Skip to content
This repository has been archived by the owner on Sep 2, 2024. It is now read-only.

Commit

Permalink
upgrade to latest dependencies
Browse files Browse the repository at this point in the history 
bumping knative.dev/eventing de75496...a13eebe:
  > a13eebe [main] Upgrade to latest dependencies (# 7100)
  > a755429 Re-enable PingSource TLS E2E test (# 7082)
bumping knative.dev/reconciler-test 078c8e7...7286e0a:
  > 7286e0a Support matching peer certificates for certs rotation testing (# 551)
  > e04dcf0 [release-1.11] Support rotating TLS certificates (# 550)

Signed-off-by: Knative Automation <[email protected]>
  • Loading branch information
@knative-automation
knative-automation committed Jul 20, 2023
1 parent 96eb56a commit 2259e23
Show file tree
Hide file tree
Showing 10 changed files with 195 additions and 75 deletions.
4 changes: 2 additions & 2 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,10 @@ require (
k8s.io/apimachinery v0.26.5
k8s.io/client-go v0.26.5
k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2
knative.dev/eventing v0.37.1-0.20230717151218-de75496e18fd
knative.dev/eventing v0.37.1-0.20230720121212-a13eebe803bf
knative.dev/hack v0.0.0-20230712131415-ddae80293c43
knative.dev/pkg v0.0.0-20230718152110-aef227e72ead
knative.dev/reconciler-test v0.0.0-20230718160213-078c8e71d795
knative.dev/reconciler-test v0.0.0-20230720092812-7286e0a369dc
sigs.k8s.io/yaml v1.3.0
)

Expand Down
8 changes: 4 additions & 4 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -967,14 +967,14 @@ k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+O
k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJOIfnislxYlqTj8=
k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
knative.dev/eventing v0.37.1-0.20230717151218-de75496e18fd h1:oy1lvDGcZwHtu1rWcsU/3N4upiix9sznNg0y4wz2qyE=
knative.dev/eventing v0.37.1-0.20230717151218-de75496e18fd/go.mod h1:qdgFteB1E2/K0TfweX9zDX3An6PkzsQ/a4xEWkitusk=
knative.dev/eventing v0.37.1-0.20230720121212-a13eebe803bf h1:KqqwFQD+qM6utzZH3l7B1/HT+LBT6F61t8cChde1weg=
knative.dev/eventing v0.37.1-0.20230720121212-a13eebe803bf/go.mod h1:nd7MZ/O5nyNKlZ1m9XAxI9eSq2bYWJQfYogSXflRpqc=
knative.dev/hack v0.0.0-20230712131415-ddae80293c43 h1:3SE06uNfSFGm/5XS+0trbyCUpgsOaBeyhPQU8FPNFz8=
knative.dev/hack v0.0.0-20230712131415-ddae80293c43/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
knative.dev/pkg v0.0.0-20230718152110-aef227e72ead h1:2dDzorpKuVZW3Qp7TbirMMq16FbId8f6bacQFX8jXLw=
knative.dev/pkg v0.0.0-20230718152110-aef227e72ead/go.mod h1:WmrwRV/P+hGHoMraAEfwg6ec+fBTf+Obu41v354Iabc=
knative.dev/reconciler-test v0.0.0-20230718160213-078c8e71d795 h1:GO1WGYqG+1GWzfcjGuEmDmqE6dgWSWpyRUIVZz5BLhA=
knative.dev/reconciler-test v0.0.0-20230718160213-078c8e71d795/go.mod h1:i+/PWK/n3HPgjXMoj5U7CA6WRW/C3c3EfHCQ0FmrhNM=
knative.dev/reconciler-test v0.0.0-20230720092812-7286e0a369dc h1:uzrOfQ30FKaynWRWUqEnKk6lP7SEl0ikC6jOfxFhf6A=
knative.dev/reconciler-test v0.0.0-20230720092812-7286e0a369dc/go.mod h1:i+/PWK/n3HPgjXMoj5U7CA6WRW/C3c3EfHCQ0FmrhNM=
pgregory.net/rapid v0.3.3 h1:jCjBsY4ln4Atz78QoBWxUEvAHaFyNDQg9+WU62aCn1U=
pgregory.net/rapid v0.3.3/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
Expand Down
50 changes: 35 additions & 15 deletions vendor/knative.dev/eventing/pkg/adapter/v2/cloudevents.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,13 @@ import (
"net/url"
"time"

obshttp "github.com/cloudevents/sdk-go/observability/opencensus/v2/http"
cloudevents "github.com/cloudevents/sdk-go/v2"
ceclient "github.com/cloudevents/sdk-go/v2/client"
"github.com/cloudevents/sdk-go/v2/event"
"github.com/cloudevents/sdk-go/v2/protocol"
"github.com/cloudevents/sdk-go/v2/protocol/http"
"go.opencensus.io/plugin/ochttp"
"go.opencensus.io/plugin/ochttp/propagation/tracecontext"
duckv1 "knative.dev/pkg/apis/duck/v1"
"knative.dev/pkg/tracing/propagation/tracecontextb3"

Expand All @@ -53,7 +53,9 @@ type Client interface {
var newClientHTTPObserved = NewClientHTTPObserved

func NewClientHTTPObserved(topt []http.Option, copt []ceclient.Option) (Client, error) {
t, err := obshttp.NewObservedHTTP(topt...)
t, err := http.New(append(topt,
http.WithMiddleware(tracecontextMiddleware),
)...)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -108,8 +110,6 @@ type ClientConfig struct {
Reporter source.StatsReporter
CrStatusEventClient *crstatusevent.CRStatusEventClient
Options []http.Option

Client Client
}

type clientConfigKey struct{}
Expand All @@ -127,16 +127,12 @@ func GetClientConfig(ctx context.Context) ClientConfig {
}

func NewClient(cfg ClientConfig) (Client, error) {
if cfg.Client != nil {
return cfg.Client, nil
}

transport := &ochttp.Transport{
Base: nethttp.DefaultTransport.(*nethttp.Transport),
Propagation: tracecontextb3.TraceContextEgress,
}

pOpts := make([]http.Option, 0)
var closeIdler closeIdler = nethttp.DefaultTransport.(*nethttp.Transport)

ceOverrides := cfg.CeOverrides
if cfg.Env != nil {
Expand All @@ -152,16 +148,16 @@ func NewClient(cfg ClientConfig) (Client, error) {
clientConfig := eventingtls.NewDefaultClientConfig()
clientConfig.CACerts = cfg.Env.GetCACerts()

httpTransport := nethttp.DefaultTransport.(*nethttp.Transport).Clone()
httpTransport.TLSClientConfig, err = eventingtls.GetTLSClientConfig(clientConfig)
tlsConfig, err := eventingtls.GetTLSClientConfig(clientConfig)
if err != nil {
return nil, err
}

closeIdler = httpTransport
httpsTransport := transport.Base.(*nethttp.Transport).Clone()
httpsTransport.TLSClientConfig = tlsConfig

transport = &ochttp.Transport{
Base: httpTransport,
Base: httpsTransport,
Propagation: tracecontextb3.TraceContextEgress,
}
}
Expand All @@ -176,7 +172,11 @@ func NewClient(cfg ClientConfig) (Client, error) {
pOpts = append(pOpts, http.WithHeader(apis.KnNamespaceHeader, cfg.Env.GetNamespace()))
}

pOpts = append(pOpts, http.WithRoundTripper(transport))
httpClient := nethttp.Client{Transport: roundTripperDecorator(transport)}

// Important: prepend HTTP client option to make sure that other options are applied to this
// client and not to the default client.
pOpts = append([]http.Option{http.WithClient(httpClient)}, pOpts...)

// Make sure that explicitly set options have priority
opts := append(pOpts, cfg.Options...)
Expand All @@ -191,7 +191,7 @@ func NewClient(cfg ClientConfig) (Client, error) {
}
return &client{
ceClient: ceClient,
closeIdler: closeIdler,
closeIdler: transport.Base.(*nethttp.Transport),
ceOverrides: ceOverrides,
reporter: cfg.Reporter,
crStatusEventClient: cfg.CrStatusEventClient,
Expand Down Expand Up @@ -341,3 +341,23 @@ func MetricTagFromContext(ctx context.Context) *MetricTag {
ResourceGroup: "unknown",
}
}

func roundTripperDecorator(roundTripper nethttp.RoundTripper) nethttp.RoundTripper {
return &ochttp.Transport{
Propagation: &tracecontext.HTTPFormat{},
Base: roundTripper,
FormatSpanName: formatSpanName,
}
}

func formatSpanName(r *nethttp.Request) string {
return "cloudevents.http." + r.URL.Path
}

func tracecontextMiddleware(h nethttp.Handler) nethttp.Handler {
return &ochttp.Handler{
Propagation: &tracecontext.HTTPFormat{},
Handler: h,
FormatSpanName: formatSpanName,
}
}
4 changes: 1 addition & 3 deletions vendor/knative.dev/eventing/test/e2e-common.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,9 +61,7 @@ readonly TMP_DIR
readonly KNATIVE_DEFAULT_NAMESPACE="knative-eventing"

# This the namespace used to install and test Knative Eventing.
export SYSTEM_NAMESPACE
SYSTEM_NAMESPACE="${SYSTEM_NAMESPACE:-"knative-eventing-"$(head -c 128 < \
/dev/urandom | LC_CTYPE=C tr -dc 'a-z0-9' | fold -w 10 | head -n 1)}"
export SYSTEM_NAMESPACE=${SYSTEM_NAMESPACE:-"knative-eventing"}

CERT_MANAGER_NAMESPACE="cert-manager"
export CERT_MANAGER_NAMESPACE
Expand Down
88 changes: 73 additions & 15 deletions vendor/knative.dev/reconciler-test/pkg/eventshub/assert/step.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,21 @@ package assert

import (
"context"
"encoding/json"
"fmt"

cetest "github.com/cloudevents/sdk-go/v2/test"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
kubeclient "knative.dev/pkg/client/injection/kube/client"

"knative.dev/reconciler-test/pkg/environment"
"knative.dev/reconciler-test/pkg/eventshub"
"knative.dev/reconciler-test/pkg/feature"
)

type MatchAssertionBuilder struct {
storeName string
matchers []eventshub.EventInfoMatcher
matchers []eventshub.EventInfoMatcherCtx
}

// OnStore creates an assertion builder starting from the name of the store
Expand All @@ -24,35 +29,50 @@ func OnStore(name string) MatchAssertionBuilder {

// Match adds the provided matchers in this builder
func (m MatchAssertionBuilder) Match(matchers ...eventshub.EventInfoMatcher) MatchAssertionBuilder {
for _, matcher := range matchers {
m.matchers = append(m.matchers, matcher.WithContext())
}
return m
}

// MatchWithContext adds the provided matchers in this builder
func (m MatchAssertionBuilder) MatchWithContext(matchers ...eventshub.EventInfoMatcherCtx) MatchAssertionBuilder {
m.matchers = append(m.matchers, matchers...)
return m
}

// MatchPeerCertificates adds the provided matchers in this builder
func (m MatchAssertionBuilder) MatchPeerCertificatesReceived(matchers ...eventshub.EventInfoMatcherCtx) MatchAssertionBuilder {
m.matchers = append(m.matchers, MatchKind(eventshub.PeerCertificatesReceived).WithContext())
m.matchers = append(m.matchers, matchers...)
return m
}

// MatchReceivedEvent is a shortcut for Match(MatchKind(eventshub.EventReceived), MatchEvent(matchers...))
func (m MatchAssertionBuilder) MatchReceivedEvent(matchers ...cetest.EventMatcher) MatchAssertionBuilder {
m.matchers = append(m.matchers, MatchKind(eventshub.EventReceived))
m.matchers = append(m.matchers, MatchEvent(matchers...))
m.matchers = append(m.matchers, MatchKind(eventshub.EventReceived).WithContext())
m.matchers = append(m.matchers, MatchEvent(matchers...).WithContext())
return m
}

// MatchRejectedEvent is a shortcut for Match(MatchKind(eventshub.EventRejected), MatchEvent(matchers...))
func (m MatchAssertionBuilder) MatchRejectedEvent(matchers ...cetest.EventMatcher) MatchAssertionBuilder {
m.matchers = append(m.matchers, MatchKind(eventshub.EventRejected))
m.matchers = append(m.matchers, MatchEvent(matchers...))
m.matchers = append(m.matchers, MatchKind(eventshub.EventRejected).WithContext())
m.matchers = append(m.matchers, MatchEvent(matchers...).WithContext())
return m
}

// MatchSentEvent is a shortcut for Match(MatchKind(eventshub.EventSent), MatchEvent(matchers...))
func (m MatchAssertionBuilder) MatchSentEvent(matchers ...cetest.EventMatcher) MatchAssertionBuilder {
m.matchers = append(m.matchers, MatchKind(eventshub.EventSent))
m.matchers = append(m.matchers, MatchEvent(matchers...))
m.matchers = append(m.matchers, MatchKind(eventshub.EventSent).WithContext())
m.matchers = append(m.matchers, MatchEvent(matchers...).WithContext())
return m
}

// MatchResponseEvent is a shortcut for Match(MatchKind(eventshub.EventResponse), MatchEvent(matchers...))
func (m MatchAssertionBuilder) MatchResponseEvent(matchers ...cetest.EventMatcher) MatchAssertionBuilder {
m.matchers = append(m.matchers, MatchKind(eventshub.EventResponse))
m.matchers = append(m.matchers, MatchEvent(matchers...))
m.matchers = append(m.matchers, MatchKind(eventshub.EventResponse).WithContext())
m.matchers = append(m.matchers, MatchEvent(matchers...).WithContext())
return m
}

Expand All @@ -61,39 +81,77 @@ func (m MatchAssertionBuilder) MatchEvent(matchers ...cetest.EventMatcher) Match
m.matchers = append(m.matchers, OneOf(
MatchKind(eventshub.EventReceived),
MatchKind(eventshub.EventSent),
))
m.matchers = append(m.matchers, MatchEvent(matchers...))
).WithContext())
m.matchers = append(m.matchers, MatchEvent(matchers...).WithContext())
return m
}

// AtLeast builds the assertion feature.StepFn
// OnStore(store).Match(matchers).AtLeast(min) is equivalent to StoreFromContext(ctx, store).AssertAtLeast(min, matchers)
func (m MatchAssertionBuilder) AtLeast(min int) feature.StepFn {
return func(ctx context.Context, t feature.T) {
eventshub.StoreFromContext(ctx, m.storeName).AssertAtLeast(t, min, m.matchers...)
eventshub.StoreFromContext(ctx, m.storeName).AssertAtLeast(t, min, toFixedContextMatchers(ctx, m.matchers)...)
}
}

// InRange builds the assertion feature.StepFn
// OnStore(store).Match(matchers).InRange(min, max) is equivalent to StoreFromContext(ctx, store).AssertInRange(min, max, matchers)
func (m MatchAssertionBuilder) InRange(min int, max int) feature.StepFn {
return func(ctx context.Context, t feature.T) {
eventshub.StoreFromContext(ctx, m.storeName).AssertInRange(t, min, max, m.matchers...)
eventshub.StoreFromContext(ctx, m.storeName).AssertInRange(t, min, max, toFixedContextMatchers(ctx, m.matchers)...)
}
}

// Exact builds the assertion feature.StepFn
// OnStore(store).Match(matchers).Exact(n) is equivalent to StoreFromContext(ctx, store).AssertExact(n, matchers)
func (m MatchAssertionBuilder) Exact(n int) feature.StepFn {
return func(ctx context.Context, t feature.T) {
eventshub.StoreFromContext(ctx, m.storeName).AssertExact(t, n, m.matchers...)
eventshub.StoreFromContext(ctx, m.storeName).AssertExact(t, n, toFixedContextMatchers(ctx, m.matchers)...)
}
}

// Not builds the assertion feature.StepFn
// OnStore(store).Match(matchers).Not() is equivalent to StoreFromContext(ctx, store).AssertNot(matchers)
func (m MatchAssertionBuilder) Not() feature.StepFn {
return func(ctx context.Context, t feature.T) {
eventshub.StoreFromContext(ctx, m.storeName).AssertNot(t, m.matchers...)
eventshub.StoreFromContext(ctx, m.storeName).AssertNot(t, toFixedContextMatchers(ctx, m.matchers)...)
}
}

func toFixedContextMatchers(ctx context.Context, matchers []eventshub.EventInfoMatcherCtx) []eventshub.EventInfoMatcher {
out := make([]eventshub.EventInfoMatcher, 0, len(matchers))
for _, matcher := range matchers {
out = append(out, matcher.WithContext(ctx))
}
return out
}

func MatchPeerCertificatesFromSecret(name string, key string) eventshub.EventInfoMatcherCtx {
return func(ctx context.Context, info eventshub.EventInfo) error {
secret, err := kubeclient.Get(ctx).CoreV1().
Secrets(environment.FromContext(ctx).Namespace()).
Get(ctx, name, metav1.GetOptions{})

if err != nil {
return fmt.Errorf("failed to get secret: %w", err)
}

value, ok := secret.Data[key]
if !ok {
return fmt.Errorf("failed to get value from secret %s/%s for key %s", secret.Namespace, secret.Name, key)
}

if info.Connection == nil && info.Connection.TLS == nil {
return fmt.Errorf("failed to match peer certificates, connection is not TLS")
}

for _, cert := range info.Connection.TLS.PemPeerCertificates {
if cert == string(value) {
return nil
}
}

bytes, _ := json.MarshalIndent(info.Connection.TLS.PemPeerCertificates, "", " ")
return fmt.Errorf("failed to find peer certificate with value\n%s\nin:\n%s", string(value), string(bytes))
}
}
47 changes: 43 additions & 4 deletions vendor/knative.dev/reconciler-test/pkg/eventshub/event_info.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,9 @@ limitations under the License.
package eventshub

import (
"crypto/tls"
"encoding/json"
"encoding/pem"
"fmt"
"strings"
"time"
Expand All @@ -38,13 +40,16 @@ const (

EventSent EventKind = "Sent"
EventResponse EventKind = "Response"

PeerCertificatesReceived EventKind = "PeerCertificatesReceived"
)

type ConnectionTLS struct {
CipherSuite uint16 `json:"cipherSuite,omitempty"`
CipherSuiteName string `json:"cipherSuiteName,omitempty"`
HandshakeComplete bool `json:"handshakeComplete,omitempty"`
IsInsecureCipherSuite bool `json:"isInsecureCipherSuite,omitempty"`
CipherSuite uint16 `json:"cipherSuite,omitempty"`
CipherSuiteName string `json:"cipherSuiteName,omitempty"`
HandshakeComplete bool `json:"handshakeComplete,omitempty"`
IsInsecureCipherSuite bool `json:"isInsecureCipherSuite,omitempty"`
PemPeerCertificates []string `json:"pemPeerCertificates,omitempty"`
}

type Connection struct {
Expand Down Expand Up @@ -148,3 +153,37 @@ func (s *SearchedInfo) String() string {
}
return sb.String()
}

func TLSConnectionStateToConnection(state *tls.ConnectionState) *Connection {

if state != nil {
c := &Connection{TLS: &ConnectionTLS{}}
c.TLS.CipherSuite = state.CipherSuite
c.TLS.CipherSuiteName = tls.CipherSuiteName(state.CipherSuite)
c.TLS.HandshakeComplete = state.HandshakeComplete
c.TLS.IsInsecureCipherSuite = IsInsecureCipherSuite(state)

for _, cert := range state.PeerCertificates {
pemCert := string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}))
c.TLS.PemPeerCertificates = append(c.TLS.PemPeerCertificates, pemCert)
}

return c
}

return nil
}

func IsInsecureCipherSuite(conn *tls.ConnectionState) bool {
if conn == nil {
return true
}

res := false
for _, s := range tls.InsecureCipherSuites() {
if s.ID == conn.CipherSuite {
res = true
}
}
return res
}
Loading

0 comments on commit 2259e23

Please sign in to comment.