At present e2e snapshot code make use of snapshot v1beta1 api and client
This patch address the same and snapshot api clientset/apis are updated
to v1 version.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
client-go 1.20.6 has a fix for below CVE: This patch address this
via updating client-go and other dependencies.
CVE-2019-11250 : The MITRE CVE dictionary describes this issue as:
The Kubernetes client-go library logs request headers at verbosity
levels of 7 or higher. This can disclose credentials to unauthorized
users via logs or command output. Kubernetes components (such as
kube-apiserver) prior to v1.16.0, which make use of basic or bearer
token authentication, and run at high verbosity levels, are affected.
Ref# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11250
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
as the org github.com/kube-storage is renamed
to github.com/csi-addons as the name kube-storage
was more generic.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
added github.com/kube-storage/replication-lib-utils
to the vendor directory which is required to avoid
secret logging in GRPC.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
The new SecretsMetadataKMS provider encrypts/decrypts DEKs as they are
stored in the metadata of volumes. The encryption/decryption uses
golang.org/x/crypto/scrypt to generate the encryption key from a
passphrase.
While vendoring golang.org/x/crypto, already vendored sub-packages have
been updated.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Uses github.com/libopenstorage/secrets to communicate with Vault. This
removes the need for maintaining our own limited Vault APIs.
By adding the new dependency, several other packages got updated in the
process. Unused indirect dependencies have been removed from go.mod.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Updating the version of golang.org/x/text to version v0.3.3.
It fixes the vulnerability in http://golang.org/x/text/encoding/unicode
which leads UTF-16 decoder entering an infinite loop causing
the program to crash or run out of memory.
Signed-off-by: Mudit Agarwal <muagarwa@redhat.com>
This spec add the extra capability to node and controller
volume to report volume condition of a pv..etc.
Refer # https://github.com/ceph/ceph-csi/issues/1356
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
as go-ceph is 0.5.0 is released updating
the dependency to latest release.
more info about release at
https://github.com/ceph/go-ceph/releases/tag/v0.5.0
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This fix is needed because we were hitting:
```
vbom.ml/util@v0.0.0-20180919145318-efcd4e0f9787:
unrecognized import path "vbom.ml/util":
reading https://vbom.ml/util?go-get=1: 503 Service Unavailable
```
Source for the workaround:
golang/dep#1169
The fix consists in simply enforcing what the redirect was supposed to
do.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
There is no direct dependency on "github.com/pkg/errors" anymore, so it
can be removed from go.mod.
After running `go mod tidy`, the "github.com/pkg/errors" gets downgraded
to a version that is referenced in other depndencies. This was
unexpected, but seems needed.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
The go-ceph version 0.4.0 is available now which got some important
library changes required for ceph csi project.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
v0.3.0 adds support for rbd.FeatureSet that can be used to parse the
features of an RBD image. This will be used in the followup commit that
adds rbdVolume.getImageInfo().
Signed-off-by: Niels de Vos <ndevos@redhat.com>
This PR addes GRPC 1.27 to required section in go.mod
file. this is overridden by 1.26 in replace section
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
The recent update to k8s 1.18.0 causes an issue in go.mod that gets
corrected by running `go mod verify`. grpc should be used in version
1.26, and not in the expected update 1.27.
By removing the dependency and keeping grpc in the 'replace' section,
`go mod verify` seems to be happy.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
