diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e260f87..37fc7b3 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -112,12 +112,6 @@ jobs: - name: Lint run: nix develop --impure .#ci -c make lint -j - - name: Pre-commit hooks - run: nix develop --impure .#ci -c pre-commit run -a - - - name: Check commit messages - run: nix develop --impure .#ci -c pre-commit run --hook-stage manual - license-check: name: License check runs-on: ubuntu-latest @@ -220,7 +214,7 @@ jobs: needs: [artifacts] strategy: matrix: - k8s_version: ["v1.24.15", "v1.25.11", "v1.26.6", "v1.27.3"] + k8s_version: ["v1.28.9", "v1.29.4", "v1.30.0"] operator_version: ["v1.22.1", "v1.22.2"] # First version that works with the generic webhook: v1.22.1 webhook_version: ["v0.1.0"] diff --git a/.golangci.yaml b/.golangci.yaml index 55fdb81..5581db1 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -12,7 +12,6 @@ linters-settings: misspell: locale: US nolintlint: - allow-leading-space: false # require machine-readable nolint directives (with no leading space) allow-unused: false # report any unused nolint directives require-specific: false # don't require nolint directives to be specific about which linter is being skipped revive: @@ -20,8 +19,18 @@ linters-settings: linters: enable: + - bodyclose + - errcheck - gci + - gofmt + - gofumpt - goimports + - gosimple + - ineffassign - misspell - nolintlint - revive + - unconvert + - unparam + - unused + - whitespace diff --git a/Dockerfile b/Dockerfile index 85c5877..1e26373 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.5.0@sha256:0c6a569797744e45955f39d4f7538ac344bfb7ebf0a54006a0a4297b153ccf0f AS xx -FROM --platform=$BUILDPLATFORM golang:1.22.3-alpine3.18@sha256:d1a601b64de09e2fa38c95e55838961811d5ca11062a8f4230a5c434b3ae2a34 AS builder +FROM --platform=$BUILDPLATFORM golang:1.23.1-alpine3.20@sha256:ac67716dd016429be8d4c2c53a248d7bcdf06d34127d3dc451bda6aa5a87bc06 AS builder COPY --from=xx / / diff --git a/Makefile b/Makefile index 776dad1..b99ea43 100644 --- a/Makefile +++ b/Makefile @@ -1,20 +1,22 @@ # A Self-Documenting Makefile: http://marmelab.com/blog/2016/02/29/auto-documented-makefile.html +export PATH := $(abspath bin/):${PATH} + +# Setting SHELL to bash allows bash commands to be executed by recipes. +# Options are set to exit when a recipe line exits non-zero or a piped command fails. +SHELL = /usr/bin/env bash -o pipefail +.SHELLFLAGS = -ec + # Default values for environment variables used in the Makefile KUBECONFIG ?= $(HOME)/.kube/config TEST_KIND_CLUSTER ?= vault-secrets-reloader # Target image name -IMG ?= ghcr.io/bank-vaults/vault-secrets-reloader:dev +CONTAINER_IMAGE_REF = ghcr.io/bank-vaults/vault-secrets-reloader:dev -# Operator image name +# Operator and Webhook image name OPERATOR_VERSION ?= latest WEBHOOK_VERSION ?= latest -# Setting SHELL to bash allows bash commands to be executed by recipes. -# Options are set to exit when a recipe line exits non-zero or a piped command fails. -SHELL = /usr/bin/env bash -o pipefail -.SHELLFLAGS = -ec - ##@ General # Targets commented with ## will be visible in "make help" info. @@ -25,74 +27,25 @@ default: help help: ## Display this help @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) -##@ Checks - -.PHONY: license-check -license-check: ## Run license check - $(LICENSEI) check - $(LICENSEI) header - -.PHONY: fmt -fmt: ## Run go fmt against code - $(GOLANGCI_LINT) run --fix - -.PHONY: lint-go -lint-go: # Run golang lint check - $(GOLANGCI_LINT) run $(if ${CI},--out-format github-actions,) - -.PHONY: lint-helm -lint-helm: # Run helm lint check - $(HELM) lint deploy/charts/vault-secrets-reloader - -.PHONY: lint-yaml -lint-yaml: - $(YAMLLINT) $(if ${CI},-f github,) --no-warnings . - -.PHONY: lint-docker -lint-docker: # Run Dockerfile lint check - $(HADOLINT) Dockerfile - -.PHONY: lint -lint: lint-go lint-helm lint-yaml lint-docker ## Run lint checks - -.PHONY: test -test: ## Run tests - go clean -testcache - go test -race -v ./... - -.PHONY: test-e2e -test-e2e: ## Run acceptance tests. If running on a local kind cluster, run "make import-test" before this - go clean -testcache - go test -race -v -timeout 900s -tags e2e ./e2e - -.PHONY: test-e2e-local -test-e2e-local: container-image ## Run e2e tests locally - go clean -testcache - LOAD_IMAGE=${IMG} RELOADER_VERSION=dev OPERATOR_VERSION=$(OPERATOR_VERSION) WEBHOOK_VERSION=$(WEBHOOK_VERSION) LOG_VERBOSE=true ${MAKE} test-e2e - ##@ Development -.PHONY: run -run: ## Run manager from your host - go run main.go -log-level=debug -collector-sync-period=30s -reloader-run-period=1m +.PHONY: up-kind +up-kind: create-kind up ## Start kind development environment .PHONY: create-kind create-kind: ## Create kind cluster - $(KIND) create cluster --name $(TEST_KIND_CLUSTER) - -.PHONY: up-kind -up-kind: create-kind up ## Start kind development environment + $(KIND_BIN) create cluster --name $(TEST_KIND_CLUSTER) .PHONY: up up: ## Start development environment - $(HELM) upgrade --install vault-operator oci://ghcr.io/bank-vaults/helm-charts/vault-operator \ + $(HELM_BIN) upgrade --install vault-operator oci://ghcr.io/bank-vaults/helm-charts/vault-operator \ --set image.tag=latest \ --set image.bankVaultsTag=latest \ --wait - $(KUBECTL) create namespace bank-vaults-infra --dry-run=client -o yaml | $(KUBECTL) apply -f - - $(KUBECTL) apply -f $(shell pwd)/e2e/deploy/vault/ + kubectl create namespace bank-vaults-infra --dry-run=client -o yaml | kubectl apply -f - + kubectl apply -f $(shell pwd)/e2e/deploy/vault/ sleep 60 - $(HELM) upgrade --install secrets-webhook oci://ghcr.io/bank-vaults/helm-charts/secrets-webhook \ + $(HELM_BIN) upgrade --install secrets-webhook oci://ghcr.io/bank-vaults/helm-charts/secrets-webhook \ --set replicaCount=1 \ --set image.tag=latest \ --set image.pullPolicy=IfNotPresent \ @@ -102,42 +55,101 @@ up: ## Start development environment .PHONY: down down: ## Destroy kind development environment - $(KIND) delete cluster --name $(TEST_KIND_CLUSTER) + $(KIND_BIN) delete cluster --name $(TEST_KIND_CLUSTER) -##@ Build +.PHONY: run +run: ## Run manager from your host + go run main.go -log-level=debug -collector-sync-period=30s -reloader-run-period=1m -.PHONY: artifacts -artifacts: build container-image helm-chart ## Build artifacts +##@ Build .PHONY: build build: ## Build manager binary @mkdir -p build go build -race -o build/vault-secrets-reloader . +.PHONY: artifacts +artifacts: container-image helm-chart ## Build artifacts + .PHONY: container-image container-image: ## Build docker image - docker build -t ${IMG} . + docker build -t ${CONTAINER_IMAGE_REF} . .PHONY: helm-chart helm-chart: ## Build Helm chart @mkdir -p build helm package -d build/ deploy/charts/vault-secrets-reloader -##@ Autogeneration +##@ Checks -.PHONY: gen-helm-docs -gen-helm-docs: ## Generate Helm chart documentation - $(HELM_DOCS) -s file -c deploy/charts/ -t README.md.gotmpl +.PHONY: check +check: test lint ## Run lint checks and tests + +.PHONY: test +test: ## Run tests + go clean -testcache + go test -race -v ./... + +.PHONY: test-e2e +test-e2e: ## Run e2e tests + go clean -testcache + go test -race -v -timeout 900s -tags e2e ./e2e + +.PHONY: test-e2e-local +test-e2e-local: container-image ## Run e2e tests locally + go clean -testcache + LOAD_IMAGE=${CONTAINER_IMAGE_REF} RELOADER_VERSION=dev OPERATOR_VERSION=$(OPERATOR_VERSION) WEBHOOK_VERSION=$(WEBHOOK_VERSION) LOG_VERBOSE=true ${MAKE} test-e2e + +.PHONY: lint +lint: lint-go lint-helm lint-docker lint-yaml ## Run lint checks + +.PHONY: lint-go +lint-go: # Run golang lint check + $(GOLANGCI_LINT_BIN) run $(if ${CI},--out-format colored-line-number,) + +.PHONY: lint-helm +lint-helm: # Run helm lint check + $(HELM_BIN) lint deploy/charts/vault-secrets-reloader + +.PHONY: lint-docker +lint-docker: # Run Dockerfile lint check + $(HADOLINT_BIN) Dockerfile + +.PHONY: lint-yaml +lint-yaml: + $(YAMLLINT_BIN) $(if ${CI},-f github,) --no-warnings . + +.PHONY: fmt +fmt: ## Run go fmt against code + $(GOLANGCI_LINT_BIN) run --fix + +.PHONY: license-check +license-check: ## Run license check + $(LICENSEI_BIN) check + $(LICENSEI_BIN) header + +##@ Autogeneration .PHONY: generate generate: gen-helm-docs ## Generate manifests, code, and docs resources +.PHONY: gen-helm-docs +gen-helm-docs: ## Generate Helm chart documentation + $(HELM_DOCS_BIN) -s file -c deploy/charts/ -t README.md.gotmpl + ##@ Deployment +.PHONY: deploy-kind +deploy-kind: upload-kind deploy ## Deploy Reloder controller resources to the kind cluster + +.PHONY: upload-kind +upload-kind: + $(KIND_BIN) load docker-image ${CONTAINER_IMAGE_REF} --name $(TEST_KIND_CLUSTER) ## Load docker image to kind cluster + .PHONY: deploy deploy: ## Deploy Reloader controller resources to the K8s cluster - $(KUBECTL) create namespace bank-vaults-infra --dry-run=client -o yaml | $(KUBECTL) apply -f - - $(HELM) upgrade --install vault-secrets-reloader deploy/charts/vault-secrets-reloader \ + kubectl create namespace bank-vaults-infra --dry-run=client -o yaml | kubectl apply -f - + $(HELM_BIN) upgrade --install vault-secrets-reloader deploy/charts/vault-secrets-reloader \ --set image.tag=dev \ --set collectorSyncPeriod=30s \ --set reloaderRunPeriod=1m \ @@ -147,71 +159,59 @@ deploy: ## Deploy Reloader controller resources to the K8s cluster --set env.VAULT_TLS_SECRET_NS=bank-vaults-infra \ --namespace bank-vaults-infra -.PHONY: upload-kind -upload-kind: - $(KIND) load docker-image $(IMG) --name $(TEST_KIND_CLUSTER) ## Load docker image to kind cluster - -.PHONY: deploy-kind -deploy-kind: upload-kind deploy ## Deploy Reloder controller resources to the kind cluster - .PHONY: undeploy undeploy: ## Clean manager resources from the K8s cluster. - $(HELM) uninstall vault-secrets-reloader --namespace bank-vaults-infra + $(HELM_BIN) uninstall vault-secrets-reloader --namespace bank-vaults-infra ##@ Dependencies -# Dependency tool chain -GOLANGCI_VERSION = 1.53.3 -LICENSEI_VERSION = 0.8.0 -KIND_VERSION = 0.20.0 -KUBECTL_VERSION = 1.28.3 -HELM_DOCS_VERSION = 1.11.0 - -## Location to install dependencies to -LOCALBIN ?= $(shell pwd)/bin -$(LOCALBIN): - mkdir -p $(LOCALBIN) - -ENVTEST ?= $(or $(shell which setup-envtest),$(LOCALBIN)/setup-envtest) -$(ENVTEST): $(LOCALBIN) - test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest - -GOLANGCI_LINT ?= $(or $(shell which golangci-lint),$(LOCALBIN)/golangci-lint) -$(GOLANGCI_LINT): $(LOCALBIN) - test -s $(LOCALBIN)/golangci-lint || curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- v${GOLANGCI_VERSION} - -HELM ?= $(or $(shell which helm),$(LOCALBIN)/helm) -$(HELM): $(LOCALBIN) - test -s $(LOCALBIN)/helm || curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | USE_SUDO=false HELM_INSTALL_DIR=$(LOCALBIN) bash - -HELM_DOCS ?= $(or $(shell which helm-docs),$(LOCALBIN)/helm-docs) -$(HELM_DOCS): $(LOCALBIN) - @if [ ! -s "$(LOCALBIN)/helm-docs" ]; then \ - curl -L https://github.com/norwoodj/helm-docs/releases/download/v${HELM_DOCS_VERSION}/helm-docs_${HELM_DOCS_VERSION}_$(shell uname)_x86_64.tar.gz | tar -zOxf - helm-docs > ./bin/helm-docs; \ - chmod +x $(LOCALBIN)/helm-docs; \ - fi - -KIND ?= $(or $(shell which kind),$(LOCALBIN)/kind) -$(KIND): $(LOCALBIN) - @if [ ! -s "$(LOCALBIN)/kind" ]; then \ - curl -Lo $(LOCALBIN)/kind https://kind.sigs.k8s.io/dl/v${KIND_VERSION}/kind-$(shell uname -s | tr '[:upper:]' '[:lower:]')-$(shell uname -m | sed -e "s/aarch64/arm64/; s/x86_64/amd64/"); \ - chmod +x $(LOCALBIN)/kind; \ - fi - -KUBECTL ?= $(or $(shell which kubectl),$(LOCALBIN)/kubectl) -$(KUBECTL): $(LOCALBIN) - @if [ ! -s "$(LOCALBIN)/kubectl" ]; then \ - curl -Lo $(LOCALBIN)/kubectl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/$(shell uname -s | tr '[:upper:]' '[:lower:]')/$(shell uname -m | sed -e "s/aarch64/arm64/; s/x86_64/amd64/")/kubectl; \ - chmod +x $(LOCALBIN)/kubectl; \ - fi - -LICENSEI ?= $(or $(shell which licensei),$(LOCALBIN)/licensei) -$(LICENSEI): $(LOCALBIN) - test -s $(LOCALBIN)/licensei || curl -sfL https://raw.githubusercontent.com/goph/licensei/master/install.sh | bash -s -- v${LICENSEI_VERSION} +deps: bin/golangci-lint bin/licensei bin/kind bin/helm bin/helm-docs +deps: ## Install dependencies -# TODO: add support for hadolint and yamllint dependencies -HADOLINT ?= hadolint -YAMLLINT ?= yamllint +# Dependency versions +GOLANGCI_LINT_VERSION = 1.61.0 +LICENSEI_VERSION = 0.9.0 +KIND_VERSION = 0.24.0 +HELM_VERSION = 3.16.1 +HELM_DOCS_VERSION = 1.14.2 + +# Dependency binaries +GOLANGCI_LINT_BIN := golangci-lint +LICENSEI_BIN := licensei +KIND_BIN := kind +HELM_BIN := helm +HELM_DOCS_BIN := helm-docs -.PHONY: deps -deps: $(ENVTEST) $(GOLANGCI_LINT) $(HELM) $(HELM_DOCS) $(KIND) $(KUBECTL) $(LICENSEI) ## Download and install dependencies +# TODO: add support for hadolint and yamllint dependencies +HADOLINT_BIN := hadolint +YAMLLINT_BIN := yamllint +# If we have "bin" dir, use those binaries instead +ifneq ($(wildcard ./bin/.),) + GOLANGCI_LINT_BIN := bin/$(GOLANGCI_LINT_BIN) + LICENSEI_BIN := bin/$(LICENSEI_BIN) + KIND_BIN := bin/$(KIND_BIN) + HELM_BIN := bin/$(HELM_BIN) + HELM_DOCS_BIN := bin/$(HELM_DOCS_BIN) +endif + +bin/golangci-lint: + @mkdir -p bin + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- v${GOLANGCI_LINT_VERSION} + +bin/licensei: + @mkdir -p bin + curl -sfL https://raw.githubusercontent.com/goph/licensei/master/install.sh | bash -s -- v${LICENSEI_VERSION} +bin/kind: + @mkdir -p bin + curl -Lo bin/kind https://kind.sigs.k8s.io/dl/v${KIND_VERSION}/kind-$(shell uname -s | tr '[:upper:]' '[:lower:]')-$(shell uname -m | sed -e "s/aarch64/arm64/; s/x86_64/amd64/") + @chmod +x bin/kind + +bin/helm: + @mkdir -p bin + curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | USE_SUDO=false HELM_INSTALL_DIR=bin DESIRED_VERSION=v$(HELM_VERSION) bash + @chmod +x bin/helm + +bin/helm-docs: + @mkdir -p bin + curl -L https://github.com/norwoodj/helm-docs/releases/download/v${HELM_DOCS_VERSION}/helm-docs_${HELM_DOCS_VERSION}_$(shell uname)_x86_64.tar.gz | tar -zOxf - helm-docs > ./bin/helm-docs + @chmod +x bin/helm-docs diff --git a/deploy/charts/vault-secrets-reloader/README.md b/deploy/charts/vault-secrets-reloader/README.md index 3b2c059..f26bff0 100644 --- a/deploy/charts/vault-secrets-reloader/README.md +++ b/deploy/charts/vault-secrets-reloader/README.md @@ -24,34 +24,34 @@ You can prepare a separate namespace for Vault Secrets Reloader beforehand, crea 1. Save Reloader default chart values: - ```shell - helm show values oci://ghcr.io/bank-vaults/helm-charts/vault-secrets-reloader > values.yaml - ``` +```shell +helm show values oci://ghcr.io/bank-vaults/helm-charts/vault-secrets-reloader > values.yaml +``` 2. Check the configuration in `values.yaml` and update the required values if needed. Configure the time for periodic runs of the `collector` and `reloader` workers with a value in Go Duration format: - ```yaml - collectorSyncPeriod: 30m - reloaderRunPeriod: 1h - ``` +```yaml +collectorSyncPeriod: 30m +reloaderRunPeriod: 1h +``` - Additionally, Reloader needs to be supplied with Vault credentials to be able to connect to Vault in order to get the secrets. You can check the list of environmental variables accepted for creating a Vault client [here](https://developer.hashicorp.com/vault/docs/commands#environment-variables). For example: +Additionally, Reloader needs to be supplied with Vault credentials to be able to connect to Vault in order to get the secrets. You can check the list of environmental variables accepted for creating a Vault client [here](https://developer.hashicorp.com/vault/docs/commands#environment-variables). For example: - ```yaml - env: - # define env vars for Vault used for authentication - VAULT_ROLE: "reloader" - VAULT_ADDR: "https://vault.default.svc.cluster.local:8200" - VAULT_NAMESPACE: "default" - VAULT_TLS_SECRET: "vault-tls" - VAULT_TLS_SECRET_NS: "bank-vaults-infra" - ``` +```yaml +env: + # define env vars for Vault used for authentication + VAULT_ROLE: "reloader" + VAULT_ADDR: "https://vault.default.svc.cluster.local:8200" + VAULT_NAMESPACE: "default" + VAULT_TLS_SECRET: "vault-tls" + VAULT_TLS_SECRET_NS: "bank-vaults-infra" +``` 3. Install the chart: - ```shell - helm upgrade --install --values values.yaml vault-secrets-reloader oci://ghcr.io/bank-vaults/helm-charts/vault-secrets-reloader --namespace bank-vaults-infra --create-namespace - ``` +```shell +helm upgrade --install --values values.yaml vault-secrets-reloader oci://ghcr.io/bank-vaults/helm-charts/vault-secrets-reloader --namespace bank-vaults-infra --create-namespace +``` ## Values @@ -59,42 +59,42 @@ The following table lists the configurable parameters of the Helm chart. | Parameter | Type | Default | Description | | --- | ---- | ------- | ----------- | -| `affinity` | object | `{}` | Node affinity settings for the pods. Check: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ | -| `autoscaling.enabled` | bool | `false` | Enable Reloader horizontal pod autoscaling | -| `autoscaling.maxReplicas` | int | `100` | Maximum number of replicas | -| `autoscaling.minReplicas` | int | `1` | Minimum number of replicas | -| `collectorSyncPeriod` | string | `"30m"` | Time interval for the collector worker to run in Go Duration format | +| `logLevel` | string | `"info"` | Log level | | `enableJSONLog` | bool | `false` | Use JSON log format instead of text | -| `env` | object | `{}` | Environment variables e.g. for Vault authentication | -| `fullnameOverride` | string | `""` | Override app full name | -| `image.imagePullSecrets` | list | `[]` | Container image pull secrets for private repositories | -| `image.pullPolicy` | string | `"IfNotPresent"` | Container image pull policy | | `image.repository` | string | `"ghcr.io/bank-vaults/vault-secrets-reloader"` | Container image repo that contains the Reloader Controller | | `image.tag` | string | `""` | Container image tag | -| `ingress.annotations` | object | `{}` | Reloader ingress annotations | -| `ingress.className` | string | `""` | Reloader IngressClass name | -| `ingress.enabled` | bool | `false` | Enable Reloader ingress | -| `ingress.hosts` | list | `[]` | Reloader ingress hosts | -| `ingress.tls` | list | `[]` | Reloader ingress tls | -| `logLevel` | string | `"info"` | Log level | +| `image.pullPolicy` | string | `"IfNotPresent"` | Container image pull policy | +| `image.imagePullSecrets` | list | `[]` | Container image pull secrets for private repositories | | `nameOverride` | string | `""` | Override app name | -| `nodeSelector` | object | `{}` | Node labels for pod assignment. Check: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | +| `fullnameOverride` | string | `""` | Override app full name | +| `collectorSyncPeriod` | string | `"30m"` | Time interval for the collector worker to run in Go Duration format | +| `reloaderRunPeriod` | string | `"1h"` | Time interval for the reloader worker to run in Go Duration format | +| `serviceAccount.create` | bool | `true` | Specifies whether a service account should be created | +| `serviceAccount.annotations` | object | `{}` | Annotations to add to the service account | +| `serviceAccount.name` | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | `podAnnotations` | object | `{}` | Extra annotations to add to pod metadata | | `podSecurityContext` | object | `{}` | Pod security context for Reloader deployment | -| `reloaderRunPeriod` | string | `"1h"` | Time interval for the reloader worker to run in Go Duration format | -| `resources` | object | `{}` | Resources to request for the deployment and pods | | `securityContext` | object | `{}` | Pod security context for Reloader containers | -| `service.annotations` | object | `{}` | Reloader service annotations, e.g. if type is AWS LoadBalancer and you want to add security groups | -| `service.externalPort` | int | `443` | Reloader service external port | -| `service.internalPort` | int | `8443` | Reloader service internal port | | `service.name` | string | `"vault-secrets-reloader"` | Reloader service name | | `service.type` | string | `"ClusterIP"` | Reloader service type | -| `serviceAccount.annotations` | object | `{}` | Annotations to add to the service account | -| `serviceAccount.create` | bool | `true` | Specifies whether a service account should be created | -| `serviceAccount.name` | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| `tolerations` | list | `[]` | List of node tolerations for the pods. Check: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | -| `volumeMounts` | list | `[]` | Extra volume mounts for Reloader deployment | +| `service.externalPort` | int | `443` | Reloader service external port | +| `service.internalPort` | int | `8443` | Reloader service internal port | +| `service.annotations` | object | `{}` | Reloader service annotations, e.g. if type is AWS LoadBalancer and you want to add security groups | +| `ingress.enabled` | bool | `false` | Enable Reloader ingress | +| `ingress.className` | string | `""` | Reloader IngressClass name | +| `ingress.annotations` | object | `{}` | Reloader ingress annotations | +| `ingress.hosts` | list | `[]` | Reloader ingress hosts | +| `ingress.tls` | list | `[]` | Reloader ingress tls | +| `env` | object | `{}` | Environment variables e.g. for Vault authentication | | `volumes` | list | `[]` | Extra volume definitions for Reloader deployment | +| `volumeMounts` | list | `[]` | Extra volume mounts for Reloader deployment | +| `resources` | object | `{}` | Resources to request for the deployment and pods | +| `autoscaling.enabled` | bool | `false` | Enable Reloader horizontal pod autoscaling | +| `autoscaling.minReplicas` | int | `1` | Minimum number of replicas | +| `autoscaling.maxReplicas` | int | `100` | Maximum number of replicas | +| `nodeSelector` | object | `{}` | Node labels for pod assignment. Check: | +| `tolerations` | list | `[]` | List of node tolerations for the pods. Check: | +| `affinity` | object | `{}` | Node affinity settings for the pods. Check: | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. diff --git a/deploy/charts/vault-secrets-reloader/README.md.gotmpl b/deploy/charts/vault-secrets-reloader/README.md.gotmpl index ea15a1f..8131e80 100644 --- a/deploy/charts/vault-secrets-reloader/README.md.gotmpl +++ b/deploy/charts/vault-secrets-reloader/README.md.gotmpl @@ -24,34 +24,34 @@ You can prepare a separate namespace for Vault Secrets Reloader beforehand, crea 1. Save Reloader default chart values: - ```shell - helm show values oci://ghcr.io/bank-vaults/helm-charts/vault-secrets-reloader > values.yaml - ``` +```shell +helm show values oci://ghcr.io/bank-vaults/helm-charts/vault-secrets-reloader > values.yaml +``` 2. Check the configuration in `values.yaml` and update the required values if needed. Configure the time for periodic runs of the `collector` and `reloader` workers with a value in Go Duration format: - ```yaml - collectorSyncPeriod: 30m - reloaderRunPeriod: 1h - ``` +```yaml +collectorSyncPeriod: 30m +reloaderRunPeriod: 1h +``` - Additionally, Reloader needs to be supplied with Vault credentials to be able to connect to Vault in order to get the secrets. You can check the list of environmental variables accepted for creating a Vault client [here](https://developer.hashicorp.com/vault/docs/commands#environment-variables). For example: +Additionally, Reloader needs to be supplied with Vault credentials to be able to connect to Vault in order to get the secrets. You can check the list of environmental variables accepted for creating a Vault client [here](https://developer.hashicorp.com/vault/docs/commands#environment-variables). For example: - ```yaml - env: - # define env vars for Vault used for authentication - VAULT_ROLE: "reloader" - VAULT_ADDR: "https://vault.default.svc.cluster.local:8200" - VAULT_NAMESPACE: "default" - VAULT_TLS_SECRET: "vault-tls" - VAULT_TLS_SECRET_NS: "bank-vaults-infra" - ``` +```yaml +env: + # define env vars for Vault used for authentication + VAULT_ROLE: "reloader" + VAULT_ADDR: "https://vault.default.svc.cluster.local:8200" + VAULT_NAMESPACE: "default" + VAULT_TLS_SECRET: "vault-tls" + VAULT_TLS_SECRET_NS: "bank-vaults-infra" +``` 3. Install the chart: - ```shell - helm upgrade --install --values values.yaml vault-secrets-reloader oci://ghcr.io/bank-vaults/helm-charts/vault-secrets-reloader --namespace bank-vaults-infra --create-namespace - ``` +```shell +helm upgrade --install --values values.yaml vault-secrets-reloader oci://ghcr.io/bank-vaults/helm-charts/vault-secrets-reloader --namespace bank-vaults-infra --create-namespace +``` {{ define "chart.valuesTableHtml" }} diff --git a/deploy/charts/vault-secrets-reloader/values.yaml b/deploy/charts/vault-secrets-reloader/values.yaml index 1278ee0..41ef03e 100644 --- a/deploy/charts/vault-secrets-reloader/values.yaml +++ b/deploy/charts/vault-secrets-reloader/values.yaml @@ -129,13 +129,13 @@ autoscaling: # targetMemoryUtilizationPercentage: 80 # -- Node labels for pod assignment. -# Check: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector +# Check: nodeSelector: {} # -- List of node tolerations for the pods. -# Check: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +# Check: tolerations: [] # -- Node affinity settings for the pods. -# Check: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +# Check: affinity: {} diff --git a/flake.lock b/flake.lock index 2d1d10f..6722640 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,47 @@ "devenv", "flake-compat" ], + "git-hooks": [ + "devenv", + "pre-commit-hooks" + ], "nixpkgs": [ "devenv", "nixpkgs" + ] + }, + "locked": { + "lastModified": 1724232775, + "narHash": "sha256-6u2DycIEgrgNYlLxyGqdFVmBNiKIitnQKJ1pbRP5oko=", + "owner": "cachix", + "repo": "cachix", + "rev": "03b6cb3f953097bff378fb8b9ea094bd091a4ec7", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "cachix", + "type": "github" + } + }, + "cachix_2": { + "inputs": { + "devenv": "devenv_3", + "flake-compat": [ + "devenv", + "cachix", + "devenv", + "flake-compat" + ], + "nixpkgs": [ + "devenv", + "cachix", + "devenv", + "nixpkgs" ], "pre-commit-hooks": [ + "devenv", + "cachix", "devenv", "pre-commit-hooks" ] @@ -34,16 +70,16 @@ "inputs": { "cachix": "cachix", "flake-compat": "flake-compat_2", - "nix": "nix_2", - "nixpkgs": "nixpkgs_2", - "pre-commit-hooks": "pre-commit-hooks" + "nix": "nix_3", + "nixpkgs": "nixpkgs_3", + "pre-commit-hooks": "pre-commit-hooks_2" }, "locked": { - "lastModified": 1722198644, - "narHash": "sha256-n3nsLWmDBnIbn24ltoy+UY+QF4gU8mlmM0PYyHFHNYM=", + "lastModified": 1726417371, + "narHash": "sha256-tBq8w81ZV48tyFhLz5WQjqfoEShIXkOb6Rlzidcz8yQ=", "owner": "cachix", "repo": "devenv", - "rev": "50da41db0ec7d3fb2ca415bd467f4f63613970dd", + "rev": "1f55f89ca32d617b7a7c18422e3c364cb003df3d", "type": "github" }, "original": { @@ -53,8 +89,44 @@ } }, "devenv_2": { + "inputs": { + "cachix": "cachix_2", + "flake-compat": [ + "devenv", + "cachix", + "flake-compat" + ], + "nix": "nix_2", + "nixpkgs": [ + "devenv", + "cachix", + "nixpkgs" + ], + "pre-commit-hooks": [ + "devenv", + "cachix", + "git-hooks" + ] + }, + "locked": { + "lastModified": 1723156315, + "narHash": "sha256-0JrfahRMJ37Rf1i0iOOn+8Z4CLvbcGNwa2ChOAVrp/8=", + "owner": "cachix", + "repo": "devenv", + "rev": "ff5eb4f2accbcda963af67f1a1159e3f6c7f5f91", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "devenv", + "type": "github" + } + }, + "devenv_3": { "inputs": { "flake-compat": [ + "devenv", + "cachix", "devenv", "cachix", "flake-compat" @@ -63,6 +135,8 @@ "nixpkgs": "nixpkgs", "poetry2nix": "poetry2nix", "pre-commit-hooks": [ + "devenv", + "cachix", "devenv", "cachix", "pre-commit-hooks" @@ -116,15 +190,37 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "devenv", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1719994518, - "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "lastModified": 1726153070, + "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", "type": "github" }, "original": { @@ -152,15 +248,12 @@ } }, "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -191,10 +284,28 @@ "type": "github" } }, + "libgit2": { + "flake": false, + "locked": { + "lastModified": 1697646580, + "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=", + "owner": "libgit2", + "repo": "libgit2", + "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5", + "type": "github" + }, + "original": { + "owner": "libgit2", + "repo": "libgit2", + "type": "github" + } + }, "nix": { "inputs": { "flake-compat": "flake-compat", "nixpkgs": [ + "devenv", + "cachix", "devenv", "cachix", "devenv", @@ -220,6 +331,8 @@ "nix-github-actions": { "inputs": { "nixpkgs": [ + "devenv", + "cachix", "devenv", "cachix", "devenv", @@ -244,10 +357,14 @@ "nix_2": { "inputs": { "flake-compat": [ + "devenv", + "cachix", "devenv", "flake-compat" ], "nixpkgs": [ + "devenv", + "cachix", "devenv", "nixpkgs" ], @@ -268,6 +385,34 @@ "type": "github" } }, + "nix_3": { + "inputs": { + "flake-compat": [ + "devenv", + "flake-compat" + ], + "flake-parts": "flake-parts", + "libgit2": "libgit2", + "nixpkgs": "nixpkgs_2", + "nixpkgs-23-11": "nixpkgs-23-11", + "nixpkgs-regression": "nixpkgs-regression_3", + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1725980365, + "narHash": "sha256-uDwWyizzlQ0HFzrhP6rVp2+2NNA+/TM5zT32dR8GUlg=", + "owner": "domenkozar", + "repo": "nix", + "rev": "1e61e9f40673f84c3b02573145492d8af581bec5", + "type": "github" + }, + "original": { + "owner": "domenkozar", + "ref": "devenv-2.24", + "repo": "nix", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1692808169, @@ -300,16 +445,32 @@ "type": "github" } }, + "nixpkgs-23-11": { + "locked": { + "lastModified": 1717159533, + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "type": "github" + } + }, "nixpkgs-lib": { "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "lastModified": 1725233747, + "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" } }, "nixpkgs-regression": { @@ -344,29 +505,61 @@ "type": "github" } }, + "nixpkgs-regression_3": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { - "lastModified": 1710695816, - "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "lastModified": 1720386169, + "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1713361204, - "narHash": "sha256-TA6EDunWTkc5FvDCqU3W2T3SFn0gRZqh6D/hJnM02MM=", + "lastModified": 1717432640, + "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1716977621, + "narHash": "sha256-Q1UQzYcMJH4RscmpTkjlgqQDX5yi1tZL0O345Ri6vXQ=", "owner": "cachix", "repo": "devenv-nixpkgs", - "rev": "285676e87ad9f0ca23d8714a6ab61e7e027020c6", + "rev": "4267e705586473d3e5c8d50299e71503f16a6fb6", "type": "github" }, "original": { @@ -376,13 +569,13 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { - "lastModified": 1722141560, - "narHash": "sha256-Ul3rIdesWaiW56PS/Ak3UlJdkwBrD4UcagCmXZR9Z7Y=", + "lastModified": 1726436956, + "narHash": "sha256-a3rP7uafX/qBFX0y4CGS8vvTPvxsLl9eZQ85DkIn3DI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "038fb464fcfa79b4f08131b07f2d8c9a6bcc4160", + "rev": "039b72d0c738c934e2e36d7fc5520d1b425287a6", "type": "github" }, "original": { @@ -397,6 +590,8 @@ "flake-utils": "flake-utils", "nix-github-actions": "nix-github-actions", "nixpkgs": [ + "devenv", + "cachix", "devenv", "cachix", "devenv", @@ -421,9 +616,44 @@ "inputs": { "flake-compat": [ "devenv", - "flake-compat" + "nix" ], "flake-utils": "flake-utils_2", + "gitignore": [ + "devenv", + "nix" + ], + "nixpkgs": [ + "devenv", + "nix", + "nixpkgs" + ], + "nixpkgs-stable": [ + "devenv", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1712897695, + "narHash": "sha256-nMirxrGteNAl9sWiOhoN5tIHyjBbVi5e2tgZUgZlK3Y=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "40e6053ecb65fcbf12863338a6dcefb3f55f1bf8", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_2": { + "inputs": { + "flake-compat": [ + "devenv", + "flake-compat" + ], "gitignore": "gitignore", "nixpkgs": [ "devenv", @@ -432,11 +662,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1713775815, - "narHash": "sha256-Wu9cdYTnGQQwtT20QQMg7jzkANKQjwBD9iccfGKkfls=", + "lastModified": 1725513492, + "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "2ac4dcbf55ed43f3be0bae15e181f08a57af24a4", + "rev": "7570de7b9b504cfe92025dd1be797bf546f66528", "type": "github" }, "original": { @@ -448,8 +678,8 @@ "root": { "inputs": { "devenv": "devenv", - "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_3", + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_4", "nixpkgs-23-05": "nixpkgs-23-05" } }, @@ -467,21 +697,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 88d9b45..0be2dbe 100644 --- a/flake.nix +++ b/flake.nix @@ -21,7 +21,7 @@ default = { languages = { go.enable = true; - go.package = pkgs.go_1_21; + go.package = pkgs.go_1_23; }; services = { @@ -35,24 +35,11 @@ nixpkgs-fmt.enable = true; yamllint.enable = true; hadolint.enable = true; - helm-docs = { - enable = true; - name = "helm-docs"; - description = "Uses 'helm-docs' to create documentation from the Helm chart's 'values.yaml' file, and inserts the result into a corresponding 'README.md' file."; - files = ""; - entry = "${pkgs.helm-docs}/bin/helm-docs"; - }; }; packages = with pkgs; [ gnumake - # golangci-lint - # TODO: remove once https://github.com/NixOS/nixpkgs/pull/254878 hits unstable - (golangci-lint.override (prev: { - buildGoModule = pkgs.buildGo121Module; - })) - kind kubectl kustomize @@ -63,6 +50,7 @@ crc + golangci-lint yamllint hadolint ] ++ [ diff --git a/go.mod b/go.mod index 7a62dd8..e8ef10c 100644 --- a/go.mod +++ b/go.mod @@ -1,10 +1,11 @@ module github.com/bank-vaults/vault-secrets-reloader -go 1.22.3 +go 1.23.1 require ( + github.com/bank-vaults/secrets-webhook v0.1.0 github.com/bank-vaults/vault-operator v1.22.2 - github.com/bank-vaults/vault-sdk v0.9.4 + github.com/bank-vaults/vault-sdk v0.10.0 github.com/hashicorp/vault/api v1.15.0 github.com/samber/slog-multi v1.2.1 github.com/stretchr/testify v1.9.0 @@ -18,22 +19,16 @@ require ( ) require ( - github.com/cenkalti/backoff/v4 v4.3.0 // indirect - github.com/fxamacker/cbor/v2 v2.7.0 // indirect - github.com/x448/float16 v0.8.4 // indirect -) - -require ( - cloud.google.com/go/auth v0.5.1 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect - cloud.google.com/go/compute/metadata v0.3.0 // indirect - cloud.google.com/go/iam v1.1.8 // indirect + cloud.google.com/go/auth v0.9.4 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect + cloud.google.com/go/compute/metadata v0.5.1 // indirect + cloud.google.com/go/iam v1.2.1 // indirect emperror.dev/errors v0.8.1 // indirect github.com/Masterminds/semver/v3 v3.2.1 // indirect - github.com/aws/aws-sdk-go v1.53.18 // indirect - github.com/bank-vaults/secrets-webhook v0.1.0 + github.com/aws/aws-sdk-go v1.55.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.12.1 // indirect @@ -41,7 +36,8 @@ require ( github.com/fatih/color v1.17.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/go-jose/go-jose/v4 v4.0.2 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect @@ -53,10 +49,10 @@ require ( github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/s2a-go v0.1.7 // indirect + github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect - github.com/googleapis/gax-go/v2 v2.12.4 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect + github.com/googleapis/gax-go/v2 v2.13.0 // indirect github.com/gorilla/websocket v1.5.1 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -70,10 +66,10 @@ require ( github.com/hashicorp/go-sockaddr v1.0.6 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/hcl v1.0.1-vault-5 // indirect - github.com/hashicorp/vault/api/auth/aws v0.7.0 // indirect - github.com/hashicorp/vault/api/auth/azure v0.6.0 // indirect - github.com/hashicorp/vault/api/auth/gcp v0.7.0 // indirect - github.com/hashicorp/vault/api/auth/kubernetes v0.7.0 // indirect + github.com/hashicorp/vault/api/auth/aws v0.8.0 // indirect + github.com/hashicorp/vault/api/auth/azure v0.7.0 // indirect + github.com/hashicorp/vault/api/auth/gcp v0.8.0 // indirect + github.com/hashicorp/vault/api/auth/kubernetes v0.8.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -90,7 +86,7 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/pelletier/go-toml/v2 v2.2.2 // indirect + github.com/pelletier/go-toml/v2 v2.2.3 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_golang v1.19.1 // indirect @@ -101,44 +97,45 @@ require ( github.com/sagikazarmark/docker-ref v0.1.0 // indirect github.com/sagikazarmark/locafero v0.6.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect - github.com/samber/lo v1.39.0 // indirect + github.com/samber/lo v1.47.0 // indirect github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/afero v1.11.0 // indirect - github.com/spf13/cast v1.6.0 // indirect + github.com/spf13/cast v1.7.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/spf13/viper v1.19.0 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/vladimirvivien/gexe v0.2.0 // indirect + github.com/x448/float16 v0.8.4 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect - go.opentelemetry.io/otel v1.28.0 // indirect - go.opentelemetry.io/otel/metric v1.28.0 // indirect - go.opentelemetry.io/otel/trace v1.28.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 // indirect + go.opentelemetry.io/otel v1.30.0 // indirect + go.opentelemetry.io/otel/metric v1.30.0 // indirect + go.opentelemetry.io/otel/trace v1.30.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.24.0 // indirect - golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 // indirect - golang.org/x/net v0.26.0 // indirect - golang.org/x/oauth2 v0.21.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.21.0 // indirect - golang.org/x/term v0.21.0 // indirect - golang.org/x/text v0.16.0 // indirect - golang.org/x/time v0.5.0 // indirect + golang.org/x/crypto v0.27.0 // indirect + golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 // indirect + golang.org/x/net v0.29.0 // indirect + golang.org/x/oauth2 v0.23.0 // indirect + golang.org/x/sync v0.8.0 // indirect + golang.org/x/sys v0.25.0 // indirect + golang.org/x/term v0.24.0 // indirect + golang.org/x/text v0.18.0 // indirect + golang.org/x/time v0.6.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/api v0.183.0 // indirect - google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect - google.golang.org/grpc v1.65.0 // indirect + google.golang.org/api v0.197.0 // indirect + google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect + google.golang.org/grpc v1.66.2 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/component-base v0.31.1 // indirect - k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect - k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect + k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 // indirect + k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect diff --git a/go.sum b/go.sum index e8d204f..e29c791 100644 --- a/go.sum +++ b/go.sum @@ -1,12 +1,12 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go/auth v0.5.1 h1:0QNO7VThG54LUzKiQxv8C6x1YX7lUrzlAa1nVLF8CIw= -cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s= -cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= -cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= -cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= -cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/iam v1.1.8 h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0= -cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE= +cloud.google.com/go/auth v0.9.4 h1:DxF7imbEbiFu9+zdKC6cKBko1e8XeJnipNqIbWZ+kDI= +cloud.google.com/go/auth v0.9.4/go.mod h1:SHia8n6//Ya940F1rLimhJCjjx7KE17t0ctFEci3HkA= +cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= +cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= +cloud.google.com/go/compute/metadata v0.5.1 h1:NM6oZeZNlYjiwYje+sYFjEpP0Q0zCan1bmQW/KmIrGs= +cloud.google.com/go/compute/metadata v0.5.1/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= +cloud.google.com/go/iam v1.2.1 h1:QFct02HRb7H12J/3utj0qf5tobFh9V4vR6h9eX5EBRU= +cloud.google.com/go/iam v1.2.1/go.mod h1:3VUIJDPpwT6p/amXRC5GY8fCCh70lxPygguVtI0Z4/g= emperror.dev/errors v0.8.1 h1:UavXZ5cSX/4u9iyvH6aDcuGkVjeexUGJ7Ij7G4VfQT0= emperror.dev/errors v0.8.1/go.mod h1:YcRvLPh626Ubn2xqtoprejnA5nFha+TJ+2vew48kWuE= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= @@ -15,14 +15,14 @@ github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYr github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.53.18 h1:BeMeCK5e3bDGJj675FhnO94zRci8O35ombWXRvYomJs= -github.com/aws/aws-sdk-go v1.53.18/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= +github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/bank-vaults/secrets-webhook v0.1.0 h1:wptap5P2v672k3iVOLlqJxxE+5xwvqyNL0Jw0ZU7qN4= github.com/bank-vaults/secrets-webhook v0.1.0/go.mod h1:4e0FDjPUp/X3vT7A18E+qSClVivm9G1YWituCjhEyqQ= github.com/bank-vaults/vault-operator v1.22.2 h1:RexVNO1mor0yw7LC5CfMnNe4Fih+1peK/2WXAbrZa0Q= github.com/bank-vaults/vault-operator v1.22.2/go.mod h1:/JhSjla9IlsxpVuOK40TrTfCKYFzJJs90Tx9P7jOcQo= -github.com/bank-vaults/vault-sdk v0.9.4 h1:vxGcnylxhVaZYWXx5QyCEyZmzsSNiXbNuq47P8vXVdI= -github.com/bank-vaults/vault-sdk v0.9.4/go.mod h1:5WLbsfGtfMas4DDuvT5pWmRs4nDjGV0VjEotRHlvc6o= +github.com/bank-vaults/vault-sdk v0.10.0 h1:eHROg9ZkltBJcr9Ww06MhXSAI0ZQUzYtXUzjAEqoyPg= +github.com/bank-vaults/vault-sdk v0.10.0/go.mod h1:/MinW24eZ7c6Acyb0aYpT9wCpdbpfdBju4cpdpPqwMk= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= @@ -60,8 +60,8 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= -github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= -github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= +github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= +github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -112,17 +112,17 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= -github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= -github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= -github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= +github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 h1:FKHo8hFI3A+7w0aUQuYXQ+6EN5stWmeY/AZqtM8xk9k= +github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= +github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= -github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= -github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg= -github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI= +github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= +github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= +github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= +github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -153,14 +153,14 @@ github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31 github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA= github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8= -github.com/hashicorp/vault/api/auth/aws v0.7.0 h1:ArviNMpI3wbqGw2lEz04+NiqWl0p8QPX+HRX+S9uQCQ= -github.com/hashicorp/vault/api/auth/aws v0.7.0/go.mod h1:o89djEokWKGIjf5FkcaA//4RBwvrDDIXqVINMdBNAzw= -github.com/hashicorp/vault/api/auth/azure v0.6.0 h1:uhUoBxMPHcz85QFo32XV0JUwGsDAnsVEW2au/SUi4Oo= -github.com/hashicorp/vault/api/auth/azure v0.6.0/go.mod h1:2aFq5PXvMM2ez4VjvHDnyZPxjksPnFt9GlgBY5tGzgc= -github.com/hashicorp/vault/api/auth/gcp v0.7.0 h1:ZzEIgDkvfHnrdApk9RAWGYxu6tByiJ73il6AYSYOpN4= -github.com/hashicorp/vault/api/auth/gcp v0.7.0/go.mod h1:QZMUzwd7GZ3vrXGR3L/M3bwEFVk3kQjNAn3F3usvzPk= -github.com/hashicorp/vault/api/auth/kubernetes v0.7.0 h1:pHCbeeyD6E5KmMMCc9vwwZZ5OVlM6yFayxFHWodiOUU= -github.com/hashicorp/vault/api/auth/kubernetes v0.7.0/go.mod h1:Eey0x0X2g+b2LYWgBrQFyf5W0fp+Y1HGrEckP8Q0wns= +github.com/hashicorp/vault/api/auth/aws v0.8.0 h1:6E14D7eHjV+Ytk8HmKLbTGS/LaXD9hP2FXe7IIKCrHc= +github.com/hashicorp/vault/api/auth/aws v0.8.0/go.mod h1:SweK5366gCeO5krBk6Fpjz/MX2oa+iiIZz/Nu8/nMZw= +github.com/hashicorp/vault/api/auth/azure v0.7.0 h1:h98KQWX2t1OD5ElKIsr/yAp/H2qII4e/a4ijREUcWqQ= +github.com/hashicorp/vault/api/auth/azure v0.7.0/go.mod h1:hKpHZkUmCf7hJy91g/Fwoe7Fk/+eVbOq85NQTJiaB9U= +github.com/hashicorp/vault/api/auth/gcp v0.8.0 h1:MGSR6zNXVUajVnlDeTBzu1wucCbrjel2ETKFI/YDYFI= +github.com/hashicorp/vault/api/auth/gcp v0.8.0/go.mod h1:y/ArMZdRmKyU1iGNjauViy6qRDC/M72HFH+f6MRN+KI= +github.com/hashicorp/vault/api/auth/kubernetes v0.8.0 h1:6jPcORq7OHwf+MCbaaUmiBvMhETAaZ7+i97WfZtF5kc= +github.com/hashicorp/vault/api/auth/kubernetes v0.8.0/go.mod h1:nfl5sRUUork0ZSfV3xf+pgAFQSD5kSkL0k9axg523DM= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= @@ -216,8 +216,8 @@ github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= -github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= +github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M= +github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -243,16 +243,16 @@ github.com/sagikazarmark/locafero v0.6.0 h1:ON7AQg37yzcRPU69mt7gwhFEBwxI6P9T4Qu3 github.com/sagikazarmark/locafero v0.6.0/go.mod h1:77OmuIc6VTraTXKXIs/uvUxKGUXjE1GbemJYHqdNjX0= github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= -github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA= -github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= +github.com/samber/lo v1.47.0 h1:z7RynLwP5nbyRscyvcD043DWYoOcYRv3mV8lBeqOCLc= +github.com/samber/lo v1.47.0/go.mod h1:RmDH9Ct32Qy3gduHQuKJ3gW1fMHAnE/fAzQuf6He5cU= github.com/samber/slog-multi v1.2.1 h1:MRVc6JxvGiZ+ubyANneZkMREAFAykoW0CACJZagT7so= github.com/samber/slog-multi v1.2.1/go.mod h1:uLAvHpGqbYgX4FSL0p1ZwoLuveIAJvBECtE07XmYvFo= github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= -github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= -github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= +github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI= @@ -260,7 +260,6 @@ github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -268,7 +267,6 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= @@ -281,16 +279,16 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 h1:9G6E0TXzGFVfTnawRzrPl83iHOAV7L8NJiR8RSGYV1g= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= -go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= -go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= -go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= -go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= -go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= -go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 h1:hCq2hNMwsegUvPzI7sPOvtO9cqyy5GbWt/Ybp2xrx8Q= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0/go.mod h1:LqaApwGx/oUmzsbqxkzuBvyoPpkxk3JQWnqfVrJ3wCA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 h1:ZIg3ZT/aQ7AfKqdwp7ECpOK6vHqquXXuyTjIO8ZdmPs= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0/go.mod h1:DQAwmETtZV00skUwgD6+0U89g80NKsJE3DCKeLLPQMI= +go.opentelemetry.io/otel v1.30.0 h1:F2t8sK4qf1fAmY9ua4ohFS/K+FUuOPemHUIXHtktrts= +go.opentelemetry.io/otel v1.30.0/go.mod h1:tFw4Br9b7fOS+uEao81PJjVMjW/5fvNCbpsDIXqP0pc= +go.opentelemetry.io/otel/metric v1.30.0 h1:4xNulvn9gjzo4hjg+wzIKG7iNFEaBMX00Qd4QIZs7+w= +go.opentelemetry.io/otel/metric v1.30.0/go.mod h1:aXTfST94tswhWEb+5QjlSqG+cZlmyXy/u8jFpor3WqQ= +go.opentelemetry.io/otel/trace v1.30.0 h1:7UBkkYzeg3C7kQX8VAidWh2biiQbtAKjyIML8dQ9wmc= +go.opentelemetry.io/otel/trace v1.30.0/go.mod h1:5EyKqTzzmyqB9bwtCCq6pDLktPK6fmGf/Dph+8VI02o= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= @@ -302,11 +300,11 @@ go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= +golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -322,18 +320,18 @@ golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= -golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -345,16 +343,16 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= -golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= +golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= +golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= +golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -363,34 +361,34 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= -golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= +golang.org/x/tools v0.25.0 h1:oFU9pkj/iJgs+0DT+VMHrx+oBKs/LJMV+Uvg78sl+fE= +golang.org/x/tools v0.25.0/go.mod h1:/vtpO8WL1N9cQC3FN5zPqb//fRXskFHbLKk4OW1Q7rg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/api v0.183.0 h1:PNMeRDwo1pJdgNcFQ9GstuLe/noWKIc89pRWRLMvLwE= -google.golang.org/api v0.183.0/go.mod h1:q43adC5/pHoSZTx5h2mSmdF7NcyfW9JuDyIOJAgS9ZQ= +google.golang.org/api v0.197.0 h1:x6CwqQLsFiA5JKAiGyGBjc2bNtHtLddhJCE2IKuhhcQ= +google.golang.org/api v0.197.0/go.mod h1:AuOuo20GoQ331nq7DquGHlU6d+2wN2fZ8O0ta60nRNw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 h1:HCZ6DlkKtCDAtD8ForECsY3tKuaR+p4R3grlK80uCCc= -google.golang.org/genproto v0.0.0-20240604185151-ef581f913117/go.mod h1:lesfX/+9iA+3OdqeCpoDddJaNxVB1AB6tD7EfqMmprc= -google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 h1:+rdxYoE3E5htTEWIe15GlN6IfvbURM//Jt0mmkmm6ZU= -google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= +google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= +google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc= +google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= -google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= +google.golang.org/grpc v1.66.2 h1:3QdXkuq3Bkh7w+ywLdLvM56cmGvQHUMZpiCzt6Rqaoo= +google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -434,10 +432,10 @@ k8s.io/component-base v0.31.1 h1:UpOepcrX3rQ3ab5NB6g5iP0tvsgJWzxTyAo20sgYSy8= k8s.io/component-base v0.31.1/go.mod h1:WGeaw7t/kTsqpVTaCoVEtillbqAhF2/JgvO0LDOMa0w= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA= -k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 h1:1dWzkmJrrprYvjGwh9kEUxmcUV/CtNU8QM7h1FLWQOo= +k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA= +k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 h1:b2FmK8YH+QEwq/Sy2uAEhmqL5nPfGYbJOcaqjeYYZoA= +k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/e2e-framework v0.4.0 h1:4yYmFDNNoTnazqmZJXQ6dlQF1vrnDbutmxlyvBpC5rY= diff --git a/pkg/reloader/collector_test.go b/pkg/reloader/collector_test.go index 58b31e0..f0834e8 100644 --- a/pkg/reloader/collector_test.go +++ b/pkg/reloader/collector_test.go @@ -63,7 +63,8 @@ func TestWorkloadSecretsStore(t *testing.T) { // check workload secret deleting store.Delete(workload1) assert.Equal(t, map[workload][]string{ - workload2: {"secret/data/accounts/aws", "secret/data/docker"}}, store.GetWorkloadSecretsMap()) + workload2: {"secret/data/accounts/aws", "secret/data/docker"}, + }, store.GetWorkloadSecretsMap()) }) } diff --git a/pkg/reloader/reloader.go b/pkg/reloader/reloader.go index c504f1d..4a53567 100644 --- a/pkg/reloader/reloader.go +++ b/pkg/reloader/reloader.go @@ -25,7 +25,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -func (c *Controller) runReloader(ctx context.Context) { //nolint:revive +func (c *Controller) runReloader(ctx context.Context) { reloaderLogger := c.logger.With(slog.String("worker", "reloader")) reloaderLogger.Info("Reloader started") @@ -86,7 +86,7 @@ func (c *Controller) runReloader(ctx context.Context) { //nolint:revive defer wg.Done() reloaderLogger.Info(fmt.Sprintf("Reloading workload: %s", workloadToReload)) - err := c.reloadWorkload(workloadToReload) + err := c.reloadWorkload(ctx, workloadToReload) if err != nil { reloaderLogger.Error(fmt.Errorf("failed reloading workload: %s: %w", workloadToReload, err).Error()) } @@ -102,44 +102,44 @@ func (c *Controller) runReloader(ctx context.Context) { //nolint:revive } } -func (c *Controller) reloadWorkload(workload workload) error { +func (c *Controller) reloadWorkload(ctx context.Context, workload workload) error { // Reload object based on its type switch workload.kind { case DeploymentKind: - deployment, err := c.kubeClient.AppsV1().Deployments(workload.namespace).Get(context.Background(), workload.name, metav1.GetOptions{}) + deployment, err := c.kubeClient.AppsV1().Deployments(workload.namespace).Get(ctx, workload.name, metav1.GetOptions{}) if err != nil { return err } incrementReloadCountAnnotation(&deployment.Spec.Template) - _, err = c.kubeClient.AppsV1().Deployments(workload.namespace).Update(context.Background(), deployment, metav1.UpdateOptions{}) + _, err = c.kubeClient.AppsV1().Deployments(workload.namespace).Update(ctx, deployment, metav1.UpdateOptions{}) if err != nil { return err } case DaemonSetKind: - daemonSet, err := c.kubeClient.AppsV1().DaemonSets(workload.namespace).Get(context.Background(), workload.name, metav1.GetOptions{}) + daemonSet, err := c.kubeClient.AppsV1().DaemonSets(workload.namespace).Get(ctx, workload.name, metav1.GetOptions{}) if err != nil { return err } incrementReloadCountAnnotation(&daemonSet.Spec.Template) - _, err = c.kubeClient.AppsV1().DaemonSets(workload.namespace).Update(context.Background(), daemonSet, metav1.UpdateOptions{}) + _, err = c.kubeClient.AppsV1().DaemonSets(workload.namespace).Update(ctx, daemonSet, metav1.UpdateOptions{}) if err != nil { return err } case StatefulSetKind: - statefulSet, err := c.kubeClient.AppsV1().StatefulSets(workload.namespace).Get(context.Background(), workload.name, metav1.GetOptions{}) + statefulSet, err := c.kubeClient.AppsV1().StatefulSets(workload.namespace).Get(ctx, workload.name, metav1.GetOptions{}) if err != nil { return err } incrementReloadCountAnnotation(&statefulSet.Spec.Template) - _, err = c.kubeClient.AppsV1().StatefulSets(workload.namespace).Update(context.Background(), statefulSet, metav1.UpdateOptions{}) + _, err = c.kubeClient.AppsV1().StatefulSets(workload.namespace).Update(ctx, statefulSet, metav1.UpdateOptions{}) if err != nil { return err } diff --git a/pkg/reloader/reloader_test.go b/pkg/reloader/reloader_test.go index defbcf6..e02e5a6 100644 --- a/pkg/reloader/reloader_test.go +++ b/pkg/reloader/reloader_test.go @@ -49,7 +49,6 @@ func TestIncrementReloadCountAnnotation(t *testing.T) { for _, tt := range tests { ttp := tt t.Run(ttp.name, func(t *testing.T) { - podTemplateSpec := &corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Annotations: ttp.annotations,