Since k/u includes pointer functions which are equivalent to the
autorest/to pointer functions, and the latter are deprecated, it seems
useful to switch to the former:
* to.FooPtr becomes pointer.Foo
* to.Foo becomes pointer.FooDeref with an appropriate default
* to.StringSlicePtr becomes &
This doesn't remove anything from vendor, but it does turn the
dependency into an indirect one, ready to be removed when the rest of
the Azure migration happens.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
The test in pkg/credentialprovider/gcp/metadata_test.go is meant to
run only on GCE, which means that it will fail in any other case.
We should skip the test if we're not testing in GCE or Windows in GCE.
Updates the regex for ECR URL validation to support isolated regions
and includes additional testcases for these.
Signed-off-by: Jyoti Mahapatra <jyotima@amazon.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Improve concurrency and cache for credential provider
Removed lock from "Provide" as it can be called in parallel
from image puller. To avoid execing for the same image concurrently
wrapped exec in singleflight.
Purging the cache for expried data with 15mins interval only when
a request for credential is made.
KEP:2133
Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
Adds a default timeout to the Azure ACR HTTP client to avoid hanging
when unable to reach server.
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
* Before this change, even on non-AWS platforms, the Enabled() check attempts
to make calls to the metadata endpoint when the session and credentials
are initialized (in order to determine if the provider should be
initialized at all).
* This can cause latency because the SDK times out and retries -- up to
20 seconds of latency has been observed on non-AWS platforms when the
metadata IP was blocked with an iptables rule.
* Instead, check once if we are running on an EC2 platform, first trying
to find the EC2 UUID in system files, and second attempting to get
credentials.
* Add a benchmark test that includes intialization and the credential
check.
There are a lot of scenarios where an invalid .dockercfg file
will still contain secrets. This commit removes logging of the
contents to avoid any potential leaking and manages the actual error
by printing to the user the actual location of the invalid file.
Signed-off-by: Nikolaos Moraitis <nmoraiti@redhat.com>
