From 57a844636696311bc9387e83a04210908be2ff66 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Sun, 24 Aug 2025 08:25:57 +0000 Subject: [PATCH] fix(deps): update github.com/openshift/library-go digest to cf85180 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 +- .../pkg/operator/certrotation/annotations.go | 39 ++++++++++++---- .../client_cert_rotation_controller.go | 18 +++++++- .../pkg/operator/certrotation/metadata.go | 2 +- .../pkg/operator/certrotation/signer.go | 44 ++++++++++++++----- .../pkg/operator/certrotation/target.go | 44 ++++++++++++++----- .../resource/resourceapply/storage.go | 3 ++ vendor/modules.txt | 2 +- 9 files changed, 121 insertions(+), 37 deletions(-) diff --git a/go.mod b/go.mod index e887bece1..d3e0350de 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/openshift/api v0.0.0-20250710082954-674ad74beffc github.com/openshift/build-machinery-go v0.0.0-20250602125535-1b6d00b8c37c github.com/openshift/client-go v0.0.0-20250710075018-396b36f983ee - github.com/openshift/library-go v0.0.0-20250711143941-47604345e7ea + github.com/openshift/library-go v0.0.0-20250818065802-cf8518058622 github.com/prometheus/client_golang v1.22.0 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 diff --git a/go.sum b/go.sum index c5bd9cb27..5896527d1 100644 --- a/go.sum +++ b/go.sum @@ -170,8 +170,8 @@ github.com/openshift/build-machinery-go v0.0.0-20250602125535-1b6d00b8c37c h1:gJ github.com/openshift/build-machinery-go v0.0.0-20250602125535-1b6d00b8c37c/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE= github.com/openshift/client-go v0.0.0-20250710075018-396b36f983ee h1:tOtrrxfDEW8hK3eEsHqxsXurq/D6LcINGfprkQC3hqY= github.com/openshift/client-go v0.0.0-20250710075018-396b36f983ee/go.mod h1:zhRiYyNMk89llof2qEuGPWPD+joQPhCRUc2IK0SB510= -github.com/openshift/library-go v0.0.0-20250711143941-47604345e7ea h1:0BNis5UGo5Z7J9GtRY1nw/pt8hWxIZqvfqnqH3eV5cs= -github.com/openshift/library-go v0.0.0-20250711143941-47604345e7ea/go.mod h1:tptKNust9MdRI0p90DoBSPHIrBa9oh+Rok59tF0vT8c= +github.com/openshift/library-go v0.0.0-20250818065802-cf8518058622 h1:IUs2XpDgkCQIIAPCVnHEjIUYiq0dvVskD/ekof7+XjQ= +github.com/openshift/library-go v0.0.0-20250818065802-cf8518058622/go.mod h1:tptKNust9MdRI0p90DoBSPHIrBa9oh+Rok59tF0vT8c= github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/annotations.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/annotations.go index 5487ec039..3c051c88e 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/annotations.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/annotations.go @@ -16,9 +16,13 @@ const ( CertificateIssuer = "auth.openshift.io/certificate-issuer" // CertificateHostnames contains the hostnames used by a signer. CertificateHostnames = "auth.openshift.io/certificate-hostnames" - // AutoRegenerateAfterOfflineExpiryAnnotation contains a link to PR and an e2e test name which verifies + // CertificateTestNameAnnotation is an e2e test name which verifies that TLS artifact is created and used correctly + CertificateTestNameAnnotation string = "certificates.openshift.io/test-name" + // CertificateAutoRegenerateAfterOfflineExpiryAnnotation contains a link to PR adding this annotation which verifies // that TLS artifact is correctly regenerated after it has expired - AutoRegenerateAfterOfflineExpiryAnnotation string = "certificates.openshift.io/auto-regenerate-after-offline-expiry" + CertificateAutoRegenerateAfterOfflineExpiryAnnotation string = "certificates.openshift.io/auto-regenerate-after-offline-expiry" + // CertificateRefreshPeriodAnnotation is the interval at which the certificate should be refreshed. + CertificateRefreshPeriodAnnotation string = "certificates.openshift.io/refresh-period" ) type AdditionalAnnotations struct { @@ -26,13 +30,16 @@ type AdditionalAnnotations struct { JiraComponent string // Description is a human-readable one sentence description of certificate purpose Description string - // AutoRegenerateAfterOfflineExpiry contains a link to PR and an e2e test name which verifies - // that TLS artifact is correctly regenerated after it has expired + // TestName is an e2e test name which verifies that TLS artifact is created and used correctly + TestName string + // AutoRegenerateAfterOfflineExpiry contains a link to PR which adds this annotation on the TLS artifact AutoRegenerateAfterOfflineExpiry string // NotBefore contains certificate the certificate creation date in RFC3339 format. NotBefore string // NotAfter contains certificate the certificate validity date in RFC3339 format. NotAfter string + // RefreshPeriod contains the interval at which the certificate should be refreshed. + RefreshPeriod string } func (a AdditionalAnnotations) EnsureTLSMetadataUpdate(meta *metav1.ObjectMeta) bool { @@ -52,20 +59,36 @@ func (a AdditionalAnnotations) EnsureTLSMetadataUpdate(meta *metav1.ObjectMeta) meta.Annotations[annotations.OpenShiftDescription] = a.Description modified = true } - if len(a.AutoRegenerateAfterOfflineExpiry) > 0 && meta.Annotations[AutoRegenerateAfterOfflineExpiryAnnotation] != a.AutoRegenerateAfterOfflineExpiry { - diff := cmp.Diff(meta.Annotations[AutoRegenerateAfterOfflineExpiryAnnotation], a.AutoRegenerateAfterOfflineExpiry) - klog.V(2).Infof("Updating %q annotation for %s/%s, diff: %s", AutoRegenerateAfterOfflineExpiryAnnotation, meta.Namespace, meta.Name, diff) - meta.Annotations[AutoRegenerateAfterOfflineExpiryAnnotation] = a.AutoRegenerateAfterOfflineExpiry + if len(a.TestName) > 0 && meta.Annotations[CertificateTestNameAnnotation] != a.TestName { + diff := cmp.Diff(meta.Annotations[CertificateTestNameAnnotation], a.TestName) + klog.V(2).Infof("Updating %q annotation for %s/%s, diff: %s", CertificateTestNameAnnotation, meta.Name, meta.Namespace, diff) + meta.Annotations[CertificateTestNameAnnotation] = a.TestName + modified = true + } + if len(a.AutoRegenerateAfterOfflineExpiry) > 0 && meta.Annotations[CertificateAutoRegenerateAfterOfflineExpiryAnnotation] != a.AutoRegenerateAfterOfflineExpiry { + diff := cmp.Diff(meta.Annotations[CertificateAutoRegenerateAfterOfflineExpiryAnnotation], a.AutoRegenerateAfterOfflineExpiry) + klog.V(2).Infof("Updating %q annotation for %s/%s, diff: %s", CertificateAutoRegenerateAfterOfflineExpiryAnnotation, meta.Namespace, meta.Name, diff) + meta.Annotations[CertificateAutoRegenerateAfterOfflineExpiryAnnotation] = a.AutoRegenerateAfterOfflineExpiry modified = true } if len(a.NotBefore) > 0 && meta.Annotations[CertificateNotBeforeAnnotation] != a.NotBefore { + diff := cmp.Diff(meta.Annotations[CertificateNotBeforeAnnotation], a.NotBefore) + klog.V(2).Infof("Updating %q annotation for %s/%s, diff: %s", CertificateNotBeforeAnnotation, meta.Name, meta.Namespace, diff) meta.Annotations[CertificateNotBeforeAnnotation] = a.NotBefore modified = true } if len(a.NotAfter) > 0 && meta.Annotations[CertificateNotAfterAnnotation] != a.NotAfter { + diff := cmp.Diff(meta.Annotations[CertificateNotAfterAnnotation], a.NotAfter) + klog.V(2).Infof("Updating %q annotation for %s/%s, diff: %s", CertificateNotAfterAnnotation, meta.Name, meta.Namespace, diff) meta.Annotations[CertificateNotAfterAnnotation] = a.NotAfter modified = true } + if len(a.RefreshPeriod) > 0 && meta.Annotations[CertificateRefreshPeriodAnnotation] != a.RefreshPeriod { + diff := cmp.Diff(meta.Annotations[CertificateRefreshPeriodAnnotation], a.RefreshPeriod) + klog.V(2).Infof("Updating %q annotation for %s/%s, diff: %s", CertificateRefreshPeriodAnnotation, meta.Name, meta.Namespace, diff) + meta.Annotations[CertificateRefreshPeriodAnnotation] = a.RefreshPeriod + modified = true + } return modified } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go index 0d6ffe673..06441f37e 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go @@ -6,6 +6,7 @@ import ( "time" operatorv1 "github.com/openshift/api/operator/v1" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/wait" "github.com/openshift/library-go/pkg/controller/factory" @@ -82,7 +83,22 @@ func NewCertRotationController( return factory.New(). ResyncEvery(time.Minute). WithSync(c.Sync). - WithInformers( + WithFilteredEventsInformers( + func(obj interface{}) bool { + if cm, ok := obj.(*corev1.ConfigMap); ok { + return cm.Namespace == caBundleConfigMap.Namespace && cm.Name == caBundleConfigMap.Name + } + if secret, ok := obj.(*corev1.Secret); ok { + if secret.Namespace == rotatedSigningCASecret.Namespace && secret.Name == rotatedSigningCASecret.Name { + return true + } + if secret.Namespace == rotatedSelfSignedCertKeySecret.Namespace && secret.Name == rotatedSelfSignedCertKeySecret.Name { + return true + } + return false + } + return true + }, rotatedSigningCASecret.Informer.Informer(), caBundleConfigMap.Informer.Informer(), rotatedSelfSignedCertKeySecret.Informer.Informer(), diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/metadata.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/metadata.go index f64bde8fe..1764a6355 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/metadata.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/metadata.go @@ -5,7 +5,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -func ensureMetadataUpdate(secret *corev1.Secret, owner *metav1.OwnerReference, additionalAnnotations AdditionalAnnotations) bool { +func ensureOwnerRefAndTLSAnnotations(secret *corev1.Secret, owner *metav1.OwnerReference, additionalAnnotations AdditionalAnnotations) bool { needsMetadataUpdate := false // no ownerReference set if owner != nil { diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go index c2b300858..1cb4e5554 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go @@ -80,7 +80,7 @@ func (c RotatedSigningCASecret) EnsureSigningCertKeyPair(ctx context.Context) (* // run Update if metadata needs changing unless we're in RefreshOnlyWhenExpired mode if !c.RefreshOnlyWhenExpired { - needsMetadataUpdate := ensureMetadataUpdate(signingCertKeyPairSecret, c.Owner, c.AdditionalAnnotations) + needsMetadataUpdate := ensureOwnerRefAndTLSAnnotations(signingCertKeyPairSecret, c.Owner, c.AdditionalAnnotations) needsTypeChange := ensureSecretTLSTypeSet(signingCertKeyPairSecret) updateRequired = needsMetadataUpdate || needsTypeChange } @@ -92,7 +92,7 @@ func (c RotatedSigningCASecret) EnsureSigningCertKeyPair(ctx context.Context) (* reason = "secret doesn't exist" } c.EventRecorder.Eventf("SignerUpdateRequired", "%q in %q requires a new signing cert/key pair: %v", c.Name, c.Namespace, reason) - if err := setSigningCertKeyPairSecret(signingCertKeyPairSecret, c.Validity, c.AdditionalAnnotations); err != nil { + if err = setSigningCertKeyPairSecretAndTLSAnnotations(signingCertKeyPairSecret, c.Validity, c.Refresh, c.AdditionalAnnotations); err != nil { return nil, false, err } @@ -199,18 +199,30 @@ func getValidityFromAnnotations(annotations map[string]string) (notBefore time.T return notBefore, notAfter, "" } +// setSigningCertKeyPairSecretAndTLSAnnotations generates a new signing certificate and key pair, +// stores them in the specified secret, and adds predefined TLS annotations to that secret. +func setSigningCertKeyPairSecretAndTLSAnnotations(signingCertKeyPairSecret *corev1.Secret, validity, refresh time.Duration, tlsAnnotations AdditionalAnnotations) error { + ca, err := setSigningCertKeyPairSecret(signingCertKeyPairSecret, validity) + if err != nil { + return err + } + + setTLSAnnotationsOnSigningCertKeyPairSecret(signingCertKeyPairSecret, ca, refresh, tlsAnnotations) + return nil +} + // setSigningCertKeyPairSecret creates a new signing cert/key pair and sets them in the secret -func setSigningCertKeyPairSecret(signingCertKeyPairSecret *corev1.Secret, validity time.Duration, annotations AdditionalAnnotations) error { +func setSigningCertKeyPairSecret(signingCertKeyPairSecret *corev1.Secret, validity time.Duration) (*crypto.TLSCertificateConfig, error) { signerName := fmt.Sprintf("%s_%s@%d", signingCertKeyPairSecret.Namespace, signingCertKeyPairSecret.Name, time.Now().Unix()) ca, err := crypto.MakeSelfSignedCAConfigForDuration(signerName, validity) if err != nil { - return err + return nil, err } certBytes := &bytes.Buffer{} keyBytes := &bytes.Buffer{} - if err := ca.WriteCertConfig(certBytes, keyBytes); err != nil { - return err + if err = ca.WriteCertConfig(certBytes, keyBytes); err != nil { + return nil, err } if signingCertKeyPairSecret.Annotations == nil { @@ -221,11 +233,21 @@ func setSigningCertKeyPairSecret(signingCertKeyPairSecret *corev1.Secret, validi } signingCertKeyPairSecret.Data["tls.crt"] = certBytes.Bytes() signingCertKeyPairSecret.Data["tls.key"] = keyBytes.Bytes() - annotations.NotBefore = ca.Certs[0].NotBefore.Format(time.RFC3339) - annotations.NotAfter = ca.Certs[0].NotAfter.Format(time.RFC3339) - signingCertKeyPairSecret.Annotations[CertificateIssuer] = ca.Certs[0].Issuer.CommonName + return ca, nil +} - _ = annotations.EnsureTLSMetadataUpdate(&signingCertKeyPairSecret.ObjectMeta) +// setTLSAnnotationsOnSigningCertKeyPairSecret applies predefined TLS annotations to the given secret. +// +// This function does not perform nil checks on its parameters and assumes that the +// secret's Annotations field has already been initialized. +// +// These assumptions are safe because this function is only called after the secret +// has been initialized in setSigningCertKeyPairSecret. +func setTLSAnnotationsOnSigningCertKeyPairSecret(signingCertKeyPairSecret *corev1.Secret, ca *crypto.TLSCertificateConfig, refresh time.Duration, tlsAnnotations AdditionalAnnotations) { + signingCertKeyPairSecret.Annotations[CertificateIssuer] = ca.Certs[0].Issuer.CommonName - return nil + tlsAnnotations.NotBefore = ca.Certs[0].NotBefore.Format(time.RFC3339) + tlsAnnotations.NotAfter = ca.Certs[0].NotAfter.Format(time.RFC3339) + tlsAnnotations.RefreshPeriod = refresh.String() + _ = tlsAnnotations.EnsureTLSMetadataUpdate(&signingCertKeyPairSecret.ObjectMeta) } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go index 71a568ad4..94ed01d7f 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go @@ -114,14 +114,14 @@ func (c RotatedSelfSignedCertKeySecret) EnsureTargetCertKeyPair(ctx context.Cont // run Update if metadata needs changing unless we're in RefreshOnlyWhenExpired mode if !c.RefreshOnlyWhenExpired { - needsMetadataUpdate := ensureMetadataUpdate(targetCertKeyPairSecret, c.Owner, c.AdditionalAnnotations) + needsMetadataUpdate := ensureOwnerRefAndTLSAnnotations(targetCertKeyPairSecret, c.Owner, c.AdditionalAnnotations) needsTypeChange := ensureSecretTLSTypeSet(targetCertKeyPairSecret) updateRequired = needsMetadataUpdate || needsTypeChange } if reason := c.CertCreator.NeedNewTargetCertKeyPair(targetCertKeyPairSecret, signingCertKeyPair, caBundleCerts, c.Refresh, c.RefreshOnlyWhenExpired, creationRequired); len(reason) > 0 { c.EventRecorder.Eventf("TargetUpdateRequired", "%q in %q requires a new target cert/key pair: %v", c.Name, c.Namespace, reason) - if err := setTargetCertKeyPairSecret(targetCertKeyPairSecret, c.Validity, signingCertKeyPair, c.CertCreator, c.AdditionalAnnotations); err != nil { + if err = setTargetCertKeyPairSecretAndTLSAnnotations(targetCertKeyPairSecret, c.Validity, c.Refresh, signingCertKeyPair, c.CertCreator, c.AdditionalAnnotations); err != nil { return nil, err } @@ -232,9 +232,21 @@ func needNewTargetCertKeyPairForTime(annotations map[string]string, signer *cryp return "" } +// setTargetCertKeyPairSecretAndTLSAnnotations generates a new cert/key pair, +// stores them in the specified secret, and adds predefined TLS annotations to that secret. +func setTargetCertKeyPairSecretAndTLSAnnotations(targetCertKeyPairSecret *corev1.Secret, validity, refresh time.Duration, signer *crypto.CA, certCreator TargetCertCreator, tlsAnnotations AdditionalAnnotations) error { + certKeyPair, err := setTargetCertKeyPairSecret(targetCertKeyPairSecret, validity, signer, certCreator) + if err != nil { + return err + } + + setTLSAnnotationsOnTargetCertKeyPairSecret(targetCertKeyPairSecret, certKeyPair, certCreator, refresh, tlsAnnotations) + return nil +} + // setTargetCertKeyPairSecret creates a new cert/key pair and sets them in the secret. Only one of client, serving, or signer rotation may be specified. // TODO refactor with an interface for actually signing and move the one-of check higher in the stack. -func setTargetCertKeyPairSecret(targetCertKeyPairSecret *corev1.Secret, validity time.Duration, signer *crypto.CA, certCreator TargetCertCreator, annotations AdditionalAnnotations) error { +func setTargetCertKeyPairSecret(targetCertKeyPairSecret *corev1.Secret, validity time.Duration, signer *crypto.CA, certCreator TargetCertCreator) (*crypto.TLSCertificateConfig, error) { if targetCertKeyPairSecret.Annotations == nil { targetCertKeyPairSecret.Annotations = map[string]string{} } @@ -251,21 +263,29 @@ func setTargetCertKeyPairSecret(targetCertKeyPairSecret *corev1.Secret, validity certKeyPair, err := certCreator.NewCertificate(signer, targetValidity) if err != nil { - return err + return nil, err } targetCertKeyPairSecret.Data["tls.crt"], targetCertKeyPairSecret.Data["tls.key"], err = certKeyPair.GetPEMBytes() - if err != nil { - return err - } - annotations.NotBefore = certKeyPair.Certs[0].NotBefore.Format(time.RFC3339) - annotations.NotAfter = certKeyPair.Certs[0].NotAfter.Format(time.RFC3339) + return certKeyPair, err +} + +// setTLSAnnotationsOnTargetCertKeyPairSecret applies predefined TLS annotations to the given secret. +// +// This function does not perform nil checks on its parameters and assumes that the +// secret's Annotations field has already been initialized. +// +// These assumptions are safe because this function is only called after the secret +// has been initialized in setTargetCertKeyPairSecret. +func setTLSAnnotationsOnTargetCertKeyPairSecret(targetCertKeyPairSecret *corev1.Secret, certKeyPair *crypto.TLSCertificateConfig, certCreator TargetCertCreator, refresh time.Duration, tlsAnnotations AdditionalAnnotations) { targetCertKeyPairSecret.Annotations[CertificateIssuer] = certKeyPair.Certs[0].Issuer.CommonName - _ = annotations.EnsureTLSMetadataUpdate(&targetCertKeyPairSecret.ObjectMeta) - certCreator.SetAnnotations(certKeyPair, targetCertKeyPairSecret.Annotations) + tlsAnnotations.NotBefore = certKeyPair.Certs[0].NotBefore.Format(time.RFC3339) + tlsAnnotations.NotAfter = certKeyPair.Certs[0].NotAfter.Format(time.RFC3339) + tlsAnnotations.RefreshPeriod = refresh.String() + _ = tlsAnnotations.EnsureTLSMetadataUpdate(&targetCertKeyPairSecret.ObjectMeta) - return nil + certCreator.SetAnnotations(certKeyPair, targetCertKeyPairSecret.Annotations) } type ClientRotation struct { diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/storage.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/storage.go index 3199d2db0..d44a5d571 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/storage.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/storage.go @@ -142,6 +142,9 @@ func ApplyCSIDriver(ctx context.Context, client storageclientv1.CSIDriversGetter if required.Annotations == nil { required.Annotations = map[string]string{} } + if required.Labels == nil { + required.Labels = map[string]string{} + } if err := SetSpecHashAnnotation(&required.ObjectMeta, required.Spec); err != nil { return nil, false, err } diff --git a/vendor/modules.txt b/vendor/modules.txt index 150535013..86f810c0b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -313,7 +313,7 @@ github.com/openshift/client-go/route/informers/externalversions/internalinterfac github.com/openshift/client-go/route/informers/externalversions/route github.com/openshift/client-go/route/informers/externalversions/route/v1 github.com/openshift/client-go/route/listers/route/v1 -# github.com/openshift/library-go v0.0.0-20250711143941-47604345e7ea +# github.com/openshift/library-go v0.0.0-20250818065802-cf8518058622 ## explicit; go 1.24.0 github.com/openshift/library-go/pkg/apiserver/jsonpatch github.com/openshift/library-go/pkg/authorization/hardcodedauthorizer