diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4f31c542ff..6ff49763a8 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -51,6 +51,7 @@ jobs: contents: write steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: ./tools/github-actions/reclaim-storage - name: Extract Release Tag and Commit SHA id: vars diff --git a/examples/extension-server/go.mod b/examples/extension-server/go.mod index 0d41a8f0ea..9f230c2fd5 100644 --- a/examples/extension-server/go.mod +++ b/examples/extension-server/go.mod @@ -38,12 +38,12 @@ require ( github.com/x448/float16 v0.8.4 // indirect github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect go.yaml.in/yaml/v2 v2.4.2 // indirect - golang.org/x/mod v0.26.0 // indirect - golang.org/x/net v0.42.0 // indirect - golang.org/x/sync v0.16.0 // indirect - golang.org/x/sys v0.34.0 // indirect - golang.org/x/text v0.27.0 // indirect - golang.org/x/tools v0.35.0 // indirect + golang.org/x/mod v0.29.0 // indirect + golang.org/x/net v0.47.0 // indirect + golang.org/x/sync v0.18.0 // indirect + golang.org/x/sys v0.38.0 // indirect + golang.org/x/text v0.31.0 // indirect + golang.org/x/tools v0.38.0 // indirect golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250728155136-f173205681a0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250728155136-f173205681a0 // indirect diff --git a/examples/extension-server/go.sum b/examples/extension-server/go.sum index 3c55d56ae5..a02f39ada2 100644 --- a/examples/extension-server/go.sum +++ b/examples/extension-server/go.sum @@ -123,35 +123,35 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg= -golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ= +golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= +golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= -golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= +golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= +golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= -golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= +golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= -golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= +golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4= -golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= +golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= +golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0= -golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw= +golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= +golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= golang.org/x/tools/go/expect v0.1.0-deprecated h1:jY2C5HGYR5lqex3gEniOQL0r7Dq5+VGVgY1nudX5lXY= golang.org/x/tools/go/expect v0.1.0-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= diff --git a/go.mod b/go.mod index 762e5a5fda..f7e18a6d2a 100644 --- a/go.mod +++ b/go.mod @@ -64,7 +64,7 @@ require ( go.opentelemetry.io/proto/otlp v1.7.1 go.uber.org/zap v1.27.0 golang.org/x/exp v0.0.0-20250718183923-645b1fa84792 - golang.org/x/net v0.42.0 + golang.org/x/net v0.47.0 gomodules.xyz/jsonpatch/v2 v2.5.0 google.golang.org/genproto/googleapis/api v0.0.0-20250728155136-f173205681a0 google.golang.org/grpc v1.75.1 @@ -479,17 +479,17 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.yaml.in/yaml/v2 v2.4.2 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/crypto v0.40.0 // indirect + golang.org/x/crypto v0.45.0 // indirect golang.org/x/crypto/x509roots/fallback v0.0.0-20250406160420-959f8f3db0fb // indirect golang.org/x/exp/typeparams v0.0.0-20250620022241-b7579e27df2b // indirect - golang.org/x/mod v0.26.0 // indirect + golang.org/x/mod v0.29.0 // indirect golang.org/x/oauth2 v0.30.0 // indirect - golang.org/x/sync v0.16.0 // indirect - golang.org/x/sys v0.34.0 // indirect - golang.org/x/term v0.33.0 // indirect - golang.org/x/text v0.27.0 // indirect + golang.org/x/sync v0.18.0 // indirect + golang.org/x/sys v0.38.0 // indirect + golang.org/x/term v0.37.0 // indirect + golang.org/x/text v0.31.0 // indirect golang.org/x/time v0.12.0 // indirect - golang.org/x/tools v0.35.0 // indirect + golang.org/x/tools v0.38.0 // indirect golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250728155136-f173205681a0 // indirect google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 // indirect diff --git a/go.sum b/go.sum index 87148be0b3..1e681262a7 100644 --- a/go.sum +++ b/go.sum @@ -1170,8 +1170,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= -golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM= -golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= +golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q= +golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4= golang.org/x/crypto/x509roots/fallback v0.0.0-20250406160420-959f8f3db0fb h1:Iu0p/klM0SM7atONioa/bPhLS7cjhnip99x1OIGibwg= golang.org/x/crypto/x509roots/fallback v0.0.0-20250406160420-959f8f3db0fb/go.mod h1:lxN5T34bK4Z/i6cMaU7frUU57VkDXFD4Kamfl/cp9oU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1193,8 +1193,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg= -golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ= +golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= +golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1215,8 +1215,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= -golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= +golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= +golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= @@ -1231,8 +1231,8 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= -golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= -golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= +golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1265,16 +1265,16 @@ golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= -golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= +golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg= -golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0= +golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU= +golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -1283,8 +1283,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4= -golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= +golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= +golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1309,8 +1309,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= -golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0= -golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw= +golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= +golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM= golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= diff --git a/internal/gatewayapi/envoyextensionpolicy.go b/internal/gatewayapi/envoyextensionpolicy.go index 26b878a956..c0f58399d9 100644 --- a/internal/gatewayapi/envoyextensionpolicy.go +++ b/internal/gatewayapi/envoyextensionpolicy.go @@ -314,7 +314,12 @@ func (t *Translator) translateEnvoyExtensionPolicyForRoute( prefix := irRoutePrefix(route) parentRefs := GetParentReferences(route) for _, p := range parentRefs { - parentRefCtx := GetRouteParentContext(route, p, t.GatewayControllerName) + // Skip if this parentRef was not processed by this translator + // (e.g., references a Gateway with a different GatewayClass) + parentRefCtx := route.GetRouteParentContext(p) + if parentRefCtx == nil { + continue + } gtwCtx := parentRefCtx.GetGateway() if gtwCtx == nil { continue diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go index cb58a09b90..9989e74eb3 100644 --- a/internal/gatewayapi/securitypolicy.go +++ b/internal/gatewayapi/securitypolicy.go @@ -659,7 +659,12 @@ func (t *Translator) translateSecurityPolicyForRoute( prefix := irRoutePrefix(route) parentRefs := GetParentReferences(route) for _, p := range parentRefs { - parentRefCtx := GetRouteParentContext(route, p, t.GatewayControllerName) + // Skip if this parentRef was not processed by this translator + // (e.g., references a Gateway with a different GatewayClass) + parentRefCtx := route.GetRouteParentContext(p) + if parentRefCtx == nil { + continue + } gtwCtx := parentRefCtx.GetGateway() if gtwCtx == nil { continue @@ -1334,15 +1339,42 @@ func (t *Translator) buildOIDCProvider(policy *egv1a1.SecurityPolicy, resources // Discover the token and authorization endpoints from the issuer's well-known url if not explicitly specified. // EG assumes that the issuer url uses the same protocol and CA as the token endpoint. // If we need to support different protocols or CAs, we need to add more fields to the OIDCProvider CRD. - if provider.TokenEndpoint == nil || provider.AuthorizationEndpoint == nil { + var ( + userProvidedAuthorizationEndpoint = ptr.Deref(provider.AuthorizationEndpoint, "") + userProvidedTokenEndpoint = ptr.Deref(provider.TokenEndpoint, "") + userProvidedEndSessionEndpoint = ptr.Deref(provider.EndSessionEndpoint, "") + ) + + // Authorization endpoint and token endpoint are required fields. + // If either of them is not provided, we need to fetch them from the issuer's well-known url. + if userProvidedAuthorizationEndpoint == "" || userProvidedTokenEndpoint == "" { + // Fetch the endpoints from the issuer's well-known url. discoveredConfig, err := fetchEndpointsFromIssuer(provider.Issuer, providerTLS) if err != nil { return nil, fmt.Errorf("error fetching endpoints from issuer: %w", err) } - tokenEndpoint = discoveredConfig.TokenEndpoint - authorizationEndpoint = discoveredConfig.AuthorizationEndpoint - // endSessionEndpoint is optional, and we prioritize using the one provided in the well-known configuration. - if discoveredConfig.EndSessionEndpoint != nil && *discoveredConfig.EndSessionEndpoint != "" { + + // Prioritize using the explicitly provided authorization endpoints if available. + // This allows users to add extra parameters to the authorization endpoint if needed. + if userProvidedAuthorizationEndpoint != "" { + authorizationEndpoint = userProvidedAuthorizationEndpoint + } else { + authorizationEndpoint = discoveredConfig.AuthorizationEndpoint + } + + // Prioritize using the explicitly provided token endpoints if available. + // This may not be necessary, but we do it for consistency with authorization endpoint. + if userProvidedTokenEndpoint != "" { + tokenEndpoint = userProvidedTokenEndpoint + } else { + tokenEndpoint = discoveredConfig.TokenEndpoint + } + + // Prioritize using the explicitly provided end session endpoints if available. + // This may not be necessary, but we do it for consistency with other endpoints. + if userProvidedEndSessionEndpoint != "" { + endSessionEndpoint = &userProvidedEndSessionEndpoint + } else { endSessionEndpoint = discoveredConfig.EndSessionEndpoint } } else { diff --git a/internal/gatewayapi/status/gateway.go b/internal/gatewayapi/status/gateway.go index fd4785b33c..374a164c85 100644 --- a/internal/gatewayapi/status/gateway.go +++ b/internal/gatewayapi/status/gateway.go @@ -151,7 +151,7 @@ func SetGatewayListenerStatusCondition(gateway *gwapiv1.Gateway, listenerStatusI const ( messageAddressNotAssigned = "No addresses have been assigned to the Gateway" - messageFmtTooManyAddresses = "Too many addresses (%d) have been assigned to the Gateway, the maximum number of addresses is 16" + messageFmtTooManyAddresses = "Too many addresses (%d) have been assigned to the Gateway; only the first 16 are included in the status." messageNoResources = "Envoy replicas unavailable" messageFmtProgrammed = "Address assigned to the Gateway, %d/%d envoy replicas available" ) @@ -168,7 +168,7 @@ func updateGatewayProgrammedCondition(gw *gwapiv1.Gateway, envoyObj client.Objec if len(gw.Status.Addresses) > 16 { gw.Status.Conditions = MergeConditions(gw.Status.Conditions, - newCondition(string(gwapiv1.GatewayConditionProgrammed), metav1.ConditionFalse, string(gwapiv1.GatewayReasonInvalid), + newCondition(string(gwapiv1.GatewayConditionProgrammed), metav1.ConditionTrue, string(gwapiv1.GatewayReasonProgrammed), fmt.Sprintf(messageFmtTooManyAddresses, len(gw.Status.Addresses)), time.Now(), gw.Generation)) // Truncate the addresses to 16 diff --git a/internal/gatewayapi/status/gateway_test.go b/internal/gatewayapi/status/gateway_test.go index fb6fa0faad..87290e8d6d 100644 --- a/internal/gatewayapi/status/gateway_test.go +++ b/internal/gatewayapi/status/gateway_test.go @@ -377,14 +377,14 @@ func TestUpdateGatewayProgrammedCondition(t *testing.T) { }, }, { - name: "not ready gateway with too many addresses", + name: "ready gateway with too many addresses", serviceAddressNum: 17, deploymentStatus: appsv1.DeploymentStatus{AvailableReplicas: 1}, expectCondition: []metav1.Condition{ { Type: string(gwapiv1.GatewayConditionProgrammed), - Status: metav1.ConditionFalse, - Reason: string(gwapiv1.GatewayReasonInvalid), + Status: metav1.ConditionTrue, + Reason: string(gwapiv1.GatewayReasonProgrammed), Message: fmt.Sprintf(messageFmtTooManyAddresses, 17), }, }, diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc.in.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc.in.yaml index 5a69a72b74..f35c049256 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-oidc.in.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc.in.yaml @@ -14,6 +14,13 @@ secrets: data: client-secret: Y2xpZW50MTpzZWNyZXQK client-id: Y2xpZW50Mi5vYXV0aC5mb28uY29t +- apiVersion: v1 + kind: Secret + metadata: + namespace: default + name: client3-secret + data: + client-secret: Y2xpZW50MTpzZWNyZXQK - apiVersion: v1 kind: Secret metadata: @@ -75,6 +82,25 @@ httpRoutes: backendRefs: - name: service-1 port: 8080 +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-3 + spec: + hostnames: + - www.example.com + parentRefs: + - namespace: envoy-gateway + name: gateway-1 + sectionName: http + rules: + - matches: + - path: + value: "/baz" + backendRefs: + - name: service-1 + port: 8080 securityPolicies: - apiVersion: gateway.envoyproxy.io/v1alpha1 kind: SecurityPolicy @@ -128,3 +154,26 @@ securityPolicies: refreshToken: true defaultRefreshTokenTTL: 48h cookieDomain: "example.com" +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: SecurityPolicy + metadata: + namespace: default + name: policy-for-http-route-3 + spec: + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: httproute-3 + oidc: + provider: + issuer: "https://accounts.google.com" + authorizationEndpoint: "https://accounts.google.com/o/oauth2/v2/auth?foo=bar" # custom auth endpoint with query params, should be used as is + clientID: "client1.apps.googleusercontent.com" + clientSecret: + name: "client3-secret" + redirectURL: "https://www.example.com/bar/oauth2/callback" + logoutPath: "/bar/logout" + forwardAccessToken: true + defaultTokenTTL: 30m + refreshToken: true + defaultRefreshTokenTTL: 24h diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml index 1c603f2981..2134f4f362 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml @@ -16,7 +16,7 @@ gateways: protocol: HTTP status: listeners: - - attachedRoutes: 2 + - attachedRoutes: 3 conditions: - lastTransitionTime: null message: Sending translated listener configuration to the data plane @@ -116,6 +116,44 @@ httpRoutes: name: gateway-1 namespace: envoy-gateway sectionName: http +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-3 + namespace: default + spec: + hostnames: + - www.example.com + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: http + rules: + - backendRefs: + - name: service-1 + port: 8080 + matches: + - path: + value: /baz + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway + sectionName: http infraIR: envoy-gateway/gateway-1: proxy: @@ -190,6 +228,47 @@ securityPolicies: status: "True" type: Accepted controllerName: gateway.envoyproxy.io/gatewayclass-controller +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: SecurityPolicy + metadata: + creationTimestamp: null + name: policy-for-http-route-3 + namespace: default + spec: + oidc: + clientID: client1.apps.googleusercontent.com + clientSecret: + group: null + kind: null + name: client3-secret + defaultRefreshTokenTTL: 24h + defaultTokenTTL: 30m + forwardAccessToken: true + logoutPath: /bar/logout + provider: + authorizationEndpoint: https://accounts.google.com/o/oauth2/v2/auth?foo=bar + issuer: https://accounts.google.com + redirectURL: https://www.example.com/bar/oauth2/callback + refreshToken: true + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: httproute-3 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller - apiVersion: gateway.envoyproxy.io/v1alpha1 kind: SecurityPolicy metadata: @@ -231,7 +310,7 @@ securityPolicies: type: Accepted - lastTransitionTime: null message: 'This policy is being overridden by other securityPolicies for these - routes: [default/httproute-1]' + routes: [default/httproute-1 default/httproute-3]' reason: Overridden status: "True" type: Overridden @@ -374,6 +453,54 @@ xdsIR: refreshToken: true scopes: - openid + - destination: + metadata: + kind: HTTPRoute + name: httproute-3 + namespace: default + name: httproute/default/httproute-3/rule/0 + settings: + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8080 + metadata: + name: service-1 + namespace: default + sectionName: "8080" + name: httproute/default/httproute-3/rule/0/backend/0 + protocol: HTTP + weight: 1 + hostname: www.example.com + isHTTP2: false + metadata: + kind: HTTPRoute + name: httproute-3 + namespace: default + name: httproute/default/httproute-3/rule/0/match/0/www_example_com + pathMatch: + distinct: false + name: "" + prefix: /baz + security: + oidc: + clientID: client1.apps.googleusercontent.com + clientSecret: '[redacted]' + cookieSuffix: 811c9dc5 + defaultRefreshTokenTTL: 24h0m0s + defaultTokenTTL: 30m0s + forwardAccessToken: true + hmacSecret: '[redacted]' + logoutPath: /bar/logout + name: securitypolicy/default/policy-for-http-route-3 + provider: + authorizationEndpoint: https://accounts.google.com/o/oauth2/v2/auth?foo=bar + tokenEndpoint: https://oauth2.googleapis.com/token + redirectPath: /bar/oauth2/callback + redirectURL: https://www.example.com/bar/oauth2/callback + refreshToken: true + scopes: + - openid readyListener: address: 0.0.0.0 ipFamily: IPv4 diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go index 12290d05f9..2a12b8bddc 100644 --- a/internal/provider/kubernetes/controller.go +++ b/internal/provider/kubernetes/controller.go @@ -2444,8 +2444,10 @@ func (r *gatewayAPIReconciler) processGatewayClassParamsRef(ctx context.Context, } ep := new(egv1a1.EnvoyProxy) - if err := r.client.Get(ctx, types.NamespacedName{Namespace: string(*gc.Spec.ParametersRef.Namespace), Name: gc.Spec.ParametersRef.Name}, ep); err != nil { - return fmt.Errorf("failed to find envoyproxy %s/%s: %w", r.namespace, gc.Spec.ParametersRef.Name, err) + ns := ptr.Deref(gc.Spec.ParametersRef.Namespace, "default") + nn := types.NamespacedName{Namespace: string(ns), Name: gc.Spec.ParametersRef.Name} + if err := r.client.Get(ctx, nn, ep); err != nil { + return fmt.Errorf("failed to find envoyproxy %s/%s for GatewayClass %s: %w", nn.Namespace, nn.Name, gc.Name, err) } // Check for incompatible configuration: both MergeGateways and GatewayNamespaceMode enabled diff --git a/internal/provider/kubernetes/helpers.go b/internal/provider/kubernetes/helpers.go index 634f64aef9..53692f1f3d 100644 --- a/internal/provider/kubernetes/helpers.go +++ b/internal/provider/kubernetes/helpers.go @@ -12,6 +12,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" mcsapiv1a1 "sigs.k8s.io/mcs-api/pkg/apis/v1alpha1" @@ -170,8 +171,9 @@ func classRefsEnvoyProxy(gc *gwapiv1.GatewayClass, ep *egv1a1.EnvoyProxy) bool { return false } + ns := ptr.Deref(gc.Spec.ParametersRef.Namespace, "default") return refsEnvoyProxy(gc) && - string(*gc.Spec.ParametersRef.Namespace) == ep.Namespace && + string(ns) == ep.Namespace && gc.Spec.ParametersRef.Name == ep.Name } @@ -184,7 +186,6 @@ func refsEnvoyProxy(gc *gwapiv1.GatewayClass) bool { return gc.Spec.ParametersRef != nil && string(gc.Spec.ParametersRef.Group) == egv1a1.GroupVersion.Group && gc.Spec.ParametersRef.Kind == egv1a1.KindEnvoyProxy && - gc.Spec.ParametersRef.Namespace != nil && len(gc.Spec.ParametersRef.Name) > 0 } diff --git a/internal/provider/kubernetes/helpers_test.go b/internal/provider/kubernetes/helpers_test.go index 38a634f9c7..e76bce289d 100644 --- a/internal/provider/kubernetes/helpers_test.go +++ b/internal/provider/kubernetes/helpers_test.go @@ -326,7 +326,7 @@ func TestRefsEnvoyProxy(t *testing.T) { }, }, }, - expect: false, + expect: true, }, } diff --git a/internal/provider/kubernetes/predicates.go b/internal/provider/kubernetes/predicates.go index 3f45b2da08..3c900d71a4 100644 --- a/internal/provider/kubernetes/predicates.go +++ b/internal/provider/kubernetes/predicates.go @@ -738,7 +738,8 @@ func (r *gatewayAPIReconciler) envoyServiceForGateway(ctx context.Context, gatew return &services.Items[0], nil } -// findOwningGateway attempts finds a Gateway using "labels". +// findOwningGateway finds a Gateway using the provided labels. +// Returns the Gateway only if it belongs to this controller, or nil otherwise. func (r *gatewayAPIReconciler) findOwningGateway(ctx context.Context, labels map[string]string) *gwapiv1.Gateway { gwName, ok := labels[gatewayapi.OwningGatewayNameLabel] if !ok { @@ -757,6 +758,10 @@ func (r *gatewayAPIReconciler) findOwningGateway(ctx context.Context, labels map return nil } + if !r.validateGatewayForReconcile(gtw) { + return nil + } + return gtw } diff --git a/internal/provider/kubernetes/predicates_test.go b/internal/provider/kubernetes/predicates_test.go index 3a760f587f..426e04c447 100644 --- a/internal/provider/kubernetes/predicates_test.go +++ b/internal/provider/kubernetes/predicates_test.go @@ -6,6 +6,7 @@ package kubernetes import ( + "context" "fmt" "os" "testing" @@ -177,6 +178,90 @@ func TestValidateGatewayForReconcile(t *testing.T) { } } +func TestFindOwningGateway(t *testing.T) { + controllerName := gwapiv1.GatewayController("example.com/foo") + otherControllerName := gwapiv1.GatewayController("example.com/bar") + + testCases := []struct { + name string + configs []client.Object + labels map[string]string + expect *gwapiv1.Gateway + }{ + { + name: "returns Gateway when it belongs to this controller", + configs: []client.Object{ + test.GetGatewayClass("test-gc", controllerName, nil), + test.GetGateway(types.NamespacedName{Namespace: "default", Name: "test-gw"}, "test-gc", 8080), + }, + labels: map[string]string{ + gatewayapi.OwningGatewayNameLabel: "test-gw", + gatewayapi.OwningGatewayNamespaceLabel: "default", + }, + expect: test.GetGateway(types.NamespacedName{Namespace: "default", Name: "test-gw"}, "test-gc", 8080), + }, + { + name: "returns nil when Gateway belongs to different controller", + configs: []client.Object{ + test.GetGatewayClass("test-gc", otherControllerName, nil), + test.GetGateway(types.NamespacedName{Namespace: "default", Name: "test-gw"}, "test-gc", 8080), + }, + labels: map[string]string{ + gatewayapi.OwningGatewayNameLabel: "test-gw", + gatewayapi.OwningGatewayNamespaceLabel: "default", + }, + expect: nil, + }, + { + name: "returns nil when Gateway name label is missing", + configs: []client.Object{}, + labels: map[string]string{ + gatewayapi.OwningGatewayNamespaceLabel: "default", + }, + expect: nil, + }, + { + name: "returns nil when Gateway namespace label is missing", + configs: []client.Object{}, + labels: map[string]string{ + gatewayapi.OwningGatewayNameLabel: "test-gw", + }, + expect: nil, + }, + { + name: "returns nil when Gateway does not exist", + configs: []client.Object{}, + labels: map[string]string{ + gatewayapi.OwningGatewayNameLabel: "non-existent", + gatewayapi.OwningGatewayNamespaceLabel: "default", + }, + expect: nil, + }, + } + + logger := logging.DefaultLogger(os.Stdout, egv1a1.LogLevelInfo) + + r := gatewayAPIReconciler{ + classController: controllerName, + log: logger, + } + + for _, tc := range testCases { + r.client = fakeclient.NewClientBuilder().WithScheme(envoygateway.GetScheme()).WithObjects(tc.configs...).Build() + t.Run(tc.name, func(t *testing.T) { + ctx := context.Background() + res := r.findOwningGateway(ctx, tc.labels) + if tc.expect == nil { + require.Nil(t, res) + } else { + require.NotNil(t, res) + require.Equal(t, tc.expect.Name, res.Name) + require.Equal(t, tc.expect.Namespace, res.Namespace) + } + }) + } +} + // TestValidateConfigMapForReconcile tests the validateConfigMapForReconcile // predicate function. func TestValidateConfigMapForReconcile(t *testing.T) { diff --git a/internal/xds/cache/snapshotcache.go b/internal/xds/cache/snapshotcache.go index 96bf0238c2..33c4cad18b 100644 --- a/internal/xds/cache/snapshotcache.go +++ b/internal/xds/cache/snapshotcache.go @@ -55,11 +55,14 @@ type snapshotMap map[string]*cachev3.Snapshot type nodeInfoMap map[int64]*corev3.Node +type nodeFrequencyMap map[string]int + type streamDurationMap map[int64]time.Time type snapshotCache struct { cachev3.SnapshotCache streamIDNodeInfo nodeInfoMap + nodeFrequency nodeFrequencyMap streamDuration streamDurationMap deltaStreamDuration streamDurationMap snapshotVersion int64 @@ -133,6 +136,7 @@ func NewSnapshotCache(ads bool, logger logging.Logger) SnapshotCacheWithCallback log: wrappedLogger, lastSnapshot: make(snapshotMap), streamIDNodeInfo: make(nodeInfoMap), + nodeFrequency: make(nodeFrequencyMap), streamDuration: make(streamDurationMap), deltaStreamDuration: make(streamDurationMap), } @@ -179,6 +183,15 @@ func (s *snapshotCache) OnStreamClosed(streamID int64, node *corev3.Node) { delete(s.streamIDNodeInfo, streamID) delete(s.streamDuration, streamID) + + s.nodeFrequency[node.Id] -= 1 + if s.nodeFrequency[node.Id] <= 0 { + delete(s.nodeFrequency, node.Id) + + // Only snapshots for nodes with active connections are updated, we need to clear + // the snapshot for this node so it doesn't get stale data when it reconnects. + s.ClearSnapshot(node.Id) + } } func (s *snapshotCache) OnStreamRequest(streamID int64, req *discoveryv3.DiscoveryRequest) error { @@ -196,6 +209,7 @@ func (s *snapshotCache) OnStreamRequest(streamID int64, req *discoveryv3.Discove } s.log.Debugf("First discovery request on stream %d, got nodeID %s", streamID, req.Node.Id) s.streamIDNodeInfo[streamID] = req.Node + s.nodeFrequency[req.Node.Id] += 1 } nodeID := s.streamIDNodeInfo[streamID].Id cluster := s.streamIDNodeInfo[streamID].Cluster @@ -286,6 +300,15 @@ func (s *snapshotCache) OnDeltaStreamClosed(streamID int64, node *corev3.Node) { delete(s.streamIDNodeInfo, streamID) delete(s.deltaStreamDuration, streamID) + + s.nodeFrequency[node.Id] -= 1 + if s.nodeFrequency[node.Id] <= 0 { + delete(s.nodeFrequency, node.Id) + + // Only snapshots for nodes with active connections are updated, we need to clear + // the snapshot for this node so it doesn't get stale data when it reconnects. + s.ClearSnapshot(node.Id) + } } func (s *snapshotCache) OnStreamDeltaRequest(streamID int64, req *discoveryv3.DeltaDiscoveryRequest) error { @@ -308,6 +331,7 @@ func (s *snapshotCache) OnStreamDeltaRequest(streamID int64, req *discoveryv3.De } s.log.Debugf("First incremental discovery request on stream %d, got nodeID %s", streamID, req.Node.Id) s.streamIDNodeInfo[streamID] = req.Node + s.nodeFrequency[req.Node.Id] += 1 } nodeID := s.streamIDNodeInfo[streamID].Id cluster := s.streamIDNodeInfo[streamID].Cluster diff --git a/test/e2e/tests/backend_dualstack.go b/test/e2e/tests/backend_dualstack.go index 63d23f6934..49a3ade88b 100644 --- a/test/e2e/tests/backend_dualstack.go +++ b/test/e2e/tests/backend_dualstack.go @@ -4,7 +4,6 @@ // the root of the repo. //go:build e2e -// +build e2e package tests diff --git a/test/e2e/tests/httproute_dualstack.go b/test/e2e/tests/httproute_dualstack.go index f765b08cd1..0c2e394e93 100644 --- a/test/e2e/tests/httproute_dualstack.go +++ b/test/e2e/tests/httproute_dualstack.go @@ -4,7 +4,6 @@ // the root of the repo. //go:build e2e -// +build e2e package tests diff --git a/test/e2e/tests/oidc-backendcluster.go b/test/e2e/tests/oidc-backendcluster.go index 475ac67b3e..0ad812e85b 100644 --- a/test/e2e/tests/oidc-backendcluster.go +++ b/test/e2e/tests/oidc-backendcluster.go @@ -4,7 +4,6 @@ // the root of the repo. //go:build e2e -// +build e2e package tests diff --git a/tools/hack/reclaim-storage.sh b/tools/hack/reclaim-storage.sh index 8747de1307..0a7b8638f9 100644 --- a/tools/hack/reclaim-storage.sh +++ b/tools/hack/reclaim-storage.sh @@ -7,6 +7,7 @@ log "Initial disk usage:" df -h || true # Remove large, unused language/tool runtimes +# To figure out what to remove. We can SSH into the GitHub Actions runner using: https://github.com/mxschmitt/action-tmate and then run: df -h TO_DELETE=( /usr/local/lib/android /usr/share/dotnet