From eea7123837920134ca6b4e9106828afb7f8290e7 Mon Sep 17 00:00:00 2001 From: Jack Yu Date: Thu, 18 Jan 2024 11:00:37 +0800 Subject: [PATCH] bump: harvester/webhook to v0.1.4 Signed-off-by: Jack Yu --- go.mod | 2 +- go.sum | 2 ++ .../harvester/webhook/pkg/server/server.go | 12 ++++++++++++ vendor/modules.txt | 2 +- 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index bb67138f..26a0d09e 100644 --- a/go.mod +++ b/go.mod @@ -63,7 +63,7 @@ require ( github.com/containernetworking/plugins v1.1.1 github.com/harvester/harvester v1.2.0-rc1 github.com/harvester/harvester-network-controller v0.3.2 - github.com/harvester/webhook v0.1.3 + github.com/harvester/webhook v0.1.4 github.com/rancher/lasso v0.0.0-20221227210133-6ea88ca2fbcc github.com/rancher/rancher v0.0.0-20230124173128-2207cfed1803 github.com/rancher/rancher/pkg/apis v0.0.0 diff --git a/go.sum b/go.sum index 65619a05..460cf16b 100644 --- a/go.sum +++ b/go.sum @@ -437,6 +437,8 @@ github.com/harvester/harvester-network-controller v0.3.2 h1:K8NRAykCJOjxMObe7cUc github.com/harvester/harvester-network-controller v0.3.2/go.mod h1:auGukE9/I0r5oININRD8KBfVFO7HAaxztWvvtdNTMsE= github.com/harvester/webhook v0.1.3 h1:rPdpOikIFWTRQGidgWaAUoUc/zgv0E5EzjX8MF3Fi8A= github.com/harvester/webhook v0.1.3/go.mod h1:vfRPB26WHSPxMF/ONpUVzaEaewTUxpP9qAqu1ZyonR0= +github.com/harvester/webhook v0.1.4 h1:6g5MkYXlGm0wABQ/Dm8g5sM7WAtPq2aiWOH9wmf2vUQ= +github.com/harvester/webhook v0.1.4/go.mod h1:vfRPB26WHSPxMF/ONpUVzaEaewTUxpP9qAqu1ZyonR0= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= diff --git a/vendor/github.com/harvester/webhook/pkg/server/server.go b/vendor/github.com/harvester/webhook/pkg/server/server.go index 8ab78ceb..7242507f 100644 --- a/vendor/github.com/harvester/webhook/pkg/server/server.go +++ b/vendor/github.com/harvester/webhook/pkg/server/server.go @@ -2,6 +2,7 @@ package server import ( "context" + "crypto/tls" "fmt" "net/http" "time" @@ -31,6 +32,13 @@ var ( failPolicyFail = v1.Fail failPolicyIgnore = v1.Ignore sideEffectClassNone = v1.SideEffectClassNone + whiteListedCiphers = []uint16{tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + } ) type server struct { @@ -145,6 +153,10 @@ func (s *WebhookServer) listenAndServe(clients *clients.Clients, handler http.Ha tlsName, }, FilterCN: dynamiclistener.OnlyAllow(tlsName), + TLSConfig: &tls.Config{ + MinVersion: tls.VersionTLS12, + CipherSuites: whiteListedCiphers, + }, }, }) } diff --git a/vendor/modules.txt b/vendor/modules.txt index c85a5e8b..cff29774 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -223,7 +223,7 @@ github.com/harvester/harvester/tests/framework/fuzz ## explicit; go 1.18 github.com/harvester/harvester-network-controller/pkg/apis/network.harvesterhci.io github.com/harvester/harvester-network-controller/pkg/utils -# github.com/harvester/webhook v0.1.3 +# github.com/harvester/webhook v0.1.4 ## explicit; go 1.19 github.com/harvester/webhook/pkg/clients github.com/harvester/webhook/pkg/config