diff --git a/cmd/azwi/main.go b/cmd/azwi/main.go index db45d92f0..d7f45047e 100644 --- a/cmd/azwi/main.go +++ b/cmd/azwi/main.go @@ -6,7 +6,7 @@ import ( "github.com/Azure/azure-workload-identity/pkg/cmd" colorable "github.com/mattn/go-colorable" - log "github.com/sirupsen/logrus" + log "github.com/sirupsen/logrus" // TODO mlog? ) func main() { diff --git a/cmd/proxy/main.go b/cmd/proxy/main.go index f2914db78..a4be73c03 100644 --- a/cmd/proxy/main.go +++ b/cmd/proxy/main.go @@ -2,51 +2,61 @@ package main import ( "flag" - "os" + "fmt" - "github.com/Azure/azure-workload-identity/pkg/logger" - "github.com/Azure/azure-workload-identity/pkg/proxy" + "monis.app/mlog" + "sigs.k8s.io/controller-runtime/pkg/manager/signals" - "k8s.io/klog/v2" + "github.com/Azure/azure-workload-identity/pkg/proxy" ) var ( proxyPort int probe bool + logLevel string ) -func init() { - klog.InitFlags(nil) +func main() { + if err := mainErr(); err != nil { + mlog.Fatal(err) + } } -func main() { - logger := logger.New() - logger.AddFlags() +func mainErr() error { + defer mlog.Setup()() flag.IntVar(&proxyPort, "proxy-port", 8000, "Port for the proxy to listen on") flag.BoolVar(&probe, "probe", false, "Run a readyz probe on the proxy") + flag.StringVar(&logLevel, "log-level", "", + "In order of increasing verbosity: unset (empty string), info, debug, trace and all.") flag.Parse() + if err := mlog.ValidateAndSetLogLevelAndFormatGlobally(signals.SetupSignalHandler(), mlog.LogSpec{ + Level: mlog.LogLevel(logLevel), + Format: mlog.FormatJSON, + }); err != nil { + return fmt.Errorf("invalid --log-level set: %w", err) + } + // when proxy is run with --probe, it will run a readyz probe on the proxy // this is used in the postStart lifecycle hook to verify the proxy is ready // to serve requests if probe { - setupLog := logger.Get().WithName("probe") if err := proxy.Probe(proxyPort); err != nil { - setupLog.Error(err, "failed to probe") - os.Exit(1) + return fmt.Errorf("failed to probe: %w", err) } - os.Exit(0) + return nil } - setupLog := logger.Get().WithName("setup") - p, err := proxy.NewProxy(proxyPort, logger.Get().WithName("proxy")) + // nolint:staticcheck + // we will migrate to mlog.New in a future change + p, err := proxy.NewProxy(proxyPort, mlog.Logr().WithName("proxy")) if err != nil { - setupLog.Error(err, "failed to create proxy") - os.Exit(1) + return fmt.Errorf("setup: failed to create proxy: %w", err) } if err := p.Run(); err != nil { - setupLog.Error(err, "failed to run proxy") - os.Exit(1) + return fmt.Errorf("setup: failed to run proxy: %w", err) } + + return nil } diff --git a/cmd/webhook/main.go b/cmd/webhook/main.go index 1ec44c632..949f95fca 100644 --- a/cmd/webhook/main.go +++ b/cmd/webhook/main.go @@ -3,7 +3,6 @@ package main import ( "flag" "fmt" - "os" "github.com/open-policy-agent/cert-controller/pkg/rotator" "k8s.io/apimachinery/pkg/api/meta" @@ -11,7 +10,7 @@ import ( "k8s.io/apimachinery/pkg/types" clientgoscheme "k8s.io/client-go/kubernetes/scheme" "k8s.io/client-go/rest" - "k8s.io/klog/v2" + "monis.app/mlog" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client/apiutil" "sigs.k8s.io/controller-runtime/pkg/healthz" @@ -20,7 +19,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/manager/signals" "sigs.k8s.io/controller-runtime/pkg/webhook" - "github.com/Azure/azure-workload-identity/pkg/logger" "github.com/Azure/azure-workload-identity/pkg/metrics" "github.com/Azure/azure-workload-identity/pkg/util" "github.com/Azure/azure-workload-identity/pkg/version" @@ -50,23 +48,29 @@ var ( metricsAddr string disableCertRotation bool metricsBackend string + logLevel string // DNSName is ..svc dnsName = fmt.Sprintf("%s.%s.svc", serviceName, util.GetNamespace()) scheme = runtime.NewScheme() - entryLog = log.Log.WithName("entrypoint") + // nolint:staticcheck + // we will migrate to mlog.New in a future change + entryLog = mlog.Logr().WithName("entrypoint") ) func init() { - klog.InitFlags(nil) - _ = clientgoscheme.AddToScheme(scheme) } func main() { - logger := logger.New() - logger.AddFlags() + if err := mainErr(); err != nil { + mlog.Fatal(err) + } +} + +func mainErr() error { + defer mlog.Setup()() // TODO (aramase) once webhook is added as an arc extension, use extension // util to check if running in arc cluster. @@ -78,17 +82,29 @@ func main() { flag.StringVar(&healthAddr, "health-addr", ":9440", "The address the health endpoint binds to") flag.StringVar(&metricsAddr, "metrics-addr", ":8095", "The address the metrics endpoint binds to") flag.StringVar(&metricsBackend, "metrics-backend", "prometheus", "Backend used for metrics") + flag.StringVar(&logLevel, "log-level", "", + "In order of increasing verbosity: unset (empty string), info, debug, trace and all.") flag.Parse() - log.SetLogger(logger.Get()) + ctx := signals.SetupSignalHandler() + + if err := mlog.ValidateAndSetLogLevelAndFormatGlobally(ctx, mlog.LogSpec{ + Level: mlog.LogLevel(logLevel), + Format: mlog.FormatJSON, + }); err != nil { + return fmt.Errorf("invalid --log-level set: %w", err) + } + + // nolint:staticcheck + // controller-runtime forces use to use the deprecated logr.Logger returned by mlog.Logr here + log.SetLogger(mlog.Logr()) config := ctrl.GetConfigOrDie() config.UserAgent = version.GetUserAgent("webhook") // initialize metrics exporter before creating measurements entryLog.Info("initializing metrics backend", "backend", metricsBackend) if err := metrics.InitMetricsExporter(metricsBackend); err != nil { - klog.ErrorS(err, "failed to initialize metrics exporter") - os.Exit(1) + return fmt.Errorf("entrypoint: failed to initialize metrics exporter: %w", err) } // log the user agent as it makes it easier to debug issues @@ -105,8 +121,7 @@ func main() { }, }) if err != nil { - entryLog.Error(err, "unable to set up controller manager") - os.Exit(1) + return fmt.Errorf("entrypoint: unable to set up controller manager: %w", err) } // Make sure certs are generated and valid if cert rotation is enabled. @@ -125,30 +140,28 @@ func main() { IsReady: setupFinished, Webhooks: webhooks, }); err != nil { - entryLog.Error(err, "unable to set up cert rotation") - os.Exit(1) + return fmt.Errorf("entrypoint: unable to set up cert rotation: %w", err) } } else { close(setupFinished) } if err := mgr.AddReadyzCheck("ping", healthz.Ping); err != nil { - entryLog.Error(err, "unable to create ready check") - os.Exit(1) + return fmt.Errorf("entrypoint: unable to create ready check: %w", err) } if err := mgr.AddHealthzCheck("ping", healthz.Ping); err != nil { - entryLog.Error(err, "unable to create health check") - os.Exit(1) + return fmt.Errorf("entrypoint: unable to create health check: %w", err) } go setupWebhook(mgr, setupFinished) entryLog.Info("starting manager") - if err := mgr.Start(signals.SetupSignalHandler()); err != nil { - entryLog.Error(err, "unable to run manager") - os.Exit(1) + if err := mgr.Start(ctx); err != nil { + return fmt.Errorf("entrypoint: unable to run manager: %w", err) } + + return nil } func setupWebhook(mgr manager.Manager, setupFinished chan struct{}) { @@ -163,8 +176,7 @@ func setupWebhook(mgr manager.Manager, setupFinished chan struct{}) { entryLog.Info("registering webhook to the webhook server") podMutator, err := wh.NewPodMutator(mgr.GetClient(), mgr.GetAPIReader(), arcCluster, audience) if err != nil { - entryLog.Error(err, "unable to set up pod mutator") - os.Exit(1) + panic(fmt.Errorf("unable to set up pod mutator: %w", err)) } hookServer.Register("/mutate-v1-pod", &webhook.Admission{Handler: podMutator}) } diff --git a/go.mod b/go.mod index 1902dcce0..27d0b371e 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.12.2 github.com/sirupsen/logrus v1.8.2 - github.com/spf13/cobra v1.4.0 + github.com/spf13/cobra v1.6.1 github.com/spf13/pflag v1.0.5 go.opentelemetry.io/otel v0.20.0 go.opentelemetry.io/otel/exporters/metric/prometheus v0.20.0 @@ -36,7 +36,8 @@ require ( k8s.io/apimachinery v0.25.5 k8s.io/client-go v0.25.5 k8s.io/klog/v2 v2.80.1 - k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73 + k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 + monis.app/mlog v0.0.2 sigs.k8s.io/controller-runtime v0.13.1 ) @@ -71,7 +72,7 @@ require ( github.com/google/go-cmp v0.5.8 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/imdario/mergo v0.3.12 // indirect - github.com/inconshreveable/mousetrap v1.0.0 // indirect + github.com/inconshreveable/mousetrap v1.0.1 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kylelemons/godebug v1.1.0 // indirect @@ -86,17 +87,19 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/onsi/gomega v1.20.2 // indirect github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/client_model v0.2.0 // indirect github.com/prometheus/common v0.32.1 // indirect github.com/prometheus/procfs v0.7.3 // indirect + github.com/stretchr/testify v1.8.1 // indirect github.com/yosida95/uritemplate/v3 v3.0.1 // indirect go.opentelemetry.io/otel/sdk v0.20.0 // indirect go.opentelemetry.io/otel/sdk/export/metric v0.20.0 // indirect go.opentelemetry.io/otel/sdk/metric v0.20.0 // indirect go.opentelemetry.io/otel/trace v0.20.0 // indirect - go.uber.org/atomic v1.9.0 // indirect - go.uber.org/multierr v1.6.0 // indirect - go.uber.org/zap v1.21.0 // indirect + go.uber.org/atomic v1.10.0 // indirect + go.uber.org/multierr v1.8.0 // indirect + go.uber.org/zap v1.24.0 // indirect golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect golang.org/x/net v0.4.0 // indirect; CVE-2022-41717 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect diff --git a/go.sum b/go.sum index 9280a5692..93af3f017 100644 --- a/go.sum +++ b/go.sum @@ -138,7 +138,7 @@ github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -188,7 +188,6 @@ github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vb github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= @@ -340,8 +339,9 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= +github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= @@ -534,10 +534,9 @@ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= -github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q= -github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= +github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= +github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= @@ -547,13 +546,18 @@ github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3 github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= @@ -596,21 +600,21 @@ go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqe go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= -go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= +go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= -go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= +go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8= +go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= -go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= -go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= +go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= +go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -1092,14 +1096,15 @@ k8s.io/client-go v0.25.5 h1:7QWVK0Ph4bLn0UwotPTc2FTgm8shreQXyvXnnHDd8rE= k8s.io/client-go v0.25.5/go.mod h1:bOeoaUUdpyz3WDFGo+Xm3nOQFh2KuYXRDwrvbAPtFQA= k8s.io/component-base v0.25.3 h1:UrsxciGdrCY03ULT1h/S/gXFCOPnLhUVwSyx+hM/zq4= k8s.io/component-base v0.25.3/go.mod h1:WYoS8L+IlTZgU7rhAl5Ctpw0WdMxDfCC5dkxcEFa/TI= -k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-aggregator v0.23.2 h1:6CoZZqNdFc9benrgSJJ0GQGgFtKjI0y3UwlBbioXtc8= k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA= k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU= -k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73 h1:H9TCJUUx+2VA0ZiD9lvtaX8fthFsMoD+Izn93E/hm8U= -k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y= +k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +monis.app/mlog v0.0.2 h1:zyEt5GsmLhTafXhwidtOFriIVVdejUNc44TzDn/OZc4= +monis.app/mlog v0.0.2/go.mod h1:LtOpnndFuRGqnLBwzBvpA1DaoKuud2/moLzYXIiNl1s= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/manifest_staging/charts/workload-identity-webhook/README.md b/manifest_staging/charts/workload-identity-webhook/README.md index 02edbd9f5..a8dabbdcb 100644 --- a/manifest_staging/charts/workload-identity-webhook/README.md +++ b/manifest_staging/charts/workload-identity-webhook/README.md @@ -46,7 +46,7 @@ helm upgrade -n azure-workload-identity-system [RELEASE_NAME] azure-workload-ide | service.targetPort | Service target port | `9443` | | azureTenantID | [**REQUIRED**] Azure tenant ID | `` | | azureEnvironment | Azure Environment | `AzurePublicCloud` | -| logEncoder | The log encoder to use for the webhook manager (`json`, `console`) | `console` | +| logLevel | The log level to use for the webhook manager. In order of increasing verbosity: unset (empty string), info, debug, trace and all. | `` | | metricsAddr | The address to bind the metrics server to | `:8095` | | metricsBackend | The metrics backend to use (`prometheus`) | `prometheus` | | mutatingWebhookFailurePolicy | The failurePolicy for the mutating webhook. Default is `Ignore` and it's safe. Setting this to fail closed could cause cluster outage when webhook is not available. | `Ignore` | diff --git a/manifest_staging/charts/workload-identity-webhook/templates/azure-wi-webhook-controller-manager-deployment.yaml b/manifest_staging/charts/workload-identity-webhook/templates/azure-wi-webhook-controller-manager-deployment.yaml index 084117286..94abe69ea 100644 --- a/manifest_staging/charts/workload-identity-webhook/templates/azure-wi-webhook-controller-manager-deployment.yaml +++ b/manifest_staging/charts/workload-identity-webhook/templates/azure-wi-webhook-controller-manager-deployment.yaml @@ -30,7 +30,7 @@ spec: containers: - args: - --arc-cluster={{ .Values.arcCluster }} - - --log-encoder={{ .Values.logEncoder }} + - --log-level={{ .Values.logLevel }} - --metrics-addr={{ .Values.metricsAddr }} - --metrics-backend={{ .Values.metricsBackend }} command: diff --git a/manifest_staging/charts/workload-identity-webhook/values.yaml b/manifest_staging/charts/workload-identity-webhook/values.yaml index 542d0c018..b4ffae82c 100644 --- a/manifest_staging/charts/workload-identity-webhook/values.yaml +++ b/manifest_staging/charts/workload-identity-webhook/values.yaml @@ -27,7 +27,7 @@ service: targetPort: 9443 azureEnvironment: AzurePublicCloud azureTenantID: -logEncoder: console +logLevel: metricsAddr: ":8095" metricsBackend: prometheus mutatingWebhookFailurePolicy: Ignore diff --git a/pkg/logger/logger.go b/pkg/logger/logger.go deleted file mode 100644 index 6bb7125d9..000000000 --- a/pkg/logger/logger.go +++ /dev/null @@ -1,53 +0,0 @@ -package logger - -import ( - "flag" - "fmt" - - "github.com/go-logr/logr" - "k8s.io/klog/v2/klogr" - "sigs.k8s.io/controller-runtime/pkg/log/zap" -) - -// Encoder is an enum for the log encoders. -type Encoder string - -// Logger is a wrapper for the log encoder. -type Logger struct { - Encoder string -} - -const ( - logEncoderFlag = "log-encoder" - - // EncoderConsole is the console encoder. - EncoderConsole Encoder = "console" - - // EncoderJSON is the json encoder. - EncoderJSON Encoder = "json" -) - -// New returns a new logger with console encoder as the default. -func New() *Logger { - return &Logger{ - Encoder: string(EncoderConsole), - } -} - -// AddFlags adds flags for the logger. -func (l *Logger) AddFlags() { - flag.StringVar(&l.Encoder, logEncoderFlag, string(EncoderConsole), fmt.Sprintf("Sets the log encoder (%s|%s)", EncoderConsole, EncoderJSON)) -} - -// Get returns a new logr.Logger according to the encoder. -func (l *Logger) Get() logr.Logger { - switch Encoder(l.Encoder) { - case EncoderConsole: - // no-op - case EncoderJSON: - return zap.New() - default: - klogr.New().WithName("logger").Info("unknown log encoder, using console", "encoder", l.Encoder) - } - return klogr.New() -} diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go index cce872e38..5c47784b5 100644 --- a/pkg/webhook/webhook.go +++ b/pkg/webhook/webhook.go @@ -10,17 +10,17 @@ import ( "strings" "time" - "github.com/Azure/azure-workload-identity/pkg/config" - "github.com/Azure/go-autorest/autorest/azure" "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/types" "k8s.io/utils/pointer" + "monis.app/mlog" "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + + "github.com/Azure/azure-workload-identity/pkg/config" ) var ( @@ -114,7 +114,9 @@ func (m *podMutator) Handle(ctx context.Context, req admission.Request) (respons serviceAccountName = "default" } - logger := log.Log.WithName("handler").WithValues("pod", podName, "namespace", pod.Namespace, "service-account", serviceAccountName) + // nolint:staticcheck + // we will migrate to mlog.New in a future change + logger := mlog.Logr().WithName("handler").WithValues("pod", podName, "namespace", pod.Namespace, "service-account", serviceAccountName) // get service account associated with the pod serviceAccount := &corev1.ServiceAccount{} if err = m.client.Get(ctx, types.NamespacedName{Name: serviceAccountName, Namespace: pod.Namespace}, serviceAccount); err != nil { @@ -252,9 +254,9 @@ func (m *podMutator) injectProxyInitContainer(containers []corev1.Container, pro Add: []corev1.Capability{"NET_ADMIN"}, Drop: []corev1.Capability{"ALL"}, }, - Privileged: pointer.BoolPtr(true), - RunAsNonRoot: pointer.BoolPtr(false), - RunAsUser: pointer.Int64Ptr(0), + Privileged: pointer.Bool(true), + RunAsNonRoot: pointer.Bool(false), + RunAsUser: pointer.Int64(0), }, Env: []corev1.EnvVar{{ Name: ProxyPortEnvVar, diff --git a/pkg/webhook/webhook_test.go b/pkg/webhook/webhook_test.go index 79c8426de..977b21126 100644 --- a/pkg/webhook/webhook_test.go +++ b/pkg/webhook/webhook_test.go @@ -1251,9 +1251,9 @@ func TestInjectProxyInitContainer(t *testing.T) { Add: []corev1.Capability{"NET_ADMIN"}, Drop: []corev1.Capability{"ALL"}, }, - Privileged: pointer.BoolPtr(true), - RunAsNonRoot: pointer.BoolPtr(false), - RunAsUser: pointer.Int64Ptr(0), + Privileged: pointer.Bool(true), + RunAsNonRoot: pointer.Bool(false), + RunAsUser: pointer.Int64(0), }, Env: []corev1.EnvVar{{ Name: ProxyPortEnvVar, diff --git a/test/e2e/go.mod b/test/e2e/go.mod index 00a385196..80ea99347 100644 --- a/test/e2e/go.mod +++ b/test/e2e/go.mod @@ -41,7 +41,7 @@ require ( k8s.io/apimachinery v0.25.5 k8s.io/client-go v0.25.5 k8s.io/kubernetes v1.25.5 - k8s.io/utils v0.0.0-20221012122500-cfd413dd9e85 + k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 ) require ( @@ -63,6 +63,7 @@ require ( github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/felixge/httpsnoop v1.0.1 // indirect github.com/go-logr/logr v1.2.3 // indirect + github.com/go-logr/zapr v1.2.3 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.19.5 // indirect github.com/go-openapi/swag v0.19.15 // indirect @@ -76,7 +77,7 @@ require ( github.com/google/uuid v1.3.0 // indirect github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect github.com/imdario/mergo v0.3.12 // indirect - github.com/inconshreveable/mousetrap v1.0.0 // indirect + github.com/inconshreveable/mousetrap v1.0.1 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kelseyhightower/envconfig v1.4.0 // indirect @@ -88,12 +89,14 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/pkg/errors v0.9.1 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/client_golang v1.12.2 // indirect github.com/prometheus/client_model v0.2.0 // indirect github.com/prometheus/common v0.32.1 // indirect github.com/prometheus/procfs v0.7.3 // indirect - github.com/spf13/cobra v1.4.0 // indirect + github.com/spf13/cobra v1.6.1 // indirect github.com/spf13/pflag v1.0.5 // indirect + github.com/stretchr/testify v1.8.1 // indirect go.opentelemetry.io/contrib v0.20.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0 // indirect go.opentelemetry.io/otel v0.20.0 // indirect @@ -104,6 +107,9 @@ require ( go.opentelemetry.io/otel/sdk/metric v0.20.0 // indirect go.opentelemetry.io/otel/trace v0.20.0 // indirect go.opentelemetry.io/proto/otlp v0.7.0 // indirect + go.uber.org/atomic v1.10.0 // indirect + go.uber.org/multierr v1.8.0 // indirect + go.uber.org/zap v1.24.0 // indirect golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect golang.org/x/net v0.4.0 // indirect golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect @@ -127,6 +133,7 @@ require ( k8s.io/kubectl v0.0.0 // indirect k8s.io/kubelet v0.0.0 // indirect k8s.io/pod-security-admission v0.0.0 // indirect + monis.app/mlog v0.0.2 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.33 // indirect sigs.k8s.io/controller-runtime v0.13.1 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect diff --git a/test/e2e/go.sum b/test/e2e/go.sum index 1609ec5e8..23a5ac4e6 100644 --- a/test/e2e/go.sum +++ b/test/e2e/go.sum @@ -60,8 +60,9 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= -github.com/benbjohnson/clock v1.0.3 h1:vkLuvpK4fmtSCuo60+yC63p7y0BmQ8gm5ZXGuBCJyXg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= +github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= +github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -82,7 +83,7 @@ github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XP github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -119,9 +120,11 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A= +github.com/go-logr/zapr v1.2.3/go.mod h1:eIauM6P8qSvTw5o2ez6UEAfGjQKrxQTl5EoK+Qa2oG4= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= @@ -210,8 +213,8 @@ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= +github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= @@ -303,20 +306,25 @@ github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q= -github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= +github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= +github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -348,10 +356,17 @@ go.opentelemetry.io/otel/trace v0.20.0 h1:1DL6EXUdcg95gukhuRRvLDO/4X5THh/5dIV52l go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= go.opentelemetry.io/proto/otlp v0.7.0 h1:rwOQPCuKAKmwGKq2aVNnYIibI6wnV7EvzgfTCzcdGg8= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= +go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= +go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= +go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk= -go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= -go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= +go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= +go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8= +go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= +go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= +go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= +go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -520,6 +535,7 @@ golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -664,6 +680,7 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -698,8 +715,10 @@ k8s.io/kubernetes v1.25.5 h1:/H7DY4Ieo2BSYkT6XMRAMnY4AloshH9BbJTxbHC/tQs= k8s.io/kubernetes v1.25.5/go.mod h1:GPXQdfm588JIrU5ccvQ89wcnCcUCPqJHp9c4QmqZS3Q= k8s.io/pod-security-admission v0.25.5 h1:HZLK1Scfdo3/GANlbVHT1vQf1n4lqpfk9Yzi+o8+Czg= k8s.io/pod-security-admission v0.25.5/go.mod h1:m/xoAI1UNWgSviKHLhQc74Bx7A3unH1x1fF1YUOTSps= -k8s.io/utils v0.0.0-20221012122500-cfd413dd9e85 h1:cTdVh7LYu82xeClmfzGtgyspNh6UxpwLWGi8R4sspNo= -k8s.io/utils v0.0.0-20221012122500-cfd413dd9e85/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y= +k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +monis.app/mlog v0.0.2 h1:zyEt5GsmLhTafXhwidtOFriIVVdejUNc44TzDn/OZc4= +monis.app/mlog v0.0.2/go.mod h1:LtOpnndFuRGqnLBwzBvpA1DaoKuud2/moLzYXIiNl1s= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/test/e2e/helpers.go b/test/e2e/helpers.go index 325b23cdb..48fa19213 100644 --- a/test/e2e/helpers.go +++ b/test/e2e/helpers.go @@ -69,19 +69,19 @@ func createPodWithServiceAccount(c kubernetes.Interface, namespace, serviceAccou func generatePodWithServiceAccount(c kubernetes.Interface, namespace, serviceAccount, image string, command, args []string, env []corev1.EnvVar, annotations, labels map[string]string, runAsRoot bool) *corev1.Pod { // this is required for pod to be admitted in kubernetes 1.24+ contSecurityContext := &corev1.SecurityContext{ - AllowPrivilegeEscalation: pointer.BoolPtr(false), + AllowPrivilegeEscalation: pointer.Bool(false), Capabilities: &corev1.Capabilities{ Drop: []corev1.Capability{"ALL"}, }, SeccompProfile: &corev1.SeccompProfile{ Type: corev1.SeccompProfileTypeRuntimeDefault, }, - RunAsNonRoot: pointer.BoolPtr(true), - RunAsUser: pointer.Int64Ptr(1000), + RunAsNonRoot: pointer.Bool(true), + RunAsUser: pointer.Int64(1000), } if runAsRoot { - contSecurityContext.RunAsNonRoot = pointer.BoolPtr(false) - contSecurityContext.RunAsUser = pointer.Int64Ptr(0) + contSecurityContext.RunAsNonRoot = pointer.Bool(false) + contSecurityContext.RunAsUser = pointer.Int64(0) } pod := &corev1.Pod{ @@ -92,7 +92,7 @@ func generatePodWithServiceAccount(c kubernetes.Interface, namespace, serviceAcc Labels: labels, }, Spec: corev1.PodSpec{ - TerminationGracePeriodSeconds: pointer.Int64Ptr(0), + TerminationGracePeriodSeconds: pointer.Int64(0), Containers: []corev1.Container{{ Name: busybox1, Image: image, // this image should support both Linux and Windows @@ -155,7 +155,7 @@ func createPodUsingDeploymentWithServiceAccount(f *framework.Framework, serviceA Labels: podLabels, }, Spec: corev1.PodSpec{ - TerminationGracePeriodSeconds: pointer.Int64Ptr(0), + TerminationGracePeriodSeconds: pointer.Int64(0), Containers: []corev1.Container{ { Name: "busybox", @@ -164,11 +164,11 @@ func createPodUsingDeploymentWithServiceAccount(f *framework.Framework, serviceA Args: []string{"3600"}, ImagePullPolicy: corev1.PullIfNotPresent, SecurityContext: &corev1.SecurityContext{ - AllowPrivilegeEscalation: pointer.BoolPtr(false), + AllowPrivilegeEscalation: pointer.Bool(false), Capabilities: &corev1.Capabilities{ Drop: []corev1.Capability{"ALL"}, }, - RunAsNonRoot: pointer.BoolPtr(true), + RunAsNonRoot: pointer.Bool(true), SeccompProfile: &corev1.SeccompProfile{ Type: corev1.SeccompProfileTypeRuntimeDefault, }, diff --git a/test/e2e/webhook.go b/test/e2e/webhook.go index 2cd19b78a..ebce27185 100644 --- a/test/e2e/webhook.go +++ b/test/e2e/webhook.go @@ -88,15 +88,15 @@ var _ = ginkgo.Describe("Webhook", func() { Command: []string{"sleep"}, Args: []string{"5"}, SecurityContext: &corev1.SecurityContext{ - AllowPrivilegeEscalation: pointer.BoolPtr(false), + AllowPrivilegeEscalation: pointer.Bool(false), Capabilities: &corev1.Capabilities{ Drop: []corev1.Capability{"ALL"}, }, - RunAsNonRoot: pointer.BoolPtr(true), + RunAsNonRoot: pointer.Bool(true), SeccompProfile: &corev1.SeccompProfile{ Type: corev1.SeccompProfileTypeRuntimeDefault, }, - RunAsUser: pointer.Int64Ptr(1000), + RunAsUser: pointer.Int64(1000), }, }} pod, err := createPod(f.ClientSet, pod) diff --git a/third_party/open-policy-agent/gatekeeper/helmify/kustomize-for-helm.yaml b/third_party/open-policy-agent/gatekeeper/helmify/kustomize-for-helm.yaml index c14515b77..a7621bd9b 100644 --- a/third_party/open-policy-agent/gatekeeper/helmify/kustomize-for-helm.yaml +++ b/third_party/open-policy-agent/gatekeeper/helmify/kustomize-for-helm.yaml @@ -40,7 +40,7 @@ spec: containers: - args: - --arc-cluster={{ .Values.arcCluster }} - - --log-encoder={{ .Values.logEncoder }} + - --log-level={{ .Values.logLevel }} - --metrics-addr={{ .Values.metricsAddr }} - --metrics-backend={{ .Values.metricsBackend }} command: diff --git a/third_party/open-policy-agent/gatekeeper/helmify/static/README.md b/third_party/open-policy-agent/gatekeeper/helmify/static/README.md index 02edbd9f5..a8dabbdcb 100644 --- a/third_party/open-policy-agent/gatekeeper/helmify/static/README.md +++ b/third_party/open-policy-agent/gatekeeper/helmify/static/README.md @@ -46,7 +46,7 @@ helm upgrade -n azure-workload-identity-system [RELEASE_NAME] azure-workload-ide | service.targetPort | Service target port | `9443` | | azureTenantID | [**REQUIRED**] Azure tenant ID | `` | | azureEnvironment | Azure Environment | `AzurePublicCloud` | -| logEncoder | The log encoder to use for the webhook manager (`json`, `console`) | `console` | +| logLevel | The log level to use for the webhook manager. In order of increasing verbosity: unset (empty string), info, debug, trace and all. | `` | | metricsAddr | The address to bind the metrics server to | `:8095` | | metricsBackend | The metrics backend to use (`prometheus`) | `prometheus` | | mutatingWebhookFailurePolicy | The failurePolicy for the mutating webhook. Default is `Ignore` and it's safe. Setting this to fail closed could cause cluster outage when webhook is not available. | `Ignore` | diff --git a/third_party/open-policy-agent/gatekeeper/helmify/static/values.yaml b/third_party/open-policy-agent/gatekeeper/helmify/static/values.yaml index 542d0c018..b4ffae82c 100644 --- a/third_party/open-policy-agent/gatekeeper/helmify/static/values.yaml +++ b/third_party/open-policy-agent/gatekeeper/helmify/static/values.yaml @@ -27,7 +27,7 @@ service: targetPort: 9443 azureEnvironment: AzurePublicCloud azureTenantID: -logEncoder: console +logLevel: metricsAddr: ":8095" metricsBackend: prometheus mutatingWebhookFailurePolicy: Ignore