Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump client-go and library-go to current 4.6 tips #406

Merged
merged 2 commits into from Jul 28, 2020
Merged

Bump client-go and library-go to current 4.6 tips #406

merged 2 commits into from Jul 28, 2020

Conversation

wking
Copy link
Member

@wking wking commented Jul 10, 2020

Builds on #405; you may want to review that first.

Pulling in openshift/client-go@83993cebb5aee53 and openshift/library-go@cc498c355c9998. Generated with:

$ go get -u github.com/openshift/client-go@83993cebb5aee533bf2f2dded2d87b9e32835f4a
go: github.com/openshift/client-go 83993cebb5aee533bf2f2dded2d87b9e32835f4a => v0.0.0-20200623090625-83993cebb5ae
$ go get -u github.com/openshift/library-go@cc498c355c99983057e9e01f3abcceb40ca5c298
go: github.com/openshift/library-go cc498c355c99983057e9e01f3abcceb40ca5c298 => v0.0.0-20200709151624-cc498c355c99
$ go mod vendor
go: downloading k8s.io/apimachinery v0.18.4
go: downloading github.com/openshift/api v0.0.0-20200623075207-eb651a5bb0ad
go: downloading k8s.io/api v0.18.4
go: downloading golang.org/x/net v0.0.0-20200602114024-627f9648deb9
go: downloading gopkg.in/yaml.v2 v2.3.0
go: downloading golang.org/x/text v0.3.3
$ go mod tidy
$ git add -A go.* vendor

using:

$ go version
go version go1.14.4 linux/amd64

The client-go bump in turn addresses the golang.org/x/text v0.3.3 to address CVE-2020-14040.

$ grep '# golang.org/x/text' vendor/modules.txt

WIP is because I still need things like Context arguments to keep up with the Kube-client API, which has been pulled from v0.17.1 to v0.18.3. Will get to that in a follow-up commit, and then pull the WIP from this PR.

@openshift-ci-robot openshift-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. labels Jul 10, 2020
@openshift-ci-robot
Copy link
Contributor

@wking: This pull request references Bugzilla bug 1855577, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.6.0) matches configured target release for branch (4.6.0)
  • bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

WIP: Bug 1855577: Bump client-go and library-go to current 4.6 tips

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Jul 10, 2020
@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 10, 2020
@LalatenduMohanty LalatenduMohanty mentioned this pull request Jul 15, 2020
Merged
@LalatenduMohanty
Copy link
Member

/close preceded by #408

@LalatenduMohanty
Copy link
Member

/close

@openshift-ci-robot
Copy link
Contributor

@LalatenduMohanty: Closed this PR.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot
Copy link
Contributor

@wking: This pull request references Bugzilla bug 1855577. The bug has been updated to no longer refer to the pull request using the external bug tracker.

In response to this:

WIP: Bug 1855577: Bump client-go and library-go to current 4.6 tips

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@wking wking reopened this Jul 24, 2020
@openshift-ci-robot openshift-ci-robot removed the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Jul 24, 2020
@openshift-ci-robot
Copy link
Contributor

@wking: This pull request references Bugzilla bug 1855577, which is invalid:

  • expected the bug to be in one of the following states: NEW, ASSIGNED, ON_DEV, POST, POST, but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

WIP: Bug 1855577: Bump client-go and library-go to current 4.6 tips

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Jul 24, 2020
@openshift-ci-robot openshift-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 24, 2020
@wking
Copy link
Member Author

wking commented Jul 24, 2020

Reopened and rebased on the master to update our dependencies and remove the #408 pinning. Diff is huge, but the first commit is the automated vendor bump, and the second is me massaging so many call signatures to add Context and *Options{} to keep up. There are a handful of context.TODO() where I have to wrap a modern function to fit into a legacy lister interface; I imagine we'll be able to drop those in some future vendor bump.

Because it's sort of in the spirit of #410:

/assign @jottofar

@wking wking changed the title WIP: Bug 1855577: Bump client-go and library-go to current 4.6 tips Bug 1855577: Bump client-go and library-go to current 4.6 tips Jul 24, 2020
@openshift-ci-robot openshift-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 24, 2020
@wking wking changed the title Bug 1855577: Bump client-go and library-go to current 4.6 tips Bump client-go and library-go to current 4.6 tips Jul 24, 2020
@openshift-ci-robot openshift-ci-robot removed bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Jul 24, 2020
@openshift-ci-robot
Copy link
Contributor

@wking: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

Bump client-go and library-go to current 4.6 tips

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@wking
vendor: Bump client-go and library-go to current 4.6 tips
fb84815 
Pulling in [1,2].  Generated with:

  $ emacs go.mod  # removing the golang.org/x/text replace
  $ go get -u github.com/openshift/client-go@83993cebb5aee533bf2f2dded2d87b9e32835f4a
  go: github.com/openshift/client-go 83993cebb5aee533bf2f2dded2d87b9e32835f4a => v0.0.0-20200623090625-83993cebb5ae
  $ go get -u github.com/openshift/library-go@cc498c355c99983057e9e01f3abcceb40ca5c298
  go: github.com/openshift/library-go cc498c355c99983057e9e01f3abcceb40ca5c298 => v0.0.0-20200709151624-cc498c355c99
  $ go mod tidy
  $ go mod vendor
  $ git add -A go.* vendor

using:

  $ go version
  go version go1.14.4 linux/amd64

This pulls in the client-go bump which in turn addresses the
golang.org/x/text v0.3.3 to address CVE-2020-14040 [3].

  $ grep '# golang.org/x/text' vendor/modules.txt
  # golang.org/x/text v0.3.3

We'd previously addressed the CVE with the explicit 'replace' from
2021b86 (Bug 1855577: Updating the golang.org/x/text version to
v0.3.3, 2020-07-15, openshift#408), but it's more elegant to not have to have
explicit overrides for our indirect dependencies.

[1]: openshift/client-go@83993ce
[2]: openshift/library-go@cc498c3
[3]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14040
jottofar
jottofar reviewed Jul 27, 2020
View reviewed changes
pkg/start/start.go Outdated Show resolved Hide resolved
@wking wking force-pushed the bump-go-text branch 4 times, most recently from d542f71 to 939013f Compare July 27, 2020 21:29
@wking
*: Add lots of Context and options arguments
a2c3e27 
Catching up with the vendored client library bump.

There are a handful of context.TODO() where I have to wrap a modern
function to fit into a legacy lister interface like:

  $ grep ^func vendor/github.com/openshift/client-go/config/listers/config/v1/clusterversion.go
  func NewClusterVersionLister(indexer cache.Indexer) ClusterVersionLister {
  func (s *clusterVersionLister) List(selector labels.Selector) (ret []*v1.ClusterVersion, err error) {
  func (s *clusterVersionLister) Get(name string) (*v1.ClusterVersion, error) {

I imagine we'll be able to drop the TODO and
dummyContextOperatorGetter and such in some future vendor bump.
@jottofar
Copy link
Contributor

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Jul 27, 2020
@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jottofar, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

4 similar comments
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@wking
Copy link
Member Author

wking commented Jul 28, 2020

Last three e2e failures are split between oc adm must-gather runs successfully for audit logs here, DisruptionController should block an eviction until the PDB is updated to allow it here, and both and some more besides here. The former is rhbz#1861201, the later is rhbz#1861189. Neither is related to this change.

/override ci/prow/e2e

@openshift-ci-robot
Copy link
Contributor

@wking: Overrode contexts on behalf of wking: ci/prow/e2e

In response to this:

Last three e2e failures are split between oc adm must-gather runs successfully for audit logs here, DisruptionController should block an eviction until the PDB is updated to allow it here, and both and some more besides here. The former is rhbz#1861201, the later is rhbz#1861189. Neither is related to this change.

/override ci/prow/e2e

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-merge-robot openshift-merge-robot merged commit 4b5876e into openshift:master Jul 28, 2020
@wking wking deleted the bump-go-text branch July 28, 2020 04:20
@wking wking mentioned this pull request Jul 30, 2020
Merged
This was referenced Aug 27, 2020
Closed
Merged
wking added a commit to wking/cluster-version-operator that referenced this pull request Oct 9, 2020
@wking
*: Add lots of Context and options arguments
20421b6 
Catching up with the vendored client library bump.

There are a handful of context.TODO() where I have to wrap a modern
function to fit into a legacy lister interface like:

  $ grep ^func vendor/github.com/openshift/client-go/config/listers/config/v1/clusterversion.go
  func NewClusterVersionLister(indexer cache.Indexer) ClusterVersionLister {
  func (s *clusterVersionLister) List(selector labels.Selector) (ret []*v1.ClusterVersion, err error) {
  func (s *clusterVersionLister) Get(name string) (*v1.ClusterVersion, error) {

I imagine we'll be able to drop the TODO and
dummyContextOperatorGetter and such in some future vendor bump.

Cherry-picked from a2c3e27 (openshift#406).  Conflicts:

* lib/resourcebuilder/apps.go
* pkg/autoupdate/autoupdate.go
* pkg/cvo/cvo.go
* pkg/start/start.go
* pkg/start/start_integration_test.go
@wking wking mentioned this pull request Oct 9, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jottofar jottofar jottofar left review comments

@abhinavdahiya abhinavdahiya Awaiting requested review from abhinavdahiya

@smarterclayton smarterclayton Awaiting requested review from smarterclayton

Assignees

@jottofar jottofar

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@wking @openshift-ci-robot @LalatenduMohanty @jottofar @openshift-bot @openshift-merge-robot