rebase: bump the golang-dependencies group with 1 update

Bumps the golang-dependencies group with 1 update: [golang.org/x/crypto](https://github.com/golang/crypto). Updates `golang.org/x/crypto` from 0.16.0 to 0.17.0 - [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
2025-06-13 02:33:34 +00:00 · 2023-12-18 20:31:00 +00:00
parent 1ad79314f9
commit e5d9b68d36
398 changed files with 33924 additions and 10753 deletions
--- a/vendor/k8s.io/kubernetes/pkg/volume/plugins.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/plugins.go
@ -333,6 +333,13 @@ type KubeletVolumeHost interface {
 	WaitForCacheSync() error
 	// Returns hostutil.HostUtils
 	GetHostUtil() hostutil.HostUtils
+
+	// Returns trust anchors from the named ClusterTrustBundle.
+	GetTrustAnchorsByName(name string, allowMissing bool) ([]byte, error)
+
+	// Returns trust anchors from the ClusterTrustBundles selected by signer
+	// name and label selector.
+	GetTrustAnchorsBySigner(signerName string, labelSelector *metav1.LabelSelector, allowMissing bool) ([]byte, error)
 }

 // AttachDetachVolumeHost is a AttachDetach Controller specific interface that plugins can use
@ -1057,7 +1064,7 @@ func NewPersistentVolumeRecyclerPodTemplate() *v1.Pod {
 			Containers: []v1.Container{
 				{
 					Name:    "pv-recycler",
-					Image:   "registry.k8s.io/debian-base:v2.0.0",
+					Image:   "registry.k8s.io/build-image/debian-base:bookworm-v1.0.0",
 					Command: []string{"/bin/sh"},
 					Args:    []string{"-c", "test -e /scrub && find /scrub -mindepth 1 -delete && test -z \"$(ls -A /scrub)\" || exit 1"},
 					VolumeMounts: []v1.VolumeMount{
--- a/vendor/k8s.io/kubernetes/pkg/volume/util/hostutil/hostutil_windows.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/util/hostutil/hostutil_windows.go
@ -21,12 +21,16 @@ package hostutil

 import (
 	"fmt"
+	"io/fs"
 	"os"
 	"path"
 	"path/filepath"
 	"strings"
+	"syscall"

+	"golang.org/x/sys/windows"
 	"k8s.io/klog/v2"
+	"k8s.io/kubernetes/pkg/util/filesystem"
 	"k8s.io/mount-utils"
 	utilpath "k8s.io/utils/path"
 )
@ -87,9 +91,28 @@ func (hu *HostUtil) MakeRShared(path string) error {
 	return nil
 }

+func isSystemCannotAccessErr(err error) bool {
+	if fserr, ok := err.(*fs.PathError); ok {
+		errno, ok := fserr.Err.(syscall.Errno)
+		return ok && errno == windows.ERROR_CANT_ACCESS_FILE
+	}
+
+	return false
+}
+
 // GetFileType checks for sockets/block/character devices
 func (hu *(HostUtil)) GetFileType(pathname string) (FileType, error) {
-	return getFileType(pathname)
+	filetype, err := getFileType(pathname)
+
+	// os.Stat will return a 1920 error (windows.ERROR_CANT_ACCESS_FILE) if we use it on a Unix Socket
+	// on Windows. In this case, we need to use a different method to check if it's a Unix Socket.
+	if isSystemCannotAccessErr(err) {
+		if isSocket, errSocket := filesystem.IsUnixDomainSocket(pathname); errSocket == nil && isSocket {
+			return FileTypeSocket, nil
+		}
+	}
+
+	return filetype, err
 }

 // PathExists checks whether the path exists
--- a/vendor/k8s.io/kubernetes/pkg/volume/util/selinux.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/util/selinux.go
@ -168,10 +168,6 @@ func SupportsSELinuxContextMount(volumeSpec *volume.Spec, volumePluginMgr *volum

 // VolumeSupportsSELinuxMount returns true if given volume access mode can support mount with SELinux mount options.
 func VolumeSupportsSELinuxMount(volumeSpec *volume.Spec) bool {
-	// Right now, SELinux mount is supported only for ReadWriteOncePod volumes.
-	if !utilfeature.DefaultFeatureGate.Enabled(features.ReadWriteOncePod) {
-		return false
-	}
 	if !utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMountReadWriteOncePod) {
 		return false
 	}
--- a/vendor/k8s.io/kubernetes/pkg/volume/util/volumeattributesclass.go
+++ b/vendor/k8s.io/kubernetes/pkg/volume/util/volumeattributesclass.go
@ -0,0 +1,72 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"sort"
+
+	storagev1alpha1 "k8s.io/api/storage/v1alpha1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/labels"
+	storagev1alpha1listers "k8s.io/client-go/listers/storage/v1alpha1"
+	"k8s.io/klog/v2"
+)
+
+const (
+	// AlphaIsDefaultVolumeAttributesClassAnnotation is the alpha version of IsDefaultVolumeAttributesClassAnnotation.
+	AlphaIsDefaultVolumeAttributesClassAnnotation = "volumeattributesclass.alpha.kubernetes.io/is-default-class"
+)
+
+// GetDefaultVolumeAttributesClass returns the default VolumeAttributesClass from the store, or nil.
+func GetDefaultVolumeAttributesClass(lister storagev1alpha1listers.VolumeAttributesClassLister, driverName string) (*storagev1alpha1.VolumeAttributesClass, error) {
+	list, err := lister.List(labels.Everything())
+	if err != nil {
+		return nil, err
+	}
+
+	defaultClasses := []*storagev1alpha1.VolumeAttributesClass{}
+	for _, class := range list {
+		if IsDefaultVolumeAttributesClassAnnotation(class.ObjectMeta) && class.DriverName == driverName {
+			defaultClasses = append(defaultClasses, class)
+			klog.V(4).Infof("GetDefaultVolumeAttributesClass added: %s", class.Name)
+		}
+	}
+
+	if len(defaultClasses) == 0 {
+		return nil, nil
+	}
+
+	// Primary sort by creation timestamp, newest first
+	// Secondary sort by class name, ascending order
+	sort.Slice(defaultClasses, func(i, j int) bool {
+		if defaultClasses[i].CreationTimestamp.UnixNano() == defaultClasses[j].CreationTimestamp.UnixNano() {
+			return defaultClasses[i].Name < defaultClasses[j].Name
+		}
+		return defaultClasses[i].CreationTimestamp.UnixNano() > defaultClasses[j].CreationTimestamp.UnixNano()
+	})
+	if len(defaultClasses) > 1 {
+		klog.V(4).Infof("%d default VolumeAttributesClass were found, choosing: %s", len(defaultClasses), defaultClasses[0].Name)
+	}
+
+	return defaultClasses[0], nil
+}
+
+// IsDefaultVolumeAttributesClassAnnotation returns a boolean if the default
+// volume attributes class annotation is set
+func IsDefaultVolumeAttributesClassAnnotation(obj metav1.ObjectMeta) bool {
+	return obj.Annotations[AlphaIsDefaultVolumeAttributesClassAnnotation] == "true"
+}