Bump go libraries (#11023)

* Bump go libraries * Fix update codegen execution * Fix errors on klog * Fix gzip test * Bump libraries on webhook certgen * Fix webhook-certgen compilation
2024-02-27 14:52:42 -03:00 · 2024-02-27 14:52:42 -03:00 · fa0bf81984
commit fa0bf81984
parent b4ea953cce
16 changed files with 765 additions and 1245 deletions
--- a/test/e2e/settings/gzip.go
+++ b/test/e2e/settings/gzip.go
@ -33,8 +33,8 @@ var _ = framework.DescribeSetting("gzip", func() {
 	host := "gzip"

 	ginkgo.BeforeEach(func() {
-		f.NewHttpbinDeployment()
-		f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBinService, 80, nil))
+		f.NewHttpbunDeployment()
+		f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.Namespace, framework.HTTPBunService, 80, nil))
 	})

 	ginkgo.It("should be disabled by default", func() {
--- a/test/e2e/settings/pod_security_policy.go
+++ b/test/e2e/settings/pod_security_policy.go
@ -1,142 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package settings
-
-import (
-	"context"
-	"net/http"
-	"strconv"
-	"strings"
-
-	"github.com/onsi/ginkgo/v2"
-	"github.com/stretchr/testify/assert"
-	appsv1 "k8s.io/api/apps/v1"
-	corev1 "k8s.io/api/core/v1"
-	policyv1beta1 "k8s.io/api/policy/v1beta1"
-	rbacv1 "k8s.io/api/rbac/v1"
-	k8sErrors "k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-	"k8s.io/ingress-nginx/test/e2e/framework"
-)
-
-const (
-	ingressControllerPSP = "ingress-controller-psp"
-)
-
-var _ = framework.IngressNginxDescribe("[Security] Pod Security Policies", func() {
-	f := framework.NewDefaultFramework("pod-security-policies")
-
-	ginkgo.It("should be running with a Pod Security Policy", func() {
-		k8sversion, err := f.KubeClientSet.Discovery().ServerVersion()
-		if err != nil {
-			assert.Nil(ginkgo.GinkgoT(), err, "getting version")
-		}
-
-		numversion, err := strconv.Atoi(k8sversion.Minor)
-		if err != nil {
-			assert.Nil(ginkgo.GinkgoT(), err, "converting version")
-		}
-
-		if numversion > 24 {
-			ginkgo.Skip("PSP not supported in this version")
-		}
-
-		psp := createPodSecurityPolicy()
-		_, err = f.KubeClientSet.PolicyV1beta1().PodSecurityPolicies().Create(context.TODO(), psp, metav1.CreateOptions{})
-		if !k8sErrors.IsAlreadyExists(err) {
-			assert.Nil(ginkgo.GinkgoT(), err, "creating Pod Security Policy")
-		}
-
-		role, err := f.KubeClientSet.RbacV1().Roles(f.Namespace).Get(context.TODO(), "nginx-ingress", metav1.GetOptions{})
-		assert.Nil(ginkgo.GinkgoT(), err, "getting ingress controller cluster role")
-		assert.NotNil(ginkgo.GinkgoT(), role)
-
-		role.Rules = append(role.Rules, rbacv1.PolicyRule{
-			APIGroups:     []string{"policy"},
-			Resources:     []string{"podsecuritypolicies"},
-			ResourceNames: []string{ingressControllerPSP},
-			Verbs:         []string{"use"},
-		})
-
-		_, err = f.KubeClientSet.RbacV1().Roles(f.Namespace).Update(context.TODO(), role, metav1.UpdateOptions{})
-		assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller cluster role to use a pod security policy")
-
-		// update the deployment just to trigger a rolling update and the use of the security policy
-		err = f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error {
-			args := deployment.Spec.Template.Spec.Containers[0].Args
-			args = append(args, "--v=2")
-			deployment.Spec.Template.Spec.Containers[0].Args = args
-			_, err := f.KubeClientSet.AppsV1().Deployments(f.Namespace).Update(context.TODO(), deployment, metav1.UpdateOptions{})
-
-			return err
-		})
-		assert.Nil(ginkgo.GinkgoT(), err, "unexpected error updating ingress controller deployment flags")
-
-		f.WaitForNginxListening(80)
-
-		f.NewEchoDeployment()
-
-		f.WaitForNginxConfiguration(
-			func(cfg string) bool {
-				return strings.Contains(cfg, "server_tokens off")
-			})
-
-		f.HTTPTestClient().
-			GET("/").
-			WithHeader("Host", "foo.bar.com").
-			Expect().
-			Status(http.StatusNotFound)
-	})
-})
-
-func createPodSecurityPolicy() *policyv1beta1.PodSecurityPolicy {
-	trueValue := true
-	return &policyv1beta1.PodSecurityPolicy{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: ingressControllerPSP,
-		},
-		Spec: policyv1beta1.PodSecurityPolicySpec{
-			AllowPrivilegeEscalation: &trueValue,
-			RequiredDropCapabilities: []corev1.Capability{"All"},
-			RunAsUser: policyv1beta1.RunAsUserStrategyOptions{
-				Rule: "RunAsAny",
-			},
-			SELinux: policyv1beta1.SELinuxStrategyOptions{
-				Rule: "RunAsAny",
-			},
-			FSGroup: policyv1beta1.FSGroupStrategyOptions{
-				Ranges: []policyv1beta1.IDRange{
-					{
-						Min: 1,
-						Max: 65535,
-					},
-				},
-				Rule: "MustRunAs",
-			},
-			SupplementalGroups: policyv1beta1.SupplementalGroupsStrategyOptions{
-				Ranges: []policyv1beta1.IDRange{
-					{
-						Min: 1,
-						Max: 65535,
-					},
-				},
-				Rule: "MustRunAs",
-			},
-		},
-	}
-}
--- a/test/e2e/settings/pod_security_policy_volumes.go
+++ b/test/e2e/settings/pod_security_policy_volumes.go
@ -1,127 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package settings
-
-import (
-	"context"
-	"net/http"
-	"strconv"
-	"strings"
-
-	"github.com/onsi/ginkgo/v2"
-	"github.com/stretchr/testify/assert"
-
-	appsv1 "k8s.io/api/apps/v1"
-	corev1 "k8s.io/api/core/v1"
-	rbacv1 "k8s.io/api/rbac/v1"
-	k8sErrors "k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-	"k8s.io/ingress-nginx/test/e2e/framework"
-)
-
-var _ = framework.IngressNginxDescribe("[Security] Pod Security Policies with volumes", func() {
-	f := framework.NewDefaultFramework("pod-security-policies-volumes")
-
-	ginkgo.It("should be running with a Pod Security Policy", func() {
-		k8sversion, err := f.KubeClientSet.Discovery().ServerVersion()
-		if err != nil {
-			assert.Nil(ginkgo.GinkgoT(), err, "getting version")
-		}
-
-		numversion, err := strconv.Atoi(k8sversion.Minor)
-		if err != nil {
-			assert.Nil(ginkgo.GinkgoT(), err, "converting version")
-		}
-
-		if numversion > 24 {
-			ginkgo.Skip("PSP not supported in this version")
-		}
-		psp := createPodSecurityPolicy()
-		_, err = f.KubeClientSet.PolicyV1beta1().PodSecurityPolicies().Create(context.TODO(), psp, metav1.CreateOptions{})
-		if !k8sErrors.IsAlreadyExists(err) {
-			assert.Nil(ginkgo.GinkgoT(), err, "creating Pod Security Policy")
-		}
-
-		role, err := f.KubeClientSet.RbacV1().Roles(f.Namespace).Get(context.TODO(), "nginx-ingress", metav1.GetOptions{})
-		assert.Nil(ginkgo.GinkgoT(), err, "getting ingress controller cluster role")
-		assert.NotNil(ginkgo.GinkgoT(), role)
-
-		role.Rules = append(role.Rules, rbacv1.PolicyRule{
-			APIGroups:     []string{"policy"},
-			Resources:     []string{"podsecuritypolicies"},
-			ResourceNames: []string{ingressControllerPSP},
-			Verbs:         []string{"use"},
-		})
-
-		_, err = f.KubeClientSet.RbacV1().Roles(f.Namespace).Update(context.TODO(), role, metav1.UpdateOptions{})
-		assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller cluster role to use a pod security policy")
-
-		err = f.UpdateIngressControllerDeployment(func(deployment *appsv1.Deployment) error {
-			args := deployment.Spec.Template.Spec.Containers[0].Args
-			args = append(args, "--v=2")
-			deployment.Spec.Template.Spec.Containers[0].Args = args
-
-			deployment.Spec.Template.Spec.Volumes = []corev1.Volume{
-				{
-					Name: "ssl", VolumeSource: corev1.VolumeSource{
-						EmptyDir: &corev1.EmptyDirVolumeSource{},
-					},
-				},
-				{
-					Name: "tmp", VolumeSource: corev1.VolumeSource{
-						EmptyDir: &corev1.EmptyDirVolumeSource{},
-					},
-				},
-			}
-
-			fsGroup := int64(33)
-			deployment.Spec.Template.Spec.SecurityContext = &corev1.PodSecurityContext{
-				FSGroup: &fsGroup,
-			}
-
-			deployment.Spec.Template.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{
-				{
-					Name: "ssl", MountPath: "/etc/my-amazing-ssl",
-				},
-				{
-					Name: "tmp", MountPath: "/my-other-tmp",
-				},
-			}
-
-			_, err := f.KubeClientSet.AppsV1().Deployments(f.Namespace).Update(context.TODO(), deployment, metav1.UpdateOptions{})
-
-			return err
-		})
-		assert.Nil(ginkgo.GinkgoT(), err, "updating ingress controller deployment")
-
-		f.WaitForNginxListening(80)
-
-		f.NewEchoDeployment()
-
-		f.WaitForNginxConfiguration(
-			func(cfg string) bool {
-				return strings.Contains(cfg, "server_tokens off")
-			})
-
-		f.HTTPTestClient().
-			GET("/").
-			WithHeader("Host", "foo.bar.com").
-			Expect().
-			Status(http.StatusNotFound)
-	})
-})