From 63fb8d27a350f8ceb7566c12e8b0347c8e8d82f3 Mon Sep 17 00:00:00 2001 From: Josh van Leeuwen Date: Mon, 23 Oct 2023 21:17:56 +0200 Subject: [PATCH 01/13] [1.12] Fix sentry rejecting legacy request IDs of length larger than 64 (#7082) * Fix sentry rejecting legacy request IDs of length larger than 64 Fixes https://github.com/dapr/dapr/issues/7078 Fixes an issue whereby sentry would reject SignCertificate requests that have an identifier which was longer than 64 characters. Because sentry still accepts the "legacy" identifier format of `:` (which v1.12 is currently using), Daprd's which are in a namespace and/or using a Service Account with a sufficiently long name will erroneously be rejected. PR updates the Kubernetes sentry validator so that it will augment the request identifier to the app ID before evaluating whether the identifier is over 64 characters long. Adds sentry Kubernetes validator integration tests to cover this scenario. Signed-off-by: joshvanl * Adds `v1.12.1.md` release notes Signed-off-by: joshvanl --------- Signed-off-by: joshvanl --- docs/release_notes/v1.12.1.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 docs/release_notes/v1.12.1.md diff --git a/docs/release_notes/v1.12.1.md b/docs/release_notes/v1.12.1.md new file mode 100644 index 00000000000..24de25be5c2 --- /dev/null +++ b/docs/release_notes/v1.12.1.md @@ -0,0 +1,24 @@ +# Dapr 1.12.1 + +Update includes a fix for the Sentry authentication validator rejecting valid +requests. + +## Fixed Sentry rejecting valid requests from Daprd + +### Problem + +Daprds would fail to request an identity certificate from Sentry when residing in a Namespace or using a Service Account with a sufficiently long name. + +### Impact + +Daprds would fail to start, causing that application from joining the Dapr cluster. +Effects only the Dapr versio `v1.12.0`. + +### Root cause + +Sentry validates that clients cannot request for an app ID which is over 64 characters in length. +Sentry also still accepts requests which use the legacy identifier of `:` which was not taken account for when doing the 64 character evaluation. + +### Solution + +Sentry now evaluates the actual app ID being requested, whether or not the client is using the legacy or app ID as the identifier. From 6af5d4367dbb9e13b115ba8683a0b23b9d87a42a Mon Sep 17 00:00:00 2001 From: Josh van Leeuwen Date: Wed, 1 Nov 2023 20:15:13 +0000 Subject: [PATCH 02/13] [1.12] Change injector and sentry to GET daprsystem Configuration (#7116) * Change injector and sentry to GET daprsystem Configuration In Kubernetes mode, when the Injector is patching a Pod to determine whether mTLS is enabled and Sentry on startup] fetches the global daprsystem Configuration, they do so by listing all Configurations in all namespaces and then match on the first Configuration with the name daprsystem. As Namespaces are sorted alphabetically when listed, the Configuration chosen by these services may not be the one located in the Dapr System namespace. This means that a malicious actor, or by accident a user of a Dapr enabled Kubernetes cluster, with write permissions to Configurations in a namespace which is alphabetically higher than the Dapr system namespace is able to override the global config for Sentry and Injector. We can expect that users of Dapr in Kubernertes would be able to have permissions to Configurations in order for them to control their Dapr deployment configuration. PR updates the injector and sentry services to GET the daprsystem Configuration in the Dapr control plane namespace. Signed-off-by: joshvanl * Fix RBAC for new daprsystem config get Signed-off-by: joshvanl * Return error if NAMESPACE is set but empty in `CurrentNamespaceOrError` Signed-off-by: joshvanl --------- Signed-off-by: joshvanl --- .../charts/dapr_rbac/templates/injector.yaml | 7 ++-- .../charts/dapr_rbac/templates/sentry.yaml | 4 +-- cmd/injector/main.go | 7 +++- pkg/injector/service/pod_patch.go | 22 ++++++------ pkg/operator/config.go | 7 +++- pkg/security/security.go | 15 ++++++++ pkg/security/security_test.go | 29 ++++++++++++++++ pkg/sentry/config/config.go | 34 ++++++++++++------- tests/config/ignore_daprsystem_config.yaml | 21 ++++++++++++ tests/dapr_tests.mk | 4 ++- .../framework/process/kubernetes/options.go | 14 ++++++++ .../sentry/validator/kubernetes/common.go | 2 +- 12 files changed, 134 insertions(+), 32 deletions(-) create mode 100644 tests/config/ignore_daprsystem_config.yaml diff --git a/charts/dapr/charts/dapr_rbac/templates/injector.yaml b/charts/dapr/charts/dapr_rbac/templates/injector.yaml index ffb18454138..2fd919ae74d 100644 --- a/charts/dapr/charts/dapr_rbac/templates/injector.yaml +++ b/charts/dapr/charts/dapr_rbac/templates/injector.yaml @@ -26,7 +26,7 @@ rules: resourceNames: ["dapr-sidecar-injector"] {{- if not .Values.global.rbac.namespaced }} - apiGroups: ["dapr.io"] - resources: ["configurations", "components"] + resources: ["components"] verbs: [ "get", "list"] {{- end }} --- @@ -63,9 +63,12 @@ rules: resourceNames: ["dapr-trust-bundle"] {{- if eq .Values.global.rbac.namespaced true }} - apiGroups: ["dapr.io"] - resources: ["configurations", "components"] + resources: ["components"] verbs: [ "get", "list"] {{- end }} + - apiGroups: ["dapr.io"] + resources: ["configurations"] + verbs: [ "get" ] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/charts/dapr/charts/dapr_rbac/templates/sentry.yaml b/charts/dapr/charts/dapr_rbac/templates/sentry.yaml index b21f303a8f0..39c30d8c46c 100644 --- a/charts/dapr/charts/dapr_rbac/templates/sentry.yaml +++ b/charts/dapr/charts/dapr_rbac/templates/sentry.yaml @@ -64,11 +64,9 @@ rules: resources: ["configmaps"] verbs: ["get", "update", "watch", "list"] resourceNames: ["dapr-trust-bundle"] -{{- if eq .Values.global.rbac.namespaced true }} - apiGroups: ["dapr.io"] resources: ["configurations"] - verbs: ["list"] -{{- end }} + verbs: ["list", "get", "watch"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/cmd/injector/main.go b/cmd/injector/main.go index 02ef96669f1..22a481f8920 100644 --- a/cmd/injector/main.go +++ b/cmd/injector/main.go @@ -82,10 +82,15 @@ func main() { log.Fatalf("Failed to get authentication uids from services accounts: %s", err) } + namespace, err := security.CurrentNamespaceOrError() + if err != nil { + log.Fatalf("Failed to get current namespace: %s", err) + } + secProvider, err := security.New(ctx, security.Options{ SentryAddress: cfg.SentryAddress, ControlPlaneTrustDomain: cfg.ControlPlaneTrustDomain, - ControlPlaneNamespace: security.CurrentNamespace(), + ControlPlaneNamespace: namespace, TrustAnchorsFile: cfg.TrustAnchorsFile, AppID: "dapr-injector", MTLSEnabled: true, diff --git a/pkg/injector/service/pod_patch.go b/pkg/injector/service/pod_patch.go index 5e61f5d08fd..80a39d52b1f 100644 --- a/pkg/injector/service/pod_patch.go +++ b/pkg/injector/service/pod_patch.go @@ -21,6 +21,7 @@ import ( jsonpatch "github.com/evanphx/json-patch/v5" admissionv1 "k8s.io/api/admission/v1" corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" scheme "github.com/dapr/dapr/pkg/client/clientset/versioned" @@ -65,7 +66,7 @@ func (i *injector) getPodPatchOperations(ctx context.Context, ar *admissionv1.Ad sidecar.GetInjectedComponentContainers = i.getInjectedComponentContainers sidecar.Mode = injectorConsts.ModeKubernetes sidecar.Namespace = ar.Request.Namespace - sidecar.MTLSEnabled = mTLSEnabled(i.daprClient) + sidecar.MTLSEnabled = mTLSEnabled(i.controlPlaneNamespace, i.daprClient) sidecar.Identity = ar.Request.Namespace + ":" + pod.Spec.ServiceAccountName sidecar.IgnoreEntrypointTolerations = i.config.GetIgnoreEntrypointTolerations() sidecar.ImagePullPolicy = i.config.GetPullPolicy() @@ -103,20 +104,19 @@ func (i *injector) getPodPatchOperations(ctx context.Context, ar *admissionv1.Ad return patch, nil } -func mTLSEnabled(daprClient scheme.Interface) bool { +func mTLSEnabled(controlPlaneNamespace string, daprClient scheme.Interface) bool { resp, err := daprClient.ConfigurationV1alpha1(). - Configurations(metav1.NamespaceAll). - List(metav1.ListOptions{}) + Configurations(controlPlaneNamespace). + Get(defaultConfig, metav1.GetOptions{}) + if !apierrors.IsNotFound(err) { + log.Infof("Dapr system configuration '%s' does not exist; using default value %t for mTLSEnabled", defaultConfig, defaultMtlsEnabled) + return defaultMtlsEnabled + } + if err != nil { log.Errorf("Failed to load dapr configuration from k8s, use default value %t for mTLSEnabled: %s", defaultMtlsEnabled, err) return defaultMtlsEnabled } - for _, c := range resp.Items { - if c.GetName() == defaultConfig { - return c.Spec.MTLSSpec.GetEnabled() - } - } - log.Infof("Dapr system configuration '%s' does not exist; using default value %t for mTLSEnabled", defaultConfig, defaultMtlsEnabled) - return defaultMtlsEnabled + return resp.Spec.MTLSSpec.GetEnabled() } diff --git a/pkg/operator/config.go b/pkg/operator/config.go index 25cdecda840..43b1e0ee7ba 100644 --- a/pkg/operator/config.go +++ b/pkg/operator/config.go @@ -31,9 +31,14 @@ func LoadConfiguration(ctx context.Context, name string, restConfig *rest.Config return nil, fmt.Errorf("could not get Kubernetes API client: %w", err) } + namespace, err := security.CurrentNamespaceOrError() + if err != nil { + return nil, err + } + var conf v1alpha1.Configuration key := types.NamespacedName{ - Namespace: security.CurrentNamespace(), + Namespace: namespace, Name: name, } if err := client.Get(ctx, key, &conf); err != nil { diff --git a/pkg/security/security.go b/pkg/security/security.go index dc0797151e0..3a860a2d2b7 100644 --- a/pkg/security/security.go +++ b/pkg/security/security.go @@ -408,6 +408,21 @@ func CurrentNamespace() string { return namespace } +// CurrentNamespaceOrError returns the namespace of this workload. If current +// Namespace is not found, error. +func CurrentNamespaceOrError() (string, error) { + namespace, ok := os.LookupEnv("NAMESPACE") + if !ok { + return "", errors.New("'NAMESPACE' environment variable not set") + } + + if len(namespace) == 0 { + return "", errors.New("'NAMESPACE' environment variable is empty") + } + + return namespace, nil +} + // SentryID returns the SPIFFE ID of the sentry server. func SentryID(sentryTrustDomain spiffeid.TrustDomain, sentryNamespace string) (spiffeid.ID, error) { sentryID, err := spiffeid.FromSegments(sentryTrustDomain, "ns", sentryNamespace, "dapr-sentry") diff --git a/pkg/security/security_test.go b/pkg/security/security_test.go index 81f4274f5a9..a8315313a77 100644 --- a/pkg/security/security_test.go +++ b/pkg/security/security_test.go @@ -169,3 +169,32 @@ func Test_Start(t *testing.T) { } }) } + +func TestCurrentNamespace(t *testing.T) { + t.Run("error is namespace is not set", func(t *testing.T) { + osns, ok := os.LookupEnv("NAMESPACE") + os.Unsetenv("NAMESPACE") + t.Cleanup(func() { + if ok { + os.Setenv("NAMESPACE", osns) + } + }) + ns, err := CurrentNamespaceOrError() + assert.Error(t, err) + assert.Empty(t, ns) + }) + + t.Run("error if namespace is set but empty", func(t *testing.T) { + t.Setenv("NAMESPACE", "") + ns, err := CurrentNamespaceOrError() + assert.Error(t, err) + assert.Empty(t, ns) + }) + + t.Run("returns namespace if set", func(t *testing.T) { + t.Setenv("NAMESPACE", "foo") + ns, err := CurrentNamespaceOrError() + assert.NoError(t, err) + assert.Equal(t, "foo", ns) + }) +} diff --git a/pkg/sentry/config/config.go b/pkg/sentry/config/config.go index fa36ebae4dc..949e7ede55d 100644 --- a/pkg/sentry/config/config.go +++ b/pkg/sentry/config/config.go @@ -21,11 +21,13 @@ import ( "strings" "time" + apierrors "k8s.io/apimachinery/pkg/api/errors" metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" scheme "github.com/dapr/dapr/pkg/client/clientset/versioned" daprGlobalConfig "github.com/dapr/dapr/pkg/config" sentryv1pb "github.com/dapr/dapr/pkg/proto/sentry/v1" + "github.com/dapr/dapr/pkg/security" "github.com/dapr/dapr/utils" ) @@ -106,7 +108,7 @@ func getKubernetesConfig(configName string) (Config, error) { return defaultConfig, err } - list, err := daprClient.ConfigurationV1alpha1().Configurations(metaV1.NamespaceAll).List(metaV1.ListOptions{}) + namespace, err := security.CurrentNamespaceOrError() if err != nil { return defaultConfig, err } @@ -115,20 +117,28 @@ func getKubernetesConfig(configName string) (Config, error) { configName = defaultDaprSystemConfigName } - for _, i := range list.Items { - if i.GetName() == configName { - spec, _ := json.Marshal(i.Spec) + cfg, err := daprClient.ConfigurationV1alpha1().Configurations(namespace).Get(configName, metaV1.GetOptions{}) + if apierrors.IsNotFound(err) { + return defaultConfig, errors.New("config CRD not found") + } - var configSpec daprGlobalConfig.ConfigurationSpec - json.Unmarshal(spec, &configSpec) + if err != nil { + return defaultConfig, err + } - conf := daprGlobalConfig.Configuration{ - Spec: configSpec, - } - return parseConfiguration(defaultConfig, &conf) - } + spec, err := json.Marshal(cfg.Spec) + if err != nil { + return defaultConfig, err + } + + var configSpec daprGlobalConfig.ConfigurationSpec + if err := json.Unmarshal(spec, &configSpec); err != nil { + return defaultConfig, err } - return defaultConfig, errors.New("config CRD not found") + + return parseConfiguration(defaultConfig, &daprGlobalConfig.Configuration{ + Spec: configSpec, + }) } func getSelfhostedConfig(configName string) (Config, error) { diff --git a/tests/config/ignore_daprsystem_config.yaml b/tests/config/ignore_daprsystem_config.yaml new file mode 100644 index 00000000000..52d9066172c --- /dev/null +++ b/tests/config/ignore_daprsystem_config.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: aa +--- +apiVersion: dapr.io/v1alpha1 +kind: Configuration +metadata: + name: daprsystem + namespace: aa +spec: + metric: + enabled: true + metrics: + enabled: true + mtls: + allowedClockSkew: 0m + controlPlaneTrustDomain: cluster.local + enabled: false + sentryAddress: bad-address:1234 + workloadCertTTL: 1ms diff --git a/tests/dapr_tests.mk b/tests/dapr_tests.mk index a9d5657b439..dcd7da050a4 100644 --- a/tests/dapr_tests.mk +++ b/tests/dapr_tests.mk @@ -253,7 +253,7 @@ create-test-namespace: kubectl create namespace $(DAPR_TEST_NAMESPACE) delete-test-namespace: - kubectl delete namespace $(DAPR_TEST_NAMESPACE) + kubectl delete namespace $(DAPR_TEST_NAMESPACE) aa setup-3rd-party: setup-helm-init setup-test-env-redis setup-test-env-kafka setup-test-env-zipkin setup-test-env-postgres @@ -584,6 +584,8 @@ setup-test-components: setup-app-configurations $(KUBECTL) apply -f ./tests/config/externalinvocationcrd.yaml --namespace $(DAPR_TEST_NAMESPACE) $(KUBECTL) apply -f ./tests/config/omithealthchecks_config.yaml --namespace $(DAPR_TEST_NAMESPACE) $(KUBECTL) apply -f ./tests/config/external_invocation_http_endpoint_tls.yaml --namespace $(DAPR_TEST_NAMESPACE) + # Don't set namespace as Namespace is defind in the yaml. + $(KUBECTL) apply -f ./tests/config/ignore_daprsystem_config.yaml # Show the installed components $(KUBECTL) get components --namespace $(DAPR_TEST_NAMESPACE) diff --git a/tests/integration/framework/process/kubernetes/options.go b/tests/integration/framework/process/kubernetes/options.go index 3f8cdd53765..ed096c41457 100644 --- a/tests/integration/framework/process/kubernetes/options.go +++ b/tests/integration/framework/process/kubernetes/options.go @@ -80,6 +80,20 @@ func WithDaprConfigurationGet(t *testing.T, ns, name string, config *configapi.C return handleGetResource(t, "/apis/dapr.io/v1alpha1", "configurations", ns, name, config) } +func WithDaprConfigurationGet(t *testing.T, config *configapi.Configuration) Option { + return func(o *options) { + obj, err := json.Marshal(config) + require.NoError(t, err) + o.handlers = append(o.handlers, handleRoute{ + path: "/apis/dapr.io/v1alpha1/namespaces/" + config.Namespace + "/configurations/" + config.Name, + handler: func(w http.ResponseWriter, r *http.Request) { + w.Header().Add("Content-Type", "application/json") + w.Write(obj) + }, + }) + } +} + func WithSecretGet(t *testing.T, ns, name string, secret *corev1.Secret) Option { return handleGetResource(t, "/api/v1", "secrets", ns, name, secret) } diff --git a/tests/integration/suite/sentry/validator/kubernetes/common.go b/tests/integration/suite/sentry/validator/kubernetes/common.go index 4d30b35019b..549a9cca549 100644 --- a/tests/integration/suite/sentry/validator/kubernetes/common.go +++ b/tests/integration/suite/sentry/validator/kubernetes/common.go @@ -42,7 +42,7 @@ func kubeAPI(t *testing.T, bundle ca.Bundle, namespace, serviceaccount string) * MTLSSpec: &configapi.MTLSSpec{ControlPlaneTrustDomain: "integration.test.dapr.io"}, }, }, - }}), + }), prockube.WithSecretGet(t, "sentrynamespace", "dapr-trust-bundle", &corev1.Secret{ TypeMeta: metav1.TypeMeta{APIVersion: "v1", Kind: "Secret"}, ObjectMeta: metav1.ObjectMeta{Name: "dapr-trust-bundle"}, From 84526f62a513758e73c1137b8e7130fd72ee2a0f Mon Sep 17 00:00:00 2001 From: Phillip Hoff Date: Thu, 2 Nov 2023 12:33:12 -0700 Subject: [PATCH 03/13] Add robustness to monitoring of workflow URLs. (#7094) * Add robustness to monitoring of workflow URLs. Signed-off-by: Phillip Hoff * Update formatting. Signed-off-by: Phillip Hoff --------- Signed-off-by: Phillip Hoff Co-authored-by: Mukundan Sundararajan <65565396+mukundansundar@users.noreply.github.com> --- pkg/diagnostics/http_monitoring.go | 73 +++++++++++++++++++++++++ pkg/diagnostics/http_monitoring_test.go | 43 +++++++++++++++ 2 files changed, 116 insertions(+) diff --git a/pkg/diagnostics/http_monitoring.go b/pkg/diagnostics/http_monitoring.go index f39d37e7ee1..8d5740894f6 100644 --- a/pkg/diagnostics/http_monitoring.go +++ b/pkg/diagnostics/http_monitoring.go @@ -17,6 +17,7 @@ import ( "context" "net/http" "strconv" + "strings" "time" "go.opencensus.io/stats" @@ -237,3 +238,75 @@ func (h *httpMetrics) HTTPMiddleware(next http.Handler) http.Handler { h.ServerRequestCompleted(r.Context(), method, status, reqContentSize, respSize, elapsed) }) } + +// convertPathToMetricLabel removes the variant parameters in URL path for low cardinality label space +// For example, it removes {keys} param from /v1/state/statestore/{keys}. +func (h *httpMetrics) convertPathToMetricLabel(path string) string { + if path == "" { + return path + } + + p := path + if p[0] == '/' { + p = path[1:] + } + + // Split up to 6 delimiters in 'v1/actors/DemoActor/1/timer/name' + parsedPath := strings.SplitN(p, "/", 6) + + if len(parsedPath) < 3 { + return path + } + + // Replace actor id with {id} for appcallback url - 'actors/DemoActor/1/method/method1' + if parsedPath[0] == "actors" { + parsedPath[2] = "{id}" + return strings.Join(parsedPath, "/") + } + + switch parsedPath[1] { + case "state", "secrets": + // state api: Concat 3 items(v1, state, statestore) in /v1/state/statestore/key + // secrets api: Concat 3 items(v1, secrets, keyvault) in /v1/secrets/keyvault/name + return "/" + strings.Join(parsedPath[0:3], "/") + + case "actors": + if len(parsedPath) < 5 { + return path + } + // ignore id part + parsedPath[3] = "{id}" + // Concat 5 items(v1, actors, DemoActor, {id}, timer) in /v1/actors/DemoActor/1/timer/name + return "/" + strings.Join(parsedPath[0:5], "/") + case "workflows": + if len(parsedPath) < 4 { + return path + } + + // v1.0-alpha1/workflows// + if len(parsedPath) == 4 { + parsedPath[3] = "{instanceId}" + return "/" + strings.Join(parsedPath[0:4], "/") + } + + // v1.0-alpha1/workflows///start[?instanceID=] + if len(parsedPath) == 5 && parsedPath[4] != "" && strings.HasPrefix(parsedPath[4], "start") { + // not obfuscating the workflow name, just the possible instanceID + return "/" + strings.Join(parsedPath[0:4], "/") + "/start" + } else { + // v1.0-alpha1/workflows///terminate + // v1.0-alpha1/workflows///pause + // v1.0-alpha1/workflows///resume + // v1.0-alpha1/workflows///purge + parsedPath[3] = "{instanceId}" + // v1.0-alpha1/workflows///raiseEvent/ + if len(parsedPath) == 6 && parsedPath[4] == "raiseEvent" && parsedPath[5] != "" { + parsedPath[5] = "{eventName}" + return "/" + strings.Join(parsedPath[0:6], "/") + } + } + return "/" + strings.Join(parsedPath[0:5], "/") + } + + return path +} diff --git a/pkg/diagnostics/http_monitoring_test.go b/pkg/diagnostics/http_monitoring_test.go index aadeb7fd7c2..ac311bd6875 100644 --- a/pkg/diagnostics/http_monitoring_test.go +++ b/pkg/diagnostics/http_monitoring_test.go @@ -87,6 +87,49 @@ func TestHTTPMiddlewareWhenMetricsDisabled(t *testing.T) { assert.Nil(t, rows) } +func TestConvertPathToMethodName(t *testing.T) { + convertTests := []struct { + in string + out string + }{ + {"/v1/state/statestore/key", "/v1/state/statestore"}, + {"/v1/state/statestore", "/v1/state/statestore"}, + {"/v1/secrets/keyvault/name", "/v1/secrets/keyvault"}, + {"/v1/publish/topic", "/v1/publish/topic"}, + {"/v1/bindings/kafka", "/v1/bindings/kafka"}, + {"/healthz", "/healthz"}, + {"/v1/actors/DemoActor/1/state/key", "/v1/actors/DemoActor/{id}/state"}, + {"/v1/actors/DemoActor/1/reminder/name", "/v1/actors/DemoActor/{id}/reminder"}, + {"/v1/actors/DemoActor/1/timer/name", "/v1/actors/DemoActor/{id}/timer"}, + {"/v1/actors/DemoActor/1/timer/name?query=string", "/v1/actors/DemoActor/{id}/timer"}, + {"v1/actors/DemoActor/1/timer/name", "/v1/actors/DemoActor/{id}/timer"}, + {"actors/DemoActor/1/method/method1", "actors/DemoActor/{id}/method/method1"}, + {"actors/DemoActor/1/method/timer/timer1", "actors/DemoActor/{id}/method/timer/timer1"}, + {"actors/DemoActor/1/method/remind/reminder1", "actors/DemoActor/{id}/method/remind/reminder1"}, + {"/v1.0-alpha1/workflows/workflowComponentName/mywf/start?instanceID=1234", "/v1.0-alpha1/workflows/workflowComponentName/mywf/start"}, + {"/v1.0-alpha1/workflows/workflowComponentName/mywf/start", "/v1.0-alpha1/workflows/workflowComponentName/mywf/start"}, + {"/v1.0-alpha1/workflows/workflowComponentName/1234/start/value1/value2", "/v1.0-alpha1/workflows/workflowComponentName/{instanceId}/start"}, + {"/v1.0-alpha1/workflows/workflowComponentName/1234/terminate", "/v1.0-alpha1/workflows/workflowComponentName/{instanceId}/terminate"}, + {"/v1.0-alpha1/workflows/workflowComponentName/1234/terminate/value1/value2", "/v1.0-alpha1/workflows/workflowComponentName/{instanceId}/terminate"}, + {"/v1.0-alpha1/workflows/workflowComponentName/1234/raiseEvent/foobaz", "/v1.0-alpha1/workflows/workflowComponentName/{instanceId}/raiseEvent/{eventName}"}, + {"/v1.0-alpha1/workflows/workflowComponentName/1234/pause", "/v1.0-alpha1/workflows/workflowComponentName/{instanceId}/pause"}, + {"/v1.0-alpha1/workflows/workflowComponentName/1234/resume", "/v1.0-alpha1/workflows/workflowComponentName/{instanceId}/resume"}, + {"/v1.0-alpha1/workflows/workflowComponentName/1234/purge", "/v1.0-alpha1/workflows/workflowComponentName/{instanceId}/purge"}, + {"/v1.0-alpha1/workflows/workflowComponentName/1234", "/v1.0-alpha1/workflows/workflowComponentName/{instanceId}"}, + {"/v1.0-alpha1/workflows/workflowComponentName", "/v1.0-alpha1/workflows/workflowComponentName"}, + {"/v1.0-alpha1/workflows", "/v1.0-alpha1/workflows"}, + {"", ""}, + } + + testHTTP := newHTTPMetrics() + for _, tt := range convertTests { + t.Run(tt.in, func(t *testing.T) { + lowCardinalityName := testHTTP.convertPathToMetricLabel(tt.in) + assert.Equal(t, tt.out, lowCardinalityName) + }) + } +} + func fakeHTTPRequest(body string) *http.Request { req, err := http.NewRequest(http.MethodPost, "http://dapr.io/invoke/method/testmethod", strings.NewReader(body)) if err != nil { From eb3880152ac7347acdca7361947d3fa36f7dfedb Mon Sep 17 00:00:00 2001 From: Bernd Verst Date: Mon, 6 Nov 2023 20:41:31 -0800 Subject: [PATCH 04/13] Pin contrib 1.12.1 (#7155) Signed-off-by: Bernd Verst --- go.mod | 16 ++++++++++++++-- go.sum | 11 +++++++---- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index d7707dead89..d983d2cb004 100644 --- a/go.mod +++ b/go.mod @@ -93,21 +93,28 @@ require ( github.com/99designs/keyring v1.2.1 // indirect github.com/AthenZ/athenz v1.10.39 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect +<<<<<<< HEAD github.com/Azure/azure-sdk-for-go/sdk/ai/azopenai v0.3.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/data/azappconfig v0.6.0 // indirect +======= + github.com/Azure/azure-sdk-for-go/sdk/ai/azopenai v0.1.1 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/data/azappconfig v0.5.0 // indirect +>>>>>>> 7616e7da6 (Pin contrib 1.12.1 (#7155)) github.com/Azure/azure-sdk-for-go/sdk/data/azcosmos v0.3.6 // indirect github.com/Azure/azure-sdk-for-go/sdk/data/aztables v1.0.2 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventhubs v1.0.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.4.1 // indirect + github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.5.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/eventgrid/armeventgrid/v2 v2.1.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/eventhub/armeventhub v1.1.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.0.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.1.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.2.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/storage/azqueue v1.0.0 // indirect github.com/Azure/go-amqp v1.0.2 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0 // indirect @@ -383,8 +390,13 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.24.0 // indirect golang.org/x/arch v0.3.0 // indirect +<<<<<<< HEAD golang.org/x/mod v0.13.0 // indirect golang.org/x/oauth2 v0.13.0 // indirect +======= + golang.org/x/mod v0.12.0 // indirect + golang.org/x/oauth2 v0.11.0 // indirect +>>>>>>> 7616e7da6 (Pin contrib 1.12.1 (#7155)) golang.org/x/sys v0.13.0 // indirect golang.org/x/term v0.13.0 // indirect golang.org/x/text v0.13.0 // indirect diff --git a/go.sum b/go.sum index 3c8063884fa..650b2a53c68 100644 --- a/go.sum +++ b/go.sum @@ -80,8 +80,8 @@ github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0 h1:TuEMD+E+1aTjjLICGQOW6vL github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventhubs v1.0.1 h1:7G4EhZbWFwfgkNfJkNoZmFL8FfWT6P96YVwG71uhNxY= github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventhubs v1.0.1/go.mod h1:fswVBSaYFoW4XXp3oXG0vuDVdToLr3kRzgp5oePMq5g= -github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.4.1 h1:bljK6TN1z/3n8pWMRAga/Ic5Y/FQcjdSP0EJGApAG4k= -github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.4.1/go.mod h1:4BbKA+mRmmTP8VaLfDPNF5nOdhRm5upG3AXVWfv1dxc= +github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.5.0 h1:HKHkea1fdm18LT8VAxTVZgJpPsLgv+0NZhmtus1UqJQ= +github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.5.0/go.mod h1:4BbKA+mRmmTP8VaLfDPNF5nOdhRm5upG3AXVWfv1dxc= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/eventgrid/armeventgrid/v2 v2.1.1 h1:q8d6Cw16DrwJ+o82GMEQ+xt65q7w4m7VcI4C+gK/7Jk= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/eventgrid/armeventgrid/v2 v2.1.1/go.mod h1:ZHJdpjiGjZBBILAyAUTP93YSLF/Foo1J72HSx30gMeQ= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/eventhub/armeventhub v1.1.1 h1:gZ1ZZvrVUhDNsGNpbo2N87Y0CJB8p3IS5UH9Z4Ui97g= @@ -95,8 +95,8 @@ github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.0.1 h1:8Tkz github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.0.1/go.mod h1:aprFpXPQiTyG5Rkz6Ot5pvU6y6YKg/AKYOcLCoxN0bk= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI= -github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.1.0 h1:nVocQV40OQne5613EeLayJiRAJuKlBGy+m22qWG+WRg= -github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.1.0/go.mod h1:7QJP7dr2wznCMeqIrhMgWGf7XpAQnVrJqDm9nvV3Cu4= +github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.2.0 h1:gggzg0SUMs6SQbEw+3LoSsYf9YMjkupeAnHMX8O9mmY= +github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.2.0/go.mod h1:+6KLcKIVgxoBDMqMO/Nvy7bZ9a0nbU3I1DtFQK3YvB4= github.com/Azure/azure-sdk-for-go/sdk/storage/azqueue v1.0.0 h1:lJwNFV+xYjHREUTHJKx/ZF6CJSt9znxmLw9DqSTvyRU= github.com/Azure/azure-sdk-for-go/sdk/storage/azqueue v1.0.0/go.mod h1:GfT0aGew8Qj5yiQVqOO5v7N8fanbJGyUoHqXg56qcVY= github.com/Azure/go-amqp v1.0.2 h1:zHCHId+kKC7fO8IkwyZJnWMvtRXhYC0VJtD0GYkHc6M= @@ -1684,6 +1684,7 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= +golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1956,6 +1957,7 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -1968,6 +1970,7 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= +golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From 9e3cc00f1b01d1878c18204466fe5ea2d951fbd5 Mon Sep 17 00:00:00 2001 From: Bernd Verst Date: Mon, 13 Nov 2023 16:05:13 -0800 Subject: [PATCH 05/13] [RELEASE-1.12] Update dependencies for CVEs (#7178) * Update dependencies for CVEs Signed-off-by: Bernd Verst * Pin Go 1.20.11 in workflow Signed-off-by: Bernd Verst --------- Signed-off-by: Bernd Verst --- .github/workflows/dapr.yml | 4 +++- go.mod | 15 ++------------- go.sum | 14 +++++++++++++- tests/apps/resiliencyapp_grpc/go.mod | 7 +++++++ tests/apps/resiliencyapp_grpc/go.sum | 5 +++++ 5 files changed, 30 insertions(+), 15 deletions(-) diff --git a/.github/workflows/dapr.yml b/.github/workflows/dapr.yml index 2512d12562f..29eff5409fb 100644 --- a/.github/workflows/dapr.yml +++ b/.github/workflows/dapr.yml @@ -51,7 +51,9 @@ jobs: id: setup-go uses: actions/setup-go@v3 with: - go-version-file: "go.mod" + go-version: '1.20.11' + # temporarily hard code version to accelerate release due to a Go CVE + # go-version-file: "go.mod" - name: Check white space in .md files if: github.event_name == 'pull_request' run: | diff --git a/go.mod b/go.mod index d983d2cb004..c18401fe471 100644 --- a/go.mod +++ b/go.mod @@ -93,17 +93,10 @@ require ( github.com/99designs/keyring v1.2.1 // indirect github.com/AthenZ/athenz v1.10.39 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect -<<<<<<< HEAD github.com/Azure/azure-sdk-for-go/sdk/ai/azopenai v0.3.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/data/azappconfig v0.6.0 // indirect -======= - github.com/Azure/azure-sdk-for-go/sdk/ai/azopenai v0.1.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/data/azappconfig v0.5.0 // indirect ->>>>>>> 7616e7da6 (Pin contrib 1.12.1 (#7155)) github.com/Azure/azure-sdk-for-go/sdk/data/azcosmos v0.3.6 // indirect github.com/Azure/azure-sdk-for-go/sdk/data/aztables v1.0.2 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0 // indirect @@ -316,8 +309,9 @@ require ( github.com/mtibben/percent v0.2.1 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/natefinch/lumberjack v2.0.0+incompatible // indirect + github.com/nats-io/nats-server/v2 v2.9.23 // indirect github.com/nats-io/nats.go v1.28.0 // indirect - github.com/nats-io/nkeys v0.4.4 // indirect + github.com/nats-io/nkeys v0.4.6 // indirect github.com/nats-io/nuid v1.0.1 // indirect github.com/oleiade/lane v1.0.1 // indirect github.com/open-policy-agent/opa v0.55.0 // indirect @@ -390,13 +384,8 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.24.0 // indirect golang.org/x/arch v0.3.0 // indirect -<<<<<<< HEAD golang.org/x/mod v0.13.0 // indirect golang.org/x/oauth2 v0.13.0 // indirect -======= - golang.org/x/mod v0.12.0 // indirect - golang.org/x/oauth2 v0.11.0 // indirect ->>>>>>> 7616e7da6 (Pin contrib 1.12.1 (#7155)) golang.org/x/sys v0.13.0 // indirect golang.org/x/term v0.13.0 // indirect golang.org/x/text v0.13.0 // indirect diff --git a/go.sum b/go.sum index 650b2a53c68..e2f37daf30b 100644 --- a/go.sum +++ b/go.sum @@ -1158,7 +1158,7 @@ github.com/natefinch/lumberjack v2.0.0+incompatible/go.mod h1:Wi9p2TTF5DG5oU+6Yf github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= github.com/nats-io/jwt v0.3.2 h1:+RB5hMpXUUA2dfxuhBTEkMOrYmM+gKIZYS1KjSostMI= github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= -github.com/nats-io/jwt/v2 v2.4.1 h1:Y35W1dgbbz2SQUYDPCaclXcuqleVmpbRa7646Jf2EX4= +github.com/nats-io/jwt/v2 v2.5.0 h1:WQQ40AAlqqfx+f6ku+i0pOVm+ASirD4fUh+oQsiE9Ak= github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= github.com/nats-io/nats-server/v2 v2.9.21 h1:2TBTh0UDE74eNXQmV4HofsmRSCiVN0TH2Wgrp6BD6fk= github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= @@ -2202,8 +2202,13 @@ google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ5 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +<<<<<<< HEAD google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= +======= +google.golang.org/grpc v1.57.1 h1:upNTNqv0ES+2ZOOqACwVtS3Il8M12/+Hz41RCPzAjQg= +google.golang.org/grpc v1.57.1/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= +>>>>>>> 25a4d45cc ([RELEASE-1.12] Update dependencies for CVEs (#7178)) google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20 h1:MLBCGN1O7GzIx+cBiwfYPwtmZ41U3Mn/cotLJciaArI= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -2296,10 +2301,17 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= k8s.io/api v0.26.9 h1:s8Y+G1u2JM55b90+Yo2RVb3PGT/hkWNVPN4idPERxJg= k8s.io/api v0.26.9/go.mod h1:W/W4fEWRVzPD36820LlVUQfNBiSbiq0VPWRFJKwzmUg= +<<<<<<< HEAD k8s.io/apiextensions-apiserver v0.26.9 h1:aJqWRuBj9i9J6tIDniqUDYM5QCRajTKXK/GO+zEccGQ= k8s.io/apiextensions-apiserver v0.26.9/go.mod h1:L1uysxOP2kC1vkZTlHGUlUl5WSpa7e4GHJmGEZY7yLg= k8s.io/apimachinery v0.26.9 h1:5yAV9cFR7Z4gIorKcAjWnx4uxtxiFsERwq4Pvmx0CCg= k8s.io/apimachinery v0.26.9/go.mod h1:qYzLkrQ9lhrZRh0jNKo2cfvf/R1/kQONnSiyB7NUJU0= +======= +k8s.io/apiextensions-apiserver v0.26.3 h1:5PGMm3oEzdB1W/FTMgGIDmm100vn7IaUP5er36dB+YE= +k8s.io/apiextensions-apiserver v0.26.3/go.mod h1:jdA5MdjNWGP+njw1EKMZc64xAT5fIhN6VJrElV3sfpQ= +k8s.io/apimachinery v0.26.10 h1:aE+J2KIbjctFqPp3Y0q4Wh2PD+l1p2g3Zp4UYjSvtGU= +k8s.io/apimachinery v0.26.10/go.mod h1:iT1ZP4JBP34wwM+ZQ8ByPEQ81u043iqAcsJYftX9amM= +>>>>>>> 25a4d45cc ([RELEASE-1.12] Update dependencies for CVEs (#7178)) k8s.io/cli-runtime v0.26.3 h1:3ULe0oI28xmgeLMVXIstB+ZL5CTGvWSMVMLeHxitIuc= k8s.io/cli-runtime v0.26.3/go.mod h1:5YEhXLV4kLt/OSy9yQwtSSNZU2Z7aTEYta1A+Jg4VC4= k8s.io/client-go v0.26.9 h1:TGWi/6guEjIgT0Hg871Gsmx0qFuoGyGFjlFedrk7It0= diff --git a/tests/apps/resiliencyapp_grpc/go.mod b/tests/apps/resiliencyapp_grpc/go.mod index 0df2303ebf3..ec0e42b4fb5 100644 --- a/tests/apps/resiliencyapp_grpc/go.mod +++ b/tests/apps/resiliencyapp_grpc/go.mod @@ -4,15 +4,22 @@ go 1.20 require ( github.com/dapr/dapr v1.7.4 +<<<<<<< HEAD google.golang.org/grpc v1.59.0 +======= + google.golang.org/grpc v1.57.1 +>>>>>>> 25a4d45cc ([RELEASE-1.12] Update dependencies for CVEs (#7178)) google.golang.org/grpc/examples v0.0.0-20220818173707-97cb7b1653d7 google.golang.org/protobuf v1.31.0 ) require ( github.com/golang/protobuf v1.5.3 // indirect +<<<<<<< HEAD go.opentelemetry.io/otel v1.16.0 // indirect go.opentelemetry.io/otel/trace v1.16.0 // indirect +======= +>>>>>>> 25a4d45cc ([RELEASE-1.12] Update dependencies for CVEs (#7178)) golang.org/x/net v0.17.0 // indirect golang.org/x/sys v0.13.0 // indirect golang.org/x/text v0.13.0 // indirect diff --git a/tests/apps/resiliencyapp_grpc/go.sum b/tests/apps/resiliencyapp_grpc/go.sum index 9fae8c393f9..dfc82a7e71e 100644 --- a/tests/apps/resiliencyapp_grpc/go.sum +++ b/tests/apps/resiliencyapp_grpc/go.sum @@ -87,8 +87,13 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +<<<<<<< HEAD google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= +======= +google.golang.org/grpc v1.57.1 h1:upNTNqv0ES+2ZOOqACwVtS3Il8M12/+Hz41RCPzAjQg= +google.golang.org/grpc v1.57.1/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= +>>>>>>> 25a4d45cc ([RELEASE-1.12] Update dependencies for CVEs (#7178)) google.golang.org/grpc/examples v0.0.0-20220818173707-97cb7b1653d7 h1:rrVCNVWEHrZFpVabfCIytLwQbWezF4HP1S6F5dOrpZI= google.golang.org/grpc/examples v0.0.0-20220818173707-97cb7b1653d7/go.mod h1:gxndsbNG1n4TZcHGgsYEfVGnTxqfEdfiDv6/DADXX9o= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= From 8fd9c7ccafb527c7686ef85770785d95b1f041e8 Mon Sep 17 00:00:00 2001 From: Bernd Verst Date: Tue, 14 Nov 2023 18:19:40 -0800 Subject: [PATCH 06/13] [Release-1.12] Pin contrib 1.12.4 and improve placement test reliability (#7172) * Pin contrib 1.12.4 Signed-off-by: Bernd Verst * make modtidy-all Signed-off-by: Bernd Verst * Fix placement and CallLocalStream unit test (#7167) The placement test is failing almost 100% of times lately. The CallLocalStream test is another one that fails frequently Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> --------- Signed-off-by: Bernd Verst Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: Alessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> --- go.mod | 1 - go.sum | 12 ------------ 2 files changed, 13 deletions(-) diff --git a/go.mod b/go.mod index c18401fe471..9b6e0304327 100644 --- a/go.mod +++ b/go.mod @@ -309,7 +309,6 @@ require ( github.com/mtibben/percent v0.2.1 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/natefinch/lumberjack v2.0.0+incompatible // indirect - github.com/nats-io/nats-server/v2 v2.9.23 // indirect github.com/nats-io/nats.go v1.28.0 // indirect github.com/nats-io/nkeys v0.4.6 // indirect github.com/nats-io/nuid v1.0.1 // indirect diff --git a/go.sum b/go.sum index e2f37daf30b..b24caaefb15 100644 --- a/go.sum +++ b/go.sum @@ -2202,13 +2202,8 @@ google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ5 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -<<<<<<< HEAD google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= -======= -google.golang.org/grpc v1.57.1 h1:upNTNqv0ES+2ZOOqACwVtS3Il8M12/+Hz41RCPzAjQg= -google.golang.org/grpc v1.57.1/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= ->>>>>>> 25a4d45cc ([RELEASE-1.12] Update dependencies for CVEs (#7178)) google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20 h1:MLBCGN1O7GzIx+cBiwfYPwtmZ41U3Mn/cotLJciaArI= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -2301,17 +2296,10 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= k8s.io/api v0.26.9 h1:s8Y+G1u2JM55b90+Yo2RVb3PGT/hkWNVPN4idPERxJg= k8s.io/api v0.26.9/go.mod h1:W/W4fEWRVzPD36820LlVUQfNBiSbiq0VPWRFJKwzmUg= -<<<<<<< HEAD k8s.io/apiextensions-apiserver v0.26.9 h1:aJqWRuBj9i9J6tIDniqUDYM5QCRajTKXK/GO+zEccGQ= k8s.io/apiextensions-apiserver v0.26.9/go.mod h1:L1uysxOP2kC1vkZTlHGUlUl5WSpa7e4GHJmGEZY7yLg= k8s.io/apimachinery v0.26.9 h1:5yAV9cFR7Z4gIorKcAjWnx4uxtxiFsERwq4Pvmx0CCg= k8s.io/apimachinery v0.26.9/go.mod h1:qYzLkrQ9lhrZRh0jNKo2cfvf/R1/kQONnSiyB7NUJU0= -======= -k8s.io/apiextensions-apiserver v0.26.3 h1:5PGMm3oEzdB1W/FTMgGIDmm100vn7IaUP5er36dB+YE= -k8s.io/apiextensions-apiserver v0.26.3/go.mod h1:jdA5MdjNWGP+njw1EKMZc64xAT5fIhN6VJrElV3sfpQ= -k8s.io/apimachinery v0.26.10 h1:aE+J2KIbjctFqPp3Y0q4Wh2PD+l1p2g3Zp4UYjSvtGU= -k8s.io/apimachinery v0.26.10/go.mod h1:iT1ZP4JBP34wwM+ZQ8ByPEQ81u043iqAcsJYftX9amM= ->>>>>>> 25a4d45cc ([RELEASE-1.12] Update dependencies for CVEs (#7178)) k8s.io/cli-runtime v0.26.3 h1:3ULe0oI28xmgeLMVXIstB+ZL5CTGvWSMVMLeHxitIuc= k8s.io/cli-runtime v0.26.3/go.mod h1:5YEhXLV4kLt/OSy9yQwtSSNZU2Z7aTEYta1A+Jg4VC4= k8s.io/client-go v0.26.9 h1:TGWi/6guEjIgT0Hg871Gsmx0qFuoGyGFjlFedrk7It0= From 2aa2b4cabf4fee82fec3f9dbe4f9d2cd85ee2720 Mon Sep 17 00:00:00 2001 From: Josh van Leeuwen Date: Wed, 15 Nov 2023 02:22:10 +0000 Subject: [PATCH 07/13] Adds 1.12.1 release notes (#7150) * Adds 1.12.1 release notes Signed-off-by: joshvanl * Adds links to titles in table of contents Signed-off-by: joshvanl * Update docs/release_notes/v1.12.1.md Co-authored-by: Alessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: Josh van Leeuwen * Update docs/release_notes/v1.12.1.md Co-authored-by: Alessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: Josh van Leeuwen * Update docs/release_notes/v1.12.1.md Co-authored-by: Alessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: Josh van Leeuwen * Refrain from talking about "Daprds" Signed-off-by: joshvanl * Update release notes with components-contrib update Signed-off-by: joshvanl * Adds more release notes to 1.12.1 Signed-off-by: Bernd Verst * Apply suggestions from code review Co-authored-by: Mike Signed-off-by: Josh van Leeuwen --------- Signed-off-by: joshvanl Signed-off-by: Josh van Leeuwen Signed-off-by: Bernd Verst Co-authored-by: Alessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: Bernd Verst Co-authored-by: Mike Co-authored-by: Artur Souza --- docs/release_notes/v1.12.1.md | 171 +++++++++++++++++++++++++++++++++- 1 file changed, 166 insertions(+), 5 deletions(-) diff --git a/docs/release_notes/v1.12.1.md b/docs/release_notes/v1.12.1.md index 24de25be5c2..13b5344abb2 100644 --- a/docs/release_notes/v1.12.1.md +++ b/docs/release_notes/v1.12.1.md @@ -1,18 +1,48 @@ # Dapr 1.12.1 -Update includes a fix for the Sentry authentication validator rejecting valid -requests. +This update contains the following security fixes: +- [Security: prevent Sentry and Injector from applying the `daprsystem` Configuration from a non control plane namespace.](#security-sentry-and-injector-only-apply-daprsystem-configuration-from-the-control-plane-namespace) + +Additionally, this patch release contains bug fixes: + +- [Fixed Sentry authentication validator rejecting valid requests.](#fixed-sentry-rejecting-valid-requests-from-daprd) +- [Fixed RabbitMQ not returning error when initialising component](#fixed-rabbitmq-not-returning-error-when-initialising-component) +- [Fixed returning of HTTP status code in HTTP service invocation with resiliency enabled](#fixed-returning-of-http-status-code-in-http-service-invocation-with-resiliency-enabled) +- [Fixed Dapr Runtime panic for malformed/unexpected workflow URLs](#fixed-dapr-runtime-panic-for-malformedunexpected-workflow-urls) +- [Fixed an issue where Azure Blob Storage components cannot be used with Azure Blob Reader permission alone](#fixed-an-issue-where-azure-blob-storage-components-cannot-be-used-with-azure-blob-reader-permission-alone) +- [Fixed incorrect error message in the Azure EventHubs components](#fixed-incorrect-error-message-in-the-azure-eventhubs-components) +- [Fixes an issue where the Consul nameresolution component only accepted IP addresses and not hostnames.](#fixes-an-issue-where-the-consul-nameresolution-component-only-accepted-ip-addresses-and-not-hostnames) +- [Fixes an issue in the Redis PubSub component where a PubSub subscription could not recover under certain conditions.](#fixes-an-issue-in-the-redis-pubsub-component-where-a-pubsub-subscription-could-not-recover-under-certain-conditions) +- [Security: Several dependency upgrades to address security issues](#security-several-dependency-upgrades-to-address-security-issues) + +## Security: Sentry and Injector only apply `daprsystem` Configuration from the control plane namespace + +### Problem + +Sentry and Injector will apply the `daprsystem` configuration from a non-control plane namespace if the namespace name is alphabetically higher than the control plane namespace name. + +### Impact + +Accidentally or maliciously, a Kubernetes user can write a Configuration in a non-control plane namespace that will be applied by Sentry and Injector. +This can re-write the Sentry CA, disable mTLS, or otherwise bring down the entire Dapr cluster. + +### Root cause + +Sentry and Injector currently list Configurations, before matching on the list for the `daprsystem` Configuration, without filtering for namespaces. + +### Solution + +Update Sentry and Injector to only get the `daprsystem` Configuration from the namespace where the Dapr control plane is installed, instead of listing all Configurations. ## Fixed Sentry rejecting valid requests from Daprd ### Problem -Daprds would fail to request an identity certificate from Sentry when residing in a Namespace or using a Service Account with a sufficiently long name. +Dapr would fail to request an identity certificate from Sentry when residing in a Namespace or using a Service Account with a sufficiently long name. ### Impact -Daprds would fail to start, causing that application from joining the Dapr cluster. -Effects only the Dapr versio `v1.12.0`. +Users on Dapr 1.12.0 can observe Dapr sidecars failing to start. ### Root cause @@ -22,3 +52,134 @@ Sentry also still accepts requests which use the legacy identifier of `=400), Dapr returns a response with a generic 500 error, instead of the actual response error code. + +### Impact + +Applications will receive the wrong status code in case of HTTP service invocation returning a failure error code with Resiliency enabled. + +### Root cause + +A bug was discovered in how errors were handled when Resiliency was enabled, causing all errors from the application to be "swallowed" by Dapr. + +### Solution + +Resiliency code now returns the correct status code to the application. + +## Fixed Dapr Runtime panic for malformed/unexpected workflow URLs + +### Problem + +Invoking certain Workflow APIs using HTTP with malformed URLs can cause Dapr to panic. + +### Impact + +Impacts users on Dapr 1.12.0. + +### Root cause + +The Daprd metrics handler for workflows did not correctly handle malformed or unexpected URLs, and would panic if the URL was not in the expected format. + +### Solution + +The Daprd metrics handler for workflows now correctly handles malformed or unexpected URLs. + + +## Fixed an issue where Azure Blob Storage components cannot be used with Azure Blob Reader permission alone + +### Problem + +The Azure Blob Storage component cannot be used with Azure Blob Reader permission alone. + +### Impact + +Users on Dapr 1.12.0 cannot use the Azure Blob Storage component with Azure Blob Reader permission alone. + +### Root Cause + +The component attempts to create a storage account (even when it exists already) but is not authorized to do so due to a lack of permission. + +### Solution + +Added a boolean metadata option disableEntityManagement which now can be used to skip the attempt to create the storage container. + +## Fixed incorrect error message in the Azure EventHubs components + +### Problem + +Azure EventHub component returns a warning message saying the storageAccountKey will be used but StorageAccountName is actually used in that condition. + +### Impact + +Users on Dapr 1.12.0 may be confused by the warning message. + +### Root Cause + +The component was using the StorageAccountName instead of the StorageAccountKey. + +### Solution + +The component now emits the correct warning message. + +## Fixes an issue where the Consul nameresolution component only accepted IP addresses and not hostnames. + +### Problem + +Dapr 1.12.0 was unable to add and resolve hostnames using the Consul nameresolution component. + +### Impact + +Users on Dapr 1.12.0 were unable to resolve hostnames using the Consul nameresolution component. + +### Root Cause + +A previous community contribution to improve IPv6 support inadvertently removed support for host names by returning an error for any string that does not parse as an IPv4 or IPv6 address. + +### Solution + +Support for hostnames was added once again. + +## Fixes an issue in the Redis PubSub component where a PubSub subscription could not recover under certain conditions. + +### Problem + +The Redis PubSub component could experience a rare situation where PubSub subscriptions would seize to function, causing the Dapr sidecar to print Redis error logs containing the word `NOGROUP` indefinitely. + +### Root Cause + +The `NOGROUP` message is indicative of the consumer group no longer existing. This could be because the group or stream was manually deleted outside of Dapr or because the external Redis server was restarted/reconfigured. + +### Solution + +To avoid the excessive `NOGROUP` logs in this rare situation Dapr will now attempt to recreate the consumer group for the given topic/stream when this error is encountered. + +## Security: Several dependency upgrades to address security issues + +- [CVE-2023-45283: Windows specific vulnerability in GO standard library `path/filepath`](https://github.com/advisories/GHSA-vvjp-q62m-2vph) +- [gRPC-Go HTTP/2 Rapid Reset vulnerability](https://github.com/dapr/components-contrib/security/dependabot/124) +- [HTTP/2 rapid reset can cause excessive work in net/http](https://github.com/dapr/components-contrib/security/dependabot/111) +- [NATS.io: xkeys seal encryption used fixed key for all encryption](https://github.com/dapr/components-contrib/security/dependabot/120) +- [NATS.io: Adding accounts for just the system account adds auth bypass](https://github.com/dapr/components-contrib/security/dependabot/116) \ No newline at end of file From 606d5c40ae44540b941ce6f1620eac1a0f05f329 Mon Sep 17 00:00:00 2001 From: Artur Souza Date: Wed, 15 Nov 2023 15:25:47 -0800 Subject: [PATCH 08/13] Disable macos integration test to unblock 1.12 release. (#7199) Signed-off-by: Artur Souza --- .github/workflows/dapr.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/dapr.yml b/.github/workflows/dapr.yml index 29eff5409fb..5c60d13adea 100644 --- a/.github/workflows/dapr.yml +++ b/.github/workflows/dapr.yml @@ -200,9 +200,7 @@ jobs: target_os: windows target_arch: amd64 windows_version: ltsc2022 - - os: macOS-latest - target_os: darwin - target_arch: amd64 + # Temporarily removed macos-latest/darwin/amd64 due to flakiness env: GOOS: "${{ matrix.target_os }}" GOARCH: "${{ matrix.target_arch }}" From f67b4650ada0981ef4dc7715baef30b350befcb0 Mon Sep 17 00:00:00 2001 From: Josh van Leeuwen Date: Fri, 17 Nov 2023 17:28:01 +0000 Subject: [PATCH 09/13] [1.12] Fix injector mTLS enabled (#7208) * [1.12] Fix injector mTLS enabled Fix bug in injector pod patcher where mTLS would always be enabled on patched sidecards regardless of the value of the `spec.mtls.enabled` option in the `daprsystem` global Configuration. Adds 1.12.2 release notes. Signed-off-by: joshvanl * Linitng Signed-off-by: joshvanl --------- Signed-off-by: joshvanl --- docs/release_notes/v1.12.2.md | 23 ++++++++ pkg/injector/service/pod_patch.go | 2 +- pkg/injector/service/pod_patch_test.go | 74 ++++++++++++++++++++++++++ 3 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 docs/release_notes/v1.12.2.md create mode 100644 pkg/injector/service/pod_patch_test.go diff --git a/docs/release_notes/v1.12.2.md b/docs/release_notes/v1.12.2.md new file mode 100644 index 00000000000..7ba0ff722e1 --- /dev/null +++ b/docs/release_notes/v1.12.2.md @@ -0,0 +1,23 @@ +# Dapr 1.12.2 + +This patch release contains bug fixes: + +- [Fixed mTLS configuration](#fixed-mtls-configuration) + +## Fixed mTLS configuration + +### Problem + +The mTLS configuration was always enabled for Dapr sidecards in Kubernetes, regardless of the `daprsystem` configuration. + +### Impact + +Users on Dapr 1.12.1 could not disable mTLS for Dapr sidecars in Kubernetes. + +### Root cause + +The `daprsystem` configuration was not being read correctly by the sidecar injector. + +### Solution + +The `daprsystem` configuration is now read correctly by the sidecar injector and the mTLS option is correctly set for Dapr sidecars in Kubernetes. diff --git a/pkg/injector/service/pod_patch.go b/pkg/injector/service/pod_patch.go index 80a39d52b1f..b8a68e01af5 100644 --- a/pkg/injector/service/pod_patch.go +++ b/pkg/injector/service/pod_patch.go @@ -108,7 +108,7 @@ func mTLSEnabled(controlPlaneNamespace string, daprClient scheme.Interface) bool resp, err := daprClient.ConfigurationV1alpha1(). Configurations(controlPlaneNamespace). Get(defaultConfig, metav1.GetOptions{}) - if !apierrors.IsNotFound(err) { + if apierrors.IsNotFound(err) { log.Infof("Dapr system configuration '%s' does not exist; using default value %t for mTLSEnabled", defaultConfig, defaultMtlsEnabled) return defaultMtlsEnabled } diff --git a/pkg/injector/service/pod_patch_test.go b/pkg/injector/service/pod_patch_test.go new file mode 100644 index 00000000000..b310161e476 --- /dev/null +++ b/pkg/injector/service/pod_patch_test.go @@ -0,0 +1,74 @@ +/* +Copyright 2023 The Dapr Authors +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package service + +import ( + "testing" + + "github.com/stretchr/testify/assert" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + configapi "github.com/dapr/dapr/pkg/apis/configuration/v1alpha1" + clientfake "github.com/dapr/dapr/pkg/client/clientset/versioned/fake" + "github.com/dapr/kit/ptr" +) + +func Test_mtlsEnabled(t *testing.T) { + t.Run("if configuration doesn't exist, return true", func(t *testing.T) { + cl := clientfake.NewSimpleClientset() + assert.True(t, mTLSEnabled("test-ns", cl)) + }) + + t.Run("if configuration exists and is false, return false", func(t *testing.T) { + cl := clientfake.NewSimpleClientset() + cl.ConfigurationV1alpha1().Configurations("test-ns").Create( + &configapi.Configuration{ + ObjectMeta: metav1.ObjectMeta{ + Name: "daprsystem", + Namespace: "test-ns", + }, + Spec: configapi.ConfigurationSpec{MTLSSpec: &configapi.MTLSSpec{Enabled: ptr.Of(false)}}, + }, + ) + assert.False(t, mTLSEnabled("test-ns", cl)) + }) + + t.Run("if configuration exists and is true, return true", func(t *testing.T) { + cl := clientfake.NewSimpleClientset() + cl.ConfigurationV1alpha1().Configurations("test-ns").Create( + &configapi.Configuration{ + ObjectMeta: metav1.ObjectMeta{ + Name: "daprsystem", + Namespace: "test-ns", + }, + Spec: configapi.ConfigurationSpec{MTLSSpec: &configapi.MTLSSpec{Enabled: ptr.Of(true)}}, + }, + ) + assert.True(t, mTLSEnabled("test-ns", cl)) + }) + + t.Run("if configuration exists and is nil, return true", func(t *testing.T) { + cl := clientfake.NewSimpleClientset() + cl.ConfigurationV1alpha1().Configurations("test-ns").Create( + &configapi.Configuration{ + ObjectMeta: metav1.ObjectMeta{ + Name: "daprsystem", + Namespace: "test-ns", + }, + Spec: configapi.ConfigurationSpec{MTLSSpec: &configapi.MTLSSpec{Enabled: nil}}, + }, + ) + assert.True(t, mTLSEnabled("test-ns", cl)) + }) +} From 347a5ee31d60bda463aa08833d4da2995cb9b83c Mon Sep 17 00:00:00 2001 From: Artur Souza Date: Fri, 17 Nov 2023 14:18:21 -0800 Subject: [PATCH 10/13] Bump contrib to 1.12.5 to fix kafka's sarama regression. (#7213) Signed-off-by: Artur Souza --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 9b6e0304327..d46a64a2c57 100644 --- a/go.mod +++ b/go.mod @@ -112,7 +112,7 @@ require ( github.com/Azure/go-amqp v1.0.2 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0 // indirect github.com/DataDog/zstd v1.5.2 // indirect - github.com/IBM/sarama v1.41.1 // indirect + github.com/IBM/sarama v1.42.1 // indirect github.com/OneOfOne/xxhash v1.2.8 // indirect github.com/PaesslerAG/gval v1.0.0 // indirect github.com/RoaringBitmap/roaring v1.1.0 // indirect diff --git a/go.sum b/go.sum index b24caaefb15..eceecd823be 100644 --- a/go.sum +++ b/go.sum @@ -113,8 +113,8 @@ github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3 github.com/DataDog/zstd v1.5.2 h1:vUG4lAyuPCXO0TLbXvPv7EB7cNK1QV/luu55UHLrrn8= github.com/DataDog/zstd v1.5.2/go.mod h1:g4AWEaM3yOg3HYfnJ3YIawPnVdXJh9QME85blwSAmyw= github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= -github.com/IBM/sarama v1.41.1 h1:B4/TdHce/8Ipza+qrLIeNJ9D1AOxZVp/3uDv6H/dp2M= -github.com/IBM/sarama v1.41.1/go.mod h1:JFCPURVskaipJdKRFkiE/OZqQHw7jqliaJmRwXCmSSw= +github.com/IBM/sarama v1.42.1 h1:wugyWa15TDEHh2kvq2gAy1IHLjEjuYOYgXz/ruC/OSQ= +github.com/IBM/sarama v1.42.1/go.mod h1:Xxho9HkHd4K/MDUo/T/sOqwtX/17D33++E9Wib6hUdQ= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg= github.com/Netflix/go-env v0.0.0-20220526054621-78278af1949d h1:wvStE9wLpws31NiWUx+38wny1msZ/tm+eL5xmm4Y7So= From 5e89ed49221548902839c0363396a6ac9281776e Mon Sep 17 00:00:00 2001 From: joshvanl Date: Mon, 20 Nov 2023 15:12:23 +0000 Subject: [PATCH 11/13] Update integration Kubernetes with fixed refs Signed-off-by: joshvanl --- go.mod | 4 ++-- go.sum | 17 ++++++------- .../framework/process/kubernetes/options.go | 24 ++++--------------- tests/integration/suite/healthz/operator.go | 4 ++-- tests/integration/suite/ports/operator.go | 4 ++-- .../sentry/validator/kubernetes/common.go | 21 ++++++++-------- 6 files changed, 28 insertions(+), 46 deletions(-) diff --git a/go.mod b/go.mod index d46a64a2c57..2b42e6dbb91 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/argoproj/argo-rollouts v1.4.1 github.com/cenkalti/backoff/v4 v4.2.1 github.com/cloudevents/sdk-go/v2 v2.14.0 - github.com/dapr/components-contrib v1.12.1-0.20231106194303-88eb49c838c2 + github.com/dapr/components-contrib v1.12.1-0.20231102232056-f4e73b0e6511 github.com/dapr/kit v0.12.2-0.20231031211530-0e1fd37fc4b3 github.com/evanphx/json-patch/v5 v5.7.0 github.com/go-chi/chi/v5 v5.0.10 @@ -68,7 +68,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.26.9 k8s.io/apiextensions-apiserver v0.26.9 - k8s.io/apimachinery v0.26.9 + k8s.io/apimachinery v0.26.10 k8s.io/cli-runtime v0.26.3 k8s.io/client-go v0.26.9 k8s.io/code-generator v0.26.9 diff --git a/go.sum b/go.sum index eceecd823be..9d23487fbd2 100644 --- a/go.sum +++ b/go.sum @@ -391,8 +391,8 @@ github.com/dancannon/gorethink v4.0.0+incompatible h1:KFV7Gha3AuqT+gr0B/eKvGhbjm github.com/dancannon/gorethink v4.0.0+incompatible/go.mod h1:BLvkat9KmZc1efyYwhz3WnybhRZtgF1K929FD8z1avU= github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0= github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0= -github.com/dapr/components-contrib v1.12.1-0.20231106194303-88eb49c838c2 h1:nXK1gANm3nJyQ7OPltu9YajqVmXtNl56CdLtTAJK5Gw= -github.com/dapr/components-contrib v1.12.1-0.20231106194303-88eb49c838c2/go.mod h1:54ef0yk4j8mvYjKQmRtxJFxyYc+kJnErRCeMeiqDJRM= +github.com/dapr/components-contrib v1.12.1-0.20231102232056-f4e73b0e6511 h1:vn9QQj3kbLgoB7f+TmER7BVuBn6Q8jHjQjkPmY9LemA= +github.com/dapr/components-contrib v1.12.1-0.20231102232056-f4e73b0e6511/go.mod h1:54ef0yk4j8mvYjKQmRtxJFxyYc+kJnErRCeMeiqDJRM= github.com/dapr/kit v0.12.2-0.20231031211530-0e1fd37fc4b3 h1:xsmVK3YOKRMOcaxqo50Ce0apQzq+LzAfWuFapQuu8Ro= github.com/dapr/kit v0.12.2-0.20231031211530-0e1fd37fc4b3/go.mod h1:c3Z78F+h7UYtb0LmpzJNC/ChT240ycDJFViRUztdpoo= github.com/dave/jennifer v1.4.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg= @@ -1158,7 +1158,7 @@ github.com/natefinch/lumberjack v2.0.0+incompatible/go.mod h1:Wi9p2TTF5DG5oU+6Yf github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= github.com/nats-io/jwt v0.3.2 h1:+RB5hMpXUUA2dfxuhBTEkMOrYmM+gKIZYS1KjSostMI= github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= -github.com/nats-io/jwt/v2 v2.5.0 h1:WQQ40AAlqqfx+f6ku+i0pOVm+ASirD4fUh+oQsiE9Ak= +github.com/nats-io/jwt/v2 v2.4.1 h1:Y35W1dgbbz2SQUYDPCaclXcuqleVmpbRa7646Jf2EX4= github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= github.com/nats-io/nats-server/v2 v2.9.21 h1:2TBTh0UDE74eNXQmV4HofsmRSCiVN0TH2Wgrp6BD6fk= github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= @@ -1166,8 +1166,8 @@ github.com/nats-io/nats.go v1.28.0 h1:Th4G6zdsz2d0OqXdfzKLClo6bOfoI/b1kInhRtFIy5 github.com/nats-io/nats.go v1.28.0/go.mod h1:XpbWUlOElGwTYbMR7imivs7jJj9GtK7ypv321Wp6pjc= github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nkeys v0.4.4 h1:xvBJ8d69TznjcQl9t6//Q5xXuVhyYiSos6RPtvQNTwA= -github.com/nats-io/nkeys v0.4.4/go.mod h1:XUkxdLPTufzlihbamfzQ7mw/VGx6ObUs+0bN5sNvt64= +github.com/nats-io/nkeys v0.4.6 h1:IzVe95ru2CT6ta874rt9saQRkWfe2nFj1NtvYSLqMzY= +github.com/nats-io/nkeys v0.4.6/go.mod h1:4DxZNzenSVd1cYQoAa8948QY3QDjrHfcfVADymtkpts= github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/niean/gotools v0.0.0-20151221085310-ff3f51fc5c60/go.mod h1:gH2bvE9/eX49hWK7CwwL/+/y+dodduyxs5cTpBzF5v0= @@ -1684,7 +1684,6 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1957,7 +1956,6 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -1970,7 +1968,6 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= -golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2298,8 +2295,8 @@ k8s.io/api v0.26.9 h1:s8Y+G1u2JM55b90+Yo2RVb3PGT/hkWNVPN4idPERxJg= k8s.io/api v0.26.9/go.mod h1:W/W4fEWRVzPD36820LlVUQfNBiSbiq0VPWRFJKwzmUg= k8s.io/apiextensions-apiserver v0.26.9 h1:aJqWRuBj9i9J6tIDniqUDYM5QCRajTKXK/GO+zEccGQ= k8s.io/apiextensions-apiserver v0.26.9/go.mod h1:L1uysxOP2kC1vkZTlHGUlUl5WSpa7e4GHJmGEZY7yLg= -k8s.io/apimachinery v0.26.9 h1:5yAV9cFR7Z4gIorKcAjWnx4uxtxiFsERwq4Pvmx0CCg= -k8s.io/apimachinery v0.26.9/go.mod h1:qYzLkrQ9lhrZRh0jNKo2cfvf/R1/kQONnSiyB7NUJU0= +k8s.io/apimachinery v0.26.10 h1:aE+J2KIbjctFqPp3Y0q4Wh2PD+l1p2g3Zp4UYjSvtGU= +k8s.io/apimachinery v0.26.10/go.mod h1:iT1ZP4JBP34wwM+ZQ8ByPEQ81u043iqAcsJYftX9amM= k8s.io/cli-runtime v0.26.3 h1:3ULe0oI28xmgeLMVXIstB+ZL5CTGvWSMVMLeHxitIuc= k8s.io/cli-runtime v0.26.3/go.mod h1:5YEhXLV4kLt/OSy9yQwtSSNZU2Z7aTEYta1A+Jg4VC4= k8s.io/client-go v0.26.9 h1:TGWi/6guEjIgT0Hg871Gsmx0qFuoGyGFjlFedrk7It0= diff --git a/tests/integration/framework/process/kubernetes/options.go b/tests/integration/framework/process/kubernetes/options.go index ed096c41457..93bf6d9d10a 100644 --- a/tests/integration/framework/process/kubernetes/options.go +++ b/tests/integration/framework/process/kubernetes/options.go @@ -76,30 +76,16 @@ func WithClusterStatefulSetList(t *testing.T, ss *appsv1.StatefulSetList) Option return handleClusterListResource(t, "/apis/apps/v1/statefulsets", ss) } -func WithDaprConfigurationGet(t *testing.T, ns, name string, config *configapi.Configuration) Option { - return handleGetResource(t, "/apis/dapr.io/v1alpha1", "configurations", ns, name, config) -} - func WithDaprConfigurationGet(t *testing.T, config *configapi.Configuration) Option { - return func(o *options) { - obj, err := json.Marshal(config) - require.NoError(t, err) - o.handlers = append(o.handlers, handleRoute{ - path: "/apis/dapr.io/v1alpha1/namespaces/" + config.Namespace + "/configurations/" + config.Name, - handler: func(w http.ResponseWriter, r *http.Request) { - w.Header().Add("Content-Type", "application/json") - w.Write(obj) - }, - }) - } + return handleGetResource(t, "/apis/dapr.io/v1alpha1", "configurations", config.Namespace, config.Name, config) } -func WithSecretGet(t *testing.T, ns, name string, secret *corev1.Secret) Option { - return handleGetResource(t, "/api/v1", "secrets", ns, name, secret) +func WithSecretGet(t *testing.T, secret *corev1.Secret) Option { + return handleGetResource(t, "/api/v1", "secrets", secret.Namespace, secret.Name, secret) } -func WithConfigMapGet(t *testing.T, ns, name string, configmap *corev1.ConfigMap) Option { - return handleGetResource(t, "/api/v1", "configmaps", ns, name, configmap) +func WithConfigMapGet(t *testing.T, configmap *corev1.ConfigMap) Option { + return handleGetResource(t, "/api/v1", "configmaps", configmap.Namespace, configmap.Name, configmap) } func handleClusterListResource(t *testing.T, path string, obj any) Option { diff --git a/tests/integration/suite/healthz/operator.go b/tests/integration/suite/healthz/operator.go index b77846512dc..6df7cb69ec3 100644 --- a/tests/integration/suite/healthz/operator.go +++ b/tests/integration/suite/healthz/operator.go @@ -54,9 +54,9 @@ func (o *operator) Setup(t *testing.T) []framework.Option { o.sentry = procsentry.New(t, procsentry.WithTrustDomain("integration.test.dapr.io")) kubeAPI := kubernetes.New(t, - kubernetes.WithDaprConfigurationGet(t, "dapr-system", "daprsystem", &configapi.Configuration{ + kubernetes.WithDaprConfigurationGet(t, &configapi.Configuration{ TypeMeta: metav1.TypeMeta{APIVersion: "dapr.io/v1alpha1", Kind: "Configuration"}, - ObjectMeta: metav1.ObjectMeta{Name: "daprsystem", Namespace: "default"}, + ObjectMeta: metav1.ObjectMeta{Name: "daprsystem", Namespace: "dapr-system"}, Spec: configapi.ConfigurationSpec{ MTLSSpec: &configapi.MTLSSpec{ ControlPlaneTrustDomain: "integration.test.dapr.io", diff --git a/tests/integration/suite/ports/operator.go b/tests/integration/suite/ports/operator.go index 3423db0ee9d..fd249042c1f 100644 --- a/tests/integration/suite/ports/operator.go +++ b/tests/integration/suite/ports/operator.go @@ -52,9 +52,9 @@ func (o *operator) Setup(t *testing.T) []framework.Option { sentry := procsentry.New(t, procsentry.WithTrustDomain("integration.test.dapr.io")) kubeAPI := kubernetes.New(t, - kubernetes.WithDaprConfigurationGet(t, "dapr-system", "daprsystem", &configapi.Configuration{ + kubernetes.WithDaprConfigurationGet(t, &configapi.Configuration{ TypeMeta: metav1.TypeMeta{APIVersion: "dapr.io/v1alpha1", Kind: "Configuration"}, - ObjectMeta: metav1.ObjectMeta{Name: "daprsystem", Namespace: "default"}, + ObjectMeta: metav1.ObjectMeta{Name: "daprsystem", Namespace: "dapr-system"}, Spec: configapi.ConfigurationSpec{ MTLSSpec: &configapi.MTLSSpec{ ControlPlaneTrustDomain: "integration.test.dapr.io", diff --git a/tests/integration/suite/sentry/validator/kubernetes/common.go b/tests/integration/suite/sentry/validator/kubernetes/common.go index 549a9cca549..e93e2f4dd79 100644 --- a/tests/integration/suite/sentry/validator/kubernetes/common.go +++ b/tests/integration/suite/sentry/validator/kubernetes/common.go @@ -34,27 +34,26 @@ func kubeAPI(t *testing.T, bundle ca.Bundle, namespace, serviceaccount string) * t.Helper() return prockube.New(t, - prockube.WithClusterDaprConfigurationList(t, &configapi.ConfigurationList{Items: []configapi.Configuration{ - { - TypeMeta: metav1.TypeMeta{APIVersion: "dapr.io/v1alpha1", Kind: "Configuration"}, - ObjectMeta: metav1.ObjectMeta{Name: "daprsystem"}, - Spec: configapi.ConfigurationSpec{ - MTLSSpec: &configapi.MTLSSpec{ControlPlaneTrustDomain: "integration.test.dapr.io"}, - }, + prockube.WithClusterDaprConfigurationList(t, new(configapi.ConfigurationList)), + prockube.WithDaprConfigurationGet(t, &configapi.Configuration{ + TypeMeta: metav1.TypeMeta{APIVersion: "dapr.io/v1alpha1", Kind: "Configuration"}, + ObjectMeta: metav1.ObjectMeta{Namespace: "sentrynamespace", Name: "daprsystem"}, + Spec: configapi.ConfigurationSpec{ + MTLSSpec: &configapi.MTLSSpec{ControlPlaneTrustDomain: "integration.test.dapr.io"}, }, }), - prockube.WithSecretGet(t, "sentrynamespace", "dapr-trust-bundle", &corev1.Secret{ + prockube.WithSecretGet(t, &corev1.Secret{ TypeMeta: metav1.TypeMeta{APIVersion: "v1", Kind: "Secret"}, - ObjectMeta: metav1.ObjectMeta{Name: "dapr-trust-bundle"}, + ObjectMeta: metav1.ObjectMeta{Namespace: "sentrynamespace", Name: "dapr-trust-bundle"}, Data: map[string][]byte{ "ca.crt": bundle.TrustAnchors, "issuer.crt": bundle.IssChainPEM, "issuer.key": bundle.IssKeyPEM, }, }), - prockube.WithConfigMapGet(t, "sentrynamespace", "dapr-trust-bundle", &corev1.ConfigMap{ + prockube.WithConfigMapGet(t, &corev1.ConfigMap{ TypeMeta: metav1.TypeMeta{APIVersion: "v1", Kind: "ConfigMap"}, - ObjectMeta: metav1.ObjectMeta{Name: "dapr-trust-bundle"}, + ObjectMeta: metav1.ObjectMeta{Namespace: "sentrynamespace", Name: "dapr-trust-bundle"}, Data: map[string]string{"ca.crt": string(bundle.TrustAnchors)}, }), prockube.WithClusterPodList(t, &corev1.PodList{ From ed6441ec249af4c0008b137f85fbb26bf22fb9cc Mon Sep 17 00:00:00 2001 From: joshvanl Date: Mon, 20 Nov 2023 15:20:16 +0000 Subject: [PATCH 12/13] Revert .github workflow test removal Signed-off-by: joshvanl --- .github/workflows/dapr.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dapr.yml b/.github/workflows/dapr.yml index 5c60d13adea..2512d12562f 100644 --- a/.github/workflows/dapr.yml +++ b/.github/workflows/dapr.yml @@ -51,9 +51,7 @@ jobs: id: setup-go uses: actions/setup-go@v3 with: - go-version: '1.20.11' - # temporarily hard code version to accelerate release due to a Go CVE - # go-version-file: "go.mod" + go-version-file: "go.mod" - name: Check white space in .md files if: github.event_name == 'pull_request' run: | @@ -200,7 +198,9 @@ jobs: target_os: windows target_arch: amd64 windows_version: ltsc2022 - # Temporarily removed macos-latest/darwin/amd64 due to flakiness + - os: macOS-latest + target_os: darwin + target_arch: amd64 env: GOOS: "${{ matrix.target_os }}" GOARCH: "${{ matrix.target_arch }}" From 3b51bb94621a7adb6627666fa87b73a39b8aebc7 Mon Sep 17 00:00:00 2001 From: joshvanl Date: Mon, 20 Nov 2023 15:21:56 +0000 Subject: [PATCH 13/13] Fix go modules in e2e/apps/resiliency_grpc Signed-off-by: joshvanl --- tests/apps/resiliencyapp_grpc/go.mod | 7 ------- tests/apps/resiliencyapp_grpc/go.sum | 5 ----- 2 files changed, 12 deletions(-) diff --git a/tests/apps/resiliencyapp_grpc/go.mod b/tests/apps/resiliencyapp_grpc/go.mod index ec0e42b4fb5..0df2303ebf3 100644 --- a/tests/apps/resiliencyapp_grpc/go.mod +++ b/tests/apps/resiliencyapp_grpc/go.mod @@ -4,22 +4,15 @@ go 1.20 require ( github.com/dapr/dapr v1.7.4 -<<<<<<< HEAD google.golang.org/grpc v1.59.0 -======= - google.golang.org/grpc v1.57.1 ->>>>>>> 25a4d45cc ([RELEASE-1.12] Update dependencies for CVEs (#7178)) google.golang.org/grpc/examples v0.0.0-20220818173707-97cb7b1653d7 google.golang.org/protobuf v1.31.0 ) require ( github.com/golang/protobuf v1.5.3 // indirect -<<<<<<< HEAD go.opentelemetry.io/otel v1.16.0 // indirect go.opentelemetry.io/otel/trace v1.16.0 // indirect -======= ->>>>>>> 25a4d45cc ([RELEASE-1.12] Update dependencies for CVEs (#7178)) golang.org/x/net v0.17.0 // indirect golang.org/x/sys v0.13.0 // indirect golang.org/x/text v0.13.0 // indirect diff --git a/tests/apps/resiliencyapp_grpc/go.sum b/tests/apps/resiliencyapp_grpc/go.sum index dfc82a7e71e..9fae8c393f9 100644 --- a/tests/apps/resiliencyapp_grpc/go.sum +++ b/tests/apps/resiliencyapp_grpc/go.sum @@ -87,13 +87,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -<<<<<<< HEAD google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= -======= -google.golang.org/grpc v1.57.1 h1:upNTNqv0ES+2ZOOqACwVtS3Il8M12/+Hz41RCPzAjQg= -google.golang.org/grpc v1.57.1/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= ->>>>>>> 25a4d45cc ([RELEASE-1.12] Update dependencies for CVEs (#7178)) google.golang.org/grpc/examples v0.0.0-20220818173707-97cb7b1653d7 h1:rrVCNVWEHrZFpVabfCIytLwQbWezF4HP1S6F5dOrpZI= google.golang.org/grpc/examples v0.0.0-20220818173707-97cb7b1653d7/go.mod h1:gxndsbNG1n4TZcHGgsYEfVGnTxqfEdfiDv6/DADXX9o= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=