Skip to content

Test Event streaming #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dmcgowan wants to merge 13 commits into
base: main
Choose a base branch
from
Open

Test Event streaming #4

dmcgowan wants to merge 13 commits into from

Conversation

@dmcgowan
Copy link
Owner

@dmcgowan dmcgowan commented Mar 12, 2024

No description provided.

mxpv and others added 10 commits March 12, 2024 14:26
@mxpv @dmcgowan
Support event streaming in runc shim
140a377 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
@mxpv @dmcgowan
Subscribe to events stream
a983a5b 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
@mxpv @dmcgowan
Fix integration test
f4a6c8e 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
@mxpv @dmcgowan
Verify bootstrap params before streaming events from shim
fc2c7c7 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
@mxpv @dmcgowan
Restore event streamers after daemon restart
29b3c17 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
@mxpv @dmcgowan
Use namespaces when streaming events
abfa70d 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
@mxpv @dmcgowan
Close shim events stream on error
d07daea 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
@dmcgowan
Use events service for shim
b81bf82 
Signed-off-by: Derek McGowan <derek@mcg.dev>
@dmcgowan
Update shim to use ttrpc events service
2975661 
Signed-off-by: Derek McGowan <derek@mcg.dev>
@dmcgowan
Remove forwarding publisher plugin in shim
2d1c89f 
Signed-off-by: Derek McGowan <derek@mcg.dev>
@dmcgowan dmcgowan force-pushed the event_streaming branch 4 times, most recently from 990a684 to 5423aff Compare March 13, 2024 00:34
dmcgowan added 3 commits March 12, 2024 18:15
@dmcgowan
Simplify feature detection
0d895a2 
Signed-off-by: Derek McGowan <derek@mcg.dev>
@dmcgowan
Revert integration test change
c47f8e6 
Signed-off-by: Derek McGowan <derek@mcg.dev>
@dmcgowan
Test: Exclude actuated when on fork
b7733cd 
Signed-off-by: Derek McGowan <derek@mcg.dev>
dmcgowan pushed a commit that referenced this pull request Jun 25, 2024
@thaJeztah
[release/1.7] api: update github.com/containerd/ttrpc v1.2.5
2a6aa6d 
Update the dependency and the indirect golang.org/x/net version to align
with containerd 1.7 itself, and to prevent a vulnerability being detected.

This should not generally be an issue, as the API module is used by
containerd 1.7 and up, which already depend on a more current version of
these dependencies.

full diff: containerd/ttrpc@v1.2.3...v1.2.5

Before this:

    govulncheck ./...
    Scanning your code and 251 packages across 13 dependent modules for known vulnerabilities...

    === Symbol Results ===

    Vulnerability #1: GO-2024-2687
        HTTP/2 CONTINUATION flood in net/http
      More info: https://pkg.go.dev/vuln/GO-2024-2687
      Module: golang.org/x/net
        Found in: golang.org/x/net@v0.21.0
        Fixed in: golang.org/x/net@v0.23.0
        Example traces found:
          #1: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.ConnectionError.Error
          #2: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.ErrCode.String
          #3: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.FrameHeader.String
          #4: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.FrameType.String
          #5: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.Setting.String
          #6: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.SettingID.String
          #7: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.StreamError.Error
          #8: services/version/v1/version_grpc.pb.go:13:2: version.init calls status.init, which eventually calls http2.chunkWriter.Write
          containerd#9: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.connError.Error
          containerd#10: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.duplicatePseudoHeaderError.Error
          containerd#11: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.headerFieldNameError.Error
          containerd#12: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.headerFieldValueError.Error
          containerd#13: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.pseudoHeaderError.Error
          containerd#14: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.writeData.String

    Your code is affected by 1 vulnerability from 1 module.
    This scan also found 0 vulnerabilities in packages you import and 3
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.

After this:

    govulncheck ./...
    Scanning your code and 251 packages across 13 dependent modules for known vulnerabilities...

    === Symbol Results ===

    No vulnerabilities found.

    Your code is affected by 0 vulnerabilities.
    This scan also found 0 vulnerabilities in packages you import and 3
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
dmcgowan pushed a commit that referenced this pull request Jul 1, 2024
@thaJeztah
api: update github.com/containerd/ttrpc v1.2.5
cb38b1e 
Update the dependency and the indirect golang.org/x/net version to align
with containerd itself, and to prevent a vulnerability being detected.

We should keep the versions <= versions used by containerd 1.7 to prevent
forcing users of containerd 1.7 in combination with the latest version
of the API module from having to update all their dependencies, but
this update should likely be fine (and aligns with 1.7).

Before this:

    Scanning your code and 254 packages across 15 dependent modules for known vulnerabilities...

    === Symbol Results ===

    Vulnerability #1: GO-2024-2687
        HTTP/2 CONTINUATION flood in net/http
      More info: https://pkg.go.dev/vuln/GO-2024-2687
      Module: golang.org/x/net
        Found in: golang.org/x/net@v0.21.0
        Fixed in: golang.org/x/net@v0.23.0
        Example traces found:
          #1: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.ConnectionError.Error
          #2: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.ErrCode.String
          #3: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.FrameHeader.String
          #4: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.FrameType.String
          #5: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.Setting.String
          #6: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.SettingID.String
          #7: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.StreamError.Error
          #8: services/content/v1/content_ttrpc.pb.go:272:35: content.ttrpccontentClient.Write calls ttrpc.Client.NewStream, which eventually calls http2.chunkWriter.Write
          containerd#9: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.connError.Error
          containerd#10: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.duplicatePseudoHeaderError.Error
          containerd#11: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.headerFieldNameError.Error
          containerd#12: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.headerFieldValueError.Error
          containerd#13: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.pseudoHeaderError.Error
          containerd#14: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.writeData.String

    Your code is affected by 1 vulnerability from 1 module.
    This scan also found 0 vulnerabilities in packages you import and 3
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.

After this:

    govulncheck ./...
    Scanning your code and 251 packages across 13 dependent modules for known vulnerabilities...

    === Symbol Results ===

    No vulnerabilities found.

    Your code is affected by 0 vulnerabilities.
    This scan also found 0 vulnerabilities in packages you import and 3
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
dmcgowan pushed a commit that referenced this pull request Jul 26, 2025
@AkihiroSuda
silence govulncheck false positives
ff097d5 
`govulncheck -mode=binary` detected the following vulns, but `-mode=source` says "your code doesn't appear to call these vulnerabilities."

```
=== Symbol Results ===

Vulnerability #1: GO-2025-3503
    HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
  More info: https://pkg.go.dev/vuln/GO-2025-3503
  Module: golang.org/x/net
    Found in: golang.org/x/net@v0.33.0
    Fixed in: golang.org/x/net@v0.36.0
    Vulnerable symbols found:
      #1: httpproxy.config.useProxy
      #2: httpproxy.domainMatch.match
      #3: proxy.Dial
      #4: proxy.FromEnvironment
      #5: proxy.FromEnvironmentUsing
      Use '-show traces' to see the other 3 found symbols

Vulnerability #2: GO-2025-3488
    Unexpected memory consumption during token parsing in golang.org/x/oauth2
  More info: https://pkg.go.dev/vuln/GO-2025-3488
  Module: golang.org/x/oauth2
    Found in: golang.org/x/oauth2@v0.11.0
    Fixed in: golang.org/x/oauth2@v0.27.0
    Vulnerable symbols found:
      #1: jws.Verify

Vulnerability #3: GO-2025-3487
    Potential denial of service in golang.org/x/crypto
  More info: https://pkg.go.dev/vuln/GO-2025-3487
  Module: golang.org/x/crypto
    Found in: golang.org/x/crypto@v0.31.0
    Fixed in: golang.org/x/crypto@v0.35.0
    Vulnerable symbols found:
      #1: ssh.Client.Dial
      #2: ssh.Client.DialContext
      #3: ssh.Client.DialTCP
      #4: ssh.Client.Listen
      #5: ssh.Client.ListenTCP
      Use '-show traces' to see the other 48 found symbols

Your code is affected by 3 vulnerabilities from 3 modules.
This scan found no other vulnerabilities in packages you import or modules you
require.
Use '-show verbose' for more details.
```

NOTE: Go version requirement is now bumped up from 1.21 to 1.23

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dmcgowan @mxpv