Skip to content

Helm upgrade to v3.11.1 for CVE-2023-25165 #2933

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Mar 14, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
174 changes: 76 additions & 98 deletions go.mod

Large diffs are not rendered by default.

395 changes: 178 additions & 217 deletions go.sum

Large diffs are not rendered by default.

3 changes: 1 addition & 2 deletions pkg/api/client/clientset/versioned/clientset.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion pkg/api/client/clientset/versioned/fake/decorator.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0
http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
Expand Down
79 changes: 75 additions & 4 deletions pkg/api/client/informers/externalversions/factory.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion pkg/controller/install/deployment.go
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ func (i *StrategyDeploymentInstaller) deploymentForSpec(name string, spec appsv1
// By default, each deployment created by OLM could spawn up to 10 replicaSets.
// By setting the deployments revisionHistoryLimit to 1, OLM will only create up
// to 2 ReplicaSets per deployment it manages, saving memory.
dep.Spec.RevisionHistoryLimit = pointer.Int32Ptr(1)
dep.Spec.RevisionHistoryLimit = pointer.Int32(1)

hash = HashDeploymentSpec(dep.Spec)
dep.Labels[DeploymentSpecHashLabelKey] = hash
Expand Down
3 changes: 2 additions & 1 deletion pkg/controller/operators/catalog/operator_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1333,7 +1333,8 @@ func TestCompetingCRDOwnersExist(t *testing.T) {
expectedResult: true,
},
}
for _, tt := range tests {
for _, xt := range tests {
tt := xt
t.Run(tt.name, func(t *testing.T) {
t.Parallel()

Expand Down
3 changes: 2 additions & 1 deletion pkg/controller/operators/olm/operator_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3852,7 +3852,8 @@ func TestUpdates(t *testing.T) {
in: []*v1alpha1.ClusterServiceVersion{c, a, b},
},
}
for _, tt := range tests {
for _, xt := range tests {
tt := xt
t.Run(tt.name, func(t *testing.T) {
t.Parallel()

Expand Down
12 changes: 8 additions & 4 deletions pkg/lib/catalogsource/catalogsource_update.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@ import (
"github.com/operator-framework/operator-lifecycle-manager/pkg/api/client/clientset/versioned"
)

/* UpdateStatus can be used to update the status of the provided catalog source. Note that
/*
UpdateStatus can be used to update the status of the provided catalog source. Note that
the caller is responsible for ensuring accurate status values in the catsrc argument (i.e.
the status is used as-is).

Expand All @@ -34,7 +35,8 @@ func UpdateStatus(logger *logrus.Entry, client versioned.Interface, catsrc *v1al
return nil
}

/* UpdateStatusWithConditions can be used to update the status conditions for the provided catalog source.
/*
UpdateStatusWithConditions can be used to update the status conditions for the provided catalog source.
This function will make no changes to the other status fields (those fields will be used as-is).
If the provided conditions do not result in any status condition changes, then the API server will not be updated.
Note that the caller is responsible for ensuring accurate status values for all other fields.
Expand Down Expand Up @@ -71,7 +73,8 @@ func UpdateStatusWithConditions(logger *logrus.Entry, client versioned.Interface
return nil
}

/* UpdateSpecAndStatusConditions can be used to update the catalog source with the provided status conditions.
/*
UpdateSpecAndStatusConditions can be used to update the catalog source with the provided status conditions.
This will update the spec and status portions of the catalog source. Calls to the API server will occur
even if the provided conditions result in no changes.

Expand All @@ -98,7 +101,8 @@ func UpdateSpecAndStatusConditions(logger *logrus.Entry, client versioned.Interf
return nil
}

/* RemoveStatusConditions can be used to remove the status conditions for the provided catalog source.
/*
RemoveStatusConditions can be used to remove the status conditions for the provided catalog source.
This function will make no changes to the other status fields (those fields will be used as-is).
If the provided conditions do not result in any status condition changes, then the API server will not be updated.
Note that the caller is responsible for ensuring accurate status values for all other fields.
Expand Down
3 changes: 1 addition & 2 deletions pkg/lib/controller-runtime/client/fake_ssa.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,7 @@ type fakeStatusWriter struct {
k8scontrollerclient.StatusWriter
}

func (c fakeStatusWriter) Patch(ctx context.Context, obj k8scontrollerclient.Object, patch k8scontrollerclient.Patch, opts ...k8scontrollerclient.PatchOption) error {
patch, opts = convertApplyToMergePatch(patch, opts...)
func (c fakeStatusWriter) Patch(ctx context.Context, obj k8scontrollerclient.Object, patch k8scontrollerclient.Patch, opts ...k8scontrollerclient.SubResourcePatchOption) error {
return c.StatusWriter.Patch(ctx, obj, patch, opts...)
}

Expand Down
14 changes: 9 additions & 5 deletions pkg/lib/controller-runtime/client/ssa.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,10 +90,11 @@ type ServerSideApplier struct {
// plan := &InstallPlan{}
// plan.SetNamespace("ns")
// plan.SetName("install-123def")
// Eventually(c.Apply(plan, func(p *v1alpha1.InstallPlan) error {
// p.Spec.Approved = true
// return nil
// })).Should(Succeed())
//
// Eventually(c.Apply(plan, func(p *v1alpha1.InstallPlan) error {
// p.Spec.Approved = true
// return nil
// })).Should(Succeed())
Comment on lines 90 to +97
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might want to make the whole code block indented. See Go Doc Comments: Code blocks.

//	plan := &InstallPlan{}
//	plan.SetNamespace("ns")
//	plan.SetName("install-123def")
//	Eventually(c.Apply(plan, func(p *v1alpha1.InstallPlan) error {
//		p.Spec.Approved = true
//		return nil
//	})).Should(Succeed())

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

True. go fmt ./... did that particular change; not me! :)

Copy link
Member

@m1kola m1kola Mar 14, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know. go fmt makes assumptions and changes stuff, but not intelegent and breaks code blocks sometimes.

go fmt will be happy with the formatting I suggested.

func (c *ServerSideApplier) Apply(ctx context.Context, obj Object, changeFunc interface{}) func() error {
// Ensure given object is a pointer
objType := reflect.TypeOf(obj)
Expand Down Expand Up @@ -182,7 +183,10 @@ func (c *ServerSideApplier) Apply(ctx context.Context, obj Object, changeFunc in
return err
}

if err := c.client.Status().Patch(ctx, cp, k8scontrollerclient.Apply, k8scontrollerclient.ForceOwnership, c.Owner); err != nil {
pos := &k8scontrollerclient.SubResourcePatchOptions{}
k8scontrollerclient.ForceOwnership.ApplyToPatch(&pos.PatchOptions)

if err := c.client.Status().Patch(ctx, cp, k8scontrollerclient.Apply, pos, c.Owner); err != nil {
fmt.Printf("second patch error: %s\n", err)
return err
}
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions pkg/lib/kubernetes/pkg/apis/rbac/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion pkg/lib/kubernetes/pkg/printers/tablegenerator.go
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,9 @@ func (h *HumanReadableGenerator) TableHandler(columnDefinitions []metav1beta1.Ta
// ValidateRowPrintHandlerFunc validates print handler signature.
// printFunc is the function that will be called to print an object.
// It must be of the following type:
// func printFunc(object ObjectType, options GenerateOptions) ([]metav1beta1.TableRow, error)
//
// func printFunc(object ObjectType, options GenerateOptions) ([]metav1beta1.TableRow, error)
//
// where ObjectType is the type of the object that will be printed, and the first
// return value is an array of rows, with each row containing a number of cells that
// match the number of columns defined for that printer function.
Expand Down
1 change: 1 addition & 0 deletions pkg/lib/operatorlister/lister.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import (
//go:generate go run github.com/maxbrunsfeld/counterfeiter/v6 -o ./operatorlisterfakes/fake_clusterserviceversion_v1alpha1_namespace_lister.go ../../api/client/listers/operators/v1alpha1.ClusterServiceVersionNamespaceLister

// OperatorLister is a union of versioned informer listers
//
//go:generate go run github.com/maxbrunsfeld/counterfeiter/v6 . OperatorLister
type OperatorLister interface {
AppsV1() AppsV1Lister
Expand Down
8 changes: 4 additions & 4 deletions pkg/lib/operatorstatus/csv_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,8 @@ type handler struct {
// OnAddOrUpdate is invoked when a CSV has been added or edited. We tap into
// this notification and do the following:
//
// a. Make sure this is the CSV related to the cluster operator resource we are
// tracking. Otherwise, do nothing.
// a. Make sure this is the CSV related to the cluster operator resource we are tracking. Otherwise, do nothing.
//
// b. If this is the right CSV then send it to the monitor.
func (h *handler) OnAddOrUpdate(in *v1alpha1.ClusterServiceVersion) {
h.onNotification(in, false)
Expand All @@ -96,8 +96,8 @@ func (h *handler) OnAddOrUpdate(in *v1alpha1.ClusterServiceVersion) {
// OnDelete is invoked when a CSV has been deleted. We tap into
// this notification and do the following:
//
// a. Make sure this is the CSV related to the cluster operator resource we are
// tracking. Otherwise, do nothing.
// a. Make sure this is the CSV related to the cluster operator resource we are tracking. Otherwise, do nothing.
//
// b. If this is the right CSV then send it to the monitor.
func (h *handler) OnDelete(in *v1alpha1.ClusterServiceVersion) {
h.onNotification(in, true)
Expand Down
5 changes: 3 additions & 2 deletions pkg/lib/proxy/overridden.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,9 @@ import (

// IsOverridden returns true if the given container overrides proxy env variable(s).
// We apply the following rule:
// If a container already defines any of the proxy env variable then it
// overrides all of these.
//
// If a container already defines any of the proxy env variable then it
// overrides all of these.
func IsOverridden(envVar []corev1.EnvVar) (overrides bool) {
for _, envVarName := range allProxyEnvVarNames {
_, found := find(envVar, envVarName)
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions pkg/package-server/client/clientset/versioned/clientset.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading