diff --git a/go.mod b/go.mod index 1ae406d2c0..2a9a269711 100644 --- a/go.mod +++ b/go.mod @@ -25,10 +25,10 @@ require ( k8s.io/apimachinery v0.28.5 k8s.io/client-go v0.28.5 k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 - knative.dev/eventing v0.40.1-0.20240201205049-d258e7dd535c + knative.dev/eventing v0.40.1-0.20240202144010-469d0ac85e86 knative.dev/hack v0.0.0-20240201013652-f3881d90c189 knative.dev/pkg v0.0.0-20240201013110-e85c3cf6d5f1 - knative.dev/reconciler-test v0.0.0-20240201013705-feb27a771d67 + knative.dev/reconciler-test v0.0.0-20240202062219-3bf004cddd5c sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index a4c8dd3c55..4ec72f1fc5 100644 --- a/go.sum +++ b/go.sum @@ -970,14 +970,14 @@ k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5Ohx k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -knative.dev/eventing v0.40.1-0.20240201205049-d258e7dd535c h1:/HxlmvJpSqwyZRk2xjType+BI3C/1rB7Mpbi7AKRn3I= -knative.dev/eventing v0.40.1-0.20240201205049-d258e7dd535c/go.mod h1:B3/ep06tqwcAfcH7R5eGKi7bgZTfqb59MPoqfV8Jirg= +knative.dev/eventing v0.40.1-0.20240202144010-469d0ac85e86 h1:a+k1iy7L+AQPY0jbWWM+7N6h5DXvvNw3L0f9cN60WKo= +knative.dev/eventing v0.40.1-0.20240202144010-469d0ac85e86/go.mod h1:gji5GMsP3ahX6Ul5y/rqp6X2oNTurLwdekzl6Tt16zo= knative.dev/hack v0.0.0-20240201013652-f3881d90c189 h1:a8htyuf5+S0NGxxdKXeQ49XOD9dEC1LHoofRQPgFKrU= knative.dev/hack v0.0.0-20240201013652-f3881d90c189/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q= knative.dev/pkg v0.0.0-20240201013110-e85c3cf6d5f1 h1:xGmWQyA+hwyFT1BN5RWi8wx0DxwZQZni8SPN/FZ02kI= knative.dev/pkg v0.0.0-20240201013110-e85c3cf6d5f1/go.mod h1:cGCJe6wkr0vQMAXTaUHi0XA/12JbxSTK15TnyBmn7ms= -knative.dev/reconciler-test v0.0.0-20240201013705-feb27a771d67 h1:cgAtVlJJaWRBM5MzuN7ig++Z61FO5j2EoAqRBITSLRw= -knative.dev/reconciler-test v0.0.0-20240201013705-feb27a771d67/go.mod h1:GYf5f0+DBK7736Y9VydjMkmkCqbWKIlRWN+SQ5tJ7A0= +knative.dev/reconciler-test v0.0.0-20240202062219-3bf004cddd5c h1:UYcWk9LGRjxvlx0AFKPTm8YWqxNstFxF++zyIZK6TnE= +knative.dev/reconciler-test v0.0.0-20240202062219-3bf004cddd5c/go.mod h1:GYf5f0+DBK7736Y9VydjMkmkCqbWKIlRWN+SQ5tJ7A0= pgregory.net/rapid v0.3.3/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU= pgregory.net/rapid v1.1.0 h1:CMa0sjHSru3puNx+J0MIAuiiEV4N0qj8/cMWGBBCsjw= pgregory.net/rapid v1.1.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= diff --git a/vendor/knative.dev/reconciler-test/pkg/eventshub/assert/step.go b/vendor/knative.dev/reconciler-test/pkg/eventshub/assert/step.go index 2bbff311c5..21464fc8a5 100644 --- a/vendor/knative.dev/reconciler-test/pkg/eventshub/assert/step.go +++ b/vendor/knative.dev/reconciler-test/pkg/eventshub/assert/step.go @@ -1,8 +1,10 @@ package assert import ( + "bytes" "context" "encoding/json" + "encoding/pem" "fmt" cetest "github.com/cloudevents/sdk-go/v2/test" @@ -144,13 +146,40 @@ func MatchPeerCertificatesFromSecret(namespace, name string, key string) eventsh return fmt.Errorf("failed to match peer certificates, connection is not TLS") } - for _, cert := range info.Connection.TLS.PemPeerCertificates { - if cert == string(value) { - return nil + // secret value can, in general, be a certificate chain (a sequence of PEM-encoded certificate blocks) + valueBlock, valueRest := pem.Decode(value) + if valueBlock == nil { + // error if there's not even a single certificate in the value + return fmt.Errorf("failed to decode secret certificate:\n%s", string(value)) + } + // for each certificate in the chain, check if it's present in info.Connection.TLS.PemPeerCertificates + for valueBlock != nil { + found := false + for _, cert := range info.Connection.TLS.PemPeerCertificates { + certBlock, _ := pem.Decode([]byte(cert)) + if certBlock == nil { + return fmt.Errorf("failed to decode peer certificate:\n%s", cert) + } + + if certBlock.Type == valueBlock.Type && string(certBlock.Bytes) == string(valueBlock.Bytes) { + found = true + break + } + } + + if !found { + pemBytes, _ := json.MarshalIndent(info.Connection.TLS.PemPeerCertificates, "", " ") + return fmt.Errorf("failed to find peer certificate with value\n%s\nin:\n%s", string(value), string(pemBytes)) } + + valueBlock, valueRest = pem.Decode(valueRest) + } + + // any non-whitespace suffix not parsed as a PEM is suspicious, so we treat it as an error: + if "" != string(bytes.TrimSpace(valueRest)) { + return fmt.Errorf("failed to decode secret certificate starting with\n%s\nin:\n%s", string(valueRest), string(value)) } - bytes, _ := json.MarshalIndent(info.Connection.TLS.PemPeerCertificates, "", " ") - return fmt.Errorf("failed to find peer certificate with value\n%s\nin:\n%s", string(value), string(bytes)) + return nil } } diff --git a/vendor/modules.txt b/vendor/modules.txt index 99f4d3e8d6..e8cac572ee 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1304,7 +1304,7 @@ k8s.io/utils/net k8s.io/utils/pointer k8s.io/utils/strings/slices k8s.io/utils/trace -# knative.dev/eventing v0.40.1-0.20240201205049-d258e7dd535c +# knative.dev/eventing v0.40.1-0.20240202144010-469d0ac85e86 ## explicit; go 1.21 knative.dev/eventing/cmd/heartbeats knative.dev/eventing/pkg/adapter/v2 @@ -1520,7 +1520,7 @@ knative.dev/pkg/webhook/resourcesemantics knative.dev/pkg/webhook/resourcesemantics/conversion knative.dev/pkg/webhook/resourcesemantics/defaulting knative.dev/pkg/webhook/resourcesemantics/validation -# knative.dev/reconciler-test v0.0.0-20240201013705-feb27a771d67 +# knative.dev/reconciler-test v0.0.0-20240202062219-3bf004cddd5c ## explicit; go 1.21 knative.dev/reconciler-test/cmd/eventshub knative.dev/reconciler-test/pkg/environment