From 5b24b23608f56ac5516d68dae18b9bcfa92916b0 Mon Sep 17 00:00:00 2001 From: llDrLove Date: Thu, 20 Jun 2024 12:11:05 -0400 Subject: [PATCH] Add optional flags for DOKS control plane firewall feature (#1540) * Add control plane permission flags * Check if flag is set * Update godo to v0.118.0 and update control plane firewall structs * Fix LBs tests --------- Co-authored-by: Oliver Love --- args.go | 4 ++ commands/kubernetes.go | 66 ++++++++++++++++++- commands/kubernetes_test.go | 40 ++++++++++- go.mod | 2 +- go.sum | 4 +- integration/glb_create_test.go | 4 +- integration/glb_update_test.go | 4 +- integration/lb_create_test.go | 8 +-- integration/lb_get_test.go | 4 +- integration/lb_list_test.go | 6 +- integration/projects_resources_get_test.go | 4 +- .../github.com/digitalocean/godo/CHANGELOG.md | 7 ++ vendor/github.com/digitalocean/godo/godo.go | 2 +- .../digitalocean/godo/kubernetes.go | 34 +++++----- .../digitalocean/godo/load_balancers.go | 1 + vendor/modules.txt | 2 +- 16 files changed, 150 insertions(+), 42 deletions(-) diff --git a/args.go b/args.go index 7570f6456..fda546cc8 100644 --- a/args.go +++ b/args.go @@ -92,6 +92,10 @@ const ( ArgAutoUpgrade = "auto-upgrade" // ArgHA is a cluster's highly available control plane argument. ArgHA = "ha" + // ArgEnableControlPlaneFirewall enable control plane firewall. + ArgEnableControlPlaneFirewall = "enable-control-plane-firewall" + // ArgControlPlaneFirewallAllowedAddresses list of allowed addresses that can access the control plane. + ArgControlPlaneFirewallAllowedAddresses = "control-plane-firewall-allowed-addresses" // ArgSurgeUpgrade is a cluster's surge-upgrade argument. ArgSurgeUpgrade = "surge-upgrade" // ArgCommandUpsert is an upsert for a resource to be created or updated argument. diff --git a/commands/kubernetes.go b/commands/kubernetes.go index 290d0d92c..095f1f54a 100644 --- a/commands/kubernetes.go +++ b/commands/kubernetes.go @@ -26,14 +26,15 @@ import ( "time" "github.com/blang/semver" - "github.com/digitalocean/doctl" - "github.com/digitalocean/doctl/commands/displayers" - "github.com/digitalocean/doctl/do" "github.com/digitalocean/godo" "github.com/google/uuid" "github.com/spf13/cobra" "github.com/spf13/viper" + "github.com/digitalocean/doctl" + "github.com/digitalocean/doctl/commands/displayers" + "github.com/digitalocean/doctl/do" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" kubeerrors "k8s.io/apimachinery/pkg/util/errors" clientauthentication "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1" @@ -282,6 +283,10 @@ After creating a cluster, a configuration context is added to kubectl and made a "Enables surge-upgrade for the cluster") AddBoolFlag(cmdKubeClusterCreate, doctl.ArgHA, "", false, "Creates the cluster with a highly-available control plane. Defaults to false. To enable the HA control plane, supply --ha=true.") + AddStringFlag(cmdKubeClusterCreate, doctl.ArgEnableControlPlaneFirewall, "", "", + "Creates the cluster with control plane firewall enabled. Defaults to false. To enable the control plane firewall, supply --enable-control-plane-firewall=true.") + AddStringSliceFlag(cmdKubeClusterCreate, doctl.ArgControlPlaneFirewallAllowedAddresses, "", nil, + "A comma-separated list of allowed addresses that can access the control plane.") AddStringSliceFlag(cmdKubeClusterCreate, doctl.ArgTag, "", nil, "A comma-separated list of `tags` to apply to the cluster, in addition to the default tags of `k8s` and `k8s:$K8S_CLUSTER_ID`.") AddStringFlag(cmdKubeClusterCreate, doctl.ArgSizeSlug, "", @@ -328,6 +333,10 @@ Updates the configuration values for a Kubernetes cluster. The cluster must be r "Enables surge-upgrade for the cluster") AddBoolFlag(cmdKubeClusterUpdate, doctl.ArgHA, "", false, "Enables the highly-available control plane for the cluster") + AddStringFlag(cmdKubeClusterUpdate, doctl.ArgEnableControlPlaneFirewall, "", "", + "Creates the cluster with control plane firewall enabled. Defaults to false. To enable the control plane firewall, supply --enable-control-plane-firewall=true.") + AddStringSliceFlag(cmdKubeClusterUpdate, doctl.ArgControlPlaneFirewallAllowedAddresses, "", nil, + "A comma-separated list of allowed addresses that can access the control plane.") AddBoolFlag(cmdKubeClusterUpdate, doctl.ArgClusterUpdateKubeconfig, "", true, "Updates the cluster in your kubeconfig") AddBoolFlag(cmdKubeClusterUpdate, doctl.ArgSetCurrentContext, "", true, @@ -1648,6 +1657,31 @@ func buildClusterCreateRequestFromArgs(c *CmdConfig, r *godo.KubernetesClusterCr } r.HA = ha + enableControlPlaneFirewall, err := c.Doit.GetString(c.NS, doctl.ArgEnableControlPlaneFirewall) + if err != nil { + return err + } + if enableControlPlaneFirewall != "" { + enableControlPlaneFirewallBool, err := strconv.ParseBool(enableControlPlaneFirewall) + if err != nil { + return err + } + r.ControlPlaneFirewall = &godo.KubernetesControlPlaneFirewall{ + Enabled: &enableControlPlaneFirewallBool, + } + } + + controlPlaneFirewallAllowedAddresses, isSet, err := c.Doit.GetStringSliceIsFlagSet(c.NS, doctl.ArgControlPlaneFirewallAllowedAddresses) + if err != nil { + return err + } + if isSet { + if r.ControlPlaneFirewall == nil { + r.ControlPlaneFirewall = &godo.KubernetesControlPlaneFirewall{} + } + r.ControlPlaneFirewall.AllowedAddresses = controlPlaneFirewallAllowedAddresses + } + tags, err := c.Doit.GetStringSlice(c.NS, doctl.ArgTag) if err != nil { return err @@ -1737,6 +1771,32 @@ func buildClusterUpdateRequestFromArgs(c *CmdConfig, r *godo.KubernetesClusterUp return err } r.HA = ha + + enableControlPlaneFirewall, err := c.Doit.GetString(c.NS, doctl.ArgEnableControlPlaneFirewall) + if err != nil { + return err + } + if enableControlPlaneFirewall != "" { + enableControlPlaneFirewallBool, err := strconv.ParseBool(enableControlPlaneFirewall) + if err != nil { + return err + } + r.ControlPlaneFirewall = &godo.KubernetesControlPlaneFirewall{ + Enabled: &enableControlPlaneFirewallBool, + } + } + + controlPlaneFirewallAllowedAddresses, isSet, err := c.Doit.GetStringSliceIsFlagSet(c.NS, doctl.ArgControlPlaneFirewallAllowedAddresses) + if err != nil { + return err + } + if isSet { + if r.ControlPlaneFirewall == nil { + r.ControlPlaneFirewall = &godo.KubernetesControlPlaneFirewall{} + } + r.ControlPlaneFirewall.AllowedAddresses = controlPlaneFirewallAllowedAddresses + } + return nil } diff --git a/commands/kubernetes_test.go b/commands/kubernetes_test.go index 73f960e79..d20b4cf01 100644 --- a/commands/kubernetes_test.go +++ b/commands/kubernetes_test.go @@ -5,13 +5,14 @@ import ( "sort" "testing" - "github.com/digitalocean/doctl" - "github.com/digitalocean/doctl/do" "github.com/digitalocean/godo" "github.com/google/uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" clientcmdapi "k8s.io/client-go/tools/clientcmd/api" + + "github.com/digitalocean/doctl" + "github.com/digitalocean/doctl/do" ) var ( @@ -30,6 +31,13 @@ var ( }, AutoUpgrade: true, HA: true, + ControlPlaneFirewall: &godo.KubernetesControlPlaneFirewall{ + Enabled: boolPtr(true), + AllowedAddresses: []string{ + "1.2.3.4", + "4.3.2.1/32", + }, + }, }, } @@ -497,6 +505,13 @@ func TestKubernetesCreate(t *testing.T) { }, AutoUpgrade: true, HA: true, + ControlPlaneFirewall: &godo.KubernetesControlPlaneFirewall{ + Enabled: boolPtr(true), + AllowedAddresses: []string{ + "1.2.3.4", + "4.3.2.1/32", + }, + }, } tm.kubernetes.EXPECT().Create(&r).Return(&testCluster, nil) @@ -517,6 +532,9 @@ func TestKubernetesCreate(t *testing.T) { config.Doit.Set(config.NS, doctl.ArgAutoUpgrade, testCluster.AutoUpgrade) config.Doit.Set(config.NS, doctl.ArgHA, testCluster.HA) + config.Doit.Set(config.NS, doctl.ArgEnableControlPlaneFirewall, testCluster.ControlPlaneFirewall.Enabled) + config.Doit.Set(config.NS, doctl.ArgControlPlaneFirewallAllowedAddresses, testCluster.ControlPlaneFirewall.AllowedAddresses) + // Test with no vpc-uuid specified err := testK8sCmdService().RunKubernetesClusterCreate("c-8", 3)(config) assert.NoError(t, err) @@ -550,6 +568,13 @@ func TestKubernetesUpdate(t *testing.T) { }, AutoUpgrade: boolPtr(false), HA: boolPtr(true), + ControlPlaneFirewall: &godo.KubernetesControlPlaneFirewall{ + Enabled: boolPtr(true), + AllowedAddresses: []string{ + "1.2.3.4", + "4.3.2.1/32", + }, + }, } tm.kubernetes.EXPECT().Update(testCluster.ID, &r).Return(&testCluster, nil) @@ -559,6 +584,8 @@ func TestKubernetesUpdate(t *testing.T) { config.Doit.Set(config.NS, doctl.ArgMaintenanceWindow, "any=00:00") config.Doit.Set(config.NS, doctl.ArgAutoUpgrade, false) config.Doit.Set(config.NS, doctl.ArgHA, true) + config.Doit.Set(config.NS, doctl.ArgEnableControlPlaneFirewall, testCluster.ControlPlaneFirewall.Enabled) + config.Doit.Set(config.NS, doctl.ArgControlPlaneFirewallAllowedAddresses, testCluster.ControlPlaneFirewall.AllowedAddresses) err := testK8sCmdService().RunKubernetesClusterUpdate(config) assert.NoError(t, err) @@ -574,6 +601,13 @@ func TestKubernetesUpdate(t *testing.T) { Day: godo.KubernetesMaintenanceDayAny, }, AutoUpgrade: boolPtr(false), + ControlPlaneFirewall: &godo.KubernetesControlPlaneFirewall{ + Enabled: boolPtr(true), + AllowedAddresses: []string{ + "1.2.3.4", + "4.3.2.1/32", + }, + }, } tm.kubernetes.EXPECT().List().Return(testClusterList, nil) tm.kubernetes.EXPECT().Update(testCluster.ID, &r).Return(&testCluster, nil) @@ -583,6 +617,8 @@ func TestKubernetesUpdate(t *testing.T) { config.Doit.Set(config.NS, doctl.ArgTag, testCluster.Tags) config.Doit.Set(config.NS, doctl.ArgMaintenanceWindow, "any=00:00") config.Doit.Set(config.NS, doctl.ArgAutoUpgrade, false) + config.Doit.Set(config.NS, doctl.ArgEnableControlPlaneFirewall, testCluster.ControlPlaneFirewall.Enabled) + config.Doit.Set(config.NS, doctl.ArgControlPlaneFirewallAllowedAddresses, testCluster.ControlPlaneFirewall.AllowedAddresses) err := testK8sCmdService().RunKubernetesClusterUpdate(config) assert.NoError(t, err) diff --git a/go.mod b/go.mod index 21cb12254..3ef4ccf51 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.21 require ( github.com/blang/semver v3.5.1+incompatible github.com/creack/pty v1.1.21 - github.com/digitalocean/godo v1.117.0 + github.com/digitalocean/godo v1.118.0 github.com/docker/cli v24.0.5+incompatible github.com/docker/docker v24.0.9+incompatible github.com/docker/docker-credential-helpers v0.7.0 // indirect diff --git a/go.sum b/go.sum index e054f3bab..9568631af 100644 --- a/go.sum +++ b/go.sum @@ -87,8 +87,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/digitalocean/godo v1.117.0 h1:WVlTe09melDYTd7VCVyvHcNWbgB+uI1O115+5LOtdSw= -github.com/digitalocean/godo v1.117.0/go.mod h1:Vk0vpCot2HOAJwc5WE8wljZGtJ3ZtWIc8MQ8rF38sdo= +github.com/digitalocean/godo v1.118.0 h1:lkzGFQmACrVCp7UqH1sAi4JK/PWwlc5aaxubgorKmC4= +github.com/digitalocean/godo v1.118.0/go.mod h1:Vk0vpCot2HOAJwc5WE8wljZGtJ3ZtWIc8MQ8rF38sdo= github.com/docker/cli v24.0.5+incompatible h1:WeBimjvS0eKdH4Ygx+ihVq1Q++xg36M/rMi4aXAvodc= github.com/docker/cli v24.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= diff --git a/integration/glb_create_test.go b/integration/glb_create_test.go index ffad32197..12d8411f2 100644 --- a/integration/glb_create_test.go +++ b/integration/glb_create_test.go @@ -178,7 +178,7 @@ const ( }` glbCreateOutput = ` Notice: Load balancer created -ID IP Name Status Created At Region Size Size Unit VPC UUID Tag Droplet IDs SSL Sticky Sessions Health Check Forwarding Rules Disable Lets Encrypt DNS Records -cf9f1aa1-e1f8-4f3a-ad71-124c45e204b8 my-glb-name new 2024-04-09T16:10:11Z lb-small 1 false type:none,cookie_name:,cookie_ttl_seconds:0 protocol:http,port:80,path:/,check_interval_seconds:10,response_timeout_seconds:5,healthy_threshold:5,unhealthy_threshold:3 false +ID IP Name Status Created At Region Size Size Unit VPC UUID Tag Droplet IDs SSL Sticky Sessions Health Check Forwarding Rules Disable Lets Encrypt DNS Records +cf9f1aa1-e1f8-4f3a-ad71-124c45e204b8 my-glb-name new 2024-04-09T16:10:11Z lb-small 1 false type:none,cookie_name:,cookie_ttl_seconds:0 protocol:http,port:80,path:/,check_interval_seconds:10,response_timeout_seconds:5,healthy_threshold:5,unhealthy_threshold:3,proxy_protocol: false ` ) diff --git a/integration/glb_update_test.go b/integration/glb_update_test.go index 19cf60cac..429bf39e4 100644 --- a/integration/glb_update_test.go +++ b/integration/glb_update_test.go @@ -174,6 +174,6 @@ const ( } }` glbUpdateOutput = ` -ID IP Name Status Created At Region Size Size Unit VPC UUID Tag Droplet IDs SSL Sticky Sessions Health Check Forwarding Rules Disable Lets Encrypt DNS Records -updated-lb-id my-glb-name new 2024-04-09T16:10:11Z lb-small 1 false type:none,cookie_name:,cookie_ttl_seconds:0 protocol:http,port:80,path:/,check_interval_seconds:10,response_timeout_seconds:5,healthy_threshold:5,unhealthy_threshold:3 false` +ID IP Name Status Created At Region Size Size Unit VPC UUID Tag Droplet IDs SSL Sticky Sessions Health Check Forwarding Rules Disable Lets Encrypt DNS Records +updated-lb-id my-glb-name new 2024-04-09T16:10:11Z lb-small 1 false type:none,cookie_name:,cookie_ttl_seconds:0 protocol:http,port:80,path:/,check_interval_seconds:10,response_timeout_seconds:5,healthy_threshold:5,unhealthy_threshold:3,proxy_protocol: false` ) diff --git a/integration/lb_create_test.go b/integration/lb_create_test.go index 3fb54f829..b2dcd1179 100644 --- a/integration/lb_create_test.go +++ b/integration/lb_create_test.go @@ -127,15 +127,15 @@ var _ = suite("compute/load-balancer/create", func(t *testing.T, when spec.G, it const ( lbCreateOutput = ` Notice: Load balancer created -ID IP Name Status Created At Region Size Size Unit VPC UUID Tag Droplet IDs SSL Sticky Sessions Health Check Forwarding Rules Disable Lets Encrypt DNS Records -4de7ac8b-495b-4884-9a69-1050c6793cd6 example-lb-01 new 2017-02-01T22:22:58Z nyc3 lb-small 00000000-0000-4000-8000-000000000000 3164444,3164445 true type:none,cookie_name:,cookie_ttl_seconds:0 protocol:,port:0,path:,check_interval_seconds:0,response_timeout_seconds:0,healthy_threshold:0,unhealthy_threshold:0 true +ID IP Name Status Created At Region Size Size Unit VPC UUID Tag Droplet IDs SSL Sticky Sessions Health Check Forwarding Rules Disable Lets Encrypt DNS Records +4de7ac8b-495b-4884-9a69-1050c6793cd6 example-lb-01 new 2017-02-01T22:22:58Z nyc3 lb-small 00000000-0000-4000-8000-000000000000 3164444,3164445 true type:none,cookie_name:,cookie_ttl_seconds:0 protocol:,port:0,path:,check_interval_seconds:0,response_timeout_seconds:0,healthy_threshold:0,unhealthy_threshold:0,proxy_protocol: true ` lbWaitCreateOutput = ` Notice: Load balancer creation is in progress, waiting for load balancer to become active Notice: Load balancer created -ID IP Name Status Created At Region Size Size Unit VPC UUID Tag Droplet IDs SSL Sticky Sessions Health Check Forwarding Rules Disable Lets Encrypt DNS Records -4de7ac8b-495b-4884-9a69-1050c6793cd6 example-lb-01 active 2017-02-01T22:22:58Z nyc3 lb-small 00000000-0000-4000-8000-000000000000 3164444,3164445 true type:none,cookie_name:,cookie_ttl_seconds:0 protocol:,port:0,path:,check_interval_seconds:0,response_timeout_seconds:0,healthy_threshold:0,unhealthy_threshold:0 true +ID IP Name Status Created At Region Size Size Unit VPC UUID Tag Droplet IDs SSL Sticky Sessions Health Check Forwarding Rules Disable Lets Encrypt DNS Records +4de7ac8b-495b-4884-9a69-1050c6793cd6 example-lb-01 active 2017-02-01T22:22:58Z nyc3 lb-small 00000000-0000-4000-8000-000000000000 3164444,3164445 true type:none,cookie_name:,cookie_ttl_seconds:0 protocol:,port:0,path:,check_interval_seconds:0,response_timeout_seconds:0,healthy_threshold:0,unhealthy_threshold:0,proxy_protocol: true ` lbCreateResponse = ` diff --git a/integration/lb_get_test.go b/integration/lb_get_test.go index 8c31e4f44..9bdae84a8 100644 --- a/integration/lb_get_test.go +++ b/integration/lb_get_test.go @@ -86,8 +86,8 @@ var _ = suite("compute/load-balancer/get", func(t *testing.T, when spec.G, it sp const ( lbGetOutput = ` -ID IP Name Status Created At Region Size Size Unit VPC UUID Tag Droplet IDs SSL Sticky Sessions Health Check Forwarding Rules Disable Lets Encrypt DNS Records -find-lb-id 104.131.186.241 example-lb-01 new 2017-02-01T22:22:58Z nyc3 lb-small 00000000-0000-4000-8000-000000000000 3164445 false type:none,cookie_name:,cookie_ttl_seconds:0 protocol:,port:0,path:,check_interval_seconds:0,response_timeout_seconds:0,healthy_threshold:0,unhealthy_threshold:0 false +ID IP Name Status Created At Region Size Size Unit VPC UUID Tag Droplet IDs SSL Sticky Sessions Health Check Forwarding Rules Disable Lets Encrypt DNS Records +find-lb-id 104.131.186.241 example-lb-01 new 2017-02-01T22:22:58Z nyc3 lb-small 00000000-0000-4000-8000-000000000000 3164445 false type:none,cookie_name:,cookie_ttl_seconds:0 protocol:,port:0,path:,check_interval_seconds:0,response_timeout_seconds:0,healthy_threshold:0,unhealthy_threshold:0,proxy_protocol: false ` lbGetResponse = ` { diff --git a/integration/lb_list_test.go b/integration/lb_list_test.go index c74190e11..18469e025 100644 --- a/integration/lb_list_test.go +++ b/integration/lb_list_test.go @@ -80,9 +80,9 @@ var _ = suite("compute/load-balancer/list", func(t *testing.T, when spec.G, it s const ( lbListOutput = ` -ID IP Name Status Created At Region Size Size Unit VPC UUID Tag Droplet IDs SSL Sticky Sessions Health Check Forwarding Rules Disable Lets Encrypt DNS Records -lb-one 104.131.186.241 example-lb-01 new 2017-02-01T22:22:58Z venus3 lb-small 00000000-0000-4000-8000-000000000000 3164444 false type:none,cookie_name:,cookie_ttl_seconds:0 protocol:http,port:80,path:/,check_interval_seconds:10,response_timeout_seconds:5,healthy_threshold:5,unhealthy_threshold:3 entry_protocol:http,entry_port:80,target_protocol:http,target_port:80,certificate_id:,tls_passthrough:false true -lb-two 104.131.188.204 example-lb-02 new 2017-02-01T20:44:58Z mars1 lb-medium 00000000-0000-4000-8000-000000000000 3164445 false type:none,cookie_name:,cookie_ttl_seconds:0 protocol:http,port:80,path:/,check_interval_seconds:10,response_timeout_seconds:5,healthy_threshold:5,unhealthy_threshold:3 entry_protocol:http,entry_port:80,target_protocol:http,target_port:80,certificate_id:,tls_passthrough:false false +ID IP Name Status Created At Region Size Size Unit VPC UUID Tag Droplet IDs SSL Sticky Sessions Health Check Forwarding Rules Disable Lets Encrypt DNS Records +lb-one 104.131.186.241 example-lb-01 new 2017-02-01T22:22:58Z venus3 lb-small 00000000-0000-4000-8000-000000000000 3164444 false type:none,cookie_name:,cookie_ttl_seconds:0 protocol:http,port:80,path:/,check_interval_seconds:10,response_timeout_seconds:5,healthy_threshold:5,unhealthy_threshold:3,proxy_protocol: entry_protocol:http,entry_port:80,target_protocol:http,target_port:80,certificate_id:,tls_passthrough:false true +lb-two 104.131.188.204 example-lb-02 new 2017-02-01T20:44:58Z mars1 lb-medium 00000000-0000-4000-8000-000000000000 3164445 false type:none,cookie_name:,cookie_ttl_seconds:0 protocol:http,port:80,path:/,check_interval_seconds:10,response_timeout_seconds:5,healthy_threshold:5,unhealthy_threshold:3,proxy_protocol: entry_protocol:http,entry_port:80,target_protocol:http,target_port:80,certificate_id:,tls_passthrough:false false ` lbListResponse = ` { diff --git a/integration/projects_resources_get_test.go b/integration/projects_resources_get_test.go index 32b28d26c..84db1f1bc 100644 --- a/integration/projects_resources_get_test.go +++ b/integration/projects_resources_get_test.go @@ -261,8 +261,8 @@ IP Region Droplet ID Droplet Name Project ID } ` projectsResourcesGetLoadbalancerOutput = ` -ID IP Name Status Created At Region Size Size Unit VPC UUID Tag Droplet IDs SSL Sticky Sessions Health Check Forwarding Rules Disable Lets Encrypt DNS Records -4de7ac8b-495b-4884-9a69-1050c6793cd6 104.131.186.241 example-lb-01 new 2017-02-01T22:22:58Z nyc3 lb-small 00000000-0000-4000-8000-000000000000 3164445 false type:none,cookie_name:,cookie_ttl_seconds:0 protocol:,port:0,path:,check_interval_seconds:0,response_timeout_seconds:0,healthy_threshold:0,unhealthy_threshold:0 entry_protocol:https,entry_port:444,target_protocol:https,target_port:443,certificate_id:,tls_passthrough:true false +ID IP Name Status Created At Region Size Size Unit VPC UUID Tag Droplet IDs SSL Sticky Sessions Health Check Forwarding Rules Disable Lets Encrypt DNS Records +4de7ac8b-495b-4884-9a69-1050c6793cd6 104.131.186.241 example-lb-01 new 2017-02-01T22:22:58Z nyc3 lb-small 00000000-0000-4000-8000-000000000000 3164445 false type:none,cookie_name:,cookie_ttl_seconds:0 protocol:,port:0,path:,check_interval_seconds:0,response_timeout_seconds:0,healthy_threshold:0,unhealthy_threshold:0,proxy_protocol: entry_protocol:https,entry_port:444,target_protocol:https,target_port:443,certificate_id:,tls_passthrough:true false ` projectsResourcesGetLoadbalancerResponse = ` { diff --git a/vendor/github.com/digitalocean/godo/CHANGELOG.md b/vendor/github.com/digitalocean/godo/CHANGELOG.md index ce940ccbf..331dadb9a 100644 --- a/vendor/github.com/digitalocean/godo/CHANGELOG.md +++ b/vendor/github.com/digitalocean/godo/CHANGELOG.md @@ -1,5 +1,12 @@ # Change Log +## [v1.118.0] - 2024-06-04 + +**Note**: This release contains features in closed beta (#700). + +- #701 - @llDrLove - Rename control plane permission to control plane firewall +- #700 - @bbassingthwaite - Add ProxyProtocol to LoadBalancer HealthCheck + ## [v1.117.0] - 2024-06-04 - #696 - @llDrLove - Support specifying control plane firewall rules when creating or updating DOKS clusters diff --git a/vendor/github.com/digitalocean/godo/godo.go b/vendor/github.com/digitalocean/godo/godo.go index c16aac430..6d69ece72 100644 --- a/vendor/github.com/digitalocean/godo/godo.go +++ b/vendor/github.com/digitalocean/godo/godo.go @@ -21,7 +21,7 @@ import ( ) const ( - libraryVersion = "1.117.0" + libraryVersion = "1.118.0" defaultBaseURL = "https://api.digitalocean.com/" userAgent = "godo/" + libraryVersion mediaType = "application/json" diff --git a/vendor/github.com/digitalocean/godo/kubernetes.go b/vendor/github.com/digitalocean/godo/kubernetes.go index e275fa108..8ef9d241e 100644 --- a/vendor/github.com/digitalocean/godo/kubernetes.go +++ b/vendor/github.com/digitalocean/godo/kubernetes.go @@ -76,20 +76,20 @@ type KubernetesClusterCreateRequest struct { NodePools []*KubernetesNodePoolCreateRequest `json:"node_pools,omitempty"` - MaintenancePolicy *KubernetesMaintenancePolicy `json:"maintenance_policy"` - AutoUpgrade bool `json:"auto_upgrade"` - SurgeUpgrade bool `json:"surge_upgrade"` - ControlPlanePermission *KubernetesControlPlanePermission `json:"control_plane_permission,omitempty"` + MaintenancePolicy *KubernetesMaintenancePolicy `json:"maintenance_policy"` + AutoUpgrade bool `json:"auto_upgrade"` + SurgeUpgrade bool `json:"surge_upgrade"` + ControlPlaneFirewall *KubernetesControlPlaneFirewall `json:"control_plane_firewall,omitempty"` } // KubernetesClusterUpdateRequest represents a request to update a Kubernetes cluster. type KubernetesClusterUpdateRequest struct { - Name string `json:"name,omitempty"` - Tags []string `json:"tags,omitempty"` - MaintenancePolicy *KubernetesMaintenancePolicy `json:"maintenance_policy,omitempty"` - AutoUpgrade *bool `json:"auto_upgrade,omitempty"` - SurgeUpgrade bool `json:"surge_upgrade,omitempty"` - ControlPlanePermission *KubernetesControlPlanePermission `json:"control_plane_permission,omitempty"` + Name string `json:"name,omitempty"` + Tags []string `json:"tags,omitempty"` + MaintenancePolicy *KubernetesMaintenancePolicy `json:"maintenance_policy,omitempty"` + AutoUpgrade *bool `json:"auto_upgrade,omitempty"` + SurgeUpgrade bool `json:"surge_upgrade,omitempty"` + ControlPlaneFirewall *KubernetesControlPlaneFirewall `json:"control_plane_firewall,omitempty"` // Convert cluster to run highly available control plane HA *bool `json:"ha,omitempty"` @@ -203,11 +203,11 @@ type KubernetesCluster struct { NodePools []*KubernetesNodePool `json:"node_pools,omitempty"` - MaintenancePolicy *KubernetesMaintenancePolicy `json:"maintenance_policy,omitempty"` - AutoUpgrade bool `json:"auto_upgrade,omitempty"` - SurgeUpgrade bool `json:"surge_upgrade,omitempty"` - RegistryEnabled bool `json:"registry_enabled,omitempty"` - ControlPlanePermission *KubernetesControlPlanePermission `json:"control_plane_permission,omitempty"` + MaintenancePolicy *KubernetesMaintenancePolicy `json:"maintenance_policy,omitempty"` + AutoUpgrade bool `json:"auto_upgrade,omitempty"` + SurgeUpgrade bool `json:"surge_upgrade,omitempty"` + RegistryEnabled bool `json:"registry_enabled,omitempty"` + ControlPlaneFirewall *KubernetesControlPlaneFirewall `json:"control_plane_firewall,omitempty"` Status *KubernetesClusterStatus `json:"status,omitempty"` CreatedAt time.Time `json:"created_at,omitempty"` @@ -243,8 +243,8 @@ type KubernetesMaintenancePolicy struct { Day KubernetesMaintenancePolicyDay `json:"day"` } -// KubernetesControlPlanePermission represents Kubernetes cluster control plane permission. -type KubernetesControlPlanePermission struct { +// KubernetesControlPlaneFirewall represents Kubernetes cluster control plane firewall. +type KubernetesControlPlaneFirewall struct { Enabled *bool `json:"enabled"` AllowedAddresses []string `json:"allowed_addresses"` } diff --git a/vendor/github.com/digitalocean/godo/load_balancers.go b/vendor/github.com/digitalocean/godo/load_balancers.go index 703aa8426..a24952b71 100644 --- a/vendor/github.com/digitalocean/godo/load_balancers.go +++ b/vendor/github.com/digitalocean/godo/load_balancers.go @@ -170,6 +170,7 @@ type HealthCheck struct { ResponseTimeoutSeconds int `json:"response_timeout_seconds,omitempty"` HealthyThreshold int `json:"healthy_threshold,omitempty"` UnhealthyThreshold int `json:"unhealthy_threshold,omitempty"` + ProxyProtocol *bool `json:"proxy_protocol,omitempty"` } // String creates a human-readable description of a HealthCheck. diff --git a/vendor/modules.txt b/vendor/modules.txt index 6aa34a484..3310f8441 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -58,7 +58,7 @@ github.com/creack/pty # github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc ## explicit github.com/davecgh/go-spew/spew -# github.com/digitalocean/godo v1.117.0 +# github.com/digitalocean/godo v1.118.0 ## explicit; go 1.20 github.com/digitalocean/godo github.com/digitalocean/godo/metrics