Skip to content

Update Go modules in preparation for releasing 1.6.0#676

Merged
wallrj merged 10 commits into
masterfrom
go-mod-upgrade-2
Jun 25, 2025
Merged

Update Go modules in preparation for releasing 1.6.0#676
wallrj merged 10 commits into
masterfrom
go-mod-upgrade-2

Conversation

@wallrj
Copy link
Copy Markdown
Contributor

@wallrj wallrj commented Jun 25, 2025
edited
Loading

This PR prepares for the 1.6.0 release by updating dependency versions, removing legacy defaults and workarounds, and adjusting related tests and CRDs.

  • Bump Go module dependency versions to their latest stable releases
  • Remove the vcert log prefix workaround and update the test’s expected output
  • Drop default clientId in CRDs and add a placeholder parameter for TPP client ID in the Go client

I used go-mod-upgrade to update most of the dependencies. Committed them in groups with corresponding LICENSE updates

$ go install github.com/oligot/go-mod-upgrade@latest
$ go-mod-upgrade
   • Using directory           dir=/home/richard/projects/venafi/jetstack-secure
All modules are up to date

I updated venafi-connection-lib from the main branch, because there hasn't been a release of the latest changes.

 _bin/tools/go get github.com/jetstack/venafi-connection-lib@main

Perhaps we should do another release, with all the changes to the CRDs.

Testing

I ran the E2E test script and observed it succeed. The certificate in the Kubernetes cluster was uploaded to Venafi and processed and appeared in the inventory API.

$ make test-e2e-gke
...
{
  "ts": 1750851145018.8037,
  "caller": "transport/round_trippers.go:632",
  "msg": "Response",
  "v": 6,
  "logger": "Run.gatherAndOutputData",
  "verb": "POST",
  "url": "https://api.venafi.cloud/v1/tlspk/upload/clusterdata/no?description=QSBraW5kIGNsdXN0ZXIgdXNlZCBmb3IgdGVzdGluZyB0aGUgdmVuYWZpLWt1YmVybmV0ZXMtYWdlbnQuCg&name=venafi-kubernetes-agent-e2e",
  "status": "200 OK",
  "milliseconds": 873
}
{"ts":1750851145018.8594,"caller":"agent/run.go:437","msg":"Data sent successfully","v":0,"logger":"Run.gatherAndOutputData.postData"}
...
{
  "count": 1,
  "certificates": [
    {
      "id": "7dd133e0-51b8-11f0-882e-6da8385babd5",
      "companyId": "756db001-280e-11ee-84fb-991f3177e2d0",
      "managedCertificateId": "7ea5c1f0-51b8-11f0-8458-dd08c7765301",
      "fingerprint": "AAE51BBF7B4974295A7BCB00243AA591E34F5135",
      "certificateName": "venafi-kubernetes-agent-e2e.5b401945-ebab-4551-a90a-3c811fa32c76",
      "issuerCertificateIds": [],
      "certificateStatus": "ACTIVE",
      "modificationDate": "2025-06-25T11:35:28.901+00:00",
      "validityStart": "2025-06-25T11:32:36.000+00:00",
      "validityEnd": "2026-06-25T11:32:36.000+00:00",
      "selfSigned": true,
      "signatureAlgorithm": "SHA256_WITH_RSA_ENCRYPTION",
      "signatureHashAlgorithm": "SHA256",
      "encryptionType": "RSA",
      "keyStrength": 2048,
      "subjectKeyIdentifierHash": "DD371FF27032C1CF0C3B175D29216804A4066084",
      "authorityKeyIdentifierHash": "DD371FF27032C1CF0C3B175D29216804A4066084",
      "serialNumber": "6FB0BC46C7076A0870AAB381407230BD84302560",
      "subjectDN": "cn=venafi-kubernetes-agent-e2e.5b401945-ebab-4551-a90a-3c811fa32c76",
      "subjectCN": [
        "venafi-kubernetes-agent-e2e.5b401945-ebab-4551-a90a-3c811fa32c76"
      ],
      "subjectAlternativeNamesByType": {
        "otherName": [],
        "rfc822Name": [],
        "dNSName": [],
        "x400Address": [],
        "directoryName": [],
        "ediPartyName": [],
        "uniformResourceIdentifier": [],
        "iPAddress": [],
        "registeredID": []
      },
      "issuerDN": "cn=venafi-kubernetes-agent-e2e.5b401945-ebab-4551-a90a-3c811fa32c76",
      "issuerCN": [
        "venafi-kubernetes-agent-e2e.5b401945-ebab-4551-a90a-3c811fa32c76"
      ],
      "ocspNoCheck": false,
      "versionType": "CURRENT",
      "totalInstanceCount": 1,
      "totalActiveInstanceCount": 0,
      "instances": [],
      "ownership": {}
    }
  ]
}
+ exit 0

The VenafiConnection resource status showed the token status of the venafi-kubernetes-agent alongside those of the other components:

$ kubectl describe -n venafi venaficonnections.jetstack.io
Name:         venafi-components
Namespace:    venafi
Labels:       <none>
Annotations:  <none>
API Version:  jetstack.io/v1alpha1
Kind:         VenafiConnection
Metadata:
  Creation Timestamp:  2025-05-08T14:39:22Z
  Generation:          2
  Resource Version:    50469262
  UID:                 1acb703f-dccc-4e3c-8430-1ad2d524abdb
Spec:
  Allow References From:
  Vcp:
    Access Token:
      Service Account Token:
        Audiences:
          https://api.venafi.cloud
        Name:  venafi-components
      Vcp O Auth:
        Tenant ID:  xxx
    URL:            https://api.venafi.cloud
Status:
  Conditions:
    Last Transition Time:  2025-06-03T03:10:33Z
    Last Update Time:      2025-06-25T11:30:28Z
    Message:               Generated a new token
    Observed Generation:   2
    Reason:                TokenGenerated
    Status:                True
    Token Valid Until:     2025-06-25T11:45:28Z
    Type:                  ApproverPolicyVenafiReady
    Last Transition Time:  2025-06-15T21:12:23Z
    Last Update Time:      2025-06-25T11:23:53Z
    Message:               Generated a new token
    Observed Generation:   2
    Reason:                TokenGenerated
    Status:                True
    Token Valid Until:     2025-06-25T11:38:53Z
    Type:                  VenafiEnhancedIssuerReady
    Last Transition Time:  2025-05-28T04:21:20Z
    Last Update Time:      2025-06-25T11:32:24Z
    Message:               Generated a new token
    Observed Generation:   2
    Reason:                TokenGenerated
    Status:                True
    Token Valid Until:     2025-06-25T11:47:24Z
    Type:                  VenafiKubernetesAgentReady
Events:                    <none>

The logs were JSON formatted and could be read by jl

$ kubectl logs -n venafi deployments/venafi-kubernetes-agent --follow  | jl --max-field-length=0
...

[2025-06-25 11:39:27] Response [caller=transport/round_trippers.go:632 milliseconds=2 status=200 OK url=https://34.118.224.1:443/version?timeout=32s verb=GET]
[2025-06-25 11:39:27] Successfully gathered [caller=agent/run.go:391 count=1 logger=Run.gatherAndOutputData.gatherData]
[2025-06-25 11:39:27] Successfully gathered [caller=agent/run.go:391 count=15 logger=Run.gatherAndOutputData.gatherData]
[2025-06-25 11:39:27] Successfully gathered [caller=agent/run.go:391 count=14 logger=Run.gatherAndOutputData.gatherData]
[2025-06-25 11:39:27] Successfully gathered [caller=agent/run.go:391 count=0 logger=Run.gatherAndOutputData.gatherData]
[2025-06-25 11:39:27] Posting data [baseURL= caller=agent/run.go:425 logger=Run.gatherAndOutputData.postData]
[2025-06-25 11:39:27] Response [caller=transport/round_trippers.go:632 logger=Run.gatherAndOutputData milliseconds=165 status=200 OK url=https://api.venafi.cloud/v1/tlspk/upload/clusterdata/no?description=QSBraW5kIGNsdXN0ZXIgdXNlZCBmb3IgdGVzdGluZyB0aGUgdmVuYWZpLWt1YmVybmV0ZXMtYWdlbnQuCg&name=venafi-kubernetes-agent-e2e verb=POST]
[2025-06-25 11:39:27] Data sent successfully [caller=agent/run.go:437 logger=Run.gatherAndOutputData.postData]
...

@wallrj-cyberark
Update k8s.io dependencies
df694c0 
Signed-off-by: Richard Wall <richard.wall@cyberark.com>
@wallrj-cyberark
Update controller-runtime dependencies
86276b2 
Signed-off-by: Richard Wall <richard.wall@cyberark.com>
@wallrj-cyberark
Update vcert dependencies
65cc454 
Signed-off-by: Richard Wall <richard.wall@cyberark.com>
@wallrj-cyberark
Update cobra dependencies
406b2f3 
Signed-off-by: Richard Wall <richard.wall@cyberark.com>
@wallrj-cyberark
Update go-logr dependencies
b7f1bfc 
Signed-off-by: Richard Wall <richard.wall@cyberark.com>
@wallrj-cyberark
Update github.com/fatih/color
fafdc91 
Signed-off-by: Richard Wall <richard.wall@cyberark.com>
@wallrj-cyberark
_bin/tools/go get github.com/jetstack/venafi-connection-lib@main
daf4640 
make go-tidy generate-go-licenses

Signed-off-by: Richard Wall <richard.wall@cyberark.com>
@wallrj-cyberark
Add missing venafi-connection-lib NewConnectionHandler argument
7a58cf9 
Signed-off-by: Richard Wall <richard.wall@cyberark.com>
@wallrj-cyberark
Remove obsolete work around for vcert logging prefix
50d007d 
Signed-off-by: Richard Wall <richard.wall@cyberark.com>
wallrj
wallrj commented Jun 25, 2025
View reviewed changes
Comment thread LICENSES
github.com/google/uuid,BSD-3-Clause
github.com/gorilla/css/scanner,BSD-3-Clause
github.com/gorilla/websocket,BSD-3-Clause
github.com/gorilla/websocket,BSD-2-Clause
Copy link
Copy Markdown
Contributor Author

@wallrj wallrj Jun 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked this license and I think it's ok. It's one of two BSD-2 licensed dependency

$ git grep BSD-2
LICENSES:github.com/gorilla/websocket,BSD-2-Clause
LICENSES:github.com/pkg/errors,BSD-2-Clause

image
https://github.com/gorilla/websocket/blob/main/LICENSE

wallrj
wallrj commented Jun 25, 2025
View reviewed changes
Comment thread go.mod
github.com/google/uuid v1.6.0
github.com/hashicorp/go-multierror v1.1.1
github.com/jetstack/venafi-connection-lib v0.3.2-0.20250305134451-ec1757b9e01b
github.com/jetstack/venafi-connection-lib v0.4.1-0.20250617093438-475079c98311
Copy link
Copy Markdown
Contributor Author

@wallrj wallrj Jun 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/jetstack/venafi-connection-lib/compare/ec1757b9e01b...475079c98311

wallrj
wallrj commented Jun 25, 2025
View reviewed changes
Comment thread pkg/client/client_venconn.go
wallrj
wallrj commented Jun 25, 2025
View reviewed changes
Comment thread go.mod

require (
github.com/Venafi/vcert/v5 v5.8.1
github.com/Venafi/vcert/v5 v5.10.2
Copy link
Copy Markdown
Contributor Author

@wallrj wallrj Jun 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Venafi/vcert@v5.8.1...v5.10.2

wallrj
wallrj commented Jun 25, 2025
View reviewed changes
Comment thread pkg/logs/logs.go
// This is a work around for a bug in vcert where it adds a `vCert: ` prefix
// to the global log logger. It can be removed when this is fixed upstream
// in vcert: https://github.com/Venafi/vcert/pull/512
vcertLog.SetPrefix("")
Copy link
Copy Markdown
Contributor Author

@wallrj wallrj Jun 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This bug has now been fixed and released since vcert 5.8.2

@wallrj-cyberark
make generate-crds-venconn
d9232ac 
Signed-off-by: Richard Wall <richard.wall@cyberark.com>
@wallrj wallrj requested a review from Copilot June 25, 2025 11:26
Copilot AI reviewed Jun 25, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR prepares for the 1.6.0 release by updating dependency versions, removing legacy defaults and workarounds, and adjusting related tests and CRDs.

  • Bump Go module dependency versions to their latest stable releases
  • Remove the vcert log prefix workaround and update the test’s expected output
  • Drop default clientId in CRDs and add a placeholder parameter for TPP client ID in the Go client

Reviewed Changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated no comments.

Show a summary per file
File Description
pkg/logs/logs_test.go Update expected log output after removing the vCert: prefix
pkg/logs/logs.go Remove workaround for vcert’s log prefix
pkg/client/client_venconn.go Add placeholder unusedTPPDefaultClientID parameter in client builder
go.mod Bump multiple module versions for dependencies
deploy/charts/venafi-kubernetes-agent/templates/venafi-connection-crd.yaml Remove default clientId entries
deploy/charts/venafi-kubernetes-agent/templates/venafi-connection-crd.without-validations.yaml Remove default clientId entries
deploy/charts/venafi-kubernetes-agent/crd_bases/jetstack.io_venaficonnections.yaml Update controller-gen version, remove default clientId entries
LICENSES Sync license entries with updated dependencies
Comments suppressed due to low confidence (2)

pkg/client/client_venconn.go:89

  • [nitpick] The variable name unusedTPPDefaultClientID suggests it’s never used. Consider renaming it to something like tppDefaultClientID or inlining "" directly if it’s intentionally an empty placeholder.
	var unusedTPPDefaultClientID string

pkg/logs/logs_test.go:120

  • The timestamp format here omits fractional seconds, whereas other log lines include .000000. Consider aligning the expected output to match the actual log format.
0000/00/00 00:00:00 log Print

@wallrj wallrj changed the title WIP: Update Go modules in preparation for releasing 1.6.0 Update Go modules in preparation for releasing 1.6.0 Jun 25, 2025
@wallrj wallrj requested a review from inteon June 25, 2025 11:44
@wallrj wallrj merged commit 32d8a81 into master Jun 25, 2025
2 checks passed
@wallrj wallrj deleted the go-mod-upgrade-2 branch June 25, 2025 13:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@inteon inteon inteon approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@wallrj @inteon @wallrj-cyberark