Merge branch 'master' into grpc-update

jollyaakash · Oct 14, 2022 · 4e9d531 · 4e9d531
2 parents e5c25a1 + 10d5a1b
commit 4e9d531
Show file tree

Hide file tree

Showing 47 changed files with 1,054 additions and 408 deletions.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -1,7 +1,7 @@
 {
 	"name": "Dapr Dev Environment",
 	// Update the container version when you publish dev-container
-	"image": "ghcr.io/dapr/dapr-dev:0.1.8",
+	"image": "ghcr.io/dapr/dapr-dev:0.1.9",
 	// Replace with uncommented line below to build your own local copy of the image
 	//"dockerFile": "../docker/Dockerfile-dev",
 	"containerEnv": {

diff --git a/Makefile b/Makefile
@@ -279,10 +279,48 @@ test: test-deps
 	CGO_ENABLED=$(CGO) \
 		go test ./tests/...
 
+################################################################################
+# Target: test-race                                                            #
+################################################################################
+# Note that we are expliciting maintaing an allow-list of packages that should be tested
+# with "-race", as many packags aren't passing those tests yet.
+# Eventually, the goal is to be able to have all packages pass tests with "-race"
+# Note: CGO is required for tests with "-race"
+TEST_WITH_RACE=./pkg/acl/... \
+./pkg/actors \
+./pkg/apis/... \
+./pkg/apphealth/... \
+./pkg/channel/... \
+./pkg/client/... \
+./pkg/components/... \
+./pkg/concurrency/... \
+./pkg/diagnostics/... \
+./pkg/encryption/... \
+./pkg/expr/... \
+./pkg/fswatcher/... \
+./pkg/grpc/... \
+./pkg/health/... \
+./pkg/http/... \
+./pkg/injector/... \
+./pkg/messages/... \
+./pkg/messaging/... \
+./pkg/metrics/... \
+./pkg/middleware/... \
+./pkg/modes/... \
+./pkg/operator/... \
+./pkg/placement/... \
+./pkg/proto/... \
+./pkg/resiliency/... \
+./pkg/runtime/...
+
+.PHONY: test-race
+test-race:
+	echo "$(TEST_WITH_RACE)" | xargs \
+		go test -tags=unit -race
+
 ################################################################################
 # Target: lint                                                                 #
 ################################################################################
-# Due to https://github.com/golangci/golangci-lint/issues/580, we need to add --fix for windows
 # Please use golangci-lint version v1.48.0 , otherwise you might encounter errors.
 # You can download version v1.48.0 at https://github.com/golangci/golangci-lint/releases/tag/v1.48.0
 .PHONY: lint

diff --git a/charts/dapr/README.md b/charts/dapr/README.md
@@ -152,6 +152,7 @@ The Helm chart has the follow configuration options that can be supplied:
 | `dapr_sentry.tls.issuer.certPEM`          | Issuer Certificate cert                                                 | `""`                    |
 | `dapr_sentry.tls.issuer.keyPEM`           | Issuer Private Key cert                                                 | `""`                    |
 | `dapr_sentry.tls.root.certPEM`            | Root Certificate cert                                                   | `""`                    |
+| `dapr_sentry.tokenAudience`               | Expected audience for tokens; multiple values can be separated by a comma. Defaults to the audience expected by the Kubernetes control plane if not set | `""` |
 | `dapr_sentry.trustDomain`                 | Trust domain (logical group to manage app trust relationship) for access control list | `cluster.local`  |
 | `dapr_sentry.runAsNonRoot`                | Boolean value for `securityContext.runAsNonRoot`. You may have to set this to `false` when running in Minikube | `true` |
 | `dapr_sentry.resources`                   | Value of `resources` attribute. Can be used to set memory/cpu resources/limits. See the section "Resource configuration" above. Defaults to empty | `{}` |

diff --git a/charts/dapr/charts/dapr_dashboard/Chart.yaml b/charts/dapr/charts/dapr_dashboard/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: "1.0"
 description: A Helm chart for Dapr Dashboard
 name: dapr_dashboard
-version: 0.10.0
+version: 0.11.0
diff --git a/charts/dapr/charts/dapr_dashboard/values.yaml b/charts/dapr/charts/dapr_dashboard/values.yaml
@@ -6,7 +6,7 @@ component: dashboard
 image:
   registry: docker.io/daprio
   name: dashboard
-  tag: "0.10.0"
+  tag: "0.11.0"
   imagePullSecrets: ""
 
 nameOverride: ""

diff --git a/charts/dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml b/charts/dapr/charts/dapr_sentry/templates/dapr_sentry_deployment.yaml
@@ -148,6 +148,10 @@ spec:
 {{- end }}
         - "--trust-domain"
         - {{ .Values.tls.trustDomain }}
+{{- if .Values.tokenAudience }}
+        - "--token-audience"
+        - {{ .Values.tokenAudience }}
+{{- end }}
       serviceAccountName: dapr-operator
       volumes:
         - name: credentials

diff --git a/charts/dapr/charts/dapr_sentry/values.yaml b/charts/dapr/charts/dapr_sentry/values.yaml
@@ -10,6 +10,8 @@ image:
 nameOverride: ""
 fullnameOverride: ""
 
+tokenAudience: ""
+
 ports:
   protocol: TCP
   port: 80

diff --git a/charts/dapr/crds/pluggable-components.yaml b/charts/dapr/crds/pluggable-components.yaml
diff --git a/cmd/sentry/main.go b/cmd/sentry/main.go
@@ -54,6 +54,7 @@ func main() {
 	flag.StringVar(&credentials.IssuerCertFilename, "issuer-certificate-filename", credentials.IssuerCertFilename, "Issuer certificate filename")
 	flag.StringVar(&credentials.IssuerKeyFilename, "issuer-key-filename", credentials.IssuerKeyFilename, "Issuer private key filename")
 	trustDomain := flag.String("trust-domain", "localhost", "The CA trust domain")
+	tokenAudience := flag.String("token-audience", "", "Expected audience for tokens; multiple values can be separated by a comma. Defaults to the audience expected by the Kubernetes control plane")
 
 	loggerOptions := logger.DefaultOptions()
 	loggerOptions.AttachCmdFlags(flag.StringVar, flag.BoolVar)
@@ -107,6 +108,9 @@ func main() {
 	config.IssuerKeyPath = issuerKeyPath
 	config.RootCertPath = rootCertPath
 	config.TrustDomain = *trustDomain
+	if *tokenAudience != "" {
+		config.TokenAudience = tokenAudience
+	}
 
 	watchDir := filepath.Dir(config.IssuerCertPath)
 

diff --git a/docker/docker.mk b/docker/docker.mk
@@ -174,10 +174,10 @@ docker-windows-base-push: check-windows-version
 ################################################################################
 
 # Update whenever you upgrade dev container image
-DEV_CONTAINER_VERSION_TAG?=0.1.8
+DEV_CONTAINER_VERSION_TAG?=0.1.9
 
 # Use this to pin a specific version of the Dapr CLI to a devcontainer
-DEV_CONTAINER_CLI_TAG?=1.8.0
+DEV_CONTAINER_CLI_TAG?=1.9.0
 
 # Dapr container image name
 DEV_CONTAINER_IMAGE_NAME=dapr-dev

diff --git a/docker/library-scripts/github-debian.sh b/docker/library-scripts/github-debian.sh
@@ -16,7 +16,7 @@
 # Users can edit this copy under /usr/local/share in the container to
 # customize this as needed for their custom localhost bindings.
 
-# Source: https://github.com/microsoft/vscode-dev-containers/blob/v0.224.3/script-library/github-debian.sh
+# Source: https://github.com/microsoft/vscode-dev-containers/blob/ecb28cdcf443603ec8f037afff85c63c8cd1dc95/script-library/github-debian.sh
 
 #-------------------------------------------------------------------------------------------------------------
 # Copyright (c) Microsoft Corporation. All rights reserved.
@@ -28,9 +28,10 @@
 #
 # Syntax: ./github-debian.sh [version]
 
-CLI_VERSION=${1:-"latest"}
+CLI_VERSION=${VERSION:-"latest"}
+INSTALL_DIRECTLY_FROM_GITHUB_RELEASE=${INSTALLDIRECTLYFROMGITHUBRELEASE:-"true"}
 
-GITHUB_CLI_ARCHIVE_GPG_KEY=C99B11DEB97541F0
+GITHUB_CLI_ARCHIVE_GPG_KEY=23F3D4EA75716059
 GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com:80
 keyserver hkps://keys.openpgp.org
 keyserver hkp://keyserver.pgp.com"
@@ -159,31 +160,77 @@ receive_gpg_keys() {
     fi
 }
 
-# Function to run apt-get if needed
-apt_get_update_if_needed()
+apt_get_update()
 {
-    if [ ! -d "/var/lib/apt/lists" ] || [ "$(ls /var/lib/apt/lists/ | wc -l)" = "0" ]; then
-        echo "Running apt-get update..."
-        apt-get update
-    else
-        echo "Skipping apt-get update."
-    fi
+    echo "Running apt-get update..."
+    apt-get update -y
 }
 
 # Checks if packages are installed and installs them if not
 check_packages() {
     if ! dpkg -s "$@" > /dev/null 2>&1; then
-        apt_get_update_if_needed
+        apt_get_update
         apt-get -y install --no-install-recommends "$@"
     fi
 }
 
+find_version_from_git_tags() {
+    local variable_name=$1
+    local requested_version=${!variable_name}
+    if [ "${requested_version}" = "none" ]; then return; fi
+    local repository=$2
+    local prefix=${3:-"tags/v"}
+    local separator=${4:-"."}
+    local last_part_optional=${5:-"false"}    
+    if [ "$(echo "${requested_version}" | grep -o "." | wc -l)" != "2" ]; then
+        local escaped_separator=${separator//./\\.}
+        local last_part
+        if [ "${last_part_optional}" = "true" ]; then
+            last_part="(${escaped_separator}[0-9]+)?"
+        else
+            last_part="${escaped_separator}[0-9]+"
+        fi
+        local regex="${prefix}\\K[0-9]+${escaped_separator}[0-9]+${last_part}$"
+        local version_list="$(git ls-remote --tags ${repository} | grep -oP "${regex}" | tr -d ' ' | tr "${separator}" "." | sort -rV)"
+        if [ "${requested_version}" = "latest" ] || [ "${requested_version}" = "current" ] || [ "${requested_version}" = "lts" ]; then
+            declare -g ${variable_name}="$(echo "${version_list}" | head -n 1)"
+        else
+            set +e
+            declare -g ${variable_name}="$(echo "${version_list}" | grep -E -m 1 "^${requested_version//./\\.}([\\.\\s]|$)")"
+            set -e
+        fi
+    fi
+    if [ -z "${!variable_name}" ] || ! echo "${version_list}" | grep "^${!variable_name//./\\.}$" > /dev/null 2>&1; then
+        echo -e "Invalid ${variable_name} value: ${requested_version}\nValid values:\n${version_list}" >&2
+        exit 1
+    fi
+    echo "${variable_name}=${!variable_name}"
+}
+
+
+# Fall back on direct download if no apt package exists
+# Fetches .deb file to be installed with dpkg
+install_deb_using_github() {
+    check_packages wget
+    arch=$(dpkg --print-architecture)
+
+    find_version_from_git_tags CLI_VERSION https://github.com/cli/cli
+    cli_filename="gh_${CLI_VERSION}_linux_${arch}.deb"
+
+    mkdir -p /tmp/ghcli
+    pushd /tmp/ghcli
+    wget https://github.com/cli/cli/releases/download/v${CLI_VERSION}/${cli_filename}
+    dpkg -i /tmp/ghcli/${cli_filename}
+    popd
+    rm -rf /tmp/ghcli
+}
+
 export DEBIAN_FRONTEND=noninteractive
 
 # Install curl, apt-transport-https, curl, gpg, or dirmngr, git if missing
 check_packages curl ca-certificates apt-transport-https dirmngr gnupg2
 if ! type git > /dev/null 2>&1; then
-    apt_get_update_if_needed
+    apt_get_update
     apt-get -y install --no-install-recommends git
 fi
 
@@ -197,11 +244,16 @@ fi
 
 # Install the GitHub CLI
 echo "Downloading github CLI..."
-# Import key safely (new method rather than deprecated apt-key approach) and install
-. /etc/os-release
-receive_gpg_keys GITHUB_CLI_ARCHIVE_GPG_KEY /usr/share/keyrings/githubcli-archive-keyring.gpg
-echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages ${VERSION_CODENAME} main" > /etc/apt/sources.list.d/github-cli.list
-apt-get update
-apt-get -y install "gh${version_suffix}"
-rm -rf "/tmp/gh/gnupg"
-echo "Done!"
+
+if [ "${INSTALL_DIRECTLY_FROM_GITHUB_RELEASE}" = "true" ]; then
+    install_deb_using_github
+else
+   # Import key safely (new method rather than deprecated apt-key approach) and install
+    . /etc/os-release
+    receive_gpg_keys GITHUB_CLI_ARCHIVE_GPG_KEY /usr/share/keyrings/githubcli-archive-keyring.gpg
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" > /etc/apt/sources.list.d/github-cli.list
+    apt-get update
+    apt-get -y install "gh${version_suffix}"
+    rm -rf "/tmp/gh/gnupg"
+    echo "Done!"
+fi