mirror of
				https://github.com/1Password/onepassword-operator.git
				synced 2025-10-26 17:30:47 +00:00 
			
		
		
		
	 eda5612827
			
		
	
	eda5612827
	
	
	
		
			
			This does the following updates: * Upgrade to Operator SDK v1.34.1. This fixes building multi-arch images from Makefile. Check this MR from operator-framework for details. * Update Go dependencies. This addresses Dependabot alert ["Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON"](https://github.com/1Password/onepassword-operator/security/dependabot/13). * Update versions of the GitHub Actions used in the pipelines. * Update Kubernetes related tools (such as controller-tools version, and operator-sdk for ci pipelines) By updating dependencies, the pipelines no longer fail due to a panic error when running `make test`.
		
			
				
	
	
		
			177 lines
		
	
	
		
			5.9 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			177 lines
		
	
	
		
			5.9 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright 2015 go-swagger maintainers
 | |
| //
 | |
| // Licensed under the Apache License, Version 2.0 (the "License");
 | |
| // you may not use this file except in compliance with the License.
 | |
| // You may obtain a copy of the License at
 | |
| //
 | |
| //    http://www.apache.org/licenses/LICENSE-2.0
 | |
| //
 | |
| // Unless required by applicable law or agreed to in writing, software
 | |
| // distributed under the License is distributed on an "AS IS" BASIS,
 | |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 | |
| // See the License for the specific language governing permissions and
 | |
| // limitations under the License.
 | |
| 
 | |
| package swag
 | |
| 
 | |
| import (
 | |
| 	"fmt"
 | |
| 	"io"
 | |
| 	"log"
 | |
| 	"net/http"
 | |
| 	"net/url"
 | |
| 	"os"
 | |
| 	"path"
 | |
| 	"path/filepath"
 | |
| 	"runtime"
 | |
| 	"strings"
 | |
| 	"time"
 | |
| )
 | |
| 
 | |
| // LoadHTTPTimeout the default timeout for load requests
 | |
| var LoadHTTPTimeout = 30 * time.Second
 | |
| 
 | |
| // LoadHTTPBasicAuthUsername the username to use when load requests require basic auth
 | |
| var LoadHTTPBasicAuthUsername = ""
 | |
| 
 | |
| // LoadHTTPBasicAuthPassword the password to use when load requests require basic auth
 | |
| var LoadHTTPBasicAuthPassword = ""
 | |
| 
 | |
| // LoadHTTPCustomHeaders an optional collection of custom HTTP headers for load requests
 | |
| var LoadHTTPCustomHeaders = map[string]string{}
 | |
| 
 | |
| // LoadFromFileOrHTTP loads the bytes from a file or a remote http server based on the path passed in
 | |
| func LoadFromFileOrHTTP(pth string) ([]byte, error) {
 | |
| 	return LoadStrategy(pth, os.ReadFile, loadHTTPBytes(LoadHTTPTimeout))(pth)
 | |
| }
 | |
| 
 | |
| // LoadFromFileOrHTTPWithTimeout loads the bytes from a file or a remote http server based on the path passed in
 | |
| // timeout arg allows for per request overriding of the request timeout
 | |
| func LoadFromFileOrHTTPWithTimeout(pth string, timeout time.Duration) ([]byte, error) {
 | |
| 	return LoadStrategy(pth, os.ReadFile, loadHTTPBytes(timeout))(pth)
 | |
| }
 | |
| 
 | |
| // LoadStrategy returns a loader function for a given path or URI.
 | |
| //
 | |
| // The load strategy returns the remote load for any path starting with `http`.
 | |
| // So this works for any URI with a scheme `http` or `https`.
 | |
| //
 | |
| // The fallback strategy is to call the local loader.
 | |
| //
 | |
| // The local loader takes a local file system path (absolute or relative) as argument,
 | |
| // or alternatively a `file://...` URI, **without host** (see also below for windows).
 | |
| //
 | |
| // There are a few liberalities, initially intended to be tolerant regarding the URI syntax,
 | |
| // especially on windows.
 | |
| //
 | |
| // Before the local loader is called, the given path is transformed:
 | |
| //   - percent-encoded characters are unescaped
 | |
| //   - simple paths (e.g. `./folder/file`) are passed as-is
 | |
| //   - on windows, occurrences of `/` are replaced by `\`, so providing a relative path such a `folder/file` works too.
 | |
| //
 | |
| // For paths provided as URIs with the "file" scheme, please note that:
 | |
| //   - `file://` is simply stripped.
 | |
| //     This means that the host part of the URI is not parsed at all.
 | |
| //     For example, `file:///folder/file" becomes "/folder/file`,
 | |
| //     but `file://localhost/folder/file` becomes `localhost/folder/file` on unix systems.
 | |
| //     Similarly, `file://./folder/file` yields `./folder/file`.
 | |
| //   - on windows, `file://...` can take a host so as to specify an UNC share location.
 | |
| //
 | |
| // Reminder about windows-specifics:
 | |
| // - `file://host/folder/file` becomes an UNC path like `\\host\folder\file` (no port specification is supported)
 | |
| // - `file:///c:/folder/file` becomes `C:\folder\file`
 | |
| // - `file://c:/folder/file` is tolerated (without leading `/`) and becomes `c:\folder\file`
 | |
| func LoadStrategy(pth string, local, remote func(string) ([]byte, error)) func(string) ([]byte, error) {
 | |
| 	if strings.HasPrefix(pth, "http") {
 | |
| 		return remote
 | |
| 	}
 | |
| 
 | |
| 	return func(p string) ([]byte, error) {
 | |
| 		upth, err := url.PathUnescape(p)
 | |
| 		if err != nil {
 | |
| 			return nil, err
 | |
| 		}
 | |
| 
 | |
| 		if !strings.HasPrefix(p, `file://`) {
 | |
| 			// regular file path provided: just normalize slashes
 | |
| 			return local(filepath.FromSlash(upth))
 | |
| 		}
 | |
| 
 | |
| 		if runtime.GOOS != "windows" {
 | |
| 			// crude processing: this leaves full URIs with a host with a (mostly) unexpected result
 | |
| 			upth = strings.TrimPrefix(upth, `file://`)
 | |
| 
 | |
| 			return local(filepath.FromSlash(upth))
 | |
| 		}
 | |
| 
 | |
| 		// windows-only pre-processing of file://... URIs
 | |
| 
 | |
| 		// support for canonical file URIs on windows.
 | |
| 		u, err := url.Parse(filepath.ToSlash(upth))
 | |
| 		if err != nil {
 | |
| 			return nil, err
 | |
| 		}
 | |
| 
 | |
| 		if u.Host != "" {
 | |
| 			// assume UNC name (volume share)
 | |
| 			// NOTE: UNC port not yet supported
 | |
| 
 | |
| 			// when the "host" segment is a drive letter:
 | |
| 			// file://C:/folder/... => C:\folder
 | |
| 			upth = path.Clean(strings.Join([]string{u.Host, u.Path}, `/`))
 | |
| 			if !strings.HasSuffix(u.Host, ":") && u.Host[0] != '.' {
 | |
| 				// tolerance: if we have a leading dot, this can't be a host
 | |
| 				// file://host/share/folder\... ==> \\host\share\path\folder
 | |
| 				upth = "//" + upth
 | |
| 			}
 | |
| 		} else {
 | |
| 			// no host, let's figure out if this is a drive letter
 | |
| 			upth = strings.TrimPrefix(upth, `file://`)
 | |
| 			first, _, _ := strings.Cut(strings.TrimPrefix(u.Path, "/"), "/")
 | |
| 			if strings.HasSuffix(first, ":") {
 | |
| 				// drive letter in the first segment:
 | |
| 				// file:///c:/folder/... ==> strip the leading slash
 | |
| 				upth = strings.TrimPrefix(upth, `/`)
 | |
| 			}
 | |
| 		}
 | |
| 
 | |
| 		return local(filepath.FromSlash(upth))
 | |
| 	}
 | |
| }
 | |
| 
 | |
| func loadHTTPBytes(timeout time.Duration) func(path string) ([]byte, error) {
 | |
| 	return func(path string) ([]byte, error) {
 | |
| 		client := &http.Client{Timeout: timeout}
 | |
| 		req, err := http.NewRequest(http.MethodGet, path, nil) //nolint:noctx
 | |
| 		if err != nil {
 | |
| 			return nil, err
 | |
| 		}
 | |
| 
 | |
| 		if LoadHTTPBasicAuthUsername != "" && LoadHTTPBasicAuthPassword != "" {
 | |
| 			req.SetBasicAuth(LoadHTTPBasicAuthUsername, LoadHTTPBasicAuthPassword)
 | |
| 		}
 | |
| 
 | |
| 		for key, val := range LoadHTTPCustomHeaders {
 | |
| 			req.Header.Set(key, val)
 | |
| 		}
 | |
| 
 | |
| 		resp, err := client.Do(req)
 | |
| 		defer func() {
 | |
| 			if resp != nil {
 | |
| 				if e := resp.Body.Close(); e != nil {
 | |
| 					log.Println(e)
 | |
| 				}
 | |
| 			}
 | |
| 		}()
 | |
| 		if err != nil {
 | |
| 			return nil, err
 | |
| 		}
 | |
| 
 | |
| 		if resp.StatusCode != http.StatusOK {
 | |
| 			return nil, fmt.Errorf("could not access document at %q [%s] ", path, resp.Status)
 | |
| 		}
 | |
| 
 | |
| 		return io.ReadAll(resp.Body)
 | |
| 	}
 | |
| }
 |