[Snyk] Security upgrade @kubernetes/client-node from 0.22.3 to 1.0.0

package.json

@@ -35,7 +35,7 @@
   },
   "dependencies": {
     "@aws-sdk/client-ecr": "^3.817.0",
-    "@kubernetes/client-node": "^0.22.3",
+    "@kubernetes/client-node": "^1.0.0",
     "@snyk/dep-graph": "^2.9.0",
     "async": "^3.2.6",
     "bunyan": "^1.8.15",

src/supervisor/agent.ts

@@ -21,10 +21,10 @@ async function getSnykMonitorDeploymentUid(
 ): Promise<string | undefined> {
   try {
     const attemptedApiCall = await retryKubernetesApiRequestIndefinitely(
-      () => k8sApi.appsClient.readNamespacedDeployment(name, namespace),
+      () => k8sApi.appsClient.readNamespacedDeployment({ name, namespace }),
       config.MAX_RETRY_BACKOFF_DURATION_SECONDS,
     );
-    return attemptedApiCall.body.metadata?.uid;
+    return attemptedApiCall.metadata?.uid;
   } catch (error) {
     logger.error(
       { error, namespace, deploymentName: name },

src/supervisor/watchers/handlers/argo-rollout.ts

@@ -1,4 +1,3 @@
-import { IncomingMessage } from 'http';
 import { deleteWorkload } from './workload';
 import { WorkloadKind } from '../../types';
 import {
@@ -20,10 +19,7 @@ import { trimWorkload } from '../../workload-sanitization';
 
 export async function paginatedNamespacedArgoRolloutList(
   namespace: string,
-): Promise<{
-  response: IncomingMessage;
-  body: V1alpha1RolloutList;
-}> {
+): Promise<V1alpha1RolloutList> {
   const rolloutList = new V1alpha1RolloutList();
   rolloutList.apiVersion = 'argoproj.io/v1alpha1';
   rolloutList.kind = 'RolloutList';
@@ -32,26 +28,26 @@ export async function paginatedNamespacedArgoRolloutList(
   return await paginatedNamespacedList(
     namespace,
     rolloutList,
-    async (
-      namespace: string,
-      pretty?: string,
-      _allowWatchBookmarks?: boolean,
-      _continue?: string,
-      fieldSelector?: string,
-      labelSelector?: string,
-      limit?: number,
-    ) =>
-      k8sApi.customObjectsClient.listNamespacedCustomObject(
-        'argoproj.io',
-        'v1alpha1',
-        namespace,
-        'rollouts',
-        pretty,
-        false,
-        _continue,
-        fieldSelector,
-        labelSelector,
-        limit,
+    async (batchRequest: {
+      namespace: string;
+      pretty?: string;
+      _allowWatchBookmarks?: boolean;
+      _continue?: string;
+      fieldSelector?: string;
+      labelSelector?: string;
+      limit?: number;
+    }) =>
+      k8sApi.customObjectsClient.listNamespacedCustomObject({
+        group: 'argoproj.io',
+        version: 'v1alpha1',
+        namespace: namespace,
+        plural: 'rollouts',
+        pretty: batchRequest.pretty,
+        allowWatchBookmarks: false,
+        _continue: batchRequest._continue,
+        fieldSelector: batchRequest.fieldSelector,
+        labelSelector: batchRequest.labelSelector,
+        limit: batchRequest.limit,
         /**
          * The K8s client's listNamespacedCustomObject() doesn't allow to specify
          * the type of the response body and returns the generic "object" type,
@@ -61,40 +57,37 @@ export async function paginatedNamespacedArgoRolloutList(
          * Type 'Promise<{ response: IncomingMessage; ***body: object;*** }>' is not assignable to type
          * 'Promise<{ response: IncomingMessage; ***body: KubernetesListObject<...>;*** }>'
          */
-      ) as any,
+      }) as any,
   );
 }
 
-export async function paginatedClusterArgoRolloutList(): Promise<{
-  response: IncomingMessage;
-  body: V1alpha1RolloutList;
-}> {
+export async function paginatedClusterArgoRolloutList(): Promise<V1alpha1RolloutList> {
   const rolloutList = new V1alpha1RolloutList();
   rolloutList.apiVersion = 'argoproj.io/v1';
   rolloutList.kind = 'RolloutList';
   rolloutList.items = new Array<V1alpha1Rollout>();
 
   return await paginatedClusterList(
     rolloutList,
-    async (
-      _allowWatchBookmarks?: boolean,
-      _continue?: string,
-      fieldSelector?: string,
-      labelSelector?: string,
-      limit?: number,
-      pretty?: string,
-    ) =>
-      k8sApi.customObjectsClient.listClusterCustomObject(
-        'argoproj.io',
-        'v1alpha1',
-        'rollouts',
-        pretty,
-        false,
-        _continue,
-        fieldSelector,
-        labelSelector,
-        limit,
-      ) as any,
+    async (clusterRequest: {
+      _allowWatchBookmarks?: boolean;
+      _continue?: string;
+      fieldSelector?: string;
+      labelSelector?: string;
+      limit?: number;
+      pretty?: string;
+    }) =>
+      k8sApi.customObjectsClient.listClusterCustomObject({
+        group: 'argoproj.io',
+        version: 'v1alpha1',
+        plural: 'rollouts',
+        pretty: clusterRequest.pretty,
+        allowWatchBookmarks: false,
+        _continue: clusterRequest._continue,
+        fieldSelector: clusterRequest.fieldSelector,
+        labelSelector: clusterRequest.labelSelector,
+        limit: clusterRequest.limit,
+      }) as any,
   );
 }
 
@@ -109,23 +102,32 @@ export async function argoRolloutWatchHandler(
       // Perform lookup for known supported kinds: https://github.com/argoproj/argo-rollouts/blob/master/rollout/templateref.go#L40-L52
       case 'Deployment': {
         const deployResult = await retryKubernetesApiRequest(() =>
-          k8sApi.appsClient.readNamespacedDeployment(workloadName, namespace),
+          k8sApi.appsClient.readNamespacedDeployment({
+            name: workloadName,
+            namespace,
+          }),
         );
-        rollout.spec.template = deployResult.body.spec?.template;
+        rollout.spec.template = deployResult.spec?.template;
         break;
       }
       case 'ReplicaSet': {
         const replicaSetResult = await retryKubernetesApiRequest(() =>
-          k8sApi.appsClient.readNamespacedReplicaSet(workloadName, namespace),
+          k8sApi.appsClient.readNamespacedReplicaSet({
+            name: workloadName,
+            namespace,
+          }),
         );
-        rollout.spec.template = replicaSetResult.body.spec?.template;
+        rollout.spec.template = replicaSetResult.spec?.template;
         break;
       }
       case 'PodTemplate': {
         const podTemplateResult = await retryKubernetesApiRequest(() =>
-          k8sApi.coreClient.readNamespacedPodTemplate(workloadName, namespace),
+          k8sApi.coreClient.readNamespacedPodTemplate({
+            name: workloadName,
+            namespace,
+          }),
         );
-        rollout.spec.template = podTemplateResult.body.template;
+        rollout.spec.template = podTemplateResult.template;
         break;
       }
       default:
@@ -186,21 +188,20 @@ export async function isNamespacedArgoRolloutSupported(
     const resourceVersion = undefined; // List anything in the cluster
     const timeoutSeconds = 10; // Don't block the snyk-monitor indefinitely
     const attemptedApiCall = await retryKubernetesApiRequest(() =>
-      k8sApi.customObjectsClient.listNamespacedCustomObject(
-        'argoproj.io',
-        'v1alpha1',
-        namespace,
-        'rollouts',
-        pretty,
-        false,
-        continueToken,
-        fieldSelector,
-        labelSelector,
-        limit,
-        resourceVersion,
-        undefined,
-        timeoutSeconds,
-      ),
+      k8sApi.customObjectsClient.listNamespacedCustomObject({
+        group: 'argoproj.io',
+        version: 'v1alpha1',
+        namespace: namespace,
+        plural: 'rollouts',
+        pretty: pretty,
+        allowWatchBookmarks: false,
+        _continue: continueToken,
+        fieldSelector: fieldSelector,
+        labelSelector: labelSelector,
+        limit: limit,
+        resourceVersion: resourceVersion,
+        timeoutSeconds: timeoutSeconds,
+      }),
     );
     return (
       attemptedApiCall !== undefined &&
@@ -228,20 +229,19 @@ export async function isClusterArgoRolloutSupported(): Promise<boolean> {
     const resourceVersion = undefined; // List anything in the cluster
     const timeoutSeconds = 10; // Don't block the snyk-monitor indefinitely
     const attemptedApiCall = await retryKubernetesApiRequest(() =>
-      k8sApi.customObjectsClient.listClusterCustomObject(
-        'argoproj.io',
-        'v1alpha1',
-        'rollouts',
-        pretty,
-        false,
-        continueToken,
-        fieldSelector,
-        labelSelector,
-        limit,
-        resourceVersion,
-        undefined,
-        timeoutSeconds,
-      ),
+      k8sApi.customObjectsClient.listClusterCustomObject({
+        group: 'argoproj.io',
+        version: 'v1alpha1',
+        plural: 'rollouts',
+        pretty: pretty,
+        allowWatchBookmarks: false,
+        _continue: continueToken,
+        fieldSelector: fieldSelector,
+        labelSelector: labelSelector,
+        limit: limit,
+        resourceVersion: resourceVersion,
+        timeoutSeconds: timeoutSeconds,
+      }),
     );
     return (
       attemptedApiCall !== undefined &&

src/supervisor/watchers/handlers/cron-job.ts

@@ -2,7 +2,6 @@ import { V1CronJob, V1CronJobList } from '@kubernetes/client-node';
 import { deleteWorkload } from './workload';
 import { WorkloadKind } from '../../types';
 import { FALSY_WORKLOAD_NAME_MARKER } from './types';
-import { IncomingMessage } from 'http';
 import { k8sApi } from '../../cluster';
 import { paginatedClusterList, paginatedNamespacedList } from './pagination';
 import {
@@ -15,10 +14,7 @@ import { deleteWorkloadFromScanQueue } from './queue';
 
 export async function paginatedNamespacedCronJobList(
   namespace: string,
-): Promise<{
-  response: IncomingMessage;
-  body: V1CronJobList;
-}> {
+): Promise<V1CronJobList> {
   const v1CronJobList = new V1CronJobList();
   v1CronJobList.apiVersion = 'batch/v1';
   v1CronJobList.kind = 'CronJobList';
@@ -31,10 +27,7 @@ export async function paginatedNamespacedCronJobList(
   );
 }
 
-export async function paginatedClusterCronJobList(): Promise<{
-  response: IncomingMessage;
-  body: V1CronJobList;
-}> {
+export async function paginatedClusterCronJobList(): Promise<V1CronJobList> {
   const v1CronJobList = new V1CronJobList();
   v1CronJobList.apiVersion = 'batch/v1';
   v1CronJobList.kind = 'CronJobList';

src/supervisor/watchers/handlers/daemon-set.ts

@@ -2,7 +2,6 @@ import { V1DaemonSet, V1DaemonSetList } from '@kubernetes/client-node';
 import { deleteWorkload } from './workload';
 import { WorkloadKind } from '../../types';
 import { FALSY_WORKLOAD_NAME_MARKER } from './types';
-import { IncomingMessage } from 'http';
 import { k8sApi } from '../../cluster';
 import { paginatedClusterList, paginatedNamespacedList } from './pagination';
 import {
@@ -15,10 +14,7 @@ import { deleteWorkloadFromScanQueue } from './queue';
 
 export async function paginatedNamespacedDaemonSetList(
   namespace: string,
-): Promise<{
-  response: IncomingMessage;
-  body: V1DaemonSetList;
-}> {
+): Promise<V1DaemonSetList> {
   const v1DaemonSetList = new V1DaemonSetList();
   v1DaemonSetList.apiVersion = 'apps/v1';
   v1DaemonSetList.kind = 'DaemonSetList';
@@ -31,10 +27,7 @@ export async function paginatedNamespacedDaemonSetList(
   );
 }
 
-export async function paginatedClusterDaemonSetList(): Promise<{
-  response: IncomingMessage;
-  body: V1DaemonSetList;
-}> {
+export async function paginatedClusterDaemonSetList(): Promise<V1DaemonSetList> {
   const v1DaemonSetList = new V1DaemonSetList();
   v1DaemonSetList.apiVersion = 'apps/v1';
   v1DaemonSetList.kind = 'DaemonSetList';