Skip to content

Commit 85f2f31

Browse files
authored
Merge pull request #1299 from yue9944882/cherry-pick-1223-131
(1.31) Automated cherry pick of #1223: Remove potential nil ptr dereferences
2 parents a4e6faf + b0e5ef9 commit 85f2f31

File tree

8 files changed

+87
-27
lines changed

8 files changed

+87
-27
lines changed

.ko.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
defaultBaseImage: registry.k8s.io/build-image/go-runner:v2.4.0-go1.24.7-bookworm.0
1+
defaultBaseImage: registry.k8s.io/build-image/go-runner:v2.4.0-go1.24.9-bookworm.0

Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,15 +14,15 @@
1414
## BUILD ARGS ##
1515
################################################################################
1616
# This build arg allows the specification of a custom Golang image.
17-
ARG GOLANG_IMAGE=golang:1.24.7
17+
ARG GOLANG_IMAGE=golang:1.24.9
1818

1919
# The distroless image on which the CPI manager image is built.
2020
#
2121
# Please do not use "latest". Explicit tags should be used to provide
2222
# deterministic builds. Follow what kubernetes uses to build
2323
# kube-controller-manager, for example for 1.23.x:
2424
# https://github.com/kubernetes/kubernetes/blob/release-1.24/build/common.sh#L94
25-
ARG DISTROLESS_IMAGE=registry.k8s.io/build-image/go-runner:v2.4.0-go1.24.7-bookworm.0
25+
ARG DISTROLESS_IMAGE=registry.k8s.io/build-image/go-runner:v2.4.0-go1.24.9-bookworm.0
2626

2727
################################################################################
2828
## BUILD STAGE ##

cloudbuild.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ steps:
1717
- --platform=linux/amd64,linux/arm64
1818
- .
1919
# Build cloudbuild artifacts (for attestation)
20-
- name: 'docker.io/library/golang:1.24.7-bookworm'
20+
- name: 'docker.io/library/golang:1.24.9-bookworm'
2121
id: cloudbuild-artifacts
2222
entrypoint: make
2323
env:

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module k8s.io/cloud-provider-aws
22

3-
go 1.24.7
3+
go 1.24.9
44

55
require (
66
github.com/aws/aws-sdk-go-v2 v1.36.5

pkg/providers/v1/aws_fakes.go

Lines changed: 27 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ import (
3232
"github.com/aws/aws-sdk-go-v2/service/ec2"
3333
ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types"
3434
elb "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing"
35+
elbtypes "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing/types"
3536
elbv2 "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2"
3637
"github.com/aws/aws-sdk-go-v2/service/kms"
3738
"k8s.io/klog/v2"
@@ -529,108 +530,114 @@ type FakeELB struct {
529530

530531
// CreateLoadBalancer is not implemented but is required for interface
531532
// conformance
532-
func (elb *FakeELB) CreateLoadBalancer(ctx context.Context, input *elb.CreateLoadBalancerInput, opts ...func(*elb.Options)) (*elb.CreateLoadBalancerOutput, error) {
533+
func (e *FakeELB) CreateLoadBalancer(ctx context.Context, input *elb.CreateLoadBalancerInput, opts ...func(*elb.Options)) (*elb.CreateLoadBalancerOutput, error) {
533534
panic("Not implemented")
534535
}
535536

536537
// DeleteLoadBalancer is not implemented but is required for interface
537538
// conformance
538-
func (elb *FakeELB) DeleteLoadBalancer(ctx context.Context, input *elb.DeleteLoadBalancerInput, opts ...func(*elb.Options)) (*elb.DeleteLoadBalancerOutput, error) {
539+
func (e *FakeELB) DeleteLoadBalancer(ctx context.Context, input *elb.DeleteLoadBalancerInput, opts ...func(*elb.Options)) (*elb.DeleteLoadBalancerOutput, error) {
539540
panic("Not implemented")
540541
}
541542

542543
// DescribeLoadBalancers is not implemented but is required for interface
543544
// conformance
544-
func (elb *FakeELB) DescribeLoadBalancers(ctx context.Context, input *elb.DescribeLoadBalancersInput, opts ...func(*elb.Options)) (*elb.DescribeLoadBalancersOutput, error) {
545+
func (e *FakeELB) DescribeLoadBalancers(ctx context.Context, input *elb.DescribeLoadBalancersInput, opts ...func(*elb.Options)) (*elb.DescribeLoadBalancersOutput, error) {
545546
panic("Not implemented")
546547
}
547548

548549
// AddTags is not implemented but is required for interface conformance
549-
func (elb *FakeELB) AddTags(ctx context.Context, input *elb.AddTagsInput, opts ...func(*elb.Options)) (*elb.AddTagsOutput, error) {
550+
func (e *FakeELB) AddTags(ctx context.Context, input *elb.AddTagsInput, opts ...func(*elb.Options)) (*elb.AddTagsOutput, error) {
550551
panic("Not implemented")
551552
}
552553

553554
// RegisterInstancesWithLoadBalancer is not implemented but is required for
554555
// interface conformance
555-
func (elb *FakeELB) RegisterInstancesWithLoadBalancer(ctx context.Context, input *elb.RegisterInstancesWithLoadBalancerInput, opts ...func(*elb.Options)) (*elb.RegisterInstancesWithLoadBalancerOutput, error) {
556+
func (e *FakeELB) RegisterInstancesWithLoadBalancer(ctx context.Context, input *elb.RegisterInstancesWithLoadBalancerInput, opts ...func(*elb.Options)) (*elb.RegisterInstancesWithLoadBalancerOutput, error) {
556557
panic("Not implemented")
557558
}
558559

559560
// DeregisterInstancesFromLoadBalancer is not implemented but is required for
560561
// interface conformance
561-
func (elb *FakeELB) DeregisterInstancesFromLoadBalancer(ctx context.Context, input *elb.DeregisterInstancesFromLoadBalancerInput, opts ...func(*elb.Options)) (*elb.DeregisterInstancesFromLoadBalancerOutput, error) {
562+
func (e *FakeELB) DeregisterInstancesFromLoadBalancer(ctx context.Context, input *elb.DeregisterInstancesFromLoadBalancerInput, opts ...func(*elb.Options)) (*elb.DeregisterInstancesFromLoadBalancerOutput, error) {
562563
panic("Not implemented")
563564
}
564565

565566
// DetachLoadBalancerFromSubnets is not implemented but is required for
566567
// interface conformance
567-
func (elb *FakeELB) DetachLoadBalancerFromSubnets(ctx context.Context, input *elb.DetachLoadBalancerFromSubnetsInput, opts ...func(*elb.Options)) (*elb.DetachLoadBalancerFromSubnetsOutput, error) {
568+
func (e *FakeELB) DetachLoadBalancerFromSubnets(ctx context.Context, input *elb.DetachLoadBalancerFromSubnetsInput, opts ...func(*elb.Options)) (*elb.DetachLoadBalancerFromSubnetsOutput, error) {
568569
panic("Not implemented")
569570
}
570571

571572
// AttachLoadBalancerToSubnets is not implemented but is required for interface
572573
// conformance
573-
func (elb *FakeELB) AttachLoadBalancerToSubnets(ctx context.Context, input *elb.AttachLoadBalancerToSubnetsInput, opts ...func(*elb.Options)) (*elb.AttachLoadBalancerToSubnetsOutput, error) {
574+
func (e *FakeELB) AttachLoadBalancerToSubnets(ctx context.Context, input *elb.AttachLoadBalancerToSubnetsInput, opts ...func(*elb.Options)) (*elb.AttachLoadBalancerToSubnetsOutput, error) {
574575
panic("Not implemented")
575576
}
576577

577578
// CreateLoadBalancerListeners is not implemented but is required for interface
578579
// conformance
579-
func (elb *FakeELB) CreateLoadBalancerListeners(ctx context.Context, input *elb.CreateLoadBalancerListenersInput, opts ...func(*elb.Options)) (*elb.CreateLoadBalancerListenersOutput, error) {
580+
func (e *FakeELB) CreateLoadBalancerListeners(ctx context.Context, input *elb.CreateLoadBalancerListenersInput, opts ...func(*elb.Options)) (*elb.CreateLoadBalancerListenersOutput, error) {
580581
panic("Not implemented")
581582
}
582583

583584
// DeleteLoadBalancerListeners is not implemented but is required for interface
584585
// conformance
585-
func (elb *FakeELB) DeleteLoadBalancerListeners(ctx context.Context, input *elb.DeleteLoadBalancerListenersInput, opts ...func(*elb.Options)) (*elb.DeleteLoadBalancerListenersOutput, error) {
586+
func (e *FakeELB) DeleteLoadBalancerListeners(ctx context.Context, input *elb.DeleteLoadBalancerListenersInput, opts ...func(*elb.Options)) (*elb.DeleteLoadBalancerListenersOutput, error) {
586587
panic("Not implemented")
587588
}
588589

589590
// ApplySecurityGroupsToLoadBalancer is not implemented but is required for
590591
// interface conformance
591-
func (elb *FakeELB) ApplySecurityGroupsToLoadBalancer(ctx context.Context, input *elb.ApplySecurityGroupsToLoadBalancerInput, opts ...func(*elb.Options)) (*elb.ApplySecurityGroupsToLoadBalancerOutput, error) {
592+
func (e *FakeELB) ApplySecurityGroupsToLoadBalancer(ctx context.Context, input *elb.ApplySecurityGroupsToLoadBalancerInput, opts ...func(*elb.Options)) (*elb.ApplySecurityGroupsToLoadBalancerOutput, error) {
592593
panic("Not implemented")
593594
}
594595

595596
// ConfigureHealthCheck is not implemented but is required for interface
596597
// conformance
597-
func (elb *FakeELB) ConfigureHealthCheck(ctx context.Context, input *elb.ConfigureHealthCheckInput, opts ...func(*elb.Options)) (*elb.ConfigureHealthCheckOutput, error) {
598+
func (e *FakeELB) ConfigureHealthCheck(ctx context.Context, input *elb.ConfigureHealthCheckInput, opts ...func(*elb.Options)) (*elb.ConfigureHealthCheckOutput, error) {
598599
panic("Not implemented")
599600
}
600601

601602
// CreateLoadBalancerPolicy is not implemented but is required for interface
602603
// conformance
603-
func (elb *FakeELB) CreateLoadBalancerPolicy(ctx context.Context, input *elb.CreateLoadBalancerPolicyInput, opts ...func(*elb.Options)) (*elb.CreateLoadBalancerPolicyOutput, error) {
604-
panic("Not implemented")
604+
func (e *FakeELB) CreateLoadBalancerPolicy(ctx context.Context, input *elb.CreateLoadBalancerPolicyInput, opts ...func(*elb.Options)) (*elb.CreateLoadBalancerPolicyOutput, error) {
605+
return &elb.CreateLoadBalancerPolicyOutput{}, nil
605606
}
606607

607608
// SetLoadBalancerPoliciesForBackendServer is not implemented but is required
608609
// for interface conformance
609-
func (elb *FakeELB) SetLoadBalancerPoliciesForBackendServer(ctx context.Context, input *elb.SetLoadBalancerPoliciesForBackendServerInput, opts ...func(*elb.Options)) (*elb.SetLoadBalancerPoliciesForBackendServerOutput, error) {
610+
func (e *FakeELB) SetLoadBalancerPoliciesForBackendServer(ctx context.Context, input *elb.SetLoadBalancerPoliciesForBackendServerInput, opts ...func(*elb.Options)) (*elb.SetLoadBalancerPoliciesForBackendServerOutput, error) {
610611
panic("Not implemented")
611612
}
612613

613614
// SetLoadBalancerPoliciesOfListener is not implemented but is required for
614615
// interface conformance
615-
func (elb *FakeELB) SetLoadBalancerPoliciesOfListener(ctx context.Context, input *elb.SetLoadBalancerPoliciesOfListenerInput, opts ...func(*elb.Options)) (*elb.SetLoadBalancerPoliciesOfListenerOutput, error) {
616+
func (e *FakeELB) SetLoadBalancerPoliciesOfListener(ctx context.Context, input *elb.SetLoadBalancerPoliciesOfListenerInput, opts ...func(*elb.Options)) (*elb.SetLoadBalancerPoliciesOfListenerOutput, error) {
616617
panic("Not implemented")
617618
}
618619

619620
// DescribeLoadBalancerPolicies is not implemented but is required for
620621
// interface conformance
621-
func (elb *FakeELB) DescribeLoadBalancerPolicies(ctx context.Context, input *elb.DescribeLoadBalancerPoliciesInput, opts ...func(*elb.Options)) (*elb.DescribeLoadBalancerPoliciesOutput, error) {
622-
panic("Not implemented")
622+
func (e *FakeELB) DescribeLoadBalancerPolicies(ctx context.Context, input *elb.DescribeLoadBalancerPoliciesInput, opts ...func(*elb.Options)) (*elb.DescribeLoadBalancerPoliciesOutput, error) {
623+
if aws.ToString(input.LoadBalancerName) == "" {
624+
return nil, &elbtypes.LoadBalancerAttributeNotFoundException{}
625+
}
626+
if len(input.PolicyNames) == 0 || input.PolicyNames[0] == "k8s-SSLNegotiationPolicy-" {
627+
return nil, &elbtypes.PolicyNotFoundException{}
628+
}
629+
return &elb.DescribeLoadBalancerPoliciesOutput{}, nil
623630
}
624631

625632
// DescribeLoadBalancerAttributes is not implemented but is required for
626633
// interface conformance
627-
func (elb *FakeELB) DescribeLoadBalancerAttributes(ctx context.Context, input *elb.DescribeLoadBalancerAttributesInput, opts ...func(*elb.Options)) (*elb.DescribeLoadBalancerAttributesOutput, error) {
634+
func (e *FakeELB) DescribeLoadBalancerAttributes(ctx context.Context, input *elb.DescribeLoadBalancerAttributesInput, opts ...func(*elb.Options)) (*elb.DescribeLoadBalancerAttributesOutput, error) {
628635
panic("Not implemented")
629636
}
630637

631638
// ModifyLoadBalancerAttributes is not implemented but is required for
632639
// interface conformance
633-
func (elb *FakeELB) ModifyLoadBalancerAttributes(ctx context.Context, input *elb.ModifyLoadBalancerAttributesInput, opts ...func(*elb.Options)) (*elb.ModifyLoadBalancerAttributesOutput, error) {
640+
func (e *FakeELB) ModifyLoadBalancerAttributes(ctx context.Context, input *elb.ModifyLoadBalancerAttributesInput, opts ...func(*elb.Options)) (*elb.ModifyLoadBalancerAttributesOutput, error) {
634641
panic("Not implemented")
635642
}
636643

pkg/providers/v1/aws_loadbalancer.go

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -816,6 +816,9 @@ func (c *Cloud) updateInstanceSecurityGroupsForNLB(ctx context.Context, lbName s
816816
if err != nil {
817817
return fmt.Errorf("error finding instance group: %q", err)
818818
}
819+
if sg == nil {
820+
return fmt.Errorf("error finding security group: %s", sgID)
821+
}
819822
clusterSGs[sgID] = sg
820823
}
821824
}
@@ -1505,13 +1508,16 @@ func (c *Cloud) ensureSSLNegotiationPolicy(ctx context.Context, loadBalancer *el
15051508
},
15061509
})
15071510
if err != nil {
1511+
// If DescribeLoadBalancerPolicies returns a PolicyNotFoundException, we must proceed and create the policy.
15081512
var notFoundErr *elbtypes.PolicyNotFoundException
15091513
if !errors.As(err, &notFoundErr) {
15101514
return fmt.Errorf("error describing security policies on load balancer: %q", err)
15111515
}
15121516
}
15131517

1514-
if len(result.PolicyDescriptions) > 0 {
1518+
// If DescribeLoadBalancerPolicies yielded a PolicyNotFoundException, result will be nil,
1519+
// so we must check before dereferencing
1520+
if result != nil && len(result.PolicyDescriptions) > 0 {
15151521
return nil
15161522
}
15171523

pkg/providers/v1/aws_loadbalancer_test.go

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1073,3 +1073,50 @@ func TestCloud_computeTargetGroupExpectedTargets(t *testing.T) {
10731073
})
10741074
}
10751075
}
1076+
1077+
// Make sure that errors returned by DescribeLoadBalancerPolicies are
1078+
// handled gracefully, and don't progress further into the function
1079+
func TestEnsureSSLNegotiationPolicyErrorHandling(t *testing.T) {
1080+
awsServices := NewFakeAWSServices(TestClusterID)
1081+
c, err := newAWSCloud(config.CloudConfig{}, awsServices)
1082+
if err != nil {
1083+
t.Errorf("Error building aws cloud: %v", err)
1084+
return
1085+
}
1086+
1087+
tests := []struct {
1088+
name string
1089+
loadBalancer *elbtypes.LoadBalancerDescription
1090+
policyName string
1091+
expectError bool
1092+
}{
1093+
{
1094+
name: "Expect LoadBalancerAttributeNotFoundException, error",
1095+
loadBalancer: &elbtypes.LoadBalancerDescription{
1096+
LoadBalancerName: aws.String(""),
1097+
},
1098+
policyName: "",
1099+
expectError: true,
1100+
},
1101+
{
1102+
name: "Expect PolicyNotFoundException, nil error",
1103+
loadBalancer: &elbtypes.LoadBalancerDescription{
1104+
LoadBalancerName: aws.String("test-lb"),
1105+
},
1106+
policyName: "",
1107+
expectError: false,
1108+
},
1109+
}
1110+
1111+
for _, test := range tests {
1112+
t.Run(test.name, func(t *testing.T) {
1113+
err := c.ensureSSLNegotiationPolicy(context.TODO(), test.loadBalancer, test.policyName)
1114+
if test.expectError && err == nil {
1115+
t.Errorf("Expected error but got none")
1116+
}
1117+
if !test.expectError && err != nil {
1118+
t.Errorf("Expected no error but got: %v", err)
1119+
}
1120+
})
1121+
}
1122+
}

tests/e2e/go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module k8s.io/cloud-provider-aws/tests/e2e
22

3-
go 1.24.7
3+
go 1.24.9
44

55
require (
66
github.com/onsi/ginkgo/v2 v2.19.0

0 commit comments

Comments
 (0)