Merge pull request #93 from Comcast/upgrade_pkgs_secvulns

updating pkg versions initial commit
Comcast · Oct 14, 2024 · 6ae8d65 · 6ae8d65
2 parents 63f9220 + a24e13b
commit 6ae8d65
Show file tree

Hide file tree

Showing 279 changed files with 3,649 additions and 17,057 deletions.
diff --git a/.github/workflows/pr-prechecks.yml b/.github/workflows/pr-prechecks.yml
@@ -11,6 +11,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.merge_commit_sha }}
 
       - name: Setup golang environment
         uses: actions/setup-go@v5
@@ -37,6 +39,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.merge_commit_sha }}
 
       - name: Setup golang environment
         uses: actions/setup-go@v5

diff --git a/.gitignore b/.gitignore
@@ -98,6 +98,7 @@ bh_unicode_properties.cache
 GitHub.sublime-settings
 
 ### VisualStudioCode ###
+.dccache
 .vscode/*
 !.vscode/settings.json
 !.vscode/tasks.json

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -21,6 +21,7 @@ log is based on the [Keep a CHANGELOG](http://keepachangelog.com/) project.
 - Added support for metrics collection from Dell servers [#77](https://github.com/Comcast/fishymetrics/issues/77)
 - Added support for firmware metrics collection from all supported servers and iLO versions from a single universal exporter [#83](https://github.com/Comcast/fishymetrics/issues/83)
 - Added support for Supermicro models metrics collection [#87](https://github.com/Comcast/fishymetrics/issues/87)
+- Added option to skip/unskip TLS verification [#94](https://github.com/Comcast/fishymetrics/issues/94)
 
 ## Fixed
 
@@ -33,7 +34,8 @@ log is based on the [Keep a CHANGELOG](http://keepachangelog.com/) project.
 - Chassis ComputerSystems field is handled improperly [#68](https://github.com/Comcast/fishymetrics/issues/68)
 - Power and Thermal metrics collection for Dell R7xxXD server models [#77](https://github.com/Comcast/fishymetrics/issues/77)
 - Firmware metrics and request headers update for Dell iDRAC9 with FW ver.3.xx and 4.xx [#77](https://github.com/Comcast/fishymetrics/issues/77)
-- Power supply status duplicate bay number metrics [#85] (https://github.com/Comcast/fishymetrics/issues/85)
+- Power supply status duplicate bay number metrics [#85](https://github.com/Comcast/fishymetrics/issues/85)
+- Capturing Model field in finished scrape log message [#94](https://github.com/Comcast/fishymetrics/issues/94)
 
 ## Updated
 
@@ -46,8 +48,10 @@ log is based on the [Keep a CHANGELOG](http://keepachangelog.com/) project.
 - get chassis serial number from JSON response instead of url path [#50](https://github.com/Comcast/fishymetrics/issues/50)
 - HP DL380 module to include CPU metrics and all HP models to include bayNumber in PSU metrics [#57](https://github.com/Comcast/fishymetrics/issues/57)
 - use standard library for http routing instead of gorilla mux package [#47](https://github.com/Comcast/fishymetrics/issues/47)
-- Avoid collecting firmware metrics if count of endpoints are 75 or greater [#77] (https://github.com/Comcast/fishymetrics/issues/77)
+- Avoid collecting firmware metrics if count of endpoints are 75 or greater [#77](https://github.com/Comcast/fishymetrics/issues/77)
 - Support for physical disk, logical drive and storage controller metrics collection from iLO5 fw ver.3.0.x [#91](https://github.com/Comcast/fishymetrics/issues/91)
+- Updated vault api, sdk and containerd packages to fix known security issues [#94](https://github.com/Comcast/fishymetrics/issues/94)
+- Deprecate module query param in favor of model [#94](https://github.com/Comcast/fishymetrics/issues/94)
 
 ## [0.7.1]
 

diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-FROM golang:1.22 as build
+FROM golang:1.23 AS build
 COPY . /go/src/github.com/comcast/fishymetrics
 WORKDIR /go/src/github.com/comcast/fishymetrics
 
@@ -27,7 +27,7 @@ COPY vendor /sources/vendor/
 # Build the sources tarball outside of /deps so it has to be copied explicitly
 RUN cd /; tar -czf /sources.tgz sources
 
-FROM alpine:latest as certs
+FROM alpine:latest AS certs
 RUN apk --update --no-cache add ca-certificates
 
 # 'bin' stage, copy in only the binary and dependencies

diff --git a/Makefile b/Makefile
@@ -13,6 +13,7 @@ build:
 
 docker:
 	docker build \
+	--platform linux/amd64 \
 	--build-arg VERSION=${REPO_VERSION} \
 	--build-arg REPO_REV=${REPO_REV} \
 	--build-arg DATE=${BUILD_DATE} \

diff --git a/README.md b/README.md
@@ -21,6 +21,7 @@ Flags:
       --password=""             BMC static password
       --timeout=15s             BMC scrape timeout
       --scheme="https"          BMC Scheme to use
+      --insecure-skip-verify     Skip TLS verification
       --log.level=[debug|info|warn|error]
                                 log level verbosity
       --log.method=[file|vector]

diff --git a/cmd/fishymetrics/main.go b/cmd/fishymetrics/main.go
@@ -61,6 +61,7 @@ var (
 	password           = a.Flag("password", "BMC static password").Default("").Envar("BMC_PASSWORD").String()
 	bmcTimeout         = a.Flag("timeout", "BMC scrape timeout").Default("15s").Envar("BMC_TIMEOUT").Duration()
 	bmcScheme          = a.Flag("scheme", "BMC Scheme to use").Default("https").Envar("BMC_SCHEME").String()
+	insecureSkipVerify = a.Flag("insecure-skip-verify", "Skip TLS verification").Default("false").Envar("INSECURE_SKIP_VERIFY").Bool()
 	logLevel           = a.Flag("log.level", "log level verbosity").PlaceHolder("[debug|info|warn|error]").Default("info").Envar("LOG_LEVEL").String()
 	logMethod          = a.Flag("log.method", "alternative method for logging in addition to stdout").PlaceHolder("[file|vector]").Default("").Envar("LOG_METHOD").String()
 	logFilePath        = a.Flag("log.file-path", "directory path where log files are written if log-method is file").Default("/var/log/fishymetrics").Envar("LOG_FILE_PATH").String()
@@ -109,12 +110,7 @@ func handler(ctx context.Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// TODO: deprecate module query param in favor of model
-	moduleName := query.Get("module")
 	model := query.Get("model")
-	if model == "" {
-		model = moduleName
-	}
 
 	// optional query param is used to tell us which credential profile to use when retrieving that hosts username and password
 	credProf := query.Get("credential_profile")
@@ -130,9 +126,7 @@ func handler(ctx context.Context, w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	// TODO: deprecate module log entry
 	log.Info("started scrape",
-		zap.String("module", model),
 		zap.String("model", model),
 		zap.String("target", target),
 		zap.String("credential_profile", credProf),
@@ -236,6 +230,16 @@ func main() {
 		panic(fmt.Errorf("error converting arg --log.file-max-age to int - %s", err.Error()))
 	}
 
+	c := &config.Config{
+		BMCScheme:  *bmcScheme,
+		BMCTimeout: *bmcTimeout,
+		SSLVerify:  *insecureSkipVerify,
+		User:       *username,
+		Pass:       *password,
+	}
+
+	config.NewConfig(c)
+
 	// init logger config
 	logConfig := logger.LoggerConfig{
 		LogLevel:  *logLevel,
@@ -294,12 +298,6 @@ func main() {
 		}
 	}
 
-	config.NewConfig(&config.Config{
-		BMCScheme: *bmcScheme,
-		User:      *username,
-		Pass:      *password,
-	})
-
 	mux := http.NewServeMux()
 
 	mux.HandleFunc("GET /info", func(w http.ResponseWriter, r *http.Request) {

diff --git a/cmd/fishymetrics/templates.go b/cmd/fishymetrics/templates.go
@@ -57,7 +57,7 @@ const indexTmpl string = `<html>
     </div>
     <form action="scrape">
       <label>Target:</label> <input type="text" name="target" placeholder="ip or fdqn"><br>
-      <label>Module:</label> <input type="text" name="module" placeholder="chassis model i.e. dl360"><br>
+      <label>Model:</label> <input type="text" name="model" placeholder="chassis model i.e. dl360"><br>
       <input type="submit" value="Submit">
     </form>
   </body>

diff --git a/common/ignored.go b/common/ignored.go
@@ -25,6 +25,7 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/comcast/fishymetrics/config"
 	"go.uber.org/zap"
 )
 
@@ -39,7 +40,7 @@ type host struct {
 type IgnoredDevice struct {
 	Name              string
 	Endpoint          string
-	Module            string
+	Model             string
 	CredentialProfile string
 }
 
@@ -112,7 +113,7 @@ func TestConn(w http.ResponseWriter, r *http.Request) {
 		IdleConnTimeout:       90 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
 		TLSClientConfig: &tls.Config{
-			InsecureSkipVerify: true,
+			InsecureSkipVerify: config.GetConfig().SSLVerify,
 		},
 		TLSHandshakeTimeout: 10 * time.Second,
 	}

diff --git a/config/config.go b/config/config.go
@@ -24,6 +24,7 @@ import (
 type Config struct {
 	BMCScheme  string
 	BMCTimeout time.Duration
+	SSLVerify  bool
 	User       string
 	Pass       string
 }

diff --git a/exporter/exporter.go b/exporter/exporter.go
@@ -141,7 +141,7 @@ func NewExporter(ctx context.Context, target, uri, profile, model string, exclud
 		IdleConnTimeout:       90 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
 		TLSClientConfig: &tls.Config{
-			InsecureSkipVerify: true,
+			InsecureSkipVerify: config.GetConfig().SSLVerify,
 		},
 		TLSHandshakeTimeout: 10 * time.Second,
 	}
@@ -190,7 +190,7 @@ func NewExporter(ctx context.Context, target, uri, profile, model string, exclud
 			common.IgnoredDevices[exp.host] = common.IgnoredDevice{
 				Name:              exp.host,
 				Endpoint:          "https://" + exp.host + "/redfish/v1/Chassis/",
-				Module:            model,
+				Model:             model,
 				CredentialProfile: exp.credProfile,
 			}
 			log.Info("added host "+exp.host+" to ignored list", zap.Any("trace_id", exp.ctx.Value("traceID")))
@@ -543,7 +543,7 @@ func (e *Exporter) scrape() {
 				common.IgnoredDevices[e.host] = common.IgnoredDevice{
 					Name:              e.host,
 					Endpoint:          "https://" + e.host + "/redfish/v1/Chassis/",
-					Module:            e.Model,
+					Model:             e.Model,
 					CredentialProfile: e.credProfile,
 				}
 				log.Info("added host "+e.host+" to ignored list", zap.Any("trace_id", e.ctx.Value("traceID")))

diff --git a/exporter/moonshot/exporter.go b/exporter/moonshot/exporter.go
@@ -97,7 +97,7 @@ func NewExporter(ctx context.Context, target, uri, profile string) (*Exporter, e
 		IdleConnTimeout:       90 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
 		TLSClientConfig: &tls.Config{
-			InsecureSkipVerify: true,
+			InsecureSkipVerify: config.GetConfig().SSLVerify,
 		},
 		TLSHandshakeTimeout: 10 * time.Second,
 	}
@@ -270,7 +270,7 @@ func (e *Exporter) scrape() {
 				common.IgnoredDevices[e.host] = common.IgnoredDevice{
 					Name:              e.host,
 					Endpoint:          "https://" + e.host + "/rest/v1/chassis/1",
-					Module:            MOONSHOT,
+					Model:             MOONSHOT,
 					CredentialProfile: e.credProfile,
 				}
 				log.Info("added host "+e.host+" to ignored list", zap.Any("trace_id", e.ctx.Value("traceID")))

diff --git a/go.mod b/go.mod
@@ -1,30 +1,30 @@
 module github.com/comcast/fishymetrics
 
-go 1.22
+go 1.23
 
 require (
 	github.com/hashicorp/go-hclog v1.6.3
 	github.com/hashicorp/go-retryablehttp v0.7.7
-	github.com/hashicorp/vault/api v1.12.0
+	github.com/hashicorp/vault/api v1.14.0
 	github.com/hashicorp/vault/api/auth/approle v0.4.0
-	github.com/hashicorp/vault/sdk v0.11.1
+	github.com/hashicorp/vault/sdk v0.13.0
 	github.com/nrednav/cuid2 v1.0.0
 	github.com/prometheus/client_golang v1.14.0
-	github.com/stretchr/testify v1.8.4
+	github.com/stretchr/testify v1.9.0
 	go.uber.org/zap v1.27.0
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
 	github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/containerd/containerd v1.7.12 // indirect
+	github.com/containerd/containerd v1.7.20 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/distribution/reference v0.6.0 // indirect
@@ -33,23 +33,23 @@ require (
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/fatih/color v1.16.0 // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
-	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
+	github.com/go-logr/logr v1.3.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
-	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
-	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
+	github.com/hashicorp/go-sockaddr v1.0.6 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.16.5 // indirect
+	github.com/klauspost/compress v1.16.7 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
@@ -64,7 +64,7 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
@@ -74,18 +74,16 @@ require (
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect
-	go.opentelemetry.io/otel v1.19.0 // indirect
-	go.opentelemetry.io/otel/metric v1.19.0 // indirect
-	go.opentelemetry.io/otel/trace v1.19.0 // indirect
+	go.opentelemetry.io/otel v1.21.0 // indirect
+	go.opentelemetry.io/otel/metric v1.21.0 // indirect
+	go.opentelemetry.io/otel/trace v1.21.0 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.10.0 // indirect
-	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/mod v0.11.0 // indirect
-	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/crypto v0.23.0 // indirect
+	golang.org/x/net v0.25.0 // indirect
 	golang.org/x/sys v0.20.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/text v0.15.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.10.0 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
+	google.golang.org/protobuf v1.34.1 // indirect
 	gotest.tools/v3 v3.5.1 // indirect
 )