Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package okteto for openSUSE:Factory checked
in at 2023-06-30 19:58:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/okteto (Old)
and /work/SRC/openSUSE:Factory/.okteto.new.13546 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "okteto"
Fri Jun 30 19:58:34 2023 rev:54 rq:1095997 version:2.16.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/okteto/okteto.changes 2023-06-27
23:16:57.107492288 +0200
+++ /work/SRC/openSUSE:Factory/.okteto.new.13546/okteto.changes 2023-06-30
19:58:51.557638848 +0200
@@ -1,0 +2,6 @@
+Thu Jun 29 10:13:25 UTC 2023 - ka...@b1-systems.de
+
+- Update to version 2.16.5:
+ * fix: wrong registry hostname parse as url (#3743) (#3758)
+
+-------------------------------------------------------------------
Old:
----
okteto-2.16.4.obscpio
New:
----
okteto-2.16.5.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ okteto.spec ++++++
--- /var/tmp/diff_new_pack.SpUFja/_old 2023-06-30 19:58:52.625645201 +0200
+++ /var/tmp/diff_new_pack.SpUFja/_new 2023-06-30 19:58:52.633645248 +0200
@@ -19,7 +19,7 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: okteto
-Version: 2.16.4
+Version: 2.16.5
Release: 0
Summary: Develop your applications directly in your Kubernetes Cluster
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.SpUFja/_old 2023-06-30 19:58:52.681645534 +0200
+++ /var/tmp/diff_new_pack.SpUFja/_new 2023-06-30 19:58:52.685645558 +0200
@@ -3,10 +3,10 @@
<param name="url">https://github.com/okteto/okteto</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">2.16.4</param>
+ <param name="revision">2.16.5</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
- <param name="match-tag">2.16.4</param>
+ <param name="match-tag">2.16.5</param>
</service>
<service name="set_version" mode="disabled">
<param name="basename">okteto</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.SpUFja/_old 2023-06-30 19:58:52.709645700 +0200
+++ /var/tmp/diff_new_pack.SpUFja/_new 2023-06-30 19:58:52.717645748 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/okteto/okteto</param>
- <param
name="changesrevision">b88a1be3200f966f58b7f340c5b6247915ddd7bb</param></service></servicedata>
+ <param
name="changesrevision">cb48d733e7008c0ad1d077d4cafcccc043fb02a6</param></service></servicedata>
(No newline at EOF)
++++++ okteto-2.16.4.obscpio -> okteto-2.16.5.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/okteto-2.16.4/pkg/http/intercept_test.go
new/okteto-2.16.5/pkg/http/intercept_test.go
--- old/okteto-2.16.4/pkg/http/intercept_test.go 2023-06-26
14:39:35.000000000 +0200
+++ new/okteto-2.16.5/pkg/http/intercept_test.go 2023-06-29
07:40:21.000000000 +0200
@@ -47,7 +47,7 @@
i.AppendURLs(tt.input...)
r := []string{}
- for k, _ := range i {
+ for k := range i {
r = append(r, k)
}
assert.ElementsMatch(t, tt.expected, r)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/okteto-2.16.4/pkg/http/options.go
new/okteto-2.16.5/pkg/http/options.go
--- old/okteto-2.16.4/pkg/http/options.go 2023-06-26 14:39:35.000000000
+0200
+++ new/okteto-2.16.5/pkg/http/options.go 2023-06-29 07:40:21.000000000
+0200
@@ -6,4 +6,5 @@
Certs []*x509.Certificate
ServerName string
URLsToIntercept []string
+ TLSDial TLSDialFunc
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/okteto-2.16.4/pkg/http/transport.go
new/okteto-2.16.5/pkg/http/transport.go
--- old/okteto-2.16.4/pkg/http/transport.go 2023-06-26 14:39:35.000000000
+0200
+++ new/okteto-2.16.5/pkg/http/transport.go 2023-06-29 07:40:21.000000000
+0200
@@ -37,6 +37,17 @@
}
}
+type TLSDialFunc func(network string, addr string, config *tls.Config)
(TLSConn, error)
+
+func DefaultTLSDial(network string, addr string, config *tls.Config) (TLSConn,
error) {
+ return tls.Dial(network, addr, config)
+}
+
+type TLSConn interface {
+ net.Conn
+ Handshake() error
+}
+
// StrictSSLTransport returns an *http.Transport with RootCAs set with both
the SystemCertPool and the given *x509.Certificates
// If obtaining SystemCertPool fails, it uses an empty *x509.CertPool as base
func StrictSSLTransport(opts *SSLTransportOption) *http.Transport {
@@ -50,6 +61,9 @@
}
for _, cert := range opts.Certs {
+ if cert == nil {
+ continue
+ }
pool.AddCert(cert)
}
@@ -69,14 +83,18 @@
addr = opts.ServerName
}
- conn, err := tls.Dial("tcp", addr, transport.TLSClientConfig)
+ tlsDial := opts.TLSDial
+ if tlsDial == nil {
+ tlsDial = DefaultTLSDial
+ }
+ tlsConn, err := tlsDial("tcp", addr, transport.TLSClientConfig)
if err != nil {
return nil, fmt.Errorf("tcp dial failed for %s: %w",
addr, err)
}
- if err := conn.Handshake(); err != nil {
+ if err := tlsConn.Handshake(); err != nil {
return nil, fmt.Errorf("tls handshake failed for %s:
%w", addr, err)
}
- return conn, err
+ return tlsConn, nil
}
return transport
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/okteto-2.16.4/pkg/okteto/config.go
new/okteto-2.16.5/pkg/okteto/config.go
--- old/okteto-2.16.4/pkg/okteto/config.go 2023-06-26 14:39:35.000000000
+0200
+++ new/okteto-2.16.5/pkg/okteto/config.go 2023-06-29 07:40:21.000000000
+0200
@@ -26,3 +26,4 @@
func (Config) GetContextCertificate() (*x509.Certificate, error) { return
GetContextCertificate() }
func (Config) IsInsecureSkipTLSVerifyPolicy() bool { return
Context().IsInsecure }
func (Config) GetServerNameOverride() string { return
GetServerNameOverride() }
+func (Config) GetContextName() string { return
Context().Name }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/okteto-2.16.4/pkg/registry/client.go
new/okteto-2.16.5/pkg/registry/client.go
--- old/okteto-2.16.4/pkg/registry/client.go 2023-06-26 14:39:35.000000000
+0200
+++ new/okteto-2.16.5/pkg/registry/client.go 2023-06-29 07:40:21.000000000
+0200
@@ -42,6 +42,7 @@
IsInsecureSkipTLSVerifyPolicy() bool
GetContextCertificate() (*x509.Certificate, error)
GetServerNameOverride() string
+ GetContextName() string
}
type oktetoHelperConfig interface {
@@ -65,14 +66,16 @@
// client operates with the registry API
type client struct {
- config ClientConfigInterface
- get func(ref name.Reference, options ...remote.Option)
(*remote.Descriptor, error)
+ config ClientConfigInterface
+ get func(ref name.Reference, options ...remote.Option)
(*remote.Descriptor, error)
+ tlsDial oktetoHttp.TLSDialFunc
}
func newOktetoRegistryClient(config ClientConfigInterface) client {
return client{
- config: config,
- get: remote.Get,
+ config: config,
+ get: remote.Get,
+ tlsDial: oktetoHttp.DefaultTLSDial,
}
}
@@ -170,11 +173,16 @@
return remote.WithTransport(c.getTransport())
}
func (c client) getTransport() http.RoundTripper {
- sslTransportOption := &oktetoHttp.SSLTransportOption{}
+ sslTransportOption := &oktetoHttp.SSLTransportOption{
+ TLSDial: c.tlsDial,
+ }
if serverName := c.config.GetServerNameOverride(); serverName != "" {
sslTransportOption.ServerName = serverName
- sslTransportOption.URLsToIntercept =
[]string{c.config.GetRegistryURL()}
+ sslTransportOption.URLsToIntercept = []string{
+ "//" + c.config.GetRegistryURL(),
+ c.config.GetContextName(),
+ }
}
transport := oktetoHttp.StrictSSLTransport(sslTransportOption)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/okteto-2.16.4/pkg/registry/client_test.go
new/okteto-2.16.5/pkg/registry/client_test.go
--- old/okteto-2.16.4/pkg/registry/client_test.go 2023-06-26
14:39:35.000000000 +0200
+++ new/okteto-2.16.5/pkg/registry/client_test.go 2023-06-29
07:40:21.000000000 +0200
@@ -14,17 +14,74 @@
package registry
import (
+ "context"
+ "crypto/tls"
"crypto/x509"
+ "fmt"
+ "net"
+ "net/http"
+ "sync"
"testing"
+ "time"
"github.com/google/go-containerregistry/pkg/name"
containerv1 "github.com/google/go-containerregistry/pkg/v1"
"github.com/google/go-containerregistry/pkg/v1/remote"
"github.com/google/go-containerregistry/pkg/v1/remote/transport"
oktetoErrors "github.com/okteto/okteto/pkg/errors"
+ oktetoHttp "github.com/okteto/okteto/pkg/http"
"github.com/stretchr/testify/assert"
)
+type fakeTLSConn struct {
+ handshake bool
+ handshakeErr error
+}
+
+func (c *fakeTLSConn) Handshake() error {
+ c.handshake = true
+ return c.handshakeErr
+}
+
+func (*fakeTLSConn) Close() error { return fmt.Errorf("Close() unimplemented")
}
+
+func (*fakeTLSConn) LocalAddr() net.Addr { return nil }
+
+func (*fakeTLSConn) RemoteAddr() net.Addr { return nil }
+
+func (*fakeTLSConn) Read([]byte) (int, error) { return 0, fmt.Errorf("Read()
unimplemented") }
+
+func (*fakeTLSConn) Write([]byte) (int, error) { return 0, fmt.Errorf("Write()
unimplemented") }
+
+func (*fakeTLSConn) SetDeadline(time.Time) error { return
fmt.Errorf("SetDeadline() unimplemented") }
+
+func (*fakeTLSConn) SetReadDeadline(time.Time) error {
+ return fmt.Errorf("SetReadDeadline() unimplemented")
+}
+
+func (*fakeTLSConn) SetWriteDeadline(time.Time) error {
+ return fmt.Errorf("SetWriteDeadline() unimplemented")
+}
+
+type fakeTLSDialArgs struct {
+ network string
+ addr string
+ config *tls.Config
+}
+
+type fakeTLSDial struct {
+ requests []fakeTLSDialArgs
+ err error
+ mtx sync.RWMutex
+}
+
+func (t *fakeTLSDial) tlsDial(network string, addr string, config *tls.Config)
(oktetoHttp.TLSConn, error) {
+ t.mtx.Lock()
+ t.requests = append(t.requests, fakeTLSDialArgs{network: network, addr:
addr, config: config})
+ t.mtx.Unlock()
+ return &fakeTLSConn{}, t.err
+}
+
// FakeClient has everything needed to set up a test faking API calls
type fakeClient struct {
GetImageDigest getDigest
@@ -68,6 +125,7 @@
isInsecure bool
cert *x509.Certificate
serverName string
+ contextName string
}
func (f fakeClientConfig) GetRegistryURL() string {
return f.registryURL }
@@ -76,6 +134,7 @@
func (f fakeClientConfig) IsInsecureSkipTLSVerifyPolicy() bool {
return f.isInsecure }
func (f fakeClientConfig) GetContextCertificate() (*x509.Certificate, error) {
return f.cert, nil }
func (f fakeClientConfig) GetServerNameOverride() string {
return f.serverName }
+func (f fakeClientConfig) GetContextName() string {
return f.contextName }
func TestGetDigest(t *testing.T) {
unautorizedErr := &transport.Error{
@@ -256,3 +315,127 @@
})
}
}
+
+func TestGetTransport(t *testing.T) {
+ type expected struct {
+ input fakeTLSDialArgs
+ output fakeTLSDialArgs
+ }
+ var tests = []struct {
+ name string
+ config ClientConfigInterface
+ expected []expected
+ }{
+ {
+ name: "default",
+ config: fakeClientConfig{
+ registryURL: "registry.instance.foo",
+ contextName: "https://okteto.instance.foo";,
+ },
+ expected: []expected{
+ {
+ input: fakeTLSDialArgs{network: "tcp",
addr: "registry.instance.foo:443"},
+ output: fakeTLSDialArgs{network: "tcp",
addr: "registry.instance.foo:443", config: &tls.Config{}}, // skipcq: GO-S1020,
GSC-G402
+ },
+ {
+ input: fakeTLSDialArgs{network: "tcp",
addr: "okteto.instance.foo:443"},
+ output: fakeTLSDialArgs{network: "tcp",
addr: "okteto.instance.foo:443", config: &tls.Config{}}, // skipcq: GO-S1020,
GSC-G402
+ },
+ {
+ input: fakeTLSDialArgs{network: "tcp",
addr: "google.com:443"},
+ output: fakeTLSDialArgs{network: "tcp",
addr: "google.com:443", config: &tls.Config{}}, // skipcq: GO-S1020, GSC-G402
+ },
+ },
+ },
+ {
+ name: "default with server name",
+ config: fakeClientConfig{
+ registryURL: "registry.instance.foo",
+ contextName: "https://okteto.instance.foo";,
+ serverName: "1.2.3.4:443",
+ },
+ expected: []expected{
+ {
+ input: fakeTLSDialArgs{network: "tcp",
addr: "registry.instance.foo:443"},
+ output: fakeTLSDialArgs{network: "tcp",
addr: "1.2.3.4:443", config: &tls.Config{ServerName: "registry.instance.foo"}},
// skipcq: GO-S1020, GSC-G402
+ },
+ {
+ input: fakeTLSDialArgs{network: "tcp",
addr: "okteto.instance.foo:443"},
+ output: fakeTLSDialArgs{network: "tcp",
addr: "1.2.3.4:443", config: &tls.Config{ServerName: "okteto.instance.foo"}},
// skipcq: GO-S1020, GSC-G402
+ },
+ {
+ input: fakeTLSDialArgs{network: "tcp",
addr: "google.com:443"},
+ output: fakeTLSDialArgs{network: "tcp",
addr: "google.com:443", config: &tls.Config{}}, // skipcq: GO-S1020, GSC-G402
+ },
+ },
+ },
+ {
+ name: "public override",
+ config: fakeClientConfig{
+ registryURL: "registry.instance.foo",
+ contextName: "https://instance.foo";,
+ },
+ expected: []expected{
+ {
+ input: fakeTLSDialArgs{network: "tcp",
addr: "registry.instance.foo:443"},
+ output: fakeTLSDialArgs{network: "tcp",
addr: "registry.instance.foo:443", config: &tls.Config{}}, // skipcq: GO-S1020,
GSC-G402
+ },
+ {
+ input: fakeTLSDialArgs{network: "tcp",
addr: "instance.foo:443"},
+ output: fakeTLSDialArgs{network: "tcp",
addr: "instance.foo:443", config: &tls.Config{}}, // skipcq: GO-S1020, GSC-G402
+ },
+ {
+ input: fakeTLSDialArgs{network: "tcp",
addr: "google.com:443"},
+ output: fakeTLSDialArgs{network: "tcp",
addr: "google.com:443", config: &tls.Config{}}, // skipcq: GO-S1020, GSC-G402
+ },
+ },
+ },
+ {
+ name: "public override with server name",
+ config: fakeClientConfig{
+ registryURL: "registry.instance.foo",
+ contextName: "https://instance.foo";,
+ serverName: "1.2.3.4:443",
+ },
+ expected: []expected{
+ {
+ input: fakeTLSDialArgs{network: "tcp",
addr: "registry.instance.foo:443"},
+ output: fakeTLSDialArgs{network: "tcp",
addr: "1.2.3.4:443", config: &tls.Config{ServerName: "registry.instance.foo"}},
// skipcq: GO-S1020, GSC-G402
+ },
+ {
+ input: fakeTLSDialArgs{network: "tcp",
addr: "instance.foo:443"},
+ output: fakeTLSDialArgs{network: "tcp",
addr: "1.2.3.4:443", config: &tls.Config{ServerName: "instance.foo"}}, //
skipcq: GO-S1020, GSC-G402
+ },
+ {
+ input: fakeTLSDialArgs{network: "tcp",
addr: "google.com:443"},
+ output: fakeTLSDialArgs{network: "tcp",
addr: "google.com:443", config: &tls.Config{}}, // skipcq: GO-S1020, GSC-G402
+ },
+ },
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ for _, e := range tt.expected {
+ dialer := &fakeTLSDial{}
+ client := client{config: tt.config, tlsDial:
dialer.tlsDial}
+
+ roundTripper := client.getTransport()
+ transport, ok := roundTripper.(*http.Transport)
+ assert.True(t, ok, "getTransport() is not
*http.Transport")
+
+ conn, err :=
transport.DialTLSContext(context.TODO(), e.input.network, e.input.addr)
+ assert.NoError(t, err,
"transport.DialTLSContext returned error")
+ assert.NotNil(t, conn,
"transport.DialTLSContext returned nil net.Conn")
+
+ assert.Len(t, dialer.requests, 1)
+
+ assert.Equal(t, e.output.network,
dialer.requests[0].network)
+ assert.Equal(t, e.output.addr,
dialer.requests[0].addr)
+
+ assert.NotNil(t, dialer.requests[0].config)
+ assert.Equal(t, e.output.config.ServerName,
dialer.requests[0].config.ServerName)
+ }
+ })
+ }
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/okteto-2.16.4/pkg/registry/registry.go
new/okteto-2.16.5/pkg/registry/registry.go
--- old/okteto-2.16.4/pkg/registry/registry.go 2023-06-26 14:39:35.000000000
+0200
+++ new/okteto-2.16.5/pkg/registry/registry.go 2023-06-29 07:40:21.000000000
+0200
@@ -34,6 +34,7 @@
IsInsecureSkipTLSVerifyPolicy() bool
GetContextCertificate() (*x509.Certificate, error)
GetServerNameOverride() string
+ GetContextName() string
}
type registryConfig interface {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/okteto-2.16.4/pkg/registry/registry_test.go
new/okteto-2.16.5/pkg/registry/registry_test.go
--- old/okteto-2.16.4/pkg/registry/registry_test.go 2023-06-26
14:39:35.000000000 +0200
+++ new/okteto-2.16.5/pkg/registry/registry_test.go 2023-06-29
07:40:21.000000000 +0200
@@ -32,6 +32,7 @@
InsecureSkipTLSVerifyPolicy bool
ContextCertificate *x509.Certificate
ServerName string
+ ContextName string
}
func (fc FakeConfig) IsOktetoCluster() bool { return
fc.IsOktetoClusterCfg }
@@ -45,6 +46,7 @@
return fc.ContextCertificate, nil
}
func (fc FakeConfig) GetServerNameOverride() string { return fc.ServerName }
+func (fc FakeConfig) GetContextName() string { return fc.ContextName }
func TestGetImageTagWithDigest(t *testing.T) {
type expected struct {
++++++ okteto.obsinfo ++++++
--- /var/tmp/diff_new_pack.SpUFja/_old 2023-06-30 19:58:53.121648151 +0200
+++ /var/tmp/diff_new_pack.SpUFja/_new 2023-06-30 19:58:53.125648175 +0200
@@ -1,5 +1,5 @@
name: okteto
-version: 2.16.4
-mtime: 1687783175
-commit: b88a1be3200f966f58b7f340c5b6247915ddd7bb
+version: 2.16.5
+mtime: 1688017221
+commit: cb48d733e7008c0ad1d077d4cafcccc043fb02a6
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/okteto/vendor.tar.gz
/work/SRC/openSUSE:Factory/.okteto.new.13546/vendor.tar.gz differ: char 5, line
1
