From b86397fc2040954b9b6391136437545052c8c8b2 Mon Sep 17 00:00:00 2001 From: iksrochpub Date: Tue, 8 Aug 2023 06:00:34 +0000 Subject: [PATCH] Automated repo sync 20230808 Fix typo in .travis.yml (release 1.28) (#3606) Update vpcctl release to v0.18.0 (release-1.28) (#3601) Update CCM to support custom endpoints (release 1.28) (#3594) CVE-2023-3978 - golang.org/x/net v0.13.0 (release 1.28) (#3595) --- .travis.yml | 2 +- addons/vpcctl.yml | 2 +- go.mod | 2 +- go.sum | 4 +- ibm/ibm.go | 6 +++ ibm/ibm_loadbalancer.go | 6 +-- ibm/ibm_test.go | 3 ++ ibm/ibm_vpc_client.go | 37 +++++++++++++------ ibm/ibm_vpc_cloud.go | 21 ++++++----- pkg/vpcctl/vpc_config.go | 31 +++++++++++----- pkg/vpcctl/vpc_sdk_gen2.go | 6 ++- .../ibm-cloud-config-ccm-in-cluster.ini | 5 ++- 12 files changed, 83 insertions(+), 42 deletions(-) diff --git a/.travis.yml b/.travis.yml index adfd265ca..28ce601fe 100644 --- a/.travis.yml +++ b/.travis.yml @@ -98,6 +98,6 @@ deploy: script: ./scripts/publishTag.sh skip_cleanup: true on: - branch: release-1.27 + branch: release-1.28 go: 1.20.6 condition: ${TRAVIS_COMMIT_MESSAGE} =~ push_build && ${BUILD_JOB_NAME} == Default diff --git a/addons/vpcctl.yml b/addons/vpcctl.yml index b3d281047..0afddf588 100644 --- a/addons/vpcctl.yml +++ b/addons/vpcctl.yml @@ -21,7 +21,7 @@ source: github.ibm.com/alchemy-containers/armada-vpc-lb # (Required) - git release or branch name in the source github repo -release: v0.17.0 +release: v0.18.0 # (Required) - source directory in the github repo containing GO files source_dir: pkg/vpcctl diff --git a/go.mod b/go.mod index 50ea3b60d..90d4e3a92 100644 --- a/go.mod +++ b/go.mod @@ -95,7 +95,7 @@ require ( go.uber.org/zap v1.19.0 // indirect golang.org/x/crypto v0.11.0 // indirect golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect - golang.org/x/net v0.12.0 // indirect + golang.org/x/net v0.13.0 // indirect golang.org/x/oauth2 v0.8.0 // indirect golang.org/x/sync v0.2.0 // indirect golang.org/x/sys v0.10.0 // indirect diff --git a/go.sum b/go.sum index 71d4230e0..f4297e53c 100644 --- a/go.sum +++ b/go.sum @@ -442,8 +442,8 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= -golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= +golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= diff --git a/ibm/ibm.go b/ibm/ibm.go index 9e9881a9b..5cb158cc5 100644 --- a/ibm/ibm.go +++ b/ibm/ibm.go @@ -102,6 +102,12 @@ type Provider struct { // List of VPC subnet names. Required when configured to get node // data from VPC. G2VpcSubnetNames string `gcfg:"g2VpcSubnetNames"` + // Optional: VPC RIaaS endpoint override URL + G2EndpointOverride string `gcfg:"g2EndpointOverride"` + // Optional: IAM endpoint override URL + IamEndpointOverride string `gcfg:"iamEndpointOverride"` + // Optional: Resource Manager endpoint override URL + RmEndpointOverride string `gcfg:"rmEndpointOverride"` } // CloudConfig is the ibm cloud provider config data. diff --git a/ibm/ibm_loadbalancer.go b/ibm/ibm_loadbalancer.go index ef088ac52..4347ec42c 100644 --- a/ibm/ibm_loadbalancer.go +++ b/ibm/ibm_loadbalancer.go @@ -84,7 +84,6 @@ const ( lbPriorityClassName = "ibm-app-cluster-critical" clusterInfoCM = "cluster-info" lbIPVSInvlaidExternalTrafficPolicy = "Cluster networking is not supported for IPVS-based load balancers. Set 'externalTrafficPolicy' to 'Local', and try again." - lbVpcClassicProvider = "gc" lbVpcNextGenProvider = "g2" updateCooldownPeriod = 60 ) @@ -2330,10 +2329,7 @@ func isFeatureEnabledDeployment(lbDeployment *apps.Deployment, feature string) b } func isProviderVpc(provider string) bool { - if provider == lbVpcClassicProvider || provider == lbVpcNextGenProvider { - return true - } - return false + return provider == lbVpcNextGenProvider } func getSchedulingAlgorithm(service *v1.Service) string { diff --git a/ibm/ibm_test.go b/ibm/ibm_test.go index ee7b9ea74..5c736ddee 100644 --- a/ibm/ibm_test.go +++ b/ibm/ibm_test.go @@ -239,6 +239,9 @@ func TestGetCloudConfig(t *testing.T) { } // Build off previous expected configuration with select overrides. ecc.Kubernetes.ConfigFilePaths = nil + ecc.Prov.G2EndpointOverride = "https://us-south.iaas.cloud.ibm.com" + ecc.Prov.IamEndpointOverride = "https://iam.cloud.ibm.com" + ecc.Prov.RmEndpointOverride = "https://resource-controller.cloud.ibm.com" verifyCloudConfig(t, cc, &ecc) // Verify nil cloud config. diff --git a/ibm/ibm_vpc_client.go b/ibm/ibm_vpc_client.go index 000aa7eda..e012cb5ef 100644 --- a/ibm/ibm_vpc_client.go +++ b/ibm/ibm_vpc_client.go @@ -1,6 +1,6 @@ /******************************************************************************* * IBM Cloud Kubernetes Service, 5737-D43 -* (C) Copyright IBM Corp. 2021, 2022 All Rights Reserved. +* (C) Copyright IBM Corp. 2021, 2023 All Rights Reserved. * * SPDX-License-Identifier: Apache2.0 * @@ -54,6 +54,11 @@ var newVpcSdkClient = func(provider Provider) (*vpcv1.VpcV1, error) { ApiKey: credential, // pragma: allowlist secret } + // If the IAM endpoint override was specified in the config, update the URL + if provider.IamEndpointOverride != "" { + authenticator.URL = provider.IamEndpointOverride + } + // Virtual Private Cloud (VPC) API sdk, err := vpcv1.NewVpcV1(&vpcv1.VpcV1Options{ Authenticator: authenticator, @@ -62,16 +67,26 @@ var newVpcSdkClient = func(provider Provider) (*vpcv1.VpcV1, error) { return nil, err } - // Get Region and Set Service URL - region, _, err := sdk.GetRegion(sdk.NewGetRegionOptions(provider.Region)) - if err != nil { - return nil, err - } - - // Set the Service URL - err = sdk.SetServiceURL(*region.Endpoint + "/v1") - if err != nil { - return nil, err + // If the VPC RIaaS endpoint override was specified in the config, update the URL + if provider.G2EndpointOverride != "" { + // Set the Service URL + err = sdk.SetServiceURL(provider.G2EndpointOverride + "/v1") + if err != nil { + return nil, err + } + + } else { + // Get Region and Set Service URL + region, _, err := sdk.GetRegion(sdk.NewGetRegionOptions(provider.Region)) + if err != nil { + return nil, err + } + + // Set the Service URL + err = sdk.SetServiceURL(*region.Endpoint + "/v1") + if err != nil { + return nil, err + } } return sdk, nil diff --git a/ibm/ibm_vpc_cloud.go b/ibm/ibm_vpc_cloud.go index f61aefbca..bfc1d31b7 100644 --- a/ibm/ibm_vpc_cloud.go +++ b/ibm/ibm_vpc_cloud.go @@ -82,15 +82,18 @@ func (c *Cloud) NewConfigVpc(enablePrivateEndpoint bool) (*vpcctl.ConfigVpc, err } // Initialize config based on values in the cloud provider config := &vpcctl.ConfigVpc{ - AccountID: c.Config.Prov.AccountID, - ClusterID: c.Config.Prov.ClusterID, - EnablePrivate: enablePrivateEndpoint, - ProviderType: c.Config.Prov.ProviderType, - Region: c.Config.Prov.Region, - ResourceGroupName: c.Config.Prov.G2ResourceGroupName, - SubnetNames: c.Config.Prov.G2VpcSubnetNames, - WorkerAccountID: c.Config.Prov.G2WorkerServiceAccountID, - VpcName: c.Config.Prov.G2VpcName, + AccountID: c.Config.Prov.AccountID, + ClusterID: c.Config.Prov.ClusterID, + EnablePrivate: enablePrivateEndpoint, + IamEndpointOverride: c.Config.Prov.IamEndpointOverride, + ProviderType: c.Config.Prov.ProviderType, + Region: c.Config.Prov.Region, + ResourceGroupName: c.Config.Prov.G2ResourceGroupName, + RmEndpointOverride: c.Config.Prov.RmEndpointOverride, + SubnetNames: c.Config.Prov.G2VpcSubnetNames, + WorkerAccountID: c.Config.Prov.G2WorkerServiceAccountID, + VpcName: c.Config.Prov.G2VpcName, + VpcEndpointOverride: c.Config.Prov.G2EndpointOverride, } // If the G2Credentials is set, then look up the API key if c.Config.Prov.G2Credentials != "" { diff --git a/pkg/vpcctl/vpc_config.go b/pkg/vpcctl/vpc_config.go index aae7ad5c5..edf5f95df 100644 --- a/pkg/vpcctl/vpc_config.go +++ b/pkg/vpcctl/vpc_config.go @@ -86,16 +86,19 @@ func SetInformers(informerFactory informers.SharedInformerFactory) { // ConfigVpc is the VPC configuration information type ConfigVpc struct { // Externalized config settings from caller - AccountID string - APIKeySecret string - ClusterID string - EnablePrivate bool - ProviderType string - Region string - ResourceGroupName string - SubnetNames string - WorkerAccountID string // Not used, ignored - VpcName string + AccountID string + APIKeySecret string + ClusterID string + EnablePrivate bool + IamEndpointOverride string + ProviderType string + Region string + ResourceGroupName string + RmEndpointOverride string + SubnetNames string + WorkerAccountID string // Not used, ignored + VpcName string + VpcEndpointOverride string // Internal config settings endpointURL string resourceGroupID string @@ -104,6 +107,10 @@ type ConfigVpc struct { // getIamEndpoint - retrieve the correct IAM endpoint for the current config func (c *ConfigVpc) getIamEndpoint() string { + // If iam endpoint override was configured, use it instead + if c.IamEndpointOverride != "" { + return c.IamEndpointOverride + } if strings.Contains(c.Region, "stage") { if c.EnablePrivate { return iamStagePrivateTokenExchangeURL @@ -118,6 +125,10 @@ func (c *ConfigVpc) getIamEndpoint() string { // getVpcEndpoint - retrieve the correct VPC endpoint for the current config func (c *ConfigVpc) getVpcEndpoint() string { + // If vpc endpoint override was configured, use it instead + if c.VpcEndpointOverride != "" { + return c.VpcEndpointOverride + } endpoint := vpcEndpointIaaSProdURL if strings.Contains(c.Region, "stage") { endpoint = vpcEndpointIaaSStageURL diff --git a/pkg/vpcctl/vpc_sdk_gen2.go b/pkg/vpcctl/vpc_sdk_gen2.go index 3580360ba..1c0c48f6c 100644 --- a/pkg/vpcctl/vpc_sdk_gen2.go +++ b/pkg/vpcctl/vpc_sdk_gen2.go @@ -1,6 +1,6 @@ /******************************************************************************* * IBM Cloud Kubernetes Service, 5737-D43 -* (C) Copyright IBM Corp. 2021, 2022 All Rights Reserved. +* (C) Copyright IBM Corp. 2021, 2023 All Rights Reserved. * * SPDX-License-Identifier: Apache2.0 * @@ -71,6 +71,10 @@ func convertResourceGroupNameToID(c *ConfigVpc) error { if strings.Contains(c.endpointURL, "iaasdev.cloud.ibm.com") { url = "https://resource-controller.test.cloud.ibm.com" } + // If resource manager endpoint override was configured, use it instead + if c.RmEndpointOverride != "" { + url = c.RmEndpointOverride + } // Create resource manager client authenticator := &core.IamAuthenticator{ApiKey: c.APIKeySecret, URL: c.tokenExchangeURL} client, err := resourcemanagerv2.NewResourceManagerV2(&resourcemanagerv2.ResourceManagerV2Options{URL: url, Authenticator: authenticator}) diff --git a/test-fixtures/ibm-cloud-config-ccm-in-cluster.ini b/test-fixtures/ibm-cloud-config-ccm-in-cluster.ini index c2f722a62..1c33822ef 100644 --- a/test-fixtures/ibm-cloud-config-ccm-in-cluster.ini +++ b/test-fixtures/ibm-cloud-config-ccm-in-cluster.ini @@ -1,6 +1,6 @@ # ****************************************************************************** # IBM Cloud Kubernetes Service, 5737-D43 -# (C) Copyright IBM Corp. 2021 All Rights Reserved. +# (C) Copyright IBM Corp. 2021, 2023 All Rights Reserved. # # SPDX-License-Identifier: Apache2.0 # @@ -23,3 +23,6 @@ cluster-default-provider = g2 accountID = testAccountID clusterID = testClusterID g2workerServiceAccountID = testServiceAccountID +g2EndpointOverride = https://us-south.iaas.cloud.ibm.com +iamEndpointOverride = https://iam.cloud.ibm.com +rmEndpointOverride = https://resource-controller.cloud.ibm.com