From 1ecc979334703361671b454d4eb9a2fb46718078 Mon Sep 17 00:00:00 2001 From: Leandro Batista Date: Tue, 25 Apr 2023 00:31:23 -0300 Subject: [PATCH 1/9] adding errors handler --- api/v1alpha1/defaults.go | 2 + api/v1alpha1/rule_types.go | 6 + api/v1alpha1/zz_generated.deepcopy.go | 46 ++++ config/crd/bases/oathkeeper.ory.sh_rules.yaml | 252 ++++++++---------- config/rbac/role.yaml | 65 ++--- internal/validation/validation.go | 4 + main.go | 2 + 7 files changed, 208 insertions(+), 169 deletions(-) diff --git a/api/v1alpha1/defaults.go b/api/v1alpha1/defaults.go index cd1a11f..e58728b 100644 --- a/api/v1alpha1/defaults.go +++ b/api/v1alpha1/defaults.go @@ -7,11 +7,13 @@ var ( DefaultAuthenticatorsAvailable = [...]string{"noop", "unauthorized", "anonymous", "cookie_session", "oauth2_client_credentials", "oauth2_introspection", "jwt", "bearer_token"} DefaultAuthorizersAvailable = [...]string{"allow", "deny", "keto_engine_acp_ory", "remote", "remote_json"} DefaultMutatorsAvailable = [...]string{"noop", "id_token", "header", "cookie", "hydrator"} + DefaultErrorsAvailable = [...]string{"json", "redirect", "www_authenticate"} ) const ( AuthenticatorsAvailableEnv = "authenticatorsAvailable" AuthorizersAvailableEnv = "authorizersAvailable" MutatorsAvailableEnv = "mutatorsAvailable" + ErrorsAvailableEnv = "errorsAvailable" RulesFileNameRegexp = "\\A[-._a-zA-Z0-9]+\\z" ) diff --git a/api/v1alpha1/rule_types.go b/api/v1alpha1/rule_types.go index 4b34194..485cb76 100644 --- a/api/v1alpha1/rule_types.go +++ b/api/v1alpha1/rule_types.go @@ -52,6 +52,7 @@ type RuleSpec struct { Authenticators []*Authenticator `json:"authenticators,omitempty"` Authorizer *Authorizer `json:"authorizer,omitempty"` Mutators []*Mutator `json:"mutators,omitempty"` + Errors []*Error `json:"errors,omitempty"` // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=253 // +kubebuilder:validation:Pattern=[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)* @@ -112,6 +113,11 @@ type Mutator struct { *Handler `json:",inline"` } +// Error represents a handler that is responsible for executing logic when an error happens. +type Error struct { + *Handler `json:",inline"` +} + // Handler represents an Oathkeeper routine that operates on incoming requests. It is used to either validate a request (Authenticator, Authorizer) or modify it (Mutator). type Handler struct { // Name is the name of a handler diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index c54256c..51b56fe 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -1,6 +1,21 @@ //go:build !ignore_autogenerated // +build !ignore_autogenerated +/* + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + // Code generated by controller-gen. DO NOT EDIT. package v1alpha1 @@ -49,6 +64,26 @@ func (in *Authorizer) DeepCopy() *Authorizer { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Error) DeepCopyInto(out *Error) { + *out = *in + if in.Handler != nil { + in, out := &in.Handler, &out.Handler + *out = new(Handler) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Error. +func (in *Error) DeepCopy() *Error { + if in == nil { + return nil + } + out := new(Error) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Handler) DeepCopyInto(out *Handler) { *out = *in @@ -224,6 +259,17 @@ func (in *RuleSpec) DeepCopyInto(out *RuleSpec) { } } } + if in.Errors != nil { + in, out := &in.Errors, &out.Errors + *out = make([]*Error, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(Error) + (*in).DeepCopyInto(*out) + } + } + } if in.ConfigMapName != nil { in, out := &in.ConfigMapName, &out.ConfigMapName *out = new(string) diff --git a/config/crd/bases/oathkeeper.ory.sh_rules.yaml b/config/crd/bases/oathkeeper.ory.sh_rules.yaml index 8071e3a..cf3c838 100644 --- a/config/crd/bases/oathkeeper.ory.sh_rules.yaml +++ b/config/crd/bases/oathkeeper.ory.sh_rules.yaml @@ -1,3 +1,4 @@ + --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -15,160 +16,137 @@ spec: singular: rule scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Rule is the Schema for the rules API - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the - latest internal value, and may reject unrecognized values. More - info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the - client submits requests to. Cannot be updated. In CamelCase. - More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: RuleSpec defines the desired state of Rule - properties: - authenticators: - items: - description: - Authenticator represents a handler that authenticates - provided credentials. - properties: - config: - description: - Config configures the handler. Configuration keys vary - per handler. - type: object - x-kubernetes-preserve-unknown-fields: true - handler: - description: Name is the name of a handler - type: string - required: - - handler - type: object - type: array - authorizer: - description: - Authorizer represents a handler that authorizes the subject - ("user") from the previously validated credentials making - the request. + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Rule is the Schema for the rules API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RuleSpec defines the desired state of Rule + properties: + authenticators: + items: + description: Authenticator represents a handler that authenticates provided credentials. properties: config: - description: - Config configures the handler. Configuration keys vary - per handler. + description: Config configures the handler. Configuration keys vary per handler. type: object x-kubernetes-preserve-unknown-fields: true handler: description: Name is the name of a handler type: string required: - - handler - type: object - configMapName: - description: - ConfigMapName points to the K8s ConfigMap that contains - these rules - maxLength: 253 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - match: - description: - Match defines the URL(s) that an access rule should match. - properties: - methods: - description: - Methods represent an array of HTTP methods (e.g. GET, - POST, PUT, DELETE, ...) - items: - type: string - type: array - url: - description: - URL is the URL that should be matched. It supports regex - templates. - type: string - required: - - methods - - url + - handler type: object - mutators: - items: - description: - Mutator represents a handler that transforms the HTTP - request before forwarding it. - properties: - config: - description: - Config configures the handler. Configuration keys vary - per handler. - type: object - x-kubernetes-preserve-unknown-fields: true - handler: - description: Name is the name of a handler - type: string - required: - - handler + type: array + authorizer: + description: Authorizer represents a handler that authorizes the subject ("user") from the previously validated credentials making the request. + properties: + config: + description: Config configures the handler. Configuration keys vary per handler. type: object - type: array - upstream: - description: - Upstream represents the location of a server where requests - matching a rule should be forwarded to. + x-kubernetes-preserve-unknown-fields: true + handler: + description: Name is the name of a handler + type: string + required: + - handler + type: object + configMapName: + description: ConfigMapName points to the K8s ConfigMap that contains these rules + maxLength: 253 + minLength: 1 + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' + type: string + errors: + items: + description: Error represents a handler that is responsible for executing logic when an error happens. properties: - preserveHost: - description: - PreserveHost includes the host and port of the url value - if set to false. If true, the host and port of the ORY - Oathkeeper Proxy will be used instead. - type: boolean - stripPath: - description: - StripPath replaces the provided path prefix when - forwarding the requested URL to the upstream URL. - type: string - url: - description: - URL defines the target URL for incoming requests - maxLength: 256 - minLength: 3 - pattern: ^(?:https?:\/\/)?(?:[^@\/\n]+@)?(?:www\.)?([^:\/\n]+) + config: + description: Config configures the handler. Configuration keys vary per handler. + type: object + x-kubernetes-preserve-unknown-fields: true + handler: + description: Name is the name of a handler type: string required: - - url + - handler type: object - required: - - match - type: object - status: - description: RuleStatus defines the observed state of Rule - properties: - validation: - description: Validation defines the validation state of Rule + type: array + match: + description: Match defines the URL(s) that an access rule should match. + properties: + methods: + description: Methods represent an array of HTTP methods (e.g. GET, POST, PUT, DELETE, ...) + items: + type: string + type: array + url: + description: URL is the URL that should be matched. It supports regex templates. + type: string + required: + - methods + - url + type: object + mutators: + items: + description: Mutator represents a handler that transforms the HTTP request before forwarding it. properties: - valid: - type: boolean - validationError: + config: + description: Config configures the handler. Configuration keys vary per handler. + type: object + x-kubernetes-preserve-unknown-fields: true + handler: + description: Name is the name of a handler type: string + required: + - handler type: object - type: object - type: object - served: true - storage: true + type: array + upstream: + description: Upstream represents the location of a server where requests matching a rule should be forwarded to. + properties: + preserveHost: + description: PreserveHost includes the host and port of the url value if set to false. If true, the host and port of the ORY Oathkeeper Proxy will be used instead. + type: boolean + stripPath: + description: StripPath replaces the provided path prefix when forwarding the requested URL to the upstream URL. + type: string + url: + description: URL defines the target URL for incoming requests + maxLength: 256 + minLength: 3 + pattern: ^(?:https?:\/\/)?(?:[^@\/\n]+@)?(?:www\.)?([^:\/\n]+) + type: string + required: + - url + type: object + required: + - match + type: object + status: + description: RuleStatus defines the observed state of Rule + properties: + validation: + description: Validation defines the validation state of Rule + properties: + valid: + type: boolean + validationError: + type: string + type: object + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index b94626d..55b7b30 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -1,3 +1,4 @@ + --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -5,35 +6,35 @@ metadata: creationTimestamp: null name: manager-role rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - oathkeeper.ory.sh - resources: - - rules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - oathkeeper.ory.sh - resources: - - rules/status - verbs: - - get - - patch - - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oathkeeper.ory.sh + resources: + - rules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - oathkeeper.ory.sh + resources: + - rules/status + verbs: + - get + - patch + - update diff --git a/internal/validation/validation.go b/internal/validation/validation.go index 1fa8b74..ee0c51e 100644 --- a/internal/validation/validation.go +++ b/internal/validation/validation.go @@ -7,6 +7,7 @@ type Config struct { AuthenticatorsAvailable []string AuthorizersAvailable []string MutatorsAvailable []string + ErrorsAvailable []string } func (c Config) IsAuthenticatorValid(authenticator string) bool { @@ -18,6 +19,9 @@ func (c Config) IsAuthorizerValid(authorizer string) bool { func (c Config) IsMutatorValid(mutator string) bool { return isValid(mutator, c.MutatorsAvailable) } +func (c Config) IsErrorValid(err string) bool { + return isValid(err, c.ErrorsAvailable) +} func isValid(current string, available []string) bool { for _, a := range available { diff --git a/main.go b/main.go index 7151cfd..68a0d09 100644 --- a/main.go +++ b/main.go @@ -152,10 +152,12 @@ func initValidationConfig() validation.Config { authenticatorsAvailable := os.Getenv(oathkeeperv1alpha1.AuthenticatorsAvailableEnv) authorizersAvailable := os.Getenv(oathkeeperv1alpha1.AuthorizersAvailableEnv) mutatorsAvailable := os.Getenv(oathkeeperv1alpha1.MutatorsAvailableEnv) + errorsAvailable := os.Getenv(oathkeeperv1alpha1.ErrorsAvailableEnv) return validation.Config{ AuthenticatorsAvailable: parseListOrDefault(authenticatorsAvailable, oathkeeperv1alpha1.DefaultAuthenticatorsAvailable[:], oathkeeperv1alpha1.AuthenticatorsAvailableEnv), AuthorizersAvailable: parseListOrDefault(authorizersAvailable, oathkeeperv1alpha1.DefaultAuthorizersAvailable[:], oathkeeperv1alpha1.AuthorizersAvailableEnv), MutatorsAvailable: parseListOrDefault(mutatorsAvailable, oathkeeperv1alpha1.DefaultMutatorsAvailable[:], oathkeeperv1alpha1.MutatorsAvailableEnv), + ErrorsAvailable: parseListOrDefault(errorsAvailable, oathkeeperv1alpha1.DefaultErrorsAvailable[:], oathkeeperv1alpha1.ErrorsAvailableEnv), } } From 0b094f24e7764cca9ff2745356e0813302c7e483 Mon Sep 17 00:00:00 2001 From: Leandro Batista Date: Tue, 25 Apr 2023 09:52:28 -0300 Subject: [PATCH 2/9] feat: including ability to handle errors handlers --- api/v1alpha1/rule_types_test.go | 66 ++++++++++++++++++++++++++++----- tests/integration/rules_test.go | 14 ++++++- tests/integration/validation.go | 5 ++- 3 files changed, 71 insertions(+), 14 deletions(-) diff --git a/api/v1alpha1/rule_types_test.go b/api/v1alpha1/rule_types_test.go index 8df0ed7..7e2511c 100644 --- a/api/v1alpha1/rule_types_test.go +++ b/api/v1alpha1/rule_types_test.go @@ -58,6 +58,14 @@ var ( ] } } + ], + "errors": [ + { + "handler": "handler1", + "config": { + "key1": "val1" + } + } ] }, { @@ -98,6 +106,18 @@ var ( { "handler": "noop" } + ], + "errors": [ + { + "handler": "handler2", + "config": { + "key1": [ + "val1", + "val2", + "val3" + ] + } + } ] }, { @@ -128,6 +148,24 @@ var ( { "handler": "noop" } + ], + "errors": [ + { + "handler": "handler1", + "config": { + "key1": "val1" + } + }, + { + "handler": "handler2", + "config": { + "key1": [ + "val1", + "val2", + "val3" + ] + } + } ] }, { @@ -212,7 +250,9 @@ func TestToOathkeeperRules(t *testing.T) { newBoolPtr(true), []*Authenticator{{h1}}, nil, - []*Mutator{{h1}, {h2}}) + []*Mutator{{h1}, {h2}}, + []*Error{{h1}}, + ) rule2 := newRule( "foo2", @@ -224,7 +264,8 @@ func TestToOathkeeperRules(t *testing.T) { newBoolPtr(false), []*Authenticator{{h1}, {h2}}, nil, - nil) + nil, + []*Error{{h2}}) rule3 := newRule( "foo3", @@ -236,7 +277,8 @@ func TestToOathkeeperRules(t *testing.T) { nil, nil, &Authorizer{h1}, - nil) + nil, + []*Error{{h1}, {h2}}) rule4 := newRule( "fooNoUpstream", @@ -248,6 +290,7 @@ func TestToOathkeeperRules(t *testing.T) { nil, nil, &Authorizer{h1}, + nil, nil) list.Items = []Rule{*rule1, *rule2, *rule3, *rule4} @@ -278,7 +321,7 @@ func TestToRuleJson(t *testing.T) { { "If no handlers have been specified, it should generate an ID and add default values for missing handlers", - newStaticRule(nil, nil, nil), + newStaticRule(nil, nil, nil, nil), func(r *RuleJSON) { assert.Equal(unauthorizedHandler, r.Authenticators[0].Handler) assert.Equal(denyHandler, r.Authorizer.Handler) @@ -287,7 +330,7 @@ func TestToRuleJson(t *testing.T) { }, { "If one handler type has been provided, it should generate an ID, rewrite the provided handler and add default values for missing handlers", - newStaticRule(nil, nil, []*Mutator{{testHandler}}), + newStaticRule(nil, nil, []*Mutator{{testHandler}}, nil), func(r *RuleJSON) { assert.Equal(unauthorizedHandler, r.Authenticators[0].Handler) assert.Equal(denyHandler, r.Authorizer.Handler) @@ -296,7 +339,7 @@ func TestToRuleJson(t *testing.T) { }, { "If all handler types are defined, it should generate an ID and rewrite the handlers", - newStaticRule([]*Authenticator{{testHandler}}, &Authorizer{testHandler}, []*Mutator{{testHandler}}), + newStaticRule([]*Authenticator{{testHandler}}, &Authorizer{testHandler}, []*Mutator{{testHandler}}, nil), func(r *RuleJSON) { assert.Equal(testHandler, r.Authenticators[0].Handler) assert.Equal(testHandler, r.Authorizer.Handler) @@ -305,13 +348,14 @@ func TestToRuleJson(t *testing.T) { }, { "if multiple authentication and/or mutation handlers have been provided, it should rewrite all of them", - newStaticRule([]*Authenticator{{testHandler}, {testHandler2}}, nil, []*Mutator{{testHandler}, {testHandler2}}), + newStaticRule([]*Authenticator{{testHandler}, {testHandler2}}, nil, []*Mutator{{testHandler}, {testHandler2}}, []*Error{{testHandler}}), func(r *RuleJSON) { assert.Equal(testHandler, r.Authenticators[0].Handler) assert.Equal(testHandler2, r.Authenticators[1].Handler) assert.Equal(testHandler, r.Mutators[0].Handler) assert.Equal(testHandler2, r.Mutators[1].Handler) assert.Equal(denyHandler, r.Authorizer.Handler) + assert.Equal(testHandler, r.Errors[0].Handler) }, }, } { @@ -351,6 +395,7 @@ func TestValidateWith(t *testing.T) { newBoolPtr(true), nil, nil, + nil, nil) var validationConfig = validation.Config{ @@ -424,11 +469,11 @@ func TestFilterNotValid(t *testing.T) { }) } -func newStaticRule(authenticators []*Authenticator, authorizer *Authorizer, mutators []*Mutator) *Rule { - return newRule("r1", "test", "", "", newStringPtr(""), nil, newBoolPtr(false), authenticators, authorizer, mutators) +func newStaticRule(authenticators []*Authenticator, authorizer *Authorizer, mutators []*Mutator, errors []*Error) *Rule { + return newRule("r1", "test", "", "", newStringPtr(""), nil, newBoolPtr(false), authenticators, authorizer, mutators, errors) } -func newRule(name, namespace, upstreamURL, matchURL string, stripURLPath, configMapName *string, preserveURLHost *bool, authenticators []*Authenticator, authorizer *Authorizer, mutators []*Mutator) *Rule { +func newRule(name, namespace, upstreamURL, matchURL string, stripURLPath, configMapName *string, preserveURLHost *bool, authenticators []*Authenticator, authorizer *Authorizer, mutators []*Mutator, errorrs []*Error) *Rule { spec := RuleSpec{ Upstream: &Upstream{ @@ -443,6 +488,7 @@ func newRule(name, namespace, upstreamURL, matchURL string, stripURLPath, config Authenticators: authenticators, Authorizer: authorizer, Mutators: mutators, + Errors: errorrs, ConfigMapName: configMapName, } diff --git a/tests/integration/rules_test.go b/tests/integration/rules_test.go index c42bb30..01cc849 100644 --- a/tests/integration/rules_test.go +++ b/tests/integration/rules_test.go @@ -418,7 +418,12 @@ func getRule1Json() string { } } } - ] + ], + "errors": [ + { + "handler": "redirect" + } + ] } } ` @@ -462,7 +467,12 @@ func getRule2Json() string { "aud": ["audience1", "audience2"] } } - ] + ], + "errors": [ + { + "handler": "redirect" + } + ] } } ` diff --git a/tests/integration/validation.go b/tests/integration/validation.go index 52e630b..74a0d73 100644 --- a/tests/integration/validation.go +++ b/tests/integration/validation.go @@ -15,7 +15,7 @@ import ( // `actual` is a representation of an entry from the ConfigMap handled by the Controller func validateRuleEquals(actual *json.Json, expected *json.Json) { Expect(actual).To(Equal(expected)) - expectOnlyKeys(actual, "id", "upstream", "match", "authenticators", "authorizer", "mutators") + expectOnlyKeys(actual, "id", "upstream", "match", "authenticators", "authorizer", "mutators", "errors") expectString(actual, "id") compareUpstreams(actual.Get("upstream"), expected.Get("upstream")) @@ -23,6 +23,7 @@ func validateRuleEquals(actual *json.Json, expected *json.Json) { compareHandlerArrays(actual.Get("authenticators"), expected.Get("authenticators")) compareHandlers(actual.Get("authorizer"), expected.Get("authorizer")) compareHandlerArrays(actual.Get("mutators"), expected.Get("mutators")) + compareHandlerArrays(actual.Get("errors"), expected.Get("errors")) } func compareUpstreams(actual *json.Json, expected *json.Json) { @@ -55,7 +56,7 @@ func compareHandlerArrays(actual *json.Json, expected *json.Json) { } -// Compares `handler` objects, a common type for `authenticators`, `authorizer`, and `mutator` configurations +// Compares `handler` objects, a common type for `authenticators`, `authorizer`, `mutator` and `errors` configurations // The object consists of two properties: `hander`:string` and `config`:object func compareHandlers(actual *json.Json, expected *json.Json) { //expected.SetPath( From bbba533384f48654e6b459eb47dfbd8c3e479bf7 Mon Sep 17 00:00:00 2001 From: Leandro Batista Date: Tue, 25 Apr 2023 10:56:17 -0300 Subject: [PATCH 3/9] formatting --- api/v1alpha1/defaults.go | 2 +- api/v1alpha1/groupversion_info.go | 2 +- api/v1alpha1/json.go | 2 +- api/v1alpha1/rule_json.go | 2 +- api/v1alpha1/rule_types.go | 2 +- api/v1alpha1/rule_types_test.go | 2 +- config/crd/bases/oathkeeper.ory.sh_rules.yaml | 269 ++++++++++-------- config/rbac/role.yaml | 65 +++-- controllers/operators.go | 2 +- controllers/rule_controller.go | 2 +- controllers/rule_controller_test.go | 2 +- internal/validation/validation.go | 2 +- internal/validation/validation_test.go | 2 +- main.go | 2 +- tests/integration/integration_suite_test.go | 2 +- tests/integration/retry.go | 2 +- tests/integration/rules_test.go | 2 +- tests/integration/validation.go | 2 +- 18 files changed, 203 insertions(+), 163 deletions(-) diff --git a/api/v1alpha1/defaults.go b/api/v1alpha1/defaults.go index e58728b..6283bf3 100644 --- a/api/v1alpha1/defaults.go +++ b/api/v1alpha1/defaults.go @@ -1,4 +1,4 @@ -// Copyright © 2022 Ory Corp +// Copyright © 2023 Ory Corp // SPDX-License-Identifier: Apache-2.0 package v1alpha1 diff --git a/api/v1alpha1/groupversion_info.go b/api/v1alpha1/groupversion_info.go index f013598..fd4ae2f 100644 --- a/api/v1alpha1/groupversion_info.go +++ b/api/v1alpha1/groupversion_info.go @@ -1,4 +1,4 @@ -// Copyright © 2022 Ory Corp +// Copyright © 2023 Ory Corp // SPDX-License-Identifier: Apache-2.0 // Package v1alpha1 contains API Schema definitions for the oathkeeper v1alpha1 API group diff --git a/api/v1alpha1/json.go b/api/v1alpha1/json.go index 8c8a9f6..76366f8 100644 --- a/api/v1alpha1/json.go +++ b/api/v1alpha1/json.go @@ -1,4 +1,4 @@ -// Copyright © 2022 Ory Corp +// Copyright © 2023 Ory Corp // SPDX-License-Identifier: Apache-2.0 package v1alpha1 diff --git a/api/v1alpha1/rule_json.go b/api/v1alpha1/rule_json.go index c7c7ac6..a9246f4 100644 --- a/api/v1alpha1/rule_json.go +++ b/api/v1alpha1/rule_json.go @@ -1,4 +1,4 @@ -// Copyright © 2022 Ory Corp +// Copyright © 2023 Ory Corp // SPDX-License-Identifier: Apache-2.0 package v1alpha1 diff --git a/api/v1alpha1/rule_types.go b/api/v1alpha1/rule_types.go index 485cb76..49b4182 100644 --- a/api/v1alpha1/rule_types.go +++ b/api/v1alpha1/rule_types.go @@ -1,4 +1,4 @@ -// Copyright © 2022 Ory Corp +// Copyright © 2023 Ory Corp // SPDX-License-Identifier: Apache-2.0 package v1alpha1 diff --git a/api/v1alpha1/rule_types_test.go b/api/v1alpha1/rule_types_test.go index 7e2511c..2545bac 100644 --- a/api/v1alpha1/rule_types_test.go +++ b/api/v1alpha1/rule_types_test.go @@ -1,4 +1,4 @@ -// Copyright © 2022 Ory Corp +// Copyright © 2023 Ory Corp // SPDX-License-Identifier: Apache-2.0 package v1alpha1 diff --git a/config/crd/bases/oathkeeper.ory.sh_rules.yaml b/config/crd/bases/oathkeeper.ory.sh_rules.yaml index cf3c838..6986e60 100644 --- a/config/crd/bases/oathkeeper.ory.sh_rules.yaml +++ b/config/crd/bases/oathkeeper.ory.sh_rules.yaml @@ -1,4 +1,3 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -16,137 +15,179 @@ spec: singular: rule scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Rule is the Schema for the rules API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RuleSpec defines the desired state of Rule - properties: - authenticators: - items: - description: Authenticator represents a handler that authenticates provided credentials. + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Rule is the Schema for the rules API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. + More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: RuleSpec defines the desired state of Rule + properties: + authenticators: + items: + description: + Authenticator represents a handler that authenticates + provided credentials. + properties: + config: + description: + Config configures the handler. Configuration keys vary + per handler. + type: object + x-kubernetes-preserve-unknown-fields: true + handler: + description: Name is the name of a handler + type: string + required: + - handler + type: object + type: array + authorizer: + description: + Authorizer represents a handler that authorizes the subject + ("user") from the previously validated credentials making + the request. properties: config: - description: Config configures the handler. Configuration keys vary per handler. + description: + Config configures the handler. Configuration keys vary + per handler. type: object x-kubernetes-preserve-unknown-fields: true handler: description: Name is the name of a handler type: string required: - - handler + - handler type: object - type: array - authorizer: - description: Authorizer represents a handler that authorizes the subject ("user") from the previously validated credentials making the request. - properties: - config: - description: Config configures the handler. Configuration keys vary per handler. + configMapName: + description: + ConfigMapName points to the K8s ConfigMap that contains + these rules + maxLength: 253 + minLength: 1 + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' + type: string + errors: + items: + description: + Error represents a handler that is responsible for + executing logic when an error happens. + properties: + config: + description: + Config configures the handler. Configuration keys vary + per handler. + type: object + x-kubernetes-preserve-unknown-fields: true + handler: + description: Name is the name of a handler + type: string + required: + - handler type: object - x-kubernetes-preserve-unknown-fields: true - handler: - description: Name is the name of a handler - type: string - required: - - handler - type: object - configMapName: - description: ConfigMapName points to the K8s ConfigMap that contains these rules - maxLength: 253 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - errors: - items: - description: Error represents a handler that is responsible for executing logic when an error happens. + type: array + match: + description: + Match defines the URL(s) that an access rule should match. properties: - config: - description: Config configures the handler. Configuration keys vary per handler. - type: object - x-kubernetes-preserve-unknown-fields: true - handler: - description: Name is the name of a handler + methods: + description: + Methods represent an array of HTTP methods (e.g. GET, + POST, PUT, DELETE, ...) + items: + type: string + type: array + url: + description: + URL is the URL that should be matched. It supports regex + templates. type: string required: - - handler + - methods + - url type: object - type: array - match: - description: Match defines the URL(s) that an access rule should match. - properties: - methods: - description: Methods represent an array of HTTP methods (e.g. GET, POST, PUT, DELETE, ...) - items: - type: string - type: array - url: - description: URL is the URL that should be matched. It supports regex templates. - type: string - required: - - methods - - url - type: object - mutators: - items: - description: Mutator represents a handler that transforms the HTTP request before forwarding it. + mutators: + items: + description: + Mutator represents a handler that transforms the HTTP + request before forwarding it. + properties: + config: + description: + Config configures the handler. Configuration keys vary + per handler. + type: object + x-kubernetes-preserve-unknown-fields: true + handler: + description: Name is the name of a handler + type: string + required: + - handler + type: object + type: array + upstream: + description: + Upstream represents the location of a server where requests + matching a rule should be forwarded to. properties: - config: - description: Config configures the handler. Configuration keys vary per handler. - type: object - x-kubernetes-preserve-unknown-fields: true - handler: - description: Name is the name of a handler + preserveHost: + description: + PreserveHost includes the host and port of the url value + if set to false. If true, the host and port of the ORY + Oathkeeper Proxy will be used instead. + type: boolean + stripPath: + description: + StripPath replaces the provided path prefix when + forwarding the requested URL to the upstream URL. + type: string + url: + description: + URL defines the target URL for incoming requests + maxLength: 256 + minLength: 3 + pattern: ^(?:https?:\/\/)?(?:[^@\/\n]+@)?(?:www\.)?([^:\/\n]+) type: string required: - - handler + - url + type: object + required: + - match + type: object + status: + description: RuleStatus defines the observed state of Rule + properties: + validation: + description: Validation defines the validation state of Rule + properties: + valid: + type: boolean + validationError: + type: string type: object - type: array - upstream: - description: Upstream represents the location of a server where requests matching a rule should be forwarded to. - properties: - preserveHost: - description: PreserveHost includes the host and port of the url value if set to false. If true, the host and port of the ORY Oathkeeper Proxy will be used instead. - type: boolean - stripPath: - description: StripPath replaces the provided path prefix when forwarding the requested URL to the upstream URL. - type: string - url: - description: URL defines the target URL for incoming requests - maxLength: 256 - minLength: 3 - pattern: ^(?:https?:\/\/)?(?:[^@\/\n]+@)?(?:www\.)?([^:\/\n]+) - type: string - required: - - url - type: object - required: - - match - type: object - status: - description: RuleStatus defines the observed state of Rule - properties: - validation: - description: Validation defines the validation state of Rule - properties: - valid: - type: boolean - validationError: - type: string - type: object - type: object - type: object - served: true - storage: true + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 55b7b30..b94626d 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -1,4 +1,3 @@ - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -6,35 +5,35 @@ metadata: creationTimestamp: null name: manager-role rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - oathkeeper.ory.sh - resources: - - rules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - oathkeeper.ory.sh - resources: - - rules/status - verbs: - - get - - patch - - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - oathkeeper.ory.sh + resources: + - rules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - oathkeeper.ory.sh + resources: + - rules/status + verbs: + - get + - patch + - update diff --git a/controllers/operators.go b/controllers/operators.go index 32e5dbd..e8b5b25 100644 --- a/controllers/operators.go +++ b/controllers/operators.go @@ -1,4 +1,4 @@ -// Copyright © 2022 Ory Corp +// Copyright © 2023 Ory Corp // SPDX-License-Identifier: Apache-2.0 package controllers diff --git a/controllers/rule_controller.go b/controllers/rule_controller.go index 0ff2e2e..17c5230 100644 --- a/controllers/rule_controller.go +++ b/controllers/rule_controller.go @@ -1,4 +1,4 @@ -// Copyright © 2022 Ory Corp +// Copyright © 2023 Ory Corp // SPDX-License-Identifier: Apache-2.0 package controllers diff --git a/controllers/rule_controller_test.go b/controllers/rule_controller_test.go index 07e9e12..eba081b 100644 --- a/controllers/rule_controller_test.go +++ b/controllers/rule_controller_test.go @@ -1,4 +1,4 @@ -// Copyright © 2022 Ory Corp +// Copyright © 2023 Ory Corp // SPDX-License-Identifier: Apache-2.0 package controllers diff --git a/internal/validation/validation.go b/internal/validation/validation.go index ee0c51e..f9c953f 100644 --- a/internal/validation/validation.go +++ b/internal/validation/validation.go @@ -1,4 +1,4 @@ -// Copyright © 2022 Ory Corp +// Copyright © 2023 Ory Corp // SPDX-License-Identifier: Apache-2.0 package validation diff --git a/internal/validation/validation_test.go b/internal/validation/validation_test.go index 652350b..c5d5913 100644 --- a/internal/validation/validation_test.go +++ b/internal/validation/validation_test.go @@ -1,4 +1,4 @@ -// Copyright © 2022 Ory Corp +// Copyright © 2023 Ory Corp // SPDX-License-Identifier: Apache-2.0 package validation diff --git a/main.go b/main.go index 68a0d09..b02c426 100644 --- a/main.go +++ b/main.go @@ -1,4 +1,4 @@ -// Copyright © 2022 Ory Corp +// Copyright © 2023 Ory Corp // SPDX-License-Identifier: Apache-2.0 package main diff --git a/tests/integration/integration_suite_test.go b/tests/integration/integration_suite_test.go index ff6fcc9..ecf0ac2 100644 --- a/tests/integration/integration_suite_test.go +++ b/tests/integration/integration_suite_test.go @@ -1,4 +1,4 @@ -// Copyright © 2022 Ory Corp +// Copyright © 2023 Ory Corp // SPDX-License-Identifier: Apache-2.0 package integration diff --git a/tests/integration/retry.go b/tests/integration/retry.go index 1642858..e7c3b4b 100644 --- a/tests/integration/retry.go +++ b/tests/integration/retry.go @@ -1,4 +1,4 @@ -// Copyright © 2022 Ory Corp +// Copyright © 2023 Ory Corp // SPDX-License-Identifier: Apache-2.0 package integration diff --git a/tests/integration/rules_test.go b/tests/integration/rules_test.go index 01cc849..21fe390 100644 --- a/tests/integration/rules_test.go +++ b/tests/integration/rules_test.go @@ -1,4 +1,4 @@ -// Copyright © 2022 Ory Corp +// Copyright © 2023 Ory Corp // SPDX-License-Identifier: Apache-2.0 package integration diff --git a/tests/integration/validation.go b/tests/integration/validation.go index 74a0d73..f81347c 100644 --- a/tests/integration/validation.go +++ b/tests/integration/validation.go @@ -1,4 +1,4 @@ -// Copyright © 2022 Ory Corp +// Copyright © 2023 Ory Corp // SPDX-License-Identifier: Apache-2.0 package integration From af7397b259be9558361d8c84e6f799184ba2e182 Mon Sep 17 00:00:00 2001 From: Leandro Batista Date: Tue, 25 Apr 2023 11:17:28 -0300 Subject: [PATCH 4/9] fixing vulnerabilities --- go.mod | 6 ++++-- go.sum | 38 ++++++++++++++++++++++++++++---------- 2 files changed, 32 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 0a29b20..a74f184 100644 --- a/go.mod +++ b/go.mod @@ -11,8 +11,10 @@ require ( github.com/onsi/ginkgo v1.16.4 github.com/onsi/gomega v1.10.2 github.com/stretchr/testify v1.6.1 - golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f // indirect - gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect + golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b // indirect + golang.org/x/term v0.5.0 // indirect + golang.org/x/text v0.3.8 // indirect + gopkg.in/yaml.v3 v3.0.0-20220521103104-8f96da9f5d5e // indirect k8s.io/api v0.20.2 k8s.io/apimachinery v0.20.2 k8s.io/client-go v0.20.2 diff --git a/go.sum b/go.sum index 885adc5..e08838a 100644 --- a/go.sum +++ b/go.sum @@ -374,6 +374,7 @@ github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= @@ -406,8 +407,9 @@ golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f h1:aZp0e2vLN4MToVqnjNEYEtrEA8RH8U8FN1CU7JgqsPU= -golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b h1:Qwe1rC8PSniVfAFPFJeyUkB+zcysC3RgJBAGk7eqBEU= +golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -438,8 +440,9 @@ golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -476,8 +479,13 @@ golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210525063256-abc453219eb5 h1:wjuX4b5yYQnEQHzd+CBcrcC6OVR2J1CN6mUy0oSxIPo= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b h1:PxfKdU9lEEDYjdIzOtC4qFWgkU2rGHdKlKowJSMN9h0= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -495,6 +503,7 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -514,7 +523,6 @@ golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -539,19 +547,26 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8 h1:nAL+RVCQ9uMn3vJZbV+MRnydTJFPf8qqY42YiA6MrqY= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -611,8 +626,9 @@ golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a h1:CB3a9Nez8M13wwlr/E2YtwoU+qYHKfC+JrDa45RXXoQ= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -714,6 +730,8 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20220521103104-8f96da9f5d5e h1:3i3ny04XV6HbZ2N1oIBw1UBYATHAOpo4tfTF83JM3Z0= +gopkg.in/yaml.v3 v3.0.0-20220521103104-8f96da9f5d5e/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= From 3967310b7f31e7f0a23c7d258d0e59762d22c68f Mon Sep 17 00:00:00 2001 From: Leandro Batista Date: Tue, 25 Apr 2023 11:28:25 -0300 Subject: [PATCH 5/9] updating modules --- go.mod | 4 +--- go.sum | 31 +++++++++++++++++-------------- 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index a74f184..da796ee 100644 --- a/go.mod +++ b/go.mod @@ -11,9 +11,7 @@ require ( github.com/onsi/ginkgo v1.16.4 github.com/onsi/gomega v1.10.2 github.com/stretchr/testify v1.6.1 - golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b // indirect - golang.org/x/term v0.5.0 // indirect - golang.org/x/text v0.3.8 // indirect + golang.org/x/crypto v0.8.0 // indirect gopkg.in/yaml.v3 v3.0.0-20220521103104-8f96da9f5d5e // indirect k8s.io/api v0.20.2 k8s.io/apimachinery v0.20.2 diff --git a/go.sum b/go.sum index e08838a..26eab62 100644 --- a/go.sum +++ b/go.sum @@ -408,8 +408,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b h1:Qwe1rC8PSniVfAFPFJeyUkB+zcysC3RgJBAGk7eqBEU= -golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ= +golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -441,8 +441,9 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -481,11 +482,10 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b h1:PxfKdU9lEEDYjdIzOtC4qFWgkU2rGHdKlKowJSMN9h0= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM= +golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -504,6 +504,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -551,12 +552,14 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= +golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ= +golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -565,8 +568,9 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8 h1:nAL+RVCQ9uMn3vJZbV+MRnydTJFPf8qqY42YiA6MrqY= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -627,8 +631,9 @@ golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -728,8 +733,6 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20220521103104-8f96da9f5d5e h1:3i3ny04XV6HbZ2N1oIBw1UBYATHAOpo4tfTF83JM3Z0= gopkg.in/yaml.v3 v3.0.0-20220521103104-8f96da9f5d5e/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= From 1b3110d44195d3cb0fb182d683fd8a6b33983b08 Mon Sep 17 00:00:00 2001 From: Leandro Batista Date: Tue, 25 Apr 2023 11:42:06 -0300 Subject: [PATCH 6/9] bumping dockerfile go version --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 78716c5..1b42d8f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.16 as builder +FROM golang:1.17 as builder WORKDIR /go/src/app COPY . . RUN apt update &&\ From 3e51ef2018a45d46b81167d3066f121da49f131b Mon Sep 17 00:00:00 2001 From: Leandro Batista Date: Tue, 25 Apr 2023 12:10:34 -0300 Subject: [PATCH 7/9] upgrading circle-ci go version --- .circleci/config.yml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 150928f..f33a91c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -15,7 +15,7 @@ kube-builder: &install-kube-builder sudo mv /tmp/kubebuilder_2.3.2_${os}_${arch} /usr/local/kubebuilder export PATH=$PATH:/usr/local/kubebuilder/bin golaing_image: &golang_image - image: circleci/golang:1.16.12 + image: circleci/golang:1.17.5 version: 2 jobs: build: @@ -44,8 +44,8 @@ jobs: name: Update golang command: | sudo rm -rf /usr/local/go/ - curl -LO https://go.dev/dl/go1.16.12.linux-amd64.tar.gz - sudo tar -C /usr/local -xzf go1.16.12.linux-amd64.tar.gz + curl -LO https://go.dev/dl/go1.17.5.linux-amd64.tar.gz + sudo tar -C /usr/local -xzf go1.17.5.linux-amd64.tar.gz sudo echo "export PATH=$PATH:/usr/local/go/bin" >> $HOME/.profile go version - run: @@ -98,8 +98,7 @@ jobs: - checkout - run: gem install github_changelog_generator -v 1.14.3 - run: sudo npm i -g doctoc - - run: - github_changelog_generator -u ory -p oathkeeper-maester -o + - run: github_changelog_generator -u ory -p oathkeeper-maester -o CHANGELOG.md --token $GITHUB_TOKEN - run: doctoc CHANGELOG.md - run: doctoc README.md @@ -110,8 +109,7 @@ jobs: - run: | git commit -a -m "docs: Incorporates changes from version $(git describe --tags)" || true - run: git remote rm origin - - run: - git remote add origin + - run: git remote add origin https://arekkas:$GITHUB_TOKEN@github.com/ory/oathkeeper-maester.git - run: git push origin HEAD:master || true From 6fbc8f264ff8c7ea1f64e41c6492b919c78adcdb Mon Sep 17 00:00:00 2001 From: Leandro Batista Date: Tue, 25 Apr 2023 12:18:47 -0300 Subject: [PATCH 8/9] formatting --- .circleci/config.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f33a91c..c51ed24 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -98,7 +98,8 @@ jobs: - checkout - run: gem install github_changelog_generator -v 1.14.3 - run: sudo npm i -g doctoc - - run: github_changelog_generator -u ory -p oathkeeper-maester -o + - run: + github_changelog_generator -u ory -p oathkeeper-maester -o CHANGELOG.md --token $GITHUB_TOKEN - run: doctoc CHANGELOG.md - run: doctoc README.md @@ -109,7 +110,8 @@ jobs: - run: | git commit -a -m "docs: Incorporates changes from version $(git describe --tags)" || true - run: git remote rm origin - - run: git remote add origin + - run: + git remote add origin https://arekkas:$GITHUB_TOKEN@github.com/ory/oathkeeper-maester.git - run: git push origin HEAD:master || true From 714551191c9789bc3ae0d89f3a0f5ad185f8f919 Mon Sep 17 00:00:00 2001 From: Leandro Batista Date: Tue, 25 Apr 2023 16:59:44 -0300 Subject: [PATCH 9/9] chore: using embed to handle json test files and fixing variable name --- .prettierignore | 2 + api/v1alpha1/rule_types_test.go | 213 ++----------------------- api/v1alpha1/tests/rules.json | 184 +++++++++++++++++++++ api/v1alpha1/tests/sample_config.json | 3 + api/v1alpha1/tests/sample_config2.json | 7 + tests/integration/files/rule1.json | 44 +++++ tests/integration/files/rule2.json | 56 +++++++ tests/integration/rules_test.go | 105 ++---------- 8 files changed, 317 insertions(+), 297 deletions(-) create mode 100644 api/v1alpha1/tests/rules.json create mode 100644 api/v1alpha1/tests/sample_config.json create mode 100644 api/v1alpha1/tests/sample_config2.json create mode 100644 tests/integration/files/rule1.json create mode 100644 tests/integration/files/rule2.json diff --git a/.prettierignore b/.prettierignore index 0b3b095..3440e8f 100644 --- a/.prettierignore +++ b/.prettierignore @@ -1,3 +1,5 @@ CHANGELOG.md CONTRIBUTING.md .github/pull_request_template.md +api/v1alpha1/tests/* +tests/integration/files/* \ No newline at end of file diff --git a/api/v1alpha1/rule_types_test.go b/api/v1alpha1/rule_types_test.go index 2545bac..8e18208 100644 --- a/api/v1alpha1/rule_types_test.go +++ b/api/v1alpha1/rule_types_test.go @@ -4,6 +4,7 @@ package v1alpha1 import ( + _ "embed" "fmt" "testing" @@ -14,206 +15,14 @@ import ( "k8s.io/apimachinery/pkg/runtime" ) -var ( - template = `[ - { - "upstream": { - "url": "http://my-backend-service1", - "strip_path": "/api/v1", - "preserve_host": true - }, - "id": "foo1.default", - "match": { - "url": "http://my-app/some-route1<.*>", - "methods": [ - "GET", - "POST" - ] - }, - "authenticators": [ - { - "handler": "handler1", - "config": { - "key1": "val1" - } - } - ], - "authorizer": { - "handler": "deny" - }, - "mutators": [ - { - "handler": "handler1", - "config": { - "key1": "val1" - } - }, - { - "handler": "handler2", - "config": { - "key1": [ - "val1", - "val2", - "val3" - ] - } - } - ], - "errors": [ - { - "handler": "handler1", - "config": { - "key1": "val1" - } - } - ] - }, - { - "upstream": { - "url": "http://my-backend-service2", - "preserve_host": false - }, - "id": "foo2.default", - "match": { - "url": "http://my-app/some-route2", - "methods": [ - "GET", - "POST" - ] - }, - "authenticators": [ - { - "handler": "handler1", - "config": { - "key1": "val1" - } - }, - { - "handler": "handler2", - "config": { - "key1": [ - "val1", - "val2", - "val3" - ] - } - } - ], - "authorizer": { - "handler": "deny" - }, - "mutators": [ - { - "handler": "noop" - } - ], - "errors": [ - { - "handler": "handler2", - "config": { - "key1": [ - "val1", - "val2", - "val3" - ] - } - } - ] - }, - { - "upstream": { - "url": "http://my-backend-service3", - "preserve_host": false - }, - "id": "foo3.default", - "match": { - "url": "http://my-app/some-route3", - "methods": [ - "GET", - "POST" - ] - }, - "authenticators": [ - { - "handler": "unauthorized" - } - ], - "authorizer": { - "handler": "handler1", - "config": { - "key1": "val1" - } - }, - "mutators": [ - { - "handler": "noop" - } - ], - "errors": [ - { - "handler": "handler1", - "config": { - "key1": "val1" - } - }, - { - "handler": "handler2", - "config": { - "key1": [ - "val1", - "val2", - "val3" - ] - } - } - ] - }, - { - "upstream": { - "url": "", - "preserve_host": false - }, - "id": "fooNoUpstream.default", - "match": { - "url": "http://my-app/some-route3", - "methods": [ - "GET", - "POST" - ] - }, - "authenticators": [ - { - "handler": "unauthorized" - } - ], - "authorizer": { - "handler": "handler1", - "config": { - "key1": "val1" - } - }, - "mutators": [ - { - "handler": "noop" - } - ] - } -]` - - sampleConfig = `{ - "key1": "val1" -} -` - - sampleConfig2 = `{ - "key1": [ - "val1", - "val2", - "val3" - ] -} -` -) +//go:embed tests/rules.json +var template string + +//go:embed tests/sample_config.json +var sampleConfig string + +//go:embed tests/sample_config2.json +var sampleConfig2 string func TestToOathkeeperRules(t *testing.T) { @@ -473,7 +282,7 @@ func newStaticRule(authenticators []*Authenticator, authorizer *Authorizer, muta return newRule("r1", "test", "", "", newStringPtr(""), nil, newBoolPtr(false), authenticators, authorizer, mutators, errors) } -func newRule(name, namespace, upstreamURL, matchURL string, stripURLPath, configMapName *string, preserveURLHost *bool, authenticators []*Authenticator, authorizer *Authorizer, mutators []*Mutator, errorrs []*Error) *Rule { +func newRule(name, namespace, upstreamURL, matchURL string, stripURLPath, configMapName *string, preserveURLHost *bool, authenticators []*Authenticator, authorizer *Authorizer, mutators []*Mutator, errors []*Error) *Rule { spec := RuleSpec{ Upstream: &Upstream{ @@ -488,7 +297,7 @@ func newRule(name, namespace, upstreamURL, matchURL string, stripURLPath, config Authenticators: authenticators, Authorizer: authorizer, Mutators: mutators, - Errors: errorrs, + Errors: errors, ConfigMapName: configMapName, } diff --git a/api/v1alpha1/tests/rules.json b/api/v1alpha1/tests/rules.json new file mode 100644 index 0000000..6527fb2 --- /dev/null +++ b/api/v1alpha1/tests/rules.json @@ -0,0 +1,184 @@ +[ + { + "upstream": { + "url": "http://my-backend-service1", + "strip_path": "/api/v1", + "preserve_host": true + }, + "id": "foo1.default", + "match": { + "url": "http://my-app/some-route1<.*>", + "methods": [ + "GET", + "POST" + ] + }, + "authenticators": [ + { + "handler": "handler1", + "config": { + "key1": "val1" + } + } + ], + "authorizer": { + "handler": "deny" + }, + "mutators": [ + { + "handler": "handler1", + "config": { + "key1": "val1" + } + }, + { + "handler": "handler2", + "config": { + "key1": [ + "val1", + "val2", + "val3" + ] + } + } + ], + "errors": [ + { + "handler": "handler1", + "config": { + "key1": "val1" + } + } + ] + }, + { + "upstream": { + "url": "http://my-backend-service2", + "preserve_host": false + }, + "id": "foo2.default", + "match": { + "url": "http://my-app/some-route2", + "methods": [ + "GET", + "POST" + ] + }, + "authenticators": [ + { + "handler": "handler1", + "config": { + "key1": "val1" + } + }, + { + "handler": "handler2", + "config": { + "key1": [ + "val1", + "val2", + "val3" + ] + } + } + ], + "authorizer": { + "handler": "deny" + }, + "mutators": [ + { + "handler": "noop" + } + ], + "errors": [ + { + "handler": "handler2", + "config": { + "key1": [ + "val1", + "val2", + "val3" + ] + } + } + ] + }, + { + "upstream": { + "url": "http://my-backend-service3", + "preserve_host": false + }, + "id": "foo3.default", + "match": { + "url": "http://my-app/some-route3", + "methods": [ + "GET", + "POST" + ] + }, + "authenticators": [ + { + "handler": "unauthorized" + } + ], + "authorizer": { + "handler": "handler1", + "config": { + "key1": "val1" + } + }, + "mutators": [ + { + "handler": "noop" + } + ], + "errors": [ + { + "handler": "handler1", + "config": { + "key1": "val1" + } + }, + { + "handler": "handler2", + "config": { + "key1": [ + "val1", + "val2", + "val3" + ] + } + } + ] + }, + { + "upstream": { + "url": "", + "preserve_host": false + }, + "id": "fooNoUpstream.default", + "match": { + "url": "http://my-app/some-route3", + "methods": [ + "GET", + "POST" + ] + }, + "authenticators": [ + { + "handler": "unauthorized" + } + ], + "authorizer": { + "handler": "handler1", + "config": { + "key1": "val1" + } + }, + "mutators": [ + { + "handler": "noop" + } + ] + } +] \ No newline at end of file diff --git a/api/v1alpha1/tests/sample_config.json b/api/v1alpha1/tests/sample_config.json new file mode 100644 index 0000000..d2d93be --- /dev/null +++ b/api/v1alpha1/tests/sample_config.json @@ -0,0 +1,3 @@ +{ + "key1": "val1" +} \ No newline at end of file diff --git a/api/v1alpha1/tests/sample_config2.json b/api/v1alpha1/tests/sample_config2.json new file mode 100644 index 0000000..eee659c --- /dev/null +++ b/api/v1alpha1/tests/sample_config2.json @@ -0,0 +1,7 @@ +{ + "key1": [ + "val1", + "val2", + "val3" + ] +} \ No newline at end of file diff --git a/tests/integration/files/rule1.json b/tests/integration/files/rule1.json new file mode 100644 index 0000000..99f74ab --- /dev/null +++ b/tests/integration/files/rule1.json @@ -0,0 +1,44 @@ +{ + "apiVersion": "oathkeeper.ory.sh/v1alpha1", + "kind": "Rule", + "metadata": { + "name": "test-rule-1" + }, + "spec": { + "match": { + "methods": [ + "GET", + "POST" + ], + "url": "http://gh.ij" + }, + "upstream": { + "preserveHost": false, + "url": "http://abc.def" + }, + "authenticators": [ + { + "handler": "anonymous" + } + ], + "authorizer": { + "handler": "allow" + }, + "mutators": [ + { + "handler": "header", + "config": { + "headers": { + "X-User": "{{ print .Subject }}", + "X-Some-Arbitrary-Data": "{{ print .Extra.some.arbitrary.data }}" + } + } + } + ], + "errors": [ + { + "handler": "redirect" + } + ] + } +} \ No newline at end of file diff --git a/tests/integration/files/rule2.json b/tests/integration/files/rule2.json new file mode 100644 index 0000000..fe54e81 --- /dev/null +++ b/tests/integration/files/rule2.json @@ -0,0 +1,56 @@ +{ + "apiVersion": "oathkeeper.ory.sh/v1alpha1", + "kind": "Rule", + "metadata": { + "name": "test-rule-2" + }, + "spec": { + "match": { + "methods": [ + "POST", + "PUT" + ], + "url": "http://xyz.com" + }, + "upstream": { + "url": "http://abcde.fgh" + }, + "authenticators": [ + { + "handler": "oauth2_client_credentials", + "config": { + "required_scope": [ + "scope-a", + "scope-b" + ] + } + }, + { + "handler": "anonymous" + } + ], + "authorizer": { + "handler": "keto_engine_acp_ory", + "config": { + "required_action": "my:action:1234", + "required_resource": "my:resource:foobar:foo:1234" + } + }, + "mutators": [ + { + "handler": "id_token", + "config": { + "aud": [ + "audience1", + "audience2" + ] + } + } + ], + "errors": [ + { + "handler": "redirect" + } + ] + } +} \ No newline at end of file diff --git a/tests/integration/rules_test.go b/tests/integration/rules_test.go index 21fe390..bc91431 100644 --- a/tests/integration/rules_test.go +++ b/tests/integration/rules_test.go @@ -5,6 +5,7 @@ package integration import ( "context" + _ "embed" "errors" "fmt" "k8s.io/client-go/rest" @@ -40,6 +41,12 @@ var ( ruleResource schema.GroupVersionResource = schema.GroupVersionResource{Group: oathkeeperv1alpha1.GroupVersion.Group, Version: oathkeeperv1alpha1.GroupVersion.Version, Resource: "rules"} ) +//go:embed files/rule1.json +var rule1 string + +//go:embed files/rule2.json +var rule2 string + var _ = BeforeSuite(func() { //Create namespace _, err := createNamespace(namespaceName, k8sClient) @@ -60,7 +67,7 @@ var _ = Describe("Oathkeeper controller", func() { By("create a valid ConfigMap from a single Rule") //Given - rule, err := getRule(getRule1Json()) + rule, err := getRule(rule1) Expect(err).To(BeNil()) Expect(rule).ToNot(BeNil()) @@ -75,7 +82,7 @@ var _ = Describe("Oathkeeper controller", func() { By("add an entry to the ConfigMap after adding another Rule") //Given - rule, err = getRule(getRule2Json()) + rule, err = getRule(rule2) Expect(err).To(BeNil()) Expect(rule).ToNot(BeNil()) @@ -114,7 +121,7 @@ var _ = Describe("Oathkeeper controller", func() { time.Sleep(3 * time.Second) //Then - rule, err = getRule(getRule1Json()) + rule, err = getRule(rule1) Expect(err).To(BeNil()) rulesArray, validateErr = validateConfigMapContains(rule) @@ -385,95 +392,3 @@ func getTargetMapName() string { return res } - -func getRule1Json() string { - return `{ - "apiVersion": "oathkeeper.ory.sh/v1alpha1", - "kind": "Rule", - "metadata": { - "name": "test-rule-1" - }, - "spec": { - "match": { - "methods": ["GET", "POST"], - "url": "http://gh.ij" - }, - "upstream": { - "preserveHost": false, - "url": "http://abc.def" - }, - "authenticators": [ - {"handler": "anonymous"} - ], - "authorizer": { - "handler": "allow" - }, - "mutators": [ - { - "handler": "header", - "config": { - "headers": { - "X-User": "{{ print .Subject }}", - "X-Some-Arbitrary-Data": "{{ print .Extra.some.arbitrary.data }}" - } - } - } - ], - "errors": [ - { - "handler": "redirect" - } - ] - } - } - ` -} - -func getRule2Json() string { - return `{ - "apiVersion": "oathkeeper.ory.sh/v1alpha1", - "kind": "Rule", - "metadata": { - "name": "test-rule-2" - }, - "spec": { - "match": { - "methods": ["POST", "PUT"], - "url": "http://xyz.com" - }, - "upstream": { - "url": "http://abcde.fgh" - }, - "authenticators": [ - { - "handler": "oauth2_client_credentials", - "config": { - "required_scope": ["scope-a", "scope-b"] - } - }, - {"handler": "anonymous"} - ], - "authorizer": { - "handler": "keto_engine_acp_ory", - "config": { - "required_action": "my:action:1234", - "required_resource": "my:resource:foobar:foo:1234" - } - }, - "mutators": [ - { - "handler": "id_token", - "config": { - "aud": ["audience1", "audience2"] - } - } - ], - "errors": [ - { - "handler": "redirect" - } - ] - } - } - ` -}