From e42483cd7f034336d5cd6698fac2ac2cb2db2668 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Jun 2022 15:45:11 +0000 Subject: [PATCH] build(deps): bump github.com/coreos/butane in /mantle Bumps [github.com/coreos/butane](https://github.com/coreos/butane) from 0.14.0 to 0.15.0. - [Release notes](https://github.com/coreos/butane/releases) - [Changelog](https://github.com/coreos/butane/blob/main/docs/release-notes.md) - [Commits](https://github.com/coreos/butane/compare/v0.14.0...v0.15.0) --- updated-dependencies: - dependency-name: github.com/coreos/butane dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- mantle/go.mod | 4 +- mantle/go.sum | 15 +- .../github.com/coreos/butane/base/util/url.go | 23 +- .../coreos/butane/base/v0_2/translate.go | 30 +- .../coreos/butane/base/v0_3/translate.go | 30 +- .../coreos/butane/base/v0_4/translate.go | 29 +- .../coreos/butane/base/v0_5_exp/translate.go | 29 +- .../coreos/butane/config/common/errors.go | 8 + .../github.com/coreos/butane/config/config.go | 10 +- .../butane/config/fcos/v1_5_exp/schema.go | 10 + .../butane/config/fcos/v1_5_exp/translate.go | 74 +++- .../butane/config/fcos/v1_5_exp/validate.go | 12 + .../butane/config/flatcar/v1_0/schema.go | 23 ++ .../butane/config/flatcar/v1_0/translate.go | 60 ++++ .../butane/config/flatcar/v1_1_exp/schema.go | 23 ++ .../config/flatcar/v1_1_exp/translate.go | 60 ++++ .../config/openshift/v4_10/translate.go | 7 + .../config/openshift/v4_11/result/schema.go | 48 +++ .../butane/config/openshift/v4_11/schema.go | 39 +++ .../{v4_11_exp => v4_11}/translate.go | 42 +-- .../{v4_11_exp => v4_11}/validate.go | 2 +- .../{v4_11_exp => v4_12_exp}/result/schema.go | 0 .../{v4_11_exp => v4_12_exp}/schema.go | 2 +- .../config/openshift/v4_12_exp/translate.go | 321 ++++++++++++++++++ .../config/openshift/v4_12_exp/validate.go | 43 +++ .../github.com/coreos/butane/translate/set.go | 31 ++ mantle/vendor/gopkg.in/yaml.v3/decode.go | 78 ++++- mantle/vendor/gopkg.in/yaml.v3/parserc.go | 11 +- mantle/vendor/modules.txt | 14 +- 29 files changed, 950 insertions(+), 128 deletions(-) create mode 100644 mantle/vendor/github.com/coreos/butane/config/flatcar/v1_0/schema.go create mode 100644 mantle/vendor/github.com/coreos/butane/config/flatcar/v1_0/translate.go create mode 100644 mantle/vendor/github.com/coreos/butane/config/flatcar/v1_1_exp/schema.go create mode 100644 mantle/vendor/github.com/coreos/butane/config/flatcar/v1_1_exp/translate.go create mode 100644 mantle/vendor/github.com/coreos/butane/config/openshift/v4_11/result/schema.go create mode 100644 mantle/vendor/github.com/coreos/butane/config/openshift/v4_11/schema.go rename mantle/vendor/github.com/coreos/butane/config/openshift/{v4_11_exp => v4_11}/translate.go (89%) rename mantle/vendor/github.com/coreos/butane/config/openshift/{v4_11_exp => v4_11}/validate.go (98%) rename mantle/vendor/github.com/coreos/butane/config/openshift/{v4_11_exp => v4_12_exp}/result/schema.go (100%) rename mantle/vendor/github.com/coreos/butane/config/openshift/{v4_11_exp => v4_12_exp}/schema.go (98%) create mode 100644 mantle/vendor/github.com/coreos/butane/config/openshift/v4_12_exp/translate.go create mode 100644 mantle/vendor/github.com/coreos/butane/config/openshift/v4_12_exp/validate.go diff --git a/mantle/go.mod b/mantle/go.mod index dc54d31419..522a7cb6c0 100644 --- a/mantle/go.mod +++ b/mantle/go.mod @@ -12,7 +12,7 @@ require ( github.com/aliyun/aliyun-oss-go-sdk v2.0.3+incompatible github.com/aws/aws-sdk-go v1.34.28 github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f // indirect - github.com/coreos/butane v0.14.0 + github.com/coreos/butane v0.15.0 github.com/coreos/coreos-assembler-schema v0.0.0-00010101000000-000000000000 github.com/coreos/go-semver v0.3.0 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e @@ -20,7 +20,7 @@ require ( github.com/coreos/ignition/v2 v2.14.0 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f github.com/coreos/stream-metadata-go v0.3.0 - github.com/coreos/vcontext v0.0.0-20211021162308-f1dbbca7bef4 + github.com/coreos/vcontext v0.0.0-20220603180515-2076d8d16945 github.com/digitalocean/go-libvirt v0.0.0-20200810224808-b9c702499bf7 // indirect github.com/digitalocean/go-qemu v0.0.0-20200529005954-1b453d036a9c github.com/digitalocean/godo v1.33.0 diff --git a/mantle/go.sum b/mantle/go.sum index 78ad655a7a..0932f1271b 100644 --- a/mantle/go.sum +++ b/mantle/go.sum @@ -73,8 +73,8 @@ github.com/clarketm/json v1.14.1/go.mod h1:ynr2LRfb0fQU34l07csRNBTcivjySLLiY1YzQ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/butane v0.14.0 h1:1xLt5y6RR8NTmeDf6yMzqP7Jqre8PvJ/1BTXQTxEMhk= -github.com/coreos/butane v0.14.0/go.mod h1:Q5DcBsHDckEZ7IgQSb1MvvkNc50dpoT1lOHdGWwCRjY= +github.com/coreos/butane v0.15.0 h1:PKN1tL5t4iGLrSiJ3gDpf/pPZMQ6JSeVNS811F3tmpM= +github.com/coreos/butane v0.15.0/go.mod h1:5b/piru1RoNVuHCgtvmLTFXPRK2AOziSBt0mX7u6aYI= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-json v0.0.0-20211020211907-c63f628265de h1:qZvNu52Tv7Jfbgxdw3ONHf0BK9UpuSxi9FA9Y+qU5VU= github.com/coreos/go-json v0.0.0-20211020211907-c63f628265de/go.mod h1:lryFBkhadOfv8Jue2Vr/f/Yviw8h1DQPQojbXqEChY0= @@ -85,15 +85,15 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.0.0 h1:XJIw/+VlJ+87J+doOxznsAWIdmWuViOVhkQamW5YV28= github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= -github.com/coreos/ignition/v2 v2.13.0/go.mod h1:HO1HWYWcvAIbHu6xewoKxPGBTyZ32FLwGIuipw5d63o= github.com/coreos/ignition/v2 v2.14.0 h1:KfkCCnA6AK0kts/1zxzzNH5lDMCQN9sqqGcGs+RJVX4= github.com/coreos/ignition/v2 v2.14.0/go.mod h1:wxc4qdYEIHLygzWbVVEuoD7lQGTZmMgX0VjAPYBbeEQ= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f h1:lBNOc5arjvs8E5mO2tbpBpLoyyu8B6e44T7hJy6potg= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/stream-metadata-go v0.3.0 h1:Bmoh7jC5yn/2SNiKBzbM4vqCDITo/BqMN5xZ3nt+tns= github.com/coreos/stream-metadata-go v0.3.0/go.mod h1:RTjQyHgO/G37oJ3qnqYK6Z4TPZ5EsaabOtfMjVXmgko= -github.com/coreos/vcontext v0.0.0-20211021162308-f1dbbca7bef4 h1:pfSsrvbjUFGINaPGy0mm2QKQKTdq7IcbUa+nQwsz2UM= github.com/coreos/vcontext v0.0.0-20211021162308-f1dbbca7bef4/go.mod h1:HckqHnP/HI41vS0bfVjJ20u6jD0biI5+68QwZm5Xb9U= +github.com/coreos/vcontext v0.0.0-20220603180515-2076d8d16945 h1:AsQHFyYGc0SwzpQQonNT0WmvtXiok5HK3CNNx2zymP0= +github.com/coreos/vcontext v0.0.0-20220603180515-2076d8d16945/go.mod h1:fLd7QpFpxRdPBbwum8cptYO8RclJJHhJUq1v9V9+ZKw= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -249,7 +249,6 @@ github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= @@ -348,7 +347,6 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/goconvey v0.0.0-20190222223459-a17d461953aa/go.mod h1:2RVY1rIf+2J2o/IM9+vPq9RzmHDSseB7FoXiSNIUsoU= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= @@ -382,9 +380,7 @@ github.com/vishvananda/netns v0.0.0-20150710222425-604eaf189ee8 h1:MmJ82dMUwQ+0j github.com/vishvananda/netns v0.0.0-20150710222425-604eaf189ee8/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= github.com/vmware/govmomi v0.15.0 h1:fVMjwFASkUIGenwURwP0ruAzTjka0l2AV9wtARwkJLI= github.com/vmware/govmomi v0.15.0/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= -github.com/vmware/vmw-guestinfo v0.0.0-20170707015358-25eff159a728/go.mod h1:x9oS4Wk2s2u4tS29nEaDLdzvuHdB19CvSGJjPgkZJNk= github.com/vmware/vmw-guestinfo v0.0.0-20220317130741-510905f0efa3/go.mod h1:CSBTxrhePCm0cmXNKDGeu+6bOQzpaEklfCqEpn89JWk= -github.com/vmware/vmw-ovflib v0.0.0-20170608004843-1f217b9dc714/go.mod h1:jiPk45kn7klhByRvUq5i2vo1RtHKBHj+iWGFpxbXuuI= github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I= github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= @@ -736,8 +732,9 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/mantle/vendor/github.com/coreos/butane/base/util/url.go b/mantle/vendor/github.com/coreos/butane/base/util/url.go index 2cf3bef070..b7bc035924 100644 --- a/mantle/vendor/github.com/coreos/butane/base/util/url.go +++ b/mantle/vendor/github.com/coreos/butane/base/util/url.go @@ -24,9 +24,24 @@ import ( "github.com/vincent-petithory/dataurl" ) -func MakeDataURL(contents []byte, currentCompression *string, allowCompression bool) (uri string, gzipped bool, err error) { +func MakeDataURL(contents []byte, currentCompression *string, allowCompression bool) (uri string, compression *string, err error) { // try three different encodings, and select the smallest one + if util.NilOrEmpty(currentCompression) { + // The config does not specify compression. We need to + // explicitly set the compression field to avoid a child + // config inheriting a compression setting from the parent, + // which may not have used the same compression algorithm. + compression = util.StrToPtr("") + } else { + // The config specifies compression, meaning that the + // contents were compressed by the user, so we can pick a + // data URL encoding but we can't compress again. Return a + // nil compression value so the caller knows not to record a + // translation from input contents to output compression. + compression = nil + } + // URL-escaped, useful for ASCII text opaque := "," + dataurl.Escape(contents) @@ -53,10 +68,10 @@ func MakeDataURL(contents []byte, currentCompression *string, allowCompression b return } gz := ";base64," + base64.StdEncoding.EncodeToString(buf.Bytes()) - // Account for space needed by "compression": "gzip". - if len(gz)+25 < len(opaque) { + // Account for space needed by the compression value + if len(gz)+len("gzip") < len(opaque) { opaque = gz - gzipped = true + compression = util.StrToPtr("gzip") } } diff --git a/mantle/vendor/github.com/coreos/butane/base/v0_2/translate.go b/mantle/vendor/github.com/coreos/butane/base/v0_2/translate.go index 9199861e2c..976f4f9276 100644 --- a/mantle/vendor/github.com/coreos/butane/base/v0_2/translate.go +++ b/mantle/vendor/github.com/coreos/butane/base/v0_2/translate.go @@ -17,6 +17,7 @@ package v0_2 import ( "io/ioutil" "os" + slashpath "path" "path/filepath" "strings" "text/template" @@ -127,7 +128,7 @@ func translateResource(from Resource, options common.TranslateOptions) (to types // calculate file path within FilesDir and check for // path traversal - filePath := filepath.Join(options.FilesDir, *from.Local) + filePath := filepath.Join(options.FilesDir, filepath.FromSlash(*from.Local)) if err := baseutil.EnsurePathWithinFilesDir(filePath, options.FilesDir); err != nil { r.AddOnError(c, err) return @@ -139,15 +140,15 @@ func translateResource(from Resource, options common.TranslateOptions) (to types return } - src, gzipped, err := baseutil.MakeDataURL(contents, to.Compression, !options.NoResourceAutoCompression) + src, compression, err := baseutil.MakeDataURL(contents, to.Compression, !options.NoResourceAutoCompression) if err != nil { r.AddOnError(c, err) return } to.Source = &src tm.AddTranslation(c, path.New("json", "source")) - if gzipped { - to.Compression = util.StrToPtr("gzip") + if compression != nil { + to.Compression = compression tm.AddTranslation(c, path.New("json", "compression")) } } @@ -155,15 +156,15 @@ func translateResource(from Resource, options common.TranslateOptions) (to types if from.Inline != nil { c := path.New("yaml", "inline") - src, gzipped, err := baseutil.MakeDataURL([]byte(*from.Inline), to.Compression, !options.NoResourceAutoCompression) + src, compression, err := baseutil.MakeDataURL([]byte(*from.Inline), to.Compression, !options.NoResourceAutoCompression) if err != nil { r.AddOnError(c, err) return } to.Source = &src tm.AddTranslation(c, path.New("json", "source")) - if gzipped { - to.Compression = util.StrToPtr("gzip") + if compression != nil { + to.Compression = compression tm.AddTranslation(c, path.New("json", "compression")) } } @@ -208,7 +209,7 @@ func (c Config) processTrees(ret *types.Config, options common.TranslateOptions) // calculate base path within FilesDir and check for // path traversal - srcBaseDir := filepath.Join(options.FilesDir, tree.Local) + srcBaseDir := filepath.Join(options.FilesDir, filepath.FromSlash(tree.Local)) if err := baseutil.EnsurePathWithinFilesDir(srcBaseDir, options.FilesDir); err != nil { r.AddOnError(yamlPath, err) continue @@ -246,7 +247,7 @@ func walkTree(yamlPath path.ContextPath, ts *translate.TranslationSet, r *report r.AddOnError(yamlPath, err) return nil } - destPath := filepath.Join(destBaseDir, relPath) + destPath := slashpath.Join(destBaseDir, filepath.ToSlash(relPath)) if info.Mode().IsDir() { return nil @@ -277,15 +278,15 @@ func walkTree(yamlPath path.ContextPath, ts *translate.TranslationSet, r *report r.AddOnError(yamlPath, err) return nil } - url, gzipped, err := baseutil.MakeDataURL(contents, file.Contents.Compression, !options.NoResourceAutoCompression) + url, compression, err := baseutil.MakeDataURL(contents, file.Contents.Compression, !options.NoResourceAutoCompression) if err != nil { r.AddOnError(yamlPath, err) return nil } - file.Contents.Source = util.StrToPtr(url) + file.Contents.Source = &url ts.AddTranslation(yamlPath, path.New("json", "storage", "files", i, "contents", "source")) - if gzipped { - file.Contents.Compression = util.StrToPtr("gzip") + if compression != nil { + file.Contents.Compression = compression ts.AddTranslation(yamlPath, path.New("json", "storage", "files", i, "contents", "compression")) } ts.AddTranslation(yamlPath, path.New("json", "storage", "files", i, "contents")) @@ -319,11 +320,12 @@ func walkTree(yamlPath path.ContextPath, ts *translate.TranslationSet, r *report ts.AddTranslation(yamlPath, path.New("json", "storage", "links")) } } - link.Target, err = os.Readlink(srcPath) + target, err := os.Readlink(srcPath) if err != nil { r.AddOnError(yamlPath, err) return nil } + link.Target = filepath.ToSlash(target) ts.AddTranslation(yamlPath, path.New("json", "storage", "links", i, "target")) } else { r.AddOnError(yamlPath, common.ErrFileType) diff --git a/mantle/vendor/github.com/coreos/butane/base/v0_3/translate.go b/mantle/vendor/github.com/coreos/butane/base/v0_3/translate.go index cf8763423f..ab2f04490f 100644 --- a/mantle/vendor/github.com/coreos/butane/base/v0_3/translate.go +++ b/mantle/vendor/github.com/coreos/butane/base/v0_3/translate.go @@ -18,6 +18,7 @@ import ( "fmt" "io/ioutil" "os" + slashpath "path" "path/filepath" "strings" "text/template" @@ -138,7 +139,7 @@ func translateResource(from Resource, options common.TranslateOptions) (to types // calculate file path within FilesDir and check for // path traversal - filePath := filepath.Join(options.FilesDir, *from.Local) + filePath := filepath.Join(options.FilesDir, filepath.FromSlash(*from.Local)) if err := baseutil.EnsurePathWithinFilesDir(filePath, options.FilesDir); err != nil { r.AddOnError(c, err) return @@ -150,15 +151,15 @@ func translateResource(from Resource, options common.TranslateOptions) (to types return } - src, gzipped, err := baseutil.MakeDataURL(contents, to.Compression, !options.NoResourceAutoCompression) + src, compression, err := baseutil.MakeDataURL(contents, to.Compression, !options.NoResourceAutoCompression) if err != nil { r.AddOnError(c, err) return } to.Source = &src tm.AddTranslation(c, path.New("json", "source")) - if gzipped { - to.Compression = util.StrToPtr("gzip") + if compression != nil { + to.Compression = compression tm.AddTranslation(c, path.New("json", "compression")) } } @@ -166,15 +167,15 @@ func translateResource(from Resource, options common.TranslateOptions) (to types if from.Inline != nil { c := path.New("yaml", "inline") - src, gzipped, err := baseutil.MakeDataURL([]byte(*from.Inline), to.Compression, !options.NoResourceAutoCompression) + src, compression, err := baseutil.MakeDataURL([]byte(*from.Inline), to.Compression, !options.NoResourceAutoCompression) if err != nil { r.AddOnError(c, err) return } to.Source = &src tm.AddTranslation(c, path.New("json", "source")) - if gzipped { - to.Compression = util.StrToPtr("gzip") + if compression != nil { + to.Compression = compression tm.AddTranslation(c, path.New("json", "compression")) } } @@ -219,7 +220,7 @@ func (c Config) processTrees(ret *types.Config, options common.TranslateOptions) // calculate base path within FilesDir and check for // path traversal - srcBaseDir := filepath.Join(options.FilesDir, tree.Local) + srcBaseDir := filepath.Join(options.FilesDir, filepath.FromSlash(tree.Local)) if err := baseutil.EnsurePathWithinFilesDir(srcBaseDir, options.FilesDir); err != nil { r.AddOnError(yamlPath, err) continue @@ -257,7 +258,7 @@ func walkTree(yamlPath path.ContextPath, ts *translate.TranslationSet, r *report r.AddOnError(yamlPath, err) return nil } - destPath := filepath.Join(destBaseDir, relPath) + destPath := slashpath.Join(destBaseDir, filepath.ToSlash(relPath)) if info.Mode().IsDir() { return nil @@ -288,15 +289,15 @@ func walkTree(yamlPath path.ContextPath, ts *translate.TranslationSet, r *report r.AddOnError(yamlPath, err) return nil } - url, gzipped, err := baseutil.MakeDataURL(contents, file.Contents.Compression, !options.NoResourceAutoCompression) + url, compression, err := baseutil.MakeDataURL(contents, file.Contents.Compression, !options.NoResourceAutoCompression) if err != nil { r.AddOnError(yamlPath, err) return nil } - file.Contents.Source = util.StrToPtr(url) + file.Contents.Source = &url ts.AddTranslation(yamlPath, path.New("json", "storage", "files", i, "contents", "source")) - if gzipped { - file.Contents.Compression = util.StrToPtr("gzip") + if compression != nil { + file.Contents.Compression = compression ts.AddTranslation(yamlPath, path.New("json", "storage", "files", i, "contents", "compression")) } ts.AddTranslation(yamlPath, path.New("json", "storage", "files", i, "contents")) @@ -330,11 +331,12 @@ func walkTree(yamlPath path.ContextPath, ts *translate.TranslationSet, r *report ts.AddTranslation(yamlPath, path.New("json", "storage", "links")) } } - link.Target, err = os.Readlink(srcPath) + target, err := os.Readlink(srcPath) if err != nil { r.AddOnError(yamlPath, err) return nil } + link.Target = filepath.ToSlash(target) ts.AddTranslation(yamlPath, path.New("json", "storage", "links", i, "target")) } else { r.AddOnError(yamlPath, common.ErrFileType) diff --git a/mantle/vendor/github.com/coreos/butane/base/v0_4/translate.go b/mantle/vendor/github.com/coreos/butane/base/v0_4/translate.go index b17492bd92..ee9116a414 100644 --- a/mantle/vendor/github.com/coreos/butane/base/v0_4/translate.go +++ b/mantle/vendor/github.com/coreos/butane/base/v0_4/translate.go @@ -18,6 +18,7 @@ import ( "fmt" "io/ioutil" "os" + slashpath "path" "path/filepath" "strings" "text/template" @@ -153,7 +154,7 @@ func translateResource(from Resource, options common.TranslateOptions) (to types // calculate file path within FilesDir and check for // path traversal - filePath := filepath.Join(options.FilesDir, *from.Local) + filePath := filepath.Join(options.FilesDir, filepath.FromSlash(*from.Local)) if err := baseutil.EnsurePathWithinFilesDir(filePath, options.FilesDir); err != nil { r.AddOnError(c, err) return @@ -165,15 +166,15 @@ func translateResource(from Resource, options common.TranslateOptions) (to types return } - src, gzipped, err := baseutil.MakeDataURL(contents, to.Compression, !options.NoResourceAutoCompression) + src, compression, err := baseutil.MakeDataURL(contents, to.Compression, !options.NoResourceAutoCompression) if err != nil { r.AddOnError(c, err) return } to.Source = &src tm.AddTranslation(c, path.New("json", "source")) - if gzipped { - to.Compression = util.StrToPtr("gzip") + if compression != nil { + to.Compression = compression tm.AddTranslation(c, path.New("json", "compression")) } } @@ -181,15 +182,15 @@ func translateResource(from Resource, options common.TranslateOptions) (to types if from.Inline != nil { c := path.New("yaml", "inline") - src, gzipped, err := baseutil.MakeDataURL([]byte(*from.Inline), to.Compression, !options.NoResourceAutoCompression) + src, compression, err := baseutil.MakeDataURL([]byte(*from.Inline), to.Compression, !options.NoResourceAutoCompression) if err != nil { r.AddOnError(c, err) return } to.Source = &src tm.AddTranslation(c, path.New("json", "source")) - if gzipped { - to.Compression = util.StrToPtr("gzip") + if compression != nil { + to.Compression = compression tm.AddTranslation(c, path.New("json", "compression")) } } @@ -234,7 +235,7 @@ func (c Config) processTrees(ret *types.Config, options common.TranslateOptions) // calculate base path within FilesDir and check for // path traversal - srcBaseDir := filepath.Join(options.FilesDir, tree.Local) + srcBaseDir := filepath.Join(options.FilesDir, filepath.FromSlash(tree.Local)) if err := baseutil.EnsurePathWithinFilesDir(srcBaseDir, options.FilesDir); err != nil { r.AddOnError(yamlPath, err) continue @@ -272,7 +273,7 @@ func walkTree(yamlPath path.ContextPath, ts *translate.TranslationSet, r *report r.AddOnError(yamlPath, err) return nil } - destPath := filepath.Join(destBaseDir, relPath) + destPath := slashpath.Join(destBaseDir, filepath.ToSlash(relPath)) if info.Mode().IsDir() { return nil @@ -303,15 +304,15 @@ func walkTree(yamlPath path.ContextPath, ts *translate.TranslationSet, r *report r.AddOnError(yamlPath, err) return nil } - url, gzipped, err := baseutil.MakeDataURL(contents, file.Contents.Compression, !options.NoResourceAutoCompression) + url, compression, err := baseutil.MakeDataURL(contents, file.Contents.Compression, !options.NoResourceAutoCompression) if err != nil { r.AddOnError(yamlPath, err) return nil } - file.Contents.Source = util.StrToPtr(url) + file.Contents.Source = &url ts.AddTranslation(yamlPath, path.New("json", "storage", "files", i, "contents", "source")) - if gzipped { - file.Contents.Compression = util.StrToPtr("gzip") + if compression != nil { + file.Contents.Compression = compression ts.AddTranslation(yamlPath, path.New("json", "storage", "files", i, "contents", "compression")) } ts.AddTranslation(yamlPath, path.New("json", "storage", "files", i, "contents")) @@ -350,7 +351,7 @@ func walkTree(yamlPath path.ContextPath, ts *translate.TranslationSet, r *report r.AddOnError(yamlPath, err) return nil } - link.Target = &target + link.Target = util.StrToPtr(filepath.ToSlash(target)) ts.AddTranslation(yamlPath, path.New("json", "storage", "links", i, "target")) } else { r.AddOnError(yamlPath, common.ErrFileType) diff --git a/mantle/vendor/github.com/coreos/butane/base/v0_5_exp/translate.go b/mantle/vendor/github.com/coreos/butane/base/v0_5_exp/translate.go index 960cd9e139..bfe63cf177 100644 --- a/mantle/vendor/github.com/coreos/butane/base/v0_5_exp/translate.go +++ b/mantle/vendor/github.com/coreos/butane/base/v0_5_exp/translate.go @@ -18,6 +18,7 @@ import ( "fmt" "io/ioutil" "os" + slashpath "path" "path/filepath" "strings" "text/template" @@ -153,7 +154,7 @@ func translateResource(from Resource, options common.TranslateOptions) (to types // calculate file path within FilesDir and check for // path traversal - filePath := filepath.Join(options.FilesDir, *from.Local) + filePath := filepath.Join(options.FilesDir, filepath.FromSlash(*from.Local)) if err := baseutil.EnsurePathWithinFilesDir(filePath, options.FilesDir); err != nil { r.AddOnError(c, err) return @@ -165,15 +166,15 @@ func translateResource(from Resource, options common.TranslateOptions) (to types return } - src, gzipped, err := baseutil.MakeDataURL(contents, to.Compression, !options.NoResourceAutoCompression) + src, compression, err := baseutil.MakeDataURL(contents, to.Compression, !options.NoResourceAutoCompression) if err != nil { r.AddOnError(c, err) return } to.Source = &src tm.AddTranslation(c, path.New("json", "source")) - if gzipped { - to.Compression = util.StrToPtr("gzip") + if compression != nil { + to.Compression = compression tm.AddTranslation(c, path.New("json", "compression")) } } @@ -181,15 +182,15 @@ func translateResource(from Resource, options common.TranslateOptions) (to types if from.Inline != nil { c := path.New("yaml", "inline") - src, gzipped, err := baseutil.MakeDataURL([]byte(*from.Inline), to.Compression, !options.NoResourceAutoCompression) + src, compression, err := baseutil.MakeDataURL([]byte(*from.Inline), to.Compression, !options.NoResourceAutoCompression) if err != nil { r.AddOnError(c, err) return } to.Source = &src tm.AddTranslation(c, path.New("json", "source")) - if gzipped { - to.Compression = util.StrToPtr("gzip") + if compression != nil { + to.Compression = compression tm.AddTranslation(c, path.New("json", "compression")) } } @@ -234,7 +235,7 @@ func (c Config) processTrees(ret *types.Config, options common.TranslateOptions) // calculate base path within FilesDir and check for // path traversal - srcBaseDir := filepath.Join(options.FilesDir, tree.Local) + srcBaseDir := filepath.Join(options.FilesDir, filepath.FromSlash(tree.Local)) if err := baseutil.EnsurePathWithinFilesDir(srcBaseDir, options.FilesDir); err != nil { r.AddOnError(yamlPath, err) continue @@ -272,7 +273,7 @@ func walkTree(yamlPath path.ContextPath, ts *translate.TranslationSet, r *report r.AddOnError(yamlPath, err) return nil } - destPath := filepath.Join(destBaseDir, relPath) + destPath := slashpath.Join(destBaseDir, filepath.ToSlash(relPath)) if info.Mode().IsDir() { return nil @@ -303,15 +304,15 @@ func walkTree(yamlPath path.ContextPath, ts *translate.TranslationSet, r *report r.AddOnError(yamlPath, err) return nil } - url, gzipped, err := baseutil.MakeDataURL(contents, file.Contents.Compression, !options.NoResourceAutoCompression) + url, compression, err := baseutil.MakeDataURL(contents, file.Contents.Compression, !options.NoResourceAutoCompression) if err != nil { r.AddOnError(yamlPath, err) return nil } - file.Contents.Source = util.StrToPtr(url) + file.Contents.Source = &url ts.AddTranslation(yamlPath, path.New("json", "storage", "files", i, "contents", "source")) - if gzipped { - file.Contents.Compression = util.StrToPtr("gzip") + if compression != nil { + file.Contents.Compression = compression ts.AddTranslation(yamlPath, path.New("json", "storage", "files", i, "contents", "compression")) } ts.AddTranslation(yamlPath, path.New("json", "storage", "files", i, "contents")) @@ -350,7 +351,7 @@ func walkTree(yamlPath path.ContextPath, ts *translate.TranslationSet, r *report r.AddOnError(yamlPath, err) return nil } - link.Target = &target + link.Target = util.StrToPtr(filepath.ToSlash(target)) ts.AddTranslation(yamlPath, path.New("json", "storage", "links", i, "target")) } else { r.AddOnError(yamlPath, common.ErrFileType) diff --git a/mantle/vendor/github.com/coreos/butane/config/common/errors.go b/mantle/vendor/github.com/coreos/butane/config/common/errors.go index 38313835b1..1961f00749 100644 --- a/mantle/vendor/github.com/coreos/butane/config/common/errors.go +++ b/mantle/vendor/github.com/coreos/butane/config/common/errors.go @@ -64,12 +64,20 @@ var ( ErrFileSchemeSupport = errors.New("file contents source must be data URL in this spec version") ErrFileAppendSupport = errors.New("appending to files is not supported in this spec version") ErrFileCompressionSupport = errors.New("file compression is not supported in this spec version") + ErrFileSpecialModeSupport = errors.New("special mode bits are not supported in this spec version") ErrLinkSupport = errors.New("links are not supported in this spec version") ErrGroupSupport = errors.New("groups are not supported in this spec version") ErrUserFieldSupport = errors.New("fields other than \"name\" and \"ssh_authorized_keys\" are not supported in this spec version") ErrUserNameSupport = errors.New("users other than \"core\" are not supported in this spec version") ErrKernelArgumentSupport = errors.New("this field cannot be used for kernel arguments in this spec version; use openshift.kernel_arguments instead") + // Storage + ErrClevisSupport = errors.New("clevis is not supported in this spec version") + // Extensions ErrExtensionNameRequired = errors.New("field \"name\" is required") + + // Grub + ErrGrubUserNameNotSpecified = errors.New("field \"name\" is required") + ErrGrubPasswordNotSpecified = errors.New("field \"password_hash\" is required") ) diff --git a/mantle/vendor/github.com/coreos/butane/config/config.go b/mantle/vendor/github.com/coreos/butane/config/config.go index b71bcf4ffe..f71ff89394 100644 --- a/mantle/vendor/github.com/coreos/butane/config/config.go +++ b/mantle/vendor/github.com/coreos/butane/config/config.go @@ -24,8 +24,11 @@ import ( fcos1_3 "github.com/coreos/butane/config/fcos/v1_3" fcos1_4 "github.com/coreos/butane/config/fcos/v1_4" fcos1_5_exp "github.com/coreos/butane/config/fcos/v1_5_exp" + flatcar1_0 "github.com/coreos/butane/config/flatcar/v1_0" + flatcar1_1_exp "github.com/coreos/butane/config/flatcar/v1_1_exp" openshift4_10 "github.com/coreos/butane/config/openshift/v4_10" - openshift4_11_exp "github.com/coreos/butane/config/openshift/v4_11_exp" + openshift4_11 "github.com/coreos/butane/config/openshift/v4_11" + openshift4_12_exp "github.com/coreos/butane/config/openshift/v4_12_exp" openshift4_8 "github.com/coreos/butane/config/openshift/v4_8" openshift4_9 "github.com/coreos/butane/config/openshift/v4_9" rhcos0_1 "github.com/coreos/butane/config/rhcos/v0_1" @@ -52,10 +55,13 @@ func init() { RegisterTranslator("fcos", "1.3.0", fcos1_3.ToIgn3_2Bytes) RegisterTranslator("fcos", "1.4.0", fcos1_4.ToIgn3_3Bytes) RegisterTranslator("fcos", "1.5.0-experimental", fcos1_5_exp.ToIgn3_4Bytes) + RegisterTranslator("flatcar", "1.0.0", flatcar1_0.ToIgn3_3Bytes) + RegisterTranslator("flatcar", "1.1.0-experimental", flatcar1_1_exp.ToIgn3_4Bytes) RegisterTranslator("openshift", "4.8.0", openshift4_8.ToConfigBytes) RegisterTranslator("openshift", "4.9.0", openshift4_9.ToConfigBytes) RegisterTranslator("openshift", "4.10.0", openshift4_10.ToConfigBytes) - RegisterTranslator("openshift", "4.11.0-experimental", openshift4_11_exp.ToConfigBytes) + RegisterTranslator("openshift", "4.11.0", openshift4_11.ToConfigBytes) + RegisterTranslator("openshift", "4.12.0-experimental", openshift4_12_exp.ToConfigBytes) RegisterTranslator("rhcos", "0.1.0", rhcos0_1.ToIgn3_2Bytes) } diff --git a/mantle/vendor/github.com/coreos/butane/config/fcos/v1_5_exp/schema.go b/mantle/vendor/github.com/coreos/butane/config/fcos/v1_5_exp/schema.go index fc174dac9b..d985413d7f 100644 --- a/mantle/vendor/github.com/coreos/butane/config/fcos/v1_5_exp/schema.go +++ b/mantle/vendor/github.com/coreos/butane/config/fcos/v1_5_exp/schema.go @@ -22,6 +22,7 @@ type Config struct { base.Config `yaml:",inline"` BootDevice BootDevice `yaml:"boot_device"` Extensions []Extension `yaml:"extensions"` + Grub Grub `yaml:"grub"` } type BootDevice struct { @@ -43,3 +44,12 @@ type BootDeviceMirror struct { type Extension struct { Name string `yaml:"name"` } + +type Grub struct { + Users []GrubUser `yaml:"users"` +} + +type GrubUser struct { + Name string `yaml:"name"` + PasswordHash *string `yaml:"password_hash"` +} diff --git a/mantle/vendor/github.com/coreos/butane/config/fcos/v1_5_exp/translate.go b/mantle/vendor/github.com/coreos/butane/config/fcos/v1_5_exp/translate.go index c941af28c0..f2eec2fd0c 100644 --- a/mantle/vendor/github.com/coreos/butane/config/fcos/v1_5_exp/translate.go +++ b/mantle/vendor/github.com/coreos/butane/config/fcos/v1_5_exp/translate.go @@ -18,6 +18,7 @@ import ( "crypto/sha256" "encoding/hex" "fmt" + "strings" baseutil "github.com/coreos/butane/base/util" "github.com/coreos/butane/config/common" @@ -86,6 +87,11 @@ func (c Config) ToIgn3_4Unvalidated(options common.TranslateOptions) (types.Conf retConfig, ts := baseutil.MergeTranslatedConfigs(retp, tsp, ret, ts) ret = retConfig.(types.Config) r.Merge(rp) + + retp, tsp, rp = c.handleUserGrubCfg(options) + retConfig, ts = baseutil.MergeTranslatedConfigs(retp, tsp, ret, ts) + ret = retConfig.(types.Config) + r.Merge(rp) return ret, ts, r } @@ -323,7 +329,7 @@ func (c Config) processPackages(options common.TranslateOptions) (types.Config, return ret, ts, r } fullYamlContents := append([]byte("# Generated by Butane\n\n"), treeFileContents...) - src, gzipped, err := baseutil.MakeDataURL(fullYamlContents, nil, !options.NoResourceAutoCompression) + src, compression, err := baseutil.MakeDataURL(fullYamlContents, nil, !options.NoResourceAutoCompression) if err != nil { r.AddOnError(yamlPath, err) return ret, ts, r @@ -337,16 +343,74 @@ func (c Config) processPackages(options common.TranslateOptions) (types.Config, }, FileEmbedded1: types.FileEmbedded1{ Contents: types.Resource{ - Source: util.StrToPtr(src), + Source: &src, + Compression: compression, }, Mode: util.IntToPtr(0644), }, } - if gzipped { - file.Contents.Compression = util.StrToPtr("gzip") - } ret.Storage.Files = append(ret.Storage.Files, file) ts.AddFromCommonSource(yamlPath, path.New("json", "storage"), ret.Storage) return ret, ts, r } + +func (c Config) handleUserGrubCfg(options common.TranslateOptions) (types.Config, translate.TranslationSet, report.Report) { + rendered := types.Config{} + ts := translate.NewTranslationSet("yaml", "json") + var r report.Report + yamlPath := path.New("yaml", "grub", "users") + if len(c.Grub.Users) == 0 { + // No users + return rendered, ts, r + } + + // create boot filesystem + rendered.Storage.Filesystems = append(rendered.Storage.Filesystems, + types.Filesystem{ + Device: "/dev/disk/by-label/boot", + Format: util.StrToPtr("ext4"), + Path: util.StrToPtr("/boot"), + }) + + userCfgContent := []byte(buildGrubConfig(c.Grub)) + src, compression, err := baseutil.MakeDataURL(userCfgContent, nil, !options.NoResourceAutoCompression) + if err != nil { + r.AddOnError(yamlPath, err) + return rendered, ts, r + } + + // Create user.cfg file and add it to rendered config + rendered.Storage.Files = append(rendered.Storage.Files, + types.File{ + Node: types.Node{ + Path: "/boot/grub2/user.cfg", + }, + FileEmbedded1: types.FileEmbedded1{ + Append: []types.Resource{ + { + Source: util.StrToPtr(src), + Compression: compression, + }, + }, + }, + }) + + ts.AddFromCommonSource(yamlPath, path.New("json", "storage"), rendered.Storage) + return rendered, ts, r +} + +func buildGrubConfig(gb Grub) string { + // Process super users and corresponding passwords + allUsers := []string{} + cmds := []string{} + + for _, user := range gb.Users { + // We have already validated that user.Name and user.PasswordHash are non-empty + allUsers = append(allUsers, user.Name) + // Command for setting users password + cmds = append(cmds, fmt.Sprintf("password_pbkdf2 %s %s", user.Name, *user.PasswordHash)) + } + superUserCmd := fmt.Sprintf("set superusers=\"%s\"\n", strings.Join(allUsers, " ")) + return "# Generated by Butane\n\n" + superUserCmd + strings.Join(cmds, "\n") + "\n" +} diff --git a/mantle/vendor/github.com/coreos/butane/config/fcos/v1_5_exp/validate.go b/mantle/vendor/github.com/coreos/butane/config/fcos/v1_5_exp/validate.go index 97b2907aea..61cf290d4e 100644 --- a/mantle/vendor/github.com/coreos/butane/config/fcos/v1_5_exp/validate.go +++ b/mantle/vendor/github.com/coreos/butane/config/fcos/v1_5_exp/validate.go @@ -16,6 +16,7 @@ package v1_5_exp import ( "github.com/coreos/butane/config/common" + "github.com/coreos/ignition/v2/config/util" "github.com/coreos/vcontext/path" "github.com/coreos/vcontext/report" @@ -46,3 +47,14 @@ func (e Extension) Validate(c path.ContextPath) (r report.Report) { } return } + +func (user GrubUser) Validate(c path.ContextPath) (r report.Report) { + if user.Name == "" { + r.AddOnError(c.Append("name"), common.ErrGrubUserNameNotSpecified) + } + + if !util.NotEmpty(user.PasswordHash) { + r.AddOnError(c.Append("password_hash"), common.ErrGrubPasswordNotSpecified) + } + return +} diff --git a/mantle/vendor/github.com/coreos/butane/config/flatcar/v1_0/schema.go b/mantle/vendor/github.com/coreos/butane/config/flatcar/v1_0/schema.go new file mode 100644 index 0000000000..6a1d7366a9 --- /dev/null +++ b/mantle/vendor/github.com/coreos/butane/config/flatcar/v1_0/schema.go @@ -0,0 +1,23 @@ +// Copyright 2020 Red Hat, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License.) + +package v1_0 + +import ( + base "github.com/coreos/butane/base/v0_4" +) + +type Config struct { + base.Config `yaml:",inline"` +} diff --git a/mantle/vendor/github.com/coreos/butane/config/flatcar/v1_0/translate.go b/mantle/vendor/github.com/coreos/butane/config/flatcar/v1_0/translate.go new file mode 100644 index 0000000000..498c329f5c --- /dev/null +++ b/mantle/vendor/github.com/coreos/butane/config/flatcar/v1_0/translate.go @@ -0,0 +1,60 @@ +// Copyright 2020 Red Hat, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License.) + +package v1_0 + +import ( + "github.com/coreos/butane/config/common" + cutil "github.com/coreos/butane/config/util" + "github.com/coreos/butane/translate" + + "github.com/coreos/ignition/v2/config/v3_3/types" + "github.com/coreos/vcontext/path" + "github.com/coreos/vcontext/report" +) + +// ToIgn3_3Unvalidated translates the config to an Ignition config. It also +// returns the set of translations it did so paths in the resultant config +// can be tracked back to their source in the source config. No config +// validation is performed on input or output. +func (c Config) ToIgn3_3Unvalidated(options common.TranslateOptions) (types.Config, translate.TranslationSet, report.Report) { + ret, ts, r := c.Config.ToIgn3_3Unvalidated(options) + if r.IsFatal() { + return types.Config{}, translate.TranslationSet{}, r + } + + for i, luks := range ret.Storage.Luks { + if luks.Clevis.IsPresent() { + r.AddOnError(path.New("json", "storage", "luks", i, "clevis"), common.ErrClevisSupport) + } + } + + return ret, ts, r +} + +// ToIgn3_3 translates the config to an Ignition config. It returns a +// report of any errors or warnings in the source and resultant config. If +// the report has fatal errors or it encounters other problems translating, +// an error is returned. +func (c Config) ToIgn3_3(options common.TranslateOptions) (types.Config, report.Report, error) { + cfg, r, err := cutil.Translate(c, "ToIgn3_3Unvalidated", options) + return cfg.(types.Config), r, err +} + +// ToIgn3_3Bytes translates from a v1.4 Butane config to a v3.3.0 Ignition config. It returns a report of any errors or +// warnings in the source and resultant config. If the report has fatal errors or it encounters other problems +// translating, an error is returned. +func ToIgn3_3Bytes(input []byte, options common.TranslateBytesOptions) ([]byte, report.Report, error) { + return cutil.TranslateBytes(input, &Config{}, "ToIgn3_3", options) +} diff --git a/mantle/vendor/github.com/coreos/butane/config/flatcar/v1_1_exp/schema.go b/mantle/vendor/github.com/coreos/butane/config/flatcar/v1_1_exp/schema.go new file mode 100644 index 0000000000..72f1984fa9 --- /dev/null +++ b/mantle/vendor/github.com/coreos/butane/config/flatcar/v1_1_exp/schema.go @@ -0,0 +1,23 @@ +// Copyright 2020 Red Hat, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License.) + +package v1_1_exp + +import ( + base "github.com/coreos/butane/base/v0_5_exp" +) + +type Config struct { + base.Config `yaml:",inline"` +} diff --git a/mantle/vendor/github.com/coreos/butane/config/flatcar/v1_1_exp/translate.go b/mantle/vendor/github.com/coreos/butane/config/flatcar/v1_1_exp/translate.go new file mode 100644 index 0000000000..f1c48e9a6d --- /dev/null +++ b/mantle/vendor/github.com/coreos/butane/config/flatcar/v1_1_exp/translate.go @@ -0,0 +1,60 @@ +// Copyright 2020 Red Hat, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License.) + +package v1_1_exp + +import ( + "github.com/coreos/butane/config/common" + cutil "github.com/coreos/butane/config/util" + "github.com/coreos/butane/translate" + + "github.com/coreos/ignition/v2/config/v3_4_experimental/types" + "github.com/coreos/vcontext/path" + "github.com/coreos/vcontext/report" +) + +// ToIgn3_4Unvalidated translates the config to an Ignition config. It also +// returns the set of translations it did so paths in the resultant config +// can be tracked back to their source in the source config. No config +// validation is performed on input or output. +func (c Config) ToIgn3_4Unvalidated(options common.TranslateOptions) (types.Config, translate.TranslationSet, report.Report) { + ret, ts, r := c.Config.ToIgn3_4Unvalidated(options) + if r.IsFatal() { + return types.Config{}, translate.TranslationSet{}, r + } + + for i, luks := range ret.Storage.Luks { + if luks.Clevis.IsPresent() { + r.AddOnError(path.New("json", "storage", "luks", i, "clevis"), common.ErrClevisSupport) + } + } + + return ret, ts, r +} + +// ToIgn3_4 translates the config to an Ignition config. It returns a +// report of any errors or warnings in the source and resultant config. If +// the report has fatal errors or it encounters other problems translating, +// an error is returned. +func (c Config) ToIgn3_4(options common.TranslateOptions) (types.Config, report.Report, error) { + cfg, r, err := cutil.Translate(c, "ToIgn3_4Unvalidated", options) + return cfg.(types.Config), r, err +} + +// ToIgn3_4Bytes translates from a v1.4 Butane config to a v3.3.0 Ignition config. It returns a report of any errors or +// warnings in the source and resultant config. If the report has fatal errors or it encounters other problems +// translating, an error is returned. +func ToIgn3_4Bytes(input []byte, options common.TranslateBytesOptions) ([]byte, report.Report, error) { + return cutil.TranslateBytes(input, &Config{}, "ToIgn3_4", options) +} diff --git a/mantle/vendor/github.com/coreos/butane/config/openshift/v4_10/translate.go b/mantle/vendor/github.com/coreos/butane/config/openshift/v4_10/translate.go index dc55421255..722162cbae 100644 --- a/mantle/vendor/github.com/coreos/butane/config/openshift/v4_10/translate.go +++ b/mantle/vendor/github.com/coreos/butane/config/openshift/v4_10/translate.go @@ -200,6 +200,9 @@ func validateRHCOSSupport(mc result.MachineConfig, ts translate.TranslationSet) func validateMCOSupport(mc result.MachineConfig, ts translate.TranslationSet) report.Report { // Error classes for the purposes of this function: // + // UNPARSABLE - Cannot be rendered into a config by the MCC. If + // present in MC, MCC will mark the pool degraded. We reject these. + // // FORBIDDEN - Not supported by the MCD. If present in MC, MCD will // mark the node degraded. We reject these. // @@ -232,6 +235,10 @@ func validateMCOSupport(mc result.MachineConfig, ts translate.TranslationSet) re r.AddOnError(path.New("json", "spec", "config", "storage", "files", i, "contents", "source"), common.ErrFileSchemeSupport) } } + if file.Mode != nil && *file.Mode & ^0777 != 0 { + // UNPARSABLE + r.AddOnError(path.New("json", "spec", "config", "storage", "files", i, "mode"), common.ErrFileSpecialModeSupport) + } } for i := range mc.Spec.Config.Storage.Links { // IMMUTABLE diff --git a/mantle/vendor/github.com/coreos/butane/config/openshift/v4_11/result/schema.go b/mantle/vendor/github.com/coreos/butane/config/openshift/v4_11/result/schema.go new file mode 100644 index 0000000000..37e49f3028 --- /dev/null +++ b/mantle/vendor/github.com/coreos/butane/config/openshift/v4_11/result/schema.go @@ -0,0 +1,48 @@ +// Copyright 2021 Red Hat, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License.) + +package result + +import ( + "github.com/coreos/ignition/v2/config/v3_2/types" +) + +const ( + MC_API_VERSION = "machineconfiguration.openshift.io/v1" + MC_KIND = "MachineConfig" +) + +// We round-trip through JSON because Ignition uses `json` struct tags, +// so all struct tags need to be `json` even though we're ultimately +// writing YAML. + +type MachineConfig struct { + ApiVersion string `json:"apiVersion"` + Kind string `json:"kind"` + Metadata Metadata `json:"metadata"` + Spec Spec `json:"spec"` +} + +type Metadata struct { + Name string `json:"name"` + Labels map[string]string `json:"labels,omitempty"` +} + +type Spec struct { + Config types.Config `json:"config"` + KernelArguments []string `json:"kernelArguments,omitempty"` + Extensions []string `json:"extensions,omitempty"` + FIPS *bool `json:"fips,omitempty"` + KernelType *string `json:"kernelType,omitempty"` +} diff --git a/mantle/vendor/github.com/coreos/butane/config/openshift/v4_11/schema.go b/mantle/vendor/github.com/coreos/butane/config/openshift/v4_11/schema.go new file mode 100644 index 0000000000..eac0a311c4 --- /dev/null +++ b/mantle/vendor/github.com/coreos/butane/config/openshift/v4_11/schema.go @@ -0,0 +1,39 @@ +// Copyright 2020 Red Hat, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License.) + +package v4_11 + +import ( + fcos "github.com/coreos/butane/config/fcos/v1_3" +) + +const ROLE_LABEL_KEY = "machineconfiguration.openshift.io/role" + +type Config struct { + fcos.Config `yaml:",inline"` + Metadata Metadata `yaml:"metadata"` + OpenShift OpenShift `yaml:"openshift"` +} + +type Metadata struct { + Name string `yaml:"name"` + Labels map[string]string `yaml:"labels,omitempty"` +} + +type OpenShift struct { + KernelArguments []string `yaml:"kernel_arguments"` + Extensions []string `yaml:"extensions"` + FIPS *bool `yaml:"fips"` + KernelType *string `yaml:"kernel_type"` +} diff --git a/mantle/vendor/github.com/coreos/butane/config/openshift/v4_11_exp/translate.go b/mantle/vendor/github.com/coreos/butane/config/openshift/v4_11/translate.go similarity index 89% rename from mantle/vendor/github.com/coreos/butane/config/openshift/v4_11_exp/translate.go rename to mantle/vendor/github.com/coreos/butane/config/openshift/v4_11/translate.go index 261f11f212..b19ad93370 100644 --- a/mantle/vendor/github.com/coreos/butane/config/openshift/v4_11_exp/translate.go +++ b/mantle/vendor/github.com/coreos/butane/config/openshift/v4_11/translate.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License.) -package v4_11_exp +package v4_11 import ( "net/url" @@ -20,12 +20,12 @@ import ( "strings" "github.com/coreos/butane/config/common" - "github.com/coreos/butane/config/openshift/v4_11_exp/result" + "github.com/coreos/butane/config/openshift/v4_11/result" cutil "github.com/coreos/butane/config/util" "github.com/coreos/butane/translate" "github.com/coreos/ignition/v2/config/util" - "github.com/coreos/ignition/v2/config/v3_4_experimental/types" + "github.com/coreos/ignition/v2/config/v3_2/types" "github.com/coreos/vcontext/path" "github.com/coreos/vcontext/report" ) @@ -42,7 +42,7 @@ const ( // can be tracked back to their source in the source config. No config // validation is performed on input or output. func (c Config) ToMachineConfig4_11Unvalidated(options common.TranslateOptions) (result.MachineConfig, translate.TranslationSet, report.Report) { - cfg, ts, r := c.Config.ToIgn3_4Unvalidated(options) + cfg, ts, r := c.Config.ToIgn3_2Unvalidated(options) if r.IsFatal() { return result.MachineConfig{}, ts, r } @@ -102,11 +102,11 @@ func (c Config) ToMachineConfig4_11(options common.TranslateOptions) (result.Mac return cfg.(result.MachineConfig), r, err } -// ToIgn3_4Unvalidated translates the config to an Ignition config. It also +// ToIgn3_2Unvalidated translates the config to an Ignition config. It also // returns the set of translations it did so paths in the resultant config // can be tracked back to their source in the source config. No config // validation is performed on input or output. -func (c Config) ToIgn3_4Unvalidated(options common.TranslateOptions) (types.Config, translate.TranslationSet, report.Report) { +func (c Config) ToIgn3_2Unvalidated(options common.TranslateOptions) (types.Config, translate.TranslationSet, report.Report) { mc, ts, r := c.ToMachineConfig4_11Unvalidated(options) cfg := mc.Spec.Config @@ -121,12 +121,12 @@ func (c Config) ToIgn3_4Unvalidated(options common.TranslateOptions) (types.Conf return cfg, ts, r } -// ToIgn3_4 translates the config to an Ignition config. It returns a +// ToIgn3_2 translates the config to an Ignition config. It returns a // report of any errors or warnings in the source and resultant config. If // the report has fatal errors or it encounters other problems translating, // an error is returned. -func (c Config) ToIgn3_4(options common.TranslateOptions) (types.Config, report.Report, error) { - cfg, r, err := cutil.Translate(c, "ToIgn3_4Unvalidated", options) +func (c Config) ToIgn3_2(options common.TranslateOptions) (types.Config, report.Report, error) { + cfg, r, err := cutil.Translate(c, "ToIgn3_2Unvalidated", options) return cfg.(types.Config), r, err } @@ -135,7 +135,7 @@ func (c Config) ToIgn3_4(options common.TranslateOptions) (types.Config, report. // translating, an error is returned. func ToConfigBytes(input []byte, options common.TranslateBytesOptions) ([]byte, report.Report, error) { if options.Raw { - return cutil.TranslateBytes(input, &Config{}, "ToIgn3_4", options) + return cutil.TranslateBytes(input, &Config{}, "ToIgn3_2", options) } else { return cutil.TranslateBytesYAML(input, &Config{}, "ToMachineConfig4_11", options) } @@ -206,10 +206,6 @@ func validateMCOSupport(mc result.MachineConfig, ts translate.TranslationSet) re // FORBIDDEN - Not supported by the MCD. If present in MC, MCD will // mark the node degraded. We reject these. // - // REDUNDANT - Feature is also provided by a MachineConfig-specific - // field with different semantics. To reduce confusion, disable - // this implementation. - // // IMMUTABLE - Permitted in MC, passed through to Ignition, but not // supported by the MCD. MCD will mark the node degraded if the // field changes after the node is provisioned. We reject these @@ -222,12 +218,6 @@ func validateMCOSupport(mc result.MachineConfig, ts translate.TranslationSet) re // supported fields. We reject these. var r report.Report - for i, fs := range mc.Spec.Config.Storage.Filesystems { - if fs.Format != nil && *fs.Format == "none" { - // UNPARSABLE - r.AddOnError(path.New("json", "spec", "config", "storage", "filesystems", i, "format"), common.ErrFilesystemNoneSupport) - } - } for i := range mc.Spec.Config.Storage.Directories { // IMMUTABLE r.AddOnError(path.New("json", "spec", "config", "storage", "directories", i), common.ErrDirectorySupport) @@ -245,6 +235,10 @@ func validateMCOSupport(mc result.MachineConfig, ts translate.TranslationSet) re r.AddOnError(path.New("json", "spec", "config", "storage", "files", i, "contents", "source"), common.ErrFileSchemeSupport) } } + if file.Mode != nil && *file.Mode & ^0777 != 0 { + // UNPARSABLE + r.AddOnError(path.New("json", "spec", "config", "storage", "files", i, "mode"), common.ErrFileSpecialModeSupport) + } } for i := range mc.Spec.Config.Storage.Links { // IMMUTABLE @@ -281,13 +275,5 @@ func validateMCOSupport(mc result.MachineConfig, ts translate.TranslationSet) re r.AddOnError(path.New("json", "spec", "config", "passwd", "users", i), common.ErrUserNameSupport) } } - for i := range mc.Spec.Config.KernelArguments.ShouldExist { - // UNPARSABLE, REDUNDANT - r.AddOnError(path.New("json", "spec", "config", "kernelArguments", "shouldExist", i), common.ErrKernelArgumentSupport) - } - for i := range mc.Spec.Config.KernelArguments.ShouldNotExist { - // UNPARSABLE, REDUNDANT - r.AddOnError(path.New("json", "spec", "config", "kernelArguments", "shouldNotExist", i), common.ErrKernelArgumentSupport) - } return cutil.TranslateReportPaths(r, ts) } diff --git a/mantle/vendor/github.com/coreos/butane/config/openshift/v4_11_exp/validate.go b/mantle/vendor/github.com/coreos/butane/config/openshift/v4_11/validate.go similarity index 98% rename from mantle/vendor/github.com/coreos/butane/config/openshift/v4_11_exp/validate.go rename to mantle/vendor/github.com/coreos/butane/config/openshift/v4_11/validate.go index 1f551c9e48..dd827c2cda 100644 --- a/mantle/vendor/github.com/coreos/butane/config/openshift/v4_11_exp/validate.go +++ b/mantle/vendor/github.com/coreos/butane/config/openshift/v4_11/validate.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License.) -package v4_11_exp +package v4_11 import ( "github.com/coreos/butane/config/common" diff --git a/mantle/vendor/github.com/coreos/butane/config/openshift/v4_11_exp/result/schema.go b/mantle/vendor/github.com/coreos/butane/config/openshift/v4_12_exp/result/schema.go similarity index 100% rename from mantle/vendor/github.com/coreos/butane/config/openshift/v4_11_exp/result/schema.go rename to mantle/vendor/github.com/coreos/butane/config/openshift/v4_12_exp/result/schema.go diff --git a/mantle/vendor/github.com/coreos/butane/config/openshift/v4_11_exp/schema.go b/mantle/vendor/github.com/coreos/butane/config/openshift/v4_12_exp/schema.go similarity index 98% rename from mantle/vendor/github.com/coreos/butane/config/openshift/v4_11_exp/schema.go rename to mantle/vendor/github.com/coreos/butane/config/openshift/v4_12_exp/schema.go index 60a551fa6e..518871d31f 100644 --- a/mantle/vendor/github.com/coreos/butane/config/openshift/v4_11_exp/schema.go +++ b/mantle/vendor/github.com/coreos/butane/config/openshift/v4_12_exp/schema.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License.) -package v4_11_exp +package v4_12_exp import ( fcos "github.com/coreos/butane/config/fcos/v1_5_exp" diff --git a/mantle/vendor/github.com/coreos/butane/config/openshift/v4_12_exp/translate.go b/mantle/vendor/github.com/coreos/butane/config/openshift/v4_12_exp/translate.go new file mode 100644 index 0000000000..39b7441c90 --- /dev/null +++ b/mantle/vendor/github.com/coreos/butane/config/openshift/v4_12_exp/translate.go @@ -0,0 +1,321 @@ +// Copyright 2020 Red Hat, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License.) + +package v4_12_exp + +import ( + "net/url" + "reflect" + "strings" + + "github.com/coreos/butane/config/common" + "github.com/coreos/butane/config/openshift/v4_12_exp/result" + cutil "github.com/coreos/butane/config/util" + "github.com/coreos/butane/translate" + + "github.com/coreos/ignition/v2/config/util" + "github.com/coreos/ignition/v2/config/v3_4_experimental/types" + "github.com/coreos/vcontext/path" + "github.com/coreos/vcontext/report" +) + +const ( + // FIPS 140-2 doesn't allow the default XTS mode + fipsCipherOption = types.LuksOption("--cipher") + fipsCipherShortOption = types.LuksOption("-c") + fipsCipherArgument = types.LuksOption("aes-cbc-essiv:sha256") +) + +// ToMachineConfig4_12Unvalidated translates the config to a MachineConfig. It also +// returns the set of translations it did so paths in the resultant config +// can be tracked back to their source in the source config. No config +// validation is performed on input or output. +func (c Config) ToMachineConfig4_12Unvalidated(options common.TranslateOptions) (result.MachineConfig, translate.TranslationSet, report.Report) { + cfg, ts, r := c.Config.ToIgn3_4Unvalidated(options) + if r.IsFatal() { + return result.MachineConfig{}, ts, r + } + ts = translateUserGrubCfg(&cfg, &ts) + + // wrap + ts = ts.PrefixPaths(path.New("yaml"), path.New("json", "spec", "config")) + mc := result.MachineConfig{ + ApiVersion: result.MC_API_VERSION, + Kind: result.MC_KIND, + Metadata: result.Metadata{ + Name: c.Metadata.Name, + Labels: make(map[string]string), + }, + Spec: result.Spec{ + Config: cfg, + }, + } + ts.AddTranslation(path.New("yaml", "version"), path.New("json", "apiVersion")) + ts.AddTranslation(path.New("yaml", "version"), path.New("json", "kind")) + ts.AddTranslation(path.New("yaml", "metadata"), path.New("json", "metadata")) + ts.AddTranslation(path.New("yaml", "metadata", "name"), path.New("json", "metadata", "name")) + ts.AddTranslation(path.New("yaml", "metadata", "labels"), path.New("json", "metadata", "labels")) + ts.AddTranslation(path.New("yaml", "version"), path.New("json", "spec")) + ts.AddTranslation(path.New("yaml"), path.New("json", "spec", "config")) + for k, v := range c.Metadata.Labels { + mc.Metadata.Labels[k] = v + ts.AddTranslation(path.New("yaml", "metadata", "labels", k), path.New("json", "metadata", "labels", k)) + } + + // translate OpenShift fields + tr := translate.NewTranslator("yaml", "json", options) + from := &c.OpenShift + to := &mc.Spec + ts2, r2 := translate.Prefixed(tr, "extensions", &from.Extensions, &to.Extensions) + translate.MergeP(tr, ts2, &r2, "fips", &from.FIPS, &to.FIPS) + translate.MergeP2(tr, ts2, &r2, "kernel_arguments", &from.KernelArguments, "kernelArguments", &to.KernelArguments) + translate.MergeP2(tr, ts2, &r2, "kernel_type", &from.KernelType, "kernelType", &to.KernelType) + ts.MergeP2("openshift", "spec", ts2) + r.Merge(r2) + + // apply FIPS options to LUKS volumes + ts.Merge(addLuksFipsOptions(&mc)) + + // finally, check the fully desugared config for RHCOS and MCO support + r.Merge(validateRHCOSSupport(mc, ts)) + r.Merge(validateMCOSupport(mc, ts)) + + return mc, ts, r +} + +// ToMachineConfig4_12 translates the config to a MachineConfig. It returns a +// report of any errors or warnings in the source and resultant config. If +// the report has fatal errors or it encounters other problems translating, +// an error is returned. +func (c Config) ToMachineConfig4_12(options common.TranslateOptions) (result.MachineConfig, report.Report, error) { + cfg, r, err := cutil.Translate(c, "ToMachineConfig4_12Unvalidated", options) + return cfg.(result.MachineConfig), r, err +} + +// ToIgn3_4Unvalidated translates the config to an Ignition config. It also +// returns the set of translations it did so paths in the resultant config +// can be tracked back to their source in the source config. No config +// validation is performed on input or output. +func (c Config) ToIgn3_4Unvalidated(options common.TranslateOptions) (types.Config, translate.TranslationSet, report.Report) { + mc, ts, r := c.ToMachineConfig4_12Unvalidated(options) + cfg := mc.Spec.Config + + // report warnings if there are any non-empty fields in Spec (other + // than the Ignition config itself) that we're ignoring + mc.Spec.Config = types.Config{} + warnings := translate.PrefixReport(cutil.CheckForElidedFields(mc.Spec), "spec") + // translate from json space into yaml space + r.Merge(cutil.TranslateReportPaths(warnings, ts)) + + ts = ts.Descend(path.New("json", "spec", "config")) + return cfg, ts, r +} + +// ToIgn3_4 translates the config to an Ignition config. It returns a +// report of any errors or warnings in the source and resultant config. If +// the report has fatal errors or it encounters other problems translating, +// an error is returned. +func (c Config) ToIgn3_4(options common.TranslateOptions) (types.Config, report.Report, error) { + cfg, r, err := cutil.Translate(c, "ToIgn3_4Unvalidated", options) + return cfg.(types.Config), r, err +} + +// ToConfigBytes translates from a v4.12 Butane config to a v4.12 MachineConfig or a v3.4.0 Ignition config. It returns a report of any errors or +// warnings in the source and resultant config. If the report has fatal errors or it encounters other problems +// translating, an error is returned. +func ToConfigBytes(input []byte, options common.TranslateBytesOptions) ([]byte, report.Report, error) { + if options.Raw { + return cutil.TranslateBytes(input, &Config{}, "ToIgn3_4", options) + } else { + return cutil.TranslateBytesYAML(input, &Config{}, "ToMachineConfig4_12", options) + } +} + +func addLuksFipsOptions(mc *result.MachineConfig) translate.TranslationSet { + ts := translate.NewTranslationSet("yaml", "json") + if !util.IsTrue(mc.Spec.FIPS) { + return ts + } + +OUTER: + for i := range mc.Spec.Config.Storage.Luks { + luks := &mc.Spec.Config.Storage.Luks[i] + // Only add options if the user hasn't already specified + // a cipher option. Do this in-place, since config merging + // doesn't support conditional logic. + for _, option := range luks.Options { + if option == fipsCipherOption || + strings.HasPrefix(string(option), string(fipsCipherOption)+"=") || + option == fipsCipherShortOption { + continue OUTER + } + } + for j := 0; j < 2; j++ { + ts.AddTranslation(path.New("yaml", "openshift", "fips"), path.New("json", "spec", "config", "storage", "luks", i, "options", len(luks.Options)+j)) + } + if len(luks.Options) == 0 { + ts.AddTranslation(path.New("yaml", "openshift", "fips"), path.New("json", "spec", "config", "storage", "luks", i, "options")) + } + luks.Options = append(luks.Options, fipsCipherOption, fipsCipherArgument) + } + return ts +} + +// Error on fields that are rejected by RHCOS. +// +// Some of these fields may have been generated by sugar (e.g. +// boot_device.luks), so we work in JSON (output) space and then translate +// paths back to YAML (input) space. That's also the reason we do these +// checks after translation, rather than during validation. +func validateRHCOSSupport(mc result.MachineConfig, ts translate.TranslationSet) report.Report { + var r report.Report + for i, fs := range mc.Spec.Config.Storage.Filesystems { + if fs.Format != nil && *fs.Format == "btrfs" { + // we don't ship mkfs.btrfs + r.AddOnError(path.New("json", "spec", "config", "storage", "filesystems", i, "format"), common.ErrBtrfsSupport) + } + } + return cutil.TranslateReportPaths(r, ts) +} + +// Error on fields that are rejected outright by the MCO, or that are +// unsupported by the MCO and we want to discourage. +// +// https://github.com/openshift/machine-config-operator/blob/d6dabadeca05/MachineConfigDaemon.md#supported-vs-unsupported-ignition-config-changes +// +// Some of these fields may have been generated by sugar (e.g. storage.trees), +// so we work in JSON (output) space and then translate paths back to YAML +// (input) space. That's also the reason we do these checks after +// translation, rather than during validation. +func validateMCOSupport(mc result.MachineConfig, ts translate.TranslationSet) report.Report { + // Error classes for the purposes of this function: + // + // UNPARSABLE - Cannot be rendered into a config by the MCC. If + // present in MC, MCC will mark the pool degraded. We reject these. + // + // FORBIDDEN - Not supported by the MCD. If present in MC, MCD will + // mark the node degraded. We reject these. + // + // REDUNDANT - Feature is also provided by a MachineConfig-specific + // field with different semantics. To reduce confusion, disable + // this implementation. + // + // IMMUTABLE - Permitted in MC, passed through to Ignition, but not + // supported by the MCD. MCD will mark the node degraded if the + // field changes after the node is provisioned. We reject these + // outright to discourage their use. + // + // TRIPWIRE - A subset of fields in the containing struct are + // supported by the MCD. If the struct contents change after the node + // is provisioned, and the struct contains unsupported fields, MCD + // will mark the node degraded, even if the change only affects + // supported fields. We reject these. + + var r report.Report + for i, fs := range mc.Spec.Config.Storage.Filesystems { + if fs.Format != nil && *fs.Format == "none" { + // UNPARSABLE + r.AddOnError(path.New("json", "spec", "config", "storage", "filesystems", i, "format"), common.ErrFilesystemNoneSupport) + } + } + for i := range mc.Spec.Config.Storage.Directories { + // IMMUTABLE + r.AddOnError(path.New("json", "spec", "config", "storage", "directories", i), common.ErrDirectorySupport) + } + for i, file := range mc.Spec.Config.Storage.Files { + if len(file.Append) > 0 { + // FORBIDDEN + r.AddOnError(path.New("json", "spec", "config", "storage", "files", i, "append"), common.ErrFileAppendSupport) + } + if file.Contents.Source != nil { + fileSource, err := url.Parse(*file.Contents.Source) + // parse errors will be caught by normal config validation + if err == nil && fileSource.Scheme != "data" { + // FORBIDDEN + r.AddOnError(path.New("json", "spec", "config", "storage", "files", i, "contents", "source"), common.ErrFileSchemeSupport) + } + } + if file.Mode != nil && *file.Mode & ^0777 != 0 { + // UNPARSABLE + r.AddOnError(path.New("json", "spec", "config", "storage", "files", i, "mode"), common.ErrFileSpecialModeSupport) + } + } + for i := range mc.Spec.Config.Storage.Links { + // IMMUTABLE + // If you change this to be less restrictive without adding + // link support in the MCO, consider what should happen if + // the user specifies a storage.tree that includes symlinks. + r.AddOnError(path.New("json", "spec", "config", "storage", "links", i), common.ErrLinkSupport) + } + for i := range mc.Spec.Config.Passwd.Groups { + // IMMUTABLE + r.AddOnError(path.New("json", "spec", "config", "passwd", "groups", i), common.ErrGroupSupport) + } + for i, user := range mc.Spec.Config.Passwd.Users { + if user.Name == "core" { + // SSHAuthorizedKeys is managed; other fields are not + v := reflect.ValueOf(user) + t := v.Type() + for j := 0; j < v.NumField(); j++ { + fv := v.Field(j) + ft := t.Field(j) + switch ft.Name { + case "Name", "SSHAuthorizedKeys": + continue + default: + if fv.IsValid() && !fv.IsZero() { + tag := strings.Split(ft.Tag.Get("json"), ",")[0] + // TRIPWIRE + r.AddOnError(path.New("json", "spec", "config", "passwd", "users", i, tag), common.ErrUserFieldSupport) + } + } + } + } else { + // TRIPWIRE + r.AddOnError(path.New("json", "spec", "config", "passwd", "users", i), common.ErrUserNameSupport) + } + } + for i := range mc.Spec.Config.KernelArguments.ShouldExist { + // UNPARSABLE, REDUNDANT + r.AddOnError(path.New("json", "spec", "config", "kernelArguments", "shouldExist", i), common.ErrKernelArgumentSupport) + } + for i := range mc.Spec.Config.KernelArguments.ShouldNotExist { + // UNPARSABLE, REDUNDANT + r.AddOnError(path.New("json", "spec", "config", "kernelArguments", "shouldNotExist", i), common.ErrKernelArgumentSupport) + } + return cutil.TranslateReportPaths(r, ts) +} + +// fcos config generates a user.cfg file using append; however, OpenShift config +// does not support append (since MCO does not support it). Let change the file to use contents +func translateUserGrubCfg(config *types.Config, ts *translate.TranslationSet) translate.TranslationSet { + newMappings := translate.NewTranslationSet("json", "json") + for i, file := range config.Storage.Files { + if file.Path == "/boot/grub2/user.cfg" { + if len(file.Append) != 1 { + // The number of append objects was different from expected, this file + // was created by the user and not via butane GRUB sugar + return *ts + } + fromPath := path.New("json", "storage", "files", i, "append", 0) + translatedPath := path.New("json", "storage", "files", i, "contents") + config.Storage.Files[i].FileEmbedded1.Contents = file.Append[0] + config.Storage.Files[i].FileEmbedded1.Append = nil + newMappings.AddFromCommonObject(fromPath, translatedPath, config.Storage.Files[i].FileEmbedded1.Contents) + + return ts.Map(newMappings) + } + } + return *ts +} diff --git a/mantle/vendor/github.com/coreos/butane/config/openshift/v4_12_exp/validate.go b/mantle/vendor/github.com/coreos/butane/config/openshift/v4_12_exp/validate.go new file mode 100644 index 0000000000..d41f2308d7 --- /dev/null +++ b/mantle/vendor/github.com/coreos/butane/config/openshift/v4_12_exp/validate.go @@ -0,0 +1,43 @@ +// Copyright 2021 Red Hat, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License.) + +package v4_12_exp + +import ( + "github.com/coreos/butane/config/common" + + "github.com/coreos/vcontext/path" + "github.com/coreos/vcontext/report" +) + +func (m Metadata) Validate(c path.ContextPath) (r report.Report) { + if m.Name == "" { + r.AddOnError(c.Append("name"), common.ErrNameRequired) + } + if m.Labels[ROLE_LABEL_KEY] == "" { + r.AddOnError(c.Append("labels", ROLE_LABEL_KEY), common.ErrRoleRequired) + } + return +} + +func (os OpenShift) Validate(c path.ContextPath) (r report.Report) { + if os.KernelType != nil { + switch *os.KernelType { + case "", "default", "realtime": + default: + r.AddOnError(c.Append("kernel_type"), common.ErrInvalidKernelType) + } + } + return +} diff --git a/mantle/vendor/github.com/coreos/butane/translate/set.go b/mantle/vendor/github.com/coreos/butane/translate/set.go index e6c582e4c9..60df644ea9 100644 --- a/mantle/vendor/github.com/coreos/butane/translate/set.go +++ b/mantle/vendor/github.com/coreos/butane/translate/set.go @@ -105,6 +105,19 @@ func (ts TranslationSet) AddFromCommonSource(common path.ContextPath, toPrefix p ts.AddTranslation(common, toPrefix) } +// AddFromCommonObject adds translations for all of the paths in to. The paths being translated +// are prefixed by fromPrefix and the translated paths are prefixed by toPrefix. +// This is useful when we want to copy all the fields of an object to another with the same field names. +func (ts TranslationSet) AddFromCommonObject(fromPrefix path.ContextPath, toPrefix path.ContextPath, to interface{}) { + vTo := reflect.ValueOf(to) + vPaths := getAllPaths(vTo, ts.ToTag, true) + + for _, path := range vPaths { + ts.AddTranslation(fromPrefix.Append(path.Path...), toPrefix.Append(path.Path...)) + } + ts.AddTranslation(fromPrefix, toPrefix) +} + // Merge adds all the entries to the set. It mutates the Set in place. func (ts TranslationSet) Merge(from TranslationSet) { for _, t := range from.Set { @@ -160,6 +173,24 @@ OUTER: return ret } +// Map returns a new TranslationSet with To translation paths further +// translated through mappings. Translations not listed in mappings are +// copied unmodified. +func (ts TranslationSet) Map(mappings TranslationSet) TranslationSet { + if mappings.FromTag != ts.ToTag || mappings.ToTag != ts.ToTag { + panic(fmt.Sprintf("mappings have incorrect tag; %q != %q || %q != %q", mappings.FromTag, ts.ToTag, mappings.ToTag, ts.ToTag)) + } + ret := NewTranslationSet(ts.FromTag, ts.ToTag) + ret.Merge(ts) + for _, mapping := range mappings.Set { + if t, ok := ret.Set[mapping.From.String()]; ok { + delete(ret.Set, mapping.From.String()) + ret.AddTranslation(t.From, mapping.To) + } + } + return ret +} + // DebugVerifyCoverage recursively checks whether every non-zero field in v // has a translation. If translations are missing, it returns a multi-line // error listing them. diff --git a/mantle/vendor/gopkg.in/yaml.v3/decode.go b/mantle/vendor/gopkg.in/yaml.v3/decode.go index df36e3a30f..0173b6982e 100644 --- a/mantle/vendor/gopkg.in/yaml.v3/decode.go +++ b/mantle/vendor/gopkg.in/yaml.v3/decode.go @@ -100,7 +100,10 @@ func (p *parser) peek() yaml_event_type_t { if p.event.typ != yaml_NO_EVENT { return p.event.typ } - if !yaml_parser_parse(&p.parser, &p.event) { + // It's curious choice from the underlying API to generally return a + // positive result on success, but on this case return true in an error + // scenario. This was the source of bugs in the past (issue #666). + if !yaml_parser_parse(&p.parser, &p.event) || p.parser.error != yaml_NO_ERROR { p.fail() } return p.event.typ @@ -320,6 +323,8 @@ type decoder struct { decodeCount int aliasCount int aliasDepth int + + mergedFields map[interface{}]bool } var ( @@ -808,6 +813,11 @@ func (d *decoder) mapping(n *Node, out reflect.Value) (good bool) { } } + mergedFields := d.mergedFields + d.mergedFields = nil + + var mergeNode *Node + mapIsNew := false if out.IsNil() { out.Set(reflect.MakeMap(outt)) @@ -815,11 +825,18 @@ func (d *decoder) mapping(n *Node, out reflect.Value) (good bool) { } for i := 0; i < l; i += 2 { if isMerge(n.Content[i]) { - d.merge(n.Content[i+1], out) + mergeNode = n.Content[i+1] continue } k := reflect.New(kt).Elem() if d.unmarshal(n.Content[i], k) { + if mergedFields != nil { + ki := k.Interface() + if mergedFields[ki] { + continue + } + mergedFields[ki] = true + } kkind := k.Kind() if kkind == reflect.Interface { kkind = k.Elem().Kind() @@ -833,6 +850,12 @@ func (d *decoder) mapping(n *Node, out reflect.Value) (good bool) { } } } + + d.mergedFields = mergedFields + if mergeNode != nil { + d.merge(n, mergeNode, out) + } + d.stringMapType = stringMapType d.generalMapType = generalMapType return true @@ -844,7 +867,8 @@ func isStringMap(n *Node) bool { } l := len(n.Content) for i := 0; i < l; i += 2 { - if n.Content[i].ShortTag() != strTag { + shortTag := n.Content[i].ShortTag() + if shortTag != strTag && shortTag != mergeTag { return false } } @@ -861,7 +885,6 @@ func (d *decoder) mappingStruct(n *Node, out reflect.Value) (good bool) { var elemType reflect.Type if sinfo.InlineMap != -1 { inlineMap = out.Field(sinfo.InlineMap) - inlineMap.Set(reflect.New(inlineMap.Type()).Elem()) elemType = inlineMap.Type().Elem() } @@ -870,6 +893,9 @@ func (d *decoder) mappingStruct(n *Node, out reflect.Value) (good bool) { d.prepare(n, field) } + mergedFields := d.mergedFields + d.mergedFields = nil + var mergeNode *Node var doneFields []bool if d.uniqueKeys { doneFields = make([]bool, len(sinfo.FieldsList)) @@ -879,13 +905,20 @@ func (d *decoder) mappingStruct(n *Node, out reflect.Value) (good bool) { for i := 0; i < l; i += 2 { ni := n.Content[i] if isMerge(ni) { - d.merge(n.Content[i+1], out) + mergeNode = n.Content[i+1] continue } if !d.unmarshal(ni, name) { continue } - if info, ok := sinfo.FieldsMap[name.String()]; ok { + sname := name.String() + if mergedFields != nil { + if mergedFields[sname] { + continue + } + mergedFields[sname] = true + } + if info, ok := sinfo.FieldsMap[sname]; ok { if d.uniqueKeys { if doneFields[info.Id] { d.terrors = append(d.terrors, fmt.Sprintf("line %d: field %s already set in type %s", ni.Line, name.String(), out.Type())) @@ -911,6 +944,11 @@ func (d *decoder) mappingStruct(n *Node, out reflect.Value) (good bool) { d.terrors = append(d.terrors, fmt.Sprintf("line %d: field %s not found in type %s", ni.Line, name.String(), out.Type())) } } + + d.mergedFields = mergedFields + if mergeNode != nil { + d.merge(n, mergeNode, out) + } return true } @@ -918,19 +956,29 @@ func failWantMap() { failf("map merge requires map or sequence of maps as the value") } -func (d *decoder) merge(n *Node, out reflect.Value) { - switch n.Kind { +func (d *decoder) merge(parent *Node, merge *Node, out reflect.Value) { + mergedFields := d.mergedFields + if mergedFields == nil { + d.mergedFields = make(map[interface{}]bool) + for i := 0; i < len(parent.Content); i += 2 { + k := reflect.New(ifaceType).Elem() + if d.unmarshal(parent.Content[i], k) { + d.mergedFields[k.Interface()] = true + } + } + } + + switch merge.Kind { case MappingNode: - d.unmarshal(n, out) + d.unmarshal(merge, out) case AliasNode: - if n.Alias != nil && n.Alias.Kind != MappingNode { + if merge.Alias != nil && merge.Alias.Kind != MappingNode { failWantMap() } - d.unmarshal(n, out) + d.unmarshal(merge, out) case SequenceNode: - // Step backwards as earlier nodes take precedence. - for i := len(n.Content) - 1; i >= 0; i-- { - ni := n.Content[i] + for i := 0; i < len(merge.Content); i++ { + ni := merge.Content[i] if ni.Kind == AliasNode { if ni.Alias != nil && ni.Alias.Kind != MappingNode { failWantMap() @@ -943,6 +991,8 @@ func (d *decoder) merge(n *Node, out reflect.Value) { default: failWantMap() } + + d.mergedFields = mergedFields } func isMerge(n *Node) bool { diff --git a/mantle/vendor/gopkg.in/yaml.v3/parserc.go b/mantle/vendor/gopkg.in/yaml.v3/parserc.go index ac66fccc05..268558a0d6 100644 --- a/mantle/vendor/gopkg.in/yaml.v3/parserc.go +++ b/mantle/vendor/gopkg.in/yaml.v3/parserc.go @@ -687,6 +687,9 @@ func yaml_parser_parse_node(parser *yaml_parser_t, event *yaml_event_t, block, i func yaml_parser_parse_block_sequence_entry(parser *yaml_parser_t, event *yaml_event_t, first bool) bool { if first { token := peek_token(parser) + if token == nil { + return false + } parser.marks = append(parser.marks, token.start_mark) skip_token(parser) } @@ -786,7 +789,7 @@ func yaml_parser_split_stem_comment(parser *yaml_parser_t, stem_len int) { } token := peek_token(parser) - if token.typ != yaml_BLOCK_SEQUENCE_START_TOKEN && token.typ != yaml_BLOCK_MAPPING_START_TOKEN { + if token == nil || token.typ != yaml_BLOCK_SEQUENCE_START_TOKEN && token.typ != yaml_BLOCK_MAPPING_START_TOKEN { return } @@ -813,6 +816,9 @@ func yaml_parser_split_stem_comment(parser *yaml_parser_t, stem_len int) { func yaml_parser_parse_block_mapping_key(parser *yaml_parser_t, event *yaml_event_t, first bool) bool { if first { token := peek_token(parser) + if token == nil { + return false + } parser.marks = append(parser.marks, token.start_mark) skip_token(parser) } @@ -922,6 +928,9 @@ func yaml_parser_parse_block_mapping_value(parser *yaml_parser_t, event *yaml_ev func yaml_parser_parse_flow_sequence_entry(parser *yaml_parser_t, event *yaml_event_t, first bool) bool { if first { token := peek_token(parser) + if token == nil { + return false + } parser.marks = append(parser.marks, token.start_mark) skip_token(parser) } diff --git a/mantle/vendor/modules.txt b/mantle/vendor/modules.txt index 296ee8a0ab..ad5efc56df 100644 --- a/mantle/vendor/modules.txt +++ b/mantle/vendor/modules.txt @@ -156,7 +156,7 @@ github.com/aws/aws-sdk-go/service/sts github.com/aws/aws-sdk-go/service/sts/stsiface # github.com/clarketm/json v1.14.1 github.com/clarketm/json -# github.com/coreos/butane v0.14.0 +# github.com/coreos/butane v0.15.0 github.com/coreos/butane/base/util github.com/coreos/butane/base/v0_1 github.com/coreos/butane/base/v0_2 @@ -171,10 +171,14 @@ github.com/coreos/butane/config/fcos/v1_2 github.com/coreos/butane/config/fcos/v1_3 github.com/coreos/butane/config/fcos/v1_4 github.com/coreos/butane/config/fcos/v1_5_exp +github.com/coreos/butane/config/flatcar/v1_0 +github.com/coreos/butane/config/flatcar/v1_1_exp github.com/coreos/butane/config/openshift/v4_10 github.com/coreos/butane/config/openshift/v4_10/result -github.com/coreos/butane/config/openshift/v4_11_exp -github.com/coreos/butane/config/openshift/v4_11_exp/result +github.com/coreos/butane/config/openshift/v4_11 +github.com/coreos/butane/config/openshift/v4_11/result +github.com/coreos/butane/config/openshift/v4_12_exp +github.com/coreos/butane/config/openshift/v4_12_exp/result github.com/coreos/butane/config/openshift/v4_8 github.com/coreos/butane/config/openshift/v4_8/result github.com/coreos/butane/config/openshift/v4_9 @@ -227,7 +231,7 @@ github.com/coreos/stream-metadata-go/release github.com/coreos/stream-metadata-go/release/rhcos github.com/coreos/stream-metadata-go/stream github.com/coreos/stream-metadata-go/stream/rhcos -# github.com/coreos/vcontext v0.0.0-20211021162308-f1dbbca7bef4 +# github.com/coreos/vcontext v0.0.0-20220603180515-2076d8d16945 github.com/coreos/vcontext/json github.com/coreos/vcontext/path github.com/coreos/vcontext/report @@ -554,5 +558,5 @@ google.golang.org/protobuf/types/known/timestamppb gopkg.in/ini.v1 # gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v2 -# gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b +# gopkg.in/yaml.v3 v3.0.1 gopkg.in/yaml.v3