Skip to content
This repository has been archived by the owner on Sep 2, 2024. It is now read-only.

Commit

Permalink
upgrade to latest dependencies (#1470)
Browse files Browse the repository at this point in the history 
bumping knative.dev/eventing d258e7d...469d0ac:
  > 469d0ac [main] Upgrade to latest dependencies (# 7654)
  > 9d892bf Remove empty labels (# 7648)
bumping knative.dev/reconciler-test feb27a7...3bf004c:
  > 3bf004c make MatchPeerCertificatesFromSecret work with certificate chains (# 664)

Signed-off-by: Knative Automation <[email protected]>
  • Loading branch information
@knative-automation
knative-automation authored Feb 5, 2024
1 parent bb903df commit 1c07e26
Show file tree
Hide file tree
Showing 4 changed files with 42 additions and 13 deletions.
4 changes: 2 additions & 2 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,10 @@ require (
k8s.io/apimachinery v0.28.5
k8s.io/client-go v0.28.5
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
knative.dev/eventing v0.40.1-0.20240201205049-d258e7dd535c
knative.dev/eventing v0.40.1-0.20240202144010-469d0ac85e86
knative.dev/hack v0.0.0-20240201013652-f3881d90c189
knative.dev/pkg v0.0.0-20240201013110-e85c3cf6d5f1
knative.dev/reconciler-test v0.0.0-20240201013705-feb27a771d67
knative.dev/reconciler-test v0.0.0-20240202062219-3bf004cddd5c
sigs.k8s.io/yaml v1.4.0
)

Expand Down
8 changes: 4 additions & 4 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -970,14 +970,14 @@ k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5Ohx
k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk=
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
knative.dev/eventing v0.40.1-0.20240201205049-d258e7dd535c h1:/HxlmvJpSqwyZRk2xjType+BI3C/1rB7Mpbi7AKRn3I=
knative.dev/eventing v0.40.1-0.20240201205049-d258e7dd535c/go.mod h1:B3/ep06tqwcAfcH7R5eGKi7bgZTfqb59MPoqfV8Jirg=
knative.dev/eventing v0.40.1-0.20240202144010-469d0ac85e86 h1:a+k1iy7L+AQPY0jbWWM+7N6h5DXvvNw3L0f9cN60WKo=
knative.dev/eventing v0.40.1-0.20240202144010-469d0ac85e86/go.mod h1:gji5GMsP3ahX6Ul5y/rqp6X2oNTurLwdekzl6Tt16zo=
knative.dev/hack v0.0.0-20240201013652-f3881d90c189 h1:a8htyuf5+S0NGxxdKXeQ49XOD9dEC1LHoofRQPgFKrU=
knative.dev/hack v0.0.0-20240201013652-f3881d90c189/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
knative.dev/pkg v0.0.0-20240201013110-e85c3cf6d5f1 h1:xGmWQyA+hwyFT1BN5RWi8wx0DxwZQZni8SPN/FZ02kI=
knative.dev/pkg v0.0.0-20240201013110-e85c3cf6d5f1/go.mod h1:cGCJe6wkr0vQMAXTaUHi0XA/12JbxSTK15TnyBmn7ms=
knative.dev/reconciler-test v0.0.0-20240201013705-feb27a771d67 h1:cgAtVlJJaWRBM5MzuN7ig++Z61FO5j2EoAqRBITSLRw=
knative.dev/reconciler-test v0.0.0-20240201013705-feb27a771d67/go.mod h1:GYf5f0+DBK7736Y9VydjMkmkCqbWKIlRWN+SQ5tJ7A0=
knative.dev/reconciler-test v0.0.0-20240202062219-3bf004cddd5c h1:UYcWk9LGRjxvlx0AFKPTm8YWqxNstFxF++zyIZK6TnE=
knative.dev/reconciler-test v0.0.0-20240202062219-3bf004cddd5c/go.mod h1:GYf5f0+DBK7736Y9VydjMkmkCqbWKIlRWN+SQ5tJ7A0=
pgregory.net/rapid v0.3.3/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU=
pgregory.net/rapid v1.1.0 h1:CMa0sjHSru3puNx+J0MIAuiiEV4N0qj8/cMWGBBCsjw=
pgregory.net/rapid v1.1.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=
Expand Down
39 changes: 34 additions & 5 deletions vendor/knative.dev/reconciler-test/pkg/eventshub/assert/step.go
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
package assert

import (
"bytes"
"context"
"encoding/json"
"encoding/pem"
"fmt"

cetest "github.com/cloudevents/sdk-go/v2/test"
Expand Down Expand Up @@ -144,13 +146,40 @@ func MatchPeerCertificatesFromSecret(namespace, name string, key string) eventsh
return fmt.Errorf("failed to match peer certificates, connection is not TLS")
}

for _, cert := range info.Connection.TLS.PemPeerCertificates {
if cert == string(value) {
return nil
// secret value can, in general, be a certificate chain (a sequence of PEM-encoded certificate blocks)
valueBlock, valueRest := pem.Decode(value)
if valueBlock == nil {
// error if there's not even a single certificate in the value
return fmt.Errorf("failed to decode secret certificate:\n%s", string(value))
}
// for each certificate in the chain, check if it's present in info.Connection.TLS.PemPeerCertificates
for valueBlock != nil {
found := false
for _, cert := range info.Connection.TLS.PemPeerCertificates {
certBlock, _ := pem.Decode([]byte(cert))
if certBlock == nil {
return fmt.Errorf("failed to decode peer certificate:\n%s", cert)
}

if certBlock.Type == valueBlock.Type && string(certBlock.Bytes) == string(valueBlock.Bytes) {
found = true
break
}
}

if !found {
pemBytes, _ := json.MarshalIndent(info.Connection.TLS.PemPeerCertificates, "", " ")
return fmt.Errorf("failed to find peer certificate with value\n%s\nin:\n%s", string(value), string(pemBytes))
}

valueBlock, valueRest = pem.Decode(valueRest)
}

// any non-whitespace suffix not parsed as a PEM is suspicious, so we treat it as an error:
if "" != string(bytes.TrimSpace(valueRest)) {
return fmt.Errorf("failed to decode secret certificate starting with\n%s\nin:\n%s", string(valueRest), string(value))
}

bytes, _ := json.MarshalIndent(info.Connection.TLS.PemPeerCertificates, "", " ")
return fmt.Errorf("failed to find peer certificate with value\n%s\nin:\n%s", string(value), string(bytes))
return nil
}
}
4 changes: 2 additions & 2 deletions vendor/modules.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1304,7 +1304,7 @@ k8s.io/utils/net
k8s.io/utils/pointer
k8s.io/utils/strings/slices
k8s.io/utils/trace
# knative.dev/eventing v0.40.1-0.20240201205049-d258e7dd535c
# knative.dev/eventing v0.40.1-0.20240202144010-469d0ac85e86
## explicit; go 1.21
knative.dev/eventing/cmd/heartbeats
knative.dev/eventing/pkg/adapter/v2
Expand Down Expand Up @@ -1520,7 +1520,7 @@ knative.dev/pkg/webhook/resourcesemantics
knative.dev/pkg/webhook/resourcesemantics/conversion
knative.dev/pkg/webhook/resourcesemantics/defaulting
knative.dev/pkg/webhook/resourcesemantics/validation
# knative.dev/reconciler-test v0.0.0-20240201013705-feb27a771d67
# knative.dev/reconciler-test v0.0.0-20240202062219-3bf004cddd5c
## explicit; go 1.21
knative.dev/reconciler-test/cmd/eventshub
knative.dev/reconciler-test/pkg/environment
Expand Down

0 comments on commit 1c07e26

Please sign in to comment.