Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update GO to 1.19 and format code #123

Merged
merged 1 commit into from
Oct 18, 2022
Merged

Update GO to 1.19 and format code #123

merged 1 commit into from
Oct 18, 2022

Conversation

baoy1
Copy link
Contributor

@baoy1 baoy1 commented Oct 11, 2022

Description

  • Update GO to 1.19
  • Format code to align with Go format rule
  • Fix Go Security check alert
    Use of net/http serve function that has no support for setting timeouts

GitHub Issues

List the GitHub issues impacted by this PR:

GitHub Issue #
dell/csm#491

Checklist:

  • I have performed a self-review of my own code to ensure there are no formatting, vetting, linting, or security issues
  • I have verified that new and existing unit tests pass locally with my changes
  • I have not allowed coverage numbers to degenerate
  • I have maintained at least 90% code coverage
  • I have inspected the Grafana dashboards to verify the data is displayed properly
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • I have maintained backward compatibility

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration

  • Run make check test
    image

  • Grafana GUI check
    image

Manual inspection of the GUI

I have verified that the dashboards show the data properly while generating I/O and storage resources

  • Yes
  • No

@baoy1
Copy link
Contributor Author

baoy1 commented Oct 11, 2022

run e2e test

forrestxia
forrestxia previously approved these changes Oct 11, 2022
@baoy1
Copy link
Contributor Author

baoy1 commented Oct 11, 2022

allowedlist.yaml is temporarily added to address vulnerability CVE-2022-27664.

@baoy1
Copy link
Contributor Author

baoy1 commented Oct 12, 2022

run e2e test

forrestxia
forrestxia previously approved these changes Oct 12, 2022
gallacher
gallacher previously approved these changes Oct 12, 2022
taohe1012
taohe1012 previously approved these changes Oct 13, 2022
@baoy1 baoy1 dismissed stale reviews from taohe1012, gallacher, and forrestxia via ac70bc0 October 14, 2022 13:59
@baoy1
Copy link
Contributor Author

baoy1 commented Oct 14, 2022

run e2e test

@baoy1 baoy1 mentioned this pull request Oct 14, 2022
13 tasks
@baoy1 baoy1 requested review from forrestxia and taohe1012 October 14, 2022 15:03
@baoy1 baoy1 requested a review from gallacher October 14, 2022 15:03
taohe1012
taohe1012 previously approved these changes Oct 16, 2022
forrestxia
forrestxia previously approved these changes Oct 17, 2022

server := &http.Server{
Addr: addr,
ReadHeaderTimeout: 5 * time.Second,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Is 'ReadHeaderTimeout' only for TLS listener, or for all Read operation?
  2. Is 5sec a recommended timeout value?
  3. Better to use a constant variable for the time out setting.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. ReadHeaderTimeout is for the new server instance, and the instance is for TLS listener. It could say 'ReadHeaderTimeout' only for TLS listener
  2. There is no recommended value. But [PowerStore ]('ReadHeaderTimeout' only for TLS listener) uses 5 the same.
  3. I flip through all the source code including CSM, 3rd, GO package, timeout values are all set as plain value, not constant. I think it should be good for us as well.

@YianZong YianZong self-requested a review October 17, 2022 09:31
YianZong
YianZong previously approved these changes Oct 17, 2022
gallacher
gallacher previously approved these changes Oct 17, 2022
- Fix CVE-2022-27664 by updating GO to 1.19
  and updating golang.org/x/net, golang.org/x/text to the latest
- Fix Go Security check alert
  `Use of net/http serve function that has no support for setting timeouts`
  Use `server.Serve(tlsListener)` instead of `http.ListenAndServeTLS`
- Format code to align with Go format rule
@baoy1 baoy1 dismissed stale reviews from gallacher, YianZong, forrestxia, and taohe1012 via eb27e9f October 18, 2022 02:10
@baoy1 baoy1 force-pushed the feature-update-go-1.19 branch from ac70bc0 to eb27e9f Compare October 18, 2022 02:10
@baoy1
Copy link
Contributor Author

baoy1 commented Oct 18, 2022

run e2e test

@baoy1
Copy link
Contributor Author

baoy1 commented Oct 18, 2022

Rebase and merge is disabled in github setting, so squash commits to one, also update golang.org/x/net to v0.0.0-20221017152216-f25eb7ecb193, golang.org/x/text to v0.4.0

@baoy1 baoy1 merged commit 5303f22 into main Oct 18, 2022
@baoy1 baoy1 deleted the feature-update-go-1.19 branch November 17, 2022 04:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants