Update Vendor (#16325)

* Add Dependencie Update Script * update gitea.com/lunny/levelqueue * update github.com/PuerkitoBio/goquery * update github.com/alecthomas/chroma * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/go-enry/go-enry/v2 * update github.com/go-redis/redis/v8 * update github.com/hashicorp/golang-lru * update github.com/klauspost/compress * update github.com/markbates/goth * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/olivere/elastic/v7 * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark
2021-07-04 04:06:10 +02:00 · 2021-07-04 04:06:10 +02:00 · fae07cbc8f
commit fae07cbc8f
parent 65ae46bc20
319 changed files with 33568 additions and 21050 deletions
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go
@ -59,6 +59,10 @@ const (
 	defaultECSRoleEndpoint      = "http://169.254.170.2"
 	defaultSTSRoleEndpoint      = "https://sts.amazonaws.com"
 	defaultIAMSecurityCredsPath = "/latest/meta-data/iam/security-credentials/"
+	tokenRequestTTLHeader       = "X-aws-ec2-metadata-token-ttl-seconds"
+	tokenPath                   = "/latest/api/token"
+	tokenTTL                    = "21600"
+	tokenRequestHeader          = "X-aws-ec2-metadata-token"
 )

 // NewIAM returns a pointer to a new Credentials object wrapping the IAM.
@ -75,6 +79,7 @@ func NewIAM(endpoint string) *Credentials {
 // Error will be returned if the request fails, or unable to extract
 // the desired
 func (m *IAM) Retrieve() (Value, error) {
+	token := os.Getenv("AWS_CONTAINER_AUTHORIZATION_TOKEN")
 	var roleCreds ec2RoleCredRespBody
 	var err error

@ -120,7 +125,7 @@ func (m *IAM) Retrieve() (Value, error) {
 				os.Getenv("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"))
 		}

-		roleCreds, err = getEcsTaskCredentials(m.Client, endpoint)
+		roleCreds, err = getEcsTaskCredentials(m.Client, endpoint, token)

 	case len(os.Getenv("AWS_CONTAINER_CREDENTIALS_FULL_URI")) > 0:
 		if len(endpoint) == 0 {
@ -134,7 +139,7 @@ func (m *IAM) Retrieve() (Value, error) {
 			}
 		}

-		roleCreds, err = getEcsTaskCredentials(m.Client, endpoint)
+		roleCreds, err = getEcsTaskCredentials(m.Client, endpoint, token)

 	default:
 		roleCreds, err = getCredentials(m.Client, endpoint)
@ -192,11 +197,14 @@ func getIAMRoleURL(endpoint string) (*url.URL, error) {
 // with the current EC2 service. If there are no credentials,
 // or there is an error making or receiving the request.
 // http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
-func listRoleNames(client *http.Client, u *url.URL) ([]string, error) {
+func listRoleNames(client *http.Client, u *url.URL, token string) ([]string, error) {
 	req, err := http.NewRequest(http.MethodGet, u.String(), nil)
 	if err != nil {
 		return nil, err
 	}
+	if token != "" {
+		req.Header.Add(tokenRequestHeader, token)
+	}
 	resp, err := client.Do(req)
 	if err != nil {
 		return nil, err
@ -219,12 +227,16 @@ func listRoleNames(client *http.Client, u *url.URL) ([]string, error) {
 	return credsList, nil
 }

-func getEcsTaskCredentials(client *http.Client, endpoint string) (ec2RoleCredRespBody, error) {
+func getEcsTaskCredentials(client *http.Client, endpoint string, token string) (ec2RoleCredRespBody, error) {
 	req, err := http.NewRequest(http.MethodGet, endpoint, nil)
 	if err != nil {
 		return ec2RoleCredRespBody{}, err
 	}

+	if token != "" {
+		req.Header.Set("Authorization", token)
+	}
+
 	resp, err := client.Do(req)
 	if err != nil {
 		return ec2RoleCredRespBody{}, err
@ -242,12 +254,35 @@ func getEcsTaskCredentials(client *http.Client, endpoint string) (ec2RoleCredRes
 	return respCreds, nil
 }

+func fetchIMDSToken(client *http.Client, endpoint string) (string, error) {
+	req, err := http.NewRequest(http.MethodPut, endpoint+tokenPath, nil)
+	if err != nil {
+		return "", err
+	}
+	req.Header.Add(tokenRequestTTLHeader, tokenTTL)
+	resp, err := client.Do(req)
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+	data, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+	if resp.StatusCode != http.StatusOK {
+		return "", errors.New(resp.Status)
+	}
+	return string(data), nil
+}
+
 // getCredentials - obtains the credentials from the IAM role name associated with
 // the current EC2 service.
 //
 // If the credentials cannot be found, or there is an error
 // reading the response an error will be returned.
 func getCredentials(client *http.Client, endpoint string) (ec2RoleCredRespBody, error) {
+	// https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
+	token, _ := fetchIMDSToken(client, endpoint)

 	// http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
 	u, err := getIAMRoleURL(endpoint)
@ -256,7 +291,7 @@ func getCredentials(client *http.Client, endpoint string) (ec2RoleCredRespBody,
 	}

 	// http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
-	roleNames, err := listRoleNames(client, u)
+	roleNames, err := listRoleNames(client, u, token)
 	if err != nil {
 		return ec2RoleCredRespBody{}, err
 	}
@ -280,6 +315,9 @@ func getCredentials(client *http.Client, endpoint string) (ec2RoleCredRespBody,
 	if err != nil {
 		return ec2RoleCredRespBody{}, err
 	}
+	if token != "" {
+		req.Header.Add(tokenRequestHeader, token)
+	}

 	resp, err := client.Do(req)
 	if err != nil {
--- a/vendor/github.com/minio/minio-go/v7/pkg/lifecycle/lifecycle.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/lifecycle/lifecycle.go
@ -81,10 +81,15 @@ func (n NoncurrentVersionTransition) IsDaysNull() bool {
 	return n.NoncurrentDays == ExpirationDays(0)
 }

+// IsStorageClassEmpty returns true if storage class field is empty
+func (n NoncurrentVersionTransition) IsStorageClassEmpty() bool {
+	return n.StorageClass == ""
+}
+
 // MarshalXML is extended to leave out
 // <NoncurrentVersionTransition></NoncurrentVersionTransition> tags
 func (n NoncurrentVersionTransition) MarshalXML(e *xml.Encoder, start xml.StartElement) error {
-	if n.IsDaysNull() {
+	if n.IsDaysNull() || n.IsStorageClassEmpty() {
 		return nil
 	}
 	type noncurrentVersionTransitionWrapper NoncurrentVersionTransition
@ -137,9 +142,9 @@ func (t Transition) MarshalXML(en *xml.Encoder, startElement xml.StartElement) e

 // And And Rule for LifecycleTag, to be used in LifecycleRuleFilter
 type And struct {
-	XMLName xml.Name `xml:"And,omitempty" json:"-"`
-	Prefix  string   `xml:"Prefix,omitempty" json:"Prefix,omitempty"`
-	Tags    []Tag    `xml:"Tag,omitempty" json:"Tags,omitempty"`
+	XMLName xml.Name `xml:"And" json:"-"`
+	Prefix  string   `xml:"Prefix" json:"Prefix,omitempty"`
+	Tags    []Tag    `xml:"Tag" json:"Tags,omitempty"`
 }

 // IsEmpty returns true if Tags field is null
--- a/vendor/github.com/minio/minio-go/v7/pkg/replication/replication.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/replication/replication.go
@ -27,7 +27,7 @@ import (
 	"github.com/rs/xid"
 )

-var errInvalidFilter = fmt.Errorf("Invalid filter")
+var errInvalidFilter = fmt.Errorf("invalid filter")

 // OptionType specifies operation to be performed on config
 type OptionType string
@ -46,19 +46,21 @@ const (

 // Options represents options to set a replication configuration rule
 type Options struct {
-	Op                     OptionType
-	ID                     string
-	Prefix                 string
-	RuleStatus             string
-	Priority               string
-	TagString              string
-	StorageClass           string
-	RoleArn                string
-	DestBucket             string
-	IsTagSet               bool
-	IsSCSet                bool
-	ReplicateDeletes       string // replicate versioned deletes
-	ReplicateDeleteMarkers string // replicate soft deletes
+	Op                      OptionType
+	ID                      string
+	Prefix                  string
+	RuleStatus              string
+	Priority                string
+	TagString               string
+	StorageClass            string
+	RoleArn                 string
+	DestBucket              string
+	IsTagSet                bool
+	IsSCSet                 bool
+	ReplicateDeletes        string // replicate versioned deletes
+	ReplicateDeleteMarkers  string // replicate soft deletes
+	ReplicaSync             string // replicate replica metadata modifications
+	ExistingObjectReplicate string
 }

 // Tags returns a slice of tags for a rule
@ -71,7 +73,7 @@ func (opts Options) Tags() ([]Tag, error) {
 		}
 		kv := strings.SplitN(tok, "=", 2)
 		if len(kv) != 2 {
-			return []Tag{}, fmt.Errorf("Tags should be entered as comma separated k=v pairs")
+			return []Tag{}, fmt.Errorf("tags should be entered as comma separated k=v pairs")
 		}
 		tagList = append(tagList, Tag{
 			Key:   kv[0],
@ -102,7 +104,7 @@ func (c *Config) AddRule(opts Options) error {
 		return err
 	}
 	if opts.RoleArn != c.Role && c.Role != "" {
-		return fmt.Errorf("Role ARN does not match existing configuration")
+		return fmt.Errorf("role ARN does not match existing configuration")
 	}
 	var status Status
 	// toggle rule status for edit option
@ -112,7 +114,7 @@ func (c *Config) AddRule(opts Options) error {
 	case "disable":
 		status = Disabled
 	default:
-		return fmt.Errorf("Rule state should be either [enable|disable]")
+		return fmt.Errorf("rule state should be either [enable|disable]")
 	}

 	tags, err := opts.Tags()
@ -142,7 +144,7 @@ func (c *Config) AddRule(opts Options) error {
 		arnStr = c.Role
 	}
 	if arnStr == "" {
-		return fmt.Errorf("Role ARN required")
+		return fmt.Errorf("role ARN required")
 	}
 	tokens := strings.Split(arnStr, ":")
 	if len(tokens) != 6 {
@ -183,7 +185,28 @@ func (c *Config) AddRule(opts Options) error {
 			return fmt.Errorf("ReplicateDeletes should be either enable|disable")
 		}
 	}
+	var replicaSync Status
+	// replica sync is by default Enabled, unless specified.
+	switch opts.ReplicaSync {
+	case "enable", "":
+		replicaSync = Enabled
+	case "disable":
+		replicaSync = Disabled
+	default:
+		return fmt.Errorf("replica metadata sync should be either [enable|disable]")
+	}

+	var existingStatus Status
+	if opts.ExistingObjectReplicate != "" {
+		switch opts.ExistingObjectReplicate {
+		case "enable":
+			existingStatus = Enabled
+		case "disable", "":
+			existingStatus = Disabled
+		default:
+			return fmt.Errorf("existingObjectReplicate should be either enable|disable")
+		}
+	}
 	newRule := Rule{
 		ID:       opts.ID,
 		Priority: priority,
@ -200,9 +223,13 @@ func (c *Config) AddRule(opts Options) error {
 		// However AWS leaves this configurable https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-for-metadata-changes.html
 		SourceSelectionCriteria: SourceSelectionCriteria{
 			ReplicaModifications: ReplicaModifications{
-				Status: Enabled,
+				Status: replicaSync,
 			},
 		},
+		// By default disable existing object replication unless selected
+		ExistingObjectReplication: ExistingObjectReplication{
+			Status: existingStatus,
+		},
 	}

 	// validate rule after overlaying priority for pre-existing rule being disabled.
@ -211,13 +238,13 @@ func (c *Config) AddRule(opts Options) error {
 	}
 	for _, rule := range c.Rules {
 		if rule.Priority == newRule.Priority {
-			return fmt.Errorf("Priority must be unique. Replication configuration already has a rule with this priority")
+			return fmt.Errorf("priority must be unique. Replication configuration already has a rule with this priority")
 		}
 		if rule.Destination.Bucket != newRule.Destination.Bucket {
-			return fmt.Errorf("The destination bucket must be same for all rules")
+			return fmt.Errorf("the destination bucket must be same for all rules")
 		}
 		if rule.ID == newRule.ID {
-			return fmt.Errorf("A rule exists with this ID")
+			return fmt.Errorf("a rule exists with this ID")
 		}
 	}

@ -228,7 +255,7 @@ func (c *Config) AddRule(opts Options) error {
 // EditRule modifies an existing rule in replication config
 func (c *Config) EditRule(opts Options) error {
 	if opts.ID == "" {
-		return fmt.Errorf("Rule ID missing")
+		return fmt.Errorf("rule ID missing")
 	}
 	rIdx := -1
 	var newRule Rule
@ -240,7 +267,7 @@ func (c *Config) EditRule(opts Options) error {
 		}
 	}
 	if rIdx < 0 {
-		return fmt.Errorf("Rule with ID %s not found in replication configuration", opts.ID)
+		return fmt.Errorf("rule with ID %s not found in replication configuration", opts.ID)
 	}
 	prefixChg := opts.Prefix != newRule.Prefix()
 	if opts.IsTagSet || prefixChg {
@ -286,7 +313,7 @@ func (c *Config) EditRule(opts Options) error {
 		case "disable":
 			newRule.Status = Disabled
 		default:
-			return fmt.Errorf("Rule state should be either [enable|disable]")
+			return fmt.Errorf("rule state should be either [enable|disable]")
 		}
 	}
 	// set DeleteMarkerReplication rule status for edit option
@ -314,6 +341,27 @@ func (c *Config) EditRule(opts Options) error {
 		}
 	}

+	if opts.ReplicaSync != "" {
+		switch opts.ReplicaSync {
+		case "enable", "":
+			newRule.SourceSelectionCriteria.ReplicaModifications.Status = Enabled
+		case "disable":
+			newRule.SourceSelectionCriteria.ReplicaModifications.Status = Disabled
+		default:
+			return fmt.Errorf("replica metadata sync should be either [enable|disable]")
+		}
+	}
+	fmt.Println("opts.ExistingObjectReplicate>", opts.ExistingObjectReplicate)
+	if opts.ExistingObjectReplicate != "" {
+		switch opts.ExistingObjectReplicate {
+		case "enable":
+			newRule.ExistingObjectReplication.Status = Enabled
+		case "disable":
+			newRule.ExistingObjectReplication.Status = Disabled
+		default:
+			return fmt.Errorf("existingObjectsReplication state should be either [enable|disable]")
+		}
+	}
 	if opts.IsSCSet {
 		newRule.Destination.StorageClass = opts.StorageClass
 	}
@ -343,10 +391,10 @@ func (c *Config) EditRule(opts Options) error {
 	// ensure priority and destination bucket restrictions are not violated
 	for idx, rule := range c.Rules {
 		if rule.Priority == newRule.Priority && rIdx != idx {
-			return fmt.Errorf("Priority must be unique. Replication configuration already has a rule with this priority")
+			return fmt.Errorf("priority must be unique. Replication configuration already has a rule with this priority")
 		}
 		if rule.Destination.Bucket != newRule.Destination.Bucket {
-			return fmt.Errorf("The destination bucket must be same for all rules")
+			return fmt.Errorf("the destination bucket must be same for all rules")
 		}
 	}

@ -369,7 +417,7 @@ func (c *Config) RemoveRule(opts Options) error {
 		return fmt.Errorf("Rule with ID %s not found", opts.ID)
 	}
 	if len(newRules) == 0 {
-		return fmt.Errorf("Replication configuration should have at least one rule")
+		return fmt.Errorf("replication configuration should have at least one rule")
 	}
 	c.Rules = newRules
 	return nil
@ -378,15 +426,16 @@ func (c *Config) RemoveRule(opts Options) error {

 // Rule - a rule for replication configuration.
 type Rule struct {
-	XMLName                 xml.Name                `xml:"Rule" json:"-"`
-	ID                      string                  `xml:"ID,omitempty"`
-	Status                  Status                  `xml:"Status"`
-	Priority                int                     `xml:"Priority"`
-	DeleteMarkerReplication DeleteMarkerReplication `xml:"DeleteMarkerReplication"`
-	DeleteReplication       DeleteReplication       `xml:"DeleteReplication"`
-	Destination             Destination             `xml:"Destination"`
-	Filter                  Filter                  `xml:"Filter" json:"Filter"`
-	SourceSelectionCriteria SourceSelectionCriteria `xml:"SourceSelectionCriteria" json:"SourceSelectionCriteria"`
+	XMLName                   xml.Name                  `xml:"Rule" json:"-"`
+	ID                        string                    `xml:"ID,omitempty"`
+	Status                    Status                    `xml:"Status"`
+	Priority                  int                       `xml:"Priority"`
+	DeleteMarkerReplication   DeleteMarkerReplication   `xml:"DeleteMarkerReplication"`
+	DeleteReplication         DeleteReplication         `xml:"DeleteReplication"`
+	Destination               Destination               `xml:"Destination"`
+	Filter                    Filter                    `xml:"Filter" json:"Filter"`
+	SourceSelectionCriteria   SourceSelectionCriteria   `xml:"SourceSelectionCriteria" json:"SourceSelectionCriteria"`
+	ExistingObjectReplication ExistingObjectReplication `xml:"ExistingObjectReplication,omitempty" json:"ExistingObjectReplication,omitempty"`
 }

 // Validate validates the rule for correctness
@ -402,14 +451,13 @@ func (r Rule) Validate() error {
 	}

 	if r.Priority < 0 && r.Status == Enabled {
-		return fmt.Errorf("Priority must be set for the rule")
+		return fmt.Errorf("priority must be set for the rule")
 	}

 	if err := r.validateStatus(); err != nil {
 		return err
 	}
-
-	return nil
+	return r.ExistingObjectReplication.Validate()
 }

 // validateID - checks if ID is valid or not.
@ -525,11 +573,11 @@ func (tag Tag) IsEmpty() bool {
 // Validate checks this tag.
 func (tag Tag) Validate() error {
 	if len(tag.Key) == 0 || utf8.RuneCountInString(tag.Key) > 128 {
-		return fmt.Errorf("Invalid Tag Key")
+		return fmt.Errorf("invalid Tag Key")
 	}

 	if utf8.RuneCountInString(tag.Value) > 256 {
-		return fmt.Errorf("Invalid Tag Value")
+		return fmt.Errorf("invalid Tag Value")
 	}
 	return nil
 }
@ -585,7 +633,7 @@ func (d DeleteReplication) IsEmpty() bool {

 // ReplicaModifications specifies if replica modification sync is enabled
 type ReplicaModifications struct {
-	Status Status `xml:"Status" json:"Status"`
+	Status Status `xml:"Status" json:"Status"` // should be set to "Enabled" by default
 }

 // SourceSelectionCriteria - specifies additional source selection criteria in ReplicationConfiguration.
@ -604,7 +652,45 @@ func (s SourceSelectionCriteria) Validate() error {
 		return nil
 	}
 	if !s.IsValid() {
-		return fmt.Errorf("Invalid ReplicaModification status")
+		return fmt.Errorf("invalid ReplicaModification status")
 	}
 	return nil
 }
+
+// ExistingObjectReplication - whether existing object replication is enabled
+type ExistingObjectReplication struct {
+	Status Status `xml:"Status"` // should be set to "Disabled" by default
+}
+
+// IsEmpty returns true if DeleteMarkerReplication is not set
+func (e ExistingObjectReplication) IsEmpty() bool {
+	return len(e.Status) == 0
+}
+
+// Validate validates whether the status is disabled.
+func (e ExistingObjectReplication) Validate() error {
+	if e.IsEmpty() {
+		return nil
+	}
+	if e.Status != Disabled && e.Status != Enabled {
+		return fmt.Errorf("invalid ExistingObjectReplication status")
+	}
+	return nil
+}
+
+// Metrics represents inline replication metrics
+// such as pending, failed and completed bytes in total for a bucket
+type Metrics struct {
+	// Pending size in bytes
+	PendingSize uint64 `json:"pendingReplicationSize"`
+	// Completed size in bytes
+	ReplicatedSize uint64 `json:"completedReplicationSize"`
+	// Total Replica size in bytes
+	ReplicaSize uint64 `json:"replicaSize"`
+	// Failed size in bytes
+	FailedSize uint64 `json:"failedReplicationSize"`
+	// Total number of pending operations including metadata updates
+	PendingCount uint64 `json:"pendingReplicationCount"`
+	// Total number of failed operations including metadata updates
+	FailedCount uint64 `json:"failedReplicationCount"`
+}