From d58a81166de77afaf497f6aed0c8374c68897a75 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 Sep 2025 10:12:08 +0000 Subject: [PATCH] :seedling: Bump open-cluster-management.io/addon-framework Bumps the open-cluster-management-io group with 1 update: [open-cluster-management.io/addon-framework](https://github.com/open-cluster-management-io/addon-framework). Updates `open-cluster-management.io/addon-framework` from 1.0.1-0.20250722093201-ee47752c02f3 to 1.0.1 - [Release notes](https://github.com/open-cluster-management-io/addon-framework/releases) - [Commits](https://github.com/open-cluster-management-io/addon-framework/commits/v1.0.1) --- updated-dependencies: - dependency-name: open-cluster-management.io/addon-framework dependency-version: 1.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: open-cluster-management-io ... Signed-off-by: dependabot[bot] --- go.mod | 4 +- go.sum | 4 +- vendor/modules.txt | 8 +- .../pkg/addonfactory/addonfactory.go | 3 + .../pkg/addonfactory/helm_agentaddon.go | 3 +- .../pkg/addonfactory/trimcrds.go | 102 ++++++++++++++++++ .../pkg/addonmanager/addontesting/helpers.go | 8 +- .../controllers/addonconfig/controller.go | 2 +- .../controllers/agentdeploy/controller.go | 2 +- .../agentdeploy/healthcheck_sync.go | 43 ++++---- .../controllers/certificate/csrsign.go | 9 +- .../controllers/cmaconfig/controller.go | 2 +- .../controllers/registration/controller.go | 5 +- .../addon-framework/pkg/agent/inteface.go | 23 ++-- .../addon-framework/pkg/utils/csr_helpers.go | 38 +++---- .../addon-framework/pkg/utils/helpers.go | 2 +- .../addon-framework/pkg/utils/probe_helper.go | 33 ++---- 17 files changed, 176 insertions(+), 115 deletions(-) diff --git a/go.mod b/go.mod index 8cf4687da..b119dd428 100644 --- a/go.mod +++ b/go.mod @@ -39,7 +39,7 @@ require ( k8s.io/kube-aggregator v0.33.4 k8s.io/kubectl v0.33.4 k8s.io/utils v0.0.0-20241210054802-24370beab758 - open-cluster-management.io/addon-framework v1.0.1-0.20250910091630-7f19b89a319b + open-cluster-management.io/addon-framework v1.0.1 open-cluster-management.io/api v1.0.1-0.20250903073454-c6702adf44cc open-cluster-management.io/sdk-go v1.0.1-0.20250911065113-bff262df709b sigs.k8s.io/about-api v0.0.0-20250131010323-518069c31c03 @@ -119,8 +119,6 @@ require ( github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect - github.com/moby/patternmatcher v0.6.0 // indirect - github.com/moby/sys/user v0.4.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect diff --git a/go.sum b/go.sum index 246633416..b5c4647c4 100644 --- a/go.sum +++ b/go.sum @@ -555,8 +555,8 @@ k8s.io/kubectl v0.33.4 h1:nXEI6Vi+oB9hXxoAHyHisXolm/l1qutK3oZQMak4N98= k8s.io/kubectl v0.33.4/go.mod h1:Xe7P9X4DfILvKmlBsVqUtzktkI56lEj22SJW7cFy6nE= k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -open-cluster-management.io/addon-framework v1.0.1-0.20250910091630-7f19b89a319b h1:/ZT+G/UyMa20gy2OnX30IByst0Ca3VV0lgyLt1miHjk= -open-cluster-management.io/addon-framework v1.0.1-0.20250910091630-7f19b89a319b/go.mod h1:IrMjmd3dLjJtrP2Aqa0Sf/3lDysJHa4j5lNQQ13NxVs= +open-cluster-management.io/addon-framework v1.0.1 h1:hWrA+PVN5/Sjk5sBiBcyimDt01/5Hi+BLDNhS1dWVl0= +open-cluster-management.io/addon-framework v1.0.1/go.mod h1:Gw9zRGvuNJJ3XhTYanIuA7FFFw0EjtoE74l5OBZCZf8= open-cluster-management.io/api v1.0.1-0.20250903073454-c6702adf44cc h1:U8O6RhHjp088oWuQsGx6pwwFpOFgWo1gl9qhgIGgDpk= open-cluster-management.io/api v1.0.1-0.20250903073454-c6702adf44cc/go.mod h1:lEc5Wkc9ON5ym/qAtIqNgrE7NW7IEOCOC611iQMlnKM= open-cluster-management.io/sdk-go v1.0.1-0.20250911065113-bff262df709b h1:tzgcM+yJJBgMwYYbjfzW4kL8p7bsHnScE5lS/69lksE= diff --git a/vendor/modules.txt b/vendor/modules.txt index cda736f70..fce1eef0b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -371,10 +371,6 @@ github.com/mitchellh/copystructure github.com/mitchellh/reflectwalk # github.com/moby/docker-image-spec v1.3.1 ## explicit; go 1.18 -# github.com/moby/patternmatcher v0.6.0 -## explicit; go 1.19 -# github.com/moby/sys/user v0.4.0 -## explicit; go 1.17 # github.com/mochi-mqtt/server/v2 v2.7.9 ## explicit; go 1.21 github.com/mochi-mqtt/server/v2 @@ -1729,8 +1725,8 @@ k8s.io/utils/path k8s.io/utils/pointer k8s.io/utils/ptr k8s.io/utils/trace -# open-cluster-management.io/addon-framework v1.0.1-0.20250910091630-7f19b89a319b -## explicit; go 1.24.0 +# open-cluster-management.io/addon-framework v1.0.1 +## explicit; go 1.23.6 open-cluster-management.io/addon-framework/pkg/addonfactory open-cluster-management.io/addon-framework/pkg/addonmanager open-cluster-management.io/addon-framework/pkg/addonmanager/addontesting diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/addonfactory.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/addonfactory.go index c2cf3e186..2bcad7db1 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/addonfactory.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/addonfactory.go @@ -5,6 +5,7 @@ import ( "fmt" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/client-go/kubernetes/scheme" @@ -49,6 +50,7 @@ func NewAgentAddonFactory(addonName string, fs embed.FS, dir string) *AgentAddon s := runtime.NewScheme() _ = scheme.AddToScheme(s) _ = apiextensionsv1.AddToScheme(s) + _ = apiextensionsv1beta1.AddToScheme(s) return &AgentAddonFactory{ fs: fs, @@ -72,6 +74,7 @@ func (f *AgentAddonFactory) WithScheme(s *runtime.Scheme) *AgentAddonFactory { f.scheme = s _ = scheme.AddToScheme(f.scheme) _ = apiextensionsv1.AddToScheme(f.scheme) + _ = apiextensionsv1beta1.AddToScheme(f.scheme) return f } diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/helm_agentaddon.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/helm_agentaddon.go index a96a0c09a..cc133c2ed 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/helm_agentaddon.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/helm_agentaddon.go @@ -208,9 +208,8 @@ func (a *HelmAgentAddon) getValues( if err != nil { return nil, err } - cap := a.capabilities(cluster, addon) values, err := chartutil.ToRenderValues(a.chart, overrideValues, - releaseOptions, cap) + releaseOptions, a.capabilities(cluster, addon)) if err != nil { klog.Errorf("failed to render helm chart with values %v. err:%v", overrideValues, err) return values, err diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/trimcrds.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/trimcrds.go index a1dbe9426..20ff065c5 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/trimcrds.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/trimcrds.go @@ -2,6 +2,7 @@ package addonfactory import ( apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" "k8s.io/apimachinery/pkg/runtime" ) @@ -12,6 +13,9 @@ func trimCRDDescription(objects []runtime.Object) []runtime.Object { case *apiextensionsv1.CustomResourceDefinition: trimCRDv1Description(object) rstObjects = append(rstObjects, object) + case *apiextensionsv1beta1.CustomResourceDefinition: + trimCRDv1beta1Description(object) + rstObjects = append(rstObjects, object) default: rstObjects = append(rstObjects, object) } @@ -118,3 +122,101 @@ func removeDescriptionV1(p *apiextensionsv1.JSONSchemaProps) { p.ExternalDocs.Description = "" } } + +// trimCRDv1beta1Description is to remove the description info in the versions of CRD spec +func trimCRDv1beta1Description(crd *apiextensionsv1beta1.CustomResourceDefinition) { + versions := crd.Spec.Versions + for i := range versions { + if versions[i].Schema != nil { + removeDescriptionV1beta1(versions[i].Schema.OpenAPIV3Schema) + } + } +} + +func removeDescriptionV1beta1(p *apiextensionsv1beta1.JSONSchemaProps) { + if p == nil { + return + } + + p.Description = "" + + if p.Items != nil { + removeDescriptionV1beta1(p.Items.Schema) + for i := range p.Items.JSONSchemas { + removeDescriptionV1beta1(&p.Items.JSONSchemas[i]) + } + } + + if len(p.AllOf) != 0 { + for i := range p.AllOf { + removeDescriptionV1beta1(&p.AllOf[i]) + } + } + + if len(p.OneOf) != 0 { + for i := range p.OneOf { + removeDescriptionV1beta1(&p.OneOf[i]) + } + } + + if len(p.AnyOf) != 0 { + for i := range p.AnyOf { + removeDescriptionV1beta1(&p.AnyOf[i]) + } + } + + if p.Not != nil { + removeDescriptionV1beta1(p.Not) + } + + if len(p.Properties) != 0 { + newProperties := map[string]apiextensionsv1beta1.JSONSchemaProps{} + for k := range p.Properties { + v := p.Properties[k] + removeDescriptionV1beta1(&v) + newProperties[k] = v + } + p.Properties = newProperties + } + + if len(p.PatternProperties) != 0 { + newProperties := map[string]apiextensionsv1beta1.JSONSchemaProps{} + for k := range p.PatternProperties { + v := p.PatternProperties[k] + removeDescriptionV1beta1(&v) + newProperties[k] = v + } + p.PatternProperties = newProperties + } + + if p.AdditionalProperties != nil { + removeDescriptionV1beta1(p.AdditionalProperties.Schema) + } + + if len(p.Dependencies) != 0 { + newDependencies := map[string]apiextensionsv1beta1.JSONSchemaPropsOrStringArray{} + for k, v := range p.Dependencies { + removeDescriptionV1beta1(v.Schema) + newDependencies[k] = v + } + p.Dependencies = newDependencies + } + + if p.AdditionalItems != nil { + removeDescriptionV1beta1(p.AdditionalItems.Schema) + } + + if len(p.Definitions) != 0 { + newDefinitions := map[string]apiextensionsv1beta1.JSONSchemaProps{} + for k := range p.Definitions { + v := p.Definitions[k] + removeDescriptionV1beta1(&v) + newDefinitions[k] = v + } + p.Definitions = newDefinitions + } + + if p.ExternalDocs != nil { + p.ExternalDocs.Description = "" + } +} diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/addontesting/helpers.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/addontesting/helpers.go index da53d619c..4ff588451 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/addontesting/helpers.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/addontesting/helpers.go @@ -21,19 +21,19 @@ import ( ) type FakeSyncContext struct { - queue workqueue.TypedRateLimitingInterface[string] + queue workqueue.RateLimitingInterface recorder events.Recorder } func NewFakeSyncContext(t *testing.T) *FakeSyncContext { return &FakeSyncContext{ - queue: workqueue.NewTypedRateLimitingQueue(workqueue.DefaultTypedControllerRateLimiter[string]()), + queue: workqueue.NewRateLimitingQueue(workqueue.DefaultControllerRateLimiter()), recorder: NewTestingEventRecorder(t), } } -func (f FakeSyncContext) Queue() workqueue.TypedRateLimitingInterface[string] { return f.queue } -func (f FakeSyncContext) Recorder() events.Recorder { return f.recorder } +func (f FakeSyncContext) Queue() workqueue.RateLimitingInterface { return f.queue } +func (f FakeSyncContext) Recorder() events.Recorder { return f.recorder } func NewUnstructured(apiVersion, kind, namespace, name string) *unstructured.Unstructured { return &unstructured.Unstructured{ diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/addonconfig/controller.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/addonconfig/controller.go index 343806771..70c405602 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/addonconfig/controller.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/addonconfig/controller.go @@ -35,7 +35,7 @@ type addonConfigController struct { addonLister addonlisterv1alpha1.ManagedClusterAddOnLister addonIndexer cache.Indexer configListers map[schema.GroupResource]dynamiclister.Lister - queue workqueue.TypedRateLimitingInterface[string] + queue workqueue.RateLimitingInterface addonFilterFunc factory.EventFilterFunc configGVRs map[schema.GroupVersionResource]bool clusterManagementAddonLister addonlisterv1alpha1.ClusterManagementAddOnLister diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/agentdeploy/controller.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/agentdeploy/controller.go index ccb117373..a7e58c711 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/agentdeploy/controller.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/agentdeploy/controller.go @@ -49,7 +49,7 @@ type addonDeployController struct { managedClusterAddonIndexer cache.Indexer workIndexer cache.Indexer agentAddons map[string]agent.AgentAddon - queue workqueue.TypedRateLimitingInterface[string] + queue workqueue.RateLimitingInterface } func NewAddonDeployController( diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/agentdeploy/healthcheck_sync.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/agentdeploy/healthcheck_sync.go index 6f265e9cd..aac2e0ca2 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/agentdeploy/healthcheck_sync.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/agentdeploy/healthcheck_sync.go @@ -191,19 +191,6 @@ func (s *healthCheckSyncer) probeAddonStatusByWorks( for _, field := range probeFields { results := findResultsByIdentifier(field.ResourceIdentifier, manifestConditions) - // if no results are returned. it is possible that work agent has not returned the feedback value. - // mark condition to unknown - if len(results) == 0 { - meta.SetStatusCondition(&addon.Status.Conditions, metav1.Condition{ - Type: addonapiv1alpha1.ManagedClusterAddOnConditionAvailable, - Status: metav1.ConditionUnknown, - Reason: addonapiv1alpha1.AddonAvailableReasonNoProbeResult, - Message: fmt.Sprintf("Probe results are not returned for %s/%s: %s/%s", - field.ResourceIdentifier.Group, field.ResourceIdentifier.Resource, - field.ResourceIdentifier.Namespace, field.ResourceIdentifier.Name), - }) - return nil - } // healthCheck will be ignored if healthChecker is set if healthChecker != nil { @@ -223,6 +210,20 @@ func (s *healthCheckSyncer) probeAddonStatusByWorks( return nil } + // if no results are returned. it is possible that work agent has not returned the feedback value. + // mark condition to unknown + if len(results) == 0 { + meta.SetStatusCondition(&addon.Status.Conditions, metav1.Condition{ + Type: addonapiv1alpha1.ManagedClusterAddOnConditionAvailable, + Status: metav1.ConditionUnknown, + Reason: addonapiv1alpha1.AddonAvailableReasonNoProbeResult, + Message: fmt.Sprintf("Probe results are not returned for %s/%s: %s/%s", + field.ResourceIdentifier.Group, field.ResourceIdentifier.Resource, + field.ResourceIdentifier.Namespace, field.ResourceIdentifier.Name), + }) + return nil + } + for _, result := range results { err := healthCheck(result.ResourceIdentifier, result.FeedbackResult) if err != nil { @@ -274,11 +275,11 @@ func (s *healthCheckSyncer) analyzeWorkProber( } return nil, nil, nil, fmt.Errorf("work prober is not configured") case agent.HealthProberTypeDeploymentAvailability: - probeFields, heathChecker, err := s.analyzeDeploymentWorkProber(agentAddon, cluster, addon) - return probeFields, nil, heathChecker, err + probeFields, heathCheck, err := s.analyzeDeploymentWorkProber(agentAddon, cluster, addon) + return probeFields, heathCheck, nil, err case agent.HealthProberTypeWorkloadAvailability: - probeFields, heathChecker, err := s.analyzeWorkloadsWorkProber(agentAddon, cluster, addon) - return probeFields, nil, heathChecker, err + probeFields, heathCheck, err := s.analyzeWorkloadsWorkProber(agentAddon, cluster, addon) + return probeFields, heathCheck, nil, err default: return nil, nil, nil, fmt.Errorf("unsupported health prober type %s", agentAddon.GetAgentAddonOptions().HealthProber.Type) } @@ -288,7 +289,7 @@ func (s *healthCheckSyncer) analyzeDeploymentWorkProber( agentAddon agent.AgentAddon, cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn, -) ([]agent.ProbeField, agent.AddonHealthCheckerFunc, error) { +) ([]agent.ProbeField, agent.AddonHealthCheckFunc, error) { probeFields := []agent.ProbeField{} manifests, err := agentAddon.Manifests(cluster, addon) @@ -309,14 +310,14 @@ func (s *healthCheckSyncer) analyzeDeploymentWorkProber( }) } - return probeFields, utils.DeploymentAvailabilityHealthChecker, nil + return probeFields, utils.DeploymentAvailabilityHealthCheck, nil } func (s *healthCheckSyncer) analyzeWorkloadsWorkProber( agentAddon agent.AgentAddon, cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn, -) ([]agent.ProbeField, agent.AddonHealthCheckerFunc, error) { +) ([]agent.ProbeField, agent.AddonHealthCheckFunc, error) { probeFields := []agent.ProbeField{} manifests, err := agentAddon.Manifests(cluster, addon) @@ -343,7 +344,7 @@ func (s *healthCheckSyncer) analyzeWorkloadsWorkProber( }) } - return probeFields, utils.WorkloadAvailabilityHealthChecker, nil + return probeFields, utils.WorkloadAvailabilityHealthCheck, nil } func findResultsByIdentifier(identifier workapiv1.ResourceIdentifier, diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/certificate/csrsign.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/certificate/csrsign.go index 1f26d7391..e690e383f 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/certificate/csrsign.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/certificate/csrsign.go @@ -116,7 +116,7 @@ func (c *csrSignController) sync(ctx context.Context, syncCtx factory.SyncContex } // Get ManagedCluster - cluster, err := c.managedClusterLister.Get(clusterName) + _, err = c.managedClusterLister.Get(clusterName) if errors.IsNotFound(err) { return nil } @@ -124,7 +124,7 @@ func (c *csrSignController) sync(ctx context.Context, syncCtx factory.SyncContex return err } - addon, err := c.managedClusterAddonLister.ManagedClusterAddOns(clusterName).Get(addonName) + _, err = c.managedClusterAddonLister.ManagedClusterAddOns(clusterName).Get(addonName) if errors.IsNotFound(err) { return nil } @@ -136,10 +136,7 @@ func (c *csrSignController) sync(ctx context.Context, syncCtx factory.SyncContex return nil } - csr.Status.Certificate, err = registrationOption.CSRSign(cluster, addon, csr) - if err != nil { - return fmt.Errorf("failed to sign addon csr %q: %v", csr.Name, err) - } + csr.Status.Certificate = registrationOption.CSRSign(csr) if len(csr.Status.Certificate) == 0 { return fmt.Errorf("invalid client certificate generated for addon csr %q", csr.Name) } diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/cmaconfig/controller.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/cmaconfig/controller.go index e20db1e8f..22072fa59 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/cmaconfig/controller.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/cmaconfig/controller.go @@ -36,7 +36,7 @@ type cmaConfigController struct { clusterManagementAddonLister addonlisterv1alpha1.ClusterManagementAddOnLister clusterManagementAddonIndexer cache.Indexer configListers map[schema.GroupResource]dynamiclister.Lister - queue workqueue.TypedRateLimitingInterface[string] + queue workqueue.RateLimitingInterface addonFilterFunc factory.EventFilterFunc configGVRs map[schema.GroupVersionResource]bool addonPatcher patcher.Patcher[*addonapiv1alpha1.ClusterManagementAddOn, diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/registration/controller.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/registration/controller.go index 2627d71a5..b90fd2132 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/registration/controller.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/registration/controller.go @@ -163,10 +163,7 @@ func (c *addonRegistrationController) sync(ctx context.Context, syncCtx factory. return err } - configs, err := registrationOption.CSRConfigurations(managedCluster, managedClusterAddonCopy) - if err != nil { - return fmt.Errorf("get csr configurations failed: %v", err) - } + configs := registrationOption.CSRConfigurations(managedCluster) managedClusterAddonCopy.Status.Registrations = configs var agentInstallNamespace string diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/agent/inteface.go b/vendor/open-cluster-management.io/addon-framework/pkg/agent/inteface.go index 1e808e286..66d7f8f9a 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/agent/inteface.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/agent/inteface.go @@ -98,19 +98,12 @@ type AgentAddonOptions struct { ConfigCheckEnabled bool } -type CSRConfigurationsFunc func(cluster *clusterv1.ManagedCluster, - addon *addonapiv1alpha1.ManagedClusterAddOn) ([]addonapiv1alpha1.RegistrationConfig, error) +type CSRSignerFunc func(csr *certificatesv1.CertificateSigningRequest) []byte -type CSRSignerFunc func(cluster *clusterv1.ManagedCluster, - addon *addonapiv1alpha1.ManagedClusterAddOn, csr *certificatesv1.CertificateSigningRequest) ([]byte, error) - -type CSRApproveFunc func(cluster *clusterv1.ManagedCluster, - addon *addonapiv1alpha1.ManagedClusterAddOn, csr *certificatesv1.CertificateSigningRequest) bool +type CSRApproveFunc func(cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn, csr *certificatesv1.CertificateSigningRequest) bool type PermissionConfigFunc func(cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn) error -type AgentInstallNamespaceFunc func(addon *addonapiv1alpha1.ManagedClusterAddOn) (string, error) - // RegistrationOption defines how agent is registered to the hub cluster. It needs to define: // 1. csr with what subject/signer should be created // 2. how csr is approved @@ -120,7 +113,7 @@ type RegistrationOption struct { // CSRConfigurations returns a list of csr configuration for the adddon agent in a managed cluster. // A csr will be created from the managed cluster for addon agent with each CSRConfiguration. // +required - CSRConfigurations CSRConfigurationsFunc + CSRConfigurations func(cluster *clusterv1.ManagedCluster) []addonapiv1alpha1.RegistrationConfig // Namespace is the namespace where registraiton credential will be put on the managed cluster. It // will be overridden by installNamespace on ManagedClusterAddon spec if set @@ -132,7 +125,7 @@ type RegistrationOption struct { // Note: Set this very carefully. If this is set, the addon agent must be deployed in the same namespace, which // means when implementing Manifests function in AgentAddon interface, the namespace of the addon agent manifest // must be set to the same value returned by this function. - AgentInstallNamespace AgentInstallNamespaceFunc + AgentInstallNamespace func(addon *addonapiv1alpha1.ManagedClusterAddOn) (string, error) // CSRApproveCheck checks whether the addon agent registration should be approved by the hub. // Addon hub controller can implement this func to auto-approve all the CSRs. A better CSR check is @@ -185,7 +178,6 @@ type WorkHealthProber struct { // HealthCheck is deprecated and will be removed in the future. please use HealthChecker instead. // HealthCheck will be ignored if HealthChecker is set. // HealthCheck check status of the addon based on each probeField result. - // Deprecated: use HealthChecker instead. HealthCheck AddonHealthCheckFunc // HealthChecker check status of the addon based of all results of probeFields @@ -238,9 +230,8 @@ const ( HealthProberTypeWorkloadAvailability HealthProberType = "WorkloadAvailability" ) -func KubeClientSignerConfigurations(addonName, agentName string) CSRConfigurationsFunc { - return func(cluster *clusterv1.ManagedCluster, - addon *addonapiv1alpha1.ManagedClusterAddOn) ([]addonapiv1alpha1.RegistrationConfig, error) { +func KubeClientSignerConfigurations(addonName, agentName string) func(cluster *clusterv1.ManagedCluster) []addonapiv1alpha1.RegistrationConfig { + return func(cluster *clusterv1.ManagedCluster) []addonapiv1alpha1.RegistrationConfig { return []addonapiv1alpha1.RegistrationConfig{ { SignerName: certificatesv1.KubeAPIServerClientSignerName, @@ -249,7 +240,7 @@ func KubeClientSignerConfigurations(addonName, agentName string) CSRConfiguratio Groups: DefaultGroups(cluster.Name, addonName), }, }, - }, nil + } } } diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/utils/csr_helpers.go b/vendor/open-cluster-management.io/addon-framework/pkg/utils/csr_helpers.go index bac3b2733..bc35dd12c 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/utils/csr_helpers.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/utils/csr_helpers.go @@ -19,45 +19,46 @@ import ( "k8s.io/klog/v2" addonapiv1alpha1 "open-cluster-management.io/api/addon/v1alpha1" clusterv1 "open-cluster-management.io/api/cluster/v1" - operatorapiv1 "open-cluster-management.io/api/operator/v1" "open-cluster-management.io/addon-framework/pkg/agent" ) -const defaultGRPCServiceAccount = "system:serviceaccount:open-cluster-management-hub:grpc-server-sa" - var serialNumberLimit = new(big.Int).Lsh(big.NewInt(1), 128) // DefaultSignerWithExpiry generates a signer func for addon agent to sign the csr using caKey and caData with expiry date. func DefaultSignerWithExpiry(caKey, caData []byte, duration time.Duration) agent.CSRSignerFunc { - return func(cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn, - csr *certificatesv1.CertificateSigningRequest) ([]byte, error) { + return func(csr *certificatesv1.CertificateSigningRequest) []byte { blockTlsCrt, _ := pem.Decode(caData) if blockTlsCrt == nil { - return nil, fmt.Errorf("failed to decode cert") + klog.Errorf("Failed to decode cert") + return nil } certs, err := x509.ParseCertificates(blockTlsCrt.Bytes) if err != nil { - return nil, fmt.Errorf("failed to parse cert: %v", err) + klog.Errorf("Failed to parse cert: %v", err) + return nil } blockTlsKey, _ := pem.Decode(caKey) if blockTlsKey == nil { - return nil, fmt.Errorf("failed to decode key") + klog.Errorf("Failed to decode key") + return nil } // For now only PKCS#1 is supported which assures the private key algorithm is RSA. // TODO: Compatibility w/ PKCS#8 key e.g. EC algorithm key, err := x509.ParsePKCS1PrivateKey(blockTlsKey.Bytes) if err != nil { - return nil, fmt.Errorf("failed to parse key: %v", err) + klog.Errorf("Failed to parse key: %v", err) + return nil } data, err := signCSR(csr, certs[0], key, duration) if err != nil { - return nil, fmt.Errorf("failed to sign csr: %v", err) + klog.Errorf("Failed to sign csr: %v", err) + return nil } - return data, nil + return data } } @@ -169,20 +170,13 @@ func DefaultCSRApprover(agentName string) agent.CSRApproveFunc { } // check user name - username := csr.Spec.Username - if csr.Spec.Username == defaultGRPCServiceAccount { - // the CSR username is the service account of gRPC server rather than the user of agent. - // use the CSRUsernameAnnotation that identifies the agent user who requested the CSR. - username = csr.Annotations[operatorapiv1.CSRUsernameAnnotation] - } - - if strings.HasPrefix(username, "system:open-cluster-management:"+cluster.Name) { + if strings.HasPrefix(csr.Spec.Username, "system:open-cluster-management:"+cluster.Name) { klog.Info("CSR approved") return true + } else { + klog.Info("CSR not approved due to illegal requester", "requester", csr.Spec.Username) + return false } - - klog.Info("CSR not approved due to illegal requester", "requester", csr.Spec.Username) - return false } } diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/utils/helpers.go b/vendor/open-cluster-management.io/addon-framework/pkg/utils/helpers.go index 6f7c82ddf..355546071 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/utils/helpers.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/utils/helpers.go @@ -9,7 +9,7 @@ import ( "reflect" "strings" - jsonpatch "github.com/evanphx/json-patch/v5" + jsonpatch "github.com/evanphx/json-patch" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/equality" apierrors "k8s.io/apimachinery/pkg/api/errors" diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/utils/probe_helper.go b/vendor/open-cluster-management.io/addon-framework/pkg/utils/probe_helper.go index 6c342c089..73c7c4a19 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/utils/probe_helper.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/utils/probe_helper.go @@ -9,7 +9,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" "open-cluster-management.io/addon-framework/pkg/agent" - addonapiv1alpha1 "open-cluster-management.io/api/addon/v1alpha1" + "open-cluster-management.io/api/addon/v1alpha1" clusterv1 "open-cluster-management.io/api/cluster/v1" workapiv1 "open-cluster-management.io/api/work/v1" ) @@ -32,8 +32,8 @@ func NewDeploymentProber(deployments ...types.NamespacedName) *agent.HealthProbe return &agent.HealthProber{ Type: agent.HealthProberTypeWork, WorkProber: &agent.WorkHealthProber{ - ProbeFields: probeFields, - HealthChecker: DeploymentAvailabilityHealthChecker, + ProbeFields: probeFields, + HealthCheck: DeploymentAvailabilityHealthCheck, }, } } @@ -59,7 +59,7 @@ func NewAllDeploymentsProber() *agent.HealthProber { Type: agent.HealthProberTypeWork, WorkProber: &agent.WorkHealthProber{ ProbeFields: probeFields, - HealthChecker: DeploymentAvailabilityHealthChecker, + HealthChecker: AllDeploymentsAvailabilityHealthCheck, }, } } @@ -84,43 +84,26 @@ func (d *DeploymentProber) ProbeFields() []agent.ProbeField { return probeFields } -// Deprecated: use DeploymentAvailabilityHealthChecker instead. func DeploymentAvailabilityHealthCheck(identifier workapiv1.ResourceIdentifier, result workapiv1.StatusFeedbackResult) error { - return checkWorkloadAvailabilityHealth(identifier, result) + return WorkloadAvailabilityHealthCheck(identifier, result) } -// Deprecated: use DeploymentAvailabilityHealthChecker instead. func AllDeploymentsAvailabilityHealthCheck(results []agent.FieldResult, - cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn) error { + cluster *clusterv1.ManagedCluster, addon *v1alpha1.ManagedClusterAddOn) error { if len(results) < 2 { return fmt.Errorf("all deployments are not available") } for _, result := range results { - if err := checkWorkloadAvailabilityHealth(result.ResourceIdentifier, result.FeedbackResult); err != nil { - return err - } - } - return nil -} - -func DeploymentAvailabilityHealthChecker(results []agent.FieldResult, - cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn) error { - return WorkloadAvailabilityHealthChecker(results, cluster, addon) -} - -func WorkloadAvailabilityHealthChecker(results []agent.FieldResult, - cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn) error { - for _, result := range results { - if err := checkWorkloadAvailabilityHealth(result.ResourceIdentifier, result.FeedbackResult); err != nil { + if err := WorkloadAvailabilityHealthCheck(result.ResourceIdentifier, result.FeedbackResult); err != nil { return err } } return nil } -func checkWorkloadAvailabilityHealth(identifier workapiv1.ResourceIdentifier, +func WorkloadAvailabilityHealthCheck(identifier workapiv1.ResourceIdentifier, result workapiv1.StatusFeedbackResult) error { // only support deployments and daemonsets for now if identifier.Resource != "deployments" && identifier.Resource != "daemonsets" {