Merge pull request #40 from kubevirt-ui/main

update

Author: metalice

.github/workflows/ci_checks.yml

@@ -13,13 +13,14 @@ jobs:
     name: build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
         with:
-          go-version: '1.23.0'
-          
+          go-version-file:
+            go.mod
+
       - name: Build
         run: go build .
       - name: Run Unit Tests
-        run: go test .
+        run: go test ./...
 

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.23
+FROM golang:1.24
 
 COPY . /app
 WORKDIR /app

config/config.go

@@ -0,0 +1,62 @@
+package config
+
+import (
+	"flag"
+	"fmt"
+	"math"
+	"strconv"
+	"strings"
+)
+
+type Config struct {
+	TLS TLSConfig
+}
+
+type TLSConfig struct {
+	minTLSVersion   uint16
+	tlsCipherSuites []uint16
+}
+
+var (
+	minTLSVersionFlag   = flag.Uint("tls-min-version", 0, "The minimum TLS version to use")
+	tlsCipherSuitesFlag = flag.String("tls-cipher-suites", "", "A comma-separated list of cipher suites to use")
+)
+
+func GetConfig() (*Config, error) {
+	cfg := &Config{}
+
+	if *minTLSVersionFlag > 0 {
+		if *minTLSVersionFlag > math.MaxUint16 {
+			return nil, fmt.Errorf("the --tls-min-version flag is with a wrong value:  %d is lager than the max allowed value of %d", *minTLSVersionFlag, math.MaxUint16)
+		}
+
+		cfg.TLS.minTLSVersion = uint16(*minTLSVersionFlag)
+	}
+
+	if *tlsCipherSuitesFlag != "" {
+		ciphers := strings.Split(*tlsCipherSuitesFlag, ",")
+		tlsCipherSuites := make([]uint16, 0, len(ciphers))
+
+		for _, cipherStr := range ciphers {
+			cipherStr = strings.TrimSpace(cipherStr)
+			cipher, err := strconv.ParseUint(cipherStr, 10, 16)
+			if err != nil {
+				return nil, fmt.Errorf("can't parse cipher %q; %w", cipherStr, err)
+			}
+
+			tlsCipherSuites = append(tlsCipherSuites, uint16(cipher))
+		}
+
+		cfg.TLS.tlsCipherSuites = tlsCipherSuites
+	}
+
+	return cfg, nil
+}
+
+func (cfg *Config) GetMinTLSVersion() uint16 {
+	return cfg.TLS.minTLSVersion
+}
+
+func (cfg *Config) GetTLSCipherSuites() []uint16 {
+	return cfg.TLS.tlsCipherSuites
+}

config/config_test.go

@@ -0,0 +1,148 @@
+package config
+
+import (
+	"flag"
+	"fmt"
+	"math"
+	"reflect"
+	"testing"
+)
+
+func TestGetTLSCipherSuites(t *testing.T) {
+	for _, tc := range []struct {
+		name    string
+		flagVal string
+		want    []uint16
+	}{
+		{name: "valid input", flagVal: "1,2,3,4", want: []uint16{1, 2, 3, 4}},
+		{name: "no flag", flagVal: "", want: nil},
+		{name: "max val", flagVal: fmt.Sprintf("%d", math.MaxUint16), want: []uint16{math.MaxUint16}},
+	} {
+		t.Run(tc.flagVal, func(t *testing.T) {
+			err := setFlags("0", tc.flagVal)
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			cfg, err := GetConfig()
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			if got, want := cfg.GetTLSCipherSuites(), tc.want; !reflect.DeepEqual(got, want) {
+				t.Errorf("GetTLSCipherSuites() = %v, want %v", got, want)
+			}
+		})
+	}
+}
+
+func TestWrongGetTLSCipherSuites_tooLarge(t *testing.T) {
+	err := setFlags("0", fmt.Sprintf("%d", math.MaxUint16+1))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = GetConfig()
+	if err == nil {
+		t.Fatal("error should have errored")
+	}
+
+	t.Logf("got expected error: %v", err)
+}
+
+func TestWrongGetTLSCipherSuites_negative(t *testing.T) {
+	err := setFlags("0", "-42")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = GetConfig()
+	if err == nil {
+		t.Fatal("error should have errored")
+	}
+
+	t.Logf("got expected error: %v", err)
+}
+
+func TestWrongGetTLSCipherSuites_notNum(t *testing.T) {
+	err := setFlags("0", "not a number")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = GetConfig()
+	if err == nil {
+		t.Fatal("error should have errored")
+	}
+
+	t.Logf("got expected error: %v", err)
+}
+
+func TestWrongGetTLSCipherSuites_float(t *testing.T) {
+	err := setFlags("0", "1.42")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = GetConfig()
+	if err == nil {
+		t.Fatal("error should have errored")
+	}
+
+	t.Logf("got expected error: %v", err)
+}
+
+func TestGetMinTLSVersion(t *testing.T) {
+	for _, tc := range []struct {
+		name    string
+		flagVal string
+		want    uint16
+	}{
+		{name: "valid input", flagVal: "42", want: 42},
+		{name: "no flag", flagVal: "0", want: 0},
+		{name: "max val", flagVal: fmt.Sprintf("%d", math.MaxUint16), want: math.MaxUint16},
+	} {
+		t.Run(tc.flagVal, func(t *testing.T) {
+			err := setFlags(tc.flagVal, "")
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			cfg, err := GetConfig()
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			if got, want := cfg.GetMinTLSVersion(), tc.want; !reflect.DeepEqual(got, want) {
+				t.Errorf("GetMinTLSVersion() = %d, want %d", got, want)
+			}
+		})
+	}
+}
+
+func TestWrongGetMinTLSVersion_tooLarge(t *testing.T) {
+	err := setFlags(fmt.Sprintf("%d", math.MaxUint16+1), "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = GetConfig()
+	if err == nil {
+		t.Fatal("error should have errored")
+	}
+
+	t.Logf("got expected error: %v", err)
+}
+
+func setFlags(minVer, ciphers string) error {
+	err := flag.Set("tls-min-version", minVer)
+	if err != nil {
+		return err
+	}
+	err = flag.Set("tls-cipher-suites", ciphers)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}

go.mod

@@ -1,49 +1,50 @@
 module github.com/kubevirt-ui/kubevirt-apiserver-proxy
 
-go 1.23.0
-
-toolchain go1.23.4
+go 1.24.0
 
 require (
-	github.com/chenyahui/gin-cache v1.8.1
-	github.com/gin-contrib/gzip v0.0.6
-	github.com/gin-gonic/gin v1.9.1
-	github.com/gorilla/websocket v1.5.0
-	github.com/tidwall/gjson v1.14.4
-	golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df
+	github.com/chenyahui/gin-cache v1.10.0
+	github.com/gin-contrib/gzip v1.2.5
+	github.com/gin-gonic/gin v1.11.0
+	github.com/gorilla/websocket v1.5.3
+	github.com/tidwall/gjson v1.18.0
+	golang.org/x/exp v0.0.0-20260112195511-716be5621a96
 )
 
 require (
-	github.com/bytedance/sonic v1.10.0-rc3 // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
-	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
-	github.com/chenzhuoyu/iasm v0.9.0 // indirect
+	github.com/bytedance/gopkg v0.1.3 // indirect
+	github.com/bytedance/sonic v1.14.2 // indirect
+	github.com/bytedance/sonic/loader v0.4.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
-	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
-	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.12 // indirect
+	github.com/gin-contrib/sse v1.1.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.14.1 // indirect
+	github.com/go-playground/validator/v10 v10.30.1 // indirect
 	github.com/go-redis/redis/v8 v8.11.5 // indirect
-	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/goccy/go-json v0.10.5 // indirect
+	github.com/goccy/go-yaml v1.19.2 // indirect
 	github.com/jellydator/ttlcache/v2 v2.11.1 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
-	github.com/leodido/go-urn v1.2.4 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.9 // indirect
-	github.com/tidwall/match v1.1.1 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
+	github.com/quic-go/qpack v0.6.0 // indirect
+	github.com/quic-go/quic-go v0.59.0 // indirect
+	github.com/tidwall/match v1.2.0 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/ugorji/go/codec v1.2.11 // indirect
-	golang.org/x/arch v0.4.0 // indirect
-	golang.org/x/crypto v0.36.0 // indirect
-	golang.org/x/net v0.37.0 // indirect
-	golang.org/x/sync v0.12.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
+	github.com/ugorji/go/codec v1.3.1 // indirect
+	golang.org/x/arch v0.23.0 // indirect
+	golang.org/x/crypto v0.47.0 // indirect
+	golang.org/x/net v0.49.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.40.0 // indirect
+	golang.org/x/text v0.33.0 // indirect
+	google.golang.org/protobuf v1.36.11 // indirect
 )