Upgrade pacakges to fix the Synk security findings

   - https://redpandadata.slack.com/archives/C048S5QD9KK/p1713769227894069

Dockerfile

@@ -1,7 +1,6 @@
 # syntax=docker/dockerfile:experimental
 
-FROM --platform=${TARGETPLATFORM} public.ecr.aws/docker/library/golang:1.19.13 AS base
-#FROM --platform=${TARGETPLATFORM} public.ecr.aws/docker/library/golang:1.21.8 AS base
+FROM --platform=${TARGETPLATFORM} public.ecr.aws/docker/library/golang:1.21.8 AS base
 WORKDIR /workspace
 # Copy the Go Modules manifests
 COPY go.mod go.mod
@@ -25,8 +24,7 @@ RUN --mount=type=bind,target=. \
     CGO_LDFLAGS="-Wl,-z,relro,-z,now" \
     go build -buildmode=pie -tags 'osusergo,netgo,static_build' -ldflags="-s -w -linkmode=external -extldflags '-static-pie' -X ${VERSION_PKG}.GitVersion=${GIT_VERSION} -X ${VERSION_PKG}.GitCommit=${GIT_COMMIT} -X ${VERSION_PKG}.BuildDate=${BUILD_DATE}" -mod=readonly -a -o /out/controller main.go
 
-FROM public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-nonroot:2023-02-22-1677092456.2 as bin-unix
-#FROM public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-nonroot:2023-09-06-1694026927.2 as bin-unix
+FROM public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-nonroot:2023-09-06-1694026927.2 as bin-unix
 
 COPY --from=build /out/controller /controller
 ENTRYPOINT ["/controller"]

Makefile

@@ -91,7 +91,7 @@ ifeq (, $(shell which controller-gen))
 	CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\
 	cd $$CONTROLLER_GEN_TMP_DIR ;\
 	go mod init tmp ;\
-	go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.11.1 ;\
+	go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0 ;\
 	rm -rf $$CONTROLLER_GEN_TMP_DIR ;\
 	}
 CONTROLLER_GEN=$(GOBIN)/controller-gen

controllers/elbv2/eventhandlers/endpoints.go

@@ -2,6 +2,7 @@ package eventhandlers
 
 import (
 	"context"
+
 	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/equality"
@@ -32,29 +33,41 @@ type enqueueRequestsForEndpointsEvent struct {
 }
 
 // Create is called in response to an create event - e.g. Pod Creation.
-func (h *enqueueRequestsForEndpointsEvent) Create(e event.CreateEvent, queue workqueue.RateLimitingInterface) {
-	epNew := e.Object.(*corev1.Endpoints)
+func (h *enqueueRequestsForEndpointsEvent) Create(ctx context.Context, e event.CreateEvent, queue workqueue.RateLimitingInterface) {
+	epNew, ok := e.Object.(*corev1.Endpoints)
+	if !ok {
+		return
+	}
 	h.enqueueImpactedTargetGroupBindings(queue, epNew)
 }
 
 // Update is called in response to an update event -  e.g. Pod Updated.
-func (h *enqueueRequestsForEndpointsEvent) Update(e event.UpdateEvent, queue workqueue.RateLimitingInterface) {
-	epOld := e.ObjectOld.(*corev1.Endpoints)
-	epNew := e.ObjectNew.(*corev1.Endpoints)
+func (h *enqueueRequestsForEndpointsEvent) Update(ctx context.Context, e event.UpdateEvent, queue workqueue.RateLimitingInterface) {
+	epOld, ok := e.ObjectOld.(*corev1.Endpoints)
+	if !ok {
+		return
+	}
+	epNew, ok := e.ObjectNew.(*corev1.Endpoints)
+	if !ok {
+		return
+	}
 	if !equality.Semantic.DeepEqual(epOld.Subsets, epNew.Subsets) {
 		h.enqueueImpactedTargetGroupBindings(queue, epNew)
 	}
 }
 
 // Delete is called in response to a delete event - e.g. Pod Deleted.
-func (h *enqueueRequestsForEndpointsEvent) Delete(e event.DeleteEvent, queue workqueue.RateLimitingInterface) {
-	epOld := e.Object.(*corev1.Endpoints)
+func (h *enqueueRequestsForEndpointsEvent) Delete(ctx context.Context, e event.DeleteEvent, queue workqueue.RateLimitingInterface) {
+	epOld, ok := e.Object.(*corev1.Endpoints)
+	if !ok {
+		return
+	}
 	h.enqueueImpactedTargetGroupBindings(queue, epOld)
 }
 
 // Generic is called in response to an event of an unknown type or a synthetic event triggered as a cron or
 // external trigger request - e.g. reconcile AutoScaling, or a WebHook.
-func (h *enqueueRequestsForEndpointsEvent) Generic(event.GenericEvent, workqueue.RateLimitingInterface) {
+func (h *enqueueRequestsForEndpointsEvent) Generic(context.Context, event.GenericEvent, workqueue.RateLimitingInterface) {
 }
 
 func (h *enqueueRequestsForEndpointsEvent) enqueueImpactedTargetGroupBindings(queue workqueue.RateLimitingInterface, ep *corev1.Endpoints) {

controllers/elbv2/eventhandlers/endpoints_test.go

@@ -2,6 +2,9 @@ package eventhandlers
 
 import (
 	"context"
+	"testing"
+
+	"github.com/go-logr/logr"
 	"github.com/golang/mock/gomock"
 	"github.com/google/go-cmp/cmp"
 	"github.com/stretchr/testify/assert"
@@ -15,8 +18,6 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllertest"
-	"sigs.k8s.io/controller-runtime/pkg/log"
-	"testing"
 )
 
 func Test_enqueueRequestsForEndpointsEvent_enqueueImpactedTargetGroupBindings(t *testing.T) {
@@ -168,7 +169,7 @@ func Test_enqueueRequestsForEndpointsEvent_enqueueImpactedTargetGroupBindings(t
 
 			h := &enqueueRequestsForEndpointsEvent{
 				k8sClient: k8sClient,
-				logger:    &log.NullLogger{},
+				logger:    logr.Discard(),
 			}
 			queue := controllertest.Queue{Interface: workqueue.New()}
 			h.enqueueImpactedTargetGroupBindings(queue, tt.args.eps)

controllers/elbv2/eventhandlers/endpointslices.go

@@ -36,16 +36,25 @@ type enqueueRequestsForEndpointSlicesEvent struct {
 }
 
 // Create is called in response to an create event - e.g. EndpointSlice Creation.
-func (h *enqueueRequestsForEndpointSlicesEvent) Create(e event.CreateEvent, queue workqueue.RateLimitingInterface) {
-	epNew := e.Object.(*discv1.EndpointSlice)
+func (h *enqueueRequestsForEndpointSlicesEvent) Create(ctx context.Context, e event.CreateEvent, queue workqueue.RateLimitingInterface) {
+	epNew, ok := e.Object.(*discv1.EndpointSlice)
+	if !ok {
+		return
+	}
 	h.logger.V(1).Info("Create event for EndpointSlices", "name", epNew.Name)
 	h.enqueueImpactedTargetGroupBindings(queue, epNew)
 }
 
 // Update is called in response to an update event -  e.g. EndpointSlice Updated.
-func (h *enqueueRequestsForEndpointSlicesEvent) Update(e event.UpdateEvent, queue workqueue.RateLimitingInterface) {
-	epOld := e.ObjectOld.(*discv1.EndpointSlice)
-	epNew := e.ObjectNew.(*discv1.EndpointSlice)
+func (h *enqueueRequestsForEndpointSlicesEvent) Update(ctx context.Context, e event.UpdateEvent, queue workqueue.RateLimitingInterface) {
+	epOld, ok := e.ObjectOld.(*discv1.EndpointSlice)
+	if !ok {
+		return
+	}
+	epNew, ok := e.ObjectNew.(*discv1.EndpointSlice)
+	if !ok {
+		return
+	}
 	h.logger.V(1).Info("Update event for EndpointSlices", "name", epNew.Name)
 	if !equality.Semantic.DeepEqual(epOld.Ports, epNew.Ports) || !equality.Semantic.DeepEqual(epOld.Endpoints, epNew.Endpoints) {
 		h.logger.V(1).Info("Enqueue EndpointSlice", "name", epNew.Name)
@@ -54,15 +63,18 @@ func (h *enqueueRequestsForEndpointSlicesEvent) Update(e event.UpdateEvent, queu
 }
 
 // Delete is called in response to a delete event - e.g. EndpointSlice Deleted.
-func (h *enqueueRequestsForEndpointSlicesEvent) Delete(e event.DeleteEvent, queue workqueue.RateLimitingInterface) {
-	epOld := e.Object.(*discv1.EndpointSlice)
+func (h *enqueueRequestsForEndpointSlicesEvent) Delete(ctx context.Context, e event.DeleteEvent, queue workqueue.RateLimitingInterface) {
+	epOld, ok := e.Object.(*discv1.EndpointSlice)
+	if !ok {
+		return
+	}
 	h.logger.V(1).Info("Deletion event for EndpointSlices", "name", epOld.Name)
 	h.enqueueImpactedTargetGroupBindings(queue, epOld)
 }
 
 // Generic is called in response to an event of an unknown type or a synthetic event triggered as a cron or
 // external trigger request - e.g. reconcile AutoScaling, or a WebHook.
-func (h *enqueueRequestsForEndpointSlicesEvent) Generic(event.GenericEvent, workqueue.RateLimitingInterface) {
+func (h *enqueueRequestsForEndpointSlicesEvent) Generic(context.Context, event.GenericEvent, workqueue.RateLimitingInterface) {
 }
 
 func (h *enqueueRequestsForEndpointSlicesEvent) enqueueImpactedTargetGroupBindings(queue workqueue.RateLimitingInterface, epSlice *discv1.EndpointSlice) {

controllers/elbv2/eventhandlers/endpointslices_test.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"testing"
 
+	"github.com/go-logr/logr"
 	"github.com/golang/mock/gomock"
 	"github.com/google/go-cmp/cmp"
 	"github.com/stretchr/testify/assert"
@@ -17,7 +18,6 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllertest"
-	"sigs.k8s.io/controller-runtime/pkg/log"
 )
 
 func Test_enqueueRequestsForEndpointSlicesEvent_enqueueImpactedTargetGroupBindings(t *testing.T) {
@@ -171,7 +171,7 @@ func Test_enqueueRequestsForEndpointSlicesEvent_enqueueImpactedTargetGroupBindin
 
 			h := &enqueueRequestsForEndpointSlicesEvent{
 				k8sClient: k8sClient,
-				logger:    &log.NullLogger{},
+				logger:    logr.Discard(),
 			}
 			queue := controllertest.Queue{Interface: workqueue.New()}
 			h.enqueueImpactedTargetGroupBindings(queue, tt.args.epslice)

controllers/elbv2/eventhandlers/node.go

@@ -31,27 +31,39 @@ type enqueueRequestsForNodeEvent struct {
 }
 
 // Create is called in response to an create event - e.g. Pod Creation.
-func (h *enqueueRequestsForNodeEvent) Create(e event.CreateEvent, queue workqueue.RateLimitingInterface) {
-	nodeNew := e.Object.(*corev1.Node)
+func (h *enqueueRequestsForNodeEvent) Create(ctx context.Context, e event.CreateEvent, queue workqueue.RateLimitingInterface) {
+	nodeNew, ok := e.Object.(*corev1.Node)
+	if !ok {
+		return
+	}
 	h.enqueueImpactedTargetGroupBindings(queue, nil, nodeNew)
 }
 
 // Update is called in response to an update event -  e.g. Pod Updated.
-func (h *enqueueRequestsForNodeEvent) Update(e event.UpdateEvent, queue workqueue.RateLimitingInterface) {
-	nodeOld := e.ObjectOld.(*corev1.Node)
-	nodeNew := e.ObjectNew.(*corev1.Node)
+func (h *enqueueRequestsForNodeEvent) Update(ctx context.Context, e event.UpdateEvent, queue workqueue.RateLimitingInterface) {
+	nodeOld, ok := e.ObjectOld.(*corev1.Node)
+	if !ok {
+		return
+	}
+	nodeNew, ok := e.ObjectNew.(*corev1.Node)
+	if !ok {
+		return
+	}
 	h.enqueueImpactedTargetGroupBindings(queue, nodeOld, nodeNew)
 }
 
 // Delete is called in response to a delete event - e.g. Pod Deleted.
-func (h *enqueueRequestsForNodeEvent) Delete(e event.DeleteEvent, queue workqueue.RateLimitingInterface) {
-	nodeOld := e.Object.(*corev1.Node)
+func (h *enqueueRequestsForNodeEvent) Delete(ctx context.Context, e event.DeleteEvent, queue workqueue.RateLimitingInterface) {
+	nodeOld, ok := e.Object.(*corev1.Node)
+	if !ok {
+		return
+	}
 	h.enqueueImpactedTargetGroupBindings(queue, nodeOld, nil)
 }
 
 // Generic is called in response to an event of an unknown type or a synthetic event triggered as a cron or
 // external trigger request - e.g. reconcile AutoScaling, or a WebHook.
-func (h *enqueueRequestsForNodeEvent) Generic(e event.GenericEvent, queue workqueue.RateLimitingInterface) {
+func (h *enqueueRequestsForNodeEvent) Generic(ctx context.Context, e event.GenericEvent, queue workqueue.RateLimitingInterface) {
 	// nothing to do here
 }
 

controllers/elbv2/eventhandlers/service.go

@@ -2,6 +2,7 @@ package eventhandlers
 
 import (
 	"context"
+
 	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/equality"
@@ -30,29 +31,41 @@ type enqueueRequestsForServiceEvent struct {
 }
 
 // Create is called in response to an create event - e.g. Pod Creation.
-func (h *enqueueRequestsForServiceEvent) Create(e event.CreateEvent, queue workqueue.RateLimitingInterface) {
-	svcNew := e.Object.(*corev1.Service)
+func (h *enqueueRequestsForServiceEvent) Create(ctx context.Context, e event.CreateEvent, queue workqueue.RateLimitingInterface) {
+	svcNew, ok := e.Object.(*corev1.Service)
+	if !ok {
+		return
+	}
 	h.enqueueImpactedTargetGroupBindings(queue, svcNew)
 }
 
 // Update is called in response to an update event -  e.g. Pod Updated.
-func (h *enqueueRequestsForServiceEvent) Update(e event.UpdateEvent, queue workqueue.RateLimitingInterface) {
-	svcOld := e.ObjectOld.(*corev1.Service)
-	svcNew := e.ObjectNew.(*corev1.Service)
+func (h *enqueueRequestsForServiceEvent) Update(ctx context.Context, e event.UpdateEvent, queue workqueue.RateLimitingInterface) {
+	svcOld, ok := e.ObjectOld.(*corev1.Service)
+	if !ok {
+		return
+	}
+	svcNew, ok := e.ObjectNew.(*corev1.Service)
+	if !ok {
+		return
+	}
 	if !equality.Semantic.DeepEqual(svcOld.Spec.Ports, svcNew.Spec.Ports) {
 		h.enqueueImpactedTargetGroupBindings(queue, svcNew)
 	}
 }
 
 // Delete is called in response to a delete event - e.g. Pod Deleted.
-func (h *enqueueRequestsForServiceEvent) Delete(e event.DeleteEvent, queue workqueue.RateLimitingInterface) {
-	svcOld := e.Object.(*corev1.Service)
+func (h *enqueueRequestsForServiceEvent) Delete(ctx context.Context, e event.DeleteEvent, queue workqueue.RateLimitingInterface) {
+	svcOld, ok := e.Object.(*corev1.Service)
+	if !ok {
+		return
+	}
 	h.enqueueImpactedTargetGroupBindings(queue, svcOld)
 }
 
 // Generic is called in response to an event of an unknown type or a synthetic event triggered as a cron or
 // external trigger request - e.g. reconcile AutoScaling, or a WebHook.
-func (h *enqueueRequestsForServiceEvent) Generic(e event.GenericEvent, queue workqueue.RateLimitingInterface) {
+func (h *enqueueRequestsForServiceEvent) Generic(ctx context.Context, e event.GenericEvent, queue workqueue.RateLimitingInterface) {
 	// nothing to do here
 }
 

controllers/elbv2/eventhandlers/service_test.go

@@ -2,6 +2,9 @@ package eventhandlers
 
 import (
 	"context"
+	"testing"
+
+	"github.com/go-logr/logr"
 	"github.com/golang/mock/gomock"
 	"github.com/google/go-cmp/cmp"
 	"github.com/stretchr/testify/assert"
@@ -16,8 +19,6 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllertest"
-	"sigs.k8s.io/controller-runtime/pkg/log"
-	"testing"
 )
 
 func Test_enqueueRequestsForServiceEvent_enqueueImpactedTargetGroupBindings(t *testing.T) {
@@ -189,7 +190,7 @@ func Test_enqueueRequestsForServiceEvent_enqueueImpactedTargetGroupBindings(t *t
 
 			h := &enqueueRequestsForServiceEvent{
 				k8sClient: k8sClient,
-				logger:    &log.NullLogger{},
+				logger:    logr.Discard(),
 			}
 			queue := controllertest.Queue{Interface: workqueue.New()}
 			h.enqueueImpactedTargetGroupBindings(queue, tt.args.svc)

controllers/elbv2/targetgroupbinding_controller.go

@@ -33,7 +33,6 @@ import (
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/runtime"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/targetgroupbinding"
 	"sigs.k8s.io/controller-runtime/pkg/controller"
-	"sigs.k8s.io/controller-runtime/pkg/source"
 
 	"github.com/go-logr/logr"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -167,9 +166,9 @@ func (r *targetGroupBindingReconciler) SetupWithManager(ctx context.Context, mgr
 		return ctrl.NewControllerManagedBy(mgr).
 			For(&elbv2api.TargetGroupBinding{}).
 			Named(controllerName).
-			Watches(&source.Kind{Type: &corev1.Service{}}, svcEventHandler).
-			Watches(&source.Kind{Type: &discv1.EndpointSlice{}}, epSliceEventsHandler).
-			Watches(&source.Kind{Type: &corev1.Node{}}, nodeEventsHandler).
+			Watches(&corev1.Service{}, svcEventHandler).
+			Watches(&discv1.EndpointSlice{}, epSliceEventsHandler).
+			Watches(&corev1.Node{}, nodeEventsHandler).
 			WithOptions(controller.Options{
 				MaxConcurrentReconciles: r.maxConcurrentReconciles,
 				RateLimiter:             workqueue.NewItemExponentialFailureRateLimiter(5*time.Millisecond, r.maxExponentialBackoffDelay)}).
@@ -180,9 +179,9 @@ func (r *targetGroupBindingReconciler) SetupWithManager(ctx context.Context, mgr
 		return ctrl.NewControllerManagedBy(mgr).
 			For(&elbv2api.TargetGroupBinding{}).
 			Named(controllerName).
-			Watches(&source.Kind{Type: &corev1.Service{}}, svcEventHandler).
-			Watches(&source.Kind{Type: &corev1.Endpoints{}}, epsEventsHandler).
-			Watches(&source.Kind{Type: &corev1.Node{}}, nodeEventsHandler).
+			Watches(&corev1.Service{}, svcEventHandler).
+			Watches(&corev1.Endpoints{}, epsEventsHandler).
+			Watches(&corev1.Node{}, nodeEventsHandler).
 			WithOptions(controller.Options{
 				MaxConcurrentReconciles: r.maxConcurrentReconciles,
 				RateLimiter:             workqueue.NewItemExponentialFailureRateLimiter(5*time.Millisecond, r.maxExponentialBackoffDelay)}).