Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deprecated import path with k8s.io/apiserver import path when updating to go v1.23.0 #40

Open
Nicolas-Peiffer opened this issue Nov 25, 2024 · 2 comments
Open

deprecated import path with k8s.io/apiserver import path when updating to go v1.23.0 #40

Nicolas-Peiffer opened this issue Nov 25, 2024 · 2 comments
Assignees
@IceManGreen
Labels
bug Something isn't working

Comments

@Nicolas-Peiffer
Copy link

Nicolas-Peiffer commented Nov 25, 2024
edited
Loading

What I want to achieve: update to go v1.23.0

Problem I have: a module path and package was changed

When I try to upgrade to go v1.23.0, I have an issue with an import located in the /tools.go file.

go mod tidy

go: finding module for package k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1
go: github.com/ThalesGroup/k8s-kms-plugin imports
        k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1: module k8s.io/apiserver@latest found (v0.31.3), but does not contain package k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1

Before I update to go v1.23.0: go 1.21.6 was used and k8s.io/apiserver v0.19.2 ; see go.mod

module github.com/ThalesGroup/k8s-kms-plugin

go 1.21.6

// TODO replace packages :
//   - gose
//   - crypto11
require (
        [...]
	k8s.io/apiserver v0.19.2
        [...]
)

Before I update to go v1.23.0: the content of tools.go imported a module "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1"

// +build tools

package tools

import (
	_ "github.com/golang/protobuf/protoc-gen-go"
	_ "github.com/grpc-ecosystem/grpc-gateway/protoc-gen-grpc-gateway"
	_ "github.com/grpc-ecosystem/grpc-gateway/protoc-gen-swagger"
	_ "github.com/infobloxopen/atlas-app-toolkit/rpc/resource"
	_ "github.com/mitchellh/protoc-gen-go-json"
	_ "golang.org/x/tools/cmd/cover"

	_ "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1"
)

k8s.io/apiserver v0.19.2 has indeed a module "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1" ). See:

Latest version of where k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1 is available is k8s.io/apiserver: v0.25.16
See:

After k8s.io/apiserver v0.25.16, this module k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1 does not exist anymore.

Deletion of files appeared between v0.26.0-alpha.1 and v0.26.0-alpha.2.

We need to figure out what to do with this module. It seems k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1 was used to store protobuf files that was generated.

From this following commit kubernetes/apiserver@c027ae3, it looks like protobuf files were moved from k8s.io/apiserver/pkg/storage/value/encrypt/envelope/ to k8s.io/kms/apis/v2alpha1 and were deleted from k8s.io/apiserver/pkg/storage/value/encrypt/envelope/:

affected files before after
pkg/storage/value/encrypt/envelope/testing/v1beta1/kms_plugin_mock.go kmsapi "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1" kmsapi "k8s.io/kms/apis/v1beta1"
pkg/storage/value/encrypt/envelope/testing/v2alpha1/kms_plugin_mock.go kmsapi "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v2alpha1" kmsapi "k8s.io/kms/apis/v2alpha1"

image

Check the k8s.io/kms package: https://pkg.go.dev/k8s.io/[email protected]/apis/v1beta1 ; pay attention to deprecation message : Deprecated: KMSv1 is deprecated in v1.28 and will only receive security updates going forward. Use KMSv2 instead.
@Nicolas-Peiffer Nicolas-Peiffer added the bug Something isn't working label Nov 25, 2024
@IceManGreen IceManGreen self-assigned this Nov 28, 2024
@IceManGreen
Copy link
Contributor

Fixed by commit 8b5d5aa in branch rsa-support.
Will be merged in master branch for the next release.

Nicolas-Peiffer added a commit to Nicolas-Peiffer/k8s-kms-plugin that referenced this issue Dec 16, 2024
@Nicolas-Peiffer
Update k8s kms dependency location following the information from thi…
5adeb4e 
…s issue ThalesGroup#40

Signed-off-by: Nicolas-Peiffer <[email protected]>
@Nicolas-Peiffer
Copy link
Author

Nicolas-Peiffer commented Jan 15, 2025
edited
Loading

In k8s.io/kms/apis/v2, KeyManagementServiceServer has 3 methods Status, Decrypt and Encrypt.

In k8s.io/kms/apis/v1beta1, KeyManagementServiceServer, had a Version, Decrypt and Encrypt methods.

To upgrade to k8s.io/kms/apis/v2, this needs to be fixed.

Screenshot_20250115_162427

First step is to modify pkg/providers/p11.go.

Is it enough to rename func (p *P11) Version(ctx context.Context[...] to func (p *P11) Status(ctx context.Context[...] ? Or do we need to implement a new method Status ?

Nicolas-Peiffer added a commit that referenced this issue Jan 15, 2025
@Nicolas-Peiffer
start upadating to k8s.io/kms/apis/v2
04551a3 
Begin replacement of github.com/ThalesGroup/k8s-kms-plugin/apis/k8s/v1beta1 with k8s.io/kms/apis/v2. However, there are other modification to do in order to update the lib with k8s.io/kms/apis/v2. Indeed, there are both changes from v1beta1 and v2, as well as github.com/ThalesGroup/k8s-kms-plugin/apis/k8s/v1beta1 which has a custom forked implementation of the lib. See #40 (comment)

Don't forget to fix TODOs

Signed-off-by: Nicolas-Peiffer <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@IceManGreen IceManGreen

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Nicolas-Peiffer @IceManGreen