diff --git a/go.mod b/go.mod index ee12e4a4..46de1975 100644 --- a/go.mod +++ b/go.mod @@ -46,10 +46,10 @@ require ( k8s.io/apimachinery v0.26.1 k8s.io/client-go v1.5.2 knative.dev/client-pkg v0.0.0-20230501131754-e5c405e16e90 - knative.dev/eventing v0.37.1-0.20230502055954-cd50d2786189 + knative.dev/eventing v0.37.1-0.20230508163901-24fbfe500ce6 knative.dev/hack v0.0.0-20230501013555-7d81248b4638 - knative.dev/pkg v0.0.0-20230501013355-904966742b58 - knative.dev/serving v0.37.1-0.20230502120354-5e056a02c3e3 + knative.dev/pkg v0.0.0-20230502134655-db8a35330281 + knative.dev/serving v0.37.1-0.20230508184426-219285e2e258 ) require ( @@ -237,7 +237,7 @@ require ( k8s.io/klog/v2 v2.90.0 // indirect k8s.io/kube-openapi v0.0.0-20230123231816-1cb3ae25d79a // indirect k8s.io/utils v0.0.0-20230115233650-391b47cb4029 // indirect - knative.dev/networking v0.0.0-20230428120551-68725bdd1056 // indirect + knative.dev/networking v0.0.0-20230504184058-77975a12b2ee // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kustomize/api v0.12.1 // indirect sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect diff --git a/go.sum b/go.sum index d949dd84..3ed91eed 100644 --- a/go.sum +++ b/go.sum @@ -2529,16 +2529,16 @@ k8s.io/utils v0.0.0-20230115233650-391b47cb4029 h1:L8zDtT4jrxj+TaQYD0k8KNlr556Wa k8s.io/utils v0.0.0-20230115233650-391b47cb4029/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= knative.dev/client-pkg v0.0.0-20230501131754-e5c405e16e90 h1:1QBZWaLkXsKD2RR0WlEHNt26v7NJt0qLXBJk0/EPlKg= knative.dev/client-pkg v0.0.0-20230501131754-e5c405e16e90/go.mod h1:oYnznlTBCj/bVEHo5vUSM/VS3oDFNJKDmH5+k1aC9/8= -knative.dev/eventing v0.37.1-0.20230502055954-cd50d2786189 h1:Nr8uXYt/248ePURdrr36gL5dQCFDChsUU3S5QL7TkbM= -knative.dev/eventing v0.37.1-0.20230502055954-cd50d2786189/go.mod h1:jkRCS2JQWe9hzRRuzx5GnWZ43xowbWHPntoCNsnmsV0= +knative.dev/eventing v0.37.1-0.20230508163901-24fbfe500ce6 h1:9Fk+qYI8hcQ1iQriGGXnispS7j7V/dA4yo9pTkrh8ro= +knative.dev/eventing v0.37.1-0.20230508163901-24fbfe500ce6/go.mod h1:NP5X/LwAkZdoJKI4QWFzIYJxcZVRhVqd25Om9cCV4/Y= knative.dev/hack v0.0.0-20230501013555-7d81248b4638 h1:9IuXHdwp5jNmIg+0LVTQr8o4u0FYD99uCfynM9tS0XY= knative.dev/hack v0.0.0-20230501013555-7d81248b4638/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q= -knative.dev/networking v0.0.0-20230428120551-68725bdd1056 h1:zLfvZYdTmyaXD0q+nP3mAzxFdJPy/3+/Gry+PC0nsto= -knative.dev/networking v0.0.0-20230428120551-68725bdd1056/go.mod h1:RCR6mSg74zrog/ZYLI7/ZPJOWGQsADOZXqDOeXeOCQw= -knative.dev/pkg v0.0.0-20230501013355-904966742b58 h1:A8F5gaIpL34Zh746M2q7HEI2+wLulYMMNrFuetRwymM= -knative.dev/pkg v0.0.0-20230501013355-904966742b58/go.mod h1:2qWPP9Gjh9Q7ETti+WRHnBnGCSCq+6q7m3p/nmUQviE= -knative.dev/serving v0.37.1-0.20230502120354-5e056a02c3e3 h1:V2MaraMfol2QDA5bWtRF/hnP+bdtIsox4AmJrza3D+g= -knative.dev/serving v0.37.1-0.20230502120354-5e056a02c3e3/go.mod h1:NkU1AjyCOjWMPFQHLttabjE4FXndH8u5a+rBca+bJw8= +knative.dev/networking v0.0.0-20230504184058-77975a12b2ee h1:d2dytSnwikNVtttk/lTjn7t6A9447DkUXADHR+zLOdU= +knative.dev/networking v0.0.0-20230504184058-77975a12b2ee/go.mod h1:OG9AEepHd3dofzrkzb0IelqN5uzu10RjbSdhl5UruSE= +knative.dev/pkg v0.0.0-20230502134655-db8a35330281 h1:9mN8O5XO68DKlkzEhFAShUx+O/I+TQR71vmTvYt8oF4= +knative.dev/pkg v0.0.0-20230502134655-db8a35330281/go.mod h1:2qWPP9Gjh9Q7ETti+WRHnBnGCSCq+6q7m3p/nmUQviE= +knative.dev/serving v0.37.1-0.20230508184426-219285e2e258 h1:lT0bOZsyip5ACQ8AG1TyHg4V2yncDQCoy8MC6SbdMVE= +knative.dev/serving v0.37.1-0.20230508184426-219285e2e258/go.mod h1:LaiMt6wVwLU2i81MJSUh3LCHCBjCYuT9EY2ssY1oFlw= modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= diff --git a/vendor/knative.dev/eventing/pkg/apis/eventing/v1/broker_lifecycle.go b/vendor/knative.dev/eventing/pkg/apis/eventing/v1/broker_lifecycle.go index 58ef725f..e85f12ed 100644 --- a/vendor/knative.dev/eventing/pkg/apis/eventing/v1/broker_lifecycle.go +++ b/vendor/knative.dev/eventing/pkg/apis/eventing/v1/broker_lifecycle.go @@ -81,6 +81,7 @@ func (bs *BrokerStatus) SetAddress(url *apis.URL) { if url != nil { bs.GetConditionSet().Manage(bs).MarkTrue(BrokerConditionAddressable) + bs.AddressStatus.Address.Name = &url.Scheme } else { bs.GetConditionSet().Manage(bs).MarkFalse(BrokerConditionAddressable, "nil URL", "URL is nil") } diff --git a/vendor/knative.dev/eventing/pkg/apis/eventing/v1beta1/eventtype_conversion.go b/vendor/knative.dev/eventing/pkg/apis/eventing/v1beta1/eventtype_conversion.go index 011a013e..663c8233 100644 --- a/vendor/knative.dev/eventing/pkg/apis/eventing/v1beta1/eventtype_conversion.go +++ b/vendor/knative.dev/eventing/pkg/apis/eventing/v1beta1/eventtype_conversion.go @@ -18,17 +18,55 @@ package v1beta1 import ( "context" - "fmt" + + "knative.dev/eventing/pkg/apis/eventing/v1beta2" "knative.dev/pkg/apis" ) // ConvertTo implements apis.Convertible -func (source *EventType) ConvertTo(ctx context.Context, to apis.Convertible) error { - return fmt.Errorf("v1beta1 is the highest known version, got: %T", to) +func (source *EventType) ConvertTo(ctx context.Context, obj apis.Convertible) error { + switch sink := obj.(type) { + case *v1beta2.EventType: + sink.ObjectMeta = source.ObjectMeta + sink.Status = v1beta2.EventTypeStatus{ + Status: source.Status.Status, + } + sink.Spec = v1beta2.EventTypeSpec{ + Type: source.Spec.Type, + Source: source.Spec.Source, + Schema: source.Spec.Schema, + SchemaData: source.Spec.SchemaData, + Broker: source.Spec.Broker, + Description: source.Spec.Description, + } + + return nil + default: + return apis.ConvertToViaProxy(ctx, source, &v1beta2.EventType{}, sink) + } } // ConvertFrom implements apis.Convertible -func (sink *EventType) ConvertFrom(ctx context.Context, from apis.Convertible) error { - return fmt.Errorf("v1beta1 is the highest known version, got: %T", from) +func (sink *EventType) ConvertFrom(ctx context.Context, obj apis.Convertible) error { + switch source := obj.(type) { + case *v1beta2.EventType: + sink.ObjectMeta = source.ObjectMeta + sink.Status = EventTypeStatus{ + Status: source.Status.Status, + } + + sink.Spec = EventTypeSpec{ + Type: source.Spec.Type, + Source: source.Spec.Source, + Schema: source.Spec.Schema, + SchemaData: source.Spec.SchemaData, + Broker: source.Spec.Broker, + Description: source.Spec.Description, + } + + return nil + default: + return apis.ConvertFromViaProxy(ctx, source, &v1beta2.EventType{}, sink) + } } diff --git a/vendor/knative.dev/eventing/pkg/apis/feature/features.go b/vendor/knative.dev/eventing/pkg/apis/feature/features.go index 9f694609..6420ecc1 100644 --- a/vendor/knative.dev/eventing/pkg/apis/feature/features.go +++ b/vendor/knative.dev/eventing/pkg/apis/feature/features.go @@ -71,6 +71,11 @@ func (e Flags) IsStrictTransportEncryption() bool { return e != nil && e[TransportEncryption] == Strict } +// IsDisbledTransportEncryption returns true if the TransportEncryption feature is in Disabled mode. +func (e Flags) IsDisbledTransportEncryption() bool { + return e != nil && e[TransportEncryption] == Disabled +} + // NewFlagsConfigFromMap creates a Flags from the supplied Map func NewFlagsConfigFromMap(data map[string]string) (Flags, error) { flags := Flags{} diff --git a/vendor/knative.dev/eventing/pkg/apis/messaging/v1/in_memory_channel_lifecycle.go b/vendor/knative.dev/eventing/pkg/apis/messaging/v1/in_memory_channel_lifecycle.go index eeb65284..1594a8a3 100644 --- a/vendor/knative.dev/eventing/pkg/apis/messaging/v1/in_memory_channel_lifecycle.go +++ b/vendor/knative.dev/eventing/pkg/apis/messaging/v1/in_memory_channel_lifecycle.go @@ -20,6 +20,7 @@ import ( appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/utils/pointer" "knative.dev/pkg/apis" v1 "knative.dev/pkg/apis/duck/v1" ) @@ -99,6 +100,7 @@ func (imcs *InMemoryChannelStatus) InitializeConditions() { func (imcs *InMemoryChannelStatus) SetAddress(url *apis.URL) { imcs.Address = &v1.Addressable{URL: url} if url != nil { + imcs.Address.Name = pointer.String(url.Scheme) imcCondSet.Manage(imcs).MarkTrue(InMemoryChannelConditionAddressable) } else { imcCondSet.Manage(imcs).MarkFalse(InMemoryChannelConditionAddressable, "emptyHostname", "hostname is the empty string") diff --git a/vendor/knative.dev/networking/pkg/config/config.go b/vendor/knative.dev/networking/pkg/config/config.go index a05e4314..8483707d 100644 --- a/vendor/knative.dev/networking/pkg/config/config.go +++ b/vendor/knative.dev/networking/pkg/config/config.go @@ -68,7 +68,18 @@ const ( // ServingInternalCertName is the name of secret contains certificates in serving // system namespace. + // + // Deprecated: ServingInternalCertName is deprecated. + // (use ServingControlCertName or ServingRoutingCertName instead) ServingInternalCertName = "knative-serving-certs" + + // ServingRoutingCertName is the name of secret contains certificates for Routing data in serving + // system namespace. (Used by Ingress GWs and Activator) + ServingRoutingCertName = "routing-serving-certs" + + // ServingControlCertName is the name of secret contains certificates for Control data in serving + // system namespace. (Used by Autoscaler and Ingress control for example) + ServingControlCertName = "control-serving-certs" ) // Config Keys @@ -122,9 +133,39 @@ const ( // hostname for a Route's tag. TagTemplateKey = "tag-template" + // InternalEncryptionKey is deprecated and replaced by InternalDataplaneTrustKey and internal-controlplane-trust // InternalEncryptionKey is the name of the configuration whether // internal traffic is encrypted or not. InternalEncryptionKey = "internal-encryption" + + // DataplaneTrustKey is the name of the configuration entry + // defining the level of trust used for data plane traffic. + DataplaneTrustKey = "dataplane-trust" + + // ControlplaneTrustKey is the name of the configuration entry + // defining the level of trust used for control plane traffic. + ControlplaneTrustKey = "controlplane-trust" +) + +// HTTPProtocol indicates a type of HTTP endpoint behavior +// that Knative ingress could take. +type Trust string + +const ( + // TrustDisabled - TLS not used + TrustDisabled Trust = "disabled" + + // TrustMinimal - TLS used. We verify that the server is using Knative certificates + TrustMinimal Trust = "minimal" + + // TrustEnabled - TLS used. We verify that the server is using Knative certificates of the right namespace + TrustEnabled Trust = "enabled" + + // TrustMutual - same as TrustEnabled and we also verify the identity of the client. + TrustMutual Trust = "mutual" + + // TrustIdentity - same as TrustMutual and we also add a trusted sender identity to the message. + TrustIdentity Trust = "identity" ) // HTTPProtocol indicates a type of HTTP endpoint behavior @@ -251,8 +292,15 @@ type Config struct { // not enabled. Defaults to "http". DefaultExternalScheme string - // DefaultExternal specifies whether internal traffic is encrypted or not. + // Deprecated - replaced with InternalDataplaneTrust and InternalControlplaneTrust + // InternalEncryption specifies whether internal traffic is encrypted or not. InternalEncryption bool + + // DataplaneTrust specifies the level of trust used for date plane. + DataplaneTrust Trust + + // ControlplaneTrust specifies the level of trust used for control plane. + ControlplaneTrust Trust } func defaultConfig() *Config { @@ -268,6 +316,8 @@ func defaultConfig() *Config { DefaultExternalScheme: "http", MeshCompatibilityMode: MeshCompatibilityModeAuto, InternalEncryption: false, + DataplaneTrust: TrustDisabled, + ControlplaneTrust: TrustDisabled, } } @@ -351,6 +401,34 @@ func NewConfigFromMap(data map[string]string) (*Config, error) { return nil, fmt.Errorf("httpProtocol %s in config-network ConfigMap is not supported", data[HTTPProtocolKey]) } + switch strings.ToLower(data[DataplaneTrustKey]) { + case "", string(TrustDisabled): + // If DataplaneTrus is not set in the config-network, default is already + // set to TrustDisabled. + case string(TrustMinimal): + nc.DataplaneTrust = TrustMinimal + case string(TrustEnabled): + nc.DataplaneTrust = TrustEnabled + case string(TrustMutual): + nc.DataplaneTrust = TrustMutual + case string(TrustIdentity): + nc.DataplaneTrust = TrustIdentity + default: + return nil, fmt.Errorf("DataplaneTrust %q in config-network ConfigMap is not supported", data[DataplaneTrustKey]) + } + + switch strings.ToLower(data[ControlplaneTrustKey]) { + case "", string(TrustDisabled): + // If ControlplaneTrust is not set in the config-network, default is already + // set to TrustDisabled. + case string(TrustEnabled): + nc.ControlplaneTrust = TrustEnabled + case string(TrustMutual): + nc.ControlplaneTrust = TrustMutual + default: + return nil, fmt.Errorf("ControlplaneTrust %q in config-network ConfigMap is not supported", data[ControlplaneTrustKey]) + } + return nc, nil } diff --git a/vendor/knative.dev/pkg/apis/duck/v1/source_types.go b/vendor/knative.dev/pkg/apis/duck/v1/source_types.go index bed832f3..1f674034 100644 --- a/vendor/knative.dev/pkg/apis/duck/v1/source_types.go +++ b/vendor/knative.dev/pkg/apis/duck/v1/source_types.go @@ -84,6 +84,11 @@ type SourceStatus struct { // as part of its CloudEvents. // +optional CloudEventAttributes []CloudEventAttributes `json:"ceAttributes,omitempty"` + + // SinkCACerts are Certification Authority (CA) certificates in PEM format + // according to https://www.rfc-editor.org/rfc/rfc7468. + // +optional + SinkCACerts *string `json:"sinkCACerts,omitempty"` } // CloudEventAttributes specifies the attributes that a Source diff --git a/vendor/knative.dev/pkg/apis/duck/v1/zz_generated.deepcopy.go b/vendor/knative.dev/pkg/apis/duck/v1/zz_generated.deepcopy.go index 83cccfd3..744a38bb 100644 --- a/vendor/knative.dev/pkg/apis/duck/v1/zz_generated.deepcopy.go +++ b/vendor/knative.dev/pkg/apis/duck/v1/zz_generated.deepcopy.go @@ -630,6 +630,11 @@ func (in *SourceStatus) DeepCopyInto(out *SourceStatus) { *out = make([]CloudEventAttributes, len(*in)) copy(*out, *in) } + if in.SinkCACerts != nil { + in, out := &in.SinkCACerts, &out.SinkCACerts + *out = new(string) + **out = **in + } return } diff --git a/vendor/modules.txt b/vendor/modules.txt index 051bb418..e7a4d321 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1685,7 +1685,7 @@ knative.dev/client-pkg/pkg/serving/v1 knative.dev/client-pkg/pkg/util knative.dev/client-pkg/pkg/util/test knative.dev/client-pkg/pkg/wait -# knative.dev/eventing v0.37.1-0.20230502055954-cd50d2786189 +# knative.dev/eventing v0.37.1-0.20230508163901-24fbfe500ce6 ## explicit; go 1.19 knative.dev/eventing/pkg/apis/config knative.dev/eventing/pkg/apis/duck @@ -1709,7 +1709,7 @@ knative.dev/eventing/pkg/client/clientset/versioned/typed/eventing/v1 # knative.dev/hack v0.0.0-20230501013555-7d81248b4638 ## explicit; go 1.18 knative.dev/hack -# knative.dev/networking v0.0.0-20230428120551-68725bdd1056 +# knative.dev/networking v0.0.0-20230504184058-77975a12b2ee ## explicit; go 1.18 knative.dev/networking/pkg knative.dev/networking/pkg/apis/networking @@ -1721,7 +1721,7 @@ knative.dev/networking/pkg/http/probe knative.dev/networking/pkg/http/proxy knative.dev/networking/pkg/http/stats knative.dev/networking/pkg/k8s -# knative.dev/pkg v0.0.0-20230501013355-904966742b58 +# knative.dev/pkg v0.0.0-20230502134655-db8a35330281 ## explicit; go 1.18 knative.dev/pkg/apis knative.dev/pkg/apis/duck @@ -1764,7 +1764,7 @@ knative.dev/pkg/tracing/propagation knative.dev/pkg/tracing/propagation/tracecontextb3 knative.dev/pkg/tracker knative.dev/pkg/webhook/resourcesemantics -# knative.dev/serving v0.37.1-0.20230502120354-5e056a02c3e3 +# knative.dev/serving v0.37.1-0.20230508184426-219285e2e258 ## explicit; go 1.18 knative.dev/serving/pkg/apis/autoscaling knative.dev/serving/pkg/apis/autoscaling/v1alpha1