diff --git a/cmd/operator-controller/main.go b/cmd/operator-controller/main.go index 48104537e9..5c953d05cc 100644 --- a/cmd/operator-controller/main.go +++ b/cmd/operator-controller/main.go @@ -30,6 +30,7 @@ import ( "github.com/spf13/cobra" "go.podman.io/image/v5/types" + corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" apiextensionsv1client "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1" @@ -697,8 +698,13 @@ func (c *boxcutterReconcilerConfigurator) Configure(ceReconciler *controllers.Cl return fmt.Errorf("unable to create revision engine factory: %w", err) } + cosClient := &secretFallbackClient{ + Client: c.mgr.GetClient(), + apiReader: c.mgr.GetAPIReader(), + systemNamespace: cfg.systemNamespace, + } if err = (&controllers.ClusterObjectSetReconciler{ - Client: c.mgr.GetClient(), + Client: cosClient, RevisionEngineFactory: revisionEngineFactory, TrackingCache: trackingCache, }).SetupWithManager(c.mgr); err != nil { @@ -791,3 +797,18 @@ func main() { os.Exit(1) } } + +// secretFallbackClient wraps a cached client.Client and falls back to direct +// API reads for Secrets outside the system namespace, where the cache does not watch. +type secretFallbackClient struct { + client.Client + apiReader client.Reader + systemNamespace string +} + +func (c *secretFallbackClient) Get(ctx context.Context, key client.ObjectKey, obj client.Object, opts ...client.GetOption) error { + if _, isSecret := obj.(*corev1.Secret); isSecret && key.Namespace != c.systemNamespace { + return c.apiReader.Get(ctx, key, obj, opts...) + } + return c.Client.Get(ctx, key, obj, opts...) +} diff --git a/go.mod b/go.mod index 4791c92170..fbdb616f60 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/google/go-containerregistry v0.21.3 github.com/google/renameio/v2 v2.0.2 github.com/gorilla/handlers v1.5.2 - github.com/klauspost/compress v1.18.4 + github.com/klauspost/compress v1.18.5 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.1 github.com/operator-framework/api v0.41.0 @@ -113,7 +113,7 @@ require ( github.com/go-git/go-billy/v5 v5.8.0 // indirect github.com/go-git/go-git/v5 v5.17.1 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect - github.com/go-jose/go-jose/v4 v4.1.3 // indirect + github.com/go-jose/go-jose/v4 v4.1.4 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.22.5 // indirect github.com/go-openapi/jsonreference v0.21.5 // indirect diff --git a/go.sum b/go.sum index 73dc32859b..d1f115207d 100644 --- a/go.sum +++ b/go.sum @@ -163,8 +163,8 @@ github.com/go-git/go-git/v5 v5.17.1 h1:WnljyxIzSj9BRRUlnmAU35ohDsjRK0EKmL0evDqi5 github.com/go-git/go-git/v5 v5.17.1/go.mod h1:pW/VmeqkanRFqR6AljLcs7EA7FbZaN5MQqO7oZADXpo= github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs= github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw= -github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs= -github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= +github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA= +github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -324,8 +324,8 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE9a2c= -github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4= +github.com/klauspost/compress v1.18.5 h1:/h1gH5Ce+VWNLSWqPzOVn6XBO+vJbCNGvjoaGBFW2IE= +github.com/klauspost/compress v1.18.5/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ= github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU= github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= diff --git a/helm/olmv1/templates/rbac/clusterrole-operator-controller-manager-role.yml b/helm/olmv1/templates/rbac/clusterrole-operator-controller-manager-role.yml index d6f9e87909..1d096c82b5 100644 --- a/helm/olmv1/templates/rbac/clusterrole-operator-controller-manager-role.yml +++ b/helm/olmv1/templates/rbac/clusterrole-operator-controller-manager-role.yml @@ -86,6 +86,12 @@ rules: verbs: - list - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get - apiGroups: - olm.operatorframework.io resources: diff --git a/manifests/experimental-e2e.yaml b/manifests/experimental-e2e.yaml index dcb4fac364..4d44532303 100644 --- a/manifests/experimental-e2e.yaml +++ b/manifests/experimental-e2e.yaml @@ -2167,6 +2167,12 @@ rules: verbs: - list - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get - apiGroups: - olm.operatorframework.io resources: diff --git a/manifests/experimental.yaml b/manifests/experimental.yaml index dc9a02a4f9..7f5d7c53a8 100644 --- a/manifests/experimental.yaml +++ b/manifests/experimental.yaml @@ -2128,6 +2128,12 @@ rules: verbs: - list - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get - apiGroups: - olm.operatorframework.io resources: diff --git a/openshift/tests-extension/go.sum b/openshift/tests-extension/go.sum index ee8641d5b0..2a93000c4d 100644 --- a/openshift/tests-extension/go.sum +++ b/openshift/tests-extension/go.sum @@ -98,8 +98,8 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE9a2c= -github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4= +github.com/klauspost/compress v1.18.5 h1:/h1gH5Ce+VWNLSWqPzOVn6XBO+vJbCNGvjoaGBFW2IE= +github.com/klauspost/compress v1.18.5/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= diff --git a/requirements.txt b/requirements.txt index d19a721cd3..e2076a4de0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -14,7 +14,7 @@ markdown2==2.5.5 MarkupSafe==3.0.3 mergedeep==1.3.4 mkdocs==1.6.1 -mkdocs-material==9.7.5 +mkdocs-material==9.7.6 mkdocs-material-extensions==1.3.1 packaging==26.0 paginate==0.5.7 diff --git a/test/e2e/features/install.feature b/test/e2e/features/install.feature index 9b7025d9a9..96b1cbb92f 100644 --- a/test/e2e/features/install.feature +++ b/test/e2e/features/install.feature @@ -524,12 +524,15 @@ Feature: Install ClusterExtension """ Then ClusterExtension is rolled out And ClusterExtension is available - And ClusterObjectSet "${NAME}-1" phase objects use refs - And ClusterObjectSet "${NAME}-1" ref Secrets exist in "olmv1-system" namespace - And ClusterObjectSet "${NAME}-1" ref Secrets are immutable - And ClusterObjectSet "${NAME}-1" ref Secrets are labeled with revision and owner - And ClusterObjectSet "${NAME}-1" ref Secrets have ownerReference to the revision - And ClusterObjectSet "${NAME}-1" ref Secrets have type "olm.operatorframework.io/object-data" + And ClusterObjectSet "${NAME}-1" phase objects are managed in Kubernetes secrets + And ClusterObjectSet "${NAME}-1" referred secrets exist in "olmv1-system" namespace + And ClusterObjectSet "${NAME}-1" referred secrets are immutable + And ClusterObjectSet "${NAME}-1" referred secrets contain labels + | key | value | + | olm.operatorframework.io/revision-name | ${NAME}-1 | + | olm.operatorframework.io/owner-name | ${NAME} | + And ClusterObjectSet "${NAME}-1" referred secrets are owned by the object set + And ClusterObjectSet "${NAME}-1" referred secrets have type "olm.operatorframework.io/object-data" @DeploymentConfig Scenario: deploymentConfig nodeSelector is applied to the operator deployment diff --git a/test/e2e/features/revision.feature b/test/e2e/features/revision.feature index d07e3fb198..dd6d9e9407 100644 --- a/test/e2e/features/revision.feature +++ b/test/e2e/features/revision.feature @@ -338,4 +338,108 @@ Feature: Install ClusterObjectSet And resource "pod/test-pod" is installed And resource "configmap/test-configmap-3" is installed And ClusterObjectSet "${COS_NAME}" reports Progressing as True with Reason Succeeded - And ClusterObjectSet "${COS_NAME}" reports Available as True with Reason ProbesSucceeded \ No newline at end of file + And ClusterObjectSet "${COS_NAME}" reports Available as True with Reason ProbesSucceeded + + Scenario: User can install a ClusterObjectSet with objects stored in Secrets + Given ServiceAccount "olm-sa" with needed permissions is available in test namespace + When resource is applied + """ + apiVersion: v1 + kind: Secret + metadata: + name: ${COS_NAME}-ref-secret + namespace: ${TEST_NAMESPACE} + immutable: true + type: olm.operatorframework.io/object-data + stringData: + configmap: | + { + "apiVersion": "v1", + "kind": "ConfigMap", + "metadata": { + "name": "test-configmap-ref", + "namespace": "${TEST_NAMESPACE}" + }, + "data": { + "key": "value" + } + } + deployment: | + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "test-httpd", + "namespace": "${TEST_NAMESPACE}", + "labels": { + "app": "test-httpd" + } + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "test-httpd" + } + }, + "template": { + "metadata": { + "labels": { + "app": "test-httpd" + } + }, + "spec": { + "containers": [ + { + "name": "httpd", + "image": "busybox:1.36", + "imagePullPolicy": "IfNotPresent", + "command": ["httpd"], + "args": ["-f", "-p", "8080"], + "securityContext": { + "runAsNonRoot": true, + "runAsUser": 1000, + "allowPrivilegeEscalation": false, + "capabilities": { + "drop": ["ALL"] + }, + "seccompProfile": { + "type": "RuntimeDefault" + } + } + } + ] + } + } + } + } + """ + And ClusterObjectSet is applied + """ + apiVersion: olm.operatorframework.io/v1 + kind: ClusterObjectSet + metadata: + annotations: + olm.operatorframework.io/service-account-name: olm-sa + olm.operatorframework.io/service-account-namespace: ${TEST_NAMESPACE} + name: ${COS_NAME} + spec: + lifecycleState: Active + collisionProtection: Prevent + phases: + - name: resources + objects: + - ref: + name: ${COS_NAME}-ref-secret + namespace: ${TEST_NAMESPACE} + key: configmap + - ref: + name: ${COS_NAME}-ref-secret + namespace: ${TEST_NAMESPACE} + key: deployment + revision: 1 + """ + Then ClusterObjectSet "${COS_NAME}" reports Progressing as True with Reason Succeeded + And ClusterObjectSet "${COS_NAME}" reports Available as True with Reason ProbesSucceeded + And resource "configmap/test-configmap-ref" is installed + And resource "deployment/test-httpd" is installed \ No newline at end of file diff --git a/test/e2e/steps/hooks.go b/test/e2e/steps/hooks.go index ccce95efc5..5d73bcbed2 100644 --- a/test/e2e/steps/hooks.go +++ b/test/e2e/steps/hooks.go @@ -22,8 +22,9 @@ import ( ) type resource struct { - name string - kind string + name string + kind string + namespace string } type scenarioContext struct { @@ -195,8 +196,12 @@ func ScenarioCleanup(ctx context.Context, _ *godog.Scenario, err error) (context forDeletion = append(forDeletion, resource{name: sc.namespace, kind: "namespace"}) for _, r := range forDeletion { go func(res resource) { - if _, err := k8sClient("delete", res.kind, res.name, "--ignore-not-found=true"); err != nil { - logger.Info("Error deleting resource", "name", res.name, "namespace", sc.namespace, "stderr", stderrOutput(err)) + args := []string{"delete", res.kind, res.name, "--ignore-not-found=true"} + if res.namespace != "" { + args = append(args, "-n", res.namespace) + } + if _, err := k8sClient(args...); err != nil { + logger.Info("Error deleting resource", "name", res.name, "namespace", res.namespace, "stderr", stderrOutput(err)) } }(r) } diff --git a/test/e2e/steps/steps.go b/test/e2e/steps/steps.go index 1f0bbb3ec5..2b5603ab79 100644 --- a/test/e2e/steps/steps.go +++ b/test/e2e/steps/steps.go @@ -96,12 +96,12 @@ func RegisterSteps(sc *godog.ScenarioContext) { sc.Step(`^(?i)ClusterObjectSet "([^"]+)" contains annotation "([^"]+)" with value$`, ClusterObjectSetHasAnnotationWithValue) sc.Step(`^(?i)ClusterObjectSet "([^"]+)" has label "([^"]+)" with value "([^"]+)"$`, ClusterObjectSetHasLabelWithValue) sc.Step(`^(?i)ClusterObjectSet "([^"]+)" phase objects are not found or not owned by the revision$`, ClusterObjectSetObjectsNotFoundOrNotOwned) - sc.Step(`^(?i)ClusterObjectSet "([^"]+)" phase objects use refs$`, ClusterObjectSetPhaseObjectsUseRefs) - sc.Step(`^(?i)ClusterObjectSet "([^"]+)" ref Secrets exist in "([^"]+)" namespace$`, ClusterObjectSetRefSecretsExist) - sc.Step(`^(?i)ClusterObjectSet "([^"]+)" ref Secrets are immutable$`, ClusterObjectSetRefSecretsAreImmutable) - sc.Step(`^(?i)ClusterObjectSet "([^"]+)" ref Secrets are labeled with revision and owner$`, ClusterObjectSetRefSecretsLabeled) - sc.Step(`^(?i)ClusterObjectSet "([^"]+)" ref Secrets have ownerReference to the revision$`, ClusterObjectSetRefSecretsHaveOwnerRef) - sc.Step(`^(?i)ClusterObjectSet "([^"]+)" ref Secrets have type "([^"]+)"$`, ClusterObjectSetReferredSecretsHaveType) + sc.Step(`^(?i)ClusterObjectSet "([^"]+)" phase objects are managed in Kubernetes secrets$`, ClusterObjectSetPhaseObjectsManagedInSecrets) + sc.Step(`^(?i)ClusterObjectSet "([^"]+)" referred secrets exist in "([^"]+)" namespace$`, ClusterObjectSetReferredSecretsExist) + sc.Step(`^(?i)ClusterObjectSet "([^"]+)" referred secrets are immutable$`, ClusterObjectSetReferredSecretsAreImmutable) + sc.Step(`^(?i)ClusterObjectSet "([^"]+)" referred secrets contain labels$`, ClusterObjectSetReferredSecretsContainLabels) + sc.Step(`^(?i)ClusterObjectSet "([^"]+)" referred secrets are owned by the object set$`, ClusterObjectSetReferredSecretsOwnedByObjectSet) + sc.Step(`^(?i)ClusterObjectSet "([^"]+)" referred secrets have type "([^"]+)"$`, ClusterObjectSetReferredSecretsHaveType) sc.Step(`^(?i)resource "([^"]+)" is installed$`, ResourceAvailable) sc.Step(`^(?i)resource "([^"]+)" is available$`, ResourceAvailable) @@ -310,6 +310,16 @@ func ResourceIsApplied(ctx context.Context, yamlTemplate *godog.DocString) error sc.clusterExtensionName = res.GetName() } else if res.GetKind() == "ClusterObjectSet" { sc.clusterObjectSetName = res.GetName() + } else { + namespace := res.GetNamespace() + if namespace == "" { + namespace = sc.namespace + } + sc.addedResources = append(sc.addedResources, resource{ + name: res.GetName(), + kind: strings.ToLower(res.GetKind()), + namespace: namespace, + }) } return nil } @@ -715,9 +725,9 @@ func ClusterObjectSetObjectsNotFoundOrNotOwned(ctx context.Context, revisionName return nil } -// ClusterObjectSetPhaseObjectsUseRefs verifies that every object in every phase of the named +// ClusterObjectSetPhaseObjectsManagedInSecrets verifies that every object in every phase of the named // ClusterObjectSet uses a ref (not an inline object). Polls with timeout. -func ClusterObjectSetPhaseObjectsUseRefs(ctx context.Context, revisionName string) error { +func ClusterObjectSetPhaseObjectsManagedInSecrets(ctx context.Context, revisionName string) error { sc := scenarioCtx(ctx) revisionName = substituteScenarioVars(strings.TrimSpace(revisionName), sc) @@ -761,14 +771,14 @@ func ClusterObjectSetPhaseObjectsUseRefs(ctx context.Context, revisionName strin return nil } -// ClusterObjectSetRefSecretsExist verifies that all Secrets referenced by the named +// ClusterObjectSetReferredSecretsExist verifies that all Secrets referenced by the named // ClusterObjectSet's phase objects exist in the given namespace. Polls with timeout. -func ClusterObjectSetRefSecretsExist(ctx context.Context, revisionName, namespace string) error { +func ClusterObjectSetReferredSecretsExist(ctx context.Context, revisionName, namespace string) error { sc := scenarioCtx(ctx) revisionName = substituteScenarioVars(strings.TrimSpace(revisionName), sc) namespace = substituteScenarioVars(strings.TrimSpace(namespace), sc) - secretNames, err := collectRefSecretNames(ctx, revisionName) + secretNames, err := collectReferredSecretNames(ctx, revisionName) if err != nil { return err } @@ -782,64 +792,59 @@ func ClusterObjectSetRefSecretsExist(ctx context.Context, revisionName, namespac return nil } -// ClusterObjectSetRefSecretsAreImmutable verifies that all ref Secrets for the named +// ClusterObjectSetReferredSecretsAreImmutable verifies that all referred Secrets for the named // ClusterObjectSet are immutable. Polls with timeout. -func ClusterObjectSetRefSecretsAreImmutable(ctx context.Context, revisionName string) error { +func ClusterObjectSetReferredSecretsAreImmutable(ctx context.Context, revisionName string) error { sc := scenarioCtx(ctx) revisionName = substituteScenarioVars(strings.TrimSpace(revisionName), sc) - secrets, err := listRefSecrets(ctx, revisionName) + secrets, err := listReferredSecrets(ctx, revisionName) if err != nil { return err } if len(secrets) == 0 { - return fmt.Errorf("no ref Secrets found for revision %q", revisionName) + return fmt.Errorf("no referred secrets found for revision %q", revisionName) } for _, s := range secrets { if s.Immutable == nil || !*s.Immutable { - return fmt.Errorf("ref Secret %s/%s is not immutable", s.Namespace, s.Name) + return fmt.Errorf("referred secret %s/%s is not immutable", s.Namespace, s.Name) } } return nil } -// ClusterObjectSetRefSecretsLabeled verifies that all ref Secrets for the named -// ClusterObjectSet have the expected revision-name and owner-name labels. -func ClusterObjectSetRefSecretsLabeled(ctx context.Context, revisionName string) error { +// ClusterObjectSetReferredSecretsContainLabels verifies that all referred Secrets for the named +// ClusterObjectSet have the expected labels specified in the data table. Polls with timeout. +func ClusterObjectSetReferredSecretsContainLabels(ctx context.Context, revisionName string, table *godog.Table) error { sc := scenarioCtx(ctx) revisionName = substituteScenarioVars(strings.TrimSpace(revisionName), sc) - secrets, err := listRefSecrets(ctx, revisionName) + expected, err := parseKeyValueTable(table) if err != nil { - return err - } - if len(secrets) == 0 { - return fmt.Errorf("no ref Secrets found for revision %q", revisionName) + return fmt.Errorf("invalid labels table: %w", err) } - - // Get the owner name from the ClusterObjectSet's own labels. - cosObj, err := getResource("clusterobjectset", revisionName, "") - if err != nil { - return fmt.Errorf("getting ClusterObjectSet %q: %w", revisionName, err) + for k, v := range expected { + expected[k] = substituteScenarioVars(v, sc) } - expectedOwner := cosObj.GetLabels()["olm.operatorframework.io/owner-name"] - for _, s := range secrets { - revLabel := s.Labels["olm.operatorframework.io/revision-name"] - if revLabel != revisionName { - return fmt.Errorf("secret %s/%s has revision-name label %q, expected %q", s.Namespace, s.Name, revLabel, revisionName) + waitFor(ctx, func() bool { + secrets, err := listReferredSecrets(ctx, revisionName) + if err != nil || len(secrets) == 0 { + return false } - ownerLabel := s.Labels["olm.operatorframework.io/owner-name"] - if expectedOwner != "" && ownerLabel != expectedOwner { - return fmt.Errorf("secret %s/%s has owner-name label %q, expected %q", s.Namespace, s.Name, ownerLabel, expectedOwner) + for _, s := range secrets { + if _, _, ok := matchLabels(s.Labels, expected); !ok { + return false + } } - } + return true + }) return nil } -// ClusterObjectSetRefSecretsHaveOwnerRef verifies that all ref Secrets for the named +// ClusterObjectSetReferredSecretsOwnedByObjectSet verifies that all referred Secrets for the named // ClusterObjectSet have an ownerReference pointing to the ClusterObjectSet with controller=true. -func ClusterObjectSetRefSecretsHaveOwnerRef(ctx context.Context, revisionName string) error { +func ClusterObjectSetReferredSecretsOwnedByObjectSet(ctx context.Context, revisionName string) error { sc := scenarioCtx(ctx) revisionName = substituteScenarioVars(strings.TrimSpace(revisionName), sc) @@ -849,12 +854,12 @@ func ClusterObjectSetRefSecretsHaveOwnerRef(ctx context.Context, revisionName st } cosUID := cosObj.GetUID() - secrets, err := listRefSecrets(ctx, revisionName) + secrets, err := listReferredSecrets(ctx, revisionName) if err != nil { return err } if len(secrets) == 0 { - return fmt.Errorf("no ref Secrets found for revision %q", revisionName) + return fmt.Errorf("no referred secrets found for revision %q", revisionName) } for _, s := range secrets { @@ -875,18 +880,18 @@ func ClusterObjectSetRefSecretsHaveOwnerRef(ctx context.Context, revisionName st return nil } -// ClusterObjectSetReferredSecretsHaveType verifies that all ref Secrets for the named +// ClusterObjectSetReferredSecretsHaveType verifies that all referred Secrets for the named // ClusterObjectSet have the specified Secret type. func ClusterObjectSetReferredSecretsHaveType(ctx context.Context, revisionName, expectedType string) error { sc := scenarioCtx(ctx) revisionName = substituteScenarioVars(strings.TrimSpace(revisionName), sc) - secrets, err := listRefSecrets(ctx, revisionName) + secrets, err := listReferredSecrets(ctx, revisionName) if err != nil { return err } if len(secrets) == 0 { - return fmt.Errorf("no ref Secrets found for revision %q", revisionName) + return fmt.Errorf("no referred secrets found for revision %q", revisionName) } for _, s := range secrets { @@ -897,8 +902,8 @@ func ClusterObjectSetReferredSecretsHaveType(ctx context.Context, revisionName, return nil } -// collectRefSecretNames returns the unique set of Secret names referenced by the ClusterObjectSet's phase objects. -func collectRefSecretNames(ctx context.Context, revisionName string) ([]string, error) { +// collectReferredSecretNames returns the unique set of Secret names referenced by the ClusterObjectSet's phase objects. +func collectReferredSecretNames(ctx context.Context, revisionName string) ([]string, error) { var names []string seen := sets.New[string]() @@ -929,18 +934,18 @@ func collectRefSecretNames(ctx context.Context, revisionName string) ([]string, } } if len(names) == 0 { - return nil, fmt.Errorf("no ref Secret names found in ClusterObjectSet %q", revisionName) + return nil, fmt.Errorf("no referred secret names found in ClusterObjectSet %q", revisionName) } return names, nil } -// listRefSecrets lists all Secrets in the OLM namespace that have the revision-name label +// listReferredSecrets lists all Secrets in the OLM namespace that have the revision-name label // matching the given revision name. -func listRefSecrets(_ context.Context, revisionName string) ([]corev1.Secret, error) { +func listReferredSecrets(_ context.Context, revisionName string) ([]corev1.Secret, error) { out, err := k8sClient("get", "secrets", "-n", olmNamespace, "-l", "olm.operatorframework.io/revision-name="+revisionName, "-o", "json") if err != nil { - return nil, fmt.Errorf("listing ref Secrets for revision %q: %w", revisionName, err) + return nil, fmt.Errorf("listing referred secrets for revision %q: %w", revisionName, err) } var secretList corev1.SecretList if err := json.Unmarshal([]byte(out), &secretList); err != nil { @@ -1797,6 +1802,17 @@ func ResourceHasAnnotations(ctx context.Context, resourceName string, table *god return nil } +// matchLabels checks that actual labels contain all expected key-value pairs. +// Returns the first mismatched key, the actual value, and false if a mismatch is found. +func matchLabels(actual, expected map[string]string) (string, string, bool) { + for k, v := range expected { + if a, found := actual[k]; !found || a != v { + return k, a, false + } + } + return "", "", true +} + // ResourceHasLabels waits for a resource to have all labels specified in the data table. // The table must have "key" and "value" columns. // Only supports namespaced resources (always uses sc.namespace). @@ -1823,12 +1839,9 @@ func ResourceHasLabels(ctx context.Context, resourceName string, table *godog.Ta if err := json.Unmarshal([]byte(out), &obj); err != nil { return false } - labels := obj.GetLabels() - for k, v := range expected { - if actual, found := labels[k]; !found || actual != v { - logger.V(1).Info("Label not yet present or value mismatch", "resource", resourceName, "key", k, "expected", v, "actual", actual) - return false - } + if key, got, ok := matchLabels(obj.GetLabels(), expected); !ok { + logger.V(1).Info("Label not yet present or value mismatch", "resource", resourceName, "key", key, "expected", expected[key], "actual", got) + return false } return true }) diff --git a/vendor/github.com/go-jose/go-jose/v4/asymmetric.go b/vendor/github.com/go-jose/go-jose/v4/asymmetric.go index f8d5774ef5..7784cd4584 100644 --- a/vendor/github.com/go-jose/go-jose/v4/asymmetric.go +++ b/vendor/github.com/go-jose/go-jose/v4/asymmetric.go @@ -414,6 +414,9 @@ func (ctx ecKeyGenerator) genKey() ([]byte, rawHeader, error) { // Decrypt the given payload and return the content encryption key. func (ctx ecDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) { + if recipient == nil { + return nil, errors.New("go-jose/go-jose: missing recipient") + } epk, err := headers.getEPK() if err != nil { return nil, errors.New("go-jose/go-jose: invalid epk header") @@ -461,13 +464,18 @@ func (ctx ecDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientI return nil, ErrUnsupportedAlgorithm } + encryptedKey := recipient.encryptedKey + if len(encryptedKey) == 0 { + return nil, errors.New("go-jose/go-jose: missing JWE Encrypted Key") + } + key := deriveKey(string(algorithm), keySize) block, err := aes.NewCipher(key) if err != nil { return nil, err } - return josecipher.KeyUnwrap(block, recipient.encryptedKey) + return josecipher.KeyUnwrap(block, encryptedKey) } func (ctx edDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { diff --git a/vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go b/vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go index b9effbca8a..a2f86e3db9 100644 --- a/vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go +++ b/vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go @@ -66,12 +66,20 @@ func KeyWrap(block cipher.Block, cek []byte) ([]byte, error) { } // KeyUnwrap implements NIST key unwrapping; it unwraps a content encryption key (cek) with the given block cipher. +// +// https://datatracker.ietf.org/doc/html/rfc7518#section-4.4 +// https://datatracker.ietf.org/doc/html/rfc7518#section-4.6 +// https://datatracker.ietf.org/doc/html/rfc7518#section-4.8 func KeyUnwrap(block cipher.Block, ciphertext []byte) ([]byte, error) { + n := (len(ciphertext) / 8) - 1 + if n <= 0 { + return nil, errors.New("go-jose/go-jose: JWE Encrypted Key too short") + } + if len(ciphertext)%8 != 0 { return nil, errors.New("go-jose/go-jose: key wrap input must be 8 byte blocks") } - n := (len(ciphertext) / 8) - 1 r := make([][]byte, n) for i := range r { diff --git a/vendor/github.com/go-jose/go-jose/v4/symmetric.go b/vendor/github.com/go-jose/go-jose/v4/symmetric.go index 09efefb265..f2ff29e179 100644 --- a/vendor/github.com/go-jose/go-jose/v4/symmetric.go +++ b/vendor/github.com/go-jose/go-jose/v4/symmetric.go @@ -366,11 +366,21 @@ func (ctx *symmetricKeyCipher) encryptKey(cek []byte, alg KeyAlgorithm) (recipie // Decrypt the content encryption key. func (ctx *symmetricKeyCipher) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) { - switch headers.getAlgorithm() { - case DIRECT: - cek := make([]byte, len(ctx.key)) - copy(cek, ctx.key) - return cek, nil + if recipient == nil { + return nil, fmt.Errorf("go-jose/go-jose: missing recipient") + } + + alg := headers.getAlgorithm() + if alg == DIRECT { + return bytes.Clone(ctx.key), nil + } + + encryptedKey := recipient.encryptedKey + if len(encryptedKey) == 0 { + return nil, fmt.Errorf("go-jose/go-jose: missing JWE Encrypted Key") + } + + switch alg { case A128GCMKW, A192GCMKW, A256GCMKW: aead := newAESGCM(len(ctx.key)) @@ -385,7 +395,7 @@ func (ctx *symmetricKeyCipher) decryptKey(headers rawHeader, recipient *recipien parts := &aeadParts{ iv: iv.bytes(), - ciphertext: recipient.encryptedKey, + ciphertext: encryptedKey, tag: tag.bytes(), } @@ -401,7 +411,7 @@ func (ctx *symmetricKeyCipher) decryptKey(headers rawHeader, recipient *recipien return nil, err } - cek, err := josecipher.KeyUnwrap(block, recipient.encryptedKey) + cek, err := josecipher.KeyUnwrap(block, encryptedKey) if err != nil { return nil, err } @@ -445,7 +455,7 @@ func (ctx *symmetricKeyCipher) decryptKey(headers rawHeader, recipient *recipien return nil, err } - cek, err := josecipher.KeyUnwrap(block, recipient.encryptedKey) + cek, err := josecipher.KeyUnwrap(block, encryptedKey) if err != nil { return nil, err } diff --git a/vendor/github.com/klauspost/compress/.goreleaser.yml b/vendor/github.com/klauspost/compress/.goreleaser.yml index 4528059ca6..804a201816 100644 --- a/vendor/github.com/klauspost/compress/.goreleaser.yml +++ b/vendor/github.com/klauspost/compress/.goreleaser.yml @@ -31,6 +31,9 @@ builds: - mips64le goarm: - 7 + ignore: + - goos: windows + goarch: arm - id: "s2d" binary: s2d @@ -57,6 +60,9 @@ builds: - mips64le goarm: - 7 + ignore: + - goos: windows + goarch: arm - id: "s2sx" binary: s2sx @@ -84,6 +90,9 @@ builds: - mips64le goarm: - 7 + ignore: + - goos: windows + goarch: arm archives: - @@ -91,7 +100,7 @@ archives: name_template: "s2-{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}" format_overrides: - goos: windows - format: zip + formats: ['zip'] files: - unpack/* - s2/LICENSE diff --git a/vendor/github.com/klauspost/compress/README.md b/vendor/github.com/klauspost/compress/README.md index 5125c1f267..e839fe9c60 100644 --- a/vendor/github.com/klauspost/compress/README.md +++ b/vendor/github.com/klauspost/compress/README.md @@ -26,6 +26,12 @@ This package will support the current Go version and 2 versions back. Use the links above for more information on each. # changelog + +* Feb 9th, 2026 [1.18.4](https://github.com/klauspost/compress/releases/tag/v1.18.4) + * gzhttp: Add zstandard to server handler wrapper https://github.com/klauspost/compress/pull/1121 + * zstd: Add ResetWithOptions to encoder/decoder https://github.com/klauspost/compress/pull/1122 + * gzhttp: preserve qvalue when extra parameters follow in Accept-Encoding by @analytically in https://github.com/klauspost/compress/pull/1116 + * Jan 16th, 2026 [1.18.3](https://github.com/klauspost/compress/releases/tag/v1.18.3) * Downstream CVE-2025-61728. See [golang/go#77102](https://github.com/golang/go/issues/77102). @@ -691,3 +697,4 @@ This code is licensed under the same conditions as the original Go code. See LIC + diff --git a/vendor/github.com/klauspost/compress/flate/huffman_code.go b/vendor/github.com/klauspost/compress/flate/huffman_code.go index 5f901bd0fe..4b312dea3e 100644 --- a/vendor/github.com/klauspost/compress/flate/huffman_code.go +++ b/vendor/github.com/klauspost/compress/flate/huffman_code.go @@ -407,8 +407,8 @@ func histogramSplit(b []byte, h []uint16) { for i, t := range x { v0 := &h[t] v1 := &h[y[i]] - v3 := &h[w[i]] v2 := &h[z[i]] + v3 := &h[w[i]] *v0++ *v1++ *v2++ diff --git a/vendor/github.com/klauspost/compress/flate/regmask_other.go b/vendor/github.com/klauspost/compress/flate/regmask_other.go index 1b7a2cbd79..e62caf711e 100644 --- a/vendor/github.com/klauspost/compress/flate/regmask_other.go +++ b/vendor/github.com/klauspost/compress/flate/regmask_other.go @@ -1,5 +1,4 @@ //go:build !amd64 -// +build !amd64 package flate diff --git a/vendor/github.com/klauspost/compress/huff0/decompress_amd64.go b/vendor/github.com/klauspost/compress/huff0/decompress_amd64.go index 99ddd4af97..2d6ef64be1 100644 --- a/vendor/github.com/klauspost/compress/huff0/decompress_amd64.go +++ b/vendor/github.com/klauspost/compress/huff0/decompress_amd64.go @@ -1,5 +1,4 @@ //go:build amd64 && !appengine && !noasm && gc -// +build amd64,!appengine,!noasm,gc // This file contains the specialisation of Decoder.Decompress4X // and Decoder.Decompress1X that use an asm implementation of thir main loops. diff --git a/vendor/github.com/klauspost/compress/huff0/decompress_generic.go b/vendor/github.com/klauspost/compress/huff0/decompress_generic.go index 908c17de63..6103923222 100644 --- a/vendor/github.com/klauspost/compress/huff0/decompress_generic.go +++ b/vendor/github.com/klauspost/compress/huff0/decompress_generic.go @@ -1,5 +1,4 @@ //go:build !amd64 || appengine || !gc || noasm -// +build !amd64 appengine !gc noasm // This file contains a generic implementation of Decoder.Decompress4X. package huff0 diff --git a/vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.go b/vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.go index e802579c4f..b97f9056f4 100644 --- a/vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.go +++ b/vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.go @@ -1,5 +1,4 @@ //go:build amd64 && !appengine && !noasm && gc -// +build amd64,!appengine,!noasm,gc package cpuinfo diff --git a/vendor/github.com/klauspost/compress/zstd/blockenc.go b/vendor/github.com/klauspost/compress/zstd/blockenc.go index fd35ea1480..0e33aea442 100644 --- a/vendor/github.com/klauspost/compress/zstd/blockenc.go +++ b/vendor/github.com/klauspost/compress/zstd/blockenc.go @@ -78,6 +78,7 @@ func (b *blockEnc) initNewEncode() { b.recentOffsets = [3]uint32{1, 4, 8} b.litEnc.Reuse = huff0.ReusePolicyNone b.coders.setPrev(nil, nil, nil) + b.dictLitEnc = nil } // reset will reset the block for a new encode, but in the same stream, diff --git a/vendor/github.com/klauspost/compress/zstd/enc_base.go b/vendor/github.com/klauspost/compress/zstd/enc_base.go index c1192ec38f..c4de134a7a 100644 --- a/vendor/github.com/klauspost/compress/zstd/enc_base.go +++ b/vendor/github.com/klauspost/compress/zstd/enc_base.go @@ -21,7 +21,7 @@ type fastBase struct { crc *xxhash.Digest tmp [8]byte blk *blockEnc - lastDictID uint32 + lastDict *dict lowMem bool } diff --git a/vendor/github.com/klauspost/compress/zstd/enc_best.go b/vendor/github.com/klauspost/compress/zstd/enc_best.go index c1581cfcb8..851799322b 100644 --- a/vendor/github.com/klauspost/compress/zstd/enc_best.go +++ b/vendor/github.com/klauspost/compress/zstd/enc_best.go @@ -479,10 +479,13 @@ func (e *bestFastEncoder) Reset(d *dict, singleBlock bool) { if d == nil { return } + dictChanged := d != e.lastDict // Init or copy dict table - if len(e.dictTable) != len(e.table) || d.id != e.lastDictID { + if len(e.dictTable) != len(e.table) || dictChanged { if len(e.dictTable) != len(e.table) { e.dictTable = make([]prevEntry, len(e.table)) + } else { + clear(e.dictTable) } end := int32(len(d.content)) - 8 + e.maxMatchOff for i := e.maxMatchOff; i < end; i += 4 { @@ -510,13 +513,14 @@ func (e *bestFastEncoder) Reset(d *dict, singleBlock bool) { offset: i + 3, } } - e.lastDictID = d.id } - // Init or copy dict table - if len(e.dictLongTable) != len(e.longTable) || d.id != e.lastDictID { + // Init or copy dict long table + if len(e.dictLongTable) != len(e.longTable) || dictChanged { if len(e.dictLongTable) != len(e.longTable) { e.dictLongTable = make([]prevEntry, len(e.longTable)) + } else { + clear(e.dictLongTable) } if len(d.content) >= 8 { cv := load6432(d.content, 0) @@ -538,8 +542,8 @@ func (e *bestFastEncoder) Reset(d *dict, singleBlock bool) { off++ } } - e.lastDictID = d.id } + e.lastDict = d // Reset table to initial state copy(e.longTable[:], e.dictLongTable) diff --git a/vendor/github.com/klauspost/compress/zstd/enc_better.go b/vendor/github.com/klauspost/compress/zstd/enc_better.go index 85dcd28c32..3305f09248 100644 --- a/vendor/github.com/klauspost/compress/zstd/enc_better.go +++ b/vendor/github.com/klauspost/compress/zstd/enc_better.go @@ -1102,10 +1102,13 @@ func (e *betterFastEncoderDict) Reset(d *dict, singleBlock bool) { if d == nil { return } + dictChanged := d != e.lastDict // Init or copy dict table - if len(e.dictTable) != len(e.table) || d.id != e.lastDictID { + if len(e.dictTable) != len(e.table) || dictChanged { if len(e.dictTable) != len(e.table) { e.dictTable = make([]tableEntry, len(e.table)) + } else { + clear(e.dictTable) } end := int32(len(d.content)) - 8 + e.maxMatchOff for i := e.maxMatchOff; i < end; i += 4 { @@ -1133,14 +1136,15 @@ func (e *betterFastEncoderDict) Reset(d *dict, singleBlock bool) { offset: i + 3, } } - e.lastDictID = d.id e.allDirty = true } - // Init or copy dict table - if len(e.dictLongTable) != len(e.longTable) || d.id != e.lastDictID { + // Init or copy dict long table + if len(e.dictLongTable) != len(e.longTable) || dictChanged { if len(e.dictLongTable) != len(e.longTable) { e.dictLongTable = make([]prevEntry, len(e.longTable)) + } else { + clear(e.dictLongTable) } if len(d.content) >= 8 { cv := load6432(d.content, 0) @@ -1162,9 +1166,9 @@ func (e *betterFastEncoderDict) Reset(d *dict, singleBlock bool) { off++ } } - e.lastDictID = d.id e.allDirty = true } + e.lastDict = d // Reset table to initial state { diff --git a/vendor/github.com/klauspost/compress/zstd/enc_dfast.go b/vendor/github.com/klauspost/compress/zstd/enc_dfast.go index cf8cad00dc..2fb6da112b 100644 --- a/vendor/github.com/klauspost/compress/zstd/enc_dfast.go +++ b/vendor/github.com/klauspost/compress/zstd/enc_dfast.go @@ -1040,15 +1040,18 @@ func (e *doubleFastEncoder) Reset(d *dict, singleBlock bool) { // ResetDict will reset and set a dictionary if not nil func (e *doubleFastEncoderDict) Reset(d *dict, singleBlock bool) { allDirty := e.allDirty + dictChanged := d != e.lastDict e.fastEncoderDict.Reset(d, singleBlock) if d == nil { return } // Init or copy dict table - if len(e.dictLongTable) != len(e.longTable) || d.id != e.lastDictID { + if len(e.dictLongTable) != len(e.longTable) || dictChanged { if len(e.dictLongTable) != len(e.longTable) { e.dictLongTable = make([]tableEntry, len(e.longTable)) + } else { + clear(e.dictLongTable) } if len(d.content) >= 8 { cv := load6432(d.content, 0) @@ -1065,7 +1068,6 @@ func (e *doubleFastEncoderDict) Reset(d *dict, singleBlock bool) { } } } - e.lastDictID = d.id allDirty = true } // Reset table to initial state diff --git a/vendor/github.com/klauspost/compress/zstd/enc_fast.go b/vendor/github.com/klauspost/compress/zstd/enc_fast.go index 9180a3a582..5e104f1a48 100644 --- a/vendor/github.com/klauspost/compress/zstd/enc_fast.go +++ b/vendor/github.com/klauspost/compress/zstd/enc_fast.go @@ -805,9 +805,11 @@ func (e *fastEncoderDict) Reset(d *dict, singleBlock bool) { } // Init or copy dict table - if len(e.dictTable) != len(e.table) || d.id != e.lastDictID { + if len(e.dictTable) != len(e.table) || d != e.lastDict { if len(e.dictTable) != len(e.table) { e.dictTable = make([]tableEntry, len(e.table)) + } else { + clear(e.dictTable) } if true { end := e.maxMatchOff + int32(len(d.content)) - 8 @@ -827,7 +829,7 @@ func (e *fastEncoderDict) Reset(d *dict, singleBlock bool) { } } } - e.lastDictID = d.id + e.lastDict = d e.allDirty = true } diff --git a/vendor/github.com/klauspost/compress/zstd/encoder.go b/vendor/github.com/klauspost/compress/zstd/encoder.go index 19e730acc2..0f2a00a003 100644 --- a/vendor/github.com/klauspost/compress/zstd/encoder.go +++ b/vendor/github.com/klauspost/compress/zstd/encoder.go @@ -138,11 +138,18 @@ func (e *Encoder) Reset(w io.Writer) { func (e *Encoder) ResetWithOptions(w io.Writer, opts ...EOption) error { e.o.resetOpt = true defer func() { e.o.resetOpt = false }() + hadDict := e.o.dict != nil for _, o := range opts { if err := o(&e.o); err != nil { return err } } + hasDict := e.o.dict != nil + if hadDict != hasDict { + // Dict presence changed — encoder type must be recreated. + e.state.encoder = nil + e.init = sync.Once{} + } e.Reset(w) return nil } @@ -448,6 +455,12 @@ func (e *Encoder) Close() error { if s.encoder == nil { return nil } + if s.w == nil { + if len(s.filling) == 0 && !s.headerWritten && !s.eofWritten && s.nInput == 0 { + return nil + } + return errors.New("zstd: encoder has no writer") + } err := e.nextBlock(true) if err != nil { if errors.Is(s.err, ErrEncoderClosed) { diff --git a/vendor/github.com/klauspost/compress/zstd/encoder_options.go b/vendor/github.com/klauspost/compress/zstd/encoder_options.go index 8e0f5cac71..e217be0a17 100644 --- a/vendor/github.com/klauspost/compress/zstd/encoder_options.go +++ b/vendor/github.com/klauspost/compress/zstd/encoder_options.go @@ -42,6 +42,7 @@ func (o *encoderOptions) setDefault() { level: SpeedDefault, allLitEntropy: false, lowMem: false, + fullZero: true, } } diff --git a/vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.go b/vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.go index d04a829b0a..b8c8607b5d 100644 --- a/vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.go +++ b/vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.go @@ -1,5 +1,4 @@ //go:build amd64 && !appengine && !noasm && gc -// +build amd64,!appengine,!noasm,gc package zstd diff --git a/vendor/github.com/klauspost/compress/zstd/fse_decoder_generic.go b/vendor/github.com/klauspost/compress/zstd/fse_decoder_generic.go index 8adfebb029..2138f8091a 100644 --- a/vendor/github.com/klauspost/compress/zstd/fse_decoder_generic.go +++ b/vendor/github.com/klauspost/compress/zstd/fse_decoder_generic.go @@ -1,5 +1,4 @@ //go:build !amd64 || appengine || !gc || noasm -// +build !amd64 appengine !gc noasm package zstd diff --git a/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_other.go b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_other.go index 0be16cefc7..9576426e68 100644 --- a/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_other.go +++ b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_other.go @@ -1,5 +1,4 @@ //go:build (!amd64 && !arm64) || appengine || !gc || purego || noasm -// +build !amd64,!arm64 appengine !gc purego noasm package xxhash diff --git a/vendor/github.com/klauspost/compress/zstd/matchlen_amd64.go b/vendor/github.com/klauspost/compress/zstd/matchlen_amd64.go index f41932b7a4..1ed18927f9 100644 --- a/vendor/github.com/klauspost/compress/zstd/matchlen_amd64.go +++ b/vendor/github.com/klauspost/compress/zstd/matchlen_amd64.go @@ -1,5 +1,4 @@ //go:build amd64 && !appengine && !noasm && gc -// +build amd64,!appengine,!noasm,gc // Copyright 2019+ Klaus Post. All rights reserved. // License information can be found in the LICENSE file. diff --git a/vendor/github.com/klauspost/compress/zstd/matchlen_generic.go b/vendor/github.com/klauspost/compress/zstd/matchlen_generic.go index bea1779e97..379746c96c 100644 --- a/vendor/github.com/klauspost/compress/zstd/matchlen_generic.go +++ b/vendor/github.com/klauspost/compress/zstd/matchlen_generic.go @@ -1,5 +1,4 @@ //go:build !amd64 || appengine || !gc || noasm -// +build !amd64 appengine !gc noasm // Copyright 2019+ Klaus Post. All rights reserved. // License information can be found in the LICENSE file. diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go index 1f8c3cec28..18c3703ddc 100644 --- a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go +++ b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go @@ -1,5 +1,4 @@ //go:build amd64 && !appengine && !noasm && gc -// +build amd64,!appengine,!noasm,gc package zstd diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go b/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go index 7cec2197cd..516cd9b070 100644 --- a/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go +++ b/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go @@ -1,5 +1,4 @@ //go:build !amd64 || appengine || !gc || noasm -// +build !amd64 appengine !gc noasm package zstd diff --git a/vendor/modules.txt b/vendor/modules.txt index 280a6de969..f1d4249a63 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -308,7 +308,7 @@ github.com/go-git/go-git/v5/utils/ioutil # github.com/go-gorp/gorp/v3 v3.1.0 ## explicit; go 1.18 github.com/go-gorp/gorp/v3 -# github.com/go-jose/go-jose/v4 v4.1.3 +# github.com/go-jose/go-jose/v4 v4.1.4 ## explicit; go 1.24.0 github.com/go-jose/go-jose/v4 github.com/go-jose/go-jose/v4/cipher @@ -539,8 +539,8 @@ github.com/joelanford/ignore # github.com/json-iterator/go v1.1.12 ## explicit; go 1.12 github.com/json-iterator/go -# github.com/klauspost/compress v1.18.4 -## explicit; go 1.23 +# github.com/klauspost/compress v1.18.5 +## explicit; go 1.24 github.com/klauspost/compress github.com/klauspost/compress/flate github.com/klauspost/compress/fse