build(deps): Bump github.com/distribution/distribution/v3 from 3.0.0-20230519140516-983358f8e250 to 3.0.0-alpha.1

.golangci.yml

@@ -31,7 +31,6 @@ linters:
     - misspell
     - nolintlint
     - prealloc
-    - revive
     - staticcheck
     - stylecheck
     - tagliatelle

apis/config/v1alpha1/dynamiccredentialprovideconfig_validation.go

@@ -5,7 +5,7 @@ package v1alpha1
 
 import (
 	"k8s.io/apimachinery/pkg/api/errors"
-	runtime "k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"

go.mod

@@ -6,8 +6,7 @@ module github.com/mesosphere/dynamic-credential-provider
 go 1.21
 
 require (
-	github.com/distribution/distribution/v3 v3.0.0-20230519140516-983358f8e250
-	github.com/docker/distribution v2.8.3+incompatible
+	github.com/distribution/reference v0.5.0
 	github.com/docker/docker v24.0.9+incompatible
 	github.com/docker/go-connections v0.5.0
 	github.com/foomo/htpasswd v0.0.0-20200116085101-e3a90e78da9c
@@ -55,16 +54,17 @@ require (
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/distribution/reference v0.5.0 // indirect
+	github.com/distribution/distribution/v3 v3.0.0-alpha.1 // indirect
 	github.com/docker/cli v24.0.6+incompatible // indirect
+	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
 	github.com/fatih/color v1.13.0 // indirect
-	github.com/felixge/httpsnoop v1.0.3 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
@@ -82,8 +82,8 @@ require (
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/google/uuid v1.3.0 // indirect
-	github.com/gorilla/mux v1.8.0 // indirect
+	github.com/google/uuid v1.3.1 // indirect
+	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
@@ -95,7 +95,7 @@ require (
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.16.0 // indirect
+	github.com/klauspost/compress v1.17.4 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/lib/pq v1.10.9 // indirect
@@ -135,10 +135,10 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect
-	go.opentelemetry.io/otel v1.19.0 // indirect
-	go.opentelemetry.io/otel/metric v1.19.0 // indirect
-	go.opentelemetry.io/otel/trace v1.19.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
+	go.opentelemetry.io/otel v1.21.0 // indirect
+	go.opentelemetry.io/otel/metric v1.21.0 // indirect
+	go.opentelemetry.io/otel/trace v1.21.0 // indirect
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.26.0 // indirect
@@ -154,7 +154,7 @@ require (
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
-	google.golang.org/grpc v1.58.3 // indirect
+	google.golang.org/grpc v1.59.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/evanphx/json-patch.v5 v5.6.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect

make/pre-commit.mk

@@ -13,6 +13,7 @@ pre-commit: ; $(info $(M) running pre-commit)
 ifeq ($(wildcard $(PRE_COMMIT_CONFIG_FILE)),)
 	$(error Cannot find pre-commit config file $(PRE_COMMIT_CONFIG_FILE). Specify the config file via PRE_COMMIT_CONFIG_FILE variable)
 endif
+	env VIRTUALENV_PIP=24.0 pre-commit install-hooks
 	env SKIP=$(SKIP) pre-commit run -a --show-diff-on-failure --config $(PRE_COMMIT_CONFIG_FILE)
 	git fetch origin main
 	pre-commit run --hook-stage manual gitlint-ci

pkg/credentialprovider/dynamic/dynamic_test.go

@@ -12,7 +12,7 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	credentialproviderv1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1"
 
 	"github.com/mesosphere/dynamic-credential-provider/pkg/credentialprovider/dynamic"
@@ -26,6 +26,8 @@ func Test_dynamicProvider_GetCredentials(t *testing.T) {
 		dummyImageFmt                  = "img.%s/abc/def:v1.2.3"
 		mirrorUser                     = "mirroruser"
 		mirrorPassword                 = "mirrorpassword"
+		testUser                       = "testuser"
+		testPassword                   = "testpassword"
 		wildcardDomain                 = "*.*"
 		credentialProviderResponseKind = "CredentialProviderResponse" //nolint:gosec // No actual credentials here.
 	)
@@ -48,12 +50,12 @@ func Test_dynamicProvider_GetCredentials(t *testing.T) {
 				cfgFile: filepath.Join("testdata", "config-with-mirror-only.yaml"),
 				img:     fmt.Sprintf(dummyImageFmt, v),
 				want: &credentialproviderv1.CredentialProviderResponse{
-					TypeMeta: v1.TypeMeta{
+					TypeMeta: metav1.TypeMeta{
 						APIVersion: credentialproviderv1.SchemeGroupVersion.String(),
 						Kind:       credentialProviderResponseKind,
 					},
 					CacheKeyType:  credentialproviderv1.ImagePluginCacheKeyType,
-					CacheDuration: &v1.Duration{Duration: expectedDummyDuration},
+					CacheDuration: &metav1.Duration{Duration: expectedDummyDuration},
 					Auth: map[string]credentialproviderv1.AuthConfig{
 						fmt.Sprintf(dummyImageFmt, v): {
 							Username: mirrorUser,
@@ -67,20 +69,20 @@ func Test_dynamicProvider_GetCredentials(t *testing.T) {
 				cfgFile: filepath.Join("testdata", "config-with-mirror-first.yaml"),
 				img:     fmt.Sprintf(dummyImageFmt, v),
 				want: &credentialproviderv1.CredentialProviderResponse{
-					TypeMeta: v1.TypeMeta{
+					TypeMeta: metav1.TypeMeta{
 						APIVersion: credentialproviderv1.SchemeGroupVersion.String(),
 						Kind:       credentialProviderResponseKind,
 					},
 					CacheKeyType:  credentialproviderv1.ImagePluginCacheKeyType,
-					CacheDuration: &v1.Duration{Duration: expectedDummyDuration},
+					CacheDuration: &metav1.Duration{Duration: expectedDummyDuration},
 					Auth: map[string]credentialproviderv1.AuthConfig{
 						fmt.Sprintf(dummyImageFmt, v): {
 							Username: mirrorUser,
 							Password: mirrorPassword,
 						},
 						wildcardDomain: {
-							Username: v + "user",
-							Password: v + "password",
+							Username: v + testUser,
+							Password: v + testPassword,
 						},
 					},
 				},
@@ -90,20 +92,20 @@ func Test_dynamicProvider_GetCredentials(t *testing.T) {
 				cfgFile: filepath.Join("testdata", "config-with-mirror-last.yaml"),
 				img:     fmt.Sprintf(dummyImageFmt, v),
 				want: &credentialproviderv1.CredentialProviderResponse{
-					TypeMeta: v1.TypeMeta{
+					TypeMeta: metav1.TypeMeta{
 						APIVersion: credentialproviderv1.SchemeGroupVersion.String(),
 						Kind:       credentialProviderResponseKind,
 					},
 					CacheKeyType:  credentialproviderv1.ImagePluginCacheKeyType,
-					CacheDuration: &v1.Duration{Duration: expectedDummyDuration},
+					CacheDuration: &metav1.Duration{Duration: expectedDummyDuration},
 					Auth: map[string]credentialproviderv1.AuthConfig{
 						wildcardDomain: {
 							Username: mirrorUser,
 							Password: mirrorPassword,
 						},
 						fmt.Sprintf(dummyImageFmt, v): {
-							Username: v + "user",
-							Password: v + "password",
+							Username: v + testUser,
+							Password: v + testPassword,
 						},
 					},
 				},
@@ -113,12 +115,12 @@ func Test_dynamicProvider_GetCredentials(t *testing.T) {
 				cfgFile: filepath.Join("testdata", "config-with-mirror-last.yaml"),
 				img:     "noorigin/image:v1.2.3.4",
 				want: &credentialproviderv1.CredentialProviderResponse{
-					TypeMeta: v1.TypeMeta{
+					TypeMeta: metav1.TypeMeta{
 						APIVersion: credentialproviderv1.SchemeGroupVersion.String(),
 						Kind:       credentialProviderResponseKind,
 					},
 					CacheKeyType:  credentialproviderv1.ImagePluginCacheKeyType,
-					CacheDuration: &v1.Duration{Duration: expectedDummyDuration},
+					CacheDuration: &metav1.Duration{Duration: expectedDummyDuration},
 					Auth: map[string]credentialproviderv1.AuthConfig{
 						wildcardDomain: {Username: mirrorUser, Password: mirrorPassword},
 					},
@@ -129,16 +131,16 @@ func Test_dynamicProvider_GetCredentials(t *testing.T) {
 				cfgFile: filepath.Join("testdata", "config-no-mirror.yaml"),
 				img:     fmt.Sprintf(dummyImageFmt, v),
 				want: &credentialproviderv1.CredentialProviderResponse{
-					TypeMeta: v1.TypeMeta{
+					TypeMeta: metav1.TypeMeta{
 						APIVersion: credentialproviderv1.SchemeGroupVersion.String(),
 						Kind:       credentialProviderResponseKind,
 					},
 					CacheKeyType:  credentialproviderv1.ImagePluginCacheKeyType,
-					CacheDuration: &v1.Duration{Duration: expectedDummyDuration},
+					CacheDuration: &metav1.Duration{Duration: expectedDummyDuration},
 					Auth: map[string]credentialproviderv1.AuthConfig{
 						fmt.Sprintf(dummyImageFmt, v): {
-							Username: v + "user",
-							Password: v + "password",
+							Username: v + testUser,
+							Password: v + testPassword,
 						},
 					},
 				},
@@ -148,12 +150,12 @@ func Test_dynamicProvider_GetCredentials(t *testing.T) {
 				cfgFile: filepath.Join("testdata", "config-with-mirror-with-path-only.yaml"),
 				img:     fmt.Sprintf(dummyImageFmt, v),
 				want: &credentialproviderv1.CredentialProviderResponse{
-					TypeMeta: v1.TypeMeta{
+					TypeMeta: metav1.TypeMeta{
 						APIVersion: credentialproviderv1.SchemeGroupVersion.String(),
 						Kind:       credentialProviderResponseKind,
 					},
 					CacheKeyType:  credentialproviderv1.ImagePluginCacheKeyType,
-					CacheDuration: &v1.Duration{Duration: expectedDummyDuration},
+					CacheDuration: &metav1.Duration{Duration: expectedDummyDuration},
 					Auth: map[string]credentialproviderv1.AuthConfig{
 						fmt.Sprintf(dummyImageFmt, v): {
 							Username: mirrorUser,

pkg/credentialprovider/dynamic/testdata/staticcredentialprovider-v1-withpath.sh

@@ -12,6 +12,6 @@ echo '{
   "cacheKeyType":"Image",
   "cacheDuration":"5s",
   "auth":{
-    "*.v1withpath/apath": {"username":"v1withpath/apathuser","password":"v1withpath/apathpassword"}
+    "*.v1withpath/apath": {"username":"v1withpath/apathtestuser","password":"v1withpath/apathtestpassword"}
   }
 }'

pkg/credentialprovider/dynamic/testdata/staticcredentialprovider-v1.sh

@@ -12,6 +12,6 @@ echo '{
   "cacheKeyType":"Image",
   "cacheDuration":"5s",
   "auth":{
-    "*.v1": {"username":"v1user","password":"v1password"}
+    "*.v1": {"username":"v1testuser","password":"v1testpassword"}
   }
 }'

pkg/credentialprovider/dynamic/testdata/staticcredentialprovider-v1alpha1.sh

@@ -12,6 +12,6 @@ echo '{
   "cacheKeyType":"Image",
   "cacheDuration":"5s",
   "auth":{
-    "*.v1alpha1": {"username":"v1alpha1user","password":"v1alpha1password"}
+    "*.v1alpha1": {"username":"v1alpha1testuser","password":"v1alpha1testpassword"}
   }
 }'

pkg/credentialprovider/dynamic/testdata/staticcredentialprovider-v1beta1.sh

@@ -12,6 +12,6 @@ echo '{
   "cacheKeyType":"Image",
   "cacheDuration":"5s",
   "auth":{
-    "*.v1beta1": {"username":"v1beta1user","password":"v1beta1password"}
+    "*.v1beta1": {"username":"v1beta1testuser","password":"v1beta1testpassword"}
   }
 }'

pkg/credentialprovider/dynamic/testdata/staticcredentialprovider-wildcard.sh

@@ -12,6 +12,6 @@ echo '{
   "cacheKeyType":"Image",
   "cacheDuration":"5s",
   "auth":{
-    "*.*": {"username":"wildcarduser","password":"wildcardpassword"}
+    "*.*": {"username":"wildcardtestuser","password":"wildcardtestpassword"}
   }
 }'

pkg/credentialprovider/plugin/plugin.go

@@ -16,7 +16,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/serializer/json"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/kubelet/pkg/apis/credentialprovider/install"
-	v1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1"
+	credentialproviderv1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1"
 )
 
 var (
@@ -27,7 +27,7 @@ var (
 //nolint:gochecknoinits // init is idiomatically used to set up schemes
 func init() {
 	install.Install(scheme)
-	utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion))
+	utilruntime.Must(scheme.SetVersionPriority(credentialproviderv1.SchemeGroupVersion))
 }
 
 // CredentialProvider is an interface implemented by the kubelet credential provider plugin to fetch
@@ -37,7 +37,7 @@ type CredentialProvider interface {
 		ctx context.Context,
 		image string,
 		args []string,
-	) (*v1.CredentialProviderResponse, error)
+	) (*credentialproviderv1.CredentialProviderResponse, error)
 }
 
 // ExecPlugin implements the exec-based plugin for fetching credentials that is invoked by the kubelet.
@@ -76,7 +76,7 @@ func (e *ExecPlugin) runPlugin(ctx context.Context, r io.Reader, w io.Writer, ar
 		return err
 	}
 
-	if gvk.GroupVersion() != v1.SchemeGroupVersion {
+	if gvk.GroupVersion() != credentialproviderv1.SchemeGroupVersion {
 		return fmt.Errorf("%w: %s", ErrUnsupportedAPIVersion, gvk)
 	}
 
@@ -119,8 +119,9 @@ var (
 	ErrConversionFailure = errors.New("conversion failure")
 )
 
-func decodeRequest(data []byte) (*v1.CredentialProviderRequest, error) {
-	obj, gvk, err := codecs.UniversalDecoder(v1.SchemeGroupVersion).Decode(data, nil, nil)
+func decodeRequest(data []byte) (*credentialproviderv1.CredentialProviderRequest, error) {
+	obj, gvk, err := codecs.UniversalDecoder(credentialproviderv1.SchemeGroupVersion).
+		Decode(data, nil, nil)
 	if err != nil {
 		if runtime.IsNotRegisteredError(err) {
 			return nil, fmt.Errorf("%w: %v", ErrUnsupportedRequestKind, err)
@@ -136,14 +137,14 @@ func decodeRequest(data []byte) (*v1.CredentialProviderRequest, error) {
 		)
 	}
 
-	if gvk.Group != v1.GroupName {
+	if gvk.Group != credentialproviderv1.GroupName {
 		return nil, fmt.Errorf(
 			"%w: %s (expected %s)",
-			ErrUnsupportedAPIVersion, gvk.GroupVersion(), v1.SchemeGroupVersion,
+			ErrUnsupportedAPIVersion, gvk.GroupVersion(), credentialproviderv1.SchemeGroupVersion,
 		)
 	}
 
-	request, ok := obj.(*v1.CredentialProviderRequest)
+	request, ok := obj.(*credentialproviderv1.CredentialProviderRequest)
 	if !ok {
 		return nil, fmt.Errorf(
 			"%w: unable to convert %T to *CredentialProviderRequest",
@@ -155,14 +156,14 @@ func decodeRequest(data []byte) (*v1.CredentialProviderRequest, error) {
 	return request, nil
 }
 
-func encodeResponse(response *v1.CredentialProviderResponse) ([]byte, error) {
+func encodeResponse(response *credentialproviderv1.CredentialProviderResponse) ([]byte, error) {
 	mediaType := "application/json"
 	info, ok := runtime.SerializerInfoForMediaType(codecs.SupportedMediaTypes(), mediaType)
 	if !ok {
 		return nil, fmt.Errorf("unsupported media type %q", mediaType)
 	}
 
-	encoder := codecs.EncoderForVersion(info.Serializer, v1.SchemeGroupVersion)
+	encoder := codecs.EncoderForVersion(info.Serializer, credentialproviderv1.SchemeGroupVersion)
 	data, err := runtime.Encode(encoder, response)
 	if err != nil {
 		return nil, fmt.Errorf("failed to encode response: %v", err)

pkg/credentialprovider/plugin/plugin_test.go

@@ -12,7 +12,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	v1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1"
+	credentialproviderv1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1"
 )
 
 type fakePlugin struct{}
@@ -21,12 +21,12 @@ func (fakePlugin) GetCredentials(
 	_ context.Context,
 	_ string,
 	_ []string,
-) (*v1.CredentialProviderResponse, error) {
-	return &v1.CredentialProviderResponse{
-		CacheKeyType: v1.RegistryPluginCacheKeyType,
+) (*credentialproviderv1.CredentialProviderResponse, error) {
+	return &credentialproviderv1.CredentialProviderResponse{
+		CacheKeyType: credentialproviderv1.RegistryPluginCacheKeyType,
 		//nolint:revive // Dummy value in test file, no need for const.
 		CacheDuration: &metav1.Duration{Duration: 10 * time.Minute},
-		Auth: map[string]v1.AuthConfig{
+		Auth: map[string]credentialproviderv1.AuthConfig{
 			"*.registry.io": {
 				Username: "user",
 				Password: "password",