* Use new 1.23.6 builder
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Bump linter to 1.60.3 for go 1.23 support
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Disable linter failures over G115
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Fix lint issues related to error format formatting
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Address remaining lint failures
len is enough/sprintf not really used
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
---------
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Bump k8s/OpenShift/ctrl-runtime & make deps-update
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* operator: fix prometheus API bool->*bool change
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* certrotation: pass signer ns/name according to API change
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* certrotation: adapt by passing clock through API
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* certrotation: create empty secret with type tls
Brace yourself for a rollercoaster:
https://github.com/openshift/library-go/blob/release-4.18/pkg/operator/resource/resourceapply/core.go#L452
this path is no longer used since recent library-go.
We should be okay since the versions upgrading to this CDI
have a secret that was converted to the TLS type
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* certrotation: adapt to unit tests failing on secret create
context https://github.com/openshift/library-go/pull/1772
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Revert "handle "already exists" when certrotation creates secret"
This reverts commit 9acaa19d37.
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
---------
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
This seems to be the standard, plus, if we don't do this
we break the importing project's go.mod with our preferred specified
patch version.
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* make deps-update
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* ReourceRequirements -> VolumeResourceRequirements
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* fix calls to controller.Watch()
controller-runtime changed the API!
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* Fix errors with actual openshift/library-go lib
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* make all works now and everything compiles
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* fix "make update-codegen" because generate_groups.sh deprecated
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* run "make generate"
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* fix transfer unittest because of change to controller-runtime
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
---------
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
This is needed when building CDI on different platforms,
and it looks like this is the common practice nowadays as well.
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Update vendor dependencies
In particular update the containers/image to 5.31.0
which removes a dependency that has an incompatible
license.
Signed-off-by: Alexander Wels <awels@redhat.com>
* Update gophercloud/utils to gophercloud/utils/v2
which no longer uses hashicorp/go-uuid but instead
uses gofrs/uuid/v5.
Signed-off-by: Alexander Wels <awels@redhat.com>
---------
Signed-off-by: Alexander Wels <awels@redhat.com>
* Apply operator-observability rules linter
Apply operator-observability rules linter to ensure alerts and recording
rules definitions are following the monitoring best practices.
Signed-off-by: assafad <aadmi@redhat.com>
* Apply monitoringlinter
monitoringlinter ensures that monitoring-related practices are
implemented within the pkg/monitoring directory using
operator-observability.
Signed-off-by: assafad <aadmi@redhat.com>
---------
Signed-off-by: assafad <aadmi@redhat.com>
* Use new builder with 1.22.3
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Update rules_go to v0.46.0
More info at https://github.com/bazelbuild/rules_go/pull/3756
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Bump go to version 1.22 in go.mod & make deps-update
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* make generate
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Run prom metric linter entirely in builder
We we're executing the go build command directly on the host instead
of in the container
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Bump golangci version due to panic
Bumping to avoid a panic with 1.22.3
```
ERRO [runner] Panic: SA1027: package "main" (isInitialPkg: true, needAnalyzeSource: true): runtime error: invalid memory address or nil pointer dereference: goroutine 20883 [running]:
runtime/debug.Stack()
/gimme/.gimme/versions/go1.22.3.linux.amd64/src/runtime/debug/stack.go:24 +0x5e
```
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
---------
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Remove replace of github.com/aws/aws-sdk-go => github.com/aws/aws-sdk-go v1.15.77
We want to have the update version of aws-sdk-go to gix this issues:
cve-2020-8911, cve-2022-2582, GHSA-76wf-9vgp-pj7w, cve-2020-8912
Signed-off-by: Shelly Kagan <skagan@redhat.com>
* Bump github.com/docker/docker v23.0.2+incompatible -> v25.0.5+incompatible
This should fix severl CVEs:
GHSA-jq35-85cj-fj4p, GHSA-mq39-4gv4-mvpx, CVE-2024-24557, CVE-2023-28842
CVE-2023-28841, CVE-2023-28840
Signed-off-by: Shelly Kagan <skagan@redhat.com>
* Bump github.com/opencontainers/runc v1.1.5 -> v1.1.12
This should fix the following CVE:
CVE-2024-21626
Signed-off-by: Shelly Kagan <skagan@redhat.com>
---------
Signed-off-by: Shelly Kagan <skagan@redhat.com>
square/go-jose has been archived by the owner since Feb 27, 2023
there is an active community fork - https://github.com/go-jose/go-jose/
with new bug fixes.
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Bump k8s/OpenShift/ctrl-runtime/lifecycle-sdk & make deps-update
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Operator: adapt for dependency bump
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Controller: adapt watch calls for dependency bump
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Controller: adapt to ctrl-runtime's cache API changes
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Operator: fix unit tests by deleting resources properly in fake client
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Controller: fix unit tests by deleting resources properly in fake client
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Controller: adapt to fake client honoring status subresource
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Fix codegen script & make generate
There are some issues in the new script, so we
will still use the deprecated one.
More context in f4d1a5431b
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Functests: Adapt to NamespacedName now implementing MarshalLog
ns/name -> {"name":"name","namespace":"ns"}
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Functests & API server: address deprecation of wait.PollImmediate
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
---------
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* forklift: add forklift populators to cdi-importer
Add forklift populators, ovirt-populator and openstack-populator to the
cdi-importer image, this includes:
- Add RPM dependencies to cdi-importer for ovirt-populator
(ovirt-imageio-client, ovirt-engine-sdk)
- Executables for the populators under cmd/openstack-populator and
cmd/ovirt-populator, and use them in cdi-importer-image
- OpenStack go SDK library - gophercloud - added for the OpenStack
populator
Signed-off-by: Benny Zlotnik <bzlotnik@redhat.com>
* Add exceptions to language.sh
oVirt still uses master for branch name so artifacts URLs will include
this term. This patch adds exceptions for files referencing these
artifacts.
Signed-off-by: Benny Zlotnik <bzlotnik@redhat.com>
* forklift: add aarch64 dependencies
Signed-off-by: Benny Zlotnik <bzlotnik@redhat.com>
---------
Signed-off-by: Benny Zlotnik <bzlotnik@redhat.com>
* Change func test invocation to execute tests in parallel
Local testing still runs serially, CI does parallel
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Change work dir of test suite
ginkgo cli will run our suite with the workdir set to the test binary dir
(instead of pwd of the script that calls ginkgo cli)
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Adjust artifacts dir according to ginkgo node
Parallel ginkgo nodes will not overwrite each other's artifacts
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Only execute namespace deletion loop after all parallel processes are done
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Don't overwrite feature gates in explain/apiserver suite
These were dropping the WFFC feature gate and thus colliding with other tests
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Update libpopulators to overcome nil ptr
This nil ptr can cause havoc when run in parallel:
https://github.com/kubernetes-csi/lib-volume-populator/pull/82
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Mark serial clone tests while allowing some others to be parallel
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Mark cdi config test suite as serial
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Mark apiserver tests serial
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Mark cert rotation tests serial
Port forward may need adjust to run parallel
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Mark destructive tests Serial
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Mark dataimportcron tests serial
Needs refactoring to be parallel, mutates default storage class
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Mark CSI / Smart clone suites as serial
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Mark datavolume_test suite as serial
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Mark local volume tests serial
These create a PV with a fixed name,
needs refactoring to random name to be parallel
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Mark rbac tests serial
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Mark upgrade test serial
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Mark importer suite serial except populator tests
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Mark ObjectTransfer tests serial
Seems these hardcode the name of the ot object,
so that needs refactoring to be parallel
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Mark some upload tests serial
Mark most upload tests serial, keep populator/regular flows parallel
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Mark some transport tests serial
Some of them update CDI config's insecure registries
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Mark explain tests serial
Sometimes the kubectl cmd fails when run in parallel
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
---------
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Bump controller runtime to avoid mistakenly defaulting to wrong mapper
Today, controller runtime mistakenly ignores the inherited Manager default
dynamic mapper and uses a discovery mapper instead:
https://github.com/kubernetes-sigs/controller-runtime/pull/2491
This means that if some CRD was not available on the cdi-controller startup,
Even if it got installed after, we would still get IsNoMatch when trying to access it.
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Bump k8s deps to 1.26.10
Aligned with https://github.com/kubernetes-sigs/controller-runtime/pull/2559
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
---------
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Update golang to 1.20.7
Use the cdi builder which is configured with golang 1.20.7
Updated some libraries to the latest version, specifically
excluding k8s and runtime-controller due to issues that need
to be resolved outside of this commit.
Signed-off-by: Alexander Wels <awels@redhat.com>
* Fix linter issue
Fix generate verify issue
Signed-off-by: Alexander Wels <awels@redhat.com>
* Ran make deps-update
Signed-off-by: Alexander Wels <awels@redhat.com>
* Fix cdi verify go mod
Signed-off-by: Alexander Wels <awels@redhat.com>
---------
Signed-off-by: Alexander Wels <awels@redhat.com>
* bump k8s.io/client-go dep for discovery client fixes
k8s.io/client-go [v0.26.0, v0.26.3) was impacted by a regression in discovery client behavior
https://github.com/kubernetes/kubernetes/issues/118361#issuecomment-1579198407 for details
We are probably not hitting this due to not testing 1.27 upstream yet,
or don't have the custom metric endpoints that send these nils in the response.
(Reproduces on OpenShift ECs for example)
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* make generate
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
---------
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
5e4cb68044 removed the need for ginkgo but
did not actually remove it from go.mod. Running make deps-update cleans
this up and fixes make deps-verify in CI.
Signed-off-by: Lee Yarwood <lyarwood@redhat.com>
* Run `make deps-update`
Signed-off-by: Maya Rashish <mrashish@redhat.com>
* Update to ginkgo v2
Avoid using table extension to avoid compilation errors
Switch to v2 everywhere
Update qe-tools as well (required)
Signed-off-by: Maya Rashish <mrashish@redhat.com>
* Fix/avoid deprecation warnings
Signed-off-by: Maya Rashish <mrashish@redhat.com>
* Do not use v1 reporter
For unit tests: stop using custom reporter, unnecessary
For functional tests: borrow code from kubevirt to keep reporting
Avoid deprecated warnings by golangci for using deprecated reporter
Signed-off-by: Maya Rashish <mrashish@redhat.com>
* Increase ginkgo timeout to 24h (default in ginkgo v1)
this may seem excessive, but we have a lower timeout in Prow, let's save
ourselves the future trouble of bumping timeouts in two places.
Signed-off-by: Maya Rashish <mrashish@redhat.com>
* use the ginkgo built-in junit reporter
Signed-off-by: Maya Rashish <mrashish@redhat.com>
* Avoid using deprecated --ginkgo.noColor, use --ginkgo.no-color instead
Signed-off-by: Maya Rashish <mrashish@redhat.com>
---------
Signed-off-by: Maya Rashish <mrashish@redhat.com>
* update k8s libs to 1.26.
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* remove some checks in log messages, they're redundant, and the format has changed
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* use 1.26 lib function `CheckVolumeModeMismatches` and `CheckAccessModes`
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
---------
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* Google Cloud Storage Importer
This is a Google Cloud Storage importer for CDI
Signed-off-by: Marcelo Parisi <marcelo@feitoza.com.br>
* Fix auto-generated swagger and openapi
Signed-off-by: Marcelo Parisi <marcelo@feitoza.com.br>
* GCS Importer General Fixes
Signed-off-by: Marcelo Parisi <marcelo@feitoza.com.br>
* Moving back gcs-secret.txt
Moving file back to imageDir to fix unit testing.
Signed-off-by: Marcelo Parisi <marcelo@feitoza.com.br>
---------
Signed-off-by: Marcelo Parisi <marcelo@feitoza.com.br>
Co-authored-by: Marcelo Parisi <marcelo@dev-box.corp.feitoza.com.br>
* Make deps update
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* go 1.19 & use new builder
rules_go bump needed because of https://github.com/bazelbuild/bazel-gazelle/issues/1332#issuecomment-1279860889
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Run linter following go bump
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* make generate following builder bump
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
---------
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* function should return dataVolumeSyncResult, take *dataVolumeSyncResult as a parameter
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* checkStaticVolume implemetation for import DataVolume
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* upload support for checkStaticVolume
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* checkStaticVolume for clone datavolumes
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* checkStaticVolume for snapshot clone
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* checkStaticVolume for external populator source
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* tignten up static volume check
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* expand functional test to compare creation timestamps
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* updates from code review mostly add md5 verification to test and refacto common index creation
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* webhook changes, allow clone source DataVolumes (with special annotations)
even if source does not exist or user has no permission
BUT no token is added so this is really just for the static/prepopulate cases
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
---------
Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
* Add support for volume populators in CDI
This commit enables the use of volume populators in CDI, so datavolume-owned PVCs can be populated using custom logic.
Volume populators are CRDs used to populate volumes externally, independently of CDI. These CRDs can now be specified using the new DataSourceRef API field in the DataVolume spec.
When a DataVolume is created with a populated DataSourceRef field, the datavolume-controller creates the corresponding PVC accordingly but skips all the population-related steps. Once the PVC is bound, the DV phase changes to succeeded.
Signed-off-by: Alvaro Romero <alromero@redhat.com>
* Modify CDI test infrastructure to support testing of external populators
This commit introduces several changes to CDI ci to support the testing of DataVolumes with external populators:
* A sample volume populator is now deployed in the test infrastructure, in a similar way as bad-webserver or test-proxy. This populator will be used in functional tests from now on.
* A new test file with external population tests has been introduced in the tests directory
Signed-off-by: Alvaro Romero <alromero@redhat.com>
* Update dependencies to include lib-volume-populator library
Signed-off-by: Alvaro Romero <alromero@redhat.com>
* Add functional tests for proper coverage of external population of DataVolumes
Signed-off-by: Alvaro Romero <alromero@redhat.com>
* Minor fixes on external-population logic for DataVolumes:
* Added comments for exported structs
* Removed non-inclusive language
* Improved error messages in webhooks
* Fixed logic on datavolume-controller
Signed-off-by: Alvaro Romero <alromero@redhat.com>
* Improve DataVolume external-population logic when using the old 'DataSource' API
This commit introduces several changes into the datavolume external-population controller to improve its behavior when using the DataSource field.
It also introduces minor fixes on the generic populator logic.
Signed-off-by: Alvaro Romero <alromero@redhat.com>
* Add unit tests for external-population controller and DV admission
Signed-off-by: Alvaro Romero <alromero@redhat.com>
Signed-off-by: Alvaro Romero <alromero@redhat.com>
* make deps-update on clean repo
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Bump volumesnapshot client to v6
In case we want to utilize https://kubernetes.io/docs/concepts/storage/volume-snapshots/#convert-volume-mode
new API field sourceVolumeMode.
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Fix logging level so we respect it in controllers/operator
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Fix CSI & Smart clones with WFFC storage status reporting
Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
* Comply with restricted security context in kubernetes
Ensure CDI pods comply with the restricted security context as much as
possible (have to be root for nbdkit and block devices). Also cannot set
SeccompProfile since SCC won't allow us to set it.
Signed-off-by: Alexander Wels <awels@redhat.com>
* Changed path /var/local/all_certs to stay in /var
Signed-off-by: Alexander Wels <awels@redhat.com>
* Update go-ovirt-client libraries.
Signed-off-by: Matthew Arnold <marnold@redhat.com>
* Update go-ovirt-client vendoring.
Signed-off-by: Matthew Arnold <marnold@redhat.com>
* Verify ImageIO certificates on initial connection.
Replace insecure TLS client setup with certificate pool directory from
existing HTTP client.
Signed-off-by: Matthew Arnold <marnold@redhat.com>
* Run `make deps-update` with no changes
It seems like #2208 generated things slightly differently than make
deps-update (perhaps with a different Go version).
Running this command changes two things:
- Re-order entries in BUILD.bazel, with no changes.
- Make vendor/kubevirt.io/containerized-data-importer-api a symlink to
staging/src/kubevirt.io/containerized-data-importer-api
These changes seem harmless.
Signed-off-by: Maya Rashish <mrashish@redhat.com>
* Update golang.org/x/crypto to v0.0.0-20220331220935-ae2d96664a29
We were prompted by a false positive vulnerability, but it's always good
to stay updated when it comes to cryptography libraries.
Signed-off-by: Maya Rashish <mrashish@redhat.com>
