diff --git a/go.mod b/go.mod index 3ed0e77e0..e78ca245e 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/moul/pb v0.0.0-20220425114252-bca18df4138c github.com/ncabatoff/process-exporter v0.7.10 github.com/onsi/ginkgo/v2 v2.9.5 - github.com/opencontainers/runc v1.1.8 + github.com/opencontainers/runc v1.1.9 github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/client_golang v1.16.0 github.com/prometheus/client_model v0.4.0 diff --git a/go.sum b/go.sum index eb703a707..bbfacc71e 100644 --- a/go.sum +++ b/go.sum @@ -284,8 +284,8 @@ github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3Ro github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= -github.com/opencontainers/runc v1.1.8 h1:zICRlc+C1XzivLc3nzE+cbJV4LIi8tib6YG0MqC6OqA= -github.com/opencontainers/runc v1.1.8/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50= +github.com/opencontainers/runc v1.1.9 h1:XR0VIHTGce5eWPkaPesqTBrhW2yAcaraWfsEalNwQLM= +github.com/opencontainers/runc v1.1.9/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= diff --git a/internal/ingress/status/status.go b/internal/ingress/status/status.go index 4d16a0df5..81fb9044a 100644 --- a/internal/ingress/status/status.go +++ b/internal/ingress/status/status.go @@ -95,6 +95,7 @@ func (s *statusSync) Run(stopCh chan struct{}) { // when this instance is the leader we need to enqueue // an item to trigger the update of the Ingress status. + //nolint:staticcheck // TODO: will replace it since wait.PollUntil is deprecated err := wait.PollUntil(time.Duration(UpdateInterval)*time.Second, func() (bool, error) { s.syncQueue.EnqueueTask(task.GetDummyObject("sync status")) return false, nil diff --git a/test/e2e/annotations/serviceupstream.go b/test/e2e/annotations/serviceupstream.go index 3db948a79..1d80f304a 100644 --- a/test/e2e/annotations/serviceupstream.go +++ b/test/e2e/annotations/serviceupstream.go @@ -25,10 +25,10 @@ import ( "github.com/stretchr/testify/assert" "k8s.io/ingress-nginx/test/e2e/framework" - - "k8s.io/ingress-nginx/internal/nginx" ) +const dbgCmd = "/dbg backends all" + var _ = framework.DescribeAnnotation("service-upstream", func() { f := framework.NewDefaultFramework("serviceupstream") host := "serviceupstream" @@ -59,10 +59,9 @@ var _ = framework.DescribeAnnotation("service-upstream", func() { ginkgo.By("checking if the Service Cluster IP and Port are used") s := f.GetService(f.Namespace, framework.EchoService) - curlCmd := fmt.Sprintf("curl --fail --silent http://localhost:%v/configuration/backends", nginx.StatusPort) - output, err := f.ExecIngressPod(curlCmd) + output, err := f.ExecIngressPod(dbgCmd) assert.Nil(ginkgo.GinkgoT(), err) - assert.Contains(ginkgo.GinkgoT(), output, fmt.Sprintf(`{"address":%q`, s.Spec.ClusterIP)) + assert.Contains(ginkgo.GinkgoT(), output, fmt.Sprintf(`"address": %q`, s.Spec.ClusterIP)) }) }) @@ -88,10 +87,9 @@ var _ = framework.DescribeAnnotation("service-upstream", func() { ginkgo.By("checking if the Service Cluster IP and Port are used") s := f.GetService(f.Namespace, framework.EchoService) - curlCmd := fmt.Sprintf("curl --fail --silent http://localhost:%v/configuration/backends", nginx.StatusPort) - output, err := f.ExecIngressPod(curlCmd) + output, err := f.ExecIngressPod(dbgCmd) assert.Nil(ginkgo.GinkgoT(), err) - assert.Contains(ginkgo.GinkgoT(), output, fmt.Sprintf(`{"address":%q`, s.Spec.ClusterIP)) + assert.Contains(ginkgo.GinkgoT(), output, fmt.Sprintf(`"address": %q`, s.Spec.ClusterIP)) }) }) @@ -119,10 +117,9 @@ var _ = framework.DescribeAnnotation("service-upstream", func() { ginkgo.By("checking if the Service Cluster IP and Port are not used") s := f.GetService(f.Namespace, framework.EchoService) - curlCmd := fmt.Sprintf("curl --fail --silent http://localhost:%v/configuration/backends", nginx.StatusPort) - output, err := f.ExecIngressPod(curlCmd) + output, err := f.ExecIngressPod(dbgCmd) assert.Nil(ginkgo.GinkgoT(), err) - assert.NotContains(ginkgo.GinkgoT(), output, fmt.Sprintf(`{"address":%q`, s.Spec.ClusterIP)) + assert.NotContains(ginkgo.GinkgoT(), output, fmt.Sprintf(`"address": %q`, s.Spec.ClusterIP)) }) }) }) diff --git a/test/e2e/annotations/upstreamhashby.go b/test/e2e/annotations/upstreamhashby.go index c9f71af18..1b8106662 100644 --- a/test/e2e/annotations/upstreamhashby.go +++ b/test/e2e/annotations/upstreamhashby.go @@ -39,6 +39,7 @@ func startIngress(f *framework.Framework, annotations map[string]string) map[str return strings.Contains(server, fmt.Sprintf("server_name %s ;", host)) }) + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated err := wait.Poll(framework.Poll, framework.DefaultTimeout, func() (bool, error) { resp := f.HTTPTestClient(). GET("/"). diff --git a/test/e2e/endpointslices/topology.go b/test/e2e/endpointslices/topology.go index 3352edbb8..38c5f8b76 100644 --- a/test/e2e/endpointslices/topology.go +++ b/test/e2e/endpointslices/topology.go @@ -28,7 +28,6 @@ import ( "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" - "k8s.io/ingress-nginx/internal/nginx" "k8s.io/ingress-nginx/test/e2e/framework" ) @@ -71,8 +70,8 @@ var _ = framework.IngressNginxDescribeSerial("[TopologyHints] topology aware rou } } - curlCmd := fmt.Sprintf("curl --fail --silent http://localhost:%v/configuration/backends", nginx.StatusPort) - status, err := f.ExecIngressPod(curlCmd) + dbgCmd := "/dbg backends all" + status, err := f.ExecIngressPod(dbgCmd) assert.Nil(ginkgo.GinkgoT(), err) var backends []map[string]interface{} err = json.Unmarshal([]byte(status), &backends) diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index c31cf2d8a..b62ad691c 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -267,6 +267,7 @@ func (f *Framework) updateIngressNGINXPod() error { // WaitForNginxServer waits until the nginx configuration contains a particular server section. // `cfg` passed to matcher is normalized by replacing all tabs and spaces with single space. func (f *Framework) WaitForNginxServer(name string, matcher func(cfg string) bool) { + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated err := wait.Poll(Poll, DefaultTimeout, f.matchNginxConditions(name, matcher)) assert.Nil(ginkgo.GinkgoT(), err, "waiting for nginx server condition/s") Sleep(1 * time.Second) @@ -275,6 +276,7 @@ func (f *Framework) WaitForNginxServer(name string, matcher func(cfg string) boo // WaitForNginxConfiguration waits until the nginx configuration contains a particular configuration // `cfg` passed to matcher is normalized by replacing all tabs and spaces with single space. func (f *Framework) WaitForNginxConfiguration(matcher func(cfg string) bool) { + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated err := wait.Poll(Poll, DefaultTimeout, f.matchNginxConditions("", matcher)) assert.Nil(ginkgo.GinkgoT(), err, "waiting for nginx server condition/s") Sleep(1 * time.Second) @@ -282,6 +284,7 @@ func (f *Framework) WaitForNginxConfiguration(matcher func(cfg string) bool) { // WaitForNginxCustomConfiguration waits until the nginx configuration given part (from, to) contains a particular configuration func (f *Framework) WaitForNginxCustomConfiguration(from, to string, matcher func(cfg string) bool) { + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated err := wait.Poll(Poll, DefaultTimeout, f.matchNginxCustomConditions(from, to, matcher)) assert.Nil(ginkgo.GinkgoT(), err, "waiting for nginx server condition/s") } @@ -418,6 +421,7 @@ func (f *Framework) WaitForReload(fn func()) { fn() count := 0 + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated err := wait.Poll(1*time.Second, DefaultTimeout, func() (bool, error) { reloads := getReloadCount(f.pod, f.Namespace, f.KubeClientSet) // most of the cases reload the ingress controller @@ -454,7 +458,7 @@ func (f *Framework) DeleteNGINXPod(grace int64) { err := f.KubeClientSet.CoreV1().Pods(ns).Delete(context.TODO(), f.pod.GetName(), *metav1.NewDeleteOptions(grace)) assert.Nil(ginkgo.GinkgoT(), err, "deleting ingress nginx pod") - + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated err = wait.Poll(Poll, DefaultTimeout, func() (bool, error) { err := f.updateIngressNGINXPod() if err != nil || f.pod == nil { @@ -510,6 +514,7 @@ func (f *Framework) WaitForNginxListening(port int) { assert.Nil(ginkgo.GinkgoT(), err, "waiting for ingress pods to be ready") podIP := f.GetNginxIP() + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated err = wait.Poll(500*time.Millisecond, DefaultTimeout, func() (bool, error) { hostPort := net.JoinHostPort(podIP, fmt.Sprintf("%v", port)) conn, err := net.Dial("tcp", hostPort) @@ -579,6 +584,7 @@ func UpdateDeployment(kubeClientSet kubernetes.Interface, namespace, name string } func waitForDeploymentRollout(kubeClientSet kubernetes.Interface, resource *appsv1.Deployment) error { + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated return wait.Poll(Poll, 5*time.Minute, func() (bool, error) { d, err := kubeClientSet.AppsV1().Deployments(resource.Namespace).Get(context.TODO(), resource.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { diff --git a/test/e2e/framework/k8s.go b/test/e2e/framework/k8s.go index a4220b39e..7c067421d 100644 --- a/test/e2e/framework/k8s.go +++ b/test/e2e/framework/k8s.go @@ -144,6 +144,7 @@ func (f *Framework) EnsureDeployment(deployment *appsv1.Deployment) *appsv1.Depl // waitForPodsReady waits for a given amount of time until a group of Pods is running in the given namespace. func waitForPodsReady(kubeClientSet kubernetes.Interface, timeout time.Duration, expectedReplicas int, namespace string, opts *metav1.ListOptions) error { + //nolint:staticcheck // TODO: will replace it since wait.PollImmediate is deprecated return wait.PollImmediate(1*time.Second, timeout, func() (bool, error) { pl, err := kubeClientSet.CoreV1().Pods(namespace).List(context.TODO(), *opts) if err != nil { @@ -171,6 +172,7 @@ func waitForPodsReady(kubeClientSet kubernetes.Interface, timeout time.Duration, // waitForPodsDeleted waits for a given amount of time until a group of Pods are deleted in the given namespace. func waitForPodsDeleted(kubeClientSet kubernetes.Interface, timeout time.Duration, namespace string, opts *metav1.ListOptions) error { + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated return wait.Poll(Poll, timeout, func() (bool, error) { pl, err := kubeClientSet.CoreV1().Pods(namespace).List(context.TODO(), *opts) if err != nil { @@ -190,7 +192,7 @@ func WaitForEndpoints(kubeClientSet kubernetes.Interface, timeout time.Duration, if expectedEndpoints == 0 { return nil } - + //nolint:staticcheck // TODO: will replace it since wait.PollImmediate is deprecated return wait.PollImmediate(Poll, timeout, func() (bool, error) { endpoint, err := kubeClientSet.CoreV1().Endpoints(ns).Get(context.TODO(), name, metav1.GetOptions{}) if k8sErrors.IsNotFound(err) { @@ -252,6 +254,7 @@ func isPodReady(p *core.Pod) bool { // getIngressNGINXPod returns the ingress controller running pod func getIngressNGINXPod(ns string, kubeClientSet kubernetes.Interface) (*core.Pod, error) { var pod *core.Pod + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated err := wait.Poll(1*time.Second, DefaultTimeout, func() (bool, error) { l, err := kubeClientSet.CoreV1().Pods(ns).List(context.TODO(), metav1.ListOptions{ LabelSelector: "app.kubernetes.io/name=ingress-nginx", @@ -278,6 +281,7 @@ func getIngressNGINXPod(ns string, kubeClientSet kubernetes.Interface) (*core.Po return false, nil }) if err != nil { + //nolint:staticcheck // TODO: will replace it since wait.ErrWaitTimeout is deprecated if err == wait.ErrWaitTimeout { return nil, fmt.Errorf("timeout waiting at least one ingress-nginx pod running in namespace %v", ns) } diff --git a/test/e2e/framework/ssl.go b/test/e2e/framework/ssl.go index f1d250e85..d6252fe47 100644 --- a/test/e2e/framework/ssl.go +++ b/test/e2e/framework/ssl.go @@ -144,6 +144,7 @@ func CreateIngressMASecret(client kubernetes.Interface, host, secretName, namesp // WaitForTLS waits until the TLS handshake with a given server completes successfully. func WaitForTLS(url string, tlsConfig *tls.Config) { + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated err := wait.Poll(Poll, DefaultTimeout, matchTLSServerName(url, tlsConfig)) assert.Nil(ginkgo.GinkgoT(), err, "waiting for TLS configuration in URL %s", url) } diff --git a/test/e2e/framework/util.go b/test/e2e/framework/util.go index 62d34ba23..abdb168e1 100644 --- a/test/e2e/framework/util.go +++ b/test/e2e/framework/util.go @@ -98,6 +98,7 @@ func createNamespace(baseName string, labels map[string]string, c kubernetes.Int var got *corev1.Namespace var err error + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated err = wait.Poll(Poll, DefaultTimeout, func() (bool, error) { got, err = c.CoreV1().Namespaces().Create(context.TODO(), ns, metav1.CreateOptions{}) if err != nil { @@ -221,6 +222,7 @@ func GetIngressClassName(namespace string) *string { // WaitForKubeNamespaceNotExist waits until a namespaces is not present in the cluster func WaitForKubeNamespaceNotExist(c kubernetes.Interface, namespace string) error { + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated return wait.Poll(Poll, DefaultTimeout, namespaceNotExist(c, namespace)) } @@ -239,6 +241,7 @@ func namespaceNotExist(c kubernetes.Interface, namespace string) wait.ConditionF // WaitForNoPodsInNamespace waits until there are no pods running in a namespace func WaitForNoPodsInNamespace(c kubernetes.Interface, namespace string) error { + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated return wait.Poll(Poll, DefaultTimeout, noPodsInNamespace(c, namespace)) } @@ -269,11 +272,13 @@ func WaitForPodRunningInNamespace(c kubernetes.Interface, pod *corev1.Pod) error } func waitTimeoutForPodRunningInNamespace(c kubernetes.Interface, podName, namespace string) error { + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated return wait.Poll(Poll, DefaultTimeout, podRunning(c, podName, namespace)) } // WaitForSecretInNamespace waits a default amount of time for the specified secret is present in a particular namespace func WaitForSecretInNamespace(c kubernetes.Interface, namespace, name string) error { + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated return wait.Poll(Poll, DefaultTimeout, secretInNamespace(c, namespace, name)) } @@ -296,6 +301,7 @@ func secretInNamespace(c kubernetes.Interface, namespace, name string) wait.Cond // WaitForFileInFS waits a default amount of time for the specified file is present in the filesystem func WaitForFileInFS(file string) error { + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated return wait.Poll(Poll, DefaultTimeout, fileInFS(file)) } @@ -320,6 +326,7 @@ func fileInFS(file string) wait.ConditionFunc { // WaitForNoIngressInNamespace waits until there is no ingress object in a particular namespace func WaitForNoIngressInNamespace(c kubernetes.Interface, namespace, name string) error { + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated return wait.Poll(Poll, DefaultTimeout, noIngressInNamespace(c, namespace, name)) } @@ -342,6 +349,7 @@ func noIngressInNamespace(c kubernetes.Interface, namespace, name string) wait.C // WaitForIngressInNamespace waits until a particular ingress object exists namespace func WaitForIngressInNamespace(c kubernetes.Interface, namespace, name string) error { + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated return wait.Poll(Poll, DefaultTimeout, ingressInNamespace(c, namespace, name)) } diff --git a/test/e2e/servicebackend/service_externalname.go b/test/e2e/servicebackend/service_externalname.go index 500718c7f..fccd1cd19 100644 --- a/test/e2e/servicebackend/service_externalname.go +++ b/test/e2e/servicebackend/service_externalname.go @@ -30,7 +30,6 @@ import ( networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/ingress-nginx/internal/nginx" "k8s.io/ingress-nginx/test/e2e/framework" ) @@ -332,17 +331,13 @@ var _ = framework.IngressNginxDescribe("[Service] Type ExternalName", func() { assert.Contains(ginkgo.GinkgoT(), body, `"X-Forwarded-Host": "echo"`) ginkgo.By("checking the service is updated to use new host") - curlCmd := fmt.Sprintf( - "curl --fail --silent http://localhost:%v/configuration/backends", - nginx.StatusPort, - ) - - output, err := f.ExecIngressPod(curlCmd) + dbgCmd := "/dbg backends all" + output, err := f.ExecIngressPod(dbgCmd) assert.Nil(ginkgo.GinkgoT(), err) assert.Contains( ginkgo.GinkgoT(), output, - fmt.Sprintf("{\"address\":%q", framework.BuildNIPHost(ip)), + fmt.Sprintf(`"address": %q`, framework.BuildNIPHost(ip)), ) }) diff --git a/test/e2e/settings/tls.go b/test/e2e/settings/tls.go index 8688137be..51f760df8 100644 --- a/test/e2e/settings/tls.go +++ b/test/e2e/settings/tls.go @@ -168,15 +168,17 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f hstsIncludeSubdomains: "false", }) - // we can not use gorequest here because it flattens the duplicate headers - // and specifically in case of Strict-Transport-Security it ignore extra headers - // intead of concatenating, rightfully. And I don't know of any API it provides for getting raw headers. - curlCmd := fmt.Sprintf("curl -I -k --fail --silent --resolve settings-tls:443:127.0.0.1 https://settings-tls%v", "?hsts=true") - output, err := f.ExecIngressPod(curlCmd) - assert.Nil(ginkgo.GinkgoT(), err) - assert.Contains(ginkgo.GinkgoT(), output, "strict-transport-security: max-age=86400; preload") - // this is what the upstream sets - assert.NotContains(ginkgo.GinkgoT(), output, "strict-transport-security: max-age=3600; preload") + expectResponse := f.HTTPTestClientWithTLSConfig(tlsConfig). + GET("/"). + WithURL(f.GetURL(framework.HTTPS)). + WithHeader("Host", host). + WithQuery("hsts", "true"). + Expect() + + expectResponse.Header("Strict-Transport-Security").Equal("max-age=86400; preload") + header := expectResponse.Raw().Header + got := header["Strict-Transport-Security"] + assert.Equal(ginkgo.GinkgoT(), 1, len(got)) }) }) diff --git a/test/e2e/status/update.go b/test/e2e/status/update.go index 3527cee36..c3c48f8d2 100644 --- a/test/e2e/status/update.go +++ b/test/e2e/status/update.go @@ -108,6 +108,7 @@ var _ = framework.IngressNginxDescribe("[Status] status update", func() { } }() + //nolint:staticcheck // TODO: will replace it since wait.Poll is deprecated err = wait.Poll(5*time.Second, 4*time.Minute, func() (done bool, err error) { ing, err = f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace).Get(context.TODO(), host, metav1.GetOptions{}) if err != nil { diff --git a/test/e2e/tcpudp/tcp.go b/test/e2e/tcpudp/tcp.go index 4234402de..f06d6c9a3 100644 --- a/test/e2e/tcpudp/tcp.go +++ b/test/e2e/tcpudp/tcp.go @@ -157,7 +157,7 @@ var _ = framework.IngressNginxDescribe("[TCP] tcp-services", func() { return false, nil }) - + //nolint:staticcheck // TODO: will replace it since wait.ErrWaitTimeout is deprecated if err == wait.ErrWaitTimeout { err = errRetry }