From 2a600fee1a0b3032d92d7db016b510b730abcb46 Mon Sep 17 00:00:00 2001 From: Lisa Rashidi-Ranjbar Date: Wed, 29 Nov 2023 10:55:46 -0700 Subject: [PATCH] ARO-4779: Update hive dependency to close vulns --- go.mod | 10 +- go.sum | 8 +- vendor/github.com/go-logr/logr/README.md | 113 +++++++++++++++++- vendor/github.com/go-logr/logr/SECURITY.md | 18 +++ vendor/github.com/go-logr/logr/funcr/funcr.go | 48 ++++---- vendor/github.com/go-logr/logr/logr.go | 35 ++++-- .../hive/apis/hive/v1/aws/machinepool.go | 6 + .../hive/apis/hive/v1/aws/metadata.go | 8 ++ .../apis/hive/v1/aws/zz_generated.deepcopy.go | 26 ++++ .../hive/v1/azure/zz_generated.deepcopy.go | 5 + .../apis/hive/v1/clusterdeployment_types.go | 8 ++ .../apis/hive/v1/clusterdeprovision_types.go | 18 ++- .../hive/apis/hive/v1/gcp/machinepools.go | 12 ++ .../hive/apis/hive/v1/gcp/metadata.go | 5 +- .../apis/hive/v1/gcp/zz_generated.deepcopy.go | 5 + .../hive/apis/hive/v1/machinepool_types.go | 23 ++++ .../hive/apis/hive/v1/vsphere/machinepools.go | 5 + .../apis/hive/v1/zz_generated.deepcopy.go | 82 +++++++++++++ vendor/modules.txt | 12 +- 19 files changed, 392 insertions(+), 55 deletions(-) create mode 100644 vendor/github.com/go-logr/logr/SECURITY.md create mode 100644 vendor/github.com/openshift/hive/apis/hive/v1/aws/metadata.go diff --git a/go.mod b/go.mod index e55642bedda..75e49218d32 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 github.com/go-bindata/go-bindata v3.1.2+incompatible github.com/go-chi/chi/v5 v5.0.8 - github.com/go-logr/logr v1.2.4 + github.com/go-logr/logr v1.3.0 github.com/go-test/deep v1.1.0 github.com/gofrs/uuid v4.2.0+incompatible github.com/golang-jwt/jwt/v4 v4.5.0 @@ -59,7 +59,7 @@ require ( github.com/openshift/client-go v0.0.0-20220525160904-9e1acff93e4a github.com/openshift/cloud-credential-operator v0.0.0-00010101000000-000000000000 github.com/openshift/console-operator v0.0.0-20220407014945-45d37e70e0c2 - github.com/openshift/hive/apis v0.0.0 + github.com/openshift/hive/apis v0.0.0-20231116161336-9dd47f8bfa1f github.com/openshift/library-go v0.0.0-20220525173854-9b950a41acdc github.com/openshift/machine-config-operator v0.0.1-0.20230519222939-1abc13efbb0d github.com/pires/go-proxyproto v0.6.2 @@ -80,9 +80,9 @@ require ( golang.org/x/sync v0.2.0 golang.org/x/text v0.13.0 golang.org/x/tools v0.7.0 - k8s.io/api v0.26.2 + k8s.io/api v0.28.3 k8s.io/apiextensions-apiserver v0.24.17 - k8s.io/apimachinery v0.26.2 + k8s.io/apimachinery v0.28.3 k8s.io/cli-runtime v0.24.17 k8s.io/client-go v0.24.17 k8s.io/code-generator v0.24.17 @@ -760,4 +760,4 @@ replace ( sigs.k8s.io/structured-merge-diff => sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06 ) -replace github.com/openshift/hive/apis => github.com/openshift/hive/apis v0.0.0-20230811220652-70b666ec89b0 +replace github.com/openshift/hive/apis => github.com/openshift/hive/apis v0.0.0-20231116161336-9dd47f8bfa1f diff --git a/go.sum b/go.sum index a6bcac8c47e..8c5ead92ae0 100644 --- a/go.sum +++ b/go.sum @@ -287,8 +287,8 @@ github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7 github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= +github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.2.0 h1:n4JnPI1T3Qq1SFEi/F8rwLrZERp2bso19PJZDB9dayk= @@ -683,8 +683,8 @@ github.com/openshift/console-operator v0.0.0-20220318130441-e44516b9c315 h1:zmwv github.com/openshift/console-operator v0.0.0-20220318130441-e44516b9c315/go.mod h1:jCX07P5qFcuJrzd0xO5caxLjvSscehiaq6We/hGlcW8= github.com/openshift/custom-resource-status v1.1.3-0.20220503160415-f2fdb4999d87 h1:cHyxR+Y8rAMT6m1jQCaYGRwikqahI0OjjUDhFNf3ySQ= github.com/openshift/custom-resource-status v1.1.3-0.20220503160415-f2fdb4999d87/go.mod h1:DB/Mf2oTeiAmVVX1gN+NEqweonAPY0TKUwADizj8+ZA= -github.com/openshift/hive/apis v0.0.0-20230811220652-70b666ec89b0 h1:ATjjHF7IbYrPMrxpjVd0b76/zQztTMN1Dn7Qzs4rGJE= -github.com/openshift/hive/apis v0.0.0-20230811220652-70b666ec89b0/go.mod h1:VIxA5HhvBmsqVn7aUVQYs004B9K4U5A+HrFwvRq2nK8= +github.com/openshift/hive/apis v0.0.0-20231116161336-9dd47f8bfa1f h1:CedFPNwCSYbjo7rCr9YrJs/0OrBf3m8sLlUZw66VDwY= +github.com/openshift/hive/apis v0.0.0-20231116161336-9dd47f8bfa1f/go.mod h1:RRH8lt09SAiPECNdsbh7Gun0lkcRWi1nYKq6tDp5WxQ= github.com/openshift/library-go v0.0.0-20230222114049-eac44a078a6e h1:Q5Lcxl/4MdNqj0b2cEi0mzk/Ls9JXvGkCTw7qnVSjCo= github.com/openshift/library-go v0.0.0-20230222114049-eac44a078a6e/go.mod h1:AMZwYwSdbvALDl3QobEzcJ2IeDO7DYLsr42izKzh524= github.com/openshift/machine-api-operator v0.2.1-0.20220124104622-668c5b52b104/go.mod h1:1j0Au43h8Sn2B81FxOudqcmKnzvMNEH+vfg5y1g2xAk= diff --git a/vendor/github.com/go-logr/logr/README.md b/vendor/github.com/go-logr/logr/README.md index ab593118131..a8c29bfbd53 100644 --- a/vendor/github.com/go-logr/logr/README.md +++ b/vendor/github.com/go-logr/logr/README.md @@ -1,6 +1,7 @@ # A minimal logging API for Go [![Go Reference](https://pkg.go.dev/badge/github.com/go-logr/logr.svg)](https://pkg.go.dev/github.com/go-logr/logr) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/go-logr/logr/badge)](https://securityscorecards.dev/viewer/?platform=github.com&org=go-logr&repo=logr) logr offers an(other) opinion on how Go programs and libraries can do logging without becoming coupled to a particular logging implementation. This is not @@ -73,6 +74,29 @@ received: If the Go standard library had defined an interface for logging, this project probably would not be needed. Alas, here we are. +When the Go developers started developing such an interface with +[slog](https://github.com/golang/go/issues/56345), they adopted some of the +logr design but also left out some parts and changed others: + +| Feature | logr | slog | +|---------|------|------| +| High-level API | `Logger` (passed by value) | `Logger` (passed by [pointer](https://github.com/golang/go/issues/59126)) | +| Low-level API | `LogSink` | `Handler` | +| Stack unwinding | done by `LogSink` | done by `Logger` | +| Skipping helper functions | `WithCallDepth`, `WithCallStackHelper` | [not supported by Logger](https://github.com/golang/go/issues/59145) | +| Generating a value for logging on demand | `Marshaler` | `LogValuer` | +| Log levels | >= 0, higher meaning "less important" | positive and negative, with 0 for "info" and higher meaning "more important" | +| Error log entries | always logged, don't have a verbosity level | normal log entries with level >= `LevelError` | +| Passing logger via context | `NewContext`, `FromContext` | no API | +| Adding a name to a logger | `WithName` | no API | +| Modify verbosity of log entries in a call chain | `V` | no API | +| Grouping of key/value pairs | not supported | `WithGroup`, `GroupValue` | + +The high-level slog API is explicitly meant to be one of many different APIs +that can be layered on top of a shared `slog.Handler`. logr is one such +alternative API, with [interoperability](#slog-interoperability) provided by the [`slogr`](slogr) +package. + ### Inspiration Before you consider this package, please read [this blog post by the @@ -118,6 +142,91 @@ There are implementations for the following logging libraries: - **github.com/go-kit/log**: [gokitlogr](https://github.com/tonglil/gokitlogr) (also compatible with github.com/go-kit/kit/log since v0.12.0) - **bytes.Buffer** (writing to a buffer): [bufrlogr](https://github.com/tonglil/buflogr) (useful for ensuring values were logged, like during testing) +## slog interoperability + +Interoperability goes both ways, using the `logr.Logger` API with a `slog.Handler` +and using the `slog.Logger` API with a `logr.LogSink`. [slogr](./slogr) provides `NewLogr` and +`NewSlogHandler` API calls to convert between a `logr.Logger` and a `slog.Handler`. +As usual, `slog.New` can be used to wrap such a `slog.Handler` in the high-level +slog API. `slogr` itself leaves that to the caller. + +## Using a `logr.Sink` as backend for slog + +Ideally, a logr sink implementation should support both logr and slog by +implementing both the normal logr interface(s) and `slogr.SlogSink`. Because +of a conflict in the parameters of the common `Enabled` method, it is [not +possible to implement both slog.Handler and logr.Sink in the same +type](https://github.com/golang/go/issues/59110). + +If both are supported, log calls can go from the high-level APIs to the backend +without the need to convert parameters. `NewLogr` and `NewSlogHandler` can +convert back and forth without adding additional wrappers, with one exception: +when `Logger.V` was used to adjust the verbosity for a `slog.Handler`, then +`NewSlogHandler` has to use a wrapper which adjusts the verbosity for future +log calls. + +Such an implementation should also support values that implement specific +interfaces from both packages for logging (`logr.Marshaler`, `slog.LogValuer`, +`slog.GroupValue`). logr does not convert those. + +Not supporting slog has several drawbacks: +- Recording source code locations works correctly if the handler gets called + through `slog.Logger`, but may be wrong in other cases. That's because a + `logr.Sink` does its own stack unwinding instead of using the program counter + provided by the high-level API. +- slog levels <= 0 can be mapped to logr levels by negating the level without a + loss of information. But all slog levels > 0 (e.g. `slog.LevelWarning` as + used by `slog.Logger.Warn`) must be mapped to 0 before calling the sink + because logr does not support "more important than info" levels. +- The slog group concept is supported by prefixing each key in a key/value + pair with the group names, separated by a dot. For structured output like + JSON it would be better to group the key/value pairs inside an object. +- Special slog values and interfaces don't work as expected. +- The overhead is likely to be higher. + +These drawbacks are severe enough that applications using a mixture of slog and +logr should switch to a different backend. + +## Using a `slog.Handler` as backend for logr + +Using a plain `slog.Handler` without support for logr works better than the +other direction: +- All logr verbosity levels can be mapped 1:1 to their corresponding slog level + by negating them. +- Stack unwinding is done by the `slogr.SlogSink` and the resulting program + counter is passed to the `slog.Handler`. +- Names added via `Logger.WithName` are gathered and recorded in an additional + attribute with `logger` as key and the names separated by slash as value. +- `Logger.Error` is turned into a log record with `slog.LevelError` as level + and an additional attribute with `err` as key, if an error was provided. + +The main drawback is that `logr.Marshaler` will not be supported. Types should +ideally support both `logr.Marshaler` and `slog.Valuer`. If compatibility +with logr implementations without slog support is not important, then +`slog.Valuer` is sufficient. + +## Context support for slog + +Storing a logger in a `context.Context` is not supported by +slog. `logr.NewContext` and `logr.FromContext` can be used with slog like this +to fill this gap: + + func HandlerFromContext(ctx context.Context) slog.Handler { + logger, err := logr.FromContext(ctx) + if err == nil { + return slogr.NewSlogHandler(logger) + } + return slog.Default().Handler() + } + + func ContextWithHandler(ctx context.Context, handler slog.Handler) context.Context { + return logr.NewContext(ctx, slogr.NewLogr(handler)) + } + +The downside is that storing and retrieving a `slog.Handler` needs more +allocations compared to using a `logr.Logger`. Therefore the recommendation is +to use the `logr.Logger` API in code which uses contextual logging. + ## FAQ ### Conceptual @@ -241,7 +350,9 @@ Otherwise, you can start out with `0` as "you always want to see this", Then gradually choose levels in between as you need them, working your way down from 10 (for debug and trace style logs) and up from 1 (for chattier -info-type logs.) +info-type logs). For reference, slog pre-defines -4 for debug logs +(corresponds to 4 in logr), which matches what is +[recommended for Kubernetes](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md#what-method-to-use). #### How do I choose my keys? diff --git a/vendor/github.com/go-logr/logr/SECURITY.md b/vendor/github.com/go-logr/logr/SECURITY.md new file mode 100644 index 00000000000..1ca756fc7b3 --- /dev/null +++ b/vendor/github.com/go-logr/logr/SECURITY.md @@ -0,0 +1,18 @@ +# Security Policy + +If you have discovered a security vulnerability in this project, please report it +privately. **Do not disclose it as a public issue.** This gives us time to work with you +to fix the issue before public exposure, reducing the chance that the exploit will be +used before a patch is released. + +You may submit the report in the following ways: + +- send an email to go-logr-security@googlegroups.com +- send us a [private vulnerability report](https://github.com/go-logr/logr/security/advisories/new) + +Please provide the following information in your report: + +- A description of the vulnerability and its impact +- How to reproduce the issue + +We ask that you give us 90 days to work on a fix before public exposure. diff --git a/vendor/github.com/go-logr/logr/funcr/funcr.go b/vendor/github.com/go-logr/logr/funcr/funcr.go index e52f0cd01e2..12e5807cc5c 100644 --- a/vendor/github.com/go-logr/logr/funcr/funcr.go +++ b/vendor/github.com/go-logr/logr/funcr/funcr.go @@ -116,17 +116,17 @@ type Options struct { // Equivalent hooks are offered for key-value pairs saved via // logr.Logger.WithValues or Formatter.AddValues (see RenderValuesHook) and // for user-provided pairs (see RenderArgsHook). - RenderBuiltinsHook func(kvList []interface{}) []interface{} + RenderBuiltinsHook func(kvList []any) []any // RenderValuesHook is the same as RenderBuiltinsHook, except that it is // only called for key-value pairs saved via logr.Logger.WithValues. See // RenderBuiltinsHook for more details. - RenderValuesHook func(kvList []interface{}) []interface{} + RenderValuesHook func(kvList []any) []any // RenderArgsHook is the same as RenderBuiltinsHook, except that it is only // called for key-value pairs passed directly to Info and Error. See // RenderBuiltinsHook for more details. - RenderArgsHook func(kvList []interface{}) []interface{} + RenderArgsHook func(kvList []any) []any // MaxLogDepth tells funcr how many levels of nested fields (e.g. a struct // that contains a struct, etc.) it may log. Every time it finds a struct, @@ -163,7 +163,7 @@ func (l fnlogger) WithName(name string) logr.LogSink { return &l } -func (l fnlogger) WithValues(kvList ...interface{}) logr.LogSink { +func (l fnlogger) WithValues(kvList ...any) logr.LogSink { l.Formatter.AddValues(kvList) return &l } @@ -173,12 +173,12 @@ func (l fnlogger) WithCallDepth(depth int) logr.LogSink { return &l } -func (l fnlogger) Info(level int, msg string, kvList ...interface{}) { +func (l fnlogger) Info(level int, msg string, kvList ...any) { prefix, args := l.FormatInfo(level, msg, kvList) l.write(prefix, args) } -func (l fnlogger) Error(err error, msg string, kvList ...interface{}) { +func (l fnlogger) Error(err error, msg string, kvList ...any) { prefix, args := l.FormatError(err, msg, kvList) l.write(prefix, args) } @@ -229,7 +229,7 @@ func newFormatter(opts Options, outfmt outputFormat) Formatter { type Formatter struct { outputFormat outputFormat prefix string - values []interface{} + values []any valuesStr string depth int opts *Options @@ -246,10 +246,10 @@ const ( ) // PseudoStruct is a list of key-value pairs that gets logged as a struct. -type PseudoStruct []interface{} +type PseudoStruct []any // render produces a log line, ready to use. -func (f Formatter) render(builtins, args []interface{}) string { +func (f Formatter) render(builtins, args []any) string { // Empirically bytes.Buffer is faster than strings.Builder for this. buf := bytes.NewBuffer(make([]byte, 0, 1024)) if f.outputFormat == outputJSON { @@ -292,7 +292,7 @@ func (f Formatter) render(builtins, args []interface{}) string { // This function returns a potentially modified version of kvList, which // ensures that there is a value for every key (adding a value if needed) and // that each key is a string (substituting a key if needed). -func (f Formatter) flatten(buf *bytes.Buffer, kvList []interface{}, continuing bool, escapeKeys bool) []interface{} { +func (f Formatter) flatten(buf *bytes.Buffer, kvList []any, continuing bool, escapeKeys bool) []any { // This logic overlaps with sanitize() but saves one type-cast per key, // which can be measurable. if len(kvList)%2 != 0 { @@ -334,7 +334,7 @@ func (f Formatter) flatten(buf *bytes.Buffer, kvList []interface{}, continuing b return kvList } -func (f Formatter) pretty(value interface{}) string { +func (f Formatter) pretty(value any) string { return f.prettyWithFlags(value, 0, 0) } @@ -343,7 +343,7 @@ const ( ) // TODO: This is not fast. Most of the overhead goes here. -func (f Formatter) prettyWithFlags(value interface{}, flags uint32, depth int) string { +func (f Formatter) prettyWithFlags(value any, flags uint32, depth int) string { if depth > f.opts.MaxLogDepth { return `""` } @@ -614,7 +614,7 @@ func isEmpty(v reflect.Value) bool { return false } -func invokeMarshaler(m logr.Marshaler) (ret interface{}) { +func invokeMarshaler(m logr.Marshaler) (ret any) { defer func() { if r := recover(); r != nil { ret = fmt.Sprintf("", r) @@ -675,12 +675,12 @@ func (f Formatter) caller() Caller { const noValue = "" -func (f Formatter) nonStringKey(v interface{}) string { +func (f Formatter) nonStringKey(v any) string { return fmt.Sprintf("", f.snippet(v)) } // snippet produces a short snippet string of an arbitrary value. -func (f Formatter) snippet(v interface{}) string { +func (f Formatter) snippet(v any) string { const snipLen = 16 snip := f.pretty(v) @@ -693,7 +693,7 @@ func (f Formatter) snippet(v interface{}) string { // sanitize ensures that a list of key-value pairs has a value for every key // (adding a value if needed) and that each key is a string (substituting a key // if needed). -func (f Formatter) sanitize(kvList []interface{}) []interface{} { +func (f Formatter) sanitize(kvList []any) []any { if len(kvList)%2 != 0 { kvList = append(kvList, noValue) } @@ -727,8 +727,8 @@ func (f Formatter) GetDepth() int { // FormatInfo renders an Info log message into strings. The prefix will be // empty when no names were set (via AddNames), or when the output is // configured for JSON. -func (f Formatter) FormatInfo(level int, msg string, kvList []interface{}) (prefix, argsStr string) { - args := make([]interface{}, 0, 64) // using a constant here impacts perf +func (f Formatter) FormatInfo(level int, msg string, kvList []any) (prefix, argsStr string) { + args := make([]any, 0, 64) // using a constant here impacts perf prefix = f.prefix if f.outputFormat == outputJSON { args = append(args, "logger", prefix) @@ -745,10 +745,10 @@ func (f Formatter) FormatInfo(level int, msg string, kvList []interface{}) (pref } // FormatError renders an Error log message into strings. The prefix will be -// empty when no names were set (via AddNames), or when the output is +// empty when no names were set (via AddNames), or when the output is // configured for JSON. -func (f Formatter) FormatError(err error, msg string, kvList []interface{}) (prefix, argsStr string) { - args := make([]interface{}, 0, 64) // using a constant here impacts perf +func (f Formatter) FormatError(err error, msg string, kvList []any) (prefix, argsStr string) { + args := make([]any, 0, 64) // using a constant here impacts perf prefix = f.prefix if f.outputFormat == outputJSON { args = append(args, "logger", prefix) @@ -761,12 +761,12 @@ func (f Formatter) FormatError(err error, msg string, kvList []interface{}) (pre args = append(args, "caller", f.caller()) } args = append(args, "msg", msg) - var loggableErr interface{} + var loggableErr any if err != nil { loggableErr = err.Error() } args = append(args, "error", loggableErr) - return f.prefix, f.render(args, kvList) + return prefix, f.render(args, kvList) } // AddName appends the specified name. funcr uses '/' characters to separate @@ -781,7 +781,7 @@ func (f *Formatter) AddName(name string) { // AddValues adds key-value pairs to the set of saved values to be logged with // each log line. -func (f *Formatter) AddValues(kvList []interface{}) { +func (f *Formatter) AddValues(kvList []any) { // Three slice args forces a copy. n := len(f.values) f.values = append(f.values[:n:n], kvList...) diff --git a/vendor/github.com/go-logr/logr/logr.go b/vendor/github.com/go-logr/logr/logr.go index e027aea3fd3..2a5075a180f 100644 --- a/vendor/github.com/go-logr/logr/logr.go +++ b/vendor/github.com/go-logr/logr/logr.go @@ -127,9 +127,9 @@ limitations under the License. // such a value can call its methods without having to check whether the // instance is ready for use. // -// Calling methods with the null logger (Logger{}) as instance will crash -// because it has no LogSink. Therefore this null logger should never be passed -// around. For cases where passing a logger is optional, a pointer to Logger +// The zero logger (= Logger{}) is identical to Discard() and discards all log +// entries. Code that receives a Logger by value can simply call it, the methods +// will never crash. For cases where passing a logger is optional, a pointer to Logger // should be used. // // # Key Naming Conventions @@ -258,6 +258,12 @@ type Logger struct { // Enabled tests whether this Logger is enabled. For example, commandline // flags might be used to set the logging verbosity and disable some info logs. func (l Logger) Enabled() bool { + // Some implementations of LogSink look at the caller in Enabled (e.g. + // different verbosity levels per package or file), but we only pass one + // CallDepth in (via Init). This means that all calls from Logger to the + // LogSink's Enabled, Info, and Error methods must have the same number of + // frames. In other words, Logger methods can't call other Logger methods + // which call these LogSink methods unless we do it the same in all paths. return l.sink != nil && l.sink.Enabled(l.level) } @@ -267,11 +273,11 @@ func (l Logger) Enabled() bool { // line. The key/value pairs can then be used to add additional variable // information. The key/value pairs must alternate string keys and arbitrary // values. -func (l Logger) Info(msg string, keysAndValues ...interface{}) { +func (l Logger) Info(msg string, keysAndValues ...any) { if l.sink == nil { return } - if l.Enabled() { + if l.sink.Enabled(l.level) { // see comment in Enabled if withHelper, ok := l.sink.(CallStackHelperLogSink); ok { withHelper.GetCallStackHelper()() } @@ -289,7 +295,7 @@ func (l Logger) Info(msg string, keysAndValues ...interface{}) { // while the err argument should be used to attach the actual error that // triggered this log line, if present. The err parameter is optional // and nil may be passed instead of an error instance. -func (l Logger) Error(err error, msg string, keysAndValues ...interface{}) { +func (l Logger) Error(err error, msg string, keysAndValues ...any) { if l.sink == nil { return } @@ -314,9 +320,16 @@ func (l Logger) V(level int) Logger { return l } +// GetV returns the verbosity level of the logger. If the logger's LogSink is +// nil as in the Discard logger, this will always return 0. +func (l Logger) GetV() int { + // 0 if l.sink nil because of the if check in V above. + return l.level +} + // WithValues returns a new Logger instance with additional key/value pairs. // See Info for documentation on how key/value pairs work. -func (l Logger) WithValues(keysAndValues ...interface{}) Logger { +func (l Logger) WithValues(keysAndValues ...any) Logger { if l.sink == nil { return l } @@ -467,15 +480,15 @@ type LogSink interface { // The level argument is provided for optional logging. This method will // only be called when Enabled(level) is true. See Logger.Info for more // details. - Info(level int, msg string, keysAndValues ...interface{}) + Info(level int, msg string, keysAndValues ...any) // Error logs an error, with the given message and key/value pairs as // context. See Logger.Error for more details. - Error(err error, msg string, keysAndValues ...interface{}) + Error(err error, msg string, keysAndValues ...any) // WithValues returns a new LogSink with additional key/value pairs. See // Logger.WithValues for more details. - WithValues(keysAndValues ...interface{}) LogSink + WithValues(keysAndValues ...any) LogSink // WithName returns a new LogSink with the specified name appended. See // Logger.WithName for more details. @@ -546,5 +559,5 @@ type Marshaler interface { // with exported fields // // It may return any value of any type. - MarshalLog() interface{} + MarshalLog() any } diff --git a/vendor/github.com/openshift/hive/apis/hive/v1/aws/machinepool.go b/vendor/github.com/openshift/hive/apis/hive/v1/aws/machinepool.go index c3bc2d46853..5ae5025745f 100644 --- a/vendor/github.com/openshift/hive/apis/hive/v1/aws/machinepool.go +++ b/vendor/github.com/openshift/hive/apis/hive/v1/aws/machinepool.go @@ -30,6 +30,12 @@ type MachinePoolPlatform struct { // EC2MetadataOptions defines metadata service interaction options for EC2 instances in the machine pool. // +optional EC2Metadata *EC2Metadata `json:"metadataService,omitempty"` + + // AdditionalSecurityGroupIDs contains IDs of additional security groups for machines, where each ID + // is presented in the format sg-xxxx. + // + // +optional + AdditionalSecurityGroupIDs []string `json:"additionalSecurityGroupIDs,omitempty"` } // SpotMarketOptions defines the options available to a user when configuring diff --git a/vendor/github.com/openshift/hive/apis/hive/v1/aws/metadata.go b/vendor/github.com/openshift/hive/apis/hive/v1/aws/metadata.go new file mode 100644 index 00000000000..efbb50e5d63 --- /dev/null +++ b/vendor/github.com/openshift/hive/apis/hive/v1/aws/metadata.go @@ -0,0 +1,8 @@ +package aws + +// Metadata contains AWS metadata (e.g. for uninstalling the cluster). +type Metadata struct { + // HostedZoneRole is the role to assume when performing operations + // on a hosted zone owned by another account. + HostedZoneRole *string `json:"hostedZoneRole,omitempty"` +} diff --git a/vendor/github.com/openshift/hive/apis/hive/v1/aws/zz_generated.deepcopy.go b/vendor/github.com/openshift/hive/apis/hive/v1/aws/zz_generated.deepcopy.go index dad46ea1f34..7d5f07fe93b 100644 --- a/vendor/github.com/openshift/hive/apis/hive/v1/aws/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/hive/apis/hive/v1/aws/zz_generated.deepcopy.go @@ -77,6 +77,11 @@ func (in *MachinePoolPlatform) DeepCopyInto(out *MachinePoolPlatform) { *out = new(EC2Metadata) **out = **in } + if in.AdditionalSecurityGroupIDs != nil { + in, out := &in.AdditionalSecurityGroupIDs, &out.AdditionalSecurityGroupIDs + *out = make([]string, len(*in)) + copy(*out, *in) + } return } @@ -90,6 +95,27 @@ func (in *MachinePoolPlatform) DeepCopy() *MachinePoolPlatform { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Metadata) DeepCopyInto(out *Metadata) { + *out = *in + if in.HostedZoneRole != nil { + in, out := &in.HostedZoneRole, &out.HostedZoneRole + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Metadata. +func (in *Metadata) DeepCopy() *Metadata { + if in == nil { + return nil + } + out := new(Metadata) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Platform) DeepCopyInto(out *Platform) { *out = *in diff --git a/vendor/github.com/openshift/hive/apis/hive/v1/azure/zz_generated.deepcopy.go b/vendor/github.com/openshift/hive/apis/hive/v1/azure/zz_generated.deepcopy.go index 06965b03881..adc8cd56842 100644 --- a/vendor/github.com/openshift/hive/apis/hive/v1/azure/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/hive/apis/hive/v1/azure/zz_generated.deepcopy.go @@ -51,6 +51,11 @@ func (in *MachinePool) DeepCopy() *MachinePool { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Metadata) DeepCopyInto(out *Metadata) { *out = *in + if in.ResourceGroupName != nil { + in, out := &in.ResourceGroupName, &out.ResourceGroupName + *out = new(string) + **out = **in + } return } diff --git a/vendor/github.com/openshift/hive/apis/hive/v1/clusterdeployment_types.go b/vendor/github.com/openshift/hive/apis/hive/v1/clusterdeployment_types.go index 214ace3fca5..a42959aca09 100644 --- a/vendor/github.com/openshift/hive/apis/hive/v1/clusterdeployment_types.go +++ b/vendor/github.com/openshift/hive/apis/hive/v1/clusterdeployment_types.go @@ -307,9 +307,17 @@ type ClusterMetadata struct { } type ClusterPlatformMetadata struct { + // AWS holds AWS-specific cluster metadata + // +optional + AWS *aws.Metadata `json:"aws,omitempty"` + // Azure holds azure-specific cluster metadata // +optional Azure *azure.Metadata `json:"azure,omitempty"` + + // GCP holds GCP-specific cluster metadata + // +optional + GCP *gcp.Metadata `json:"gcp,omitempty"` } // ClusterDeploymentStatus defines the observed state of ClusterDeployment diff --git a/vendor/github.com/openshift/hive/apis/hive/v1/clusterdeprovision_types.go b/vendor/github.com/openshift/hive/apis/hive/v1/clusterdeprovision_types.go index 9b44478e9a5..2b71367578c 100644 --- a/vendor/github.com/openshift/hive/apis/hive/v1/clusterdeprovision_types.go +++ b/vendor/github.com/openshift/hive/apis/hive/v1/clusterdeprovision_types.go @@ -20,6 +20,9 @@ type ClusterDeprovisionSpec struct { // cluster is useful. ClusterName string `json:"clusterName,omitempty"` + // BaseDomain is the DNS base domain. + BaseDomain string `json:"baseDomain,omitempty"` + // Platform contains platform-specific configuration for a ClusterDeprovision Platform ClusterDeprovisionPlatform `json:"platform,omitempty"` } @@ -59,7 +62,8 @@ type ClusterDeprovisionPlatform struct { type AlibabaCloudClusterDeprovision struct { // Region is the Alibaba region for this deprovision Region string `json:"region"` - // BaseDomain is the DNS base domain + // BaseDomain is the DNS base domain. + // TODO: Use the non-platform-specific BaseDomain field. BaseDomain string `json:"baseDomain"` // CredentialsSecretRef is the Alibaba account credentials to use for deprovisioning the cluster CredentialsSecretRef corev1.LocalObjectReference `json:"credentialsSecretRef"` @@ -78,6 +82,11 @@ type AWSClusterDeprovision struct { // AWS account access for deprovisioning the cluster. // +optional CredentialsAssumeRole *aws.AssumeRole `json:"credentialsAssumeRole,omitempty"` + + // HostedZoneRole is the role to assume when performing operations + // on a hosted zone owned by another account. + // +optional + HostedZoneRole *string `json:"hostedZoneRole,omitempty"` } // AzureClusterDeprovision contains Azure-specific configuration for a ClusterDeprovision @@ -101,6 +110,10 @@ type GCPClusterDeprovision struct { Region string `json:"region"` // CredentialsSecretRef is the GCP account credentials to use for deprovisioning the cluster CredentialsSecretRef *corev1.LocalObjectReference `json:"credentialsSecretRef,omitempty"` + + // NetworkProjectID is used for shared VPC setups + // +optional + NetworkProjectID *string `json:"networkProjectID,omitempty"` } // OpenStackClusterDeprovision contains OpenStack-specific configuration for a ClusterDeprovision @@ -145,7 +158,8 @@ type IBMClusterDeprovision struct { CredentialsSecretRef corev1.LocalObjectReference `json:"credentialsSecretRef"` // Region specifies the IBM Cloud region Region string `json:"region"` - // BaseDomain is the DNS base domain + // BaseDomain is the DNS base domain. + // TODO: Use the non-platform-specific BaseDomain field. BaseDomain string `json:"baseDomain"` } diff --git a/vendor/github.com/openshift/hive/apis/hive/v1/gcp/machinepools.go b/vendor/github.com/openshift/hive/apis/hive/v1/gcp/machinepools.go index 283099f2fb9..c8a595b295f 100644 --- a/vendor/github.com/openshift/hive/apis/hive/v1/gcp/machinepools.go +++ b/vendor/github.com/openshift/hive/apis/hive/v1/gcp/machinepools.go @@ -13,6 +13,18 @@ type MachinePool struct { // // +optional OSDisk OSDisk `json:"osDisk"` + + // NetworkProjectID specifies which project the network and subnets exist in when + // they are not in the main ProjectID. + // +optional + NetworkProjectID string `json:"networkProjectID,omitempty"` + + // SecureBoot Defines whether the instance should have secure boot enabled. + // Verifies the digital signature of all boot components, and halts the boot process if signature verification fails. + // If omitted, the platform chooses a default, which is subject to change over time. Currently that default is "Disabled". + // +kubebuilder:validation:Enum=Enabled;Disabled + // +optional + SecureBoot string `json:"secureBoot,omitempty"` } // OSDisk defines the disk for machines on GCP. diff --git a/vendor/github.com/openshift/hive/apis/hive/v1/gcp/metadata.go b/vendor/github.com/openshift/hive/apis/hive/v1/gcp/metadata.go index fcdc59e6a2d..556783130db 100644 --- a/vendor/github.com/openshift/hive/apis/hive/v1/gcp/metadata.go +++ b/vendor/github.com/openshift/hive/apis/hive/v1/gcp/metadata.go @@ -2,6 +2,7 @@ package gcp // Metadata contains GCP metadata (e.g. for uninstalling the cluster). type Metadata struct { - Region string `json:"region"` - ProjectID string `json:"projectID"` + // NetworkProjectID is used for shared VPC setups + // +optional + NetworkProjectID *string `json:"networkProjectID,omitempty"` } diff --git a/vendor/github.com/openshift/hive/apis/hive/v1/gcp/zz_generated.deepcopy.go b/vendor/github.com/openshift/hive/apis/hive/v1/gcp/zz_generated.deepcopy.go index ae6087f2afb..30b4a9df6c2 100644 --- a/vendor/github.com/openshift/hive/apis/hive/v1/gcp/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/hive/apis/hive/v1/gcp/zz_generated.deepcopy.go @@ -67,6 +67,11 @@ func (in *MachinePool) DeepCopy() *MachinePool { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Metadata) DeepCopyInto(out *Metadata) { *out = *in + if in.NetworkProjectID != nil { + in, out := &in.NetworkProjectID, &out.NetworkProjectID + *out = new(string) + **out = **in + } return } diff --git a/vendor/github.com/openshift/hive/apis/hive/v1/machinepool_types.go b/vendor/github.com/openshift/hive/apis/hive/v1/machinepool_types.go index 444172d0089..7210abfa293 100644 --- a/vendor/github.com/openshift/hive/apis/hive/v1/machinepool_types.go +++ b/vendor/github.com/openshift/hive/apis/hive/v1/machinepool_types.go @@ -54,6 +54,9 @@ type MachinePoolSpec struct { // List of taints that will be applied to the created MachineSet's MachineSpec. // This list will overwrite any modifications made to Node taints on an ongoing basis. + // In case of duplicate entries, first encountered taint Value will be preserved, + // and the rest collapsed on the corresponding MachineSets. + // Note that taints are uniquely identified based on key+effect, not just key. // +optional Taints []corev1.Taint `json:"taints,omitempty"` } @@ -100,6 +103,26 @@ type MachinePoolStatus struct { // Conditions includes more detailed status for the cluster deployment // +optional Conditions []MachinePoolCondition `json:"conditions,omitempty"` + + // OwnedLabels lists the keys of labels this MachinePool created on the remote MachineSet. + // Used to identify labels to remove from the remote MachineSet when they are absent from + // the MachinePool's spec.labels. + // +optional + OwnedLabels []string `json:"ownedLabels,omitempty"` + // OwnedTaints lists identifiers of taints this MachinePool created on the remote MachineSet. + // Used to identify taints to remove from the remote MachineSet when they are absent from + // the MachinePool's spec.taints. + // +optional + OwnedTaints []TaintIdentifier `json:"ownedTaints,omitempty"` +} + +// TaintIdentifier uniquely identifies a Taint. (It turns out taints are mutually exclusive by +// key+effect, not simply by key.) +type TaintIdentifier struct { + // Key matches corev1.Taint.Key. + Key string `json:"key,omitempty"` + // Effect matches corev1.Taint.Effect. + Effect corev1.TaintEffect `json:"effect,omitempty"` } // MachineSetStatus is the status of a machineset in the remote cluster. diff --git a/vendor/github.com/openshift/hive/apis/hive/v1/vsphere/machinepools.go b/vendor/github.com/openshift/hive/apis/hive/v1/vsphere/machinepools.go index 95ca854eb20..71e67294ba8 100644 --- a/vendor/github.com/openshift/hive/apis/hive/v1/vsphere/machinepools.go +++ b/vendor/github.com/openshift/hive/apis/hive/v1/vsphere/machinepools.go @@ -3,6 +3,11 @@ package vsphere // MachinePool stores the configuration for a machine pool installed // on vSphere. type MachinePool struct { + // ResourcePool is the name of the resource pool that will be used for virtual machines. + // If it is not present, a default value will be used. + // +optional + ResourcePool string `json:"resourcePool,omitempty"` + // NumCPUs is the total number of virtual processor cores to assign a vm. NumCPUs int32 `json:"cpus"` diff --git a/vendor/github.com/openshift/hive/apis/hive/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/hive/apis/hive/v1/zz_generated.deepcopy.go index 384184f1153..4e4554200bd 100644 --- a/vendor/github.com/openshift/hive/apis/hive/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/hive/apis/hive/v1/zz_generated.deepcopy.go @@ -61,6 +61,11 @@ func (in *AWSClusterDeprovision) DeepCopyInto(out *AWSClusterDeprovision) { *out = new(aws.AssumeRole) **out = **in } + if in.HostedZoneRole != nil { + in, out := &in.HostedZoneRole, &out.HostedZoneRole + *out = new(string) + **out = **in + } return } @@ -286,6 +291,11 @@ func (in *AzureClusterDeprovision) DeepCopyInto(out *AzureClusterDeprovision) { *out = new(azure.CloudEnvironment) **out = **in } + if in.ResourceGroupName != nil { + in, out := &in.ResourceGroupName, &out.ResourceGroupName + *out = new(string) + **out = **in + } return } @@ -1314,6 +1324,11 @@ func (in *ClusterMetadata) DeepCopyInto(out *ClusterMetadata) { *out = new(corev1.LocalObjectReference) **out = **in } + if in.Platform != nil { + in, out := &in.Platform, &out.Platform + *out = new(ClusterPlatformMetadata) + (*in).DeepCopyInto(*out) + } return } @@ -1350,6 +1365,37 @@ func (in *ClusterOperatorState) DeepCopy() *ClusterOperatorState { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterPlatformMetadata) DeepCopyInto(out *ClusterPlatformMetadata) { + *out = *in + if in.AWS != nil { + in, out := &in.AWS, &out.AWS + *out = new(aws.Metadata) + (*in).DeepCopyInto(*out) + } + if in.Azure != nil { + in, out := &in.Azure, &out.Azure + *out = new(azure.Metadata) + (*in).DeepCopyInto(*out) + } + if in.GCP != nil { + in, out := &in.GCP, &out.GCP + *out = new(gcp.Metadata) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPlatformMetadata. +func (in *ClusterPlatformMetadata) DeepCopy() *ClusterPlatformMetadata { + if in == nil { + return nil + } + out := new(ClusterPlatformMetadata) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterPool) DeepCopyInto(out *ClusterPool) { *out = *in @@ -1684,6 +1730,11 @@ func (in *ClusterProvisionSpec) DeepCopyInto(out *ClusterProvisionSpec) { *out = new(runtime.RawExtension) (*in).DeepCopyInto(*out) } + if in.MetadataJSON != nil { + in, out := &in.MetadataJSON, &out.MetadataJSON + *out = make([]byte, len(*in)) + copy(*out, *in) + } if in.AdminKubeconfigSecretRef != nil { in, out := &in.AdminKubeconfigSecretRef, &out.AdminKubeconfigSecretRef *out = new(corev1.LocalObjectReference) @@ -2372,6 +2423,11 @@ func (in *GCPClusterDeprovision) DeepCopyInto(out *GCPClusterDeprovision) { *out = new(corev1.LocalObjectReference) **out = **in } + if in.NetworkProjectID != nil { + in, out := &in.NetworkProjectID, &out.NetworkProjectID + *out = new(string) + **out = **in + } return } @@ -2998,6 +3054,16 @@ func (in *MachinePoolStatus) DeepCopyInto(out *MachinePoolStatus) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.OwnedLabels != nil { + in, out := &in.OwnedLabels, &out.OwnedLabels + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.OwnedTaints != nil { + in, out := &in.OwnedTaints, &out.OwnedTaints + *out = make([]TaintIdentifier, len(*in)) + copy(*out, *in) + } return } @@ -3930,6 +3996,22 @@ func (in *SyncStatus) DeepCopy() *SyncStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TaintIdentifier) DeepCopyInto(out *TaintIdentifier) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TaintIdentifier. +func (in *TaintIdentifier) DeepCopy() *TaintIdentifier { + if in == nil { + return nil + } + out := new(TaintIdentifier) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VSphereClusterDeprovision) DeepCopyInto(out *VSphereClusterDeprovision) { *out = *in diff --git a/vendor/modules.txt b/vendor/modules.txt index 39f3bf63246..b18f17ffc97 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -525,8 +525,8 @@ github.com/go-chi/chi/v5/middleware # github.com/go-errors/errors v1.4.2 ## explicit; go 1.14 github.com/go-errors/errors -# github.com/go-logr/logr v1.2.4 -## explicit; go 1.16 +# github.com/go-logr/logr v1.3.0 +## explicit; go 1.18 github.com/go-logr/logr github.com/go-logr/logr/funcr # github.com/go-logr/stdr v1.2.2 @@ -1056,7 +1056,7 @@ github.com/openshift/console-operator/pkg/api # github.com/openshift/custom-resource-status v1.1.3-0.20220503160415-f2fdb4999d87 ## explicit; go 1.12 github.com/openshift/custom-resource-status/conditions/v1 -# github.com/openshift/hive/apis v0.0.0 => github.com/openshift/hive/apis v0.0.0-20230811220652-70b666ec89b0 +# github.com/openshift/hive/apis v0.0.0-20231116161336-9dd47f8bfa1f => github.com/openshift/hive/apis v0.0.0-20231116161336-9dd47f8bfa1f ## explicit; go 1.20 github.com/openshift/hive/apis/hive/v1 github.com/openshift/hive/apis/hive/v1/agent @@ -1547,7 +1547,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.2 => k8s.io/api v0.24.17 +# k8s.io/api v0.28.3 => k8s.io/api v0.24.17 ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1614,7 +1614,7 @@ k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1 k8s.io/apiextensions-apiserver/third_party/forked/celopenapi/model -# k8s.io/apimachinery v0.26.2 => k8s.io/apimachinery v0.24.17 +# k8s.io/apimachinery v0.28.3 => k8s.io/apimachinery v0.24.17 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -2271,4 +2271,4 @@ sigs.k8s.io/yaml # sigs.k8s.io/kustomize/api => sigs.k8s.io/kustomize/api v0.11.2 # sigs.k8s.io/kustomize/kyaml => sigs.k8s.io/kustomize/kyaml v0.13.3 # sigs.k8s.io/structured-merge-diff => sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06 -# github.com/openshift/hive/apis => github.com/openshift/hive/apis v0.0.0-20230811220652-70b666ec89b0 +# github.com/openshift/hive/apis => github.com/openshift/hive/apis v0.0.0-20231116161336-9dd47f8bfa1f