diff --git a/api/v1/appbinding.go b/api/v1/appbinding.go index 32796ef5..63b5c023 100644 --- a/api/v1/appbinding.go +++ b/api/v1/appbinding.go @@ -16,6 +16,10 @@ limitations under the License. package v1 +import ( + kmapi "kmodules.xyz/client-go/api/v1" +) + type GrafanaConfig struct { URL string `json:"url"` Service ServiceSpec `json:"service"` @@ -73,3 +77,46 @@ type GrafanaContext struct { FolderID *int64 `json:"folderID,omitempty"` Datasource string `json:"datasource,omitempty"` } + +type Prometheus struct { + AppBindingRef *kmapi.ObjectReference `json:"appBindingRef,omitempty"` + *ConnectionSpec `json:",inline,omitempty"` +} + +// ConnectionSpec is the spec for app +type ConnectionSpec struct { + // ClientConfig defines how to communicate with the app. + // Required + ClientConfig `json:",inline"` + + // Secret is the name of the secret to create in the AppBinding's + // namespace that will hold the credentials associated with the AppBinding. + AuthSecret *kmapi.ObjectReference `json:"authSecret,omitempty"` + + // TLSSecret is the name of the secret that will hold + // the client certificate and private key associated with the AppBinding. + TLSSecret *kmapi.ObjectReference `json:"tlsSecret,omitempty"` +} + +// ClientConfig contains the information to make a connection with an app +type ClientConfig struct { + // `url` gives the location of the app, in standard URL form + // (`[scheme://]host:port/path`). Exactly one of `url` or `service` + // must be specified. + // +optional + URL string `json:"url"` + + // InsecureSkipTLSVerify disables TLS certificate verification when communicating with this app. + // This is strongly discouraged. You should use the CABundle instead. + InsecureSkipTLSVerify bool `json:"insecureSkipTLSVerify,omitempty"` + + // CABundle is a PEM encoded CA bundle which will be used to validate the serving certificate of this app. + // +optional + CABundle []byte `json:"caBundle,omitempty"` + + // ServerName is used to verify the hostname on the returned + // certificates unless InsecureSkipVerify is given. It is also included + // in the client's handshake to support virtual hosting unless it is + // an IP address. + ServerName string `json:"serverName,omitempty"` +} diff --git a/api/v1/helpers.go b/api/v1/helpers.go index 63942579..f6f22037 100644 --- a/api/v1/helpers.go +++ b/api/v1/helpers.go @@ -17,12 +17,16 @@ limitations under the License. package v1 import ( + "errors" "fmt" "kmodules.xyz/client-go/policy/secomp" + appcatalog "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1" "gomodules.xyz/pointer" core "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" ) func (agent *AgentSpec) SetDefaults() { @@ -86,3 +90,48 @@ func GrafanaDatasource(isDefault bool, clusterName, projectId string) string { } return fmt.Sprintf("%s-%s", clusterName, projectId) } + +func (c *ConnectionSpec) ToAppBinding() (*appcatalog.AppBinding, error) { + var ns string + if c.AuthSecret != nil { + if c.AuthSecret.Namespace == "" { + return nil, errors.New("auth secret namespace not set") + } + ns = c.AuthSecret.Namespace + } + if c.TLSSecret != nil { + if c.TLSSecret.Namespace == "" { + return nil, errors.New("tls secret namespace not set") + } + if ns != "" && ns != c.TLSSecret.Namespace { + return nil, errors.New("tls secret namespace does not match auth secret namespace") + } + } + + app := appcatalog.AppBinding{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "", + Namespace: ns, + }, + Spec: appcatalog.AppBindingSpec{ + ClientConfig: appcatalog.ClientConfig{ + URL: ptr.To(c.URL), + InsecureSkipTLSVerify: c.InsecureSkipTLSVerify, + CABundle: c.CABundle, + ServerName: c.ServerName, + }, + }, + } + if c.AuthSecret != nil { + app.Spec.Secret = &core.LocalObjectReference{ + Name: c.AuthSecret.Name, + } + } + if c.TLSSecret != nil { + app.Spec.TLSSecret = &core.LocalObjectReference{ + Name: c.TLSSecret.Name, + } + } + return &app, nil +} diff --git a/api/v1/openapi_generated.go b/api/v1/openapi_generated.go index e2577342..4b26157a 100644 --- a/api/v1/openapi_generated.go +++ b/api/v1/openapi_generated.go @@ -33,12 +33,15 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "kmodules.xyz/monitoring-agent-api/api/v1.AgentSpec": schema_kmodulesxyz_monitoring_agent_api_api_v1_AgentSpec(ref), "kmodules.xyz/monitoring-agent-api/api/v1.AlertPreset": schema_kmodulesxyz_monitoring_agent_api_api_v1_AlertPreset(ref), "kmodules.xyz/monitoring-agent-api/api/v1.BasicAuth": schema_kmodulesxyz_monitoring_agent_api_api_v1_BasicAuth(ref), + "kmodules.xyz/monitoring-agent-api/api/v1.ClientConfig": schema_kmodulesxyz_monitoring_agent_api_api_v1_ClientConfig(ref), + "kmodules.xyz/monitoring-agent-api/api/v1.ConnectionSpec": schema_kmodulesxyz_monitoring_agent_api_api_v1_ConnectionSpec(ref), "kmodules.xyz/monitoring-agent-api/api/v1.DashboardSpec": schema_kmodulesxyz_monitoring_agent_api_api_v1_DashboardSpec(ref), "kmodules.xyz/monitoring-agent-api/api/v1.GrafanaConfig": schema_kmodulesxyz_monitoring_agent_api_api_v1_GrafanaConfig(ref), "kmodules.xyz/monitoring-agent-api/api/v1.GrafanaContext": schema_kmodulesxyz_monitoring_agent_api_api_v1_GrafanaContext(ref), "kmodules.xyz/monitoring-agent-api/api/v1.MonitoringPresets": schema_kmodulesxyz_monitoring_agent_api_api_v1_MonitoringPresets(ref), "kmodules.xyz/monitoring-agent-api/api/v1.MonitoringPresetsForm": schema_kmodulesxyz_monitoring_agent_api_api_v1_MonitoringPresetsForm(ref), "kmodules.xyz/monitoring-agent-api/api/v1.MonitoringPresetsSpec": schema_kmodulesxyz_monitoring_agent_api_api_v1_MonitoringPresetsSpec(ref), + "kmodules.xyz/monitoring-agent-api/api/v1.Prometheus": schema_kmodulesxyz_monitoring_agent_api_api_v1_Prometheus(ref), "kmodules.xyz/monitoring-agent-api/api/v1.PrometheusConfig": schema_kmodulesxyz_monitoring_agent_api_api_v1_PrometheusConfig(ref), "kmodules.xyz/monitoring-agent-api/api/v1.PrometheusContext": schema_kmodulesxyz_monitoring_agent_api_api_v1_PrometheusContext(ref), "kmodules.xyz/monitoring-agent-api/api/v1.PrometheusExporterSpec": schema_kmodulesxyz_monitoring_agent_api_api_v1_PrometheusExporterSpec(ref), @@ -138,6 +141,104 @@ func schema_kmodulesxyz_monitoring_agent_api_api_v1_BasicAuth(ref common.Referen } } +func schema_kmodulesxyz_monitoring_agent_api_api_v1_ClientConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ClientConfig contains the information to make a connection with an app", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "url": { + SchemaProps: spec.SchemaProps{ + Description: "`url` gives the location of the app, in standard URL form (`[scheme://]host:port/path`). Exactly one of `url` or `service` must be specified.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "insecureSkipTLSVerify": { + SchemaProps: spec.SchemaProps{ + Description: "InsecureSkipTLSVerify disables TLS certificate verification when communicating with this app. This is strongly discouraged. You should use the CABundle instead.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "caBundle": { + SchemaProps: spec.SchemaProps{ + Description: "CABundle is a PEM encoded CA bundle which will be used to validate the serving certificate of this app.", + Type: []string{"string"}, + Format: "byte", + }, + }, + "serverName": { + SchemaProps: spec.SchemaProps{ + Description: "ServerName is used to verify the hostname on the returned certificates unless InsecureSkipVerify is given. It is also included in the client's handshake to support virtual hosting unless it is an IP address.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + +func schema_kmodulesxyz_monitoring_agent_api_api_v1_ConnectionSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ConnectionSpec is the spec for app", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "url": { + SchemaProps: spec.SchemaProps{ + Description: "`url` gives the location of the app, in standard URL form (`[scheme://]host:port/path`). Exactly one of `url` or `service` must be specified.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "insecureSkipTLSVerify": { + SchemaProps: spec.SchemaProps{ + Description: "InsecureSkipTLSVerify disables TLS certificate verification when communicating with this app. This is strongly discouraged. You should use the CABundle instead.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "caBundle": { + SchemaProps: spec.SchemaProps{ + Description: "CABundle is a PEM encoded CA bundle which will be used to validate the serving certificate of this app.", + Type: []string{"string"}, + Format: "byte", + }, + }, + "serverName": { + SchemaProps: spec.SchemaProps{ + Description: "ServerName is used to verify the hostname on the returned certificates unless InsecureSkipVerify is given. It is also included in the client's handshake to support virtual hosting unless it is an IP address.", + Type: []string{"string"}, + Format: "", + }, + }, + "authSecret": { + SchemaProps: spec.SchemaProps{ + Description: "Secret is the name of the secret to create in the AppBinding's namespace that will hold the credentials associated with the AppBinding.", + Ref: ref("kmodules.xyz/client-go/api/v1.ObjectReference"), + }, + }, + "tlsSecret": { + SchemaProps: spec.SchemaProps{ + Description: "TLSSecret is the name of the secret that will hold the client certificate and private key associated with the AppBinding.", + Ref: ref("kmodules.xyz/client-go/api/v1.ObjectReference"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "kmodules.xyz/client-go/api/v1.ObjectReference"}, + } +} + func schema_kmodulesxyz_monitoring_agent_api_api_v1_DashboardSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -310,6 +411,66 @@ func schema_kmodulesxyz_monitoring_agent_api_api_v1_MonitoringPresetsSpec(ref co } } +func schema_kmodulesxyz_monitoring_agent_api_api_v1_Prometheus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "appBindingRef": { + SchemaProps: spec.SchemaProps{ + Ref: ref("kmodules.xyz/client-go/api/v1.ObjectReference"), + }, + }, + "url": { + SchemaProps: spec.SchemaProps{ + Description: "`url` gives the location of the app, in standard URL form (`[scheme://]host:port/path`). Exactly one of `url` or `service` must be specified.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "insecureSkipTLSVerify": { + SchemaProps: spec.SchemaProps{ + Description: "InsecureSkipTLSVerify disables TLS certificate verification when communicating with this app. This is strongly discouraged. You should use the CABundle instead.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "caBundle": { + SchemaProps: spec.SchemaProps{ + Description: "CABundle is a PEM encoded CA bundle which will be used to validate the serving certificate of this app.", + Type: []string{"string"}, + Format: "byte", + }, + }, + "serverName": { + SchemaProps: spec.SchemaProps{ + Description: "ServerName is used to verify the hostname on the returned certificates unless InsecureSkipVerify is given. It is also included in the client's handshake to support virtual hosting unless it is an IP address.", + Type: []string{"string"}, + Format: "", + }, + }, + "authSecret": { + SchemaProps: spec.SchemaProps{ + Description: "Secret is the name of the secret to create in the AppBinding's namespace that will hold the credentials associated with the AppBinding.", + Ref: ref("kmodules.xyz/client-go/api/v1.ObjectReference"), + }, + }, + "tlsSecret": { + SchemaProps: spec.SchemaProps{ + Description: "TLSSecret is the name of the secret that will hold the client certificate and private key associated with the AppBinding.", + Ref: ref("kmodules.xyz/client-go/api/v1.ObjectReference"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "kmodules.xyz/client-go/api/v1.ObjectReference"}, + } +} + func schema_kmodulesxyz_monitoring_agent_api_api_v1_PrometheusConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go index 486df2c8..39099e97 100644 --- a/api/v1/zz_generated.deepcopy.go +++ b/api/v1/zz_generated.deepcopy.go @@ -22,6 +22,8 @@ limitations under the License. package v1 import ( + apiv1 "kmodules.xyz/client-go/api/v1" + corev1 "k8s.io/api/core/v1" ) @@ -85,6 +87,54 @@ func (in *BasicAuth) DeepCopy() *BasicAuth { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientConfig) DeepCopyInto(out *ClientConfig) { + *out = *in + if in.CABundle != nil { + in, out := &in.CABundle, &out.CABundle + *out = make([]byte, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientConfig. +func (in *ClientConfig) DeepCopy() *ClientConfig { + if in == nil { + return nil + } + out := new(ClientConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConnectionSpec) DeepCopyInto(out *ConnectionSpec) { + *out = *in + in.ClientConfig.DeepCopyInto(&out.ClientConfig) + if in.AuthSecret != nil { + in, out := &in.AuthSecret, &out.AuthSecret + *out = new(apiv1.ObjectReference) + **out = **in + } + if in.TLSSecret != nil { + in, out := &in.TLSSecret, &out.TLSSecret + *out = new(apiv1.ObjectReference) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionSpec. +func (in *ConnectionSpec) DeepCopy() *ConnectionSpec { + if in == nil { + return nil + } + out := new(ConnectionSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DashboardSpec) DeepCopyInto(out *DashboardSpec) { *out = *in @@ -194,6 +244,32 @@ func (in *MonitoringPresetsSpec) DeepCopy() *MonitoringPresetsSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Prometheus) DeepCopyInto(out *Prometheus) { + *out = *in + if in.AppBindingRef != nil { + in, out := &in.AppBindingRef, &out.AppBindingRef + *out = new(apiv1.ObjectReference) + **out = **in + } + if in.ConnectionSpec != nil { + in, out := &in.ConnectionSpec, &out.ConnectionSpec + *out = new(ConnectionSpec) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Prometheus. +func (in *Prometheus) DeepCopy() *Prometheus { + if in == nil { + return nil + } + out := new(Prometheus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PrometheusConfig) DeepCopyInto(out *PrometheusConfig) { *out = *in diff --git a/client/builder.go b/client/builder.go index c419bfe7..34af9d04 100644 --- a/client/builder.go +++ b/client/builder.go @@ -110,7 +110,7 @@ func (r *ClientBuilder) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.R return ctrl.Result{}, nil } - cfg, projections, err := r.build(app) + cfg, projections, err := r.Build(r.mgr.GetClient(), app) if err != nil { r.unset() return ctrl.Result{}, err @@ -191,7 +191,7 @@ func (r *ClientBuilder) Setup() error { Complete(r) } -func (r *ClientBuilder) build(app *appcatalog.AppBinding) (*Config, map[string]atomic_writer.FileProjection, error) { +func (r *ClientBuilder) Build(kc client.Client, app *appcatalog.AppBinding) (*Config, map[string]atomic_writer.FileProjection, error) { var cfg Config addr, err := app.URL() @@ -205,7 +205,7 @@ func (r *ClientBuilder) build(app *appcatalog.AppBinding) (*Config, map[string]a if app.Spec.Secret != nil && app.Spec.Secret.Name != "" { var authSecret core.Secret key := client.ObjectKey{Namespace: app.Namespace, Name: app.Spec.Secret.Name} - err = r.mgr.GetClient().Get(context.TODO(), key, &authSecret) + err = kc.Get(context.TODO(), key, &authSecret) if err != nil { return nil, nil, errors.Wrapf(err, "Secret %s not found", key) } @@ -222,7 +222,7 @@ func (r *ClientBuilder) build(app *appcatalog.AppBinding) (*Config, map[string]a } projections := map[string]atomic_writer.FileProjection{} - if len(app.Spec.ClientConfig.CABundle) > 0 { + if len(app.Spec.ClientConfig.CABundle) > 0 && r.tmpDir != "" { projections["ca.crt"] = atomic_writer.FileProjection{ Data: app.Spec.ClientConfig.CABundle, Mode: 0o644, @@ -233,19 +233,19 @@ func (r *ClientBuilder) build(app *appcatalog.AppBinding) (*Config, map[string]a if app.Spec.TLSSecret != nil && app.Spec.TLSSecret.Name != "" { var clientSecret core.Secret key := client.ObjectKey{Namespace: app.Namespace, Name: app.Spec.TLSSecret.Name} - err = r.mgr.GetClient().Get(context.TODO(), key, &clientSecret) + err = kc.Get(context.TODO(), key, &clientSecret) if err != nil { return nil, nil, errors.Wrapf(err, "Secret %s not found", key) } - if v, ok := clientSecret.Data[core.TLSCertKey]; ok { + if v, ok := clientSecret.Data[core.TLSCertKey]; ok && r.tmpDir != "" { projections[core.TLSCertKey] = atomic_writer.FileProjection{ Data: v, Mode: 0o644, } cfg.TLSConfig.CertFile = filepath.Join(r.tmpDir, core.TLSCertKey) } - if v, ok := clientSecret.Data[core.TLSPrivateKeyKey]; ok { + if v, ok := clientSecret.Data[core.TLSPrivateKeyKey]; ok && r.tmpDir != "" { projections[core.TLSPrivateKeyKey] = atomic_writer.FileProjection{ Data: v, Mode: 0o644, diff --git a/client/config.go b/client/config.go index 704f6fdd..1b39fafa 100644 --- a/client/config.go +++ b/client/config.go @@ -17,13 +17,19 @@ limitations under the License. package client import ( + "context" + "errors" "flag" "net/url" + appcatalog "kmodules.xyz/custom-resources/apis/appcatalog/v1alpha1" + api "kmodules.xyz/monitoring-agent-api/api/v1" + promapi "github.com/prometheus/client_golang/api" prom_config "github.com/prometheus/common/config" "github.com/spf13/pflag" "go.bytebuilders.dev/license-verifier/info" + "sigs.k8s.io/controller-runtime/pkg/client" ) type Config struct { @@ -141,3 +147,29 @@ func (p *Config) NewPrometheusClient() (promapi.Client, error) { RoundTripper: rt, }) } + +func NewConfig(kc client.Client, p api.Prometheus, tmpDir string) (*Config, error) { + var app *appcatalog.AppBinding + var err error + if p.ConnectionSpec != nil { + app, err = p.ToAppBinding() + if err != nil { + return nil, err + } + } + if p.AppBindingRef != nil { + if err = kc.Get(context.Background(), p.AppBindingRef.ObjectKey(), app); err != nil { + return nil, err + } + } + if app == nil { + return nil, errors.New("missing Prometheus connection configuration") + } + + builder := &ClientBuilder{ + tmpDir: tmpDir, + } + + cfg, _, err := builder.Build(kc, app) + return cfg, err +} diff --git a/go.mod b/go.mod index 19bda9a5..5142144f 100644 --- a/go.mod +++ b/go.mod @@ -25,6 +25,7 @@ require ( k8s.io/client-go v0.32.2 k8s.io/klog/v2 v2.130.1 k8s.io/kube-openapi v0.0.0-20250304201544-e5f78fe3ede9 + k8s.io/utils v0.0.0-20241210054802-24370beab758 kmodules.xyz/client-go v0.32.0 kmodules.xyz/custom-resources v0.32.0 sigs.k8s.io/controller-runtime v0.20.3 @@ -71,12 +72,12 @@ require ( github.com/x448/float16 v0.8.4 // indirect github.com/yudai/gojsondiff v1.0.0 // indirect github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect - golang.org/x/net v0.36.0 // indirect + golang.org/x/net v0.38.0 // indirect golang.org/x/oauth2 v0.27.0 // indirect - golang.org/x/sync v0.11.0 // indirect - golang.org/x/sys v0.30.0 // indirect - golang.org/x/term v0.29.0 // indirect - golang.org/x/text v0.22.0 // indirect + golang.org/x/sync v0.12.0 // indirect + golang.org/x/sys v0.31.0 // indirect + golang.org/x/term v0.30.0 // indirect + golang.org/x/text v0.23.0 // indirect golang.org/x/time v0.10.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect gomodules.xyz/mergo v0.3.13 // indirect @@ -88,7 +89,6 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/apiextensions-apiserver v0.32.2 // indirect - k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect kmodules.xyz/apiversion v0.2.0 // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect sigs.k8s.io/randfill v1.0.0 // indirect diff --git a/go.sum b/go.sum index 7afd5805..aabdabdd 100644 --- a/go.sum +++ b/go.sum @@ -173,27 +173,27 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA= -golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I= +golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= +golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M= golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w= -golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= +golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= -golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU= -golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= +golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y= +golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= -golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= +golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= +golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4= golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/vendor/golang.org/x/net/http2/frame.go b/vendor/golang.org/x/net/http2/frame.go index 81faec7e..97bd8b06 100644 --- a/vendor/golang.org/x/net/http2/frame.go +++ b/vendor/golang.org/x/net/http2/frame.go @@ -225,6 +225,11 @@ var fhBytes = sync.Pool{ }, } +func invalidHTTP1LookingFrameHeader() FrameHeader { + fh, _ := readFrameHeader(make([]byte, frameHeaderLen), strings.NewReader("HTTP/1.1 ")) + return fh +} + // ReadFrameHeader reads 9 bytes from r and returns a FrameHeader. // Most users should use Framer.ReadFrame instead. func ReadFrameHeader(r io.Reader) (FrameHeader, error) { @@ -503,10 +508,16 @@ func (fr *Framer) ReadFrame() (Frame, error) { return nil, err } if fh.Length > fr.maxReadSize { + if fh == invalidHTTP1LookingFrameHeader() { + return nil, fmt.Errorf("http2: failed reading the frame payload: %w, note that the frame header looked like an HTTP/1.1 header", err) + } return nil, ErrFrameTooLarge } payload := fr.getReadBuf(fh.Length) if _, err := io.ReadFull(fr.r, payload); err != nil { + if fh == invalidHTTP1LookingFrameHeader() { + return nil, fmt.Errorf("http2: failed reading the frame payload: %w, note that the frame header looked like an HTTP/1.1 header", err) + } return nil, err } f, err := typeFrameParser(fh.Type)(fr.frameCache, fh, fr.countError, payload) diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go index b640deb0..51fca38f 100644 --- a/vendor/golang.org/x/net/http2/server.go +++ b/vendor/golang.org/x/net/http2/server.go @@ -1068,7 +1068,10 @@ func (sc *serverConn) serve(conf http2Config) { func (sc *serverConn) handlePingTimer(lastFrameReadTime time.Time) { if sc.pingSent { - sc.vlogf("timeout waiting for PING response") + sc.logf("timeout waiting for PING response") + if f := sc.countErrorFunc; f != nil { + f("conn_close_lost_ping") + } sc.conn.Close() return } diff --git a/vendor/golang.org/x/sync/errgroup/errgroup.go b/vendor/golang.org/x/sync/errgroup/errgroup.go index b8322598..a4ea5d14 100644 --- a/vendor/golang.org/x/sync/errgroup/errgroup.go +++ b/vendor/golang.org/x/sync/errgroup/errgroup.go @@ -46,7 +46,7 @@ func (g *Group) done() { // returns a non-nil error or the first time Wait returns, whichever occurs // first. func WithContext(ctx context.Context) (*Group, context.Context) { - ctx, cancel := withCancelCause(ctx) + ctx, cancel := context.WithCancelCause(ctx) return &Group{cancel: cancel}, ctx } diff --git a/vendor/golang.org/x/sync/errgroup/go120.go b/vendor/golang.org/x/sync/errgroup/go120.go deleted file mode 100644 index f93c740b..00000000 --- a/vendor/golang.org/x/sync/errgroup/go120.go +++ /dev/null @@ -1,13 +0,0 @@ -// Copyright 2023 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build go1.20 - -package errgroup - -import "context" - -func withCancelCause(parent context.Context) (context.Context, func(error)) { - return context.WithCancelCause(parent) -} diff --git a/vendor/golang.org/x/sync/errgroup/pre_go120.go b/vendor/golang.org/x/sync/errgroup/pre_go120.go deleted file mode 100644 index 88ce3343..00000000 --- a/vendor/golang.org/x/sync/errgroup/pre_go120.go +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright 2023 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !go1.20 - -package errgroup - -import "context" - -func withCancelCause(parent context.Context) (context.Context, func(error)) { - ctx, cancel := context.WithCancel(parent) - return ctx, func(error) { cancel() } -} diff --git a/vendor/modules.txt b/vendor/modules.txt index fab7d347..480a6a00 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -201,7 +201,7 @@ github.com/zeebo/xxh3 ## explicit; go 1.21 go.bytebuilders.dev/license-verifier/apis/licenses go.bytebuilders.dev/license-verifier/info -# golang.org/x/net v0.36.0 +# golang.org/x/net v0.38.0 ## explicit; go 1.23.0 golang.org/x/net/http/httpguts golang.org/x/net/http/httpproxy @@ -216,19 +216,19 @@ golang.org/x/net/trace golang.org/x/oauth2 golang.org/x/oauth2/clientcredentials golang.org/x/oauth2/internal -# golang.org/x/sync v0.11.0 -## explicit; go 1.18 +# golang.org/x/sync v0.12.0 +## explicit; go 1.23.0 golang.org/x/sync/errgroup -# golang.org/x/sys v0.30.0 -## explicit; go 1.18 +# golang.org/x/sys v0.31.0 +## explicit; go 1.23.0 golang.org/x/sys/plan9 golang.org/x/sys/unix golang.org/x/sys/windows -# golang.org/x/term v0.29.0 -## explicit; go 1.18 +# golang.org/x/term v0.30.0 +## explicit; go 1.23.0 golang.org/x/term -# golang.org/x/text v0.22.0 -## explicit; go 1.18 +# golang.org/x/text v0.23.0 +## explicit; go 1.23.0 golang.org/x/text/secure/bidirule golang.org/x/text/transform golang.org/x/text/unicode/bidi