[release-0.19] Backporting dependency bumps to fix vulnerabilities (#…

…8118) * Bump controller-runtime to v0.16.5 (#7788) `controller-runtime` v0.16.5 - Fake client breaking changes: - Start using `WithStatusSubresource` when we care about status being treated differently through `Update` calls. This is basically all controllers. - Add a finalizer when creating an object directly with a deletion timestamp. This make sense since any controller interested in the delete flow should be already adding finalizers. - Signature of `Watches` for creating a controller has been simplified and doesn't need the `source.Kind` wrapper. - Manager options signature has changed. Now metrics and webhook fields are nested in its own second level struct. - Validation webhooks now return a `(admission.Warnings, error)` instead of just `error`. We are not using this functionality for now, but we had to update all our webhooks and test to follow the new signature. - `handler.MapFunc` has changed, now they take a context as well. We don't use the context but need to conform to the new signature. `cluster-api` v1.6.2 - When setting up cluster tracker, the variable `DefaultIndexes` is removed, now we use `[]Index{NodeProviderIDIndex}` CAPC We are still waiting for capc to be updated to capi v1.5, which would enable us to move to controller-runtime v0.15. It's taking quite long and we got to the point where this is preventing us from updating moduled (like helm) that we need to update ASAP. I opted for "vendoring" just the api structs we need from capc. In order to contain changes and allow for an easy "revert" to use the original module (whenever we can), I created a dummy module so I can just use a `replace` in our go.mod and point to our vendored folder. I put this in `internal/thirdparty/capc`. You don't need to review that code, I just copied it. Assertions in gomock I had to change some of the assertions in the cluster manager tests. Now they are less strict since they use type instead of content assertion. TBH, they were wrong from the beginning since they expected current and new spec to be the same, so if so, this makes the test slightly better. I checked and I believe all this is already dead code because of the workflow refactors we did in v0.19.0. It's just that the code hasn't been deleted yet. I'll push to get all this crap removed. CAPV They just change the package where they have the api structs from `api/[version]` to `apis/[version]`. * Bump helm to v3.14.2 (#7797) bump helm and controller runtime * Bump x/net (#7945) bump net/x to fix vulnerability * go mod tidy * Bump Go version to 1.21 (#7805) * Bump helm froo 3.14.2 to 3.14.4 (#8119) * go mod tidy * fix linting errors --------- Co-authored-by: Guillermo Gaston <gaslor@amazon.com> Co-authored-by: Xu Deng <xudeng@amazon.com> Co-authored-by: Abhay Krishna <arnchlm@amazon.com>
aws · May 8, 2024 · f34868b · f34868b
1 parent dca4806
commit f34868b
Show file tree

Hide file tree

Showing 101 changed files with 5,893 additions and 3,093 deletions.
diff --git a/.github/workflows/go-coverage.yml b/.github/workflows/go-coverage.yml
@@ -17,7 +17,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.20'
+          go-version: '1.21'
           check-latest: true
           cache: true
       - name: Run go test with coverage

diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
@@ -19,13 +19,13 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: "1.20"
+          go-version: "1.21"
           check-latest: true
           cache: true
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v4
         with:
-          version: v1.51.2
+          version: v1.56.2
           only-new-issues: true
           # Disable package caching to avoid a double cache with setup-go.
           skip-pkg-cache: true

diff --git a/Makefile b/Makefile
@@ -20,7 +20,7 @@ SHELL := /bin/bash
 ARTIFACTS_BUCKET?=my-s3-bucket
 GIT_VERSION?=$(shell git describe --tag)
 GIT_TAG?=$(shell git tag -l "v*.*.*" --sort -v:refname | head -1)
-GOLANG_VERSION?="1.20"
+GOLANG_VERSION?="1.21"
 GO_VERSION ?= $(shell source ./scripts/common.sh && build::common::get_go_path $(GOLANG_VERSION))
 GO ?= $(GO_VERSION)/go
 GO_TEST ?= $(GO) test
@@ -146,8 +146,8 @@ CONTROLLER_MANIFEST_OUTPUT_DIR=$(OUTPUT_DIR)/manifests/cluster-controller
 BUILD_TAGS :=
 BUILD_FLAGS?=
 
-GO_ARCH:=$(shell go env GOARCH)
-GO_OS:=$(shell go env GOOS)
+GO_ARCH:=$(shell $(GO) env GOARCH)
+GO_OS:=$(shell $(GO) env GOOS)
 
 BINARY_DEPS_DIR = $(OUTPUT_DIR)/dependencies
 CLUSTER_CONTROLLER_PLATFORMS ?= linux-amd64 linux-arm64
@@ -165,7 +165,7 @@ LOCAL_E2E_TESTS ?= $(DOCKER_E2E_TEST)
 
 EMBED_CONFIG_FOLDER = pkg/files/config
 
-export KUBEBUILDER_ENVTEST_KUBERNETES_VERSION ?= 1.28.x
+export KUBEBUILDER_ENVTEST_KUBERNETES_VERSION ?= 1.29.x
 
 UNAME := $(shell uname -s)
 
@@ -286,10 +286,10 @@ $(KUBEBUILDER): $(TOOLS_BIN_DIR)
 	chmod +x $(KUBEBUILDER)
 
 $(CONTROLLER_GEN): $(TOOLS_BIN_DIR)
-	GOBIN=$(TOOLS_BIN_DIR_ABS) go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.6.1
+	GOBIN=$(TOOLS_BIN_DIR_ABS) $(GO) install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.6.1
 
 $(GO_VULNCHECK): $(TOOLS_BIN_DIR)
-	GOBIN=$(TOOLS_BIN_DIR_ABS) go install golang.org/x/vuln/cmd/govulncheck@latest
+	GOBIN=$(TOOLS_BIN_DIR_ABS) $(GO) install golang.org/x/vuln/cmd/govulncheck@latest
 
 $(SETUP_ENVTEST): $(TOOLS_BIN_DIR)
 	cd $(TOOLS_BIN_DIR); $(GO) build -tags=tools -o $(SETUP_ENVTEST_BIN) sigs.k8s.io/controller-runtime/tools/setup-envtest
@@ -321,7 +321,7 @@ $(TOOLS_BIN_DIR)/gci:
 
 .PHONY: run-gci
 run-gci: $(TOOLS_BIN_DIR)/gci ## Run gci against code.
-	$(LS_FILES_CMD) | xargs $(TOOLS_BIN_DIR)/gci write --skip-generated -s standard,default -s "prefix($(shell go list -m))"
+	$(LS_FILES_CMD) | xargs $(TOOLS_BIN_DIR)/gci write --skip-generated -s standard,default -s "prefix($(shell $(GO) list -m))"
 
 .PHONY: build-cross-platform
 build-cross-platform: eks-a-cross-platform

diff --git a/controllers/cloudstack_datacenter_controller_test.go b/controllers/cloudstack_datacenter_controller_test.go
@@ -47,7 +47,9 @@ func TestCloudStackDatacenterReconcilerSuccess(t *testing.T) {
 		},
 	}
 	objs := []runtime.Object{dcConfig, secrets}
-	client := fake.NewClientBuilder().WithRuntimeObjects(objs...).Build()
+	client := fake.NewClientBuilder().WithRuntimeObjects(objs...).
+		WithStatusSubresource(dcConfig).
+		Build()
 
 	ctrl := gomock.NewController(t)
 	validatorRegistry := cloudstack.NewMockValidatorRegistry(ctrl)
@@ -103,7 +105,9 @@ func TestCloudStackDatacenterReconcilerSetDefaultSuccess(t *testing.T) {
 		},
 	}
 	objs := []runtime.Object{dcConfig, secrets}
-	client := fake.NewClientBuilder().WithRuntimeObjects(objs...).Build()
+	client := fake.NewClientBuilder().WithRuntimeObjects(objs...).
+		WithStatusSubresource(dcConfig).
+		Build()
 
 	ctrl := gomock.NewController(t)
 	validatorRegistry := cloudstack.NewMockValidatorRegistry(ctrl)
@@ -151,6 +155,7 @@ func TestCloudstackDatacenterConfigReconcilerDelete(t *testing.T) {
 
 	dcConfig := createCloudstackDatacenterConfig()
 	dcConfig.DeletionTimestamp = &metav1.Time{Time: time.Now()}
+	dcConfig.Finalizers = []string{"my-finalizer"}
 	objs := []runtime.Object{dcConfig}
 	client := fake.NewClientBuilder().WithRuntimeObjects(objs...).Build()
 	ctrl := gomock.NewController(t)

diff --git a/controllers/cluster_controller.go b/controllers/cluster_controller.go
@@ -18,7 +18,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
-	"sigs.k8s.io/controller-runtime/pkg/source"
 
 	anywherev1 "github.com/aws/eks-anywhere/pkg/api/v1alpha1"
 	c "github.com/aws/eks-anywhere/pkg/cluster"
@@ -108,63 +107,63 @@ func (r *ClusterReconciler) SetupWithManager(mgr ctrl.Manager, log logr.Logger)
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&anywherev1.Cluster{}).
 		Watches(
-			&source.Kind{Type: &anywherev1.OIDCConfig{}},
+			&anywherev1.OIDCConfig{},
 			handler.EnqueueRequestsFromMapFunc(childObjectHandler),
 		).
 		Watches(
-			&source.Kind{Type: &anywherev1.AWSIamConfig{}},
+			&anywherev1.AWSIamConfig{},
 			handler.EnqueueRequestsFromMapFunc(childObjectHandler),
 		).
 		Watches(
-			&source.Kind{Type: &anywherev1.GitOpsConfig{}},
+			&anywherev1.GitOpsConfig{},
 			handler.EnqueueRequestsFromMapFunc(childObjectHandler),
 		).
 		Watches(
-			&source.Kind{Type: &anywherev1.FluxConfig{}},
+			&anywherev1.FluxConfig{},
 			handler.EnqueueRequestsFromMapFunc(childObjectHandler),
 		).
 		Watches(
-			&source.Kind{Type: &anywherev1.VSphereDatacenterConfig{}},
+			&anywherev1.VSphereDatacenterConfig{},
 			handler.EnqueueRequestsFromMapFunc(childObjectHandler),
 		).
 		Watches(
-			&source.Kind{Type: &anywherev1.VSphereMachineConfig{}},
+			&anywherev1.VSphereMachineConfig{},
 			handler.EnqueueRequestsFromMapFunc(childObjectHandler),
 		).
 		Watches(
-			&source.Kind{Type: &anywherev1.SnowDatacenterConfig{}},
+			&anywherev1.SnowDatacenterConfig{},
 			handler.EnqueueRequestsFromMapFunc(childObjectHandler),
 		).
 		Watches(
-			&source.Kind{Type: &anywherev1.SnowMachineConfig{}},
+			&anywherev1.SnowMachineConfig{},
 			handler.EnqueueRequestsFromMapFunc(childObjectHandler),
 		).
 		Watches(
-			&source.Kind{Type: &anywherev1.TinkerbellDatacenterConfig{}},
+			&anywherev1.TinkerbellDatacenterConfig{},
 			handler.EnqueueRequestsFromMapFunc(childObjectHandler),
 		).
 		Watches(
-			&source.Kind{Type: &anywherev1.TinkerbellMachineConfig{}},
+			&anywherev1.TinkerbellMachineConfig{},
 			handler.EnqueueRequestsFromMapFunc(childObjectHandler),
 		).
 		Watches(
-			&source.Kind{Type: &anywherev1.DockerDatacenterConfig{}},
+			&anywherev1.DockerDatacenterConfig{},
 			handler.EnqueueRequestsFromMapFunc(childObjectHandler),
 		).
 		Watches(
-			&source.Kind{Type: &anywherev1.CloudStackDatacenterConfig{}},
+			&anywherev1.CloudStackDatacenterConfig{},
 			handler.EnqueueRequestsFromMapFunc(childObjectHandler),
 		).
 		Watches(
-			&source.Kind{Type: &anywherev1.CloudStackMachineConfig{}},
+			&anywherev1.CloudStackMachineConfig{},
 			handler.EnqueueRequestsFromMapFunc(childObjectHandler),
 		).
 		Watches(
-			&source.Kind{Type: &anywherev1.NutanixDatacenterConfig{}},
+			&anywherev1.NutanixDatacenterConfig{},
 			handler.EnqueueRequestsFromMapFunc(childObjectHandler),
 		).
 		Watches(
-			&source.Kind{Type: &anywherev1.NutanixMachineConfig{}},
+			&anywherev1.NutanixMachineConfig{},
 			handler.EnqueueRequestsFromMapFunc(childObjectHandler),
 		).
 		Complete(r)
@@ -320,7 +319,6 @@ func (r *ClusterReconciler) reconcile(ctx context.Context, log logr.Logger, clus
 	}
 
 	reconcileResult, err = clusterProviderReconciler.Reconcile(ctx, log, cluster)
-
 	if err != nil {
 		return ctrl.Result{}, err
 	}