diff --git a/go.mod b/go.mod index 94763c12ee..d247c143b0 100644 --- a/go.mod +++ b/go.mod @@ -100,9 +100,9 @@ require ( github.com/opencontainers/runc v1.0.0-rc2.0.20190611121236-6cc515888830 github.com/pkg/errors v0.8.1 github.com/rakelkar/gonetsh v0.0.0-20190719023240-501daadcadf8 // indirect - github.com/rancher/dynamiclistener v0.1.1-0.20191110035254-aaa5bc0d2a07 + github.com/rancher/dynamiclistener v0.1.1-0.20191113144757-736b5d5d8b51 github.com/rancher/helm-controller v0.2.2 - github.com/rancher/kine v0.2.1 + github.com/rancher/kine v0.2.2 github.com/rancher/remotedialer v0.2.0 github.com/rancher/wrangler v0.2.0 github.com/rancher/wrangler-api v0.2.0 diff --git a/go.sum b/go.sum index e70653cdc1..1299d4c280 100644 --- a/go.sum +++ b/go.sum @@ -584,16 +584,16 @@ github.com/rancher/cri v1.3.0-k3s.2 h1:k2XFyD+ZdsGvNfugdvqD38KSMANT3JmTFULFM2CtI github.com/rancher/cri v1.3.0-k3s.2/go.mod h1:Ht5T1dIKzm+4NExmb7wDVG6qR+j0xeXIjjhCv1d9geY= github.com/rancher/cri-tools v1.16.1-k3s.1 h1:iporgQ46noE6dtLzq6fWcIO2qjyPZy2m42d2P+UnGJg= github.com/rancher/cri-tools v1.16.1-k3s.1/go.mod h1:TEKhKv2EJIZp+p9jnEy4C63g8CosJzsI4kyKKkHag+8= -github.com/rancher/dynamiclistener v0.1.1-0.20191110035254-aaa5bc0d2a07 h1:wR1hnAh7d7ZicsAwDyw2nfvGFDOvPojcfClwA8WGy5g= -github.com/rancher/dynamiclistener v0.1.1-0.20191110035254-aaa5bc0d2a07/go.mod h1:fs/dxyNcB3YT6W9fVz4bDGfhmSQS17QQup6BIcGF++s= +github.com/rancher/dynamiclistener v0.1.1-0.20191113144757-736b5d5d8b51 h1:+UOLT6b1Of/gSiLR1i+m81ITu79vUpIU8zpsxbY4Hlw= +github.com/rancher/dynamiclistener v0.1.1-0.20191113144757-736b5d5d8b51/go.mod h1:fs/dxyNcB3YT6W9fVz4bDGfhmSQS17QQup6BIcGF++s= github.com/rancher/flannel v0.11.0-k3s.1 h1:mIwnfWDafjzQgFkZeJ1AkFrrAT3EdBaA1giE0eLJKo8= github.com/rancher/flannel v0.11.0-k3s.1/go.mod h1:Hn4ZV+eq0LhLZP63xZnxdGwXEoRSxs5sxELxu27M3UA= github.com/rancher/go-dqlite v1.1.0-k3s.1 h1:w3ghNkY5vqRnnrcqxvHkpBQr6E+R/nIwJfaGdNgJAiw= github.com/rancher/go-dqlite v1.1.0-k3s.1/go.mod h1:lj8UhpkZddn/Ag0tBsnkbELbxHGMpzrZLMs/nW9/DX4= github.com/rancher/helm-controller v0.2.2 h1:MUqisy53/Ay1EYOF2uTCYBbGpgtZLNKKrI01BdxIbQo= github.com/rancher/helm-controller v0.2.2/go.mod h1:0JkL0UjxddNbT4FmLoESarD4Mz8xzA5YlejqJ/U4g+8= -github.com/rancher/kine v0.2.1 h1:pK7QJUVA+/oU6esxKa/LIlBbeLl2HGWIwmu8xrROukQ= -github.com/rancher/kine v0.2.1/go.mod h1:SdBUuE7e3XyrJvdBxCl9TMMapF+wyZnMZSP/H59OqNE= +github.com/rancher/kine v0.2.2 h1:dN5jZK1x3t5CqqEz05EImBjtxQm7ANeLmNJ8rA2jB90= +github.com/rancher/kine v0.2.2/go.mod h1:SdBUuE7e3XyrJvdBxCl9TMMapF+wyZnMZSP/H59OqNE= github.com/rancher/kubernetes v1.16.2-k3s.1 h1:+oJEecXgQDkEOD/X8z2YUdYVonbXZtGzXsmtKDPYesg= github.com/rancher/kubernetes v1.16.2-k3s.1/go.mod h1:SmhGgKfQ30imqjFVj8AI+iW+zSyFsswNErKYeTfgoH0= github.com/rancher/kubernetes/staging/src/k8s.io/api v1.16.2-k3s.1 h1:2kK5KD6MU86txBYKG+tM6j5zbey02DaIDtwpG5JsfnI= diff --git a/vendor/github.com/rancher/dynamiclistener/factory/gen.go b/vendor/github.com/rancher/dynamiclistener/factory/gen.go index 2341748134..b54e9a0af5 100644 --- a/vendor/github.com/rancher/dynamiclistener/factory/gen.go +++ b/vendor/github.com/rancher/dynamiclistener/factory/gen.go @@ -29,16 +29,20 @@ type TLS struct { Organization []string } -func collectCNs(secret *v1.Secret) (domains []string, ips []net.IP, hash string, err error) { - var ( - cns []string - digest = sha256.New() - ) +func cns(secret *v1.Secret) (cns []string) { for k, v := range secret.Annotations { if strings.HasPrefix(k, cnPrefix) { cns = append(cns, v) } } + return +} + +func collectCNs(secret *v1.Secret) (domains []string, ips []net.IP, hash string, err error) { + var ( + cns = cns(secret) + digest = sha256.New() + ) sort.Strings(cns) @@ -56,6 +60,10 @@ func collectCNs(secret *v1.Secret) (domains []string, ips []net.IP, hash string, return } +func (t *TLS) Merge(secret, other *v1.Secret) (*v1.Secret, bool, error) { + return t.AddCN(secret, cns(other)...) +} + func (t *TLS) AddCN(secret *v1.Secret, cn ...string) (*v1.Secret, bool, error) { var ( err error diff --git a/vendor/github.com/rancher/dynamiclistener/listener.go b/vendor/github.com/rancher/dynamiclistener/listener.go index eaec9b57a6..f3e84f3d2e 100644 --- a/vendor/github.com/rancher/dynamiclistener/listener.go +++ b/vendor/github.com/rancher/dynamiclistener/listener.go @@ -6,6 +6,7 @@ import ( "crypto/x509" "net" "net/http" + "strings" "sync" "github.com/rancher/dynamiclistener/factory" @@ -18,6 +19,10 @@ type TLSStorage interface { Update(secret *v1.Secret) error } +type SetFactory interface { + SetFactory(tls *factory.TLS) +} + type Config struct { CN string Organization []string @@ -47,6 +52,10 @@ func NewListener(l net.Listener, storage TLSStorage, caCert *x509.Certificate, c } dynamicListener.tlsConfig.GetCertificate = dynamicListener.getCertificate + if setter, ok := storage.(SetFactory); ok { + setter.SetFactory(dynamicListener.factory) + } + return tls.NewListener(dynamicListener, &dynamicListener.tlsConfig), dynamicListener.cacheHandler(), nil } @@ -60,9 +69,16 @@ type listener struct { tlsConfig tls.Config cert *tls.Certificate sans []string + init sync.Once } func (l *listener) Accept() (net.Conn, error) { + l.init.Do(func() { + if len(l.sans) > 0 { + l.updateCert(l.sans...) + } + }) + conn, err := l.Listener.Accept() if err != nil { return conn, err @@ -79,8 +95,10 @@ func (l *listener) Accept() (net.Conn, error) { return conn, nil } - if err := l.updateCert(host); err != nil { - logrus.Infof("failed to create TLS cert for: %s", host) + if !strings.Contains(host, ":") { + if err := l.updateCert(host); err != nil { + logrus.Infof("failed to create TLS cert for: %s", host) + } } return conn, nil @@ -96,7 +114,7 @@ func (l *listener) getCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, return l.loadCert() } -func (l *listener) updateCert(cn string) error { +func (l *listener) updateCert(cn ...string) error { l.RLock() defer l.RUnlock() @@ -105,7 +123,7 @@ func (l *listener) updateCert(cn string) error { return err } - if !factory.NeedsUpdate(secret, append(l.sans, cn)...) { + if !factory.NeedsUpdate(secret, cn...) { return nil } @@ -114,7 +132,7 @@ func (l *listener) updateCert(cn string) error { defer l.RLock() defer l.Unlock() - secret, updated, err := l.factory.AddCN(secret, append(l.sans, cn)...) + secret, updated, err := l.factory.AddCN(secret, append(l.sans, cn...)...) if err != nil { return err } diff --git a/vendor/github.com/rancher/dynamiclistener/storage/kubernetes/controller.go b/vendor/github.com/rancher/dynamiclistener/storage/kubernetes/controller.go index d6c163c4f1..f903662bbd 100644 --- a/vendor/github.com/rancher/dynamiclistener/storage/kubernetes/controller.go +++ b/vendor/github.com/rancher/dynamiclistener/storage/kubernetes/controller.go @@ -6,6 +6,7 @@ import ( "time" "github.com/rancher/dynamiclistener" + "github.com/rancher/dynamiclistener/factory" "github.com/rancher/wrangler-api/pkg/generated/controllers/core" v1controller "github.com/rancher/wrangler-api/pkg/generated/controllers/core/v1" "github.com/rancher/wrangler/pkg/start" @@ -54,6 +55,11 @@ type storage struct { storage dynamiclistener.TLSStorage secrets v1controller.SecretClient ctx context.Context + tls *factory.TLS +} + +func (s *storage) SetFactory(tls *factory.TLS) { + s.tls = tls } func (s *storage) init(secrets v1controller.SecretController) { @@ -105,6 +111,12 @@ func (s *storage) saveInK8s(secret *v1.Secret) (*v1.Secret, error) { return secret, nil } + if existing, err := s.storage.Get(); err == nil && s.tls != nil { + if newSecret, updated, err := s.tls.Merge(secret, existing); err == nil && updated { + secret = newSecret + } + } + targetSecret, err := s.targetSecret() if err != nil { return nil, err diff --git a/vendor/github.com/rancher/kine/pkg/drivers/dqlite/dqlite.go b/vendor/github.com/rancher/kine/pkg/drivers/dqlite/dqlite.go index 5e19d6f0d5..540519ee76 100644 --- a/vendor/github.com/rancher/kine/pkg/drivers/dqlite/dqlite.go +++ b/vendor/github.com/rancher/kine/pkg/drivers/dqlite/dqlite.go @@ -91,7 +91,6 @@ func New(ctx context.Context, datasourceName string) (server.Backend, error) { if err != nil { return nil, err } - if err := migrate(ctx, generic.DB); err != nil { return nil, errors.Wrap(err, "failed to migrate DB from sqlite") } @@ -103,6 +102,12 @@ func New(ctx context.Context, datasourceName string) (server.Backend, error) { } return false } + generic.TranslateErr = func(err error) error { + if strings.Contains(err.Error(), "UNIQUE constraint") { + return server.ErrKeyExists + } + return err + } return backend, nil } diff --git a/vendor/github.com/rancher/kine/pkg/drivers/generic/generic.go b/vendor/github.com/rancher/kine/pkg/drivers/generic/generic.go index d6c9c5ab3c..da9a3df3ac 100644 --- a/vendor/github.com/rancher/kine/pkg/drivers/generic/generic.go +++ b/vendor/github.com/rancher/kine/pkg/drivers/generic/generic.go @@ -12,7 +12,6 @@ import ( "github.com/Rican7/retry/backoff" "github.com/Rican7/retry/strategy" - "github.com/sirupsen/logrus" ) @@ -63,6 +62,7 @@ func (s Stripped) String() string { } type ErrRetry func(error) bool +type TranslateErr func(error) error type Generic struct { sync.Mutex @@ -83,6 +83,7 @@ type Generic struct { FillSQL string InsertLastInsertIDSQL string Retry ErrRetry + TranslateErr TranslateErr } func q(sql, param string, numbered bool) string { @@ -308,6 +309,14 @@ func (d *Generic) IsFill(key string) bool { } func (d *Generic) Insert(ctx context.Context, key string, create, delete bool, createRevision, previousRevision int64, ttl int64, value, prevValue []byte) (id int64, err error) { + if d.TranslateErr != nil { + defer func() { + if err != nil { + err = d.TranslateErr(err) + } + }() + } + cVal := 0 dVal := 0 if create { @@ -320,7 +329,7 @@ func (d *Generic) Insert(ctx context.Context, key string, create, delete bool, c if d.LastInsertID { row, err := d.execute(ctx, d.InsertLastInsertIDSQL, key, cVal, dVal, createRevision, previousRevision, ttl, value, prevValue) if err != nil { - return 00, err + return 0, err } return row.LastInsertId() } diff --git a/vendor/github.com/rancher/kine/pkg/drivers/mysql/mysql.go b/vendor/github.com/rancher/kine/pkg/drivers/mysql/mysql.go index 7032d47a83..46ffded235 100644 --- a/vendor/github.com/rancher/kine/pkg/drivers/mysql/mysql.go +++ b/vendor/github.com/rancher/kine/pkg/drivers/mysql/mysql.go @@ -23,7 +23,7 @@ var ( `create table if not exists kine ( id INTEGER AUTO_INCREMENT, - name TEXT, + name VARCHAR(630), created INTEGER, deleted INTEGER, create_revision INTEGER, @@ -34,8 +34,8 @@ var ( PRIMARY KEY (id) );`, } - nameIdx = "create index kine_name_index on kine (name(100))" - revisionIdx = "create unique index kine_name_prev_revision_uindex on kine (name(100), prev_revision)" + nameIdx = "create index kine_name_index on kine (name)" + revisionIdx = "create unique index kine_name_prev_revision_uindex on kine (name, prev_revision)" createDB = "create database if not exists " ) @@ -63,6 +63,12 @@ func New(dataSourceName string, tlsInfo tls.Config) (server.Backend, error) { return nil, err } dialect.LastInsertID = true + dialect.TranslateErr = func(err error) error { + if err, ok := err.(*mysql.MySQLError); ok && err.Number == 1062 { + return server.ErrKeyExists + } + return err + } if err := setup(dialect.DB); err != nil { return nil, err } diff --git a/vendor/github.com/rancher/kine/pkg/drivers/pgsql/pgsql.go b/vendor/github.com/rancher/kine/pkg/drivers/pgsql/pgsql.go index 66b7b5c41c..ca713d2678 100644 --- a/vendor/github.com/rancher/kine/pkg/drivers/pgsql/pgsql.go +++ b/vendor/github.com/rancher/kine/pkg/drivers/pgsql/pgsql.go @@ -25,7 +25,7 @@ var ( `create table if not exists kine ( id SERIAL PRIMARY KEY, - name TEXT, + name VARCHAR(630), created INTEGER, deleted INTEGER, create_revision INTEGER, @@ -54,6 +54,12 @@ func New(dataSourceName string, tlsInfo tls.Config) (server.Backend, error) { if err != nil { return nil, err } + dialect.TranslateErr = func(err error) error { + if err, ok := err.(*pq.Error); ok && err.Code == "23505" { + return server.ErrKeyExists + } + return err + } if err := setup(dialect.DB); err != nil { return nil, err diff --git a/vendor/github.com/rancher/kine/pkg/drivers/sqlite/sqlite.go b/vendor/github.com/rancher/kine/pkg/drivers/sqlite/sqlite.go index 78754c6f1b..627c859b4d 100644 --- a/vendor/github.com/rancher/kine/pkg/drivers/sqlite/sqlite.go +++ b/vendor/github.com/rancher/kine/pkg/drivers/sqlite/sqlite.go @@ -5,6 +5,7 @@ import ( "database/sql" "os" + "github.com/mattn/go-sqlite3" "github.com/rancher/kine/pkg/drivers/generic" "github.com/rancher/kine/pkg/logstructured" "github.com/rancher/kine/pkg/logstructured/sqllog" @@ -51,6 +52,12 @@ func NewVariant(driverName, dataSourceName string) (server.Backend, *generic.Gen return nil, nil, err } dialect.LastInsertID = true + dialect.TranslateErr = func(err error) error { + if err, ok := err.(sqlite3.Error); ok && err.ExtendedCode == sqlite3.ErrConstraintUnique { + return server.ErrKeyExists + } + return err + } if err := setup(dialect.DB); err != nil { return nil, nil, err diff --git a/vendor/github.com/rancher/kine/pkg/logstructured/logstructured.go b/vendor/github.com/rancher/kine/pkg/logstructured/logstructured.go index fe7f64e4f9..83b116b9ca 100644 --- a/vendor/github.com/rancher/kine/pkg/logstructured/logstructured.go +++ b/vendor/github.com/rancher/kine/pkg/logstructured/logstructured.go @@ -108,11 +108,6 @@ func (l *LogStructured) Create(ctx context.Context, key string, value []byte, le } revRet, errRet = l.log.Append(ctx, createEvent) - if errRet != nil { - if _, prevEvent, err := l.get(ctx, key, 0, true); err == nil && prevEvent != nil && !prevEvent.Delete { - return 0, server.ErrKeyExists - } - } return } diff --git a/vendor/modules.txt b/vendor/modules.txt index 62e9c83c6f..a088b96515 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -748,7 +748,7 @@ github.com/prometheus/procfs/internal/util # github.com/rakelkar/gonetsh v0.0.0-20190719023240-501daadcadf8 github.com/rakelkar/gonetsh/netroute github.com/rakelkar/gonetsh/netsh -# github.com/rancher/dynamiclistener v0.1.1-0.20191110035254-aaa5bc0d2a07 +# github.com/rancher/dynamiclistener v0.1.1-0.20191113144757-736b5d5d8b51 github.com/rancher/dynamiclistener github.com/rancher/dynamiclistener/factory github.com/rancher/dynamiclistener/storage/file @@ -769,7 +769,7 @@ github.com/rancher/helm-controller/pkg/generated/informers/externalversions/helm github.com/rancher/helm-controller/pkg/generated/listers/helm.cattle.io/v1 github.com/rancher/helm-controller/pkg/generated/informers/externalversions/internalinterfaces github.com/rancher/helm-controller/pkg/apis/helm.cattle.io -# github.com/rancher/kine v0.2.1 +# github.com/rancher/kine v0.2.2 github.com/rancher/kine/pkg/client github.com/rancher/kine/pkg/endpoint github.com/rancher/kine/pkg/drivers/dqlite