From 4dded655439e68bdf3dc37abae8bf81274125470 Mon Sep 17 00:00:00 2001 From: Madhu RAJAGOPAL Date: Fri, 19 Jul 2024 12:56:45 +1200 Subject: [PATCH 1/3] Issue 15: Print release and build information * Setup version template in Cobra * Output version info with usage help * As a side upgraded crypto package from v0.21.0 to v.0.23.0 due to a vulnerability as detailed below Vulnerability found in dependency crypto: CVE-2023-42818 9.8 Improper Restriction of Excessive Authentication Attempts vulnerability with High severity found --- cmd/nginx-supportpkg.go | 14 ++++++++++++-- go.mod | 10 +++++----- go.sum | 15 ++++++++------- 3 files changed, 25 insertions(+), 14 deletions(-) diff --git a/cmd/nginx-supportpkg.go b/cmd/nginx-supportpkg.go index becf3e5..223855f 100644 --- a/cmd/nginx-supportpkg.go +++ b/cmd/nginx-supportpkg.go @@ -45,7 +45,7 @@ func Execute() { os.Exit(1) } - collector.Logger.Printf("Starting kubectl-nginx-suportpkg - version: %s - build: %s", version.Version, version.Build) + collector.Logger.Printf("Starting kubectl-nginx-supportpkg - version: %s - build: %s", version.Version, version.Build) collector.Logger.Printf("Input args are %v", os.Args) switch product { @@ -92,7 +92,17 @@ func Execute() { os.Exit(1) } - rootCmd.SetUsageTemplate("Usage: \n nginx-supportpkg [-n|--namespace] ns1 [-n|--namespace] ns2 [-p|--product] nic...\n nginx-supportpkg [-n|--namespace] ns1,ns2 [-p|--product] nic...\n") + versionStr := "nginx-supportpkg - version: " + version.Version + " - build: " + version.Build + "\n" + rootCmd.SetVersionTemplate(versionStr) + rootCmd.Version = versionStr + + rootCmd.SetUsageTemplate( + versionStr + + "Usage:" + + "\n nginx-supportpkg -h|--help" + + "\n nginx-supportpkg -v|--version" + + "\n nginx-supportpkg [-n|--namespace] ns1 [-n|--namespace] ns2 [-p|--product] nic" + + "\n nginx-supportpkg [-n|--namespace] ns1,ns2 [-p|--product] nic \n") if err := rootCmd.Execute(); err != nil { fmt.Println(err) diff --git a/go.mod b/go.mod index 0413b7f..4c32798 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,7 @@ go 1.22.4 require ( github.com/mittwald/go-helm-client v0.12.9 + github.com/spf13/cobra v1.8.0 k8s.io/client-go v0.29.2 ) @@ -84,7 +85,6 @@ require ( github.com/shopspring/decimal v1.3.1 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/spf13/cast v1.6.0 // indirect - github.com/spf13/cobra v1.8.0 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect @@ -94,7 +94,7 @@ require ( go.opentelemetry.io/otel/metric v1.21.0 // indirect go.opentelemetry.io/otel/trace v1.21.0 // indirect go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect - golang.org/x/crypto v0.21.0 // indirect + golang.org/x/crypto v0.23.0 // indirect golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc // indirect golang.org/x/sync v0.5.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect @@ -132,9 +132,9 @@ require ( github.com/spf13/pflag v1.0.5 // indirect golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.15.0 // indirect - golang.org/x/sys v0.18.0 // indirect - golang.org/x/term v0.18.0 // indirect - golang.org/x/text v0.14.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/term v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.5.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/protobuf v1.33.0 // indirect diff --git a/go.sum b/go.sum index 61b1883..d2d3163 100644 --- a/go.sum +++ b/go.sum @@ -371,8 +371,9 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc h1:ao2WRsKSzW6KuUY9IWPwWahcHCgR0s52IfwutMfEbdM= golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -416,20 +417,20 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= From aac3bbcdcaf1390a6e3278a9c01c36b01b1de9b6 Mon Sep 17 00:00:00 2001 From: Madhu RAJAGOPAL Date: Fri, 19 Jul 2024 14:52:02 +1200 Subject: [PATCH 2/3] Issue 23: Collect nginx-ingress version in the NIC pods * Add a new job to the NIC job list to execute ./nginx-ingress --version within the pod --- pkg/jobs/nic_job_list.go | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/pkg/jobs/nic_job_list.go b/pkg/jobs/nic_job_list.go index a5ef822..125579b 100644 --- a/pkg/jobs/nic_job_list.go +++ b/pkg/jobs/nic_job_list.go @@ -434,6 +434,32 @@ func NICJobList() []Job { ch <- jobResult }, }, + { + Name: "exec-nginx-ingress-version", + Timeout: time.Second * 10, + Execute: func(dc *data_collector.DataCollector, ctx context.Context, ch chan JobResult) { + jobResult := JobResult{Files: make(map[string][]byte), Error: nil} + command := []string{"./nginx-ingress", "--version"} + for _, namespace := range dc.Namespaces { + pods, err := dc.K8sCoreClientSet.CoreV1().Pods(namespace).List(ctx, metav1.ListOptions{}) + if err != nil { + dc.Logger.Printf("\tCould not retrieve pod list for namespace %s: %v\n", namespace, err) + } else { + for _, pod := range pods.Items { + if strings.Contains(pod.Name, "ingress") { + res, err := dc.PodExecutor(namespace, pod.Name, command, ctx) + if err != nil { + dc.Logger.Printf("\tCommand execution %s failed for pod %s in namespace %s: %v\n", command, pod.Name, namespace, err) + } else { + jobResult.Files[path.Join(dc.BaseDir, "exec", namespace, pod.Name+"__nginx-ingress-version.txt")] = res + } + } + } + } + } + ch <- jobResult + }, + }, { Name: "crd-objects", Timeout: time.Second * 10, From e4e2c873ab805aaefaafe6e3ba7cbb5506f6ca88 Mon Sep 17 00:00:00 2001 From: Madhu RAJAGOPAL Date: Fri, 19 Jul 2024 15:32:31 +1200 Subject: [PATCH 3/3] Revert "Issue 23: Collect nginx-ingress version in the NIC pods" This reverts commit aac3bbcdcaf1390a6e3278a9c01c36b01b1de9b6. --- pkg/jobs/nic_job_list.go | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/pkg/jobs/nic_job_list.go b/pkg/jobs/nic_job_list.go index 125579b..a5ef822 100644 --- a/pkg/jobs/nic_job_list.go +++ b/pkg/jobs/nic_job_list.go @@ -434,32 +434,6 @@ func NICJobList() []Job { ch <- jobResult }, }, - { - Name: "exec-nginx-ingress-version", - Timeout: time.Second * 10, - Execute: func(dc *data_collector.DataCollector, ctx context.Context, ch chan JobResult) { - jobResult := JobResult{Files: make(map[string][]byte), Error: nil} - command := []string{"./nginx-ingress", "--version"} - for _, namespace := range dc.Namespaces { - pods, err := dc.K8sCoreClientSet.CoreV1().Pods(namespace).List(ctx, metav1.ListOptions{}) - if err != nil { - dc.Logger.Printf("\tCould not retrieve pod list for namespace %s: %v\n", namespace, err) - } else { - for _, pod := range pods.Items { - if strings.Contains(pod.Name, "ingress") { - res, err := dc.PodExecutor(namespace, pod.Name, command, ctx) - if err != nil { - dc.Logger.Printf("\tCommand execution %s failed for pod %s in namespace %s: %v\n", command, pod.Name, namespace, err) - } else { - jobResult.Files[path.Join(dc.BaseDir, "exec", namespace, pod.Name+"__nginx-ingress-version.txt")] = res - } - } - } - } - } - ch <- jobResult - }, - }, { Name: "crd-objects", Timeout: time.Second * 10,