diff --git a/go.mod b/go.mod index 5c32570b8d..667c36eebc 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/openshift/api v3.9.0+incompatible github.com/operator-framework/api v0.31.0 github.com/operator-framework/operator-lifecycle-manager v0.0.0-00010101000000-000000000000 - github.com/operator-framework/operator-registry v1.54.0 + github.com/operator-framework/operator-registry v1.55.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/stretchr/testify v1.10.0 @@ -174,7 +174,7 @@ require ( github.com/proglottis/gpgme v0.1.4 // indirect github.com/prometheus/client_golang v1.22.0 // indirect github.com/prometheus/client_model v0.6.2 // indirect - github.com/prometheus/common v0.63.0 // indirect + github.com/prometheus/common v0.64.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect @@ -219,7 +219,7 @@ require ( golang.org/x/lint v0.0.0-20241112194109-818c5a804067 // indirect golang.org/x/mod v0.24.0 // indirect golang.org/x/net v0.40.0 // indirect - golang.org/x/oauth2 v0.29.0 // indirect + golang.org/x/oauth2 v0.30.0 // indirect golang.org/x/sync v0.14.0 // indirect golang.org/x/sys v0.33.0 // indirect golang.org/x/term v0.32.0 // indirect @@ -231,7 +231,7 @@ require ( google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250422160041-2d3770c4ea7f // indirect - google.golang.org/grpc v1.72.0 // indirect + google.golang.org/grpc v1.72.1 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect @@ -248,7 +248,7 @@ require ( k8s.io/kms v0.32.3 // indirect k8s.io/kube-aggregator v0.32.3 // indirect k8s.io/kubectl v0.32.0 // indirect - oras.land/oras-go/v2 v2.5.0 // indirect + oras.land/oras-go/v2 v2.6.0 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 // indirect sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect diff --git a/go.sum b/go.sum index bb1c0a7e31..367b68be2c 100644 --- a/go.sum +++ b/go.sum @@ -2052,8 +2052,8 @@ github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvM github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.63.0 h1:YR/EIY1o3mEFP/kZCD7iDMnLPlGyuU2Gb3HIcXnA98k= -github.com/prometheus/common v0.63.0/go.mod h1:VVFF/fBIoToEnWRVkYoXEkq3R3paCoxG9PXP74SnV18= +github.com/prometheus/common v0.64.0 h1:pdZeA+g617P7oGv1CzdTzyeShxAGrTBsolKNOLQPGO4= +github.com/prometheus/common v0.64.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -2507,8 +2507,8 @@ golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= -golang.org/x/oauth2 v0.29.0 h1:WdYw2tdTK1S8olAzWHdgeqfy+Mtm9XNhv/xJsY65d98= -golang.org/x/oauth2 v0.29.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= +golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= +golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -3281,8 +3281,8 @@ modernc.org/token v1.0.1/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= modernc.org/z v1.5.1/go.mod h1:eWFB510QWW5Th9YGZT81s+LwvaAs3Q2yr4sP0rmLkv8= modernc.org/z v1.7.0/go.mod h1:hVdgNMh8ggTuRG1rGU8x+xGRFfiQUIAw0ZqlPy8+HyQ= -oras.land/oras-go/v2 v2.5.0 h1:o8Me9kLY74Vp5uw07QXPiitjsw7qNXi8Twd+19Zf02c= -oras.land/oras-go/v2 v2.5.0/go.mod h1:z4eisnLP530vwIOUOJeBIj0aGI0L1C3d53atvCBqZHg= +oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= +oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= diff --git a/manifests/0000_50_olm_01-networkpolicies.yaml b/manifests/0000_50_olm_01-networkpolicies.yaml index 64d8127bdc..e4048bf97f 100644 --- a/manifests/0000_50_olm_01-networkpolicies.yaml +++ b/manifests/0000_50_olm_01-networkpolicies.yaml @@ -80,7 +80,7 @@ spec: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: openshift-dns - - ports: # This is another distinct rule in the egress list + - ports: - protocol: TCP port: 50051 policyTypes: diff --git a/microshift-manifests/0000_50_olm_01-networkpolicies.yaml b/microshift-manifests/0000_50_olm_01-networkpolicies.yaml index 62f74ed108..2e50b1ca8c 100644 --- a/microshift-manifests/0000_50_olm_01-networkpolicies.yaml +++ b/microshift-manifests/0000_50_olm_01-networkpolicies.yaml @@ -81,7 +81,7 @@ spec: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: openshift-dns - - ports: # This is another distinct rule in the egress list + - ports: - protocol: TCP port: 50051 policyTypes: diff --git a/staging/operator-lifecycle-manager/.github/stale.yml b/staging/operator-lifecycle-manager/.github/stale.yml deleted file mode 100644 index bec1d80f75..0000000000 --- a/staging/operator-lifecycle-manager/.github/stale.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Number of days of inactivity before an issue becomes stale -daysUntilStale: 90 -# Number of days of inactivity before a stale issue is closed -daysUntilClose: 7 -# Issues with these labels will never be considered stale -exemptLabels: - - pinned - - security - - lifecycle/frozen -# Label to use when marking an issue as stale -staleLabel: lifecycle/stale -# Comment to post when marking an issue as stale. Set to `false` to disable -markComment: > - This issue has been automatically marked as stale because it has not had - any recent activity. It will be closed in 7 days if no further activity occurs. Thank you - for your contribution. - - For more help on your issue, check out the olm-dev channel on the kubernetes slack [1] and the OLM Dev Working Group [2] - [1] https://kubernetes.slack.com/archives/C0181L6JYQ2 - [2] https://github.com/operator-framework/community#operator-lifecycle-manager-wg -# Comment to post when closing a stale Issue or Pull Request. -closeComment: > - This issue has been automatically closed because it has not had - any recent activity. Thank you for your contribution. -# Limit to only `issues` or `pulls` -only: issues diff --git a/staging/operator-lifecycle-manager/.github/workflows/stale.yml b/staging/operator-lifecycle-manager/.github/workflows/stale.yml new file mode 100644 index 0000000000..8a6bac598b --- /dev/null +++ b/staging/operator-lifecycle-manager/.github/workflows/stale.yml @@ -0,0 +1,53 @@ +# This workflow automatically marks issues and pull requests as stale after 90 days of inactivity +# and closes them after an additional 30 days if no further activity occurs. +# +# Key behavior: +# - After 90 days of no activity: +# - Open issues and pull requests are labeled with "lifecycle/stale" +# - A comment is posted to notify contributors about the inactivity +# +# - After 30 additional days (i.e., 120 days total): +# - If still inactive and still labeled "lifecycle/stale", the issue or PR is closed +# - A closing comment is posted to explain why it was closed +# +# - Activity such as a comment, commit, or label removal during the stale period +# will remove the "lifecycle/stale" label and reset the clock +# +# - Items with any of the following labels will never be marked stale or closed: +# - security +# - planned +# - priority/critical +# - lifecycle/frozen +# - verified +# +# This workflow uses: https://github.com/actions/stale +name: "Close stale issues and PRs" +on: + schedule: + - cron: "0 1 * * *" # Runs daily at 01:00 UTC (adjust as needed) + +jobs: + stale: + runs-on: ubuntu-latest + permissions: + issues: write # allow labeling, commenting, closing issues + pull-requests: write # allow labeling, commenting, closing PRs + steps: + - uses: actions/stale@v9 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + days-before-stale: 90 + days-before-close: 30 + stale-issue-label: "lifecycle/stale" + stale-pr-label: "lifecycle/stale" + stale-issue-message: > + Issues go stale after 90 days of inactivity. If there is no further + activity, the issue will be closed in another 30 days. + stale-pr-message: > + PRs go stale after 90 days of inactivity. If there is no further + activity, the PR will be closed in another 30 days. + close-issue-message: "This issue has been closed due to inactivity." + close-pr-message: "This pull request has been closed due to inactivity." + exempt-issue-labels: "security,planned,priority/critical,lifecycle/frozen,verified" + exempt-pr-labels: "security,planned,priority/critical,lifecycle/frozen,verified" + operations-per-run: 30 diff --git a/staging/operator-lifecycle-manager/cmd/copy-content/main.go b/staging/operator-lifecycle-manager/cmd/copy-content/main.go index eb57e979fe..bd5fb44f7a 100644 --- a/staging/operator-lifecycle-manager/cmd/copy-content/main.go +++ b/staging/operator-lifecycle-manager/cmd/copy-content/main.go @@ -1,43 +1,55 @@ package main import ( - "flag" "fmt" "os" "github.com/otiai10/copy" + "github.com/spf13/cobra" ) func main() { - catalogSource := flag.String("catalog.from", "", "Path to catalog contents to copy.") - catalogDestination := flag.String("catalog.to", "", "Path to where catalog contents should be copied.") - cacheSource := flag.String("cache.from", "", "Path to cache contents to copy.") - cacheDestination := flag.String("cache.to", "", "Path to where cache contents should be copied.") - flag.Parse() + cmd := newCmd() + cmd.Execute() +} - for flagName, value := range map[string]*string{ - "catalog.from": catalogSource, - "catalog.to": catalogDestination, - "cache.from": cacheSource, - "cache.to": cacheDestination, - } { - if value == nil || *value == "" { - fmt.Printf("--%s is required", flagName) - os.Exit(1) - } - } +func newCmd() *cobra.Command { + var ( + catalogFrom string + catalogTo string + cacheFrom string + cacheTo string + ) + cmd := &cobra.Command{ + Use: "copy-content", + Short: "Copy catalog and cache content", + Long: `Copy catalog and cache content`, + Run: func(cmd *cobra.Command, args []string) { + var contentMap = make(map[string]string, 2) + contentMap[catalogFrom] = catalogTo + if cmd.Flags().Changed("cache.from") { + contentMap[cacheFrom] = cacheTo + } - for from, to := range map[string]string{ - *catalogSource: *catalogDestination, - *cacheSource: *cacheDestination, - } { - if err := os.RemoveAll(to); err != nil { - fmt.Printf("failed to remove %s: %s", to, err) - os.Exit(1) - } - if err := copy.Copy(from, to); err != nil { - fmt.Printf("failed to copy %s to %s: %s\n", from, to, err) - os.Exit(1) - } + for from, to := range contentMap { + if err := os.RemoveAll(to); err != nil { + fmt.Printf("failed to remove %s: %s", to, err) + os.Exit(1) + } + if err := copy.Copy(from, to); err != nil { + fmt.Printf("failed to copy %s to %s: %s\n", from, to, err) + os.Exit(1) + } + } + }, } + + cmd.Flags().StringVar(&catalogFrom, "catalog.from", "", "Path to catalog contents to copy") + cmd.Flags().StringVar(&catalogTo, "catalog.to", "", "Path to where catalog contents should be copied") + cmd.Flags().StringVar(&cacheFrom, "cache.from", "", "Path to cache contents to copy (required if cache.to is set)") // optional + cmd.Flags().StringVar(&cacheTo, "cache.to", "", "Path to where cache contents should be copied (required if cache.from is set)") // optional + cmd.MarkFlagRequired("catalog.from") + cmd.MarkFlagRequired("catalog.to") + cmd.MarkFlagsRequiredTogether("cache.from", "cache.to") + return cmd } diff --git a/staging/operator-lifecycle-manager/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml b/staging/operator-lifecycle-manager/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml index cc29014515..6ee410a64a 100644 --- a/staging/operator-lifecycle-manager/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml +++ b/staging/operator-lifecycle-manager/deploy/chart/templates/0000_50_olm_01-networkpolicies.yaml @@ -41,7 +41,7 @@ spec: egress: - {{ .Values.networkPolicy.kubeAPIServer | toYaml | nindent 6 | trimSuffix "\n" }} - {{ .Values.networkPolicy.dns | toYaml | nindent 6 | trimSuffix "\n" }} - - ports: # This is another distinct rule in the egress list + - ports: - protocol: TCP port: {{ .Values.catalogGrpcPodPort }} policyTypes: diff --git a/staging/operator-lifecycle-manager/go.mod b/staging/operator-lifecycle-manager/go.mod index 744a8ceedb..e753446359 100644 --- a/staging/operator-lifecycle-manager/go.mod +++ b/staging/operator-lifecycle-manager/go.mod @@ -23,12 +23,12 @@ require ( github.com/openshift/api v3.9.0+incompatible github.com/openshift/client-go v0.0.0-20220525160904-9e1acff93e4a github.com/operator-framework/api v0.31.0 - github.com/operator-framework/operator-registry v1.54.0 + github.com/operator-framework/operator-registry v1.55.0 github.com/otiai10/copy v1.14.1 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.22.0 github.com/prometheus/client_model v0.6.2 - github.com/prometheus/common v0.63.0 + github.com/prometheus/common v0.64.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 @@ -36,7 +36,7 @@ require ( golang.org/x/net v0.40.0 golang.org/x/sync v0.14.0 golang.org/x/time v0.11.0 - google.golang.org/grpc v1.72.0 + google.golang.org/grpc v1.72.1 gopkg.in/yaml.v2 v2.4.0 k8s.io/api v0.32.3 k8s.io/apiextensions-apiserver v0.32.3 @@ -163,7 +163,7 @@ require ( golang.org/x/crypto v0.38.0 // indirect golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329 // indirect golang.org/x/mod v0.24.0 // indirect - golang.org/x/oauth2 v0.29.0 // indirect + golang.org/x/oauth2 v0.30.0 // indirect golang.org/x/sys v0.33.0 // indirect golang.org/x/term v0.32.0 // indirect golang.org/x/text v0.25.0 // indirect diff --git a/staging/operator-lifecycle-manager/go.sum b/staging/operator-lifecycle-manager/go.sum index 2efe8c8deb..824235912a 100644 --- a/staging/operator-lifecycle-manager/go.sum +++ b/staging/operator-lifecycle-manager/go.sum @@ -1860,8 +1860,8 @@ github.com/openshift/client-go v0.0.0-20221019143426-16aed247da5c h1:CV76yFOTXmq github.com/openshift/client-go v0.0.0-20221019143426-16aed247da5c/go.mod h1:lFMO8mLHXWFzSdYvGNo8ivF9SfF6zInA8ZGw4phRnUE= github.com/operator-framework/api v0.31.0 h1:tRsFTuZ51xD8U5QgiPo3+mZgVipHZVgRXYrI6RRXOh8= github.com/operator-framework/api v0.31.0/go.mod h1:57oCiHNeWcxmzu1Se8qlnwEKr/GGXnuHvspIYFCcXmY= -github.com/operator-framework/operator-registry v1.54.0 h1:/OGQnBlfVQglq8VzGJPIkqWMXOVSo+eu7owCgOqoBpU= -github.com/operator-framework/operator-registry v1.54.0/go.mod h1:ll5r97EB+V2rVA58rdj8Hxmbo/osnw3f6D4Xq6bpWcE= +github.com/operator-framework/operator-registry v1.55.0 h1:iXlv53fYyg2VtLqSDEalXD72/5Uzc7Rfx17j35+8plA= +github.com/operator-framework/operator-registry v1.55.0/go.mod h1:8htDRYKWZ6UWjGMXbBdwwHefsJknodOiGLnpjxgAflw= github.com/otiai10/copy v1.14.1 h1:5/7E6qsUMBaH5AnQ0sSLzzTg1oTECmcCmT6lvF45Na8= github.com/otiai10/copy v1.14.1/go.mod h1:oQwrEDDOci3IM8dJF0d8+jnbfPDllW6vUjNc3DoZm9I= github.com/otiai10/mint v1.6.3 h1:87qsV/aw1F5as1eH1zS/yqHY85ANKVMgkDrf9rcxbQs= @@ -1893,8 +1893,8 @@ github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJ github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= -github.com/prometheus/common v0.63.0 h1:YR/EIY1o3mEFP/kZCD7iDMnLPlGyuU2Gb3HIcXnA98k= -github.com/prometheus/common v0.63.0/go.mod h1:VVFF/fBIoToEnWRVkYoXEkq3R3paCoxG9PXP74SnV18= +github.com/prometheus/common v0.64.0 h1:pdZeA+g617P7oGv1CzdTzyeShxAGrTBsolKNOLQPGO4= +github.com/prometheus/common v0.64.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho= @@ -2287,8 +2287,8 @@ golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= -golang.org/x/oauth2 v0.29.0 h1:WdYw2tdTK1S8olAzWHdgeqfy+Mtm9XNhv/xJsY65d98= -golang.org/x/oauth2 v0.29.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= +golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= +golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2988,8 +2988,8 @@ modernc.org/token v1.0.1/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= modernc.org/z v1.5.1/go.mod h1:eWFB510QWW5Th9YGZT81s+LwvaAs3Q2yr4sP0rmLkv8= modernc.org/z v1.7.0/go.mod h1:hVdgNMh8ggTuRG1rGU8x+xGRFfiQUIAw0ZqlPy8+HyQ= -oras.land/oras-go/v2 v2.5.0 h1:o8Me9kLY74Vp5uw07QXPiitjsw7qNXi8Twd+19Zf02c= -oras.land/oras-go/v2 v2.5.0/go.mod h1:z4eisnLP530vwIOUOJeBIj0aGI0L1C3d53atvCBqZHg= +oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= +oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= diff --git a/staging/operator-registry/OWNERS b/staging/operator-registry/OWNERS index 67ce7f24c5..19f56d940f 100644 --- a/staging/operator-registry/OWNERS +++ b/staging/operator-registry/OWNERS @@ -1,32 +1,27 @@ # approval == this is a good idea /approve approvers: - - awgreene - - dinhxuanvu + - camilamacedo86 - grokspawn - joelanford - kevinrizza - - njhale - oceanc80 - perdasilva + - tmshort # review == this code is good /lgtm reviewers: - anik120 - ankitathomas - - awgreene - - benluddy - - dinhxuanvu + - camilamacedo86 - everettraven - exdx - - gallettilance - grokspawn - - jmrodri - joelanford - kevinrizza - - njhale - oceanc80 - perdasilva - rashmigottipati - - theishshah - - varshaprasad96 + - tmshort + + # Bugzilla component component: "OLM" diff --git a/staging/operator-registry/go.mod b/staging/operator-registry/go.mod index 2052ba661a..82314b45cd 100644 --- a/staging/operator-registry/go.mod +++ b/staging/operator-registry/go.mod @@ -43,7 +43,7 @@ require ( golang.org/x/sync v0.14.0 golang.org/x/sys v0.33.0 golang.org/x/text v0.25.0 - google.golang.org/grpc v1.72.0 + google.golang.org/grpc v1.72.1 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 google.golang.org/protobuf v1.36.6 gopkg.in/yaml.v2 v2.4.0 @@ -52,9 +52,9 @@ require ( k8s.io/apimachinery v0.32.3 k8s.io/client-go v0.32.3 k8s.io/kubectl v0.32.0 - oras.land/oras-go/v2 v2.5.0 + oras.land/oras-go/v2 v2.6.0 sigs.k8s.io/controller-runtime v0.20.4 - sigs.k8s.io/kind v0.27.0 + sigs.k8s.io/kind v0.28.0 sigs.k8s.io/yaml v1.4.0 ) @@ -128,7 +128,6 @@ require ( github.com/google/go-containerregistry v0.20.3 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect - github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/handlers v1.5.2 // indirect github.com/gorilla/mux v1.8.1 // indirect diff --git a/staging/operator-registry/go.sum b/staging/operator-registry/go.sum index 5cc87d7800..0598e350d1 100644 --- a/staging/operator-registry/go.sum +++ b/staging/operator-registry/go.sum @@ -219,8 +219,6 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8= github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= -github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 h1:SJ+NtwL6QaZ21U+IrK7d0gGgpjGGvd2kz+FzTHVzdqI= -github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2/go.mod h1:Tv1PlzqC9t8wNnpPdctvtSUOPUUg4SHeE6vR1Ir2hmg= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -673,8 +671,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.72.0 h1:S7UkcVa60b5AAQTaO6ZKamFp1zMZSU0fGDK2WZLbBnM= -google.golang.org/grpc v1.72.0/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM= +google.golang.org/grpc v1.72.1 h1:HR03wO6eyZ7lknl75XlxABNVLLFc2PAb6mHlYh756mA= +google.golang.org/grpc v1.72.1/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 h1:F29+wU6Ee6qgu9TddPgooOdaqsxTMunOoj8KA5yuS5A= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1/go.mod h1:5KF+wpkbTSbGcR9zteSqZV6fqFOWBl4Yde8En8MryZA= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= @@ -730,16 +728,16 @@ k8s.io/kubectl v0.32.0 h1:rpxl+ng9qeG79YA4Em9tLSfX0G8W0vfaiPVrc/WR7Xw= k8s.io/kubectl v0.32.0/go.mod h1:qIjSX+QgPQUgdy8ps6eKsYNF+YmFOAO3WygfucIqFiE= k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -oras.land/oras-go/v2 v2.5.0 h1:o8Me9kLY74Vp5uw07QXPiitjsw7qNXi8Twd+19Zf02c= -oras.land/oras-go/v2 v2.5.0/go.mod h1:z4eisnLP530vwIOUOJeBIj0aGI0L1C3d53atvCBqZHg= +oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= +oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 h1:CPT0ExVicCzcpeN4baWEV2ko2Z/AsiZgEdwgcfwLgMo= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/controller-runtime v0.20.4 h1:X3c+Odnxz+iPTRobG4tp092+CvBU9UK0t/bRf+n0DGU= sigs.k8s.io/controller-runtime v0.20.4/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY= sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= -sigs.k8s.io/kind v0.27.0 h1:PQ3f0iAWNIj66LYkZ1ivhEg/+Zb6UPMbO+qVei/INZA= -sigs.k8s.io/kind v0.27.0/go.mod h1:RZVFmy6qcwlSWwp6xeIUv7kXCPF3i8MXsEXxW/J+gJY= +sigs.k8s.io/kind v0.28.0 h1:YLfMxeB0+8nHPs4IgpskdVerMUiYtP8jcbML0OVpUXg= +sigs.k8s.io/kind v0.28.0/go.mod h1:ldWQisw2NYyM6k64o/tkZng/1qQW7OlzcN5a8geJX3o= sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= diff --git a/staging/operator-registry/pkg/lib/bundle/supported_resources.go b/staging/operator-registry/pkg/lib/bundle/supported_resources.go index b9440018f8..3569367ef2 100644 --- a/staging/operator-registry/pkg/lib/bundle/supported_resources.go +++ b/staging/operator-registry/pkg/lib/bundle/supported_resources.go @@ -21,6 +21,7 @@ const ( ConsoleCLIDownloadKind = "ConsoleCLIDownload" ConsoleLinkKind = "ConsoleLink" ConsolePlugin = "ConsolePlugin" + NetworkPolicyKind = "NetworkPolicy" ) // Namespaced indicates whether the resource is namespace scoped (true) or cluster-scoped (false). @@ -49,6 +50,7 @@ var supportedResources = map[string]Namespaced{ ConsoleCLIDownloadKind: false, ConsoleLinkKind: false, ConsolePlugin: false, + NetworkPolicyKind: true, } // IsSupported checks if the object kind is OLM-supported and if it is namespaced diff --git a/vendor/github.com/operator-framework/operator-lifecycle-manager/cmd/copy-content/main.go b/vendor/github.com/operator-framework/operator-lifecycle-manager/cmd/copy-content/main.go index eb57e979fe..bd5fb44f7a 100644 --- a/vendor/github.com/operator-framework/operator-lifecycle-manager/cmd/copy-content/main.go +++ b/vendor/github.com/operator-framework/operator-lifecycle-manager/cmd/copy-content/main.go @@ -1,43 +1,55 @@ package main import ( - "flag" "fmt" "os" "github.com/otiai10/copy" + "github.com/spf13/cobra" ) func main() { - catalogSource := flag.String("catalog.from", "", "Path to catalog contents to copy.") - catalogDestination := flag.String("catalog.to", "", "Path to where catalog contents should be copied.") - cacheSource := flag.String("cache.from", "", "Path to cache contents to copy.") - cacheDestination := flag.String("cache.to", "", "Path to where cache contents should be copied.") - flag.Parse() + cmd := newCmd() + cmd.Execute() +} - for flagName, value := range map[string]*string{ - "catalog.from": catalogSource, - "catalog.to": catalogDestination, - "cache.from": cacheSource, - "cache.to": cacheDestination, - } { - if value == nil || *value == "" { - fmt.Printf("--%s is required", flagName) - os.Exit(1) - } - } +func newCmd() *cobra.Command { + var ( + catalogFrom string + catalogTo string + cacheFrom string + cacheTo string + ) + cmd := &cobra.Command{ + Use: "copy-content", + Short: "Copy catalog and cache content", + Long: `Copy catalog and cache content`, + Run: func(cmd *cobra.Command, args []string) { + var contentMap = make(map[string]string, 2) + contentMap[catalogFrom] = catalogTo + if cmd.Flags().Changed("cache.from") { + contentMap[cacheFrom] = cacheTo + } - for from, to := range map[string]string{ - *catalogSource: *catalogDestination, - *cacheSource: *cacheDestination, - } { - if err := os.RemoveAll(to); err != nil { - fmt.Printf("failed to remove %s: %s", to, err) - os.Exit(1) - } - if err := copy.Copy(from, to); err != nil { - fmt.Printf("failed to copy %s to %s: %s\n", from, to, err) - os.Exit(1) - } + for from, to := range contentMap { + if err := os.RemoveAll(to); err != nil { + fmt.Printf("failed to remove %s: %s", to, err) + os.Exit(1) + } + if err := copy.Copy(from, to); err != nil { + fmt.Printf("failed to copy %s to %s: %s\n", from, to, err) + os.Exit(1) + } + } + }, } + + cmd.Flags().StringVar(&catalogFrom, "catalog.from", "", "Path to catalog contents to copy") + cmd.Flags().StringVar(&catalogTo, "catalog.to", "", "Path to where catalog contents should be copied") + cmd.Flags().StringVar(&cacheFrom, "cache.from", "", "Path to cache contents to copy (required if cache.to is set)") // optional + cmd.Flags().StringVar(&cacheTo, "cache.to", "", "Path to where cache contents should be copied (required if cache.from is set)") // optional + cmd.MarkFlagRequired("catalog.from") + cmd.MarkFlagRequired("catalog.to") + cmd.MarkFlagsRequiredTogether("cache.from", "cache.to") + return cmd } diff --git a/vendor/github.com/operator-framework/operator-registry/pkg/lib/bundle/supported_resources.go b/vendor/github.com/operator-framework/operator-registry/pkg/lib/bundle/supported_resources.go index b9440018f8..3569367ef2 100644 --- a/vendor/github.com/operator-framework/operator-registry/pkg/lib/bundle/supported_resources.go +++ b/vendor/github.com/operator-framework/operator-registry/pkg/lib/bundle/supported_resources.go @@ -21,6 +21,7 @@ const ( ConsoleCLIDownloadKind = "ConsoleCLIDownload" ConsoleLinkKind = "ConsoleLink" ConsolePlugin = "ConsolePlugin" + NetworkPolicyKind = "NetworkPolicy" ) // Namespaced indicates whether the resource is namespace scoped (true) or cluster-scoped (false). @@ -49,6 +50,7 @@ var supportedResources = map[string]Namespaced{ ConsoleCLIDownloadKind: false, ConsoleLinkKind: false, ConsolePlugin: false, + NetworkPolicyKind: true, } // IsSupported checks if the object kind is OLM-supported and if it is namespaced diff --git a/vendor/github.com/prometheus/common/expfmt/text_parse.go b/vendor/github.com/prometheus/common/expfmt/text_parse.go index b4607fe4d2..4067978a17 100644 --- a/vendor/github.com/prometheus/common/expfmt/text_parse.go +++ b/vendor/github.com/prometheus/common/expfmt/text_parse.go @@ -345,8 +345,8 @@ func (p *TextParser) startLabelName() stateFn { } // Special summary/histogram treatment. Don't add 'quantile' and 'le' // labels to 'real' labels. - if !(p.currentMF.GetType() == dto.MetricType_SUMMARY && p.currentLabelPair.GetName() == model.QuantileLabel) && - !(p.currentMF.GetType() == dto.MetricType_HISTOGRAM && p.currentLabelPair.GetName() == model.BucketLabel) { + if (p.currentMF.GetType() != dto.MetricType_SUMMARY || p.currentLabelPair.GetName() != model.QuantileLabel) && + (p.currentMF.GetType() != dto.MetricType_HISTOGRAM || p.currentLabelPair.GetName() != model.BucketLabel) { p.currentLabelPairs = append(p.currentLabelPairs, p.currentLabelPair) } // Check for duplicate label names. diff --git a/vendor/github.com/prometheus/common/model/labels.go b/vendor/github.com/prometheus/common/model/labels.go index f4a387605f..de83afe93e 100644 --- a/vendor/github.com/prometheus/common/model/labels.go +++ b/vendor/github.com/prometheus/common/model/labels.go @@ -122,7 +122,8 @@ func (ln LabelName) IsValidLegacy() bool { return false } for i, b := range ln { - if !((b >= 'a' && b <= 'z') || (b >= 'A' && b <= 'Z') || b == '_' || (b >= '0' && b <= '9' && i > 0)) { + // TODO: Apply De Morgan's law. Make sure there are tests for this. + if !((b >= 'a' && b <= 'z') || (b >= 'A' && b <= 'Z') || b == '_' || (b >= '0' && b <= '9' && i > 0)) { //nolint:staticcheck return false } } diff --git a/vendor/golang.org/x/oauth2/internal/doc.go b/vendor/golang.org/x/oauth2/internal/doc.go index 03265e888a..8c7c475f2d 100644 --- a/vendor/golang.org/x/oauth2/internal/doc.go +++ b/vendor/golang.org/x/oauth2/internal/doc.go @@ -2,5 +2,5 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// Package internal contains support packages for oauth2 package. +// Package internal contains support packages for [golang.org/x/oauth2]. package internal diff --git a/vendor/golang.org/x/oauth2/internal/oauth2.go b/vendor/golang.org/x/oauth2/internal/oauth2.go index 14989beaf4..71ea6ad1f5 100644 --- a/vendor/golang.org/x/oauth2/internal/oauth2.go +++ b/vendor/golang.org/x/oauth2/internal/oauth2.go @@ -13,7 +13,7 @@ import ( ) // ParseKey converts the binary contents of a private key file -// to an *rsa.PrivateKey. It detects whether the private key is in a +// to an [*rsa.PrivateKey]. It detects whether the private key is in a // PEM container or not. If so, it extracts the private key // from PEM container before conversion. It only supports PEM // containers with no passphrase. diff --git a/vendor/golang.org/x/oauth2/internal/token.go b/vendor/golang.org/x/oauth2/internal/token.go index e83ddeef0f..8389f24629 100644 --- a/vendor/golang.org/x/oauth2/internal/token.go +++ b/vendor/golang.org/x/oauth2/internal/token.go @@ -10,7 +10,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "math" "mime" "net/http" @@ -26,9 +25,9 @@ import ( // the requests to access protected resources on the OAuth 2.0 // provider's backend. // -// This type is a mirror of oauth2.Token and exists to break +// This type is a mirror of [golang.org/x/oauth2.Token] and exists to break // an otherwise-circular dependency. Other internal packages -// should convert this Token into an oauth2.Token before use. +// should convert this Token into an [golang.org/x/oauth2.Token] before use. type Token struct { // AccessToken is the token that authorizes and authenticates // the requests. @@ -50,9 +49,16 @@ type Token struct { // mechanisms for that TokenSource will not be used. Expiry time.Time + // ExpiresIn is the OAuth2 wire format "expires_in" field, + // which specifies how many seconds later the token expires, + // relative to an unknown time base approximately around "now". + // It is the application's responsibility to populate + // `Expiry` from `ExpiresIn` when required. + ExpiresIn int64 `json:"expires_in,omitempty"` + // Raw optionally contains extra metadata from the server // when updating a token. - Raw interface{} + Raw any } // tokenJSON is the struct representing the HTTP response from OAuth2 @@ -99,14 +105,6 @@ func (e *expirationTime) UnmarshalJSON(b []byte) error { return nil } -// RegisterBrokenAuthHeaderProvider previously did something. It is now a no-op. -// -// Deprecated: this function no longer does anything. Caller code that -// wants to avoid potential extra HTTP requests made during -// auto-probing of the provider's auth style should set -// Endpoint.AuthStyle. -func RegisterBrokenAuthHeaderProvider(tokenURL string) {} - // AuthStyle is a copy of the golang.org/x/oauth2 package's AuthStyle type. type AuthStyle int @@ -143,6 +141,11 @@ func (lc *LazyAuthStyleCache) Get() *AuthStyleCache { return c } +type authStyleCacheKey struct { + url string + clientID string +} + // AuthStyleCache is the set of tokenURLs we've successfully used via // RetrieveToken and which style auth we ended up using. // It's called a cache, but it doesn't (yet?) shrink. It's expected that @@ -150,26 +153,26 @@ func (lc *LazyAuthStyleCache) Get() *AuthStyleCache { // small. type AuthStyleCache struct { mu sync.Mutex - m map[string]AuthStyle // keyed by tokenURL + m map[authStyleCacheKey]AuthStyle } // lookupAuthStyle reports which auth style we last used with tokenURL // when calling RetrieveToken and whether we have ever done so. -func (c *AuthStyleCache) lookupAuthStyle(tokenURL string) (style AuthStyle, ok bool) { +func (c *AuthStyleCache) lookupAuthStyle(tokenURL, clientID string) (style AuthStyle, ok bool) { c.mu.Lock() defer c.mu.Unlock() - style, ok = c.m[tokenURL] + style, ok = c.m[authStyleCacheKey{tokenURL, clientID}] return } // setAuthStyle adds an entry to authStyleCache, documented above. -func (c *AuthStyleCache) setAuthStyle(tokenURL string, v AuthStyle) { +func (c *AuthStyleCache) setAuthStyle(tokenURL, clientID string, v AuthStyle) { c.mu.Lock() defer c.mu.Unlock() if c.m == nil { - c.m = make(map[string]AuthStyle) + c.m = make(map[authStyleCacheKey]AuthStyle) } - c.m[tokenURL] = v + c.m[authStyleCacheKey{tokenURL, clientID}] = v } // newTokenRequest returns a new *http.Request to retrieve a new token @@ -210,9 +213,9 @@ func cloneURLValues(v url.Values) url.Values { } func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, v url.Values, authStyle AuthStyle, styleCache *AuthStyleCache) (*Token, error) { - needsAuthStyleProbe := authStyle == 0 + needsAuthStyleProbe := authStyle == AuthStyleUnknown if needsAuthStyleProbe { - if style, ok := styleCache.lookupAuthStyle(tokenURL); ok { + if style, ok := styleCache.lookupAuthStyle(tokenURL, clientID); ok { authStyle = style needsAuthStyleProbe = false } else { @@ -242,7 +245,7 @@ func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, token, err = doTokenRoundTrip(ctx, req) } if needsAuthStyleProbe && err == nil { - styleCache.setAuthStyle(tokenURL, authStyle) + styleCache.setAuthStyle(tokenURL, clientID, authStyle) } // Don't overwrite `RefreshToken` with an empty value // if this was a token refreshing request. @@ -257,7 +260,7 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) { if err != nil { return nil, err } - body, err := ioutil.ReadAll(io.LimitReader(r.Body, 1<<20)) + body, err := io.ReadAll(io.LimitReader(r.Body, 1<<20)) r.Body.Close() if err != nil { return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err) @@ -312,7 +315,8 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) { TokenType: tj.TokenType, RefreshToken: tj.RefreshToken, Expiry: tj.expiry(), - Raw: make(map[string]interface{}), + ExpiresIn: int64(tj.ExpiresIn), + Raw: make(map[string]any), } json.Unmarshal(body, &token.Raw) // no error checks for optional fields } diff --git a/vendor/golang.org/x/oauth2/internal/transport.go b/vendor/golang.org/x/oauth2/internal/transport.go index b9db01ddfd..afc0aeb274 100644 --- a/vendor/golang.org/x/oauth2/internal/transport.go +++ b/vendor/golang.org/x/oauth2/internal/transport.go @@ -9,8 +9,8 @@ import ( "net/http" ) -// HTTPClient is the context key to use with golang.org/x/net/context's -// WithValue function to associate an *http.Client value with a context. +// HTTPClient is the context key to use with [context.WithValue] +// to associate an [*http.Client] value with a context. var HTTPClient ContextKey // ContextKey is just an empty struct. It exists so HTTPClient can be diff --git a/vendor/golang.org/x/oauth2/oauth2.go b/vendor/golang.org/x/oauth2/oauth2.go index eacdd7fd93..de34feb844 100644 --- a/vendor/golang.org/x/oauth2/oauth2.go +++ b/vendor/golang.org/x/oauth2/oauth2.go @@ -22,9 +22,9 @@ import ( ) // NoContext is the default context you should supply if not using -// your own context.Context (see https://golang.org/x/net/context). +// your own [context.Context]. // -// Deprecated: Use context.Background() or context.TODO() instead. +// Deprecated: Use [context.Background] or [context.TODO] instead. var NoContext = context.TODO() // RegisterBrokenAuthHeaderProvider previously did something. It is now a no-op. @@ -37,8 +37,8 @@ func RegisterBrokenAuthHeaderProvider(tokenURL string) {} // Config describes a typical 3-legged OAuth2 flow, with both the // client application information and the server's endpoint URLs. -// For the client credentials 2-legged OAuth2 flow, see the clientcredentials -// package (https://golang.org/x/oauth2/clientcredentials). +// For the client credentials 2-legged OAuth2 flow, see the +// [golang.org/x/oauth2/clientcredentials] package. type Config struct { // ClientID is the application's ID. ClientID string @@ -46,7 +46,7 @@ type Config struct { // ClientSecret is the application's secret. ClientSecret string - // Endpoint contains the resource server's token endpoint + // Endpoint contains the authorization server's token endpoint // URLs. These are constants specific to each server and are // often available via site-specific packages, such as // google.Endpoint or github.Endpoint. @@ -135,7 +135,7 @@ type setParam struct{ k, v string } func (p setParam) setValue(m url.Values) { m.Set(p.k, p.v) } -// SetAuthURLParam builds an AuthCodeOption which passes key/value parameters +// SetAuthURLParam builds an [AuthCodeOption] which passes key/value parameters // to a provider's authorization endpoint. func SetAuthURLParam(key, value string) AuthCodeOption { return setParam{key, value} @@ -148,8 +148,8 @@ func SetAuthURLParam(key, value string) AuthCodeOption { // request and callback. The authorization server includes this value when // redirecting the user agent back to the client. // -// Opts may include AccessTypeOnline or AccessTypeOffline, as well -// as ApprovalForce. +// Opts may include [AccessTypeOnline] or [AccessTypeOffline], as well +// as [ApprovalForce]. // // To protect against CSRF attacks, opts should include a PKCE challenge // (S256ChallengeOption). Not all servers support PKCE. An alternative is to @@ -194,7 +194,7 @@ func (c *Config) AuthCodeURL(state string, opts ...AuthCodeOption) string { // and when other authorization grant types are not available." // See https://tools.ietf.org/html/rfc6749#section-4.3 for more info. // -// The provided context optionally controls which HTTP client is used. See the HTTPClient variable. +// The provided context optionally controls which HTTP client is used. See the [HTTPClient] variable. func (c *Config) PasswordCredentialsToken(ctx context.Context, username, password string) (*Token, error) { v := url.Values{ "grant_type": {"password"}, @@ -212,10 +212,10 @@ func (c *Config) PasswordCredentialsToken(ctx context.Context, username, passwor // It is used after a resource provider redirects the user back // to the Redirect URI (the URL obtained from AuthCodeURL). // -// The provided context optionally controls which HTTP client is used. See the HTTPClient variable. +// The provided context optionally controls which HTTP client is used. See the [HTTPClient] variable. // -// The code will be in the *http.Request.FormValue("code"). Before -// calling Exchange, be sure to validate FormValue("state") if you are +// The code will be in the [http.Request.FormValue]("code"). Before +// calling Exchange, be sure to validate [http.Request.FormValue]("state") if you are // using it to protect against CSRF attacks. // // If using PKCE to protect against CSRF attacks, opts should include a @@ -242,10 +242,10 @@ func (c *Config) Client(ctx context.Context, t *Token) *http.Client { return NewClient(ctx, c.TokenSource(ctx, t)) } -// TokenSource returns a TokenSource that returns t until t expires, +// TokenSource returns a [TokenSource] that returns t until t expires, // automatically refreshing it as necessary using the provided context. // -// Most users will use Config.Client instead. +// Most users will use [Config.Client] instead. func (c *Config) TokenSource(ctx context.Context, t *Token) TokenSource { tkr := &tokenRefresher{ ctx: ctx, @@ -260,7 +260,7 @@ func (c *Config) TokenSource(ctx context.Context, t *Token) TokenSource { } } -// tokenRefresher is a TokenSource that makes "grant_type"=="refresh_token" +// tokenRefresher is a TokenSource that makes "grant_type=refresh_token" // HTTP requests to renew a token using a RefreshToken. type tokenRefresher struct { ctx context.Context // used to get HTTP requests @@ -305,8 +305,7 @@ type reuseTokenSource struct { } // Token returns the current token if it's still valid, else will -// refresh the current token (using r.Context for HTTP client -// information) and return the new one. +// refresh the current token and return the new one. func (s *reuseTokenSource) Token() (*Token, error) { s.mu.Lock() defer s.mu.Unlock() @@ -322,7 +321,7 @@ func (s *reuseTokenSource) Token() (*Token, error) { return t, nil } -// StaticTokenSource returns a TokenSource that always returns the same token. +// StaticTokenSource returns a [TokenSource] that always returns the same token. // Because the provided token t is never refreshed, StaticTokenSource is only // useful for tokens that never expire. func StaticTokenSource(t *Token) TokenSource { @@ -338,16 +337,16 @@ func (s staticTokenSource) Token() (*Token, error) { return s.t, nil } -// HTTPClient is the context key to use with golang.org/x/net/context's -// WithValue function to associate an *http.Client value with a context. +// HTTPClient is the context key to use with [context.WithValue] +// to associate a [*http.Client] value with a context. var HTTPClient internal.ContextKey -// NewClient creates an *http.Client from a Context and TokenSource. +// NewClient creates an [*http.Client] from a [context.Context] and [TokenSource]. // The returned client is not valid beyond the lifetime of the context. // -// Note that if a custom *http.Client is provided via the Context it +// Note that if a custom [*http.Client] is provided via the [context.Context] it // is used only for token acquisition and is not used to configure the -// *http.Client returned from NewClient. +// [*http.Client] returned from NewClient. // // As a special case, if src is nil, a non-OAuth2 client is returned // using the provided context. This exists to support related OAuth2 @@ -368,7 +367,7 @@ func NewClient(ctx context.Context, src TokenSource) *http.Client { } } -// ReuseTokenSource returns a TokenSource which repeatedly returns the +// ReuseTokenSource returns a [TokenSource] which repeatedly returns the // same token as long as it's valid, starting with t. // When its cached token is invalid, a new token is obtained from src. // @@ -376,10 +375,10 @@ func NewClient(ctx context.Context, src TokenSource) *http.Client { // (such as a file on disk) between runs of a program, rather than // obtaining new tokens unnecessarily. // -// The initial token t may be nil, in which case the TokenSource is +// The initial token t may be nil, in which case the [TokenSource] is // wrapped in a caching version if it isn't one already. This also // means it's always safe to wrap ReuseTokenSource around any other -// TokenSource without adverse effects. +// [TokenSource] without adverse effects. func ReuseTokenSource(t *Token, src TokenSource) TokenSource { // Don't wrap a reuseTokenSource in itself. That would work, // but cause an unnecessary number of mutex operations. @@ -397,8 +396,8 @@ func ReuseTokenSource(t *Token, src TokenSource) TokenSource { } } -// ReuseTokenSourceWithExpiry returns a TokenSource that acts in the same manner as the -// TokenSource returned by ReuseTokenSource, except the expiry buffer is +// ReuseTokenSourceWithExpiry returns a [TokenSource] that acts in the same manner as the +// [TokenSource] returned by [ReuseTokenSource], except the expiry buffer is // configurable. The expiration time of a token is calculated as // t.Expiry.Add(-earlyExpiry). func ReuseTokenSourceWithExpiry(t *Token, src TokenSource, earlyExpiry time.Duration) TokenSource { diff --git a/vendor/golang.org/x/oauth2/pkce.go b/vendor/golang.org/x/oauth2/pkce.go index 6a95da975c..cea8374d51 100644 --- a/vendor/golang.org/x/oauth2/pkce.go +++ b/vendor/golang.org/x/oauth2/pkce.go @@ -1,6 +1,7 @@ // Copyright 2023 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. + package oauth2 import ( @@ -20,9 +21,9 @@ const ( // This follows recommendations in RFC 7636. // // A fresh verifier should be generated for each authorization. -// S256ChallengeOption(verifier) should then be passed to Config.AuthCodeURL -// (or Config.DeviceAuth) and VerifierOption(verifier) to Config.Exchange -// (or Config.DeviceAccessToken). +// The resulting verifier should be passed to [Config.AuthCodeURL] or [Config.DeviceAuth] +// with [S256ChallengeOption], and to [Config.Exchange] or [Config.DeviceAccessToken] +// with [VerifierOption]. func GenerateVerifier() string { // "RECOMMENDED that the output of a suitable random number generator be // used to create a 32-octet sequence. The octet sequence is then @@ -36,22 +37,22 @@ func GenerateVerifier() string { return base64.RawURLEncoding.EncodeToString(data) } -// VerifierOption returns a PKCE code verifier AuthCodeOption. It should be -// passed to Config.Exchange or Config.DeviceAccessToken only. +// VerifierOption returns a PKCE code verifier [AuthCodeOption]. It should only be +// passed to [Config.Exchange] or [Config.DeviceAccessToken]. func VerifierOption(verifier string) AuthCodeOption { return setParam{k: codeVerifierKey, v: verifier} } // S256ChallengeFromVerifier returns a PKCE code challenge derived from verifier with method S256. // -// Prefer to use S256ChallengeOption where possible. +// Prefer to use [S256ChallengeOption] where possible. func S256ChallengeFromVerifier(verifier string) string { sha := sha256.Sum256([]byte(verifier)) return base64.RawURLEncoding.EncodeToString(sha[:]) } // S256ChallengeOption derives a PKCE code challenge derived from verifier with -// method S256. It should be passed to Config.AuthCodeURL or Config.DeviceAuth +// method S256. It should be passed to [Config.AuthCodeURL] or [Config.DeviceAuth] // only. func S256ChallengeOption(verifier string) AuthCodeOption { return challengeOption{ diff --git a/vendor/golang.org/x/oauth2/token.go b/vendor/golang.org/x/oauth2/token.go index 8c31136c40..239ec32962 100644 --- a/vendor/golang.org/x/oauth2/token.go +++ b/vendor/golang.org/x/oauth2/token.go @@ -44,7 +44,7 @@ type Token struct { // Expiry is the optional expiration time of the access token. // - // If zero, TokenSource implementations will reuse the same + // If zero, [TokenSource] implementations will reuse the same // token forever and RefreshToken or equivalent // mechanisms for that TokenSource will not be used. Expiry time.Time `json:"expiry,omitempty"` @@ -58,7 +58,7 @@ type Token struct { // raw optionally contains extra metadata from the server // when updating a token. - raw interface{} + raw any // expiryDelta is used to calculate when a token is considered // expired, by subtracting from Expiry. If zero, defaultExpiryDelta @@ -86,16 +86,16 @@ func (t *Token) Type() string { // SetAuthHeader sets the Authorization header to r using the access // token in t. // -// This method is unnecessary when using Transport or an HTTP Client +// This method is unnecessary when using [Transport] or an HTTP Client // returned by this package. func (t *Token) SetAuthHeader(r *http.Request) { r.Header.Set("Authorization", t.Type()+" "+t.AccessToken) } -// WithExtra returns a new Token that's a clone of t, but using the +// WithExtra returns a new [Token] that's a clone of t, but using the // provided raw extra map. This is only intended for use by packages // implementing derivative OAuth2 flows. -func (t *Token) WithExtra(extra interface{}) *Token { +func (t *Token) WithExtra(extra any) *Token { t2 := new(Token) *t2 = *t t2.raw = extra @@ -105,8 +105,8 @@ func (t *Token) WithExtra(extra interface{}) *Token { // Extra returns an extra field. // Extra fields are key-value pairs returned by the server as a // part of the token retrieval response. -func (t *Token) Extra(key string) interface{} { - if raw, ok := t.raw.(map[string]interface{}); ok { +func (t *Token) Extra(key string) any { + if raw, ok := t.raw.(map[string]any); ok { return raw[key] } @@ -163,6 +163,7 @@ func tokenFromInternal(t *internal.Token) *Token { TokenType: t.TokenType, RefreshToken: t.RefreshToken, Expiry: t.Expiry, + ExpiresIn: t.ExpiresIn, raw: t.Raw, } } diff --git a/vendor/golang.org/x/oauth2/transport.go b/vendor/golang.org/x/oauth2/transport.go index 90657915fb..8bbebbac9e 100644 --- a/vendor/golang.org/x/oauth2/transport.go +++ b/vendor/golang.org/x/oauth2/transport.go @@ -11,12 +11,12 @@ import ( "sync" ) -// Transport is an http.RoundTripper that makes OAuth 2.0 HTTP requests, -// wrapping a base RoundTripper and adding an Authorization header -// with a token from the supplied Sources. +// Transport is an [http.RoundTripper] that makes OAuth 2.0 HTTP requests, +// wrapping a base [http.RoundTripper] and adding an Authorization header +// with a token from the supplied [TokenSource]. // // Transport is a low-level mechanism. Most code will use the -// higher-level Config.Client method instead. +// higher-level [Config.Client] method instead. type Transport struct { // Source supplies the token to add to outgoing requests' // Authorization headers. @@ -47,7 +47,7 @@ func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) { return nil, err } - req2 := cloneRequest(req) // per RoundTripper contract + req2 := req.Clone(req.Context()) token.SetAuthHeader(req2) // req.Body is assumed to be closed by the base RoundTripper. @@ -73,17 +73,3 @@ func (t *Transport) base() http.RoundTripper { } return http.DefaultTransport } - -// cloneRequest returns a clone of the provided *http.Request. -// The clone is a shallow copy of the struct and its Header map. -func cloneRequest(r *http.Request) *http.Request { - // shallow copy of the struct - r2 := new(http.Request) - *r2 = *r - // deep copy of the Header - r2.Header = make(http.Header, len(r.Header)) - for k, s := range r.Header { - r2.Header[k] = append([]string(nil), s...) - } - return r2 -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 4a5e41ed16..200fc37958 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -830,7 +830,7 @@ github.com/operator-framework/operator-lifecycle-manager/pkg/package-server/stor github.com/operator-framework/operator-lifecycle-manager/pkg/package-server/version github.com/operator-framework/operator-lifecycle-manager/pkg/version github.com/operator-framework/operator-lifecycle-manager/util/cpb -# github.com/operator-framework/operator-registry v1.54.0 => ./staging/operator-registry +# github.com/operator-framework/operator-registry v1.55.0 => ./staging/operator-registry ## explicit; go 1.23.3 github.com/operator-framework/operator-registry/alpha/action github.com/operator-framework/operator-registry/alpha/action/migrations @@ -918,8 +918,8 @@ github.com/prometheus/client_golang/prometheus/testutil/promlint/validations # github.com/prometheus/client_model v0.6.2 ## explicit; go 1.22.0 github.com/prometheus/client_model/go -# github.com/prometheus/common v0.63.0 -## explicit; go 1.21 +# github.com/prometheus/common v0.64.0 +## explicit; go 1.23.0 github.com/prometheus/common/expfmt github.com/prometheus/common/model # github.com/prometheus/procfs v0.15.1 @@ -1202,7 +1202,7 @@ golang.org/x/net/internal/timeseries golang.org/x/net/proxy golang.org/x/net/trace golang.org/x/net/websocket -# golang.org/x/oauth2 v0.29.0 +# golang.org/x/oauth2 v0.30.0 ## explicit; go 1.23.0 golang.org/x/oauth2 golang.org/x/oauth2/internal @@ -1291,7 +1291,7 @@ google.golang.org/genproto/googleapis/api/httpbody ## explicit; go 1.23.0 google.golang.org/genproto/googleapis/rpc/errdetails google.golang.org/genproto/googleapis/rpc/status -# google.golang.org/grpc v1.72.0 => google.golang.org/grpc v1.63.2 +# google.golang.org/grpc v1.72.1 => google.golang.org/grpc v1.63.2 ## explicit; go 1.19 google.golang.org/grpc google.golang.org/grpc/attributes @@ -2238,8 +2238,8 @@ k8s.io/utils/path k8s.io/utils/pointer k8s.io/utils/ptr k8s.io/utils/trace -# oras.land/oras-go/v2 v2.5.0 -## explicit; go 1.21 +# oras.land/oras-go/v2 v2.6.0 +## explicit; go 1.23.0 oras.land/oras-go/v2/content oras.land/oras-go/v2/content/oci oras.land/oras-go/v2/errdef diff --git a/vendor/oras.land/oras-go/v2/content/oci/oci.go b/vendor/oras.land/oras-go/v2/content/oci/oci.go index 748aeecc6f..b7619c229d 100644 --- a/vendor/oras.land/oras-go/v2/content/oci/oci.go +++ b/vendor/oras.land/oras-go/v2/content/oci/oci.go @@ -14,7 +14,7 @@ limitations under the License. */ // Package oci provides access to an OCI content store. -// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0/image-layout.md +// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.1/image-layout.md package oci import ( @@ -44,7 +44,7 @@ import ( // Store implements `oras.Target`, and represents a content store // based on file system with the OCI-Image layout. -// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0/image-layout.md +// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.1/image-layout.md type Store struct { // AutoSaveIndex controls if the OCI store will automatically save the index // file when needed. @@ -157,10 +157,11 @@ func (s *Store) Exists(ctx context.Context, target ocispec.Descriptor) (bool, er // Delete deletes the content matching the descriptor from the store. Delete may // fail on certain systems (i.e. NTFS), if there is a process (i.e. an unclosed -// Reader) using target. If s.AutoGC is set to true, Delete will recursively -// remove the dangling blobs caused by the current delete. If s.AutoDeleteReferrers -// is set to true, Delete will recursively remove the referrers of the manifests -// being deleted. +// Reader) using target. +// - If s.AutoGC is set to true, Delete will recursively +// remove the dangling blobs caused by the current delete. +// - If s.AutoDeleteReferrers is set to true, Delete will recursively remove +// the referrers of the manifests being deleted. func (s *Store) Delete(ctx context.Context, target ocispec.Descriptor) error { s.sync.Lock() defer s.sync.Unlock() @@ -220,9 +221,18 @@ func (s *Store) delete(ctx context.Context, target ocispec.Descriptor) ([]ocispe return danglings, nil } -// Tag tags a descriptor with a reference string. -// reference should be a valid tag (e.g. "latest"). -// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0/image-layout.md#indexjson-file +// Tag associates a reference string (e.g. "latest") with the descriptor. +// The reference string is recorded in the "org.opencontainers.image.ref.name" +// annotation of the descriptor. When saved, the updated descriptor is persisted +// in the `index.json` file. +// +// - If the same reference string is tagged multiple times on different +// descriptors, the descriptor from the last call will be stored. +// - If the same descriptor is tagged multiple times with different reference +// strings, multiple copies of the descriptor with different reference tags +// will be stored in the `index.json` file. +// +// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.1/image-layout.md#indexjson-file func (s *Store) Tag(ctx context.Context, desc ocispec.Descriptor, reference string) error { s.sync.RLock() defer s.sync.RUnlock() @@ -260,11 +270,11 @@ func (s *Store) tag(ctx context.Context, desc ocispec.Descriptor, reference stri return nil } -// Resolve resolves a reference to a descriptor. If the reference to be resolved -// is a tag, the returned descriptor will be a full descriptor declared by -// github.com/opencontainers/image-spec/specs-go/v1. If the reference is a -// digest the returned descriptor will be a plain descriptor (containing only -// the digest, media type and size). +// Resolve resolves a reference to a descriptor. +// - If the reference to be resolved is a tag, the returned descriptor will be +// a full descriptor declared by github.com/opencontainers/image-spec/specs-go/v1. +// - If the reference is a digest, the returned descriptor will be a +// plain descriptor (containing only the digest, media type and size). func (s *Store) Resolve(ctx context.Context, reference string) (ocispec.Descriptor, error) { s.sync.RLock() defer s.sync.RUnlock() @@ -290,6 +300,13 @@ func (s *Store) Resolve(ctx context.Context, reference string) (ocispec.Descript return desc, nil } +// Untag disassociates a reference string from its descriptor. +// When saved, the descriptor entry cotanining the reference in the +// "org.opencontainers.image.ref.name" annotation is removed from the +// `index.json` file. +// The actual content identified by the descriptor is NOT deleted. +// +// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.1/image-layout.md#indexjson-file func (s *Store) Untag(ctx context.Context, reference string) error { if reference == "" { return errdef.ErrMissingReference @@ -379,6 +396,7 @@ func (s *Store) loadIndexFile(ctx context.Context) error { Versioned: specs.Versioned{ SchemaVersion: 2, // historical value }, + MediaType: ocispec.MediaTypeImageIndex, Manifests: []ocispec.Descriptor{}, } return s.writeIndexFile() diff --git a/vendor/oras.land/oras-go/v2/content/oci/readonlyoci.go b/vendor/oras.land/oras-go/v2/content/oci/readonlyoci.go index 3f1ee4ee0f..b7e64e87c2 100644 --- a/vendor/oras.land/oras-go/v2/content/oci/readonlyoci.go +++ b/vendor/oras.land/oras-go/v2/content/oci/readonlyoci.go @@ -36,7 +36,7 @@ import ( // ReadOnlyStore implements `oras.ReadonlyTarget`, and represents a read-only // content store based on file system with the OCI-Image layout. -// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0/image-layout.md +// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.1/image-layout.md type ReadOnlyStore struct { fsys fs.FS storage content.ReadOnlyStorage @@ -83,11 +83,11 @@ func (s *ReadOnlyStore) Exists(ctx context.Context, target ocispec.Descriptor) ( return s.storage.Exists(ctx, target) } -// Resolve resolves a reference to a descriptor. If the reference to be resolved -// is a tag, the returned descriptor will be a full descriptor declared by -// github.com/opencontainers/image-spec/specs-go/v1. If the reference is a -// digest the returned descriptor will be a plain descriptor (containing only -// the digest, media type and size). +// Resolve resolves a reference to a descriptor. +// - If the reference to be resolved is a tag, the returned descriptor will be +// a full descriptor declared by github.com/opencontainers/image-spec/specs-go/v1. +// - If the reference is a digest, the returned descriptor will be a +// plain descriptor (containing only the digest, media type and size). func (s *ReadOnlyStore) Resolve(ctx context.Context, reference string) (ocispec.Descriptor, error) { if reference == "" { return ocispec.Descriptor{}, errdef.ErrMissingReference diff --git a/vendor/oras.land/oras-go/v2/content/oci/readonlystorage.go b/vendor/oras.land/oras-go/v2/content/oci/readonlystorage.go index 50106d1d76..555426c57e 100644 --- a/vendor/oras.land/oras-go/v2/content/oci/readonlystorage.go +++ b/vendor/oras.land/oras-go/v2/content/oci/readonlystorage.go @@ -31,7 +31,7 @@ import ( // ReadOnlyStorage is a read-only CAS based on file system with the OCI-Image // layout. -// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0/image-layout.md +// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.1/image-layout.md type ReadOnlyStorage struct { fsys fs.FS } diff --git a/vendor/oras.land/oras-go/v2/content/oci/storage.go b/vendor/oras.land/oras-go/v2/content/oci/storage.go index 0a3dec3757..072617cbf1 100644 --- a/vendor/oras.land/oras-go/v2/content/oci/storage.go +++ b/vendor/oras.land/oras-go/v2/content/oci/storage.go @@ -43,7 +43,7 @@ var bufPool = sync.Pool{ } // Storage is a CAS based on file system with the OCI-Image layout. -// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0/image-layout.md +// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.1/image-layout.md type Storage struct { *ReadOnlyStorage // root is the root directory of the OCI layout. @@ -141,13 +141,16 @@ func (s *Storage) ingest(expected ocispec.Descriptor, content io.Reader) (path s path = fp.Name() defer func() { - // remove the temp file in case of error. - // this executes after the file is closed. + // close the temp file and check close error + if err := fp.Close(); err != nil && ingestErr == nil { + ingestErr = fmt.Errorf("failed to close ingest file: %w", err) + } + + // remove the temp file in case of error if ingestErr != nil { os.Remove(path) } }() - defer fp.Close() buf := bufPool.Get().(*[]byte) defer bufPool.Put(buf) diff --git a/vendor/oras.land/oras-go/v2/content/reader.go b/vendor/oras.land/oras-go/v2/content/reader.go index e575378e31..37bab5e1b2 100644 --- a/vendor/oras.land/oras-go/v2/content/reader.go +++ b/vendor/oras.land/oras-go/v2/content/reader.go @@ -99,6 +99,11 @@ func (vr *VerifyReader) Verify() error { // NewVerifyReader wraps r for reading content with verification against desc. func NewVerifyReader(r io.Reader, desc ocispec.Descriptor) *VerifyReader { + if err := desc.Digest.Validate(); err != nil { + return &VerifyReader{ + err: fmt.Errorf("failed to validate %s: %w", desc.Digest, err), + } + } verifier := desc.Digest.Verifier() lr := &io.LimitedReader{ R: io.TeeReader(r, verifier), diff --git a/vendor/oras.land/oras-go/v2/internal/fs/tarfs/tarfs.go b/vendor/oras.land/oras-go/v2/internal/fs/tarfs/tarfs.go index a7a0a6c14e..303881c696 100644 --- a/vendor/oras.land/oras-go/v2/internal/fs/tarfs/tarfs.go +++ b/vendor/oras.land/oras-go/v2/internal/fs/tarfs/tarfs.go @@ -22,6 +22,7 @@ import ( "io" "io/fs" "os" + "path" "path/filepath" "oras.land/oras-go/v2/errdef" @@ -67,7 +68,7 @@ func New(path string) (*TarFS, error) { // ValidPath(name), returning a *PathError with Err set to // ErrInvalid or ErrNotExist. func (tfs *TarFS) Open(name string) (file fs.File, openErr error) { - entry, err := tfs.getEntry(name) + entry, err := tfs.getEntry("open", name) if err != nil { return nil, err } @@ -98,7 +99,7 @@ func (tfs *TarFS) Open(name string) (file fs.File, openErr error) { // Stat returns a FileInfo describing the file. // If there is an error, it should be of type *PathError. func (tfs *TarFS) Stat(name string) (fs.FileInfo, error) { - entry, err := tfs.getEntry(name) + entry, err := tfs.getEntry("stat", name) if err != nil { return nil, err } @@ -106,18 +107,18 @@ func (tfs *TarFS) Stat(name string) (fs.FileInfo, error) { } // getEntry returns the named entry. -func (tfs *TarFS) getEntry(name string) (*entry, error) { - if !fs.ValidPath(name) { - return nil, &fs.PathError{Path: name, Err: fs.ErrInvalid} +func (tfs *TarFS) getEntry(operation string, path string) (*entry, error) { + if !fs.ValidPath(path) { + return nil, &fs.PathError{Op: operation, Path: path, Err: fs.ErrInvalid} } - entry, ok := tfs.entries[name] + entry, ok := tfs.entries[path] if !ok { - return nil, &fs.PathError{Path: name, Err: fs.ErrNotExist} + return nil, &fs.PathError{Op: operation, Path: path, Err: fs.ErrNotExist} } if entry.header.Typeflag != tar.TypeReg { // support regular files only return nil, fmt.Errorf("%s: type flag %c is not supported: %w", - name, entry.header.Typeflag, errdef.ErrUnsupported) + path, entry.header.Typeflag, errdef.ErrUnsupported) } return entry, nil } @@ -143,12 +144,13 @@ func (tfs *TarFS) indexEntries() error { if err != nil { return err } - tfs.entries[header.Name] = &entry{ + + name := path.Clean(header.Name) + tfs.entries[name] = &entry{ header: header, pos: pos - blockSize, } } - return nil } diff --git a/vendor/oras.land/oras-go/v2/internal/resolver/memory.go b/vendor/oras.land/oras-go/v2/internal/resolver/memory.go index 092a29e97b..df710e66de 100644 --- a/vendor/oras.land/oras-go/v2/internal/resolver/memory.go +++ b/vendor/oras.land/oras-go/v2/internal/resolver/memory.go @@ -17,6 +17,7 @@ package resolver import ( "context" + "fmt" "maps" "sync" @@ -48,7 +49,7 @@ func (m *Memory) Resolve(_ context.Context, reference string) (ocispec.Descripto desc, ok := m.index[reference] if !ok { - return ocispec.Descriptor{}, errdef.ErrNotFound + return ocispec.Descriptor{}, fmt.Errorf("%s: %w", reference, errdef.ErrNotFound) } return desc, nil } diff --git a/vendor/oras.land/oras-go/v2/internal/syncutil/limit.go b/vendor/oras.land/oras-go/v2/internal/syncutil/limit.go index 2a05d4ea28..e429f24f47 100644 --- a/vendor/oras.land/oras-go/v2/internal/syncutil/limit.go +++ b/vendor/oras.land/oras-go/v2/internal/syncutil/limit.go @@ -67,18 +67,41 @@ type GoFunc[T any] func(ctx context.Context, region *LimitedRegion, t T) error // Go concurrently invokes fn on items. func Go[T any](ctx context.Context, limiter *semaphore.Weighted, fn GoFunc[T], items ...T) error { + ctx, cancel := context.WithCancelCause(ctx) + defer cancel(nil) + eg, egCtx := errgroup.WithContext(ctx) for _, item := range items { - region := LimitRegion(ctx, limiter) + region := LimitRegion(egCtx, limiter) if err := region.Start(); err != nil { - return err + cancel(err) + // break loop instead of returning to allow previously scheduled + // goroutines to finish their deferred region.End() calls + break } - eg.Go(func(t T) func() error { + + eg.Go(func(t T, lr *LimitedRegion) func() error { return func() error { - defer region.End() - return fn(egCtx, region, t) + defer lr.End() + + select { + case <-egCtx.Done(): + // skip the task if the context is already cancelled + return nil + default: + } + + if err := fn(egCtx, lr, t); err != nil { + cancel(err) + return err + } + return nil } - }(item)) + }(item, region)) + } + + if err := eg.Wait(); err != nil { + cancel(err) } - return eg.Wait() + return context.Cause(ctx) } diff --git a/vendor/oras.land/oras-go/v2/internal/syncutil/limitgroup.go b/vendor/oras.land/oras-go/v2/internal/syncutil/limitgroup.go index 1071bedc90..4ef087dcc0 100644 --- a/vendor/oras.land/oras-go/v2/internal/syncutil/limitgroup.go +++ b/vendor/oras.land/oras-go/v2/internal/syncutil/limitgroup.go @@ -21,7 +21,7 @@ import ( "golang.org/x/sync/errgroup" ) -// A LimitedGroup is a collection of goroutines working on subtasks that are part of +// LimitedGroup is a collection of goroutines working on subtasks that are part of // the same overall task. type LimitedGroup struct { grp *errgroup.Group diff --git a/vendor/oras.land/oras-go/v2/registry/reference.go b/vendor/oras.land/oras-go/v2/registry/reference.go index fc3e95e559..54c72fd29c 100644 --- a/vendor/oras.land/oras-go/v2/registry/reference.go +++ b/vendor/oras.land/oras-go/v2/registry/reference.go @@ -34,13 +34,13 @@ var ( // // References: // - https://github.com/distribution/distribution/blob/v2.7.1/reference/regexp.go#L53 - // - https://github.com/opencontainers/distribution-spec/blob/v1.1.0/spec.md#pulling-manifests + // - https://github.com/opencontainers/distribution-spec/blob/v1.1.1/spec.md#pulling-manifests repositoryRegexp = regexp.MustCompile(`^[a-z0-9]+(?:(?:[._]|__|[-]*)[a-z0-9]+)*(?:/[a-z0-9]+(?:(?:[._]|__|[-]*)[a-z0-9]+)*)*$`) // tagRegexp checks the tag name. // The docker and OCI spec have the same regular expression. // - // Reference: https://github.com/opencontainers/distribution-spec/blob/v1.1.0/spec.md#pulling-manifests + // Reference: https://github.com/opencontainers/distribution-spec/blob/v1.1.1/spec.md#pulling-manifests tagRegexp = regexp.MustCompile(`^[\w][\w.-]{0,127}$`) ) diff --git a/vendor/oras.land/oras-go/v2/registry/registry.go b/vendor/oras.land/oras-go/v2/registry/registry.go index e1da0ab9c7..4736efa84f 100644 --- a/vendor/oras.land/oras-go/v2/registry/registry.go +++ b/vendor/oras.land/oras-go/v2/registry/registry.go @@ -31,7 +31,7 @@ type Registry interface { // Note: When implemented by a remote registry, the catalog API is called. // However, not all registries supports pagination or conforms the // specification. - // Reference: https://docs.docker.com/registry/spec/api/#catalog + // Reference: https://distribution.github.io/distribution/spec/api/#catalog // See also `Repositories()` in this package. Repositories(ctx context.Context, last string, fn func(repos []string) error) error diff --git a/vendor/oras.land/oras-go/v2/registry/repository.go b/vendor/oras.land/oras-go/v2/registry/repository.go index 84a50e2af2..367f2d0f91 100644 --- a/vendor/oras.land/oras-go/v2/registry/repository.go +++ b/vendor/oras.land/oras-go/v2/registry/repository.go @@ -30,7 +30,7 @@ import ( // Repository is an ORAS target and an union of the blob and the manifest CASs. // -// As specified by https://docs.docker.com/registry/spec/api/, it is natural to +// As specified by https://distribution.github.io/distribution/spec/api/, it is natural to // assume that content.Resolver interface only works for manifests. Tagging a // blob may be resulted in an `ErrUnsupported` error. However, this interface // does not restrict tagging blobs. @@ -87,7 +87,7 @@ type ReferenceFetcher interface { } // ReferrerLister provides the Referrers API. -// Reference: https://github.com/opencontainers/distribution-spec/blob/v1.1.0/spec.md#listing-referrers +// Reference: https://github.com/opencontainers/distribution-spec/blob/v1.1.1/spec.md#listing-referrers type ReferrerLister interface { Referrers(ctx context.Context, desc ocispec.Descriptor, artifactType string, fn func(referrers []ocispec.Descriptor) error) error } @@ -109,8 +109,8 @@ type TagLister interface { // specification. // // References: - // - https://github.com/opencontainers/distribution-spec/blob/v1.1.0/spec.md#content-discovery - // - https://docs.docker.com/registry/spec/api/#tags + // - https://github.com/opencontainers/distribution-spec/blob/v1.1.1/spec.md#content-discovery + // - https://distribution.github.io/distribution/spec/api/#tags // See also `Tags()` in this package. Tags(ctx context.Context, last string, fn func(tags []string) error) error } @@ -143,7 +143,7 @@ func Tags(ctx context.Context, repo TagLister) ([]string, error) { // Referrers lists the descriptors of image or artifact manifests directly // referencing the given manifest descriptor. // -// Reference: https://github.com/opencontainers/distribution-spec/blob/v1.1.0/spec.md#listing-referrers +// Reference: https://github.com/opencontainers/distribution-spec/blob/v1.1.1/spec.md#listing-referrers func Referrers(ctx context.Context, store content.ReadOnlyGraphStorage, desc ocispec.Descriptor, artifactType string) ([]ocispec.Descriptor, error) { if !descriptor.IsManifest(desc) { return nil, fmt.Errorf("the descriptor %v is not a manifest: %w", desc, errdef.ErrUnsupported)