admission/v1
k8s.io/api/admission/v1beta1
@ -744,7 +744,7 @@ k8s.io/api/scheduling/v1beta1
k8s.io/api/storage/v1
k8s.io/api/storage/v1alpha1
k8s.io/api/storage/v1beta1
# k8s.io/apimachinery v0.23.0 => k8s.io/apimachinery v0.23.0
# k8s.io/apimachinery v0.23.2 => k8s.io/apimachinery v0.23.2
## explicit; go 1.16
k8s.io/apimachinery/pkg/api/equality
k8s.io/apimachinery/pkg/api/errors
@ -800,7 +800,7 @@ k8s.io/apimachinery/pkg/watch
k8s.io/apimachinery/third_party/forked/golang/json
k8s.io/apimachinery/third_party/forked/golang/netutil
k8s.io/apimachinery/third_party/forked/golang/reflect
# k8s.io/apiserver v0.23.0 => k8s.io/apiserver v0.23.0
# k8s.io/apiserver v0.23.2 => k8s.io/apiserver v0.23.2
## explicit; go 1.16
k8s.io/apiserver/pkg/admission
k8s.io/apiserver/pkg/admission/configuration
@ -841,7 +841,7 @@ k8s.io/apiserver/pkg/util/feature
k8s.io/apiserver/pkg/util/webhook
k8s.io/apiserver/pkg/util/x509metrics
k8s.io/apiserver/pkg/warning
# k8s.io/client-go v12.0.0+incompatible => k8s.io/client-go v0.23.0
# k8s.io/client-go v12.0.0+incompatible => k8s.io/client-go v0.23.2
## explicit; go 1.16
k8s.io/client-go/applyconfigurations/admissionregistration/v1
k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1
@ -1084,12 +1084,12 @@ k8s.io/client-go/util/homedir
k8s.io/client-go/util/keyutil
k8s.io/client-go/util/retry
k8s.io/client-go/util/workqueue
# k8s.io/cloud-provider v0.23.0 => k8s.io/cloud-provider v0.23.0
# k8s.io/cloud-provider v0.23.2 => k8s.io/cloud-provider v0.23.2
## explicit; go 1.16
k8s.io/cloud-provider
k8s.io/cloud-provider/volume
k8s.io/cloud-provider/volume/helpers
# k8s.io/component-base v0.23.0 => k8s.io/component-base v0.23.0
# k8s.io/component-base v0.23.2 => k8s.io/component-base v0.23.2
## explicit; go 1.16
k8s.io/component-base/cli/flag
k8s.io/component-base/config
@ -1100,7 +1100,7 @@ k8s.io/component-base/metrics/legacyregistry
k8s.io/component-base/metrics/testutil
k8s.io/component-base/traces
k8s.io/component-base/version
# k8s.io/component-helpers v0.23.0 => k8s.io/component-helpers v0.23.0
# k8s.io/component-helpers v0.23.2 => k8s.io/component-helpers v0.23.2
## explicit; go 1.16
k8s.io/component-helpers/node/util/sysctl
k8s.io/component-helpers/scheduling/corev1
@ -1112,14 +1112,14 @@ k8s.io/klog/v2
## explicit; go 1.16
k8s.io/kube-openapi/pkg/schemaconv
k8s.io/kube-openapi/pkg/util/proto
# k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.23.0
# k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.23.2
## explicit; go 1.16
k8s.io/kubectl/pkg/scale
k8s.io/kubectl/pkg/util/podutils
# k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.23.0
# k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.23.2
## explicit; go 1.16
k8s.io/kubelet/pkg/apis/stats/v1alpha1
# k8s.io/kubernetes v1.23.1
# k8s.io/kubernetes v1.23.2
## explicit; go 1.16
k8s.io/kubernetes/pkg/api/legacyscheme
k8s.io/kubernetes/pkg/api/service
@ -1182,7 +1182,7 @@ k8s.io/kubernetes/test/e2e/storage/podlogs
k8s.io/kubernetes/test/e2e/storage/utils
k8s.io/kubernetes/test/utils
k8s.io/kubernetes/test/utils/image
# k8s.io/mount-utils v0.23.0 => k8s.io/mount-utils v0.23.0
# k8s.io/mount-utils v0.23.2 => k8s.io/mount-utils v0.23.2
## explicit; go 1.16
k8s.io/mount-utils
# k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b
@ -1202,7 +1202,7 @@ k8s.io/utils/nsenter
k8s.io/utils/path
k8s.io/utils/pointer
k8s.io/utils/trace
# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.25
# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.27
## explicit; go 1.17
sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client
sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client
@ -1247,7 +1247,7 @@ sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics
## explicit; go 1.16
sigs.k8s.io/json
sigs.k8s.io/json/internal/golang/encoding/json
# sigs.k8s.io/structured-merge-diff/v4 v4.2.0
# sigs.k8s.io/structured-merge-diff/v4 v4.2.1
## explicit; go 1.13
sigs.k8s.io/structured-merge-diff/v4/fieldpath
sigs.k8s.io/structured-merge-diff/v4/schema
@ -1261,29 +1261,29 @@ sigs.k8s.io/yaml
# github.com/golang/protobuf => github.com/golang/protobuf v1.4.3
# github.com/portworx/sched-ops => github.com/portworx/sched-ops v0.20.4-openstorage-rc3
# gomodules.xyz/jsonpatch/v2 => github.com/gomodules/jsonpatch/v2 v2.2.0
# k8s.io/api => k8s.io/api v0.23.0
# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.23.0
# k8s.io/apimachinery => k8s.io/apimachinery v0.23.0
# k8s.io/apiserver => k8s.io/apiserver v0.23.0
# k8s.io/cli-runtime => k8s.io/cli-runtime v0.23.0
# k8s.io/client-go => k8s.io/client-go v0.23.0
# k8s.io/cloud-provider => k8s.io/cloud-provider v0.23.0
# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.23.0
# k8s.io/code-generator => k8s.io/code-generator v0.23.0
# k8s.io/component-base => k8s.io/component-base v0.23.0
# k8s.io/component-helpers => k8s.io/component-helpers v0.23.0
# k8s.io/controller-manager => k8s.io/controller-manager v0.23.0
# k8s.io/cri-api => k8s.io/cri-api v0.23.0
# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.23.0
# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.23.0
# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.23.0
# k8s.io/kube-proxy => k8s.io/kube-proxy v0.23.0
# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.23.0
# k8s.io/kubectl => k8s.io/kubectl v0.23.0
# k8s.io/kubelet => k8s.io/kubelet v0.23.0
# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.23.0
# k8s.io/metrics => k8s.io/metrics v0.23.0
# k8s.io/mount-utils => k8s.io/mount-utils v0.23.0
# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.23.0
# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.23.0
# k8s.io/api => k8s.io/api v0.23.2
# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.23.2
# k8s.io/apimachinery => k8s.io/apimachinery v0.23.2
# k8s.io/apiserver => k8s.io/apiserver v0.23.2
# k8s.io/cli-runtime => k8s.io/cli-runtime v0.23.2
# k8s.io/client-go => k8s.io/client-go v0.23.2
# k8s.io/cloud-provider => k8s.io/cloud-provider v0.23.2
# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.23.2
# k8s.io/code-generator => k8s.io/code-generator v0.23.2
# k8s.io/component-base => k8s.io/component-base v0.23.2
# k8s.io/component-helpers => k8s.io/component-helpers v0.23.2
# k8s.io/controller-manager => k8s.io/controller-manager v0.23.2
# k8s.io/cri-api => k8s.io/cri-api v0.23.2
# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.23.2
# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.23.2
# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.23.2
# k8s.io/kube-proxy => k8s.io/kube-proxy v0.23.2
# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.23.2
# k8s.io/kubectl => k8s.io/kubectl v0.23.2
# k8s.io/kubelet => k8s.io/kubelet v0.23.2
# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.23.2
# k8s.io/metrics => k8s.io/metrics v0.23.2
# k8s.io/mount-utils => k8s.io/mount-utils v0.23.2
# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.23.2
# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.23.2
# layeh.com/radius => github.com/layeh/radius v0.0.0-20190322222518-890bc1058917

3
vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go generated vendored
View File

@ -114,7 +114,8 @@ func (t *grpcTunnel) serve(c clientConn) {
t.pendingDialLock.RUnlock()
if !ok {
klog.V(1).Infoln("DialResp not recognized; dropped")
klog.V(1).InfoS("DialResp not recognized; dropped", "connectionID", resp.ConnectID, "dialID", resp.Random)
return
} else {
result := dialResult{
err: resp.Error,

180
vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go generated vendored
View File

@ -17,8 +17,6 @@ limitations under the License.
package typed
import (
"math"
"sigs.k8s.io/structured-merge-diff/v4/fieldpath"
"sigs.k8s.io/structured-merge-diff/v4/schema"
"sigs.k8s.io/structured-merge-diff/v4/value"
@ -170,74 +168,94 @@ func (w *mergingWalker) visitListItems(t *schema.List, lhs, rhs value.List) (err
if lhs != nil {
lLen = lhs.Length()
}
out := make([]interface{}, 0, int(math.Max(float64(rLen), float64(lLen))))
lhsOrder := make([]fieldpath.PathElement, 0, lLen)
// First, collect all LHS children.
observedLHS := fieldpath.MakePathElementValueMap(lLen)
if lhs != nil {
for i := 0; i < lhs.Length(); i++ {
child := lhs.At(i)
pe, err := listItemToPathElement(w.allocator, w.schema, t, i, child)
if err != nil {
errs = append(errs, errorf("lhs: element %v: %v", i, err.Error())...)
// If we can't construct the path element, we can't
// even report errors deeper in the schema, so bail on
// this element.
continue
outLen := lLen
if outLen < rLen {
outLen = rLen
}
if _, ok := observedLHS.Get(pe); ok {
errs = append(errs, errorf("lhs: duplicate entries for key %v", pe.String())...)
}
observedLHS.Insert(pe, child)
lhsOrder = append(lhsOrder, pe)
out := make([]interface{}, 0, outLen)
rhsOrder, observedRHS, rhsErrs := w.indexListPathElements(t, rhs)
errs = append(errs, rhsErrs...)
lhsOrder, observedLHS, lhsErrs := w.indexListPathElements(t, lhs)
errs = append(errs, lhsErrs...)
sharedOrder := make([]*fieldpath.PathElement, 0, rLen)
for i := range rhsOrder {
pe := &rhsOrder[i]
if _, ok := observedLHS.Get(*pe); ok {
sharedOrder = append(sharedOrder, pe)
}
}
// Then merge with RHS children.
observedRHS := fieldpath.MakePathElementSet(rLen)
if rhs != nil {
for i := 0; i < rhs.Length(); i++ {
child := rhs.At(i)
pe, err := listItemToPathElement(w.allocator, w.schema, t, i, child)
if err != nil {
errs = append(errs, errorf("rhs: element %v: %v", i, err.Error())...)
// If we can't construct the path element, we can't
// even report errors deeper in the schema, so bail on
// this element.
continue
}
if observedRHS.Has(pe) {
errs = append(errs, errorf("rhs: duplicate entries for key %v", pe.String())...)
continue
}
observedRHS.Insert(pe)
w2 := w.prepareDescent(pe, t.ElementType)
w2.rhs = child
if lchild, ok := observedLHS.Get(pe); ok {
w2.lhs = lchild
}
errs = append(errs, w2.merge(pe.String)...)
if w2.out != nil {
out = append(out, *w2.out)
}
w.finishDescent(w2)
}
var nextShared *fieldpath.PathElement
if len(sharedOrder) > 0 {
nextShared = sharedOrder[0]
sharedOrder = sharedOrder[1:]
}
for _, pe := range lhsOrder {
if observedRHS.Has(pe) {
lLen, rLen = len(lhsOrder), len(rhsOrder)
for lI, rI := 0, 0; lI < lLen || rI < rLen; {
if lI < lLen && rI < rLen {
pe := lhsOrder[lI]
if pe.Equals(rhsOrder[rI]) {
// merge LHS & RHS items
lChild, _ := observedLHS.Get(pe)
rChild, _ := observedRHS.Get(pe)
mergeOut, errs := w.mergeListItem(t, pe, lChild, rChild)
errs = append(errs, errs...)
if mergeOut != nil {
out = append(out, *mergeOut)
}
lI++
rI++
nextShared = nil
if len(sharedOrder) > 0 {
nextShared = sharedOrder[0]
sharedOrder = sharedOrder[1:]
}
continue
}
value, _ := observedLHS.Get(pe)
w2 := w.prepareDescent(pe, t.ElementType)
w2.lhs = value
errs = append(errs, w2.merge(pe.String)...)
if w2.out != nil {
out = append(out, *w2.out)
if _, ok := observedRHS.Get(pe); ok && nextShared != nil && !nextShared.Equals(lhsOrder[lI]) {
// shared item, but not the one we want in this round
lI++
continue
}
}
if lI < lLen {
pe := lhsOrder[lI]
if _, ok := observedRHS.Get(pe); !ok {
// take LHS item
lChild, _ := observedLHS.Get(pe)
mergeOut, errs := w.mergeListItem(t, pe, lChild, nil)
errs = append(errs, errs...)
if mergeOut != nil {
out = append(out, *mergeOut)
}
lI++
continue
}
}
if rI < rLen {
// Take the RHS item, merge with matching LHS item if possible
pe := rhsOrder[rI]
lChild, _ := observedLHS.Get(pe) // may be nil
rChild, _ := observedRHS.Get(pe)
mergeOut, errs := w.mergeListItem(t, pe, lChild, rChild)
errs = append(errs, errs...)
if mergeOut != nil {
out = append(out, *mergeOut)
}
rI++
// Advance nextShared, if we are merging nextShared.
if nextShared != nil && nextShared.Equals(pe) {
nextShared = nil
if len(sharedOrder) > 0 {
nextShared = sharedOrder[0]
sharedOrder = sharedOrder[1:]
}
}
}
w.finishDescent(w2)
}
if len(out) > 0 {
@ -248,6 +266,46 @@ func (w *mergingWalker) visitListItems(t *schema.List, lhs, rhs value.List) (err
return errs
}
func (w *mergingWalker) indexListPathElements(t *schema.List, list value.List) ([]fieldpath.PathElement, fieldpath.PathElementValueMap, ValidationErrors) {
var errs ValidationErrors
length := 0
if list != nil {
length = list.Length()
}
observed := fieldpath.MakePathElementValueMap(length)
pes := make([]fieldpath.PathElement, 0, length)
for i := 0; i < length; i++ {
child := list.At(i)
pe, err := listItemToPathElement(w.allocator, w.schema, t, i, child)
if err != nil {
errs = append(errs, errorf("element %v: %v", i, err.Error())...)
// If we can't construct the path element, we can't
// even report errors deeper in the schema, so bail on
// this element.
continue
}
if _, found := observed.Get(pe); found {
errs = append(errs, errorf("duplicate entries for key %v", pe.String())...)
continue
}
observed.Insert(pe, child)
pes = append(pes, pe)
}
return pes, observed, errs
}
func (w *mergingWalker) mergeListItem(t *schema.List, pe fieldpath.PathElement, lChild, rChild value.Value) (out *interface{}, errs ValidationErrors) {
w2 := w.prepareDescent(pe, t.ElementType)
w2.lhs = lChild
w2.rhs = rChild
errs = append(errs, w2.merge(pe.String)...)
if w2.out != nil {
out = w2.out
}
w.finishDescent(w2)
return
}
func (w *mergingWalker) derefList(prefix string, v value.Value) (value.List, ValidationErrors) {
if v == nil {
return nil, nil