diff --git a/go.mod b/go.mod index 3840eee84..a202bb4c2 100644 --- a/go.mod +++ b/go.mod @@ -21,9 +21,9 @@ require ( k8s.io/apimachinery v0.27.6 k8s.io/client-go v0.27.6 k8s.io/code-generator v0.27.6 - knative.dev/hack v0.0.0-20231109190034-5deaddeb51a7 - knative.dev/networking v0.0.0-20231115015815-3af9769712cd - knative.dev/pkg v0.0.0-20231115001034-97c7258e3a98 + knative.dev/hack v0.0.0-20231122182901-eb352426ecc1 + knative.dev/networking v0.0.0-20231123185844-bb18aab9ae99 + knative.dev/pkg v0.0.0-20231123185329-ea6ea8440341 ) require ( @@ -87,7 +87,7 @@ require ( golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.15.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/api v0.150.0 // indirect + google.golang.org/api v0.151.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect diff --git a/go.sum b/go.sum index 8c9ed4717..111241572 100644 --- a/go.sum +++ b/go.sum @@ -577,8 +577,8 @@ google.golang.org/api v0.25.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.150.0 h1:Z9k22qD289SZ8gCJrk4DrWXkNjtfvKAUo/l1ma8eBYE= -google.golang.org/api v0.150.0/go.mod h1:ccy+MJ6nrYFgE3WgRx/AMXOxOmU8Q4hSa+jjibzhxcg= +google.golang.org/api v0.151.0 h1:FhfXLO/NFdJIzQtCqjpysWwqKk8AzGWBUhMIx67cVDU= +google.golang.org/api v0.151.0/go.mod h1:ccy+MJ6nrYFgE3WgRx/AMXOxOmU8Q4hSa+jjibzhxcg= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -706,12 +706,12 @@ k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5F k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY= k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -knative.dev/hack v0.0.0-20231109190034-5deaddeb51a7 h1:HXf7M7n9jwn+Hp904r0HXRSymf+DLXSciFpXVpCg+Bs= -knative.dev/hack v0.0.0-20231109190034-5deaddeb51a7/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q= -knative.dev/networking v0.0.0-20231115015815-3af9769712cd h1:VDtYz+hybqIAEp8NM2tAi2QV4D8Cc5DWLoXLi5IcZjE= -knative.dev/networking v0.0.0-20231115015815-3af9769712cd/go.mod h1:HQ3rA7qrKVWvZUl6GGQefn/PzNXlX4e94KpbwBEjFcQ= -knative.dev/pkg v0.0.0-20231115001034-97c7258e3a98 h1:uvOLwp5Ar7oJlaYEszh51CemuZc1sRRI14xzKhUEF3U= -knative.dev/pkg v0.0.0-20231115001034-97c7258e3a98/go.mod h1:56Qcm0ai7xPWqGxpOnjRi4sAX9fZM9UDTk7fKyjUqZM= +knative.dev/hack v0.0.0-20231122182901-eb352426ecc1 h1:ZUkFAaq5gEls7bJ2ADLg+ZJVtN3KUcHEWx5ngLfacuQ= +knative.dev/hack v0.0.0-20231122182901-eb352426ecc1/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q= +knative.dev/networking v0.0.0-20231123185844-bb18aab9ae99 h1:LFBdYo3YPRH5LwZpQSLrcL0vhzL7zKrI93Mfa+PxkEw= +knative.dev/networking v0.0.0-20231123185844-bb18aab9ae99/go.mod h1:ESsvanBOBBkDxO1qa9mlBhV5yoBH1svcpy/dVmBNdJw= +knative.dev/pkg v0.0.0-20231123185329-ea6ea8440341 h1:GVSTPofS7DbTTxoJw4TwfxNWCzH4QcSI5jm4F7tgDPE= +knative.dev/pkg v0.0.0-20231123185329-ea6ea8440341/go.mod h1:uOiSmQ4t36/4qxaY+hrrgrNNNkDqj6BGZVjtV+cQ+V4= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/vendor/knative.dev/hack/library.sh b/vendor/knative.dev/hack/library.sh index 770b249ec..6b67914e1 100644 --- a/vendor/knative.dev/hack/library.sh +++ b/vendor/knative.dev/hack/library.sh @@ -1031,3 +1031,4 @@ readonly KNATIVE_SERVING_RELEASE_CRDS="$(get_latest_knative_yaml_source "serving readonly KNATIVE_SERVING_RELEASE_CORE="$(get_latest_knative_yaml_source "serving" "serving-core")" readonly KNATIVE_NET_ISTIO_RELEASE="$(get_latest_knative_yaml_source "net-istio" "net-istio")" readonly KNATIVE_EVENTING_RELEASE="$(get_latest_knative_yaml_source "eventing" "eventing")" +readonly KNATIVE_EVENTING_RELEASE_TLS="$(get_latest_knative_yaml_source "eventing" "eventing-tls-networking")" diff --git a/vendor/knative.dev/networking/pkg/apis/networking/register.go b/vendor/knative.dev/networking/pkg/apis/networking/register.go index e88e9b5c0..342560f74 100644 --- a/vendor/knative.dev/networking/pkg/apis/networking/register.go +++ b/vendor/knative.dev/networking/pkg/apis/networking/register.go @@ -119,6 +119,10 @@ const ( // already using labels for domain, it probably best to keep this // consistent. VisibilityLabelKey = PublicGroupName + "/visibility" + + // CertificateTypeLabelKey is the label to indicate the type of Knative certificate + // used for Knative Serving encryption functionality. Corresponding values are defined in config.CertificateType. + CertificateTypeLabelKey = PublicGroupName + "/certificate-type" ) // Pseudo-constants diff --git a/vendor/knative.dev/networking/pkg/apis/networking/v1alpha1/ingress_helpers.go b/vendor/knative.dev/networking/pkg/apis/networking/v1alpha1/ingress_helpers.go new file mode 100644 index 000000000..f3e015b05 --- /dev/null +++ b/vendor/knative.dev/networking/pkg/apis/networking/v1alpha1/ingress_helpers.go @@ -0,0 +1,55 @@ +/* +Copyright 2023 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + "slices" +) + +// GetIngressTLSForVisibility returns a list of `Spec.TLS` where each host in the `Rules.Hosts` field is +// present in `Spec.TLS.Hosts` and where the Rules have the defined ingress visibility. +// This method can be used in net-* implementations to select the correct `IngressTLS` entries +// for cluster-local and cluster-external gateways/listeners. +func (i *Ingress) GetIngressTLSForVisibility(visibility IngressVisibility) []IngressTLS { + ingressTLS := make([]IngressTLS, 0, len(i.Spec.TLS)) + + if i.Spec.TLS == nil || len(i.Spec.TLS) == 0 { + return ingressTLS + } + + for _, rule := range i.Spec.Rules { + if rule.Visibility == visibility { + if rule.Hosts == nil || len(rule.Hosts) == 0 { + return ingressTLS + } + + for _, tls := range i.Spec.TLS { + containsAllRuleHosts := true + for _, h := range rule.Hosts { + if !slices.Contains(tls.Hosts, h) { + containsAllRuleHosts = false + } + } + if containsAllRuleHosts { + ingressTLS = append(ingressTLS, tls) + } + } + } + } + + return ingressTLS +} diff --git a/vendor/knative.dev/networking/pkg/config/config.go b/vendor/knative.dev/networking/pkg/config/config.go index 028937067..b9fca8585 100644 --- a/vendor/knative.dev/networking/pkg/config/config.go +++ b/vendor/knative.dev/networking/pkg/config/config.go @@ -67,12 +67,6 @@ const ( // Certificate reconciler. CertManagerCertificateClassName = "cert-manager.certificate.networking.knative.dev" - // ServingInternalCertName is the name of secret contains certificates in serving - // system namespace. - // - // Deprecated: ServingInternalCertName is deprecated. Use ServingRoutingCertName instead. - ServingInternalCertName = "knative-serving-certs" - // ServingRoutingCertName is the name of secret contains certificates for Routing data in serving // system namespace. (Used by Ingress GWs and Activator) ServingRoutingCertName = "routing-serving-certs" @@ -148,6 +142,20 @@ const ( SystemInternalTLSKey = "system-internal-tls" ) +// CertificateType indicates the type of Knative Certificate. +type CertificateType string + +const ( + // CertificateSystemInternal defines a certificate used for `system-internal-tls`. + CertificateSystemInternal CertificateType = "system-internal" + + // CertificateClusterLocalDomain defines a certificate used for `cluster-local-domain-tls`. + CertificateClusterLocalDomain CertificateType = "cluster-local-domain" + + // CertificateExternalDomain defines a cerificate used for `external-domain-tls`. + CertificateExternalDomain CertificateType = "external-domain" +) + // EncryptionConfig indicates the encryption configuration // used for TLS connections. type EncryptionConfig string diff --git a/vendor/modules.txt b/vendor/modules.txt index caf3d616a..3417795ab 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -374,7 +374,7 @@ golang.org/x/tools/internal/typeparams # gomodules.xyz/jsonpatch/v2 v2.4.0 ## explicit; go 1.20 gomodules.xyz/jsonpatch/v2 -# google.golang.org/api v0.150.0 +# google.golang.org/api v0.151.0 ## explicit; go 1.19 google.golang.org/api/support/bundler # google.golang.org/appengine v1.6.7 @@ -1012,10 +1012,10 @@ k8s.io/utils/net k8s.io/utils/pointer k8s.io/utils/strings/slices k8s.io/utils/trace -# knative.dev/hack v0.0.0-20231109190034-5deaddeb51a7 +# knative.dev/hack v0.0.0-20231122182901-eb352426ecc1 ## explicit; go 1.18 knative.dev/hack -# knative.dev/networking v0.0.0-20231115015815-3af9769712cd +# knative.dev/networking v0.0.0-20231123185844-bb18aab9ae99 ## explicit; go 1.18 knative.dev/networking/config knative.dev/networking/pkg @@ -1056,7 +1056,7 @@ knative.dev/networking/test/test_images/runtime/handlers knative.dev/networking/test/test_images/timeout knative.dev/networking/test/test_images/wsserver knative.dev/networking/test/types -# knative.dev/pkg v0.0.0-20231115001034-97c7258e3a98 +# knative.dev/pkg v0.0.0-20231123185329-ea6ea8440341 ## explicit; go 1.18 knative.dev/pkg/apis knative.dev/pkg/apis/duck