diff --git a/go.mod b/go.mod index 37bd25d061..1699f37690 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ toolchain go1.21.11 exclude github.com/mattn/go-sqlite3 v2.0.3+incompatible require ( - cloud.google.com/go/compute v1.27.4 + cloud.google.com/go/compute v1.27.5 cloud.google.com/go/storage v1.43.0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 @@ -38,7 +38,7 @@ require ( github.com/labstack/gommon v0.4.2 github.com/openshift-online/ocm-sdk-go v0.1.432 github.com/oracle/oci-go-sdk/v54 v54.0.0 - github.com/osbuild/images v0.75.0 + github.com/osbuild/images v0.77.0 github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1 github.com/osbuild/pulp-client v0.1.0 github.com/prometheus/client_golang v1.19.1 @@ -51,13 +51,13 @@ require ( golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 golang.org/x/oauth2 v0.22.0 golang.org/x/sync v0.8.0 - golang.org/x/sys v0.23.0 - google.golang.org/api v0.190.0 + golang.org/x/sys v0.24.0 + google.golang.org/api v0.191.0 ) require ( cloud.google.com/go v0.115.0 // indirect - cloud.google.com/go/auth v0.7.3 // indirect + cloud.google.com/go/auth v0.8.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect cloud.google.com/go/iam v1.1.12 // indirect @@ -208,7 +208,7 @@ require ( golang.org/x/net v0.28.0 // indirect golang.org/x/term v0.23.0 // indirect golang.org/x/text v0.17.0 // indirect - golang.org/x/time v0.5.0 // indirect + golang.org/x/time v0.6.0 // indirect golang.org/x/tools v0.24.0 // indirect google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect diff --git a/go.sum b/go.sum index c2caa96118..0dc4049ead 100644 --- a/go.sum +++ b/go.sum @@ -1,12 +1,12 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.7.3 h1:98Vr+5jMaCZ5NZk6e/uBgf60phTk/XN84r8QEWB9yjY= -cloud.google.com/go/auth v0.7.3/go.mod h1:HJtWUx1P5eqjy/f6Iq5KeytNpbAcGolPhOgyop2LlzA= +cloud.google.com/go/auth v0.8.0 h1:y8jUJLl/Fg+qNBWxP/Hox2ezJvjkrPb952PC1p0G6A4= +cloud.google.com/go/auth v0.8.0/go.mod h1:qGVp/Y3kDRSDZ5gFD/XPUfYQ9xW1iI7q8RIRoCyBbJc= cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI= cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I= -cloud.google.com/go/compute v1.27.4 h1:XM8ulx6crjdl09XBfji7viFgZOEQuIxBwKmjRH9Rtmc= -cloud.google.com/go/compute v1.27.4/go.mod h1:7JZS+h21ERAGHOy5qb7+EPyXlQwzshzrx1x6L9JhTqU= +cloud.google.com/go/compute v1.27.5 h1:iii9Z+FhEeZ5cUkGOEqU+GM7MJSyxMgbE7H7j+JndYY= +cloud.google.com/go/compute v1.27.5/go.mod h1:DfwDGujFTdSeiE8b8ZqadF/uxHFBz+ekGsk8Zfi9dTA= cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= cloud.google.com/go/iam v1.1.12 h1:JixGLimRrNGcxvJEQ8+clfLxPlbeZA6MuRJ+qJNQ5Xw= @@ -468,8 +468,8 @@ github.com/openshift-online/ocm-sdk-go v0.1.432 h1:XIlCJKxXXznMP5Usu9lVGZa+UTYVl github.com/openshift-online/ocm-sdk-go v0.1.432/go.mod h1:CiAu2jwl3ITKOxkeV0Qnhzv4gs35AmpIzVABQLtcI2Y= github.com/oracle/oci-go-sdk/v54 v54.0.0 h1:CDLjeSejv2aDpElAJrhKpi6zvT/zhZCZuXchUUZ+LS4= github.com/oracle/oci-go-sdk/v54 v54.0.0/go.mod h1:+t+yvcFGVp+3ZnztnyxqXfQDsMlq8U25faBLa+mqCMc= -github.com/osbuild/images v0.75.0 h1:eGHnqM6IKtp5Yp01/+8kwqmpPRTvGUAil1cusNIyL8A= -github.com/osbuild/images v0.75.0/go.mod h1:4v0/jE4NsDNkmBcTcwX7S3Zdfd+U18aKXtiXCyuXdfQ= +github.com/osbuild/images v0.77.0 h1:O0Nv07M7b3YuY+c83/NFjWFachO+aH714zu7r+QkdsU= +github.com/osbuild/images v0.77.0/go.mod h1:14LZWLSsQ02C/vZ+EzBkp+OcdjebnWDJ8moz8o/a0J4= github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1 h1:UFEJIcPa46W8gtWgOYzriRKYyy1t6SWL0BI7fPTuVvc= github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1/go.mod h1:z+WA+dX6qMwc7fqY5jCzESDIlg4WR2sBQezxsoXv9Ik= github.com/osbuild/pulp-client v0.1.0 h1:L0C4ezBJGTamN3BKdv+rKLuq/WxXJbsFwz/Hj7aEmJ8= @@ -721,8 +721,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= -golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= +golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -746,8 +746,8 @@ golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= +golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -773,8 +773,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.190.0 h1:ASM+IhLY1zljNdLu19W1jTmU6A+gMk6M46Wlur61s+Q= -google.golang.org/api v0.190.0/go.mod h1:QIr6I9iedBLnfqoD6L6Vze1UvS5Hzj5r2aUBOaZnLHo= +google.golang.org/api v0.191.0 h1:cJcF09Z+4HAB2t5qTQM1ZtfL/PemsLFkcFG67qq2afk= +google.golang.org/api v0.191.0/go.mod h1:tD5dsFGxFza0hnQveGfVk9QQYKcfp+VzgRqyXFxE0+E= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= diff --git a/vendor/cloud.google.com/go/auth/CHANGES.md b/vendor/cloud.google.com/go/auth/CHANGES.md index d1b736c748..ae8b3e02ea 100644 --- a/vendor/cloud.google.com/go/auth/CHANGES.md +++ b/vendor/cloud.google.com/go/auth/CHANGES.md @@ -1,5 +1,12 @@ # Changelog +## [0.8.0](https://github.com/googleapis/google-cloud-go/compare/auth/v0.7.3...auth/v0.8.0) (2024-08-07) + + +### Features + +* **auth:** Adds support for X509 workload identity federation ([#10373](https://github.com/googleapis/google-cloud-go/issues/10373)) ([5d07505](https://github.com/googleapis/google-cloud-go/commit/5d075056cbe27bb1da4072a26070c41f8999eb9b)) + ## [0.7.3](https://github.com/googleapis/google-cloud-go/compare/auth/v0.7.2...auth/v0.7.3) (2024-08-01) diff --git a/vendor/cloud.google.com/go/auth/credentials/filetypes.go b/vendor/cloud.google.com/go/auth/credentials/filetypes.go index fe93557389..b426e16d29 100644 --- a/vendor/cloud.google.com/go/auth/credentials/filetypes.go +++ b/vendor/cloud.google.com/go/auth/credentials/filetypes.go @@ -174,6 +174,7 @@ func handleExternalAccount(f *credsfile.ExternalAccountFile, opts *DetectOptions Scopes: opts.scopes(), WorkforcePoolUserProject: f.WorkforcePoolUserProject, Client: opts.client(), + IsDefaultClient: opts.Client == nil, } if f.ServiceAccountImpersonation != nil { externalOpts.ServiceAccountImpersonationLifetimeSeconds = f.ServiceAccountImpersonation.TokenLifetimeSeconds diff --git a/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/externalaccount.go b/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/externalaccount.go index b19c6edeae..112186a9e6 100644 --- a/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/externalaccount.go +++ b/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/externalaccount.go @@ -100,6 +100,10 @@ type Options struct { AwsSecurityCredentialsProvider AwsSecurityCredentialsProvider // Client for token request. Client *http.Client + // IsDefaultClient marks whether the client passed in is a default client that can be overriden. + // This is important for X509 credentials which should create a new client if the default was used + // but should respect a client explicitly passed in by the user. + IsDefaultClient bool } // SubjectTokenProvider can be used to supply a subject token to exchange for a @@ -181,6 +185,26 @@ func (o *Options) validate() error { return nil } +// client returns the http client that should be used for the token exchange. If a non-default client +// is provided, then the client configured in the options will always be returned. If a default client +// is provided and the options are configured for X509 credentials, a new client will be created. +func (o *Options) client() (*http.Client, error) { + // If a client was provided and no override certificate config location was provided, use the provided client. + if o.CredentialSource == nil || o.CredentialSource.Certificate == nil || (!o.IsDefaultClient && o.CredentialSource.Certificate.CertificateConfigLocation == "") { + return o.Client, nil + } + + // If a new client should be created, validate and use the certificate source to create a new mTLS client. + cert := o.CredentialSource.Certificate + if !cert.UseDefaultCertificateConfig && cert.CertificateConfigLocation == "" { + return nil, errors.New("credentials: \"certificate\" object must either specify a certificate_config_location or use_default_certificate_config should be true") + } + if cert.UseDefaultCertificateConfig && cert.CertificateConfigLocation != "" { + return nil, errors.New("credentials: \"certificate\" object cannot specify both a certificate_config_location and use_default_certificate_config=true") + } + return createX509Client(cert.CertificateConfigLocation) +} + // resolveTokenURL sets the default STS token endpoint with the configured // universe domain. func (o *Options) resolveTokenURL() { @@ -204,11 +228,18 @@ func NewTokenProvider(opts *Options) (auth.TokenProvider, error) { if err != nil { return nil, err } + + client, err := opts.client() + if err != nil { + return nil, err + } + tp := &tokenProvider{ - client: opts.Client, + client: client, opts: opts, stp: stp, } + if opts.ServiceAccountImpersonationURL == "" { return auth.NewCachedTokenProvider(tp, nil), nil } @@ -218,7 +249,7 @@ func NewTokenProvider(opts *Options) (auth.TokenProvider, error) { // needed for impersonation tp.opts.Scopes = []string{"https://www.googleapis.com/auth/cloud-platform"} imp, err := impersonate.NewTokenProvider(&impersonate.Options{ - Client: opts.Client, + Client: client, URL: opts.ServiceAccountImpersonationURL, Scopes: scopes, Tp: auth.NewCachedTokenProvider(tp, nil), @@ -353,6 +384,15 @@ func newSubjectTokenProvider(o *Options) (subjectTokenProvider, error) { execProvider.opts = o execProvider.env = runtimeEnvironment{} return execProvider, nil + } else if o.CredentialSource.Certificate != nil { + cert := o.CredentialSource.Certificate + if !cert.UseDefaultCertificateConfig && cert.CertificateConfigLocation == "" { + return nil, errors.New("credentials: \"certificate\" object must either specify a certificate_config_location or use_default_certificate_config should be true") + } + if cert.UseDefaultCertificateConfig && cert.CertificateConfigLocation != "" { + return nil, errors.New("credentials: \"certificate\" object cannot specify both a certificate_config_location and use_default_certificate_config=true") + } + return &x509Provider{}, nil } return nil, errors.New("credentials: unable to parse credential source") } diff --git a/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/url_provider.go b/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/url_provider.go index e33d35a268..0a020599e0 100644 --- a/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/url_provider.go +++ b/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/url_provider.go @@ -30,6 +30,7 @@ const ( fileTypeJSON = "json" urlProviderType = "url" programmaticProviderType = "programmatic" + x509ProviderType = "x509" ) type urlSubjectProvider struct { diff --git a/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/x509_provider.go b/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/x509_provider.go new file mode 100644 index 0000000000..115df5881f --- /dev/null +++ b/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/x509_provider.go @@ -0,0 +1,63 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package externalaccount + +import ( + "context" + "crypto/tls" + "net/http" + "time" + + "cloud.google.com/go/auth/internal/transport/cert" +) + +// x509Provider implements the subjectTokenProvider type for +// x509 workload identity credentials. Because x509 credentials +// rely on an mTLS connection to represent the 3rd party identity +// rather than a subject token, this provider will always return +// an empty string when a subject token is requested by the external account +// token provider. +type x509Provider struct { +} + +func (xp *x509Provider) providerType() string { + return x509ProviderType +} + +func (xp *x509Provider) subjectToken(ctx context.Context) (string, error) { + return "", nil +} + +// createX509Client creates a new client that is configured with mTLS, using the +// certificate configuration specified in the credential source. +func createX509Client(certificateConfigLocation string) (*http.Client, error) { + certProvider, err := cert.NewWorkloadX509CertProvider(certificateConfigLocation) + if err != nil { + return nil, err + } + trans := http.DefaultTransport.(*http.Transport).Clone() + + trans.TLSClientConfig = &tls.Config{ + GetClientCertificate: certProvider, + } + + // Create a client with default settings plus the X509 workload cert and key. + client := &http.Client{ + Transport: trans, + Timeout: 30 * time.Second, + } + + return client, nil +} diff --git a/vendor/cloud.google.com/go/auth/internal/credsfile/filetype.go b/vendor/cloud.google.com/go/auth/internal/credsfile/filetype.go index 69e30779f9..3be6e5bbb4 100644 --- a/vendor/cloud.google.com/go/auth/internal/credsfile/filetype.go +++ b/vendor/cloud.google.com/go/auth/internal/credsfile/filetype.go @@ -90,19 +90,20 @@ type ExternalAccountAuthorizedUserFile struct { // CredentialSource stores the information necessary to retrieve the credentials for the STS exchange. // -// One field amongst File, URL, and Executable should be filled, depending on the kind of credential in question. +// One field amongst File, URL, Certificate, and Executable should be filled, depending on the kind of credential in question. // The EnvironmentID should start with AWS if being used for an AWS credential. type CredentialSource struct { - File string `json:"file"` - URL string `json:"url"` - Headers map[string]string `json:"headers"` - Executable *ExecutableConfig `json:"executable,omitempty"` - EnvironmentID string `json:"environment_id"` - RegionURL string `json:"region_url"` - RegionalCredVerificationURL string `json:"regional_cred_verification_url"` - CredVerificationURL string `json:"cred_verification_url"` - IMDSv2SessionTokenURL string `json:"imdsv2_session_token_url"` - Format *Format `json:"format,omitempty"` + File string `json:"file"` + URL string `json:"url"` + Headers map[string]string `json:"headers"` + Executable *ExecutableConfig `json:"executable,omitempty"` + Certificate *CertificateConfig `json:"certificate"` + EnvironmentID string `json:"environment_id"` // TODO: Make type for this + RegionURL string `json:"region_url"` + RegionalCredVerificationURL string `json:"regional_cred_verification_url"` + CredVerificationURL string `json:"cred_verification_url"` + IMDSv2SessionTokenURL string `json:"imdsv2_session_token_url"` + Format *Format `json:"format,omitempty"` } // Format describes the format of a [CredentialSource]. @@ -121,6 +122,13 @@ type ExecutableConfig struct { OutputFile string `json:"output_file"` } +// CertificateConfig represents the options used to set up X509 based workload +// [CredentialSource] +type CertificateConfig struct { + UseDefaultCertificateConfig bool `json:"use_default_certificate_config"` + CertificateConfigLocation string `json:"certificate_config_location"` +} + // ServiceAccountImpersonationInfo has impersonation configuration. type ServiceAccountImpersonationInfo struct { TokenLifetimeSeconds int `json:"token_lifetime_seconds"` diff --git a/vendor/cloud.google.com/go/compute/internal/version.go b/vendor/cloud.google.com/go/compute/internal/version.go index 234f66315c..7fdea210df 100644 --- a/vendor/cloud.google.com/go/compute/internal/version.go +++ b/vendor/cloud.google.com/go/compute/internal/version.go @@ -15,4 +15,4 @@ package internal // Version is the current tagged release of the library. -const Version = "1.27.4" +const Version = "1.27.5" diff --git a/vendor/github.com/osbuild/images/pkg/blueprint/filesystem_customizations.go b/vendor/github.com/osbuild/images/pkg/blueprint/filesystem_customizations.go index 44fff9c15f..ad6959a717 100644 --- a/vendor/github.com/osbuild/images/pkg/blueprint/filesystem_customizations.go +++ b/vendor/github.com/osbuild/images/pkg/blueprint/filesystem_customizations.go @@ -5,7 +5,7 @@ import ( "fmt" "github.com/osbuild/images/internal/common" - "github.com/osbuild/images/internal/pathpolicy" + "github.com/osbuild/images/pkg/pathpolicy" ) type FilesystemCustomization struct { diff --git a/vendor/github.com/osbuild/images/pkg/blueprint/fsnode_customizations.go b/vendor/github.com/osbuild/images/pkg/blueprint/fsnode_customizations.go index a99308ae1e..45cb6b25ca 100644 --- a/vendor/github.com/osbuild/images/pkg/blueprint/fsnode_customizations.go +++ b/vendor/github.com/osbuild/images/pkg/blueprint/fsnode_customizations.go @@ -11,8 +11,8 @@ import ( "strings" "github.com/osbuild/images/internal/common" - "github.com/osbuild/images/internal/pathpolicy" "github.com/osbuild/images/pkg/customizations/fsnode" + "github.com/osbuild/images/pkg/pathpolicy" ) // validateModeString checks that the given string is a valid mode octal number diff --git a/vendor/github.com/osbuild/images/pkg/disk/disk.go b/vendor/github.com/osbuild/images/pkg/disk/disk.go index 3c57026871..2e64d98416 100644 --- a/vendor/github.com/osbuild/images/pkg/disk/disk.go +++ b/vendor/github.com/osbuild/images/pkg/disk/disk.go @@ -24,8 +24,9 @@ import ( "reflect" "strings" + "slices" + "github.com/google/uuid" - "golang.org/x/exp/slices" ) const ( diff --git a/vendor/github.com/osbuild/images/pkg/disk/partition_table.go b/vendor/github.com/osbuild/images/pkg/disk/partition_table.go index ead224fb55..a4f406c23f 100644 --- a/vendor/github.com/osbuild/images/pkg/disk/partition_table.go +++ b/vendor/github.com/osbuild/images/pkg/disk/partition_table.go @@ -37,7 +37,7 @@ const ( RawPartitioningMode PartitioningMode = "raw" // BtrfsPartitioningMode creates a btrfs layout. - BtfrsPartitioningMode PartitioningMode = "btrfs" + BtrfsPartitioningMode PartitioningMode = "btrfs" // DefaultPartitioningMode is AutoLVMPartitioningMode and is the empty state DefaultPartitioningMode PartitioningMode = "" @@ -100,7 +100,7 @@ const ( func NewPartitionTable(basePT *PartitionTable, mountpoints []blueprint.FilesystemCustomization, imageSize uint64, mode PartitioningMode, requiredSizes map[string]uint64, rng *rand.Rand) (*PartitionTable, error) { newPT := basePT.Clone().(*PartitionTable) - if basePT.features().LVM && (mode == RawPartitioningMode || mode == BtfrsPartitioningMode) { + if basePT.features().LVM && (mode == RawPartitioningMode || mode == BtrfsPartitioningMode) { return nil, fmt.Errorf("%s partitioning mode set for a base partition table with LVM, this is unsupported", mode) } @@ -115,7 +115,7 @@ func NewPartitionTable(basePT *PartitionTable, mountpoints []blueprint.Filesyste ensureLVM = false case DefaultPartitioningMode, AutoLVMPartitioningMode: ensureLVM = len(newMountpoints) > 0 - case BtfrsPartitioningMode: + case BtrfsPartitioningMode: ensureBtrfs = true default: return nil, fmt.Errorf("unsupported partitioning mode %q", mode) diff --git a/vendor/github.com/osbuild/images/pkg/distro/fedora/imagetype.go b/vendor/github.com/osbuild/images/pkg/distro/fedora/imagetype.go index ba1cc926cb..1300b5747f 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/fedora/imagetype.go +++ b/vendor/github.com/osbuild/images/pkg/distro/fedora/imagetype.go @@ -5,6 +5,8 @@ import ( "math/rand" "strings" + "slices" + "github.com/osbuild/images/internal/common" "github.com/osbuild/images/internal/environment" "github.com/osbuild/images/internal/workload" @@ -18,7 +20,6 @@ import ( "github.com/osbuild/images/pkg/platform" "github.com/osbuild/images/pkg/policies" "github.com/osbuild/images/pkg/rpmmd" - "golang.org/x/exp/slices" ) type imageFunc func(workload workload.Workload, t *imageType, bp *blueprint.Blueprint, options distro.ImageOptions, packageSets map[string]rpmmd.PackageSet, containers []container.SourceSpec, rng *rand.Rand) (image.ImageKind, error) diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/imagetype.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/imagetype.go index a70269ae73..0c055c96a6 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel/imagetype.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/imagetype.go @@ -4,7 +4,7 @@ import ( "fmt" "math/rand" - "golang.org/x/exp/slices" + "slices" "github.com/osbuild/images/internal/common" "github.com/osbuild/images/internal/environment" diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/ami.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/ami.go index 354372e6f2..32b639ad60 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/ami.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/ami.go @@ -9,7 +9,7 @@ import ( ) // TODO: move these to the EC2 environment -const amiKernelOptions = "console=tty0 console=ttyS0,115200n8 rd.blacklist=nouveau nvme_core.io_timeout=4294967295" +const amiKernelOptions = "console=tty0 console=ttyS0,115200n8 nvme_core.io_timeout=4294967295" // default EC2 images config (common for all architectures) func baseEc2ImageConfig() *distro.ImageConfig { @@ -249,7 +249,7 @@ func mkAMIImgTypeAarch64() *rhel.ImageType { []string{"image"}, ) - it.KernelOptions = "console=ttyS0,115200n8 console=tty0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 iommu.strict=0" + it.KernelOptions = "console=ttyS0,115200n8 console=tty0 nvme_core.io_timeout=4294967295 iommu.strict=0" it.Bootable = true it.DefaultSize = 10 * common.GibiByte it.DefaultImageConfig = defaultAMIImageConfig() diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/distro.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/distro.go index bb3da170ee..7f9cb52bf2 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/distro.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/distro.go @@ -82,17 +82,6 @@ func newDistro(name string, major, minor int) *rhel.Distribution { mkOCIImgType(rd), ) - x86_64.AddImageTypes( - &platform.X86{ - BIOS: true, - UEFIVendor: rd.Vendor(), - BasePlatform: platform.BasePlatform{ - ImageFormat: platform.FORMAT_QCOW2, - }, - }, - mkOpenstackImgType(), - ) - x86_64.AddImageTypes( &platform.X86{ BIOS: true, @@ -121,16 +110,6 @@ func newDistro(name string, major, minor int) *rhel.Distribution { mkWSLImgType(), ) - aarch64.AddImageTypes( - &platform.Aarch64{ - UEFIVendor: rd.Vendor(), - BasePlatform: platform.BasePlatform{ - ImageFormat: platform.FORMAT_QCOW2, - }, - }, - mkOpenstackImgType(), - ) - aarch64.AddImageTypes( &platform.Aarch64{}, mkTarImgType(), diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/options.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/options.go index 136f6dcaf7..30ab780d08 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/options.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/options.go @@ -4,7 +4,7 @@ import ( "fmt" "log" - "golang.org/x/exp/slices" + "slices" "github.com/osbuild/images/internal/common" "github.com/osbuild/images/pkg/blueprint" diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/qcow2.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/qcow2.go index 741ae70d39..bee18f977e 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/qcow2.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/qcow2.go @@ -54,31 +54,6 @@ func mkOCIImgType(d *rhel.Distribution) *rhel.ImageType { return it } -func mkOpenstackImgType() *rhel.ImageType { - it := rhel.NewImageType( - "openstack", - "disk.qcow2", - "application/x-qemu-disk", - map[string]rhel.PackageSetFunc{ - rhel.OSPkgsKey: openstackCommonPackageSet, - }, - rhel.DiskImage, - []string{"build"}, - []string{"os", "image", "qcow2"}, - []string{"qcow2"}, - ) - - it.DefaultImageConfig = &distro.ImageConfig{ - Locale: common.ToPtr("en_US.UTF-8"), - } - it.KernelOptions = "ro" - it.DefaultSize = 4 * common.GibiByte - it.Bootable = true - it.BasePartitionTables = defaultBasePartitionTables - - return it -} - func qcow2CommonPackageSet(t *rhel.ImageType) rpmmd.PackageSet { ps := rpmmd.PackageSet{ Include: []string{ @@ -154,28 +129,6 @@ func qcow2CommonPackageSet(t *rhel.ImageType) rpmmd.PackageSet { return ps } -func openstackCommonPackageSet(t *rhel.ImageType) rpmmd.PackageSet { - ps := rpmmd.PackageSet{ - Include: []string{ - // Defaults - "@core", - "langpacks-en", - "tuned", - - // From the lorax kickstart - "cloud-init", - "qemu-guest-agent", - "spice-vdagent", - }, - Exclude: []string{ - "dracut-config-rescue", - "rng-tools", - }, - } - - return ps -} - func qcowImageConfig(d *rhel.Distribution) *distro.ImageConfig { ic := &distro.ImageConfig{ DefaultTarget: common.ToPtr("multi-user.target"), diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/options.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/options.go index 81610c0640..f6cba40e51 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/options.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/options.go @@ -5,7 +5,7 @@ import ( "log" "strings" - "golang.org/x/exp/slices" + "slices" "github.com/osbuild/images/internal/common" "github.com/osbuild/images/pkg/blueprint" diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/ami.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/ami.go index 5792010b08..5f5cf3fdbd 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/ami.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/ami.go @@ -10,7 +10,7 @@ import ( ) // TODO: move these to the EC2 environment -const amiKernelOptions = "console=tty0 console=ttyS0,115200n8 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295" +const amiKernelOptions = "console=tty0 console=ttyS0,115200n8 net.ifnames=0 nvme_core.io_timeout=4294967295" // default EC2 images config (common for all architectures) func baseEc2ImageConfig() *distro.ImageConfig { @@ -363,7 +363,7 @@ func mkEC2SapImgTypeX86_64(osVersion string, rhsm bool) *rhel.ImageType { ) it.Compression = "xz" - it.KernelOptions = "console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 processor.max_cstate=1 intel_idle.max_cstate=1" + it.KernelOptions = "console=ttyS0,115200n8 console=tty0 net.ifnames=0 nvme_core.io_timeout=4294967295 processor.max_cstate=1 intel_idle.max_cstate=1" it.Bootable = true it.DefaultSize = 10 * common.GibiByte it.DefaultImageConfig = sapImageConfig(osVersion).InheritFrom(defaultEc2ImageConfigX86_64(osVersion, rhsm)) @@ -412,7 +412,7 @@ func mkAMIImgTypeAarch64() *rhel.ImageType { []string{"image"}, ) - it.KernelOptions = "console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 iommu.strict=0" + it.KernelOptions = "console=ttyS0,115200n8 console=tty0 net.ifnames=0 nvme_core.io_timeout=4294967295 iommu.strict=0" it.Bootable = true it.DefaultSize = 10 * common.GibiByte it.DefaultImageConfig = defaultAMIImageConfig() @@ -437,7 +437,7 @@ func mkEC2ImgTypeAarch64(osVersion string, rhsm bool) *rhel.ImageType { ) it.Compression = "xz" - it.KernelOptions = "console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 iommu.strict=0" + it.KernelOptions = "console=ttyS0,115200n8 console=tty0 net.ifnames=0 nvme_core.io_timeout=4294967295 iommu.strict=0" it.Bootable = true it.DefaultSize = 10 * common.GibiByte it.DefaultImageConfig = defaultEc2ImageConfig(osVersion, rhsm) diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/options.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/options.go index 859e3ebcb1..da45d7bd5f 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/options.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/options.go @@ -5,7 +5,7 @@ import ( "log" "strings" - "golang.org/x/exp/slices" + "slices" "github.com/osbuild/images/internal/common" "github.com/osbuild/images/pkg/blueprint" diff --git a/vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go b/vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go index 1aa76bf1e5..6d00bcb611 100644 --- a/vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go +++ b/vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go @@ -521,8 +521,8 @@ func createMountpointService(serviceName string, mountpoints []string) *osbuild. Type: osbuild.Oneshot, RemainAfterExit: false, // compatibility with composefs, will require transient rootfs to be enabled too. - ExecStartPre: []string{"/bin/sh -c \"if grep -Uq composefs /run/ostree-booted; then chattr -i /; fi\""}, - ExecStopPost: []string{"/bin/sh -c \"if grep -Uq composefs /run/ostree-booted; then chattr +i /; fi\""}, + ExecStartPre: []string{"/bin/sh -c \"if grep -Uq composefs /run/ostree-booted; then echo 'Warning: composefs enabled! ensure transient rootfs is enabled too.'; else chattr -i /; fi\""}, + ExecStopPost: []string{"/bin/sh -c \"if grep -Uq composefs /run/ostree-booted; then echo 'Warning: composefs enabled! ensure transient rootfs is enabled too.'; else chattr +i /; fi\""}, ExecStart: []string{"mkdir -p " + strings.Join(mountpoints, " ")}, } diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/anaconda_stage.go b/vendor/github.com/osbuild/images/pkg/osbuild/anaconda_stage.go index c6508085f0..36fcd29e8f 100644 --- a/vendor/github.com/osbuild/images/pkg/osbuild/anaconda_stage.go +++ b/vendor/github.com/osbuild/images/pkg/osbuild/anaconda_stage.go @@ -1,8 +1,9 @@ package osbuild import ( + "slices" + "github.com/osbuild/images/pkg/customizations/anaconda" - "golang.org/x/exp/slices" ) type AnacondaStageOptions struct { diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/bootc_install_to_filesystem_stage.go b/vendor/github.com/osbuild/images/pkg/osbuild/bootc_install_to_filesystem_stage.go index 1db46c04ee..d992a1d221 100644 --- a/vendor/github.com/osbuild/images/pkg/osbuild/bootc_install_to_filesystem_stage.go +++ b/vendor/github.com/osbuild/images/pkg/osbuild/bootc_install_to_filesystem_stage.go @@ -3,6 +3,8 @@ package osbuild import ( "fmt" + "slices" + "github.com/osbuild/images/pkg/platform" ) @@ -35,11 +37,22 @@ func NewBootcInstallToFilesystemStage(options *BootcInstallToFilesystemOptions, return nil, fmt.Errorf("expected exactly one container input but got: %v (%v)", len(inputs.Images.References), inputs.Images.References) } + // Don't mount any custom mountpoints. + // Only mount the minimum required mounts for bootc: + // /, /boot, and /boot/efi, if they are already defined. + requiredMountpoints := []string{"/", "/boot", "/boot/efi"} + reqMounts := make([]Mount, 0, len(mounts)) + for _, mount := range mounts { + if slices.Contains(requiredMountpoints, mount.Target) { + reqMounts = append(reqMounts, mount) + } + } + return &Stage{ Type: "org.osbuild.bootc.install-to-filesystem", Options: options, Inputs: inputs, Devices: devices, - Mounts: mounts, + Mounts: reqMounts, }, nil } diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/cloud_init_stage.go b/vendor/github.com/osbuild/images/pkg/osbuild/cloud_init_stage.go index f294f91d76..5be615dd5f 100644 --- a/vendor/github.com/osbuild/images/pkg/osbuild/cloud_init_stage.go +++ b/vendor/github.com/osbuild/images/pkg/osbuild/cloud_init_stage.go @@ -3,7 +3,7 @@ package osbuild import ( "fmt" - "golang.org/x/exp/slices" + "slices" ) type CloudInitStageOptions struct { diff --git a/vendor/github.com/osbuild/images/pkg/osbuild/rpm_stage.go b/vendor/github.com/osbuild/images/pkg/osbuild/rpm_stage.go index 77e600dd8e..5dfa78fc32 100644 --- a/vendor/github.com/osbuild/images/pkg/osbuild/rpm_stage.go +++ b/vendor/github.com/osbuild/images/pkg/osbuild/rpm_stage.go @@ -1,8 +1,9 @@ package osbuild import ( + "slices" + "github.com/osbuild/images/pkg/rpmmd" - "golang.org/x/exp/slices" ) type RPMStageOptions struct { diff --git a/vendor/github.com/osbuild/images/internal/pathpolicy/path_policy.go b/vendor/github.com/osbuild/images/pkg/pathpolicy/path_policy.go similarity index 100% rename from vendor/github.com/osbuild/images/internal/pathpolicy/path_policy.go rename to vendor/github.com/osbuild/images/pkg/pathpolicy/path_policy.go diff --git a/vendor/github.com/osbuild/images/internal/pathpolicy/path_trie.go b/vendor/github.com/osbuild/images/pkg/pathpolicy/path_trie.go similarity index 100% rename from vendor/github.com/osbuild/images/internal/pathpolicy/path_trie.go rename to vendor/github.com/osbuild/images/pkg/pathpolicy/path_trie.go diff --git a/vendor/github.com/osbuild/images/pkg/policies/policies.go b/vendor/github.com/osbuild/images/pkg/policies/policies.go index 52d2093eea..8ea86d487a 100644 --- a/vendor/github.com/osbuild/images/pkg/policies/policies.go +++ b/vendor/github.com/osbuild/images/pkg/policies/policies.go @@ -1,7 +1,7 @@ package policies import ( - "github.com/osbuild/images/internal/pathpolicy" + "github.com/osbuild/images/pkg/pathpolicy" ) // MountpointPolicies is a set of default mountpoint policies used for filesystem customizations diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index b102b95a0a..7f1961b907 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -3807,6 +3807,9 @@ const ( ETHTOOL_MSG_PSE_GET_REPLY = 0x25 ETHTOOL_MSG_RSS_GET_REPLY = 0x26 ETHTOOL_MSG_KERNEL_MAX = 0x2b + ETHTOOL_FLAG_COMPACT_BITSETS = 0x1 + ETHTOOL_FLAG_OMIT_REPLY = 0x2 + ETHTOOL_FLAG_STATS = 0x4 ETHTOOL_A_HEADER_UNSPEC = 0x0 ETHTOOL_A_HEADER_DEV_INDEX = 0x1 ETHTOOL_A_HEADER_DEV_NAME = 0x2 diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 4d0c15745f..3f03b3d57c 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -2031,6 +2031,50 @@ const ( IF_TYPE_IEEE1394 = 144 ) +// Enum NL_PREFIX_ORIGIN for [IpAdapterUnicastAddress], see +// https://learn.microsoft.com/en-us/windows/win32/api/nldef/ne-nldef-nl_prefix_origin +const ( + IpPrefixOriginOther = 0 + IpPrefixOriginManual = 1 + IpPrefixOriginWellKnown = 2 + IpPrefixOriginDhcp = 3 + IpPrefixOriginRouterAdvertisement = 4 + IpPrefixOriginUnchanged = 1 << 4 +) + +// Enum NL_SUFFIX_ORIGIN for [IpAdapterUnicastAddress], see +// https://learn.microsoft.com/en-us/windows/win32/api/nldef/ne-nldef-nl_suffix_origin +const ( + NlsoOther = 0 + NlsoManual = 1 + NlsoWellKnown = 2 + NlsoDhcp = 3 + NlsoLinkLayerAddress = 4 + NlsoRandom = 5 + IpSuffixOriginOther = 0 + IpSuffixOriginManual = 1 + IpSuffixOriginWellKnown = 2 + IpSuffixOriginDhcp = 3 + IpSuffixOriginLinkLayerAddress = 4 + IpSuffixOriginRandom = 5 + IpSuffixOriginUnchanged = 1 << 4 +) + +// Enum NL_DAD_STATE for [IpAdapterUnicastAddress], see +// https://learn.microsoft.com/en-us/windows/win32/api/nldef/ne-nldef-nl_dad_state +const ( + NldsInvalid = 0 + NldsTentative = 1 + NldsDuplicate = 2 + NldsDeprecated = 3 + NldsPreferred = 4 + IpDadStateInvalid = 0 + IpDadStateTentative = 1 + IpDadStateDuplicate = 2 + IpDadStateDeprecated = 3 + IpDadStatePreferred = 4 +) + type SocketAddress struct { Sockaddr *syscall.RawSockaddrAny SockaddrLength int32 diff --git a/vendor/golang.org/x/time/LICENSE b/vendor/golang.org/x/time/LICENSE index 6a66aea5ea..2a7cf70da6 100644 --- a/vendor/golang.org/x/time/LICENSE +++ b/vendor/golang.org/x/time/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2009 The Go Authors. All rights reserved. +Copyright 2009 The Go Authors. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are @@ -10,7 +10,7 @@ notice, this list of conditions and the following disclaimer. copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - * Neither the name of Google Inc. nor the names of its + * Neither the name of Google LLC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. diff --git a/vendor/google.golang.org/api/internal/creds.go b/vendor/google.golang.org/api/internal/creds.go index 5ea555ed01..4ed22bd76e 100644 --- a/vendor/google.golang.org/api/internal/creds.go +++ b/vendor/google.golang.org/api/internal/creds.go @@ -302,14 +302,3 @@ func baseTransport() *http.Transport { ExpectContinueTimeout: 1 * time.Second, } } - -// ErrUniverseNotMatch composes an error string from the provided universe -// domain sources (DialSettings and Credentials, respectively). -func ErrUniverseNotMatch(settingsUD, credsUD string) error { - return fmt.Errorf( - "the configured universe domain (%q) does not match the universe "+ - "domain found in the credentials (%q). If you haven't configured "+ - "WithUniverseDomain explicitly, \"googleapis.com\" is the default", - settingsUD, - credsUD) -} diff --git a/vendor/google.golang.org/api/internal/settings.go b/vendor/google.golang.org/api/internal/settings.go index edba49af49..32949cccbd 100644 --- a/vendor/google.golang.org/api/internal/settings.go +++ b/vendor/google.golang.org/api/internal/settings.go @@ -204,8 +204,7 @@ func (ds *DialSettings) IsUniverseDomainGDU() bool { } // GetUniverseDomain returns the default service domain for a given Cloud -// universe, from google.Credentials, for comparison with the value returned by -// (*DialSettings).GetUniverseDomain. This wrapper function should be removed +// universe, from google.Credentials. This wrapper function should be removed // to close https://github.com/googleapis/google-api-go-client/issues/2399. func GetUniverseDomain(creds *google.Credentials) (string, error) { timer := time.NewTimer(time.Second) diff --git a/vendor/google.golang.org/api/internal/version.go b/vendor/google.golang.org/api/internal/version.go index 54ae69fa81..7a67980368 100644 --- a/vendor/google.golang.org/api/internal/version.go +++ b/vendor/google.golang.org/api/internal/version.go @@ -5,4 +5,4 @@ package internal // Version is the current tagged release of the library. -const Version = "0.190.0" +const Version = "0.191.0" diff --git a/vendor/google.golang.org/api/storage/v1/storage-gen.go b/vendor/google.golang.org/api/storage/v1/storage-gen.go index 07de6ebf63..27504b0aad 100644 --- a/vendor/google.golang.org/api/storage/v1/storage-gen.go +++ b/vendor/google.golang.org/api/storage/v1/storage-gen.go @@ -93,6 +93,7 @@ var _ = strings.Replace var _ = context.Canceled var _ = internaloption.WithDefaultEndpoint var _ = internal.Version +var _ = gax.Version const apiId = "storage:v1" const apiName = "storage" diff --git a/vendor/google.golang.org/api/transport/grpc/dial.go b/vendor/google.golang.org/api/transport/grpc/dial.go index 2f6359f292..d2a4f76645 100644 --- a/vendor/google.golang.org/api/transport/grpc/dial.go +++ b/vendor/google.golang.org/api/transport/grpc/dial.go @@ -296,17 +296,6 @@ func dial(ctx context.Context, insecure bool, o *internal.DialSettings) (*grpc.C if err != nil { return nil, err } - if o.TokenSource == nil { - // We only validate non-tokensource creds, as TokenSource-based credentials - // don't propagate universe. - credsUniverseDomain, err := internal.GetUniverseDomain(creds) - if err != nil { - return nil, err - } - if o.GetUniverseDomain() != credsUniverseDomain { - return nil, internal.ErrUniverseNotMatch(o.GetUniverseDomain(), credsUniverseDomain) - } - } grpcOpts = append(grpcOpts, grpc.WithPerRPCCredentials(grpcTokenSource{ TokenSource: oauth.TokenSource{TokenSource: creds.TokenSource}, quotaProject: internal.GetQuotaProject(creds, o.QuotaProject), diff --git a/vendor/google.golang.org/api/transport/http/dial.go b/vendor/google.golang.org/api/transport/http/dial.go index 3747d0df0b..2e2b15c6e0 100644 --- a/vendor/google.golang.org/api/transport/http/dial.go +++ b/vendor/google.golang.org/api/transport/http/dial.go @@ -182,17 +182,6 @@ func newTransport(ctx context.Context, base http.RoundTripper, settings *interna if err != nil { return nil, err } - if settings.TokenSource == nil { - // We only validate non-tokensource creds, as TokenSource-based credentials - // don't propagate universe. - credsUniverseDomain, err := internal.GetUniverseDomain(creds) - if err != nil { - return nil, err - } - if settings.GetUniverseDomain() != credsUniverseDomain { - return nil, internal.ErrUniverseNotMatch(settings.GetUniverseDomain(), credsUniverseDomain) - } - } paramTransport.quotaProject = internal.GetQuotaProject(creds, settings.QuotaProject) ts := creds.TokenSource if settings.ImpersonationConfig == nil && settings.TokenSource != nil { diff --git a/vendor/modules.txt b/vendor/modules.txt index 6b0bc94293..ff04ed05a0 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -4,7 +4,7 @@ cloud.google.com/go/internal cloud.google.com/go/internal/optional cloud.google.com/go/internal/trace cloud.google.com/go/internal/version -# cloud.google.com/go/auth v0.7.3 +# cloud.google.com/go/auth v0.8.0 ## explicit; go 1.20 cloud.google.com/go/auth cloud.google.com/go/auth/credentials @@ -23,7 +23,7 @@ cloud.google.com/go/auth/internal/transport/cert # cloud.google.com/go/auth/oauth2adapt v0.2.3 ## explicit; go 1.20 cloud.google.com/go/auth/oauth2adapt -# cloud.google.com/go/compute v1.27.4 +# cloud.google.com/go/compute v1.27.5 ## explicit; go 1.20 cloud.google.com/go/compute/apiv1 cloud.google.com/go/compute/apiv1/computepb @@ -861,11 +861,10 @@ github.com/oracle/oci-go-sdk/v54/identity github.com/oracle/oci-go-sdk/v54/objectstorage github.com/oracle/oci-go-sdk/v54/objectstorage/transfer github.com/oracle/oci-go-sdk/v54/workrequests -# github.com/osbuild/images v0.75.0 +# github.com/osbuild/images v0.77.0 ## explicit; go 1.21.0 github.com/osbuild/images/internal/common github.com/osbuild/images/internal/environment -github.com/osbuild/images/internal/pathpolicy github.com/osbuild/images/internal/workload github.com/osbuild/images/pkg/arch github.com/osbuild/images/pkg/artifact @@ -899,6 +898,7 @@ github.com/osbuild/images/pkg/manifest github.com/osbuild/images/pkg/osbuild github.com/osbuild/images/pkg/ostree github.com/osbuild/images/pkg/ostree/mock_ostree_repo +github.com/osbuild/images/pkg/pathpolicy github.com/osbuild/images/pkg/platform github.com/osbuild/images/pkg/policies github.com/osbuild/images/pkg/reporegistry @@ -1204,7 +1204,7 @@ golang.org/x/oauth2/jwt ## explicit; go 1.18 golang.org/x/sync/errgroup golang.org/x/sync/semaphore -# golang.org/x/sys v0.23.0 +# golang.org/x/sys v0.24.0 ## explicit; go 1.18 golang.org/x/sys/cpu golang.org/x/sys/execabs @@ -1230,7 +1230,7 @@ golang.org/x/text/transform golang.org/x/text/unicode/bidi golang.org/x/text/unicode/norm golang.org/x/text/width -# golang.org/x/time v0.5.0 +# golang.org/x/time v0.6.0 ## explicit; go 1.18 golang.org/x/time/rate # golang.org/x/tools v0.24.0 @@ -1245,7 +1245,7 @@ golang.org/x/tools/internal/gocommand golang.org/x/tools/internal/gopathwalk golang.org/x/tools/internal/imports golang.org/x/tools/internal/stdlib -# google.golang.org/api v0.190.0 +# google.golang.org/api v0.191.0 ## explicit; go 1.20 google.golang.org/api/googleapi google.golang.org/api/googleapi/transport