upgrade to latest dependencies (knative#10627)

bumping knative.dev/pkg 7101e9d...6040b3a: > 6040b3a improve client error message when our webhook doesn't have a valid cert (# 2000) Signed-off-by: Knative Automation <[email protected]>
senthilnathan · Jan 26, 2021 · 55a7edf · 55a7edf
1 parent 53d4d5b
commit 55a7edf
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 5 deletions.
diff --git a/go.mod b/go.mod
@@ -36,6 +36,6 @@ require (
 	knative.dev/caching v0.0.0-20210125050654-45e8de7ff96e
 	knative.dev/hack v0.0.0-20210120165453-8d623a0af457
 	knative.dev/networking v0.0.0-20210125050654-94433ab7f620
-	knative.dev/pkg v0.0.0-20210124203454-7101e9d4f6c6
+	knative.dev/pkg v0.0.0-20210125222030-6040b3af4803
 	sigs.k8s.io/yaml v1.2.0
 )
diff --git a/go.sum b/go.sum
@@ -1240,6 +1240,8 @@ knative.dev/networking v0.0.0-20210125050654-94433ab7f620 h1:Psy3pDjwkXmsgj+4sI7
 knative.dev/networking v0.0.0-20210125050654-94433ab7f620/go.mod h1:P90P5exK7Vl5AGzuT946ee9Sxf/BoCwNnX8fmxrkuJw=
 knative.dev/pkg v0.0.0-20210124203454-7101e9d4f6c6 h1:jMwOlw2AZx9KlfIExLCFjcpM5jxL4huwfhHvRPqrTSI=
 knative.dev/pkg v0.0.0-20210124203454-7101e9d4f6c6/go.mod h1:X4NPrCo8NK3hbDVan9Vm7mf5io3ZoINakAdrpSXVB08=
+knative.dev/pkg v0.0.0-20210125222030-6040b3af4803 h1:L9lY/UztepeiTWys3VyO3Y5wQmYPyYG7eOG9qib6AZY=
+knative.dev/pkg v0.0.0-20210125222030-6040b3af4803/go.mod h1:X4NPrCo8NK3hbDVan9Vm7mf5io3ZoINakAdrpSXVB08=
 modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
 modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
 modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=

diff --git a/vendor/knative.dev/pkg/webhook/webhook.go b/vendor/knative.dev/pkg/webhook/webhook.go
@@ -184,19 +184,27 @@ func (wh *Webhook) Run(stop <-chan struct{}) error {
 		Addr:    fmt.Sprint(":", wh.Options.Port),
 		TLSConfig: &tls.Config{
 			MinVersion: tls.VersionTLS12,
+
+			// If we return (nil, error) the client sees - 'tls: internal error"
+			// If we return (nil, nil) the client sees - 'tls: no certificates configured'
+			//
+			// We'll return (nil, nil) when we don't find a certificate
 			GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
 				secret, err := wh.secretlister.Secrets(system.Namespace()).Get(wh.Options.SecretName)
 				if err != nil {
-					return nil, err
+					logger.Errorw("failed to fetch secret", zap.Error(err))
+					return nil, nil
 				}
 
 				serverKey, ok := secret.Data[certresources.ServerKey]
 				if !ok {
-					return nil, errors.New("server key missing")
+					logger.Warn("server key missing")
+					return nil, nil
 				}
 				serverCert, ok := secret.Data[certresources.ServerCert]
 				if !ok {
-					return nil, errors.New("server cert missing")
+					logger.Warn("server cert missing")
+					return nil, nil
 				}
 				cert, err := tls.X509KeyPair(serverCert, serverKey)
 				if err != nil {

diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -1027,7 +1027,7 @@ knative.dev/networking/test/conformance/ingress
 knative.dev/networking/test/defaultsystem
 knative.dev/networking/test/test_images/grpc-ping/proto
 knative.dev/networking/test/types
-# knative.dev/pkg v0.0.0-20210124203454-7101e9d4f6c6
+# knative.dev/pkg v0.0.0-20210125222030-6040b3af4803
 ## explicit
 knative.dev/pkg/apiextensions/storageversion
 knative.dev/pkg/apiextensions/storageversion/cmd/migrate