Update to latest version of a few packages to take CVE fixes (#2384)

* Update to latest version of a few packages to take CVE fixes * Fix eventhub bugs due to changed upstream API
2022-07-15 13:47:59 -07:00 · 2022-07-15 13:47:59 -07:00 · 802ae08a02
--- a/2
+++ b/2
@ -207,7 +207,7 @@ validate-cainjection-files:
 # Generate manifests for helm and package them up
 .PHONY: helm-chart-manifests
 helm-chart-manifests: LATEST_TAG := $(shell curl -sL https://api.github.com/repos/Azure/azure-service-operator/releases/latest  | jq '.tag_name' --raw-output )
-helm-chart-manifests: KUBE_RBAC_PROXY := gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
+helm-chart-manifests: KUBE_RBAC_PROXY := gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
 helm-chart-manifests: generate
 	@echo "Latest released tag is $(LATEST_TAG)"
 	# substitute released tag into values file.
--- a/charts/azure-service-operator/values.yaml
+++ b/charts/azure-service-operator/values.yaml
@ -49,7 +49,7 @@ recoverSoftDeletedKeyVaultSecrets: True
 # repository).
 image:
  repository: mcr.microsoft.com/k8s/azureserviceoperator:1.0.39435
-  kubeRBACProxy: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
+  kubeRBACProxy: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0

 # installAadPodIdentity determines if the aad-pod-identity subchart should be installed.
 installAadPodIdentity: False
--- a/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@ -10,7 +10,7 @@ spec:
    spec:
      containers:
      - name: kube-rbac-proxy
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
        args:
        - "--secure-listen-address=0.0.0.0:8443"
        - "--upstream=http://127.0.0.1:8080/"
--- a/go.mod
+++ b/go.mod
@ -28,7 +28,7 @@ require (
 	github.com/prometheus/client_golang v1.12.1
 	github.com/sethvargo/go-password v0.1.2
 	github.com/stretchr/testify v1.7.0
-	golang.org/x/crypto v0.0.0-20220214200702-86341886e292
+	golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d
 	golang.org/x/net v0.0.0-20220403103023-749bd193bc2b
 	k8s.io/api v0.24.0-beta.0
 	k8s.io/apimachinery v0.24.0-beta.0
--- a/go.sum
+++ b/go.sum
@ -686,6 +686,8 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE=
 golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY=
+golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
--- a/pkg/errhelp/errors.go
+++ b/pkg/errhelp/errors.go
@ -22,6 +22,7 @@ const (
 	CannotParseError                               = "CannotParseError"
 	ConflictingServerOperation                     = "ConflictingServerOperation"
 	ContainerOperationFailure                      = "ContainerOperationFailure"
+	ConsumerGroupNotFound                          = "ConsumerGroupNotFound"
 	CreationPending                                = "CreationPending"
 	FailoverGroupBusy                              = "FailoverGroupBusy"
 	Forbidden                                      = "Forbidden"
--- a/pkg/resourcemanager/eventhubs/consumergroup.go
+++ b/pkg/resourcemanager/eventhubs/consumergroup.go
@ -9,15 +9,16 @@ import (
 	"net/http"
 	"strings"

+	"github.com/Azure/go-autorest/autorest"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
+
 	"github.com/Azure/azure-service-operator/api/v1alpha1"
 	"github.com/Azure/azure-service-operator/pkg/errhelp"
 	"github.com/Azure/azure-service-operator/pkg/helpers"
 	"github.com/Azure/azure-service-operator/pkg/resourcemanager"
 	"github.com/Azure/azure-service-operator/pkg/resourcemanager/config"
 	"github.com/Azure/azure-service-operator/pkg/resourcemanager/iam"
-	"github.com/Azure/go-autorest/autorest"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/types"

 	"github.com/Azure/azure-sdk-for-go/services/eventhub/mgmt/2017-04-01/eventhub"
 )
@ -180,9 +181,10 @@ func (cg *azureConsumerGroupManager) Delete(ctx context.Context, obj runtime.Obj
 		catch := []string{
 			errhelp.ResourceGroupNotFoundErrorCode,
 			errhelp.ParentNotFoundErrorCode,
+			errhelp.ConsumerGroupNotFound,
 			errhelp.NotFoundErrorCode,
 		}
-		if helpers.ContainsString(catch, azerr.Type) {
+		if helpers.ContainsString(catch, azerr.Type) || azerr.Code == http.StatusNotFound {
 			// these things mean the entity is already gone
 			return false, nil
 		}
--- a/pkg/resourcemanager/eventhubs/hub.go
+++ b/pkg/resourcemanager/eventhubs/hub.go
@ -10,6 +10,8 @@ import (
 	"strings"

 	model "github.com/Azure/azure-sdk-for-go/services/eventhub/mgmt/2017-04-01/eventhub"
+	"k8s.io/apimachinery/pkg/runtime"
+
 	"github.com/Azure/azure-service-operator/api/v1alpha1"
 	azurev1alpha1 "github.com/Azure/azure-service-operator/api/v1alpha1"
 	"github.com/Azure/azure-service-operator/pkg/errhelp"
@ -18,7 +20,6 @@ import (
 	"github.com/Azure/azure-service-operator/pkg/resourcemanager/config"
 	"github.com/Azure/azure-service-operator/pkg/resourcemanager/iam"
 	"github.com/Azure/azure-service-operator/pkg/secrets"
-	"k8s.io/apimachinery/pkg/runtime"

 	"github.com/Azure/azure-sdk-for-go/services/eventhub/mgmt/2017-04-01/eventhub"
 	"github.com/Azure/go-autorest/autorest"
@ -345,7 +346,7 @@ func (e *azureEventHubManager) Delete(ctx context.Context, obj runtime.Object, o
 		instance.Spec.SecretName = eventhubName
 	}

-	resp, err := e.DeleteHub(ctx, resourcegroup, namespaceName, eventhubName)
+	_, err = e.GetHub(ctx, resourcegroup, namespaceName, eventhubName)
 	if err != nil {
 		catch := []string{
 			errhelp.ResourceGroupNotFoundErrorCode,
@ -353,17 +354,29 @@ func (e *azureEventHubManager) Delete(ctx context.Context, obj runtime.Object, o
 			errhelp.NotFoundErrorCode,
 		}
 		azerr := errhelp.NewAzureError(err)
-		if helpers.ContainsString(catch, azerr.Type) {
-			instance.Status.Message = err.Error()
+		if helpers.ContainsString(catch, azerr.Type) || azerr.Code == http.StatusNotFound {
+			//Delete the secrets as best effort before successful return after delete
+			e.deleteEventhubSecrets(ctx, secretClient, secretName, instance)
 			return false, nil
 		}
 		return false, err
 	}

-	if resp.StatusCode == http.StatusNoContent {
-		//Delete the secrets as best effort before successful return after delete
-		e.deleteEventhubSecrets(ctx, secretClient, secretName, instance)
-		return false, nil
+	_, err = e.DeleteHub(ctx, resourcegroup, namespaceName, eventhubName)
+	if err != nil {
+		catch := []string{
+			errhelp.ResourceGroupNotFoundErrorCode,
+			errhelp.ParentNotFoundErrorCode,
+			errhelp.NotFoundErrorCode,
+		}
+		azerr := errhelp.NewAzureError(err)
+		if helpers.ContainsString(catch, azerr.Type) || azerr.Code == http.StatusNotFound {
+			instance.Status.Message = err.Error()
+			//Delete the secrets as best effort before successful return after delete
+			e.deleteEventhubSecrets(ctx, secretClient, secretName, instance)
+			return false, nil
+		}
+		return false, err
 	}

 	return true, nil
--- a/v2/charts/azure-service-operator/values.yaml
+++ b/v2/charts/azure-service-operator/values.yaml
@ -43,7 +43,7 @@ azureOperatorMode: ""
 # repository).
 image:
  repository: mcr.microsoft.com/k8s/azureserviceoperator:v2.0.0-beta.1
-  kubeRBACProxy: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 
+  kubeRBACProxy: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0

 # 'metrics' define settings for the metrics from controller.
 # 'address' field defines the metrics binding address on which metrics
--- a/v2/config/manager/manager_auth_proxy_patch.yaml
+++ b/v2/config/manager/manager_auth_proxy_patch.yaml
@ -10,7 +10,7 @@ spec:
    spec:
      containers:
      - name: kube-rbac-proxy
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
        args:
        - "--secure-listen-address=0.0.0.0:8443"
        - "--upstream=http://127.0.0.1:8080/"
--- a/v2/go.mod
+++ b/v2/go.mod
@ -23,7 +23,7 @@ require (
 	github.com/onsi/gomega v1.17.0
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.12.1
-	golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88
+	golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d
 	golang.org/x/exp v0.0.0-20220414153411-bcd21879b8fd
 	golang.org/x/time v0.0.0-20220224211638-0e9765cccd65
 	k8s.io/api v0.24.0-beta.0
--- a/v2/go.sum
+++ b/v2/go.sum
@ -570,6 +570,8 @@ golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88 h1:Tgea0cVUD0ivh5ADBX4WwuI12DUd2to3nCYe2eayMIw=
 golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY=
+golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=