WIP: Local ubuntu 22 #416

MarcosDY · 2024-03-01T16:46:03Z

Pull Request check list

Commit conforms to CONTRIBUTING.md?
Proper tests/regressions included?
Documentation updated?

Affected functionality

Description of change

Which issue this PR fixes

Bumps [github.com/GoogleCloudPlatform/cloudsql-proxy](https://github.com/GoogleCloudPlatform/cloudsql-proxy) from 1.33.15 to 1.33.16. - [Release notes](https://github.com/GoogleCloudPlatform/cloudsql-proxy/releases) - [Changelog](https://github.com/GoogleCloudPlatform/cloud-sql-proxy/blob/v1.33.16/CHANGELOG.md) - [Commits](GoogleCloudPlatform/cloud-sql-proxy@v1.33.15...v1.33.16) --- updated-dependencies: - dependency-name: github.com/GoogleCloudPlatform/cloudsql-proxy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.19 to 1.14.20. - [Release notes](https://github.com/mattn/go-sqlite3/releases) - [Commits](mattn/go-sqlite3@v1.14.19...v1.14.20) --- updated-dependencies: - dependency-name: github.com/mattn/go-sqlite3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.60.0 to 0.61.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v0.60.0...v0.61.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.10.0 to 1.11.0. - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md) - [Commits](hashicorp/vault@v1.10.0...v1.11.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/vault/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

…mpatible (spiffe#4833) * Bump github.com/docker/docker Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 25.0.1+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v24.0.7...v25.0.1) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * update unit test Signed-off-by: Andrew Harding <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Andrew Harding <[email protected]> Co-authored-by: Andrew Harding <[email protected]>

Bumps the aws-sdk group with 1 update: [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2). Updates `github.com/aws/aws-sdk-go-v2/service/ec2` from 1.145.0 to 1.146.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/ec2/v1.145.0...service/ec2/v1.146.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aws-sdk ... Signed-off-by: dependabot[bot] <[email protected]>

* Add pagination support to events based cache Signed-off-by: Faisal Memon <[email protected]>

…iffe#4849) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.18.0 to 0.19.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.159.0 to 0.161.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.159.0...v0.161.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.20 to 1.14.21. - [Release notes](https://github.com/mattn/go-sqlite3/releases) - [Commits](mattn/go-sqlite3@v1.14.20...v1.14.21) --- updated-dependencies: - dependency-name: github.com/mattn/go-sqlite3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

…#4852) * LRU subscribers failed to start when no selector was provided Signed-off-by: Marcos Yacob <[email protected]>

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@9614fae...e1523de) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/shirou/gopsutil/v3](https://github.com/shirou/gopsutil) from 3.23.12 to 3.24.1. - [Release notes](https://github.com/shirou/gopsutil/releases) - [Commits](shirou/gopsutil@v3.23.12...v3.24.1) --- updated-dependencies: - dependency-name: github.com/shirou/gopsutil/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

…estor (spiffe#4841) Signed-off-by: Agustín Martínez Fayó <[email protected]>

Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.1+incompatible to 25.0.2+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v25.0.1...v25.0.2) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

* Set a default admin socket path for spire-agent cli use Set a standard default location the spire-agent cli will use to look for the agent socket when using commands against the spire-agent daemon. Actual functionality needing this variable will come in future patches. Signed-off-by: Kevin Fox <[email protected]> * Incorperate feedback Signed-off-by: Kevin Fox <[email protected]> * Fix filename Signed-off-by: Kevin Fox <[email protected]> --------- Signed-off-by: Kevin Fox <[email protected]>

Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.21 to 1.14.22. - [Release notes](https://github.com/mattn/go-sqlite3/releases) - [Commits](mattn/go-sqlite3@v1.14.21...v1.14.22) --- updated-dependencies: - dependency-name: github.com/mattn/go-sqlite3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

…4868) For consistency sake, the initial state should be loaded from the main database instance and not from read replicas. Signed-off-by: Andrew Harding <[email protected]>

Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.3.4 to 1.3.5. - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](sigstore/rekor@v1.3.4...v1.3.5) --- updated-dependencies: - dependency-name: github.com/sigstore/rekor dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the azure-sdk group with 1 update: [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go). Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.9.1 to 1.9.2 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.9.1...sdk/azcore/v1.9.2) --- updated-dependencies: - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: azure-sdk ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.161.0 to 0.162.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.161.0...v0.162.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* No longer emit x509UniqueIdentifier in X509-SVIDs Introduced in 1.4.2, this practice has turned out to be problematic. This change updates SPIRE Server to no long emit attribute in the X509-SVID subject. It also introduces a new built-in CredentialComposer to add the attribute back in for deployments that rely on it. The plugin only augments workload X509-SVIDs. Server and agent X509-SVIDs are not modified. Fixes: spiffe#4755 Fixes: spiffe#3110 Signed-off-by: Andrew Harding <[email protected]>

* Make reattest to renew default behaviour Signed-off-by: Faisal Memon <[email protected]>

Signed-off-by: Amir Omidi <[email protected]>

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.16.0 to 0.17.0. - [Commits](golang/sys@v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.2+incompatible to 25.0.3+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v25.0.2...v25.0.3) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@26f96df...5d5d22a) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.1 to 4.1.2. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@6b208ae...eaceaf8) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…on (spiffe#4846) * Log partial selectors from workload attestation on context cancellation In the case when a client hangs up a connection to SPIRE Agent during workload attestation (e.g. timeout, process dies, etc.) while the agent is still discovering selectors from workload attestation plugins, it can be helpful to log whatever selectors the agent could find for debugging purposes. Today, only the pid is captured in logs in this case, which is often not enough information to trace back the caller since: - The caller process may have already died (e.g. crashlooping on startup) - pid alone is only useful if you can query the state of running processes on the host around the time of workload attestation (often not practical) Logging the partial set of selectors fetched by the agent before the caller hung up can help diagnose affected workloads in case a workload attestation plugin is misbehaving or a downstream dependency required by the plugin is down/not responding with accurate information. Signed-off-by: Ryan Turner <[email protected]>

Signed-off-by: Faisal Memon <[email protected]>

Signed-off-by: Marcos Yacob <[email protected]>

dependabot bot and others added 30 commits January 29, 2024 12:49

Add pagination support to events based cache (spiffe#4826)

3473234

* Add pagination support to events based cache Signed-off-by: Faisal Memon <[email protected]>

LRU subscribers failed to start when no selector was provided (spiffe…

467eeac

…#4852) * LRU subscribers failed to start when no selector was provided Signed-off-by: Marcos Yacob <[email protected]>

Deprecate the k8s_sat node attestor in favor of the k8s_psat node att…

085199e

…estor (spiffe#4841) Signed-off-by: Agustín Martínez Fayó <[email protected]>

Do not use read-replicas for initial events-based cache load (spiffe#…

30c4994

…4868) For consistency sake, the initial state should be loaded from the main database instance and not from read replicas. Signed-off-by: Andrew Harding <[email protected]>

Make reattest to renew default behaviour (spiffe#4791)

9b09e0f

* Make reattest to renew default behaviour Signed-off-by: Faisal Memon <[email protected]>

Allow Wildcards in SVIDs (spiffe#4814)

acf500a

Signed-off-by: Amir Omidi <[email protected]>

Update workflow ubuntu to 22.04

a906a00

Signed-off-by: Faisal Memon <[email protected]>

faisal-memon and others added 18 commits February 13, 2024 14:46

Fix shell check errors

13f90e7

Signed-off-by: Faisal Memon <[email protected]>

Fix bug in script

f27f601

Signed-off-by: Faisal Memon <[email protected]>

Add -f flag to curl

efb7827

Signed-off-by: Faisal Memon <[email protected]>

More script fixups

ea012b5

Signed-off-by: Faisal Memon <[email protected]>

update curl path

f858bf0

add -s to curl

011e503

Signed-off-by: Faisal Memon <[email protected]>

Add more -s

1ea5310

Signed-off-by: Faisal Memon <[email protected]>

test1

f1cc47d

Signed-off-by: Marcos Yacob <[email protected]>

run only required test suites

54c61e4

Signed-off-by: Marcos Yacob <[email protected]>

Adding some test logs

cd41a5f

Signed-off-by: Marcos Yacob <[email protected]>

display k8s logs always

930c834

Signed-off-by: Marcos Yacob <[email protected]>

more test

b4d3920

Signed-off-by: Marcos Yacob <[email protected]>

test

75b37c4

Signed-off-by: Marcos Yacob <[email protected]>

more more

d77241a

Signed-off-by: Marcos Yacob <[email protected]>

more mroe

910061d

Signed-off-by: Marcos Yacob <[email protected]>

add missing parameter

6f1dcf6

Signed-off-by: Marcos Yacob <[email protected]>

target only process folder

c5d77d5

Signed-off-by: Marcos Yacob <[email protected]>

more

8ce186b

Signed-off-by: Marcos Yacob <[email protected]>

MarcosDY closed this Mar 4, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WIP: Local ubuntu 22 #416

WIP: Local ubuntu 22 #416

MarcosDY commented Mar 1, 2024

WIP: Local ubuntu 22 #416

WIP: Local ubuntu 22 #416

Conversation

MarcosDY commented Mar 1, 2024