Commit Graph

29 Commits

Author SHA1 Message Date
Humble Chirammal
78211b694b build: update client-go and other kube dependencies to 1.20.6
client-go 1.20.6 has a fix for below CVE: This patch address this
via updating client-go and other dependencies.

CVE-2019-11250 : The MITRE CVE dictionary describes this issue as:

The Kubernetes client-go library logs request headers at verbosity
levels of 7 or higher. This can disclose credentials to unauthorized
users via logs or command output. Kubernetes components (such as
kube-apiserver) prior to v1.16.0, which make use of basic or bearer
token authentication, and run at high verbosity levels, are affected.

Ref# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11250

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2021-05-26 09:14:10 +00:00
Humble Chirammal
9aa3520c9d build: update go version to 1.16 in go.mod
Make go version latest in the repo

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2021-05-25 09:03:52 +00:00
Madhu Rajanna
385a751b8e rebase: rename kube-storage to csi-addons
as the org github.com/kube-storage is renamed
to github.com/csi-addons as the name kube-storage
was more generic.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-06 10:59:58 +00:00
Niels de Vos
78cb7af46f rebase: vendor pkgs for Amazon KMS support
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-04-06 07:33:54 +00:00
Madhu Rajanna
ce7f936551 rebase: add replication-lib-utils to go.mod
added github.com/kube-storage/replication-lib-utils
to the vendor directory which is required to avoid
secret logging in GRPC.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-01 20:05:55 +00:00
Madhu Rajanna
342d282780 rebase: add kube-storage/replication to go.mod
add dependent kube-storage/replication package
to the vendor.

update grpc to latest release v1.35.0.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-03-16 13:06:44 +00:00
Niels de Vos
2b7f078943 rebase: vendor golang.org/x/crypto and update to latest
The new SecretsMetadataKMS provider encrypts/decrypts DEKs as they are
stored in the metadata of volumes. The encryption/decryption uses
golang.org/x/crypto/scrypt to generate the encryption key from a
passphrase.

While vendoring golang.org/x/crypto, already vendored sub-packages have
been updated.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-12 10:11:47 +00:00
Niels de Vos
75de0b81ea build: vendor testify package for unit-tests
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2021-03-04 12:11:07 +00:00
Mudit Agarwal
32d78c4f7f rebase: update go-ceph to v0.8.0
Updating go-ceph to v0.8.0.

Signed-off-by: Mudit Agarwal <muagarwa@redhat.com>
2021-02-10 05:23:01 +00:00
Madhu Rajanna
83559144b1 rebase: update kubernetes to v1.20.0
updated kubernetes packages to latest
release.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-17 16:04:54 +00:00
Madhu Rajanna
eeec1213cb rebase: update go-ceph to v0.7.0
updating go-ceph to latest 0.7.0
release.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-12-10 10:13:55 +00:00
Niels de Vos
91774fc936 rebase: vendor dependencies for Vault API
Uses github.com/libopenstorage/secrets to communicate with Vault. This
removes the need for maintaining our own limited Vault APIs.

By adding the new dependency, several other packages got updated in the
process. Unused indirect dependencies have been removed from go.mod.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-11-29 04:03:59 +00:00
Madhu Rajanna
5af3fe5deb rebase: add controller runtime dependency
this commits add the controller runtime
and its dependency to the vendor.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-11-28 18:50:00 +00:00
Niels de Vos
29c78f97c0 rebase: update vendored go-ceph to v0.6
Closes: #1547
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-10-13 16:09:04 +00:00
Mudit Agarwal
8e434bb3ee build: update vendor with latest version
Updating the version of golang.org/x/text to version v0.3.3.
It fixes the vulnerability in http://golang.org/x/text/encoding/unicode
which leads UTF-16 decoder entering an infinite loop causing
the program to crash or run out of memory.

Signed-off-by: Mudit Agarwal <muagarwa@redhat.com>
2020-09-21 10:49:28 +00:00
Humble Chirammal
edca318828 rebase: update the CSI Spec to v1.3.0
This spec add the extra capability to  node and controller
volume to report volume condition of a pv..etc.

Refer # https://github.com/ceph/ceph-csi/issues/1356

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-09-04 09:24:01 +00:00
Madhu Rajanna
2808d526bb rebase: update go-ceph to v0.5.0
as go-ceph is 0.5.0 is released updating
the dependency to latest release.
more info about release at
https://github.com/ceph/go-ceph/releases/tag/v0.5.0

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-21 05:48:53 +00:00
Madhu Rajanna
22158ebf17 rebase: workaround missing redirect
This fix is needed because we were hitting:
```
vbom.ml/util@v0.0.0-20180919145318-efcd4e0f9787:
unrecognized import path "vbom.ml/util":
reading https://vbom.ml/util?go-get=1: 503 Service Unavailable
```

Source for the workaround:
golang/dep#1169

The fix consists in simply enforcing what the redirect was supposed to
do.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-08-12 17:22:21 +00:00
Humble Chirammal
02b8cd0b4b dep: lift kube dependency to v0.18.6
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-07-24 19:21:28 +00:00
Yug
8dc4ab6b1b rebase: update k8s.io/klog to v2.3.0
Update klog version to v2.3.0

Signed-off-by: Yug <yuggupta27@gmail.com>
2020-07-10 07:41:23 +00:00
Niels de Vos
8c4379862a rebase: remove "github.com/pkg/errors" from go.mod
There is no direct dependency on "github.com/pkg/errors" anymore, so it
can be removed from go.mod.

After running `go mod tidy`, the "github.com/pkg/errors" gets downgraded
to a version that is referenced in other depndencies. This was
unexpected, but seems needed.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-07-03 09:12:48 +00:00
Humble Chirammal
58bf45a13e rebase: Make use of latest go ceph library
The go-ceph version 0.4.0 is available now which got some important
library changes required for ceph csi project.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-06-30 07:55:37 +00:00
Niels de Vos
772d1dfa77 rebase: use go-ceph v0.3.0
v0.3.0 adds support for rbd.FeatureSet that can be used to parse the
features of an RBD image. This will be used in the followup commit that
adds rbdVolume.getImageInfo().

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-06-17 09:28:57 +00:00
Madhu Rajanna
4606b5042f vendor: Vendor changes to add external-snapshotter
Few other depedencies got updated which might
be required for snapshot.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-05-15 08:19:32 +00:00
Madhu Rajanna
3b608f130a Add grpc 1.27 version require section in go.mod to avoid CI issue
This PR addes GRPC 1.27 to required section in go.mod
file. this is overridden by 1.26 in replace section

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-04-23 16:02:55 +00:00
Niels de Vos
b3664cd631 go.mod: go not list grpc as direct dependency
The recent update to k8s 1.18.0 causes an issue in go.mod that gets
corrected by running `go mod verify`. grpc should be used in version
1.26, and not in the expected update 1.27.

By removing the dependency and keeping grpc in the 'replace' section,
`go mod verify` seems to be happy.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-04-22 06:26:12 +00:00
Humble Chirammal
34fc1d847e Changes to accommodate client-go changes and kube vendor update
to v1.18.0

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-04-14 10:50:12 +00:00
Humble Chirammal
02367c4a3f Cleanup vendor dependencies
- `go mod {tidy and vendor}.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-04-08 08:12:13 +00:00
Madhu Rajanna
d5a0606c33 Migrate from dep to go module
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-03-17 10:44:07 +00:00