From 76022ecb0b416a24124a74677e1fa51e0c60f6d2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Feb 2025 22:39:11 -0800 Subject: [PATCH 1/9] chore(deps): bump the go-deps group across 1 directory with 6 updates (#701) Bumps the go-deps group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.8.0` | `1.8.2` | | [github.com/Azure/go-autorest/autorest](https://github.com/Azure/go-autorest) | `0.11.29` | `0.11.30` | | [github.com/Azure/go-autorest/autorest/to](https://github.com/Azure/go-autorest) | `0.4.0` | `0.4.1` | | [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) | `10.23.0` | `10.25.0` | | [github.com/samber/lo](https://github.com/samber/lo) | `1.47.0` | `1.49.1` | Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.8.0 to 1.8.2 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.8.0...sdk/azidentity/v1.8.2) Updates `github.com/Azure/go-autorest/autorest` from 0.11.29 to 0.11.30 - [Release notes](https://github.com/Azure/go-autorest/releases) - [Changelog](https://github.com/Azure/go-autorest/blob/main/CHANGELOG.md) - [Commits](https://github.com/Azure/go-autorest/compare/autorest/v0.11.29...autorest/v0.11.30) Updates `github.com/Azure/go-autorest/autorest/to` from 0.4.0 to 0.4.1 - [Release notes](https://github.com/Azure/go-autorest/releases) - [Changelog](https://github.com/Azure/go-autorest/blob/main/CHANGELOG.md) - [Commits](https://github.com/Azure/go-autorest/compare/tracing/v0.4.0...autorest/to/v0.4.1) Updates `github.com/go-playground/validator/v10` from 10.23.0 to 10.25.0 - [Release notes](https://github.com/go-playground/validator/releases) - [Commits](https://github.com/go-playground/validator/compare/v10.23.0...v10.25.0) Updates `github.com/samber/lo` from 1.47.0 to 1.49.1 - [Release notes](https://github.com/samber/lo/releases) - [Commits](https://github.com/samber/lo/compare/v1.47.0...v1.49.1) Updates `golang.org/x/sync` from 0.10.0 to 0.11.0 - [Commits](https://github.com/golang/sync/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/Azure/go-autorest/autorest dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/Azure/go-autorest/autorest/to dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/go-playground/validator/v10 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/samber/lo dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 26 ++++++++++++------------- go.sum | 61 +++++++++++++++++++++++++++++----------------------------- 2 files changed, 43 insertions(+), 44 deletions(-) diff --git a/go.mod b/go.mod index 399e18867..5089eed42 100644 --- a/go.mod +++ b/go.mod @@ -7,13 +7,13 @@ require ( github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/azure-sdk-for-go-extensions v0.1.8 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute v1.0.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.1.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0 - github.com/Azure/go-autorest/autorest v0.11.29 - github.com/Azure/go-autorest/autorest/to v0.4.0 + github.com/Azure/go-autorest/autorest v0.11.30 + github.com/Azure/go-autorest/autorest/to v0.4.1 github.com/Azure/skewer v0.0.19 github.com/Pallinder/go-randomdata v1.2.0 github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 @@ -26,7 +26,7 @@ require ( github.com/go-openapi/strfmt v0.23.0 github.com/go-openapi/swag v0.23.0 github.com/go-openapi/validate v0.24.0 - github.com/go-playground/validator/v10 v10.23.0 + github.com/go-playground/validator/v10 v10.25.0 github.com/google/go-cmp v0.6.0 github.com/imdario/mergo v0.3.16 github.com/jongio/azidext/go/azidext v0.5.0 @@ -35,11 +35,11 @@ require ( github.com/onsi/gomega v1.36.2 github.com/patrickmn/go-cache v2.1.0+incompatible github.com/prometheus/client_golang v1.20.5 - github.com/samber/lo v1.47.0 + github.com/samber/lo v1.49.1 github.com/stretchr/testify v1.10.0 go.uber.org/multierr v1.11.0 go.uber.org/zap v1.27.0 - golang.org/x/sync v0.10.0 + golang.org/x/sync v0.11.0 gopkg.in/yaml.v2 v2.4.0 k8s.io/api v0.30.3 k8s.io/apiextensions-apiserver v0.30.3 @@ -73,7 +73,7 @@ require ( github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/avast/retry-go v3.0.0+incompatible // indirect github.com/beorn7/perks v1.0.1 // indirect @@ -86,7 +86,7 @@ require ( github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/gabriel-vasile/mimetype v1.4.3 // indirect + github.com/gabriel-vasile/mimetype v1.4.8 // indirect github.com/go-kit/log v0.2.1 // indirect github.com/go-logfmt/logfmt v0.6.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect @@ -142,13 +142,13 @@ require ( go.opentelemetry.io/otel/trace v1.24.0 // indirect go.uber.org/automaxprocs v1.5.3 // indirect go.uber.org/mock v0.4.0 // indirect - golang.org/x/crypto v0.32.0 // indirect + golang.org/x/crypto v0.33.0 // indirect golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa // indirect - golang.org/x/net v0.34.0 // indirect + golang.org/x/net v0.35.0 // indirect golang.org/x/oauth2 v0.22.0 // indirect - golang.org/x/sys v0.29.0 // indirect - golang.org/x/term v0.28.0 // indirect - golang.org/x/text v0.21.0 // indirect + golang.org/x/sys v0.30.0 // indirect + golang.org/x/term v0.29.0 // indirect + golang.org/x/text v0.22.0 // indirect golang.org/x/time v0.6.0 // indirect golang.org/x/tools v0.28.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 66f5b2476..f226cd16c 100644 --- a/go.sum +++ b/go.sum @@ -43,10 +43,10 @@ github.com/Azure/azure-sdk-for-go-extensions v0.1.8 h1:x8Vu78C4r8mh6V2yQKQRSWLU+ github.com/Azure/azure-sdk-for-go-extensions v0.1.8/go.mod h1:4su5NjJwhqFH2B/5zJSKOz7hazfr2y38Iu6W4ZK0HYA= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 h1:g0EZJwz7xkXQiZAI5xi9f3WWFYBlX1CPTrR+NDToRkQ= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0/go.mod h1:XCW7KnZet0Opnr7HccfUw1PLc4CjHqpcaxW8DHklNkQ= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI= -github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw= -github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2 h1:F0gBpfdPLGsw+nsgk6aqqkZS1jiixa5WwFe3fk/T3Ys= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2/go.mod h1:SqINnQ9lVVdRlyC8cd1lCI0SdX4n2paeABd2K8ggfnE= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0 h1:xnO4sFyG8UH2fElBkcqLTOZsAajvKfnSlgBBW8dXYjw= @@ -85,8 +85,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.5.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.5.0/go.mod h1:T5RfihdXtBDxt1Ch2wobif3TvzTdumDy29kahv6AV9A= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw= -github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs= +github.com/Azure/go-autorest/autorest v0.11.30 h1:iaZ1RGz/ALZtN5eq4Nr1SOFSlf2E4pDI3Tcsl+dZPVE= +github.com/Azure/go-autorest/autorest v0.11.30/go.mod h1:t1kpPIOpIVX7annvothKvb0stsrXa37i7b+xpmBW8Fs= github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= github.com/Azure/go-autorest/autorest/adal v0.9.24 h1:BHZfgGsGwdkHDyZdtQRQk1WeUdW0m2WPAwuHZwUi5i4= github.com/Azure/go-autorest/autorest/adal v0.9.24/go.mod h1:7T1+g0PYFmACYW5LlG2fcoPiPlFHjClyRGL7dRlP5c8= @@ -95,8 +95,8 @@ github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSY github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw= github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= -github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk= -github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= +github.com/Azure/go-autorest/autorest/to v0.4.1 h1:CxNHBqdzTr7rLtdrtb5CMjJcDut+WNGCVv7OmS5+lTc= +github.com/Azure/go-autorest/autorest/to v0.4.1/go.mod h1:EtaofgU4zmtvn1zT2ARsjRFdq9vXx0YWtmElwL+GZ9M= github.com/Azure/go-autorest/autorest/validation v0.3.1 h1:AgyqjAd94fwNAoTjl/WQXg4VvFeRFpO+UhNyRXqF1ac= github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= @@ -107,8 +107,8 @@ github.com/Azure/skewer v0.0.19 h1:+qA1z8isKmlNkhAwZErNS2wD2jaemSk9NszYKr8dddU= github.com/Azure/skewer v0.0.19/go.mod h1:LVH7jmduRKmPj8YcIz7V4f53xJEntjweL4aoLyChkwk= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3 h1:H5xDQaE3XowWfhZRUpnfC+rGZMEVoSiji+b+/HFAPU4= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Pallinder/go-randomdata v1.2.0 h1:DZ41wBchNRb/0GfsePLiSwb0PHZmT67XY00lCDlaYPg= @@ -167,8 +167,8 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= -github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= +github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM= +github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -218,8 +218,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.23.0 h1:/PwmTwZhS0dPkav3cdK9kV1FsAmrL8sThn8IHr/sO+o= -github.com/go-playground/validator/v10 v10.23.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= +github.com/go-playground/validator/v10 v10.25.0 h1:5Dh7cjvzR7BRZadnsVOzPhWsrwUr0nmsZJxEAnFLNO8= +github.com/go-playground/validator/v10 v10.25.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= @@ -423,8 +423,8 @@ github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoG github.com/prometheus/statsd_exporter v0.22.7/go.mod h1:N/TevpjkIh9ccs6nuzY3jQn9dFqnUakOjnEuMPJJJnI= github.com/prometheus/statsd_exporter v0.24.0 h1:aZmN6CzS2H1Non1JKZdjkQlAkDtGoQBYIESk2SlU1OI= github.com/prometheus/statsd_exporter v0.24.0/go.mod h1:+dQiRTqn9DnPmN5mI5Xond+k8nuRKzdgh1omxh9OgFY= -github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4= -github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA= +github.com/redis/go-redis/v9 v9.7.0 h1:HhLSs+B6O021gwzl+locl0zEDnyNkxMtf/Z3NNBMa9E= +github.com/redis/go-redis/v9 v9.7.0/go.mod h1:f6zhXITC7JUJIlPEiBOTXxJgPLdZcA93GewI7inzyWw= github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= @@ -432,8 +432,8 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/samber/lo v1.47.0 h1:z7RynLwP5nbyRscyvcD043DWYoOcYRv3mV8lBeqOCLc= -github.com/samber/lo v1.47.0/go.mod h1:RmDH9Ct32Qy3gduHQuKJ3gW1fMHAnE/fAzQuf6He5cU= +github.com/samber/lo v1.49.1 h1:4BIFyVfuQSEpluc7Fua+j1NolZHiEHEpaSEKdsH0tew= +github.com/samber/lo v1.49.1/go.mod h1:dO6KHFzUKXgP8LDhU0oI8d2hekjXnGOu0DB8Jecxd6o= github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= @@ -504,10 +504,9 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= -golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= +golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= +golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -583,8 +582,8 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= -golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= +golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= +golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -607,8 +606,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= -golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w= +golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -655,15 +654,15 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= -golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg= -golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= +golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU= +golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -674,8 +673,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= -golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= +golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= +golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From 95220901ff0d1b876583d55a7256175a2cdff2a2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Feb 2025 22:40:43 -0800 Subject: [PATCH 2/9] chore(deps): bump oss/go/microsoft/golang in /.devcontainer (#699) Bumps oss/go/microsoft/golang from 1.23.6-bookworm to 1.24.0-bookworm. --- updated-dependencies: - dependency-name: oss/go/microsoft/golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alex Leites <18728999+tallaxes@users.noreply.github.com> --- .devcontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index fc8e07e18..19ca03d92 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,4 +1,4 @@ -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.23.6-bookworm@sha256:2d8c09c93157b49f2f8f0523d907620d022e6d354e670b60a83125067f0c8960 +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.24.0-bookworm@sha256:14dcc42a624a5e736d42c092815e0796dadfbe8456fd96ca6d6f53e91e8e1cba # [Optional] Uncomment this section to install additional OS packages. # graphviz for pprof From 15c7cd76fa697d9b5e2e21ca87d08adc959cd505 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Feb 2025 22:41:44 -0800 Subject: [PATCH 3/9] chore(deps): bump the actions-deps group across 1 directory with 3 updates (#698) Bumps the actions-deps group with 3 updates in the / directory: [step-security/harden-runner](https://github.com/step-security/harden-runner), [github/codeql-action](https://github.com/github/codeql-action) and [actions/setup-node](https://github.com/actions/setup-node). Updates `step-security/harden-runner` from 2.10.3 to 2.11.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/c95a14d0e5bab51a9f56296a4eb0e416910cd350...4d991eb9b905ef189e4c376166672c3f2f230481) Updates `github/codeql-action` from 3.28.1 to 3.28.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b6a472f63d85b9c78a3ac5e89422239fc15e9b3c...9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0) Updates `actions/setup-node` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/39370e3970a6d050c480ffad4ff0ed4d3fdee5af...1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alex Leites <18728999+tallaxes@users.noreply.github.com> --- .github/workflows/approval-comment.yaml | 2 +- .github/workflows/build-publish-mcr.yml | 2 +- .github/workflows/ci-test.yml | 2 +- .github/workflows/ci.yml | 2 +- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/deflake.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/e2e-matrix.yaml | 2 +- .github/workflows/e2e.yaml | 2 +- .github/workflows/release-trigger.yaml | 4 ++-- .github/workflows/resolve-args.yaml | 2 +- .github/workflows/scorecards.yml | 4 ++-- 12 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/approval-comment.yaml b/.github/workflows/approval-comment.yaml index f78d62b56..f0fdff6ff 100644 --- a/.github/workflows/approval-comment.yaml +++ b/.github/workflows/approval-comment.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: disable-telemetry: true disable-sudo: true diff --git a/.github/workflows/build-publish-mcr.yml b/.github/workflows/build-publish-mcr.yml index 1aaf5f7ff..4092d94bf 100644 --- a/.github/workflows/build-publish-mcr.yml +++ b/.github/workflows/build-publish-mcr.yml @@ -23,7 +23,7 @@ jobs: labels: [self-hosted, "1ES.Pool=${{ vars.RELEASE_1ES_POOL }}"] steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: egress-policy: audit diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index b9b4336da..751762945 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -19,7 +19,7 @@ jobs: K8S_VERSION: ${{ matrix.k8sVersion }} steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: disable-telemetry: true egress-policy: block diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 755af2b50..6b606783e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: disable-telemetry: true egress-policy: block diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 991223df3..b491ffd52 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: disable-telemetry: true egress-policy: block @@ -46,8 +46,8 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/install-deps - run: make vulncheck - - uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + - uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 with: languages: ${{ matrix.language }} - - uses: github/codeql-action/autobuild@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 - - uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + - uses: github/codeql-action/autobuild@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 + - uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 diff --git a/.github/workflows/deflake.yml b/.github/workflows/deflake.yml index fc2e09084..cbff4484c 100644 --- a/.github/workflows/deflake.yml +++ b/.github/workflows/deflake.yml @@ -14,7 +14,7 @@ jobs: statuses: write steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: disable-telemetry: true egress-policy: block diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 6f49fc692..d21d5ed2c 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: disable-telemetry: true disable-sudo: true diff --git a/.github/workflows/e2e-matrix.yaml b/.github/workflows/e2e-matrix.yaml index fd43bb889..af67ecc65 100644 --- a/.github/workflows/e2e-matrix.yaml +++ b/.github/workflows/e2e-matrix.yaml @@ -29,7 +29,7 @@ jobs: E2E_HASH: ${{ steps.generate-e2e-run-hash.outputs.E2E_HASH }} steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: disable-telemetry: true disable-sudo: true diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index bbff09ad8..ebef87e0b 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -45,7 +45,7 @@ jobs: AZURE_SUBSCRIPTION_ID: ${{ secrets.E2E_SUBSCRIPTION_ID }} steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: disable-telemetry: true egress-policy: block diff --git a/.github/workflows/release-trigger.yaml b/.github/workflows/release-trigger.yaml index 1ee240e36..a31c8dede 100644 --- a/.github/workflows/release-trigger.yaml +++ b/.github/workflows/release-trigger.yaml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: disable-telemetry: true disable-sudo: true @@ -29,7 +29,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: '20.x' # semantic-release requires Node version 20.8.1 or higher - name: semantic-release diff --git a/.github/workflows/resolve-args.yaml b/.github/workflows/resolve-args.yaml index d992176d6..a16d9e94f 100644 --- a/.github/workflows/resolve-args.yaml +++ b/.github/workflows/resolve-args.yaml @@ -16,7 +16,7 @@ jobs: steps: # Download the artifact and resolve the GIT_REF - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: disable-sudo: true disable-telemetry: true diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 0171bc9af..962af1965 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: disable-sudo: true disable-telemetry: true @@ -90,6 +90,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 with: sarif_file: results.sarif From 6bcc230dbe42f8d2a37918a29c6ac4d1c58ef277 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Feb 2025 23:06:49 -0800 Subject: [PATCH 4/9] chore(deps): bump actions/setup-go (#662) Bumps the action-deps group in /.github/actions/install-deps with 1 update: [actions/setup-go](https://github.com/actions/setup-go). Updates `actions/setup-go` from 5.2.0 to 5.3.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/3041bf56c941b39c61721a86cd11f3bb1338122a...f111f3307d8850f501ac008e886eec1fd1932a34) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-deps ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alex Leites <18728999+tallaxes@users.noreply.github.com> --- .github/actions/install-deps/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/install-deps/action.yaml b/.github/actions/install-deps/action.yaml index b96119227..96fdea096 100644 --- a/.github/actions/install-deps/action.yaml +++ b/.github/actions/install-deps/action.yaml @@ -7,7 +7,7 @@ inputs: runs: using: "composite" steps: - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 id: setup-go with: go-version-file: go.mod From bbcfe96c966f5228e258bd24444b20ac64a908d1 Mon Sep 17 00:00:00 2001 From: Tom Abraham <38714456+toma3233@users.noreply.github.com> Date: Wed, 19 Feb 2025 17:43:04 -0800 Subject: [PATCH 5/9] Adding Service Hub HTTP Middleware to NPS Client (#691) * adding logging round tripper * fix: make presubmit * go mod tidy --------- Co-authored-by: tomabraham Co-authored-by: Bryce Soghigian <49734722+Bryce-Soghigian@users.noreply.github.com> --- go.mod | 11 ++++---- go.sum | 26 ++++++++++--------- .../provisionclientbootstrap.go | 12 +++++++-- 3 files changed, 30 insertions(+), 19 deletions(-) diff --git a/go.mod b/go.mod index 5089eed42..2e199e3aa 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,7 @@ module github.com/Azure/karpenter-provider-azure go 1.23.6 require ( + github.com/Azure/aks-middleware v0.0.30 github.com/Azure/azure-kusto-go v0.16.1 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/azure-sdk-for-go-extensions v0.1.8 @@ -107,7 +108,7 @@ require ( github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect github.com/google/uuid v1.6.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.21.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect github.com/hashicorp/golang-lru v1.0.2 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -145,7 +146,7 @@ require ( golang.org/x/crypto v0.33.0 // indirect golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa // indirect golang.org/x/net v0.35.0 // indirect - golang.org/x/oauth2 v0.22.0 // indirect + golang.org/x/oauth2 v0.24.0 // indirect golang.org/x/sys v0.30.0 // indirect golang.org/x/term v0.29.0 // indirect golang.org/x/text v0.22.0 // indirect @@ -153,9 +154,9 @@ require ( golang.org/x/tools v0.28.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/api v0.183.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240808171019-573a1156607a // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240808171019-573a1156607a // indirect - google.golang.org/grpc v1.65.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 // indirect + google.golang.org/grpc v1.68.0 // indirect google.golang.org/protobuf v1.36.1 // indirect gopkg.in/dnaeon/go-vcr.v3 v3.2.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index f226cd16c..fd301830c 100644 --- a/go.sum +++ b/go.sum @@ -35,6 +35,8 @@ contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d/g contrib.go.opencensus.io/exporter/prometheus v0.4.2 h1:sqfsYl5GIY/L570iT+l93ehxaWJs2/OwXtiWwew3oAg= contrib.go.opencensus.io/exporter/prometheus v0.4.2/go.mod h1:dvEHbiKmgvbr5pjaF9fpw1KeYcjrnC1J8B+JKjsZyRQ= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/Azure/aks-middleware v0.0.30 h1:WhZwYwDYkA0hgCwywYZgR3GyQeNGri6rucC/uJrvREM= +github.com/Azure/aks-middleware v0.0.30/go.mod h1:02sVX8v7HPSNuVL3NFBVwmRxyzriyWMU7IwJeDmkZvM= github.com/Azure/azure-kusto-go v0.16.1 h1:vCBWcQghmC1qIErUUgVNWHxGhZVStu1U/hki6iBA14k= github.com/Azure/azure-kusto-go v0.16.1/go.mod h1:9F2zvXH8B6eWzgI1S4k1ZXAIufnBZ1bv1cW1kB1n3D0= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= @@ -302,8 +304,8 @@ github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.21.0 h1:CWyXh/jylQWp2dtiV33mY4iSSp6yf4lmn+c7/tN+ObI= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.21.0/go.mod h1:nCLIt0w3Ept2NwF8ThLmrppXsfT07oC8k0XNDxd8sVU= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 h1:TmHmbvxPmaegwhDubVz0lICL0J5Ka2vwTzhoePEXsGE= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0/go.mod h1:qztMSjm835F2bXf+5HKAPIS5qsmQDqZna/PgVt4rWtI= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c= @@ -429,8 +431,8 @@ github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= -github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/samber/lo v1.49.1 h1:4BIFyVfuQSEpluc7Fua+j1NolZHiEHEpaSEKdsH0tew= github.com/samber/lo v1.49.1/go.mod h1:dO6KHFzUKXgP8LDhU0oI8d2hekjXnGOu0DB8Jecxd6o= @@ -591,8 +593,8 @@ golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA= -golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= +golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -788,10 +790,10 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto/googleapis/api v0.0.0-20240808171019-573a1156607a h1:KyUe15n7B1YCu+kMmPtlXxgkLQbp+Dw0tCRZf9Sd+CE= -google.golang.org/genproto/googleapis/api v0.0.0-20240808171019-573a1156607a/go.mod h1:4+X6GvPs+25wZKbQq9qyAXrwIRExv7w0Ea6MgZLZiDM= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240808171019-573a1156607a h1:EKiZZXueP9/T68B8Nl0GAx9cjbQnCId0yP3qPMgaaHs= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240808171019-573a1156607a/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 h1:pgr/4QbFyktUv9CtQ/Fq4gzEE6/Xs7iCXbktaGzLHbQ= +google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697/go.mod h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 h1:LWZqQOEjDyONlF1H6afSWpAL/znlREo2tHfLoe+8LMA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -805,8 +807,8 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= -google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= +google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= +google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/pkg/providers/imagefamily/customscriptsbootstrap/provisionclientbootstrap.go b/pkg/providers/imagefamily/customscriptsbootstrap/provisionclientbootstrap.go index 45e53f4d4..d84523197 100644 --- a/pkg/providers/imagefamily/customscriptsbootstrap/provisionclientbootstrap.go +++ b/pkg/providers/imagefamily/customscriptsbootstrap/provisionclientbootstrap.go @@ -20,10 +20,13 @@ import ( "context" "encoding/base64" "fmt" + "log/slog" "math" + "os" "strings" "time" + "github.com/Azure/aks-middleware/http/client/direct/restlogger" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/karpenter-provider-azure/pkg/apis/v1alpha2" "github.com/Azure/karpenter-provider-azure/pkg/operator/options" @@ -166,6 +169,11 @@ func (p ProvisionClientBootstrap) GetCustomDataAndCSE(ctx context.Context) (stri func (p *ProvisionClientBootstrap) getNodeBootstrappingFromClient(ctx context.Context, provisionProfile *models.ProvisionProfile, provisionHelperValues *models.ProvisionHelperValues, bootstrapToken string) (string, string, error) { transport := httptransport.New(options.FromContext(ctx).NodeBootstrappingServerURL, "/", []string{"http"}) + + logger := slog.New(slog.NewJSONHandler(os.Stdout, nil)) + loggingClient := restlogger.NewLoggingClient(logger) + transport.Transport = loggingClient.Transport + client := client.New(transport, strfmt.Default) params := operations.NewNodeBootstrappingGetParams() @@ -183,7 +191,7 @@ func (p *ProvisionClientBootstrap) getNodeBootstrappingFromClient(ctx context.Co resp, err := client.Operations.NodeBootstrappingGet(params) if err != nil { - // As of now we just fail the provisioning given the unlikely scenario of retriable error, but could be revisted along with retriable status on the server side. + // As of now we just fail the provisioning given the unlikely scenario of retriable error, but could be revisited along with retriable status on the server side. return "", "", err } @@ -239,7 +247,7 @@ func normalizeResourceGroupNameForLabel(resourceGroupName string) string { } func reverseVMMemoryOverhead(vmMemoryOverheadPercent float64, adjustedMemory float64) float64 { - // This is not the best way to do it... But will be refactored later, given that retreiving the original memory properly might involves some restructure. + // This is not the best way to do it... But will be refactored later, given that retrieving the original memory properly might involves some restructure. // Due to the fact that it is abstracted behind the cloudprovider interface. return adjustedMemory / (1 - vmMemoryOverheadPercent) } From d1520d94080b0dfa68245116f01bbc5c5db21529 Mon Sep 17 00:00:00 2001 From: Tom Abraham <38714456+toma3233@users.noreply.github.com> Date: Thu, 20 Feb 2025 15:44:19 -0800 Subject: [PATCH 6/9] Utilizing SH Logging Policy for ARM Track 2 SDK Calls (#706) * using SH transport for ARM calls * fix param --------- Co-authored-by: tomabraham --- pkg/utils/opts/armopts.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkg/utils/opts/armopts.go b/pkg/utils/opts/armopts.go index 3104b0a99..a1f333fe6 100644 --- a/pkg/utils/opts/armopts.go +++ b/pkg/utils/opts/armopts.go @@ -18,8 +18,12 @@ package opts import ( "net/http" + "os" "time" + "log/slog" + + shPolicy "github.com/Azure/aks-middleware/http/client/azuresdk/policy" "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" "github.com/Azure/karpenter-provider-azure/pkg/auth" @@ -30,6 +34,9 @@ func DefaultArmOpts() *arm.ClientOptions { opts.Telemetry = DefaultTelemetryOpts() opts.Retry = DefaultRetryOpts() opts.Transport = defaultHTTPClient + + logger := slog.New(slog.NewJSONHandler(os.Stdout, nil)) + opts.PerCallPolicies = append(opts.PerCallPolicies, shPolicy.NewLoggingPolicy(*logger)) return opts } From b199e517587e04b80cd1b09f28b1e332c20cb0a3 Mon Sep 17 00:00:00 2001 From: Bryce Soghigian <49734722+Bryce-Soghigian@users.noreply.github.com> Date: Fri, 21 Feb 2025 10:18:34 -0800 Subject: [PATCH 7/9] feat: add azure-cni-overlay label and set network plugin to none in some cases (#697) * fix: setting network plugin to none in the agentbaker contract if we are using overlay net plugin mode. This will delegate the installation of the cni to daemonsets (azure-cns) etc. This also introduces a label azure-cni-overlay which adds better consistency between karpenter provided nodes and nodes provided from aks. We also introduce tests to explicitly validate that if the network plugin mode on the cluster is azure and uses azure cni overlay, that we properly delegate that installation * fix: ci * refactor: renaming cni label var * modifying comment Co-authored-by: Alex Leites <18728999+tallaxes@users.noreply.github.com> * style: renaming vars to not have vnet prefix * test: adding tests for the different cni modes on labels * refactor: renaming test * feat: supporting cilium + nodesubnet case --------- Co-authored-by: Alex Leites <18728999+tallaxes@users.noreply.github.com> --- .../imagefamily/bootstrap/aksbootstrap.go | 1 + pkg/providers/instancetype/suite_test.go | 53 ++++++++++++++++++- .../launchtemplate/launchtemplate.go | 38 +++++++++---- 3 files changed, 81 insertions(+), 11 deletions(-) diff --git a/pkg/providers/imagefamily/bootstrap/aksbootstrap.go b/pkg/providers/imagefamily/bootstrap/aksbootstrap.go index 93697e7b9..ccca2ff4b 100644 --- a/pkg/providers/imagefamily/bootstrap/aksbootstrap.go +++ b/pkg/providers/imagefamily/bootstrap/aksbootstrap.go @@ -454,6 +454,7 @@ func (a AKS) applyOptions(nbv *NodeBootstrapVariables) { nbv.UserAssignedIdentityID = a.KubeletIdentityClientID nbv.NetworkPlugin = a.NetworkPlugin + nbv.NetworkPolicy = a.NetworkPolicy nbv.KubernetesVersion = a.KubernetesVersion diff --git a/pkg/providers/instancetype/suite_test.go b/pkg/providers/instancetype/suite_test.go index 972be555f..55ded8ead 100644 --- a/pkg/providers/instancetype/suite_test.go +++ b/pkg/providers/instancetype/suite_test.go @@ -163,6 +163,7 @@ var _ = Describe("InstanceType Provider", func() { ContainSubstring("kubernetes.azure.com/network-subnet=karpentersub"), ContainSubstring("kubernetes.azure.com/nodenetwork-vnetguid=test-vnet-guid"), ContainSubstring("kubernetes.azure.com/podnetwork-type=overlay"), + ContainSubstring("kubernetes.azure.com/azure-cni-overlay=true"), )) }) It("should use the subnet specified in the nodeclass", func() { @@ -1222,6 +1223,57 @@ var _ = Describe("InstanceType Provider", func() { Expect(kubeletFlags).To(ContainSubstring("--register-with-taints=" + karpv1.UnregisteredNoExecuteTaint.ToString())) }) }) + + DescribeTable("Azure CNI node labels and agentbaker network plugin", func( + networkPlugin, networkPluginMode, networkDataplane, expectedAgentBakerNetPlugin string, + expectedNodeLabels sets.Set[string]) { + options := test.Options(test.OptionsFields{ + NetworkPlugin: lo.ToPtr(networkPlugin), + NetworkPluginMode: lo.ToPtr(networkPluginMode), + NetworkDataplane: lo.ToPtr(networkDataplane), + }) + ctx = options.ToContext(ctx) + + ExpectApplied(ctx, env.Client, nodePool, nodeClass) + pod := coretest.UnschedulablePod() + ExpectProvisioned(ctx, env.Client, cluster, cloudProvider, coreProvisioner, pod) + ExpectScheduled(ctx, env.Client, pod) + customData := ExpectDecodedCustomData(azureEnv) + + Expect(customData).To(ContainSubstring(fmt.Sprintf("NETWORK_PLUGIN=%s", expectedAgentBakerNetPlugin))) + + for label := range expectedNodeLabels { + Expect(customData).To(ContainSubstring(label)) + } + }, + Entry("Azure CNI V1", + "azure", "", "", + "azure", sets.New[string]()), + Entry("Azure CNI w Overlay", + "azure", "overlay", "", + "none", + sets.New( + "kubernetes.azure.com/azure-cni-overlay=true", + "kubernetes.azure.com/network-subnet=karpentersub", + "kubernetes.azure.com/nodenetwork-vnetguid=test-vnet-guid", + "kubernetes.azure.com/podnetwork-type=overlay", + )), + Entry("Azure CNI w Overlay w Cilium", + "azure", "overlay", "cilium", + "none", + sets.New( + "kubernetes.azure.com/azure-cni-overlay=true", + "kubernetes.azure.com/network-subnet=karpentersub", + "kubernetes.azure.com/nodenetwork-vnetguid=test-vnet-guid", + "kubernetes.azure.com/podnetwork-type=overlay", + "kubernetes.azure.com/ebpf-dataplane=cilium", + )), + Entry("Cilium w feature flag Microsoft.ContainerService/EnableCiliumNodeSubnet", + "azure", "", "cilium", + "none", + sets.New("kubernetes.azure.com/ebpf-dataplane=cilium")), + ) + Context("LoadBalancer", func() { resourceGroup := "test-resourceGroup" @@ -1352,6 +1404,5 @@ func createSDKErrorBody(code, message string) io.ReadCloser { func ExpectKubeletFlagsPassed(customData string) string { GinkgoHelper() - return customData[strings.Index(customData, "KUBELET_FLAGS=")+len("KUBELET_FLAGS=") : strings.Index(customData, "KUBELET_NODE_LABELS")] } diff --git a/pkg/providers/launchtemplate/launchtemplate.go b/pkg/providers/launchtemplate/launchtemplate.go index 3f1a1a853..10e0a416b 100644 --- a/pkg/providers/launchtemplate/launchtemplate.go +++ b/pkg/providers/launchtemplate/launchtemplate.go @@ -18,6 +18,7 @@ package launchtemplate import ( "context" + "strconv" "strings" "github.com/Azure/go-autorest/autorest/to" @@ -38,10 +39,11 @@ import ( const ( karpenterManagedTagKey = "karpenter.azure.com/cluster" - vnetDataPlaneLabel = "kubernetes.azure.com/ebpf-dataplane" - vnetSubnetNameLabel = "kubernetes.azure.com/network-subnet" - vnetGUIDLabel = "kubernetes.azure.com/nodenetwork-vnetguid" - vnetPodNetworkTypeLabel = "kubernetes.azure.com/podnetwork-type" + dataplaneLabel = "kubernetes.azure.com/ebpf-dataplane" + azureCNIOverlayLabel = "kubernetes.azure.com/azure-cni-overlay" + subnetNameLabel = "kubernetes.azure.com/network-subnet" + vnetGUIDLabel = "kubernetes.azure.com/nodenetwork-vnetguid" + podNetworkTypeLabel = "kubernetes.azure.com/podnetwork-type" ) type Template struct { @@ -123,7 +125,7 @@ func (p *Provider) getStaticParameters(ctx context.Context, instanceType *cloudp subnetID := lo.Ternary(nodeClass.Spec.VNETSubnetID != nil, lo.FromPtr(nodeClass.Spec.VNETSubnetID), options.FromContext(ctx).SubnetID) - if options.FromContext(ctx).NetworkPlugin == consts.NetworkPluginAzure && options.FromContext(ctx).NetworkPluginMode == consts.NetworkPluginModeOverlay { + if isAzureCNIOverlay(ctx) { // TODO: make conditional on pod subnet vnetLabels, err := p.getVnetInfoLabels(subnetID) if err != nil { @@ -140,7 +142,7 @@ func (p *Provider) getStaticParameters(ctx context.Context, instanceType *cloudp // values: // - cilium - labels[vnetDataPlaneLabel] = consts.NetworkDataplaneCilium + labels[dataplaneLabel] = consts.NetworkDataplaneCilium } return ¶meters.StaticParameters{ @@ -162,13 +164,28 @@ func (p *Provider) getStaticParameters(ctx context.Context, instanceType *cloudp ClusterID: options.FromContext(ctx).ClusterID, APIServerName: options.FromContext(ctx).GetAPIServerName(), KubeletClientTLSBootstrapToken: options.FromContext(ctx).KubeletClientTLSBootstrapToken, - NetworkPlugin: options.FromContext(ctx).NetworkPlugin, + NetworkPlugin: getAgentbakerNetworkPlugin(ctx), NetworkPolicy: options.FromContext(ctx).NetworkPolicy, SubnetID: subnetID, ClusterResourceGroup: p.clusterResourceGroup, }, nil } +func getAgentbakerNetworkPlugin(ctx context.Context) string { + if isAzureCNIOverlay(ctx) || isCiliumNodeSubnet(ctx) { + return consts.NetworkPluginNone + } + return consts.NetworkPluginAzure +} + +func isCiliumNodeSubnet(ctx context.Context) bool { + return options.FromContext(ctx).NetworkPlugin == consts.NetworkPluginAzure && options.FromContext(ctx).NetworkPluginMode == consts.NetworkPluginModeNone && options.FromContext(ctx).NetworkDataplane == consts.NetworkDataplaneCilium +} + +func isAzureCNIOverlay(ctx context.Context) bool { + return options.FromContext(ctx).NetworkPlugin == consts.NetworkPluginAzure && options.FromContext(ctx).NetworkPluginMode == consts.NetworkPluginModeOverlay +} + func (p *Provider) createLaunchTemplate(ctx context.Context, params *parameters.Parameters) (*Template, error) { // merge and convert to ARM tags azureTags := mergeTags(params.Tags, map[string]string{karpenterManagedTagKey: params.ClusterName}) @@ -213,9 +230,10 @@ func (p *Provider) getVnetInfoLabels(subnetID string) (map[string]string, error) return nil, err } vnetLabels := map[string]string{ - vnetSubnetNameLabel: vnetSubnetComponents.SubnetName, - vnetGUIDLabel: p.vnetGUID, - vnetPodNetworkTypeLabel: consts.NetworkPluginModeOverlay, + subnetNameLabel: vnetSubnetComponents.SubnetName, + vnetGUIDLabel: p.vnetGUID, + azureCNIOverlayLabel: strconv.FormatBool(true), + podNetworkTypeLabel: consts.NetworkPluginModeOverlay, } return vnetLabels, nil } From 11f23eae99f2d647aba5a446134e6f4861cdcb77 Mon Sep 17 00:00:00 2001 From: Bryce Soghigian <49734722+Bryce-Soghigian@users.noreply.github.com> Date: Fri, 21 Feb 2025 10:29:25 -0800 Subject: [PATCH 8/9] test: garbage collection controller removes orphaned nics (#686) * test: garbage collection controller removes orphaned nics * refactor: breaking logic into modular steps to reduce cyclomatic complexity * ci: golang-ci lint * fix: going back to utilization as the default * refactor: moving env vars to azureEnv struct * refactor: using azure clients defined inside of env * refactor: using more generic list approach that can be generalized and used elsewhere * refactor: using AZURE_RESOURCE_GROUP_MC as a name rather than AZURE_RESOURCE_GROUP * ci: lint * test: checkin azure garbage collection into our e2e matrix * fix: propagating values to makefile fix: propagating values to makefile * fix: constructing mc rg * fix: use CLUSTER_NAME instead of AZURE_CLUSTER_NAME * test: refactoring to use environment * fix: propagating location * refactor: have acr e2e consume from environment vars stored in azureEnv * fix: removing import * refactor: renaming CLUSTER_NAME to match all other variables * refactor: moving env vars outside of az-e2etest since e2etest now holds that state * ci: make presubmit * refactor: removing readme * refactor: using lo.Must() + os.LookupEnv * revert: go.mod go version change * refactor: moving azuregc suite to the nodeclaim suite * Update Makefile-az.mk * refactor: using env block instead * fix: comment --------- Co-authored-by: Alex Leites <18728999+tallaxes@users.noreply.github.com> --- .github/workflows/e2e.yaml | 12 ++- Makefile | 2 +- test/pkg/environment/azure/environment.go | 37 ++++++-- test/pkg/environment/azure/expectations.go | 84 +++++++++++++++++++ test/suites/acr/suite_test.go | 5 +- .../nodeclaim/azuregarbagecollection_test.go | 48 +++++++++++ 6 files changed, 175 insertions(+), 13 deletions(-) create mode 100644 test/pkg/environment/azure/expectations.go create mode 100644 test/suites/nodeclaim/azuregarbagecollection_test.go diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index ebef87e0b..eaf97bc64 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -156,9 +156,17 @@ jobs: location: ${{ inputs.location }} - name: run the ${{ inputs.suite }} test suite if: inputs.suite != 'Nonbehavioral' + env: + AZURE_CLUSTER_NAME: ${{ env.CLUSTER_NAME }} + AZURE_RESOURCE_GROUP: ${{ env.RG_NAME }} + AZURE_LOCATION: ${{ inputs.location }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.E2E_SUBSCRIPTION_ID }} + AZURE_ACR_NAME: ${{ env.ACR_NAME }} + TEST_SUITE: ${{ inputs.suite }} + GIT_REF: ${{ github.sha }} run: | - AZURE_CLUSTER_NAME=${{ env.CLUSTER_NAME }} AZURE_RESOURCE_GROUP=${{ env.RG_NAME }} make az-creds - CLUSTER_NAME=${{ env.CLUSTER_NAME }} AZURE_ACR_NAME=${{ env.ACR_NAME}} TEST_SUITE="${{ inputs.suite }}" GIT_REF="$(git rev-parse HEAD)" make e2etests + make az-creds + make e2etests - name: dump logs on failure uses: ./.github/actions/e2e/dump-logs if: failure() || cancelled() diff --git a/Makefile b/Makefile index 7652d48ae..896b1502e 100644 --- a/Makefile +++ b/Makefile @@ -49,7 +49,7 @@ e2etests: ## Run the e2e suite against your local cluster # -count 1: prevents caching # -timeout: If a test binary runs longer than TEST_TIMEOUT, panic # -v: verbose output - cd test && CLUSTER_NAME=${CLUSTER_NAME} AZURE_ACR_NAME=${AZURE_ACR_NAME} go test \ + cd test && AZURE_CLUSTER_NAME=${AZURE_CLUSTER_NAME} AZURE_ACR_NAME=${AZURE_ACR_NAME} AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP} AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID} AZURE_LOCATION=${AZURE_LOCATION} go test \ -p 1 \ -count 1 \ -timeout ${TEST_TIMEOUT} \ diff --git a/test/pkg/environment/azure/environment.go b/test/pkg/environment/azure/environment.go index b8f72f550..04234edcf 100644 --- a/test/pkg/environment/azure/environment.go +++ b/test/pkg/environment/azure/environment.go @@ -17,12 +17,16 @@ limitations under the License. package azure import ( + "fmt" + "os" "testing" "github.com/samber/lo" v1 "k8s.io/api/core/v1" karpv1 "sigs.k8s.io/karpenter/pkg/apis/v1" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork" "github.com/Azure/karpenter-provider-azure/pkg/apis/v1alpha2" "github.com/Azure/karpenter-provider-azure/pkg/test" "github.com/Azure/karpenter-provider-azure/test/pkg/environment/common" @@ -40,16 +44,37 @@ const ( type Environment struct { *common.Environment - Region string + + NodeResourceGroup string + Region string + SubscriptionID string + VNETResourceGroup string + ACRName string + ClusterName string + ClusterResourceGroup string + + VNETClient *armnetwork.VirtualNetworksClient + InterfacesClient *armnetwork.InterfacesClient } func NewEnvironment(t *testing.T) *Environment { - env := common.NewEnvironment(t) - - return &Environment{ - Region: "westus2", - Environment: env, + azureEnv := &Environment{ + Environment: common.NewEnvironment(t), + SubscriptionID: lo.Must(os.LookupEnv("AZURE_SUBSCRIPTION_ID")), + ClusterName: lo.Must(os.LookupEnv("AZURE_CLUSTER_NAME")), + ClusterResourceGroup: lo.Must(os.LookupEnv("AZURE_RESOURCE_GROUP")), + ACRName: lo.Must(os.LookupEnv("ACR_NAME")), + Region: lo.Ternary(os.Getenv("AZURE_LOCATION") == "", "westus2", os.Getenv("AZURE_LOCATION")), } + + defaultNodeRG := fmt.Sprintf("MC_%s_%s_%s", azureEnv.ClusterResourceGroup, azureEnv.ClusterName, azureEnv.Region) + azureEnv.VNETResourceGroup = lo.Ternary(os.Getenv("VNET_RESOURCE_GROUP") == "", defaultNodeRG, os.Getenv("VNET_RESOURCE_GROUP")) + azureEnv.NodeResourceGroup = defaultNodeRG + + cred := lo.Must(azidentity.NewDefaultAzureCredential(nil)) + azureEnv.VNETClient = lo.Must(armnetwork.NewVirtualNetworksClient(azureEnv.SubscriptionID, cred, nil)) + azureEnv.InterfacesClient = lo.Must(armnetwork.NewInterfacesClient(azureEnv.SubscriptionID, cred, nil)) + return azureEnv } func (env *Environment) DefaultAKSNodeClass() *v1alpha2.AKSNodeClass { diff --git a/test/pkg/environment/azure/expectations.go b/test/pkg/environment/azure/expectations.go new file mode 100644 index 000000000..4fbbcd3e0 --- /dev/null +++ b/test/pkg/environment/azure/expectations.go @@ -0,0 +1,84 @@ +/* +Portions Copyright (c) Microsoft Corporation. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package azure + +import ( + "context" + "fmt" + "strings" + "time" + + "github.com/samber/lo" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + karpv1 "sigs.k8s.io/karpenter/pkg/apis/v1" + + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork" +) + +func (env *Environment) EventuallyExpectKarpenterNicsToBeDeleted() { + GinkgoHelper() + Eventually(func() bool { + pager := env.InterfacesClient.NewListPager(env.NodeResourceGroup, nil) + for pager.More() { + resp, err := pager.NextPage(env.Context) + if err != nil { + return false + } + + for _, nic := range resp.Value { + if nic.Tags != nil { + if _, exists := nic.Tags[strings.ReplaceAll(karpv1.NodePoolLabelKey, "/", "_")]; exists { + return false + } + } + } + } + return true + }).WithTimeout(10*time.Minute).WithPolling(10*time.Second).Should(BeTrue(), "Expected all orphan NICs to be deleted") +} + +func (env *Environment) ExpectCreatedInterface(networkInterface armnetwork.Interface) { + GinkgoHelper() + poller, err := env.InterfacesClient.BeginCreateOrUpdate(env.Context, env.NodeResourceGroup, lo.FromPtr(networkInterface.Name), networkInterface, nil) + Expect(err).ToNot(HaveOccurred()) + _, err = poller.PollUntilDone(env.Context, nil) + Expect(err).ToNot(HaveOccurred()) +} + +func (env *Environment) GetClusterSubnet() *armnetwork.Subnet { + GinkgoHelper() + vnet, err := firstVNETInRG(env.Context, env.VNETClient, env.VNETResourceGroup) + Expect(err).ToNot(HaveOccurred()) + return vnet.Properties.Subnets[0] +} + +// This returns the first vnet we find in the resource group, works for managed vnet, it hasn't been tested on custom vnet. +func firstVNETInRG(ctx context.Context, client *armnetwork.VirtualNetworksClient, vnetRG string) (*armnetwork.VirtualNetwork, error) { + pager := client.NewListPager(vnetRG, nil) + for pager.More() { + resp, err := pager.NextPage(ctx) + if err != nil { + return nil, fmt.Errorf("failed to list virtual networks: %w", err) + } + if len(resp.VirtualNetworkListResult.Value) > 0 { + return resp.VirtualNetworkListResult.Value[0], nil + } + } + return nil, fmt.Errorf("no virtual networks found in resource group: %s", vnetRG) +} diff --git a/test/suites/acr/suite_test.go b/test/suites/acr/suite_test.go index 9833dd6ff..65f0e1977 100644 --- a/test/suites/acr/suite_test.go +++ b/test/suites/acr/suite_test.go @@ -18,7 +18,6 @@ package acr import ( "fmt" - "os" "testing" "time" @@ -43,9 +42,7 @@ func TestAcr(t *testing.T) { RegisterFailHandler(Fail) BeforeSuite(func() { env = azure.NewEnvironment(t) - acrName := os.Getenv("AZURE_ACR_NAME") - Expect(acrName).NotTo(BeEmpty(), "AZURE_ACR_NAME must be set for the acr test suite") - pauseImage = fmt.Sprintf("%s.azurecr.io/pause:3.6", acrName) + pauseImage = fmt.Sprintf("%s.azurecr.io/pause:3.6", env.ACRName) }) RunSpecs(t, "Acr") } diff --git a/test/suites/nodeclaim/azuregarbagecollection_test.go b/test/suites/nodeclaim/azuregarbagecollection_test.go new file mode 100644 index 000000000..a3bdd6138 --- /dev/null +++ b/test/suites/nodeclaim/azuregarbagecollection_test.go @@ -0,0 +1,48 @@ +/* +Portions Copyright (c) Microsoft Corporation. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package nodeclaim_test + +import ( + . "github.com/onsi/ginkgo/v2" + "github.com/samber/lo" + + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork" + azkarptest "github.com/Azure/karpenter-provider-azure/pkg/test" +) + +var _ = Describe("gc", func() { + It("should garbage collect network interfaces created by karpenter", func() { + env.ExpectCreatedInterface(armnetwork.Interface{ + Name: lo.ToPtr("orphan-nic"), + Location: lo.ToPtr(env.Region), + Tags: azkarptest.ManagedTags("default"), + Properties: &armnetwork.InterfacePropertiesFormat{ + IPConfigurations: []*armnetwork.InterfaceIPConfiguration{ + { + Name: lo.ToPtr("ip-config"), + Properties: &armnetwork.InterfaceIPConfigurationPropertiesFormat{ + Primary: lo.ToPtr(true), + Subnet: env.GetClusterSubnet(), + PrivateIPAllocationMethod: lo.ToPtr(armnetwork.IPAllocationMethodDynamic), + }, + }, + }, + }, + }) + env.EventuallyExpectKarpenterNicsToBeDeleted() + }) +}) From e9b1ae6e4047f1b6675e2770c76d0617bf434c31 Mon Sep 17 00:00:00 2001 From: Bryce Soghigian <49734722+Bryce-Soghigian@users.noreply.github.com> Date: Fri, 21 Feb 2025 12:26:28 -0800 Subject: [PATCH 9/9] feat: validation enforcing vnet guid is set for overlay cni clusters (#675) * feat: validation enforcing vnet guid is set for overlay cni clusters * fix: deps * test: adding test for the azurecni with overlay guid validation * test: adding validation to validate shape looks like a guid, leveraged google uuid lib based on this benchmark test https://gist.github.com/mattes/69a4ab7027b9e8ee952b5843e7ca6955 * ci: golangci-lint run * deps: moving google uuid from an indirect dependency to a direct one * refactor: updating options to use a proper guid * test: network-plugin-mode falls back to overlay when unset which triggers vnet guid validation, this modifies that test to pass in an empty string * ci: golangci-lint run * test: testing happy path of properly configured vnet guid * fix: validate all vnet guids that are passed in even if we don't use the value * test: resolve merge conflic --------- Co-authored-by: Alex Leites <18728999+tallaxes@users.noreply.github.com> --- go.mod | 2 +- pkg/operator/operator.go | 37 ---------------- pkg/operator/options/options_validation.go | 16 +++++++ pkg/operator/options/suite_test.go | 49 ++++++++++++++++++++++ pkg/providers/instancetype/suite_test.go | 8 ++-- pkg/test/options.go | 2 +- 6 files changed, 71 insertions(+), 43 deletions(-) diff --git a/go.mod b/go.mod index 2e199e3aa..3122fc157 100644 --- a/go.mod +++ b/go.mod @@ -29,6 +29,7 @@ require ( github.com/go-openapi/validate v0.24.0 github.com/go-playground/validator/v10 v10.25.0 github.com/google/go-cmp v0.6.0 + github.com/google/uuid v1.6.0 github.com/imdario/mergo v0.3.16 github.com/jongio/azidext/go/azidext v0.5.0 github.com/mitchellh/hashstructure/v2 v2.0.2 @@ -107,7 +108,6 @@ require ( github.com/google/gnostic-models v0.6.8 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect - github.com/google/uuid v1.6.0 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect github.com/hashicorp/golang-lru v1.0.2 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go index 1e59aa2d7..8182dcb8f 100644 --- a/pkg/operator/operator.go +++ b/pkg/operator/operator.go @@ -40,13 +40,9 @@ import ( "sigs.k8s.io/karpenter/pkg/operator/injection" karpenteroptions "sigs.k8s.io/karpenter/pkg/operator/options" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork" - - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" webhooksalt "github.com/Azure/karpenter-provider-azure/pkg/alt/karpenter-core/pkg/webhooks" "github.com/Azure/karpenter-provider-azure/pkg/auth" azurecache "github.com/Azure/karpenter-provider-azure/pkg/cache" - "github.com/Azure/karpenter-provider-azure/pkg/consts" "github.com/Azure/karpenter-provider-azure/pkg/operator/options" "github.com/Azure/karpenter-provider-azure/pkg/providers/imagefamily" @@ -55,8 +51,6 @@ import ( "github.com/Azure/karpenter-provider-azure/pkg/providers/launchtemplate" "github.com/Azure/karpenter-provider-azure/pkg/providers/loadbalancer" "github.com/Azure/karpenter-provider-azure/pkg/providers/pricing" - "github.com/Azure/karpenter-provider-azure/pkg/utils" - armopts "github.com/Azure/karpenter-provider-azure/pkg/utils/opts" "sigs.k8s.io/karpenter/pkg/operator" ) @@ -89,12 +83,6 @@ func NewOperator(ctx context.Context, operator *operator.Operator) (context.Cont azClient, err := instance.CreateAZClient(ctx, azConfig) lo.Must0(err, "creating Azure client") - if options.FromContext(ctx).VnetGUID == "" && options.FromContext(ctx).NetworkPluginMode == consts.NetworkPluginModeOverlay { - vnetGUID, err := getVnetGUID(azConfig, options.FromContext(ctx).SubnetID) - lo.Must0(err, "getting VNET GUID") - options.FromContext(ctx).VnetGUID = vnetGUID - } - unavailableOfferingsCache := azurecache.NewUnavailableOfferings() pricingProvider := pricing.NewProvider( ctx, @@ -235,28 +223,3 @@ func getCABundle(restConfig *rest.Config) (*string, error) { } return ptr.String(base64.StdEncoding.EncodeToString(transportConfig.TLS.CAData)), nil } - -func getVnetGUID(cfg *auth.Config, subnetID string) (string, error) { - creds, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - return "", err - } - opts := armopts.DefaultArmOpts() - vnetClient, err := armnetwork.NewVirtualNetworksClient(cfg.SubscriptionID, creds, opts) - if err != nil { - return "", err - } - - subnetParts, err := utils.GetVnetSubnetIDComponents(subnetID) - if err != nil { - return "", err - } - vnet, err := vnetClient.Get(context.Background(), subnetParts.ResourceGroupName, subnetParts.VNetName, nil) - if err != nil { - return "", err - } - if vnet.Properties == nil || vnet.Properties.ResourceGUID == nil { - return "", fmt.Errorf("vnet %s does not have a resource GUID", subnetParts.VNetName) - } - return *vnet.Properties.ResourceGUID, nil -} diff --git a/pkg/operator/options/options_validation.go b/pkg/operator/options/options_validation.go index 63cc14e0d..f3060473a 100644 --- a/pkg/operator/options/options_validation.go +++ b/pkg/operator/options/options_validation.go @@ -23,6 +23,7 @@ import ( "github.com/Azure/karpenter-provider-azure/pkg/consts" "github.com/Azure/karpenter-provider-azure/pkg/utils" "github.com/go-playground/validator/v10" + "github.com/google/uuid" "go.uber.org/multierr" ) @@ -30,6 +31,7 @@ func (o Options) Validate() error { validate := validator.New() return multierr.Combine( o.validateRequiredFields(), + o.validateVNETGUID(), o.validateEndpoint(), o.validateNetworkingOptions(), o.validateVMMemoryOverheadPercent(), @@ -39,6 +41,16 @@ func (o Options) Validate() error { ) } +func (o Options) validateVNETGUID() error { + if o.VnetGUID != "" && uuid.Validate(o.VnetGUID) != nil { + return fmt.Errorf("vnet-guid %s is malformed", o.VnetGUID) + } + if o.isAzureCNIWithOverlay() && o.VnetGUID == "" { + return fmt.Errorf("vnet-guid cannot be empty for AzureCNI clusters with networkPluginMode overlay") + } + return nil +} + func (o Options) validateNetworkingOptions() error { if o.NetworkPlugin != consts.NetworkPluginAzure && o.NetworkPlugin != consts.NetworkPluginNone { return fmt.Errorf("network-plugin %v is invalid. network-plugin must equal 'azure' or 'none'", o.NetworkPlugin) @@ -56,6 +68,10 @@ func (o Options) validateNetworkingOptions() error { return nil } +func (o Options) isAzureCNIWithOverlay() bool { + return o.NetworkPlugin == consts.NetworkPluginAzure && o.NetworkPluginMode == consts.NetworkPluginModeOverlay +} + func (o Options) validateVnetSubnetID() error { _, err := utils.GetVnetSubnetIDComponents(o.SubnetID) if err != nil { diff --git a/pkg/operator/options/suite_test.go b/pkg/operator/options/suite_test.go index fa780fabc..3aa3408a3 100644 --- a/pkg/operator/options/suite_test.go +++ b/pkg/operator/options/suite_test.go @@ -55,6 +55,7 @@ var _ = Describe("Options", func() { "NODE_IDENTITIES", "PROVISION_MODE", "NODEBOOTSTRAPPING_SERVER_URL", + "VNET_GUID", } var fs *coreoptions.FlagSet @@ -99,6 +100,7 @@ var _ = Describe("Options", func() { os.Setenv("VNET_SUBNET_ID", "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/sillygeese/providers/Microsoft.Network/virtualNetworks/karpentervnet/subnets/karpentersub") os.Setenv("PROVISION_MODE", "bootstrappingclient") os.Setenv("NODEBOOTSTRAPPING_SERVER_URL", "https://nodebootstrapping-server-url") + os.Setenv("VNET_GUID", "a519e60a-cac0-40b2-b883-084477fe6f5c") fs = &coreoptions.FlagSet{ FlagSet: flag.NewFlagSet("karpenter", flag.ContinueOnError), } @@ -118,10 +120,41 @@ var _ = Describe("Options", func() { NodeIdentities: []string{"/subscriptions/1234/resourceGroups/mcrg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/envid1", "/subscriptions/1234/resourceGroups/mcrg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/envid2"}, ProvisionMode: lo.ToPtr("bootstrappingclient"), NodeBootstrappingServerURL: lo.ToPtr("https://nodebootstrapping-server-url"), + VnetGUID: lo.ToPtr("a519e60a-cac0-40b2-b883-084477fe6f5c"), })) }) }) Context("Validation", func() { + It("should fail when vnet guid is not a uuid", func() { + errMsg := "vnet-guid null is malformed" + err := opts.Parse( + fs, + "--cluster-name", "my-name", + "--cluster-endpoint", "https://karpenter-000000000000.hcp.westus2.staging.azmk8s.io", + "--kubelet-bootstrap-token", "flag-bootstrap-token", + "--ssh-public-key", "flag-ssh-public-key", + "--vm-memory-overhead-percent", "-0.01", + "--network-plugin", "azure", + "--network-plugin-mode", "overlay", + "--vnet-guid", "null", // sometimes output of jq can produce null or some other data, we should enforce that the vnet guid passed in at least looks like a uuid + ) + Expect(err).To(MatchError(ContainSubstring(errMsg))) + }) + + It("should fail when vnet guid is empty for azure cni with overlay clusters", func() { + errMsg := "vnet-guid cannot be empty for AzureCNI clusters with networkPluginMode overlay" + err := opts.Parse( + fs, + "--cluster-name", "my-name", + "--cluster-endpoint", "https://karpenter-000000000000.hcp.westus2.staging.azmk8s.io", + "--kubelet-bootstrap-token", "flag-bootstrap-token", + "--ssh-public-key", "flag-ssh-public-key", + "--vm-memory-overhead-percent", "-0.01", + "--network-plugin", "azure", + "--network-plugin-mode", "overlay", + ) + Expect(err).To(MatchError(ContainSubstring(errMsg))) + }) It("should fail when network-plugin-mode is invalid", func() { typo := "overlaay" errMsg := fmt.Sprintf("network-plugin-mode %v is invalid. network-plugin-mode must equal 'overlay' or ''", typo) @@ -263,6 +296,7 @@ var _ = Describe("Options", func() { "--ssh-public-key", "flag-ssh-public-key", "--vnet-subnet-id", "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/sillygeese/providers/Microsoft.Network/virtualNetworks/karpentervnet/subnets/karpentersub", "--network-plugin", "azure", + "--network-plugin-mode", "", ) Expect(err).ToNot(HaveOccurred()) }) @@ -279,6 +313,21 @@ var _ = Describe("Options", func() { ) Expect(err).ToNot(HaveOccurred()) }) + It("should succeed when azure-cni with overlay is configured with the right options", func() { + err := opts.Parse( + fs, + "--cluster-name", "my-name", + "--cluster-endpoint", "https://karpenter-000000000000.hcp.westus2.staging.azmk8s.io", + "--kubelet-bootstrap-token", "flag-bootstrap-token", + "--ssh-public-key", "flag-ssh-public-key", + "--vnet-subnet-id", "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/sillygeese/providers/Microsoft.Network/virtualNetworks/karpentervnet/subnets/karpentersub", + "--network-plugin", "azure", + "--network-plugin-mode", "overlay", + "--vnet-guid", "a519e60a-cac0-40b2-b883-084477fe6f5c", + ) + Expect(err).ToNot(HaveOccurred()) + + }) It("should fail validation when ProvisionMode is not valid", func() { err := opts.Parse( fs, diff --git a/pkg/providers/instancetype/suite_test.go b/pkg/providers/instancetype/suite_test.go index 55ded8ead..bf1ea180e 100644 --- a/pkg/providers/instancetype/suite_test.go +++ b/pkg/providers/instancetype/suite_test.go @@ -161,7 +161,7 @@ var _ = Describe("InstanceType Provider", func() { Expect(decodedString).To(SatisfyAll( ContainSubstring("kubernetes.azure.com/ebpf-dataplane=cilium"), ContainSubstring("kubernetes.azure.com/network-subnet=karpentersub"), - ContainSubstring("kubernetes.azure.com/nodenetwork-vnetguid=test-vnet-guid"), + ContainSubstring("kubernetes.azure.com/nodenetwork-vnetguid=a519e60a-cac0-40b2-b883-084477fe6f5c"), ContainSubstring("kubernetes.azure.com/podnetwork-type=overlay"), ContainSubstring("kubernetes.azure.com/azure-cni-overlay=true"), )) @@ -522,7 +522,7 @@ var _ = Describe("InstanceType Provider", func() { // Since the network plugin is not "azure" it should not include the following kubeletLabels Expect(customData).To(Not(SatisfyAny( ContainSubstring("kubernetes.azure.com/network-subnet=karpentersub"), - ContainSubstring("kubernetes.azure.com/nodenetwork-vnetguid=test-vnet-guid"), + ContainSubstring("kubernetes.azure.com/nodenetwork-vnetguid=a519e60a-cac0-40b2-b883-084477fe6f5c"), ContainSubstring("kubernetes.azure.com/podnetwork-type=overlay"), ))) }) @@ -1255,7 +1255,7 @@ var _ = Describe("InstanceType Provider", func() { sets.New( "kubernetes.azure.com/azure-cni-overlay=true", "kubernetes.azure.com/network-subnet=karpentersub", - "kubernetes.azure.com/nodenetwork-vnetguid=test-vnet-guid", + "kubernetes.azure.com/nodenetwork-vnetguid=a519e60a-cac0-40b2-b883-084477fe6f5c", "kubernetes.azure.com/podnetwork-type=overlay", )), Entry("Azure CNI w Overlay w Cilium", @@ -1264,7 +1264,7 @@ var _ = Describe("InstanceType Provider", func() { sets.New( "kubernetes.azure.com/azure-cni-overlay=true", "kubernetes.azure.com/network-subnet=karpentersub", - "kubernetes.azure.com/nodenetwork-vnetguid=test-vnet-guid", + "kubernetes.azure.com/nodenetwork-vnetguid=a519e60a-cac0-40b2-b883-084477fe6f5c", "kubernetes.azure.com/podnetwork-type=overlay", "kubernetes.azure.com/ebpf-dataplane=cilium", )), diff --git a/pkg/test/options.go b/pkg/test/options.go index 1cac25a41..79564bead 100644 --- a/pkg/test/options.go +++ b/pkg/test/options.go @@ -64,7 +64,7 @@ func Options(overrides ...OptionsFields) *azoptions.Options { NetworkPlugin: lo.FromPtrOr(options.NetworkPlugin, "azure"), NetworkPluginMode: lo.FromPtrOr(options.NetworkPluginMode, "overlay"), NetworkPolicy: lo.FromPtrOr(options.NetworkPolicy, "cilium"), - VnetGUID: lo.FromPtrOr(options.VnetGUID, "test-vnet-guid"), + VnetGUID: lo.FromPtrOr(options.VnetGUID, "a519e60a-cac0-40b2-b883-084477fe6f5c"), NetworkDataplane: lo.FromPtrOr(options.NetworkDataplane, "cilium"), VMMemoryOverheadPercent: lo.FromPtrOr(options.VMMemoryOverheadPercent, 0.075), NodeIdentities: options.NodeIdentities,