kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update dependencies

This commit is contained in:
github-actions 2023-05-26 06:08:35 +00:00
parent bf01e499d2
commit fbcc63af2a
43 changed files with 1103 additions and 673 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
go.mod
View File

@ -14,9 +14,9 @@ require (
github.com/Masterminds/sprig/v3 v3.2.3
github.com/apparentlymart/go-cidr v1.1.0
github.com/aws/amazon-ec2-instance-selector/v2 v2.4.1
github.com/aws/aws-sdk-go v1.44.266
github.com/aws/aws-sdk-go v1.44.270
github.com/blang/semver/v4 v4.0.0
github.com/cert-manager/cert-manager v1.12.0
github.com/cert-manager/cert-manager v1.12.1
github.com/digitalocean/godo v1.99.0
github.com/go-ini/ini v1.67.0
github.com/go-logr/logr v1.2.4
@ -26,14 +26,14 @@ require (
github.com/google/go-tpm v0.3.3
github.com/google/go-tpm-tools v0.3.12
github.com/google/uuid v1.3.0
github.com/gophercloud/gophercloud v1.3.0
github.com/gophercloud/gophercloud v1.4.0
github.com/hetznercloud/hcloud-go v1.45.1
github.com/jacksontj/memberlistmesh v0.0.0-20190905163944-93462b9d2bb7
github.com/mitchellh/mapstructure v1.5.0
github.com/pelletier/go-toml v1.9.5
github.com/pkg/sftp v1.13.5
github.com/prometheus/client_golang v1.15.1
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.16
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17
github.com/sergi/go-diff v1.3.1
github.com/spf13/cobra v1.7.0
github.com/spf13/pflag v1.0.5
@ -43,12 +43,12 @@ require (
github.com/weaveworks/mesh v0.0.0-20191105120815-58dbcc3e8e63
go.uber.org/multierr v1.11.0
golang.org/x/crypto v0.9.0
golang.org/x/exp v0.0.0-20230519143937-03e91628a987
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
golang.org/x/net v0.10.0
golang.org/x/oauth2 v0.8.0
golang.org/x/sync v0.2.0
golang.org/x/sys v0.8.0
google.golang.org/api v0.123.0
google.golang.org/api v0.124.0
google.golang.org/grpc v1.55.0
google.golang.org/protobuf v1.30.0
gopkg.in/gcfg.v1 v1.2.3
@ -68,7 +68,7 @@ require (
k8s.io/kubelet v0.27.2
k8s.io/mount-utils v0.27.2
k8s.io/utils v0.0.0-20230505201702-9f6742963106
sigs.k8s.io/controller-runtime v0.15.0-beta.0
sigs.k8s.io/controller-runtime v0.15.0
sigs.k8s.io/structured-merge-diff/v4 v4.2.3
sigs.k8s.io/yaml v1.3.0
)
@ -130,7 +130,7 @@ require (
github.com/google/go-sev-guest v0.6.1 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/logger v1.1.1 // indirect
github.com/google/s2a-go v0.1.3 // indirect
github.com/google/s2a-go v0.1.4 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
github.com/googleapis/gax-go/v2 v2.8.0 // indirect
@ -212,7 +212,7 @@ require (
golang.org/x/text v0.9.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.9.1 // indirect
gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
@ -224,9 +224,9 @@ require (
k8s.io/component-helpers v0.27.2 // indirect
k8s.io/csi-translation-lib v0.27.0 // indirect
k8s.io/klog v1.0.0 // indirect
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5 // indirect
oras.land/oras-go v1.2.3 // indirect
sigs.k8s.io/gateway-api v0.6.2 // indirect
sigs.k8s.io/gateway-api v0.7.0 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/kustomize/api v0.13.2 // indirect
sigs.k8s.io/kustomize/kyaml v0.14.1 // indirect

47
go.sum
View File

@ -125,8 +125,8 @@ github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z
github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
github.com/aws/amazon-ec2-instance-selector/v2 v2.4.1 h1:DmxtwV+pkakkVRhxKcAgnLbxCxvT7k8DBG271dfKPZ8=
github.com/aws/amazon-ec2-instance-selector/v2 v2.4.1/go.mod h1:AEJrtkLkCkfIBIazidrVrgZqaXl+9dxI/wRgjdw+7G0=
github.com/aws/aws-sdk-go v1.44.266 h1:MWd775dcYf7NrwgcHLtlsIbWoWkX8p4vomfNHr88zH0=
github.com/aws/aws-sdk-go v1.44.266/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
github.com/aws/aws-sdk-go v1.44.270 h1:fRdrwRVO0PpRSks/bNFXSRexA7Zm+k6pvKRpnrpAmeg=
github.com/aws/aws-sdk-go v1.44.270/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@ -140,8 +140,8 @@ github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZ
github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cert-manager/cert-manager v1.12.0 h1:CWIZeWop7RwFCIKgSzsxFFGcI2nvudkOICBMDY7SKuI=
github.com/cert-manager/cert-manager v1.12.0/go.mod h1:vRRQLs67q9PN/3SILHpiLbzuG63c4I0+q6pbppEWChs=
github.com/cert-manager/cert-manager v1.12.1 h1:QA8/diGdInzBRhqiyTITPC+wI9FaXbgOAAT3Dwe9KZE=
github.com/cert-manager/cert-manager v1.12.1/go.mod h1:ql0msU88JCcQSceN+PFjEY8U+AMe13y06vO2klJk8bs=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
@ -230,7 +230,6 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.m
github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
@ -387,8 +386,8 @@ github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLe
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/s2a-go v0.1.3 h1:FAgZmpLl/SXurPEZyCMPBIiiYeTbqfjlbdnCNTAkbGE=
github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc=
github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@ -406,8 +405,8 @@ github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0
github.com/googleapis/gax-go/v2 v2.8.0 h1:UBtEZqx1bjXtOQ5BVTkuYghXrr3N4V123VKJK67vJZc=
github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI=
github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
github.com/gophercloud/gophercloud v1.3.0 h1:RUKyCMiZoQR3VlVR5E3K7PK1AC3/qppsWYo6dtBiqs8=
github.com/gophercloud/gophercloud v1.3.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM=
github.com/gophercloud/gophercloud v1.4.0 h1:RqEu43vaX0lb0LanZr5BylK5ICVxjpFFoc0sxivyuHU=
github.com/gophercloud/gophercloud v1.4.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM=
github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
@ -574,7 +573,7 @@ github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn
github.com/oliveagle/jsonpath v0.0.0-20180606110733-2e52cf6e6852 h1:Yl0tPBa8QPjGmesFh1D0rDy+q1Twx6FyU7VWHi8wZbI=
github.com/oliveagle/jsonpath v0.0.0-20180606110733-2e52cf6e6852/go.mod h1:eqOVx5Vwu4gd2mmMZvVZsgIqNSaW3xxRThUJ0k/TPk4=
github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=
github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8=
@ -649,8 +648,8 @@ github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD
github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
github.com/sahilm/fuzzy v0.1.0 h1:FzWGaw2Opqyu+794ZQ9SYifWv2EIXpwP4q8dY1kDAwI=
github.com/sahilm/fuzzy v0.1.0/go.mod h1:VFvziUEIMCrT6A6tw2RFIXPXXmzXbOsSHF0DOI8ZK9Y=
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.16 h1:Ted1/3BGV1d0c7J+69N+brveAgJNWZlWnI8iYP3dZMs=
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.16/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg=
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17 h1:1WuWJu7/e8SqK+uQl7lfk/N/oMZTL2NE/TJsNKRNMc4=
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg=
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
@ -790,8 +789,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
golang.org/x/exp v0.0.0-20230519143937-03e91628a987 h1:3xJIFvzUFbu4ls0BTBYcgbCGhA63eAOEMxIHugyXJqA=
golang.org/x/exp v0.0.0-20230519143937-03e91628a987/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc=
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@ -1075,8 +1074,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY=
gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY=
gomodules.xyz/jsonpatch/v2 v2.3.0 h1:8NFhfS6gzxNqjLIYnZxg319wZ5Qjnx4m/CcX+Klzazc=
gomodules.xyz/jsonpatch/v2 v2.3.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@ -1107,8 +1106,8 @@ google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqiv
google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
google.golang.org/api v0.60.0/go.mod h1:d7rl65NZAkEQ90JFzqBjcRq1TVeG5ZoGV3sSpEnnVb4=
google.golang.org/api v0.123.0 h1:yHVU//vA+qkOhm4reEC9LtzHVUCN/IqqNRl1iQ9xE20=
google.golang.org/api v0.123.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms=
google.golang.org/api v0.124.0 h1:dP6Ef1VgOGqQ8eiv4GiY8RhmeyqzovcXBYPDUYG8Syo=
google.golang.org/api v0.124.0/go.mod h1:xu2HQurE5gi/3t1aFCvhPD781p0a3p11sdunTJ2BlP4=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@ -1297,8 +1296,8 @@ k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5 h1:azYPdzztXxPSa8wb+hksEKayiz0o+PPisO/d+QhWnoo=
k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5/go.mod h1:kzo02I3kQ4BTtEfVLaPbjvCkX97YqGve33wzlb3fofQ=
k8s.io/kubectl v0.27.2 h1:sSBM2j94MHBFRWfHIWtEXWCicViQzZsb177rNsKBhZg=
k8s.io/kubectl v0.27.2/go.mod h1:GCOODtxPcrjh+EC611MqREkU8RjYBh10ldQCQ6zpFKw=
k8s.io/kubelet v0.27.2 h1:vpJnBkqQjxItEhehKG0toXoZ+G+tf4UXAOqtMJy6qgc=
@ -1312,10 +1311,10 @@ oras.land/oras-go v1.2.3/go.mod h1:M/uaPdYklze0Vf3AakfarnpoEckvw0ESbRdN8Z1vdJg=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/controller-runtime v0.15.0-beta.0 h1:pkhYMops8jZrVuI0kBHeF6q9UVu1JljIGGG4Ox5ZJmk=
sigs.k8s.io/controller-runtime v0.15.0-beta.0/go.mod h1:YUTa+du31rqOu4mJaijiuhGFax9ecCJgO/v0/yW09gE=
sigs.k8s.io/gateway-api v0.6.2 h1:583XHiX2M2bKEA0SAdkoxL1nY73W1+/M+IAm8LJvbEA=
sigs.k8s.io/gateway-api v0.6.2/go.mod h1:EYJT+jlPWTeNskjV0JTki/03WX1cyAnBhwBJfYHpV/0=
sigs.k8s.io/controller-runtime v0.15.0 h1:ML+5Adt3qZnMSYxZ7gAverBLNPSMQEibtzAgp0UPojU=
sigs.k8s.io/controller-runtime v0.15.0/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk=
sigs.k8s.io/gateway-api v0.7.0 h1:/mG8yyJNBifqvuVLW5gwlI4CQs0NR/5q4BKUlf1bVdY=
sigs.k8s.io/gateway-api v0.7.0/go.mod h1:Xv0+ZMxX0lu1nSSDIIPEfbVztgNZ+3cfiYrJsa2Ooso=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/kustomize/api v0.13.2 h1:kejWfLeJhUsTGioDoFNJET5LQe/ajzXhJGYoU+pJsiA=

12
tests/e2e/go.mod
View File

@ -35,7 +35,7 @@ require (
github.com/StackExchange/wmi v1.2.1 // indirect
github.com/acomagu/bufpipe v1.0.3 // indirect
github.com/apparentlymart/go-cidr v1.1.0 // indirect
github.com/aws/aws-sdk-go v1.44.266 // indirect
github.com/aws/aws-sdk-go v1.44.270 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/blang/semver v3.5.1+incompatible // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
@ -69,11 +69,11 @@ require (
github.com/google/go-github/v33 v33.0.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/gofuzz v1.2.1-0.20210504230335-f78f29fc09ea // indirect
github.com/google/s2a-go v0.1.3 // indirect
github.com/google/s2a-go v0.1.4 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
github.com/googleapis/gax-go/v2 v2.8.0 // indirect
github.com/gophercloud/gophercloud v1.3.0 // indirect
github.com/gophercloud/gophercloud v1.4.0 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/imdario/mergo v0.3.15 // indirect
@ -113,7 +113,7 @@ require (
go.opencensus.io v0.24.0 // indirect
go4.org v0.0.0-20201209231011-d4a079459e60 // indirect
golang.org/x/crypto v0.9.0 // indirect
golang.org/x/exp v0.0.0-20230519143937-03e91628a987 // indirect
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect
golang.org/x/mod v0.10.0 // indirect
golang.org/x/net v0.10.0 // indirect
golang.org/x/oauth2 v0.8.0 // indirect
@ -124,7 +124,7 @@ require (
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.9.1 // indirect
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
google.golang.org/api v0.123.0 // indirect
google.golang.org/api v0.124.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
google.golang.org/grpc v1.55.0 // indirect
@ -133,7 +133,7 @@ require (
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5 // indirect
k8s.io/release v0.7.1-0.20210204090829-09fb5e3883b8 // indirect
k8s.io/test-infra v0.0.0-20210730160938-8ad9b8c53bd8 // indirect
k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect

24
tests/e2e/go.sum
View File

@ -306,8 +306,8 @@ github.com/aws/aws-sdk-go v1.31.6/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU
github.com/aws/aws-sdk-go v1.31.12/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
github.com/aws/aws-sdk-go v1.34.28/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48=
github.com/aws/aws-sdk-go v1.37.22/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
github.com/aws/aws-sdk-go v1.44.266 h1:MWd775dcYf7NrwgcHLtlsIbWoWkX8p4vomfNHr88zH0=
github.com/aws/aws-sdk-go v1.44.266/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
github.com/aws/aws-sdk-go v1.44.270 h1:fRdrwRVO0PpRSks/bNFXSRexA7Zm+k6pvKRpnrpAmeg=
github.com/aws/aws-sdk-go v1.44.270/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I=
github.com/bazelbuild/buildtools v0.0.0-20190917191645-69366ca98f89/go.mod h1:5JP0TXzWDHXv8qvxRC4InIazwdyDseBDbzESUMKk1yU=
github.com/bazelbuild/buildtools v0.0.0-20200922170545-10384511ce98/go.mod h1:5JP0TXzWDHXv8qvxRC4InIazwdyDseBDbzESUMKk1yU=
@ -1071,8 +1071,8 @@ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLe
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg=
github.com/google/s2a-go v0.1.3 h1:FAgZmpLl/SXurPEZyCMPBIiiYeTbqfjlbdnCNTAkbGE=
github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc=
github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
@ -1104,8 +1104,8 @@ github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2c
github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
github.com/gookit/color v1.2.4/go.mod h1:AhIE+pS6D4Ql0SQWbBeXPHw7gY0/sjHoA4s/n1KB7xg=
github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
github.com/gophercloud/gophercloud v1.3.0 h1:RUKyCMiZoQR3VlVR5E3K7PK1AC3/qppsWYo6dtBiqs8=
github.com/gophercloud/gophercloud v1.3.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM=
github.com/gophercloud/gophercloud v1.4.0 h1:RqEu43vaX0lb0LanZr5BylK5ICVxjpFFoc0sxivyuHU=
github.com/gophercloud/gophercloud v1.4.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/goreleaser/goreleaser v0.136.0/go.mod h1:wiKrPUeSNh6Wu8nUHxZydSOVQ/OZvOaO7DTtFqie904=
github.com/goreleaser/nfpm v1.2.1/go.mod h1:TtWrABZozuLOttX2uDlYyECfQX7x5XYkVxhjYcR6G9w=
@ -2094,8 +2094,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
golang.org/x/exp v0.0.0-20230519143937-03e91628a987 h1:3xJIFvzUFbu4ls0BTBYcgbCGhA63eAOEMxIHugyXJqA=
golang.org/x/exp v0.0.0-20230519143937-03e91628a987/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc=
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@ -2593,8 +2593,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR
google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8=
google.golang.org/api v0.123.0 h1:yHVU//vA+qkOhm4reEC9LtzHVUCN/IqqNRl1iQ9xE20=
google.golang.org/api v0.123.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms=
google.golang.org/api v0.124.0 h1:dP6Ef1VgOGqQ8eiv4GiY8RhmeyqzovcXBYPDUYG8Syo=
google.golang.org/api v0.124.0/go.mod h1:xu2HQurE5gi/3t1aFCvhPD781p0a3p11sdunTJ2BlP4=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@ -2960,8 +2960,8 @@ k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7/go.mod h1:wXW5VT87nVfh/iL
k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk=
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5 h1:azYPdzztXxPSa8wb+hksEKayiz0o+PPisO/d+QhWnoo=
k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5/go.mod h1:kzo02I3kQ4BTtEfVLaPbjvCkX97YqGve33wzlb3fofQ=
k8s.io/kubectl v0.17.2/go.mod h1:y4rfLV0n6aPmvbRCqZQjvOp3ezxsFgpqL+zF5jH/lxk=
k8s.io/kubernetes v1.11.10/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=

21
vendor/github.com/aws/aws-sdk-go/aws/config.go generated vendored
View File

@ -252,8 +252,19 @@ type Config struct {
// and specify a Retryer instead.
SleepDelay func(time.Duration)
// Deprecated: This setting no longer has any effect.
// RESTful paths are no longer cleaned after request serialization.
// DisableRestProtocolURICleaning will not clean the URL path when making rest protocol requests.
// Will default to false. This would only be used for empty directory names in s3 requests.
//
// Example:
// sess := session.Must(session.NewSession(&aws.Config{
// DisableRestProtocolURICleaning: aws.Bool(true),
// }))
//
// svc := s3.New(sess)
// out, err := svc.GetObject(&s3.GetObjectInput {
// Bucket: aws.String("bucketname"),
// Key: aws.String("//foo//bar//moo"),
// })
DisableRestProtocolURICleaning *bool
// EnableEndpointDiscovery will allow for endpoint discovery on operations that
@ -486,8 +497,8 @@ func (c *Config) WithLowerCaseHeaderMaps(t bool) *Config {
return c
}
// Deprecated: This setting no longer has any effect.
// RESTful paths are no longer cleaned after request serialization.
// WithDisableRestProtocolURICleaning sets a config DisableRestProtocolURICleaning value
// returning a Config pointer for chaining.
func (c *Config) WithDisableRestProtocolURICleaning(t bool) *Config {
c.DisableRestProtocolURICleaning = &t
return c
@ -600,7 +611,7 @@ func mergeInConfig(dst *Config, other *Config) {
if other.DisableRestProtocolURICleaning != nil {
dst.DisableRestProtocolURICleaning = other.DisableRestProtocolURICleaning
}
if other.EnforceShouldRetryCheck != nil {
dst.EnforceShouldRetryCheck = other.EnforceShouldRetryCheck
}

137
vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go generated vendored
View File

@ -5286,6 +5286,9 @@ var awsPartition = partition{
endpointKey{
Region: "ap-southeast-3",
}: endpoint{},
endpointKey{
Region: "ap-southeast-4",
}: endpoint{},
endpointKey{
Region: "ca-central-1",
}: endpoint{},
@ -6100,6 +6103,15 @@ var awsPartition = partition{
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-west-1",
}: endpoint{
Hostname: "cognito-identity-fips.us-west-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-1",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-west-2",
}: endpoint{
@ -6136,6 +6148,12 @@ var awsPartition = partition{
endpointKey{
Region: "us-west-1",
}: endpoint{},
endpointKey{
Region: "us-west-1",
Variant: fipsVariant,
}: endpoint{
Hostname: "cognito-identity-fips.us-west-1.amazonaws.com",
},
endpointKey{
Region: "us-west-2",
}: endpoint{},
@ -7589,6 +7607,9 @@ var awsPartition = partition{
endpointKey{
Region: "ap-southeast-3",
}: endpoint{},
endpointKey{
Region: "ap-southeast-4",
}: endpoint{},
endpointKey{
Region: "ca-central-1",
}: endpoint{},
@ -11634,6 +11655,9 @@ var awsPartition = partition{
endpointKey{
Region: "ap-southeast-3",
}: endpoint{},
endpointKey{
Region: "ap-southeast-4",
}: endpoint{},
endpointKey{
Region: "ca-central-1",
}: endpoint{},
@ -12139,6 +12163,9 @@ var awsPartition = partition{
endpointKey{
Region: "ap-southeast-3",
}: endpoint{},
endpointKey{
Region: "ap-southeast-4",
}: endpoint{},
endpointKey{
Region: "ca-central-1",
}: endpoint{},
@ -13853,13 +13880,6 @@ var awsPartition = partition{
},
},
"iot": service{
Defaults: endpointDefaults{
defaultKey{}: endpoint{
CredentialScope: credentialScope{
Service: "execute-api",
},
},
},
Endpoints: serviceEndpoints{
endpointKey{
Region: "ap-east-1",
@ -13907,45 +13927,35 @@ var awsPartition = partition{
Region: "fips-ca-central-1",
}: endpoint{
Hostname: "iot-fips.ca-central-1.amazonaws.com",
CredentialScope: credentialScope{
Service: "execute-api",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-east-1",
}: endpoint{
Hostname: "iot-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Service: "execute-api",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-east-2",
}: endpoint{
Hostname: "iot-fips.us-east-2.amazonaws.com",
CredentialScope: credentialScope{
Service: "execute-api",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-west-1",
}: endpoint{
Hostname: "iot-fips.us-west-1.amazonaws.com",
CredentialScope: credentialScope{
Service: "execute-api",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-west-2",
}: endpoint{
Hostname: "iot-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Service: "execute-api",
},
Deprecated: boxedTrue,
},
endpointKey{
@ -17797,6 +17807,55 @@ var awsPartition = partition{
}: endpoint{},
},
},
"mediapackagev2": service{
Endpoints: serviceEndpoints{
endpointKey{
Region: "ap-northeast-1",
}: endpoint{},
endpointKey{
Region: "ap-northeast-2",
}: endpoint{},
endpointKey{
Region: "ap-south-1",
}: endpoint{},
endpointKey{
Region: "ap-southeast-1",
}: endpoint{},
endpointKey{
Region: "ap-southeast-2",
}: endpoint{},
endpointKey{
Region: "eu-central-1",
}: endpoint{},
endpointKey{
Region: "eu-north-1",
}: endpoint{},
endpointKey{
Region: "eu-west-1",
}: endpoint{},
endpointKey{
Region: "eu-west-2",
}: endpoint{},
endpointKey{
Region: "eu-west-3",
}: endpoint{},
endpointKey{
Region: "sa-east-1",
}: endpoint{},
endpointKey{
Region: "us-east-1",
}: endpoint{},
endpointKey{
Region: "us-east-2",
}: endpoint{},
endpointKey{
Region: "us-west-1",
}: endpoint{},
endpointKey{
Region: "us-west-2",
}: endpoint{},
},
},
"mediastore": service{
Endpoints: serviceEndpoints{
endpointKey{
@ -22667,6 +22726,9 @@ var awsPartition = partition{
endpointKey{
Region: "ap-southeast-3",
}: endpoint{},
endpointKey{
Region: "ap-southeast-4",
}: endpoint{},
endpointKey{
Region: "ca-central-1",
}: endpoint{},
@ -27946,12 +28008,21 @@ var awsPartition = partition{
},
"transcribestreaming": service{
Endpoints: serviceEndpoints{
endpointKey{
Region: "af-south-1",
}: endpoint{},
endpointKey{
Region: "ap-northeast-1",
}: endpoint{},
endpointKey{
Region: "ap-northeast-2",
}: endpoint{},
endpointKey{
Region: "ap-south-1",
}: endpoint{},
endpointKey{
Region: "ap-southeast-1",
}: endpoint{},
endpointKey{
Region: "ap-southeast-2",
}: endpoint{},
@ -31387,13 +31458,6 @@ var awscnPartition = partition{
},
},
"iot": service{
Defaults: endpointDefaults{
defaultKey{}: endpoint{
CredentialScope: credentialScope{
Service: "execute-api",
},
},
},
Endpoints: serviceEndpoints{
endpointKey{
Region: "cn-north-1",
@ -35300,30 +35364,19 @@ var awsusgovPartition = partition{
},
},
"iot": service{
Defaults: endpointDefaults{
defaultKey{}: endpoint{
CredentialScope: credentialScope{
Service: "execute-api",
},
},
},
Endpoints: serviceEndpoints{
endpointKey{
Region: "fips-us-gov-east-1",
}: endpoint{
Hostname: "iot-fips.us-gov-east-1.amazonaws.com",
CredentialScope: credentialScope{
Service: "execute-api",
},
Deprecated: boxedTrue,
},
endpointKey{
Region: "fips-us-gov-west-1",
}: endpoint{
Hostname: "iot-fips.us-gov-west-1.amazonaws.com",
CredentialScope: credentialScope{
Service: "execute-api",
},
Deprecated: boxedTrue,
},
endpointKey{

11
vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go generated vendored
View File

@ -3,7 +3,7 @@
// Provides request signing for request that need to be signed with
// AWS V4 Signatures.
//
// Standalone Signer
// # Standalone Signer
//
// Generally using the signer outside of the SDK should not require any additional
// logic when using Go v1.5 or higher. The signer does this by taking advantage
@ -14,10 +14,10 @@
// The signer will first check the URL.Opaque field, and use its value if set.
// The signer does require the URL.Opaque field to be set in the form of:
//
// "//<hostname>/<path>"
// "//<hostname>/<path>"
//
// // e.g.
// "//example.com/some/path"
// // e.g.
// "//example.com/some/path"
//
// The leading "//" and hostname are required or the URL.Opaque escaping will
// not work correctly.
@ -695,7 +695,8 @@ func (ctx *signingCtx) buildBodyDigest() error {
includeSHA256Header := ctx.unsignedPayload ||
ctx.ServiceName == "s3" ||
ctx.ServiceName == "s3-object-lambda" ||
ctx.ServiceName == "glacier"
ctx.ServiceName == "glacier" ||
ctx.ServiceName == "s3-outposts"
s3Presign := ctx.isPresign &&
(ctx.ServiceName == "s3" ||

2
vendor/github.com/aws/aws-sdk-go/aws/version.go generated vendored
View File

@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK
const SDKVersion = "1.44.266"
const SDKVersion = "1.44.270"

17
vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go generated vendored
View File

@ -9,6 +9,7 @@ import (
"math"
"net/http"
"net/url"
"path"
"reflect"
"strconv"
"strings"
@ -133,6 +134,9 @@ func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bo
}
r.HTTPRequest.URL.RawQuery = query.Encode()
if !aws.BoolValue(r.Config.DisableRestProtocolURICleaning) {
cleanPath(r.HTTPRequest.URL)
}
}
func buildBody(r *request.Request, v reflect.Value) {
@ -240,6 +244,19 @@ func buildQueryString(query url.Values, v reflect.Value, name string, tag reflec
return nil
}
func cleanPath(u *url.URL) {
hasSlash := strings.HasSuffix(u.Path, "/")
// clean up path, removing duplicate `/`
u.Path = path.Clean(u.Path)
u.RawPath = path.Clean(u.RawPath)
if hasSlash && !strings.HasSuffix(u.Path, "/") {
u.Path += "/"
u.RawPath += "/"
}
}
// EscapePath escapes part of a URL path in Amazon style
func EscapePath(path string, encodeSep bool) string {
var buf bytes.Buffer

54
vendor/github.com/cert-manager/cert-manager/LICENSES generated vendored
View File

@ -41,7 +41,7 @@ github.com/go-asn1-ber/asn1-ber,https://github.com/go-asn1-ber/asn1-ber/blob/v1.
github.com/go-ldap/ldap/v3,https://github.com/go-ldap/ldap/blob/v3.4.4/v3/LICENSE,MIT
github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.2.4/LICENSE,Apache-2.0
github.com/go-logr/stdr,https://github.com/go-logr/stdr/blob/v1.2.2/LICENSE,Apache-2.0
github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.2.3/LICENSE,Apache-2.0
github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.2.4/LICENSE,Apache-2.0
github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.19.6/LICENSE,Apache-2.0
github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.20.1/LICENSE,Apache-2.0
github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.3/LICENSE,Apache-2.0
@ -86,8 +86,8 @@ github.com/moby/spdystream,https://github.com/moby/spdystream/blob/v0.2.0/LICENS
github.com/modern-go/concurrent,https://github.com/modern-go/concurrent/blob/bacd9c7ef1dd/LICENSE,Apache-2.0
github.com/modern-go/reflect2,https://github.com/modern-go/reflect2/blob/v1.0.2/LICENSE,Apache-2.0
github.com/munnerz/goautoneg,https://github.com/munnerz/goautoneg/blob/a7dc8b61c822/LICENSE,BSD-3-Clause
github.com/onsi/ginkgo/v2,https://github.com/onsi/ginkgo/blob/v2.9.4/LICENSE,MIT
github.com/onsi/gomega,https://github.com/onsi/gomega/blob/v1.27.6/LICENSE,MIT
github.com/onsi/ginkgo/v2,https://github.com/onsi/ginkgo/blob/v2.9.5/LICENSE,MIT
github.com/onsi/gomega,https://github.com/onsi/gomega/blob/v1.27.7/LICENSE,MIT
github.com/patrickmn/go-cache,https://github.com/patrickmn/go-cache/blob/v2.1.0/LICENSE,MIT
github.com/pavlo-v-chernykh/keystore-go/v4,https://github.com/pavlo-v-chernykh/keystore-go/blob/v4.4.1/LICENSE,MIT
github.com/pierrec/lz4,https://github.com/pierrec/lz4/blob/v2.5.2/LICENSE,BSD-3-Clause
@ -122,14 +122,14 @@ go.uber.org/atomic,https://github.com/uber-go/atomic/blob/v1.9.0/LICENSE.txt,MIT
go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.6.0/LICENSE.txt,MIT
go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.24.0/LICENSE.txt,MIT
golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.6.0:LICENSE,BSD-3-Clause
golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.9.0:LICENSE,BSD-3-Clause
golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.10.0:LICENSE,BSD-3-Clause
golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.5.0:LICENSE,BSD-3-Clause
golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.1.0:LICENSE,BSD-3-Clause
golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.2.0:LICENSE,BSD-3-Clause
golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.8.0:LICENSE,BSD-3-Clause
golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.7.0:LICENSE,BSD-3-Clause
golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.8.0:LICENSE,BSD-3-Clause
golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.9.0:LICENSE,BSD-3-Clause
golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.3.0:LICENSE,BSD-3-Clause
gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.2.0/v2/LICENSE,Apache-2.0
gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.3.0/v2/LICENSE,Apache-2.0
google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.111.0/LICENSE,BSD-3-Clause
google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.111.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause
google.golang.org/genproto,https://github.com/googleapis/go-genproto/blob/7f2fa6fef1f4/LICENSE,Apache-2.0
@ -142,26 +142,26 @@ gopkg.in/square/go-jose.v2,https://github.com/square/go-jose/blob/v2.6.0/LICENSE
gopkg.in/square/go-jose.v2/json,https://github.com/square/go-jose/blob/v2.6.0/json/LICENSE,BSD-3-Clause
gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0
gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT
k8s.io/api,https://github.com/kubernetes/api/blob/v0.27.1/LICENSE,Apache-2.0
k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.27.1/LICENSE,Apache-2.0
k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.27.1/LICENSE,Apache-2.0
k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.27.1/third_party/forked/golang/LICENSE,BSD-3-Clause
k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.27.1/LICENSE,Apache-2.0
k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.27.1/LICENSE,Apache-2.0
k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.27.1/LICENSE,Apache-2.0
k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.90.1/LICENSE,Apache-2.0
k8s.io/kms,https://github.com/kubernetes/kms/blob/v0.27.1/LICENSE,Apache-2.0
k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.27.1/LICENSE,Apache-2.0
k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/15aac26d736a/LICENSE,Apache-2.0
k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/15aac26d736a/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause
k8s.io/kube-openapi/pkg/validation/errors,https://github.com/kubernetes/kube-openapi/blob/15aac26d736a/pkg/validation/errors/LICENSE,Apache-2.0
k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/15aac26d736a/pkg/validation/spec/LICENSE,Apache-2.0
k8s.io/kube-openapi/pkg/validation/strfmt,https://github.com/kubernetes/kube-openapi/blob/15aac26d736a/pkg/validation/strfmt/LICENSE,Apache-2.0
k8s.io/utils,https://github.com/kubernetes/utils/blob/d93618cff8a2/LICENSE,Apache-2.0
k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/d93618cff8a2/internal/third_party/forked/golang/LICENSE,BSD-3-Clause
sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.1.1/konnectivity-client/LICENSE,Apache-2.0
sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/c2e3d6d6350e/LICENSE,Apache-2.0
sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v0.6.2/LICENSE,Apache-2.0
k8s.io/api,https://github.com/kubernetes/api/blob/v0.27.2/LICENSE,Apache-2.0
k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.27.2/LICENSE,Apache-2.0
k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.27.2/LICENSE,Apache-2.0
k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.27.2/third_party/forked/golang/LICENSE,BSD-3-Clause
k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.27.2/LICENSE,Apache-2.0
k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.27.2/LICENSE,Apache-2.0
k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.27.2/LICENSE,Apache-2.0
k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.100.1/LICENSE,Apache-2.0
k8s.io/kms,https://github.com/kubernetes/kms/blob/v0.27.2/LICENSE,Apache-2.0
k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.27.2/LICENSE,Apache-2.0
k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/54b630e78af5/LICENSE,Apache-2.0
k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/54b630e78af5/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause
k8s.io/kube-openapi/pkg/validation/errors,https://github.com/kubernetes/kube-openapi/blob/54b630e78af5/pkg/validation/errors/LICENSE,Apache-2.0
k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/54b630e78af5/pkg/validation/spec/LICENSE,Apache-2.0
k8s.io/kube-openapi/pkg/validation/strfmt,https://github.com/kubernetes/kube-openapi/blob/54b630e78af5/pkg/validation/strfmt/LICENSE,Apache-2.0
k8s.io/utils,https://github.com/kubernetes/utils/blob/9f6742963106/LICENSE,Apache-2.0
k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/9f6742963106/internal/third_party/forked/golang/LICENSE,BSD-3-Clause
sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.1.2/konnectivity-client/LICENSE,Apache-2.0
sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.15.0/LICENSE,Apache-2.0
sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v0.7.0/LICENSE,Apache-2.0
sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0
sigs.k8s.io/structured-merge-diff/v4,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.2.3/LICENSE,Apache-2.0
sigs.k8s.io/yaml,https://github.com/kubernetes-sigs/yaml/blob/v1.3.0/LICENSE,MIT

19
vendor/github.com/google/s2a-go/internal/handshaker/service/service.go generated vendored
View File

@ -21,8 +21,9 @@ package service
import (
"context"
"flag"
"net"
"os"
"strings"
"sync"
"time"
@ -32,10 +33,10 @@ import (
"google.golang.org/grpc/grpclog"
)
// An environment variable, if true, opportunistically use AppEngine-specific dialer to call S2A.
const enableAppEngineDialerEnv = "S2A_ENABLE_APP_ENGINE_DIALER"
var (
// enableAppEngineDialer indicates whether an AppEngine-specific dial option
// should be used.
enableAppEngineDialer bool
// appEngineDialerHook is an AppEngine-specific dial option that is set
// during init time. If nil, then the application is not running on Google
// AppEngine.
@ -50,7 +51,6 @@ var (
)
func init() {
flag.BoolVar(&enableAppEngineDialer, "s2a_enable_appengine_dialer", false, "If true, opportunistically use AppEngine-specific dialer to call S2A.")
if !appengine.IsAppEngine() && !appengine.IsDevAppServer() {
return
}
@ -75,7 +75,7 @@ func Dial(handshakerServiceAddress string) (*grpc.ClientConn, error) {
grpcOpts := []grpc.DialOption{
grpc.WithInsecure(),
}
if enableAppEngineDialer && appEngineDialerHook != nil {
if enableAppEngineDialer() && appEngineDialerHook != nil {
if grpclog.V(1) {
grpclog.Info("Using AppEngine-specific dialer to talk to S2A.")
}
@ -90,3 +90,10 @@ func Dial(handshakerServiceAddress string) (*grpc.ClientConn, error) {
}
return hsConn, nil
}
func enableAppEngineDialer() bool {
if strings.ToLower(os.Getenv(enableAppEngineDialerEnv)) == "true" {
return true
}
return false
}

296
vendor/github.com/google/s2a-go/internal/proto/v2/s2a_go_proto/s2a.pb.go generated vendored
View File

@ -1727,6 +1727,8 @@ type ValidatePeerCertificateChainReq_ServerPeer struct {
CertificateChain [][]byte `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
// The expected hostname of the server.
ServerHostname string `protobuf:"bytes,2,opt,name=server_hostname,json=serverHostname,proto3" json:"server_hostname,omitempty"`
// The UnrestrictedClientPolicy specified by the user.
SerializedUnrestrictedClientPolicy []byte `protobuf:"bytes,3,opt,name=serialized_unrestricted_client_policy,json=serializedUnrestrictedClientPolicy,proto3" json:"serialized_unrestricted_client_policy,omitempty"`
}
func (x *ValidatePeerCertificateChainReq_ServerPeer) Reset() {
@ -1775,6 +1777,13 @@ func (x *ValidatePeerCertificateChainReq_ServerPeer) GetServerHostname() string
return ""
}
func (x *ValidatePeerCertificateChainReq_ServerPeer) GetSerializedUnrestrictedClientPolicy() []byte {
if x != nil {
return x.SerializedUnrestrictedClientPolicy
}
return nil
}
var File_internal_proto_v2_s2a_s2a_proto protoreflect.FileDescriptor
var file_internal_proto_v2_s2a_s2a_proto_rawDesc = []byte{
@ -1960,7 +1969,7 @@ var file_internal_proto_v2_s2a_s2a_proto_rawDesc = []byte{
0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f,
0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x1b, 0x0a, 0x09,
0x6f, 0x75, 0x74, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52,
0x08, 0x6f, 0x75, 0x74, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0xa4, 0x04, 0x0a, 0x1f, 0x56, 0x61,
0x08, 0x6f, 0x75, 0x74, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0xf8, 0x04, 0x0a, 0x1f, 0x56, 0x61,
0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x52, 0x0a,
0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3e, 0x2e, 0x73, 0x32,
@ -1983,151 +1992,156 @@ var file_internal_proto_v2_s2a_s2a_proto_rawDesc = []byte{
0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x65, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x65, 0x72,
0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01,
0x20, 0x03, 0x28, 0x0c, 0x52, 0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x1a, 0x62, 0x0a, 0x0a, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
0x50, 0x65, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52,
0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69,
0x6e, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x68, 0x6f, 0x73, 0x74,
0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x65, 0x72, 0x76,
0x65, 0x72, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x46, 0x0a, 0x10, 0x56, 0x65,
0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x0f,
0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
0x0a, 0x0a, 0x06, 0x53, 0x50, 0x49, 0x46, 0x46, 0x45, 0x10, 0x01, 0x12, 0x15, 0x0a, 0x11, 0x43,
0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x5f, 0x54, 0x4f, 0x5f, 0x47, 0x4f, 0x4f, 0x47, 0x4c, 0x45,
0x10, 0x02, 0x42, 0x0c, 0x0a, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66,
0x22, 0xb2, 0x02, 0x0a, 0x20, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65,
0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69,
0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x6c, 0x0a, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74,
0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e,
0x32, 0x3f, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e,
0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74,
0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70,
0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c,
0x74, 0x52, 0x10, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73,
0x75, 0x6c, 0x74, 0x12, 0x2d, 0x0a, 0x12, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69,
0x6c, 0x73, 0x12, 0x32, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x03, 0x20,
0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
0x76, 0x32, 0x2e, 0x53, 0x32, 0x41, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x07, 0x63,
0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x3d, 0x0a, 0x10, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61,
0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e,
0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x53,
0x55, 0x43, 0x43, 0x45, 0x53, 0x53, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x41, 0x49, 0x4c,
0x55, 0x52, 0x45, 0x10, 0x02, 0x22, 0x97, 0x05, 0x0a, 0x0a, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f,
0x6e, 0x52, 0x65, 0x71, 0x12, 0x3a, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x69, 0x64,
0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73,
0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74,
0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79,
0x12, 0x62, 0x0a, 0x19, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69,
0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x73, 0x18, 0x02, 0x20,
0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
0x76, 0x32, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x4d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x52, 0x18, 0x61, 0x75, 0x74, 0x68,
0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x63, 0x68, 0x61, 0x6e,
0x69, 0x73, 0x6d, 0x73, 0x12, 0x61, 0x0a, 0x19, 0x67, 0x65, 0x74, 0x5f, 0x74, 0x6c, 0x73, 0x5f,
0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65,
0x71, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e,
0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x48, 0x00, 0x52,
0x16, 0x67, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61,
0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x77, 0x0a, 0x21, 0x6f, 0x66, 0x66, 0x6c, 0x6f,
0x61, 0x64, 0x5f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f,
0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x04, 0x20, 0x01,
0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76,
0x32, 0x2e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65,
0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x48,
0x00, 0x52, 0x1d, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74,
0x65, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71,
0x12, 0x80, 0x01, 0x0a, 0x24, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x72, 0x65, 0x73,
0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f, 0x70, 0x65, 0x72,
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32,
0x2e, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x4f,
0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e,
0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x48,
0x00, 0x52, 0x20, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70,
0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
0x52, 0x65, 0x71, 0x12, 0x7d, 0x0a, 0x23, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x5f,
0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b,
0x32, 0x2d, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e,
0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74,
0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x48,
0x00, 0x52, 0x1f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43,
0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52,
0x65, 0x71, 0x42, 0x0b, 0x0a, 0x09, 0x72, 0x65, 0x71, 0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x22,
0xb4, 0x04, 0x0a, 0x0b, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12,
0x2c, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
0x14, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53,
0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x64, 0x0a,
0x1a, 0x67, 0x65, 0x74, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75,
0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28,
0x0b, 0x32, 0x25, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32,
0x2e, 0x47, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61,
0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52, 0x17, 0x67, 0x65, 0x74, 0x54,
0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
0x65, 0x73, 0x70, 0x12, 0x7a, 0x0a, 0x22, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x70,
0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61,
0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
0x2c, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x4f,
0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79,
0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52,
0x1e, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b,
0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12,
0x83, 0x01, 0x0a, 0x25, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x75,
0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61,
0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
0x2f, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x4f,
0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e,
0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70,
0x48, 0x00, 0x52, 0x21, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d,
0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x80, 0x01, 0x0a, 0x24, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61,
0x74, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x05,
0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x1a, 0xb5, 0x01, 0x0a, 0x0a, 0x53, 0x65, 0x72, 0x76, 0x65,
0x72, 0x50, 0x65, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c,
0x52, 0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61,
0x69, 0x6e, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x68, 0x6f, 0x73,
0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x65, 0x72,
0x76, 0x65, 0x72, 0x48, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x51, 0x0a, 0x25, 0x73,
0x65, 0x72, 0x69, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x5f, 0x75, 0x6e, 0x72, 0x65, 0x73, 0x74,
0x72, 0x69, 0x63, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x70, 0x6f,
0x6c, 0x69, 0x63, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x22, 0x73, 0x65, 0x72, 0x69,
0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x55, 0x6e, 0x72, 0x65, 0x73, 0x74, 0x72, 0x69, 0x63, 0x74,
0x65, 0x64, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x46,
0x0a, 0x10, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f,
0x64, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45,
0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x50, 0x49, 0x46, 0x46, 0x45, 0x10, 0x01, 0x12,
0x15, 0x0a, 0x11, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x5f, 0x54, 0x4f, 0x5f, 0x47, 0x4f,
0x4f, 0x47, 0x4c, 0x45, 0x10, 0x02, 0x42, 0x0c, 0x0a, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x6f,
0x6e, 0x65, 0x6f, 0x66, 0x22, 0xb2, 0x02, 0x0a, 0x20, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74,
0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x6c, 0x0a, 0x11, 0x76, 0x61, 0x6c,
0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x01,
0x20, 0x01, 0x28, 0x0e, 0x32, 0x3f, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x2e, 0x76, 0x32, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72,
0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e,
0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52, 0x20, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65,
0x52, 0x65, 0x73, 0x70, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x10, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x2d, 0x0a, 0x12, 0x76, 0x61, 0x6c, 0x69, 0x64,
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x02, 0x20,
0x01, 0x28, 0x09, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44,
0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x32, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78,
0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x32, 0x41, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78,
0x74, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x3d, 0x0a, 0x10, 0x56, 0x61,
0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x0f,
0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
0x0b, 0x0a, 0x07, 0x53, 0x55, 0x43, 0x43, 0x45, 0x53, 0x53, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07,
0x46, 0x41, 0x49, 0x4c, 0x55, 0x52, 0x45, 0x10, 0x02, 0x22, 0x97, 0x05, 0x0a, 0x0a, 0x53, 0x65,
0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x3a, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61,
0x6c, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
0x32, 0x13, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x49, 0x64, 0x65,
0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e,
0x74, 0x69, 0x74, 0x79, 0x12, 0x62, 0x0a, 0x19, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69,
0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d,
0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63,
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x52, 0x18,
0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65,
0x63, 0x68, 0x61, 0x6e, 0x69, 0x73, 0x6d, 0x73, 0x12, 0x61, 0x0a, 0x19, 0x67, 0x65, 0x74, 0x5f,
0x74, 0x6c, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x73, 0x32,
0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x54, 0x6c,
0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
0x71, 0x48, 0x00, 0x52, 0x16, 0x67, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69,
0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x77, 0x0a, 0x21, 0x6f,
0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b,
0x65, 0x79, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x71,
0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f,
0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69,
0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x1d, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72,
0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x52, 0x65, 0x71, 0x12, 0x80, 0x01, 0x0a, 0x24, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64,
0x5f, 0x72, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x5f,
0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x05, 0x20,
0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
0x76, 0x32, 0x2e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70,
0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x20, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65,
0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61,
0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x12, 0x7d, 0x0a, 0x23, 0x76, 0x61, 0x6c, 0x69, 0x64,
0x61, 0x74, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x06,
0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x2e, 0x76, 0x32, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72,
0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e,
0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x1f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x50,
0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68,
0x61, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x42, 0x0b, 0x0a, 0x09, 0x72, 0x65, 0x71, 0x5f, 0x6f, 0x6e,
0x65, 0x6f, 0x66, 0x22, 0xb4, 0x04, 0x0a, 0x0b, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52,
0x65, 0x73, 0x70, 0x12, 0x2c, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20,
0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
0x76, 0x32, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75,
0x73, 0x12, 0x64, 0x0a, 0x1a, 0x67, 0x65, 0x74, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x6f, 0x6e,
0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18,
0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74,
0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x47, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69,
0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52, 0x17,
0x67, 0x65, 0x74, 0x54, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74,
0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x7a, 0x0a, 0x22, 0x6f, 0x66, 0x66, 0x6c, 0x6f,
0x61, 0x64, 0x5f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f,
0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x03, 0x20,
0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
0x76, 0x32, 0x2e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74,
0x65, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73,
0x70, 0x48, 0x00, 0x52, 0x1e, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x50, 0x72, 0x69, 0x76,
0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
0x65, 0x73, 0x70, 0x12, 0x83, 0x01, 0x0a, 0x25, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x5f,
0x72, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x6f,
0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x18, 0x04, 0x20,
0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
0x76, 0x32, 0x2e, 0x4f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70,
0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52, 0x21, 0x6f, 0x66, 0x66, 0x6c, 0x6f, 0x61, 0x64, 0x52,
0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x4f, 0x70, 0x65, 0x72,
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x12, 0x80, 0x01, 0x0a, 0x24, 0x76, 0x61,
0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74,
0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x72, 0x65,
0x73, 0x70, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70,
0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65,
0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43,
0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x42, 0x0c, 0x0a, 0x0a, 0x72, 0x65, 0x73, 0x70,
0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x2a, 0xa2, 0x03, 0x0a, 0x12, 0x53, 0x69, 0x67, 0x6e, 0x61,
0x74, 0x75, 0x72, 0x65, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x1c, 0x0a,
0x18, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x55, 0x4e,
0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x21, 0x0a, 0x1d, 0x53,
0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f,
0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x21,
0x0a, 0x1d, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52,
0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10,
0x02, 0x12, 0x21, 0x0a, 0x1d, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47,
0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x35,
0x31, 0x32, 0x10, 0x03, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f,
0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32,
0x35, 0x36, 0x52, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x27, 0x0a,
0x23, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x43,
0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, 0x5f, 0x53, 0x48,
0x41, 0x33, 0x38, 0x34, 0x10, 0x05, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53,
0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43,
0x50, 0x35, 0x32, 0x31, 0x52, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x06, 0x12,
0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x48, 0x00, 0x52, 0x20, 0x76, 0x61, 0x6c, 0x69,
0x64, 0x61, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x42, 0x0c, 0x0a, 0x0a,
0x72, 0x65, 0x73, 0x70, 0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x2a, 0xa2, 0x03, 0x0a, 0x12, 0x53,
0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68,
0x6d, 0x12, 0x1c, 0x0a, 0x18, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47,
0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
0x21, 0x0a, 0x1d, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f,
0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36,
0x10, 0x01, 0x12, 0x21, 0x0a, 0x1d, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49,
0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x53, 0x48, 0x41,
0x33, 0x38, 0x34, 0x10, 0x02, 0x12, 0x21, 0x0a, 0x1d, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c,
0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f,
0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x03, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x32, 0x41, 0x5f,
0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53,
0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x52, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10,
0x04, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47,
0x4e, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, 0x52,
0x31, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x05, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x32,
0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41,
0x5f, 0x53, 0x45, 0x43, 0x50, 0x35, 0x32, 0x31, 0x52, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x35, 0x31,
0x32, 0x10, 0x06, 0x12, 0x24, 0x0a, 0x20, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53,
0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x52, 0x53, 0x41, 0x45,
0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x07, 0x12, 0x24, 0x0a, 0x20, 0x53, 0x32, 0x41,
0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53,
0x53, 0x5f, 0x52, 0x53, 0x41, 0x45, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x08, 0x12,
0x24, 0x0a, 0x20, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f,
0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x52, 0x53, 0x41, 0x45, 0x5f, 0x53, 0x48, 0x41,
0x32, 0x35, 0x36, 0x10, 0x07, 0x12, 0x24, 0x0a, 0x20, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c,
0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x52, 0x53,
0x41, 0x45, 0x5f, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x08, 0x12, 0x24, 0x0a, 0x20, 0x53,
0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x52, 0x53, 0x41, 0x5f,
0x50, 0x53, 0x53, 0x5f, 0x52, 0x53, 0x41, 0x45, 0x5f, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10,
0x09, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x49, 0x47,
0x4e, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x0a, 0x32, 0x57, 0x0a, 0x0a, 0x53,
0x32, 0x41, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x49, 0x0a, 0x0c, 0x53, 0x65, 0x74,
0x55, 0x70, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x2e, 0x73, 0x32, 0x61, 0x2e,
0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e,
0x52, 0x65, 0x71, 0x1a, 0x19, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
0x76, 0x32, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x22, 0x00,
0x28, 0x01, 0x30, 0x01, 0x42, 0x36, 0x5a, 0x34, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63,
0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x73, 0x32, 0x61, 0x2f, 0x69, 0x6e,
0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x76, 0x32, 0x2f,
0x73, 0x32, 0x61, 0x5f, 0x67, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72,
0x6f, 0x74, 0x6f, 0x33,
0x35, 0x31, 0x32, 0x10, 0x09, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x32, 0x41, 0x5f, 0x53, 0x53, 0x4c,
0x5f, 0x53, 0x49, 0x47, 0x4e, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x0a, 0x32,
0x57, 0x0a, 0x0a, 0x53, 0x32, 0x41, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x49, 0x0a,
0x0c, 0x53, 0x65, 0x74, 0x55, 0x70, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x2e,
0x73, 0x32, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x65, 0x73,
0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x1a, 0x19, 0x2e, 0x73, 0x32, 0x61, 0x2e, 0x70, 0x72,
0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65,
0x73, 0x70, 0x22, 0x00, 0x28, 0x01, 0x30, 0x01, 0x42, 0x36, 0x5a, 0x34, 0x67, 0x69, 0x74, 0x68,
0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x73, 0x32,
0x61, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x2f, 0x76, 0x32, 0x2f, 0x73, 0x32, 0x61, 0x5f, 0x67, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (

18
vendor/github.com/google/s2a-go/internal/v2/certverifier/certverifier.go generated vendored
View File

@ -23,6 +23,7 @@ import (
"crypto/x509"
"fmt"
"github.com/google/s2a-go/stream"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/grpclog"
@ -31,13 +32,13 @@ import (
// VerifyClientCertificateChain builds a SessionReq, sends it to S2Av2 and
// receives a SessionResp.
func VerifyClientCertificateChain(verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, cstream s2av2pb.S2AService_SetUpSessionClient) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
func VerifyClientCertificateChain(verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, s2AStream stream.S2AStream) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
// Offload verification to S2Av2.
if grpclog.V(1) {
grpclog.Infof("Sending request to S2Av2 for client peer cert chain validation.")
}
if err := cstream.Send(&s2av2pb.SessionReq{
if err := s2AStream.Send(&s2av2pb.SessionReq{
ReqOneof: &s2av2pb.SessionReq_ValidatePeerCertificateChainReq{
ValidatePeerCertificateChainReq: &s2av2pb.ValidatePeerCertificateChainReq{
Mode: verificationMode,
@ -54,7 +55,7 @@ func VerifyClientCertificateChain(verificationMode s2av2pb.ValidatePeerCertifica
}
// Get the response from S2Av2.
resp, err := cstream.Recv()
resp, err := s2AStream.Recv()
if err != nil {
grpclog.Infof("Failed to receive client peer cert chain validation response from S2Av2.")
return err
@ -76,20 +77,21 @@ func VerifyClientCertificateChain(verificationMode s2av2pb.ValidatePeerCertifica
// VerifyServerCertificateChain builds a SessionReq, sends it to S2Av2 and
// receives a SessionResp.
func VerifyServerCertificateChain(hostname string, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, cstream s2av2pb.S2AService_SetUpSessionClient) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
func VerifyServerCertificateChain(hostname string, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, s2AStream stream.S2AStream, serverAuthorizationPolicy []byte) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
// Offload verification to S2Av2.
if grpclog.V(1) {
grpclog.Infof("Sending request to S2Av2 for server peer cert chain validation.")
}
if err := cstream.Send(&s2av2pb.SessionReq{
if err := s2AStream.Send(&s2av2pb.SessionReq{
ReqOneof: &s2av2pb.SessionReq_ValidatePeerCertificateChainReq{
ValidatePeerCertificateChainReq: &s2av2pb.ValidatePeerCertificateChainReq{
Mode: verificationMode,
PeerOneof: &s2av2pb.ValidatePeerCertificateChainReq_ServerPeer_{
ServerPeer: &s2av2pb.ValidatePeerCertificateChainReq_ServerPeer{
CertificateChain: rawCerts,
ServerHostname: hostname,
CertificateChain: rawCerts,
ServerHostname: hostname,
SerializedUnrestrictedClientPolicy: serverAuthorizationPolicy,
},
},
},
@ -100,7 +102,7 @@ func VerifyServerCertificateChain(hostname string, verificationMode s2av2pb.Vali
}
// Get the response from S2Av2.
resp, err := cstream.Recv()
resp, err := s2AStream.Recv()
if err != nil {
grpclog.Infof("Failed to receive server peer cert chain validation response from S2Av2.")
return err

19
vendor/github.com/google/s2a-go/internal/v2/remotesigner/remotesigner.go generated vendored
View File

@ -26,6 +26,7 @@ import (
"fmt"
"io"
"github.com/google/s2a-go/stream"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/grpclog"
@ -34,14 +35,14 @@ import (
// remoteSigner implementes the crypto.Signer interface.
type remoteSigner struct {
leafCert *x509.Certificate
cstream s2av2pb.S2AService_SetUpSessionClient
leafCert *x509.Certificate
s2AStream stream.S2AStream
}
// New returns an instance of RemoteSigner, an implementation of the
// crypto.Signer interface.
func New(leafCert *x509.Certificate, cstream s2av2pb.S2AService_SetUpSessionClient) crypto.Signer {
return &remoteSigner{leafCert, cstream}
func New(leafCert *x509.Certificate, s2AStream stream.S2AStream) crypto.Signer {
return &remoteSigner{leafCert, s2AStream}
}
func (s *remoteSigner) Public() crypto.PublicKey {
@ -61,7 +62,7 @@ func (s *remoteSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpt
if grpclog.V(1) {
grpclog.Infof("Sending request to S2Av2 for signing operation.")
}
if err := s.cstream.Send(&s2av2pb.SessionReq{
if err := s.s2AStream.Send(&s2av2pb.SessionReq{
ReqOneof: &s2av2pb.SessionReq_OffloadPrivateKeyOperationReq{
OffloadPrivateKeyOperationReq: req,
},
@ -70,7 +71,7 @@ func (s *remoteSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpt
return nil, err
}
resp, err := s.cstream.Recv()
resp, err := s.s2AStream.Recv()
if err != nil {
grpclog.Infof("Failed to receive signing operation response from S2Av2.")
return nil, err
@ -88,9 +89,9 @@ func (s *remoteSigner) getCert() *x509.Certificate {
return s.leafCert
}
// getStream returns the cstream field in s.
func (s *remoteSigner) getStream() s2av2pb.S2AService_SetUpSessionClient {
return s.cstream
// getStream returns the s2AStream field in s.
func (s *remoteSigner) getStream() stream.S2AStream {
return s.s2AStream
}
func getSignReq(signatureAlgorithm s2av2pb.SignatureAlgorithm, digest []byte) (*s2av2pb.OffloadPrivateKeyOperationReq, error) {

97
vendor/github.com/google/s2a-go/internal/v2/s2av2.go generated vendored
View File

@ -24,8 +24,8 @@ import (
"context"
"crypto/tls"
"errors"
"flag"
"net"
"os"
"time"
"github.com/golang/protobuf/proto"
@ -33,6 +33,7 @@ import (
"github.com/google/s2a-go/internal/handshaker/service"
"github.com/google/s2a-go/internal/tokenmanager"
"github.com/google/s2a-go/internal/v2/tlsconfigstore"
"github.com/google/s2a-go/stream"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
"google.golang.org/grpc/grpclog"
@ -43,9 +44,11 @@ import (
const (
s2aSecurityProtocol = "tls"
defaultS2ATimeout = 3 * time.Second
)
var S2ATimeout = flag.Duration("s2a_timeout", 3*time.Second, "Timeout enforced on the connection to the S2A service for handshake.")
// An environment variable, which sets the timeout enforced on the connection to the S2A service for handshake.
const s2aTimeoutEnv = "S2A_TIMEOUT"
type s2av2TransportCreds struct {
info *credentials.ProtocolInfo
@ -56,14 +59,16 @@ type s2av2TransportCreds struct {
// localIdentity should only be used by the client.
localIdentity *commonpbv1.Identity
// localIdentities should only be used by the server.
localIdentities []*commonpbv1.Identity
verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode
fallbackClientHandshake fallback.ClientHandshake
localIdentities []*commonpbv1.Identity
verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode
fallbackClientHandshake fallback.ClientHandshake
getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)
serverAuthorizationPolicy []byte
}
// NewClientCreds returns a client-side transport credentials object that uses
// the S2Av2 to establish a secure connection with a server.
func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, fallbackClientHandshakeFunc fallback.ClientHandshake) (credentials.TransportCredentials, error) {
func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, fallbackClientHandshakeFunc fallback.ClientHandshake, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error), serverAuthorizationPolicy []byte) (credentials.TransportCredentials, error) {
// Create an AccessTokenManager instance to use to authenticate to S2Av2.
accessTokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
@ -71,12 +76,14 @@ func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, ver
info: &credentials.ProtocolInfo{
SecurityProtocol: s2aSecurityProtocol,
},
isClient: true,
serverName: "",
s2av2Address: s2av2Address,
localIdentity: localIdentity,
verificationMode: verificationMode,
fallbackClientHandshake: fallbackClientHandshakeFunc,
isClient: true,
serverName: "",
s2av2Address: s2av2Address,
localIdentity: localIdentity,
verificationMode: verificationMode,
fallbackClientHandshake: fallbackClientHandshakeFunc,
getS2AStream: getS2AStream,
serverAuthorizationPolicy: serverAuthorizationPolicy,
}
if err != nil {
creds.tokenManager = nil
@ -91,7 +98,7 @@ func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, ver
// NewServerCreds returns a server-side transport credentials object that uses
// the S2Av2 to establish a secure connection with a client.
func NewServerCreds(s2av2Address string, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode) (credentials.TransportCredentials, error) {
func NewServerCreds(s2av2Address string, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (credentials.TransportCredentials, error) {
// Create an AccessTokenManager instance to use to authenticate to S2Av2.
accessTokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
creds := &s2av2TransportCreds{
@ -102,6 +109,7 @@ func NewServerCreds(s2av2Address string, localIdentities []*commonpbv1.Identity,
s2av2Address: s2av2Address,
localIdentities: localIdentities,
verificationMode: verificationMode,
getS2AStream: getS2AStream,
}
if err != nil {
creds.tokenManager = nil
@ -121,9 +129,9 @@ func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthori
}
// Remove the port from serverAuthority.
serverName := removeServerNamePort(serverAuthority)
timeoutCtx, cancel := context.WithTimeout(ctx, *S2ATimeout)
timeoutCtx, cancel := context.WithTimeout(ctx, GetS2ATimeout())
defer cancel()
cstream, err := createStream(timeoutCtx, c.s2av2Address)
s2AStream, err := createStream(timeoutCtx, c.s2av2Address, c.getS2AStream)
if err != nil {
grpclog.Infof("Failed to connect to S2Av2: %v", err)
if c.fallbackClientHandshake != nil {
@ -131,7 +139,7 @@ func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthori
}
return nil, nil, err
}
defer cstream.CloseSend()
defer s2AStream.CloseSend()
if grpclog.V(1) {
grpclog.Infof("Connected to S2Av2.")
}
@ -145,7 +153,7 @@ func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthori
}
if c.serverName == "" {
config, err = tlsconfigstore.GetTLSConfigurationForClient(serverName, cstream, tokenManager, c.localIdentity, c.verificationMode)
config, err = tlsconfigstore.GetTLSConfigurationForClient(serverName, s2AStream, tokenManager, c.localIdentity, c.verificationMode, c.serverAuthorizationPolicy)
if err != nil {
grpclog.Info("Failed to get client TLS config from S2Av2: %v", err)
if c.fallbackClientHandshake != nil {
@ -154,7 +162,7 @@ func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthori
return nil, nil, err
}
} else {
config, err = tlsconfigstore.GetTLSConfigurationForClient(c.serverName, cstream, tokenManager, c.localIdentity, c.verificationMode)
config, err = tlsconfigstore.GetTLSConfigurationForClient(c.serverName, s2AStream, tokenManager, c.localIdentity, c.verificationMode, c.serverAuthorizationPolicy)
if err != nil {
grpclog.Info("Failed to get client TLS config from S2Av2: %v", err)
if c.fallbackClientHandshake != nil {
@ -186,14 +194,14 @@ func (c *s2av2TransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, crede
if c.isClient {
return nil, nil, errors.New("server handshake called using client transport credentials")
}
ctx, cancel := context.WithTimeout(context.Background(), *S2ATimeout)
ctx, cancel := context.WithTimeout(context.Background(), GetS2ATimeout())
defer cancel()
cstream, err := createStream(ctx, c.s2av2Address)
s2AStream, err := createStream(ctx, c.s2av2Address, c.getS2AStream)
if err != nil {
grpclog.Infof("Failed to connect to S2Av2: %v", err)
return nil, nil, err
}
defer cstream.CloseSend()
defer s2AStream.CloseSend()
if grpclog.V(1) {
grpclog.Infof("Connected to S2Av2.")
}
@ -205,7 +213,7 @@ func (c *s2av2TransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, crede
tokenManager = *c.tokenManager
}
config, err := tlsconfigstore.GetTLSConfigurationForServer(cstream, tokenManager, c.localIdentities, c.verificationMode)
config, err := tlsconfigstore.GetTLSConfigurationForServer(s2AStream, tokenManager, c.localIdentities, c.verificationMode)
if err != nil {
grpclog.Infof("Failed to get server TLS config from S2Av2: %v", err)
return nil, nil, err
@ -272,14 +280,15 @@ func NewClientTLSConfig(
s2av2Address string,
tokenManager tokenmanager.AccessTokenManager,
verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode,
serverName string) (*tls.Config, error) {
cstream, err := createStream(ctx, s2av2Address)
serverName string,
serverAuthorizationPolicy []byte) (*tls.Config, error) {
s2AStream, err := createStream(ctx, s2av2Address, nil)
if err != nil {
grpclog.Infof("Failed to connect to S2Av2: %v", err)
return nil, err
}
return tlsconfigstore.GetTLSConfigurationForClient(removeServerNamePort(serverName), cstream, tokenManager, nil, verificationMode)
return tlsconfigstore.GetTLSConfigurationForClient(removeServerNamePort(serverName), s2AStream, tokenManager, nil, verificationMode, serverAuthorizationPolicy)
}
// OverrideServerName sets the ServerName in the s2av2TransportCreds protocol
@ -300,12 +309,46 @@ func removeServerNamePort(serverName string) string {
return name
}
func createStream(ctx context.Context, s2av2Address string) (s2av2pb.S2AService_SetUpSessionClient, error) {
type s2AGrpcStream struct {
stream s2av2pb.S2AService_SetUpSessionClient
}
func (x s2AGrpcStream) Send(m *s2av2pb.SessionReq) error {
return x.stream.Send(m)
}
func (x s2AGrpcStream) Recv() (*s2av2pb.SessionResp, error) {
return x.stream.Recv()
}
func (x s2AGrpcStream) CloseSend() error {
return x.stream.CloseSend()
}
func createStream(ctx context.Context, s2av2Address string, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (stream.S2AStream, error) {
if getS2AStream != nil {
return getS2AStream(ctx, s2av2Address)
}
// TODO(rmehta19): Consider whether to close the connection to S2Av2.
conn, err := service.Dial(s2av2Address)
if err != nil {
return nil, err
}
client := s2av2pb.NewS2AServiceClient(conn)
return client.SetUpSession(ctx, []grpc.CallOption{}...)
gRPCStream, err := client.SetUpSession(ctx, []grpc.CallOption{}...)
if err != nil {
return nil, err
}
return &s2AGrpcStream{
stream: gRPCStream,
}, nil
}
// GetS2ATimeout returns the timeout enforced on the connection to the S2A service for handshake.
func GetS2ATimeout() time.Duration {
timeout, err := time.ParseDuration(os.Getenv(s2aTimeoutEnv))
if err != nil {
return defaultS2ATimeout
}
return timeout
}

29
vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/tlsconfigstore.go generated vendored
View File

@ -29,6 +29,7 @@ import (
"github.com/google/s2a-go/internal/tokenmanager"
"github.com/google/s2a-go/internal/v2/certverifier"
"github.com/google/s2a-go/internal/v2/remotesigner"
"github.com/google/s2a-go/stream"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/grpclog"
@ -43,14 +44,14 @@ const (
)
// GetTLSConfigurationForClient returns a tls.Config instance for use by a client application.
func GetTLSConfigurationForClient(serverHostname string, cstream s2av2pb.S2AService_SetUpSessionClient, tokenManager tokenmanager.AccessTokenManager, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode) (*tls.Config, error) {
func GetTLSConfigurationForClient(serverHostname string, s2AStream stream.S2AStream, tokenManager tokenmanager.AccessTokenManager, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, serverAuthorizationPolicy []byte) (*tls.Config, error) {
authMechanisms := getAuthMechanisms(tokenManager, []*commonpbv1.Identity{localIdentity})
if grpclog.V(1) {
grpclog.Infof("Sending request to S2Av2 for client TLS config.")
}
// Send request to S2Av2 for config.
if err := cstream.Send(&s2av2pb.SessionReq{
if err := s2AStream.Send(&s2av2pb.SessionReq{
LocalIdentity: localIdentity,
AuthenticationMechanisms: authMechanisms,
ReqOneof: &s2av2pb.SessionReq_GetTlsConfigurationReq{
@ -64,7 +65,7 @@ func GetTLSConfigurationForClient(serverHostname string, cstream s2av2pb.S2AServ
}
// Get the response containing config from S2Av2.
resp, err := cstream.Recv()
resp, err := s2AStream.Recv()
if err != nil {
grpclog.Infof("Failed to receive client TLS config response from S2Av2.")
return nil, err
@ -96,7 +97,7 @@ func GetTLSConfigurationForClient(serverHostname string, cstream s2av2pb.S2AServ
}
if len(tlsConfig.CertificateChain) > 0 {
cert.PrivateKey = remotesigner.New(cert.Leaf, cstream)
cert.PrivateKey = remotesigner.New(cert.Leaf, s2AStream)
if cert.PrivateKey == nil {
return nil, errors.New("failed to retrieve Private Key from Remote Signer Library")
}
@ -109,7 +110,7 @@ func GetTLSConfigurationForClient(serverHostname string, cstream s2av2pb.S2AServ
// Create mTLS credentials for client.
config := &tls.Config{
VerifyPeerCertificate: certverifier.VerifyServerCertificateChain(serverHostname, verificationMode, cstream),
VerifyPeerCertificate: certverifier.VerifyServerCertificateChain(serverHostname, verificationMode, s2AStream, serverAuthorizationPolicy),
ServerName: serverHostname,
InsecureSkipVerify: true, // NOLINT
ClientSessionCache: nil,
@ -125,9 +126,9 @@ func GetTLSConfigurationForClient(serverHostname string, cstream s2av2pb.S2AServ
}
// GetTLSConfigurationForServer returns a tls.Config instance for use by a server application.
func GetTLSConfigurationForServer(cstream s2av2pb.S2AService_SetUpSessionClient, tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode) (*tls.Config, error) {
func GetTLSConfigurationForServer(s2AStream stream.S2AStream, tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode) (*tls.Config, error) {
return &tls.Config{
GetConfigForClient: ClientConfig(tokenManager, localIdentities, verificationMode, cstream),
GetConfigForClient: ClientConfig(tokenManager, localIdentities, verificationMode, s2AStream),
}, nil
}
@ -135,9 +136,9 @@ func GetTLSConfigurationForServer(cstream s2av2pb.S2AService_SetUpSessionClient,
// connection with a client, based on SNI communicated during ClientHello.
// Ensures that server presents the correct certificate to establish a TLS
// connection.
func ClientConfig(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, cstream s2av2pb.S2AService_SetUpSessionClient) func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
func ClientConfig(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, s2AStream stream.S2AStream) func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
return func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
tlsConfig, err := getServerConfigFromS2Av2(tokenManager, localIdentities, chi.ServerName, cstream)
tlsConfig, err := getServerConfigFromS2Av2(tokenManager, localIdentities, chi.ServerName, s2AStream)
if err != nil {
return nil, err
}
@ -159,7 +160,7 @@ func ClientConfig(tokenManager tokenmanager.AccessTokenManager, localIdentities
}
}
cert.PrivateKey = remotesigner.New(cert.Leaf, cstream)
cert.PrivateKey = remotesigner.New(cert.Leaf, s2AStream)
if cert.PrivateKey == nil {
return nil, errors.New("failed to retrieve Private Key from Remote Signer Library")
}
@ -177,7 +178,7 @@ func ClientConfig(tokenManager tokenmanager.AccessTokenManager, localIdentities
// Create mTLS credentials for server.
return &tls.Config{
Certificates: []tls.Certificate{cert},
VerifyPeerCertificate: certverifier.VerifyClientCertificateChain(verificationMode, cstream),
VerifyPeerCertificate: certverifier.VerifyClientCertificateChain(verificationMode, s2AStream),
ClientAuth: clientAuth,
CipherSuites: cipherSuites,
SessionTicketsDisabled: true,
@ -218,14 +219,14 @@ func getTLSCipherSuite(tlsCipherSuite commonpb.Ciphersuite) uint16 {
}
}
func getServerConfigFromS2Av2(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, sni string, cstream s2av2pb.S2AService_SetUpSessionClient) (*s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration, error) {
func getServerConfigFromS2Av2(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, sni string, s2AStream stream.S2AStream) (*s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration, error) {
authMechanisms := getAuthMechanisms(tokenManager, localIdentities)
var locID *commonpbv1.Identity
if localIdentities != nil {
locID = localIdentities[0]
}
if err := cstream.Send(&s2av2pb.SessionReq{
if err := s2AStream.Send(&s2av2pb.SessionReq{
LocalIdentity: locID,
AuthenticationMechanisms: authMechanisms,
ReqOneof: &s2av2pb.SessionReq_GetTlsConfigurationReq{
@ -238,7 +239,7 @@ func getServerConfigFromS2Av2(tokenManager tokenmanager.AccessTokenManager, loca
return nil, err
}
resp, err := cstream.Recv()
resp, err := s2AStream.Recv()
if err != nil {
return nil, err
}

29
vendor/github.com/google/s2a-go/s2a.go generated vendored
View File

@ -111,7 +111,7 @@ func NewClientCreds(opts *ClientOptions) (credentials.TransportCredentials, erro
if opts.FallbackOpts != nil && opts.FallbackOpts.FallbackClientHandshakeFunc != nil {
fallbackFunc = opts.FallbackOpts.FallbackClientHandshakeFunc
}
return v2.NewClientCreds(opts.S2AAddress, localIdentity, verificationMode, fallbackFunc)
return v2.NewClientCreds(opts.S2AAddress, localIdentity, verificationMode, fallbackFunc, opts.getS2AStream, opts.serverAuthorizationPolicy)
}
// NewServerCreds returns a server-side transport credentials object that uses
@ -146,7 +146,7 @@ func NewServerCreds(opts *ServerOptions) (credentials.TransportCredentials, erro
}, nil
}
verificationMode := getVerificationMode(opts.VerificationMode)
return v2.NewServerCreds(opts.S2AAddress, localIdentities, verificationMode)
return v2.NewServerCreds(opts.S2AAddress, localIdentities, verificationMode, opts.getS2AStream)
}
// ClientHandshake initiates a client-side TLS handshake using the S2A.
@ -311,22 +311,25 @@ func NewTLSClientConfigFactory(opts *ClientOptions) (TLSClientConfigFactory, err
// which is okay in environments other than serverless.
grpclog.Infof("Access token manager not initialized: %v", err)
return &s2aTLSClientConfigFactory{
s2av2Address: opts.S2AAddress,
tokenManager: nil,
verificationMode: getVerificationMode(opts.VerificationMode),
s2av2Address: opts.S2AAddress,
tokenManager: nil,
verificationMode: getVerificationMode(opts.VerificationMode),
serverAuthorizationPolicy: opts.serverAuthorizationPolicy,
}, nil
}
return &s2aTLSClientConfigFactory{
s2av2Address: opts.S2AAddress,
tokenManager: tokenManager,
verificationMode: getVerificationMode(opts.VerificationMode),
s2av2Address: opts.S2AAddress,
tokenManager: tokenManager,
verificationMode: getVerificationMode(opts.VerificationMode),
serverAuthorizationPolicy: opts.serverAuthorizationPolicy,
}, nil
}
type s2aTLSClientConfigFactory struct {
s2av2Address string
tokenManager tokenmanager.AccessTokenManager
verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode
s2av2Address string
tokenManager tokenmanager.AccessTokenManager
verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode
serverAuthorizationPolicy []byte
}
func (f *s2aTLSClientConfigFactory) Build(
@ -335,7 +338,7 @@ func (f *s2aTLSClientConfigFactory) Build(
if opts != nil && opts.ServerName != "" {
serverName = opts.ServerName
}
return v2.NewClientTLSConfig(ctx, f.s2av2Address, f.tokenManager, f.verificationMode, serverName)
return v2.NewClientTLSConfig(ctx, f.s2av2Address, f.tokenManager, f.verificationMode, serverName, f.serverAuthorizationPolicy)
}
func getVerificationMode(verificationMode VerificationModeType) s2av2pb.ValidatePeerCertificateChainReq_VerificationMode {
@ -385,7 +388,7 @@ func NewS2ADialTLSContextFunc(opts *ClientOptions) func(ctx context.Context, net
if err != nil {
serverName = addr
}
timeoutCtx, cancel := context.WithTimeout(ctx, *v2.S2ATimeout)
timeoutCtx, cancel := context.WithTimeout(ctx, v2.GetS2ATimeout())
defer cancel()
s2aTLSConfig, err := factory.Build(timeoutCtx, &TLSClientConfigOptions{
ServerName: serverName,

11
vendor/github.com/google/s2a-go/s2a_options.go generated vendored
View File

@ -19,11 +19,13 @@
package s2a
import (
"context"
"crypto/tls"
"errors"
"sync"
"github.com/google/s2a-go/fallback"
"github.com/google/s2a-go/stream"
s2apb "github.com/google/s2a-go/internal/proto/common_go_proto"
)
@ -125,6 +127,12 @@ type ClientOptions struct {
// Optional fallback after dialing with S2A fails.
FallbackOpts *FallbackOptions
// Generates an S2AStream interface for talking to the S2A server.
getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)
// Serialized user specified policy for server authorization.
serverAuthorizationPolicy []byte
}
// FallbackOptions prescribes the fallback logic that should be taken if the application fails to connect with S2A.
@ -170,6 +178,9 @@ type ServerOptions struct {
// VerificationMode specifies the mode that S2A must use to verify the
// peer certificate chain.
VerificationMode VerificationModeType
// Generates an S2AStream interface for talking to the S2A server.
getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)
}
// DefaultServerOptions returns the default server options.

34
vendor/github.com/google/s2a-go/stream/s2a_stream.go generated vendored Normal file
View File

@ -0,0 +1,34 @@
/*
*
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
// Package stream provides an interface for bidirectional streaming to the S2A server.
package stream
import (
s2av2pb "github.com/google/s2a-go/internal/proto/v2/s2a_go_proto"
)
// S2AStream defines the operation for communicating with the S2A server over a bidirectional stream.
type S2AStream interface {
// Send sends the message to the S2A server.
Send(*s2av2pb.SessionReq) error
// Recv receives the message from the S2A server.
Recv() (*s2av2pb.SessionResp, error)
// Closes the channel to the S2A server.
CloseSend() error
}

25
vendor/github.com/gophercloud/gophercloud/CHANGELOG.md generated vendored
View File

@ -1,3 +1,28 @@
## v1.4.0 (2023-05-25)
New features and improvements:
* [GH-2465](https://github.com/gophercloud/gophercloud/pull/2465) keystone: add v3 limits update operation
* [GH-2596](https://github.com/gophercloud/gophercloud/pull/2596) keystone: add v3 limits get operation
* [GH-2618](https://github.com/gophercloud/gophercloud/pull/2618) keystone: add v3 limits delete operation
* [GH-2616](https://github.com/gophercloud/gophercloud/pull/2616) Add CRUD support for register limit APIs
* [GH-2610](https://github.com/gophercloud/gophercloud/pull/2610) Add PUT/HEAD/DELETE for identity/v3/OS-INHERIT
* [GH-2597](https://github.com/gophercloud/gophercloud/pull/2597) Add validation and optimise objects.BulkDelete
* [GH-2602](https://github.com/gophercloud/gophercloud/pull/2602) [swift v1]: introduce a TempURLKey argument for objects.CreateTempURLOpts struct
* [GH-2623](https://github.com/gophercloud/gophercloud/pull/2623) Add the ability to remove ingress/egress policies from fwaas_v2 groups
* [GH-2625](https://github.com/gophercloud/gophercloud/pull/2625) neutron: Support trunk_details extension
CI changes:
* [GH-2608](https://github.com/gophercloud/gophercloud/pull/2608) Drop train and ussuri jobs
* [GH-2589](https://github.com/gophercloud/gophercloud/pull/2589) Bump EmilienM/devstack-action from 0.10 to 0.11
* [GH-2604](https://github.com/gophercloud/gophercloud/pull/2604) Bump mheap/github-action-required-labels from 3 to 4
* [GH-2620](https://github.com/gophercloud/gophercloud/pull/2620) Pin goimport dep to a version that works with go 1.14
* [GH-2619](https://github.com/gophercloud/gophercloud/pull/2619) Fix version comparison for acceptance tests
* [GH-2627](https://github.com/gophercloud/gophercloud/pull/2627) Limits: Fix ToDo to create registered limit and use it
* [GH-2629](https://github.com/gophercloud/gophercloud/pull/2629) [manila]: Add share from snapshot restore functional test
## v1.3.0 (2023-03-28)
* [GH-2464](https://github.com/gophercloud/gophercloud/pull/2464) keystone: add v3 limits create operation

123
vendor/github.com/gophercloud/gophercloud/openstack/objectstorage/v1/objects/requests.go generated vendored
View File

@ -5,7 +5,10 @@ import (
"crypto/hmac"
"crypto/md5"
"crypto/sha1"
"crypto/sha256"
"crypto/sha512"
"fmt"
"hash"
"io"
"io/ioutil"
"strings"
@ -17,6 +20,25 @@ import (
"github.com/gophercloud/gophercloud/pagination"
)
// ErrTempURLKeyNotFound is an error indicating that the Temp URL key was
// neigther set nor resolved from a container or account metadata.
type ErrTempURLKeyNotFound struct{ gophercloud.ErrMissingInput }
func (e ErrTempURLKeyNotFound) Error() string {
return "Unable to obtain the Temp URL key."
}
// ErrTempURLDigestNotValid is an error indicating that the requested
// cryptographic hash function is not supported.
type ErrTempURLDigestNotValid struct {
gophercloud.ErrMissingInput
Digest string
}
func (e ErrTempURLDigestNotValid) Error() string {
return fmt.Sprintf("The requested %q digest is not supported.", e.Digest)
}
// ListOptsBuilder allows extensions to add additional parameters to the List
// request.
type ListOptsBuilder interface {
@ -504,15 +526,20 @@ type HTTPMethod string
var (
// GET represents an HTTP "GET" method.
GET HTTPMethod = "GET"
// HEAD represents an HTTP "HEAD" method.
HEAD HTTPMethod = "HEAD"
// PUT represents an HTTP "PUT" method.
PUT HTTPMethod = "PUT"
// POST represents an HTTP "POST" method.
POST HTTPMethod = "POST"
// DELETE represents an HTTP "DELETE" method.
DELETE HTTPMethod = "DELETE"
)
// CreateTempURLOpts are options for creating a temporary URL for an object.
type CreateTempURLOpts struct {
// (REQUIRED) Method is the HTTP method to allow for users of the temp URL.
// Valid values are "GET" and "POST".
// Valid values are "GET", "HEAD", "PUT", "POST" and "DELETE".
Method HTTPMethod
// (REQUIRED) TTL is the number of seconds the temp URL should be active.
@ -523,8 +550,21 @@ type CreateTempURLOpts struct {
// empty, the default OpenStack URL split point will be used ("/v1/").
Split string
// Timestamp is a timestamp to calculate Temp URL signature. Optional.
// (Optional) Timestamp is the current timestamp used to calculate the Temp URL
// signature. If not specified, the current UNIX timestamp is used as the base
// timestamp.
Timestamp time.Time
// (Optional) TempURLKey overrides the Swift container or account Temp URL key.
// TempURLKey must correspond to a target container/account key, otherwise the
// generated link will be invalid. If not specified, the key is obtained from
// a Swift container or account.
TempURLKey string
// (Optional) Digest specifies the cryptographic hash function used to
// calculate the signature. Valid values include sha1, sha256, and
// sha512. If not specified, the default hash function is sha1.
Digest string
}
// CreateTempURL is a function for creating a temporary URL for an object. It
@ -541,50 +581,83 @@ func CreateTempURL(c *gophercloud.ServiceClient, containerName, objectName strin
}
// Initialize time if it was not passed as opts
var date time.Time
if opts.Timestamp.IsZero() {
date = time.Now().UTC()
} else {
date = opts.Timestamp
date := opts.Timestamp
if date.IsZero() {
date = time.Now()
}
duration := time.Duration(opts.TTL) * time.Second
// UNIX time is always UTC
expiry := date.Add(duration).Unix()
getHeader, err := containers.Get(c, containerName, nil).Extract()
if err != nil {
return "", err
}
tempURLKey := getHeader.TempURLKey
// Initialize the tempURLKey to calculate a signature
tempURLKey := opts.TempURLKey
if tempURLKey == "" {
// fallback to an account TempURL key
getHeader, err := accounts.Get(c, nil).Extract()
// fallback to a container TempURL key
getHeader, err := containers.Get(c, containerName, nil).Extract()
if err != nil {
return "", err
}
tempURLKey = getHeader.TempURLKey
if tempURLKey == "" {
// fallback to an account TempURL key
getHeader, err := accounts.Get(c, nil).Extract()
if err != nil {
return "", err
}
tempURLKey = getHeader.TempURLKey
}
if tempURLKey == "" {
return "", ErrTempURLKeyNotFound{}
}
}
secretKey := []byte(tempURLKey)
splitPath := strings.Split(url, opts.Split)
baseURL, objectPath := splitPath[0], splitPath[1]
objectPath = opts.Split + objectPath
body := fmt.Sprintf("%s\n%d\n%s", opts.Method, expiry, objectPath)
hash := hmac.New(sha1.New, secretKey)
var hash hash.Hash
switch opts.Digest {
case "", "sha1":
hash = hmac.New(sha1.New, secretKey)
case "sha256":
hash = hmac.New(sha256.New, secretKey)
case "sha512":
hash = hmac.New(sha512.New, secretKey)
default:
return "", ErrTempURLDigestNotValid{Digest: opts.Digest}
}
hash.Write([]byte(body))
hexsum := fmt.Sprintf("%x", hash.Sum(nil))
return fmt.Sprintf("%s%s?temp_url_sig=%s&temp_url_expires=%d", baseURL, objectPath, hexsum, expiry), nil
}
// BulkDelete is a function that bulk deletes objects.
// In Swift, the maximum number of deletes per request is set by default to 10000.
//
// See:
// * https://github.com/openstack/swift/blob/6d3d4197151f44bf28b51257c1a4c5d33411dcae/etc/proxy-server.conf-sample#L1029-L1034
// * https://github.com/openstack/swift/blob/e8cecf7fcc1630ee83b08f9a73e1e59c07f8d372/swift/common/middleware/bulk.py#L309
func BulkDelete(c *gophercloud.ServiceClient, container string, objects []string) (r BulkDeleteResult) {
// urlencode object names to be on the safe side
// https://github.com/openstack/swift/blob/stable/train/swift/common/middleware/bulk.py#L160
// https://github.com/openstack/swift/blob/stable/train/swift/common/swob.py#L302
encodedObjects := make([]string, len(objects))
for i, v := range objects {
encodedObjects[i] = strings.Join([]string{container, v}, "/")
err := containers.CheckContainerName(container)
if err != nil {
r.Err = err
return
}
b := strings.NewReader(strings.Join(encodedObjects, "\n") + "\n")
resp, err := c.Post(bulkDeleteURL(c), b, &r.Body, &gophercloud.RequestOpts{
var body bytes.Buffer
for i := range objects {
if objects[i] == "" {
r.Err = fmt.Errorf("object names must not be the empty string")
return
}
body.WriteString(container)
body.WriteRune('/')
body.WriteString(objects[i])
body.WriteRune('\n')
}
resp, err := c.Post(bulkDeleteURL(c), &body, &r.Body, &gophercloud.RequestOpts{
MoreHeaders: map[string]string{
"Accept": "application/json",
"Content-Type": "text/plain",

2
vendor/github.com/gophercloud/gophercloud/provider_client.go generated vendored
View File

@ -14,7 +14,7 @@ import (
// DefaultUserAgent is the default User-Agent string set in the request header.
const (
DefaultUserAgent = "gophercloud/v1.3.0"
DefaultUserAgent = "gophercloud/v1.4.0"
DefaultMaxBackoffRetries = 60
)

86
vendor/github.com/scaleway/scaleway-sdk-go/api/iam/v1alpha1/iam_sdk.go generated vendored
View File

@ -496,9 +496,9 @@ type APIKey struct {
UpdatedAt *time.Time `json:"updated_at"`
// ExpiresAt: date and time of API key expiration.
ExpiresAt *time.Time `json:"expires_at"`
// DefaultProjectID: the default Project ID specified for this API key.
// DefaultProjectID: default Project ID specified for this API key.
DefaultProjectID string `json:"default_project_id"`
// Editable: whether or not the API key is editable.
// Editable: defines whether or not the API key is editable.
Editable bool `json:"editable"`
// CreationIP: IP address of the device that created the API key.
CreationIP string `json:"creation_ip"`
@ -518,7 +518,7 @@ type Application struct {
UpdatedAt *time.Time `json:"updated_at"`
// OrganizationID: ID of the Organization.
OrganizationID string `json:"organization_id"`
// Editable: whether or not the application is editable.
// Editable: defines whether or not the application is editable.
Editable bool `json:"editable"`
// NbAPIKeys: number of API keys attributed to the application.
NbAPIKeys uint32 `json:"nb_api_keys"`
@ -671,7 +671,7 @@ type Policy struct {
CreatedAt *time.Time `json:"created_at"`
// UpdatedAt: date and time of last policy update.
UpdatedAt *time.Time `json:"updated_at"`
// Editable: whether or not a policy is editable.
// Editable: defines whether or not a policy is editable.
Editable bool `json:"editable"`
// NbRules: number of rules of the policy.
NbRules uint32 `json:"nb_rules"`
@ -688,7 +688,7 @@ type Policy struct {
// ApplicationID: ID of the application attributed to the policy.
// Precisely one of ApplicationID, GroupID, NoPrincipal, UserID must be set.
ApplicationID *string `json:"application_id,omitempty"`
// NoPrincipal: whether or not a policy is attributed to a principal.
// NoPrincipal: defines whether or not a policy is attributed to a principal.
// Precisely one of ApplicationID, GroupID, NoPrincipal, UserID must be set.
NoPrincipal *bool `json:"no_principal,omitempty"`
}
@ -700,7 +700,7 @@ type Quotum struct {
// Limit: maximum limit of the quota.
// Precisely one of Limit, Unlimited must be set.
Limit *uint64 `json:"limit,omitempty"`
// Unlimited: whether or not the quota is unlimited.
// Unlimited: defines whether or not the quota is unlimited.
// Precisely one of Limit, Unlimited must be set.
Unlimited *bool `json:"unlimited,omitempty"`
}
@ -789,8 +789,10 @@ type User struct {
// Status: status of user invitation.
// Default value: unknown_status
Status UserStatus `json:"status"`
// Mfa: whether MFA is enabled.
// Mfa: defines whether MFA is enabled.
Mfa bool `json:"mfa"`
// AccountRootUserID: ID of the account root user associated with the user.
AccountRootUserID string `json:"account_root_user_id"`
}
// Service API
@ -811,7 +813,7 @@ type ListSSHKeysRequest struct {
Name *string `json:"-"`
// ProjectID: filter by Project ID.
ProjectID *string `json:"-"`
// Disabled: whether to include disabled SSH keys or not.
// Disabled: defines whether to include disabled SSH keys or not.
Disabled *bool `json:"-"`
}
@ -851,7 +853,7 @@ func (s *API) ListSSHKeys(req *ListSSHKeysRequest, opts ...scw.RequestOption) (*
}
type CreateSSHKeyRequest struct {
// Name: the name of the SSH key. Max length is 1000.
// Name: name of the SSH key. Max length is 1000.
Name string `json:"name"`
// PublicKey: SSH public key. Currently only the ssh-rsa, ssh-dss (DSA), ssh-ed25519 and ecdsa keys with NIST curves are supported. Max length is 65000.
PublicKey string `json:"public_key"`
@ -894,7 +896,7 @@ func (s *API) CreateSSHKey(req *CreateSSHKeyRequest, opts ...scw.RequestOption)
}
type GetSSHKeyRequest struct {
// SSHKeyID: the ID of the SSH key.
// SSHKeyID: ID of the SSH key.
SSHKeyID string `json:"-"`
}
@ -1107,7 +1109,7 @@ type ListApplicationsRequest struct {
Name *string `json:"-"`
// OrganizationID: ID of the Organization to filter.
OrganizationID *string `json:"-"`
// Editable: whether to filter out editable applications or not.
// Editable: defines whether to filter out editable applications or not.
Editable *bool `json:"-"`
// ApplicationIDs: filter by list of IDs.
ApplicationIDs []string `json:"-"`
@ -1530,6 +1532,44 @@ func (s *API) AddGroupMember(req *AddGroupMemberRequest, opts ...scw.RequestOpti
return &resp, nil
}
type AddGroupMembersRequest struct {
// GroupID: ID of the group.
GroupID string `json:"-"`
// UserIDs: iDs of the users to add.
UserIDs []string `json:"user_ids"`
// ApplicationIDs: iDs of the applications to add.
ApplicationIDs []string `json:"application_ids"`
}
// AddGroupMembers: add multiple users and applications to a group.
// Add multiple users and applications to a group in a single call. You can specify an array of `user_id`s and `application_id`s. Note that any existing users and applications in the group will remain. To add new users/applications and delete pre-existing ones, use the [Overwrite users and applications of a group](#path-groups-overwrite-users-and-applications-of-a-group) method.
func (s *API) AddGroupMembers(req *AddGroupMembersRequest, opts ...scw.RequestOption) (*Group, error) {
var err error
if fmt.Sprint(req.GroupID) == "" {
return nil, errors.New("field GroupID cannot be empty in request")
}
scwReq := &scw.ScalewayRequest{
Method: "POST",
Path: "/iam/v1alpha1/groups/" + fmt.Sprint(req.GroupID) + "/add-members",
Headers: http.Header{},
}
err = scwReq.SetBody(req)
if err != nil {
return nil, err
}
var resp Group
err = s.client.Do(scwReq, &resp, opts...)
if err != nil {
return nil, err
}
return &resp, nil
}
type RemoveGroupMemberRequest struct {
// GroupID: ID of the group.
GroupID string `json:"-"`
@ -1609,15 +1649,15 @@ type ListPoliciesRequest struct {
Page *int32 `json:"-"`
// OrganizationID: ID of the Organization to filter.
OrganizationID *string `json:"-"`
// Editable: whether or not filter out editable policies.
// Editable: defines whether or not filter out editable policies.
Editable *bool `json:"-"`
// UserIDs: whether or not to filter by list of user IDs.
// UserIDs: defines whether or not to filter by list of user IDs.
UserIDs []string `json:"-"`
// GroupIDs: whether or not to filter by list of group IDs.
// GroupIDs: defines whether or not to filter by list of group IDs.
GroupIDs []string `json:"-"`
// ApplicationIDs: filter by a list of application IDs.
ApplicationIDs []string `json:"-"`
// NoPrincipal: whether or not the policy is attributed to a principal.
// NoPrincipal: defines whether or not the policy is attributed to a principal.
NoPrincipal *bool `json:"-"`
// PolicyName: name of the policy to fetch.
PolicyName *string `json:"-"`
@ -1679,7 +1719,7 @@ type CreatePolicyRequest struct {
// ApplicationID: ID of application attributed to the policy.
// Precisely one of ApplicationID, GroupID, NoPrincipal, UserID must be set.
ApplicationID *string `json:"application_id,omitempty"`
// NoPrincipal: whether or not a policy is attributed to a principal.
// NoPrincipal: defines whether or not a policy is attributed to a principal.
// Precisely one of ApplicationID, GroupID, NoPrincipal, UserID must be set.
NoPrincipal *bool `json:"no_principal,omitempty"`
}
@ -1763,7 +1803,7 @@ type UpdatePolicyRequest struct {
// ApplicationID: new ID of application attributed to the policy.
// Precisely one of ApplicationID, GroupID, NoPrincipal, UserID must be set.
ApplicationID *string `json:"application_id,omitempty"`
// NoPrincipal: whether or not the policy is attributed to a principal.
// NoPrincipal: defines whether or not the policy is attributed to a principal.
// Precisely one of ApplicationID, GroupID, NoPrincipal, UserID must be set.
NoPrincipal *bool `json:"no_principal,omitempty"`
}
@ -1998,9 +2038,9 @@ type ListAPIKeysRequest struct {
ApplicationID *string `json:"-"`
// Deprecated: UserID: ID of user that bears the API key.
UserID *string `json:"-"`
// Editable: whether to filter out editable API keys or not.
// Editable: defines whether to filter out editable API keys or not.
Editable *bool `json:"-"`
// Expired: whether to filter out expired API keys or not.
// Expired: defines whether to filter out expired API keys or not.
Expired *bool `json:"-"`
// AccessKey: filter by access key.
AccessKey *string `json:"-"`
@ -2062,9 +2102,9 @@ type CreateAPIKeyRequest struct {
UserID *string `json:"user_id,omitempty"`
// ExpiresAt: expiration date of the API key.
ExpiresAt *time.Time `json:"expires_at"`
// DefaultProjectID: the default Project ID to use with Object Storage.
// DefaultProjectID: default Project ID to use with Object Storage.
DefaultProjectID *string `json:"default_project_id"`
// Description: the description of the API key (max length is 200 characters).
// Description: description of the API key (max length is 200 characters).
Description string `json:"description"`
}
@ -2125,9 +2165,9 @@ func (s *API) GetAPIKey(req *GetAPIKeyRequest, opts ...scw.RequestOption) (*APIK
type UpdateAPIKeyRequest struct {
// AccessKey: access key to update.
AccessKey string `json:"-"`
// DefaultProjectID: the new default Project ID to set.
// DefaultProjectID: new default Project ID to set.
DefaultProjectID *string `json:"default_project_id"`
// Description: the new description to update.
// Description: new description to update.
Description *string `json:"description"`
}

10
vendor/github.com/scaleway/scaleway-sdk-go/api/instance/v1/instance_sdk.go generated vendored
View File

@ -1127,7 +1127,7 @@ type SecurityGroup struct {
Name string `json:"name"`
// Description: security group description.
Description string `json:"description"`
// EnableDefaultSecurity: true if SMTP is blocked on IPv4 and IPv6.
// EnableDefaultSecurity: true if SMTP is blocked on IPv4 and IPv6. This feature is read only, please open a support ticket if you need to make it configurable.
EnableDefaultSecurity bool `json:"enable_default_security"`
// InboundDefaultPolicy: default inbound policy.
// Default value: accept
@ -1777,7 +1777,7 @@ type ListVolumesTypesRequest struct {
Page *int32 `json:"-"`
}
// ListVolumesTypes: list volumes types.
// ListVolumesTypes: list volume types.
// List all volume types and their technical details.
func (s *API) ListVolumesTypes(req *ListVolumesTypesRequest, opts ...scw.RequestOption) (*ListVolumesTypesResponse, error) {
var err error
@ -2309,7 +2309,7 @@ type ServerActionRequest struct {
//
// Keep in mind that terminating an Instance will result in the deletion of all attached volumes, including local and block storage.
// If you want to preserve your local volumes, you should use the `archive` action instead of `terminate`. Similarly, if you want to keep your block storage volumes, you must first detach them before issuing the `terminate` command.
// For more information, read the [Volumes](#volumes-7e8a39) documentation.
// For more information, read the [Volumes](#path-volumes-list-volumes) documentation.
func (s *API) ServerAction(req *ServerActionRequest, opts ...scw.RequestOption) (*ServerActionResponse, error) {
var err error
@ -3438,7 +3438,7 @@ type CreateSecurityGroupRequest struct {
// OutboundDefaultPolicy: default policy for outbound rules.
// Default value: accept
OutboundDefaultPolicy SecurityGroupPolicy `json:"outbound_default_policy"`
// EnableDefaultSecurity: true to block SMTP on IPv4 and IPv6.
// EnableDefaultSecurity: true to block SMTP on IPv4 and IPv6. This feature is read only, please open a support ticket if you need to make it configurable.
EnableDefaultSecurity *bool `json:"enable_default_security,omitempty"`
}
@ -3583,7 +3583,7 @@ type setSecurityGroupRequest struct {
ModificationDate *time.Time `json:"modification_date"`
// Description: description of the security group.
Description string `json:"description"`
// EnableDefaultSecurity: true to block SMTP on IPv4 and IPv6.
// EnableDefaultSecurity: true to block SMTP on IPv4 and IPv6. This feature is read only, please open a support ticket if you need to make it configurable.
EnableDefaultSecurity bool `json:"enable_default_security"`
// InboundDefaultPolicy: default inbound policy.
// Default value: accept

45
vendor/github.com/scaleway/scaleway-sdk-go/api/lb/v1/lb_sdk.go generated vendored
View File

@ -963,10 +963,13 @@ type Backend struct {
// Deprecated: SendProxyV2: deprecated in favor of proxy_protocol field.
SendProxyV2 *bool `json:"send_proxy_v2,omitempty"`
// TimeoutServer: maximum allowed time for a backend server to process a request.
// Default value: 300000
TimeoutServer *time.Duration `json:"timeout_server"`
// TimeoutConnect: maximum allowed time for establishing a connection to a backend server.
// Default value: 5000
TimeoutConnect *time.Duration `json:"timeout_connect"`
// TimeoutTunnel: maximum allowed tunnel inactivity time after Websocket is established (takes precedence over client and server timeout).
// Default value: 900000
TimeoutTunnel *time.Duration `json:"timeout_tunnel"`
// OnMarkedDownAction: action to take when a backend server is marked as down.
// Default value: on_marked_down_action_none
@ -988,6 +991,10 @@ type Backend struct {
RedispatchAttemptCount *int32 `json:"redispatch_attempt_count"`
// MaxRetries: number of retries when a backend server connection failed.
MaxRetries *int32 `json:"max_retries"`
// MaxConnections: maximum number of connections allowed per backend server.
MaxConnections *int32 `json:"max_connections"`
// TimeoutQueue: maximum time for a request to be left pending in queue when `max_connections` is reached.
TimeoutQueue *scw.Duration `json:"timeout_queue"`
}
func (m *Backend) UnmarshalJSON(b []byte) error {
@ -1107,6 +1114,7 @@ type Frontend struct {
// LB: load Balancer object the frontend is attached to.
LB *LB `json:"lb"`
// TimeoutClient: maximum allowed inactivity time on the client side.
// Default value: 300000
TimeoutClient *time.Duration `json:"timeout_client"`
// Deprecated: Certificate: certificate, deprecated in favor of certificate_ids array.
Certificate *Certificate `json:"certificate,omitempty"`
@ -1157,8 +1165,10 @@ type HealthCheck struct {
// Port: port to use for the backend server health check.
Port int32 `json:"port"`
// CheckDelay: time to wait between two consecutive health checks.
// Default value: 3000
CheckDelay *time.Duration `json:"check_delay"`
// CheckTimeout: maximum time a backend server has to reply to the health check.
// Default value: 1000
CheckTimeout *time.Duration `json:"check_timeout"`
// CheckMaxRetries: number of consecutive unsuccessful health checks after which the server will be considered dead.
CheckMaxRetries int32 `json:"check_max_retries"`
@ -1186,6 +1196,7 @@ type HealthCheck struct {
// CheckSendProxy: defines whether proxy protocol should be activated for the health check.
CheckSendProxy bool `json:"check_send_proxy"`
// TransientCheckDelay: time to wait between two consecutive health checks when a backend server is in a transient state (going UP or DOWN).
// Default value: 0.5s
TransientCheckDelay *scw.Duration `json:"transient_check_delay"`
}
@ -2226,10 +2237,13 @@ type ZonedAPICreateBackendRequest struct {
// Deprecated: SendProxyV2: deprecated in favor of proxy_protocol field.
SendProxyV2 *bool `json:"send_proxy_v2,omitempty"`
// TimeoutServer: maximum allowed time for a backend server to process a request.
// Default value: 300000
TimeoutServer *time.Duration `json:"timeout_server"`
// TimeoutConnect: maximum allowed time for establishing a connection to a backend server.
// Default value: 5000
TimeoutConnect *time.Duration `json:"timeout_connect"`
// TimeoutTunnel: maximum allowed tunnel inactivity time after Websocket is established (takes precedence over client and server timeout).
// Default value: 900000
TimeoutTunnel *time.Duration `json:"timeout_tunnel"`
// OnMarkedDownAction: action to take when a backend server is marked as down.
// Default value: on_marked_down_action_none
@ -2247,6 +2261,10 @@ type ZonedAPICreateBackendRequest struct {
RedispatchAttemptCount *int32 `json:"redispatch_attempt_count"`
// MaxRetries: number of retries when a backend server connection failed.
MaxRetries *int32 `json:"max_retries"`
// MaxConnections: maximum number of connections allowed per backend server.
MaxConnections *int32 `json:"max_connections"`
// TimeoutQueue: maximum time for a request to be left pending in queue when `max_connections` is reached.
TimeoutQueue *scw.Duration `json:"timeout_queue"`
}
func (m *ZonedAPICreateBackendRequest) UnmarshalJSON(b []byte) error {
@ -2394,10 +2412,13 @@ type ZonedAPIUpdateBackendRequest struct {
// Deprecated: SendProxyV2: deprecated in favor of proxy_protocol field.
SendProxyV2 *bool `json:"send_proxy_v2,omitempty"`
// TimeoutServer: maximum allowed time for a backend server to process a request.
// Default value: 300000
TimeoutServer *time.Duration `json:"timeout_server"`
// TimeoutConnect: maximum allowed time for establishing a connection to a backend server.
// Default value: 5000
TimeoutConnect *time.Duration `json:"timeout_connect"`
// TimeoutTunnel: maximum allowed tunnel inactivity time after Websocket is established (takes precedence over client and server timeout).
// Default value: 900000
TimeoutTunnel *time.Duration `json:"timeout_tunnel"`
// OnMarkedDownAction: action to take when a backend server is marked as down.
// Default value: on_marked_down_action_none
@ -2415,6 +2436,10 @@ type ZonedAPIUpdateBackendRequest struct {
RedispatchAttemptCount *int32 `json:"redispatch_attempt_count"`
// MaxRetries: number of retries when a backend server connection failed.
MaxRetries *int32 `json:"max_retries"`
// MaxConnections: maximum number of connections allowed per backend server.
MaxConnections *int32 `json:"max_connections"`
// TimeoutQueue: maximum time for a request to be left pending in queue when `max_connections` is reached.
TimeoutQueue *scw.Duration `json:"timeout_queue"`
}
func (m *ZonedAPIUpdateBackendRequest) UnmarshalJSON(b []byte) error {
@ -2711,6 +2736,7 @@ type ZonedAPIUpdateHealthCheckRequest struct {
// Precisely one of HTTPConfig, HTTPSConfig, LdapConfig, MysqlConfig, PgsqlConfig, RedisConfig, TCPConfig must be set.
HTTPSConfig *HealthCheckHTTPSConfig `json:"https_config,omitempty"`
// TransientCheckDelay: time to wait between two consecutive health checks when a backend server is in a transient state (going UP or DOWN).
// Default value: 0.5s
TransientCheckDelay *scw.Duration `json:"transient_check_delay"`
}
@ -2861,6 +2887,7 @@ type ZonedAPICreateFrontendRequest struct {
// BackendID: backend ID (ID of the backend the frontend should pass traffic to).
BackendID string `json:"backend_id"`
// TimeoutClient: maximum allowed inactivity time on the client side.
// Default value: 300000
TimeoutClient *time.Duration `json:"timeout_client"`
// Deprecated: CertificateID: certificate ID, deprecated in favor of certificate_ids array.
CertificateID *string `json:"certificate_id,omitempty"`
@ -2996,6 +3023,7 @@ type ZonedAPIUpdateFrontendRequest struct {
// BackendID: backend ID (ID of the backend the frontend should pass traffic to).
BackendID string `json:"backend_id"`
// TimeoutClient: maximum allowed inactivity time on the client side.
// Default value: 300000
TimeoutClient *time.Duration `json:"timeout_client"`
// Deprecated: CertificateID: certificate ID, deprecated in favor of certificate_ids array.
CertificateID *string `json:"certificate_id,omitempty"`
@ -5173,10 +5201,13 @@ type CreateBackendRequest struct {
// Deprecated: SendProxyV2: deprecated in favor of proxy_protocol field.
SendProxyV2 *bool `json:"send_proxy_v2,omitempty"`
// TimeoutServer: maximum allowed time for a backend server to process a request.
// Default value: 300000
TimeoutServer *time.Duration `json:"timeout_server"`
// TimeoutConnect: maximum allowed time for establishing a connection to a backend server.
// Default value: 5000
TimeoutConnect *time.Duration `json:"timeout_connect"`
// TimeoutTunnel: maximum allowed tunnel inactivity time after Websocket is established (takes precedence over client and server timeout).
// Default value: 900000
TimeoutTunnel *time.Duration `json:"timeout_tunnel"`
// OnMarkedDownAction: action to take when a backend server is marked as down.
// Default value: on_marked_down_action_none
@ -5194,6 +5225,10 @@ type CreateBackendRequest struct {
RedispatchAttemptCount *int32 `json:"redispatch_attempt_count"`
// MaxRetries: number of retries when a backend server connection failed.
MaxRetries *int32 `json:"max_retries"`
// MaxConnections: maximum number of connections allowed per backend server.
MaxConnections *int32 `json:"max_connections"`
// TimeoutQueue: maximum time for a request to be left pending in queue when `max_connections` is reached.
TimeoutQueue *scw.Duration `json:"timeout_queue"`
}
func (m *CreateBackendRequest) UnmarshalJSON(b []byte) error {
@ -5339,10 +5374,13 @@ type UpdateBackendRequest struct {
// Deprecated: SendProxyV2: deprecated in favor of proxy_protocol field.
SendProxyV2 *bool `json:"send_proxy_v2,omitempty"`
// TimeoutServer: maximum allowed time for a backend server to process a request.
// Default value: 300000
TimeoutServer *time.Duration `json:"timeout_server"`
// TimeoutConnect: maximum allowed time for establishing a connection to a backend server.
// Default value: 5000
TimeoutConnect *time.Duration `json:"timeout_connect"`
// TimeoutTunnel: maximum allowed tunnel inactivity time after Websocket is established (takes precedence over client and server timeout).
// Default value: 900000
TimeoutTunnel *time.Duration `json:"timeout_tunnel"`
// OnMarkedDownAction: action to take when a backend server is marked as down.
// Default value: on_marked_down_action_none
@ -5360,6 +5398,10 @@ type UpdateBackendRequest struct {
RedispatchAttemptCount *int32 `json:"redispatch_attempt_count"`
// MaxRetries: number of retries when a backend server connection failed.
MaxRetries *int32 `json:"max_retries"`
// MaxConnections: maximum number of connections allowed per backend server.
MaxConnections *int32 `json:"max_connections"`
// TimeoutQueue: maximum time for a request to be left pending in queue when `max_connections` is reached.
TimeoutQueue *scw.Duration `json:"timeout_queue"`
}
func (m *UpdateBackendRequest) UnmarshalJSON(b []byte) error {
@ -5651,6 +5693,7 @@ type UpdateHealthCheckRequest struct {
// Precisely one of HTTPConfig, HTTPSConfig, LdapConfig, MysqlConfig, PgsqlConfig, RedisConfig, TCPConfig must be set.
HTTPSConfig *HealthCheckHTTPSConfig `json:"https_config,omitempty"`
// TransientCheckDelay: time to wait between two consecutive health checks when a backend server is in a transient state (going UP or DOWN).
// Default value: 0.5s
TransientCheckDelay *scw.Duration `json:"transient_check_delay"`
}
@ -5799,6 +5842,7 @@ type CreateFrontendRequest struct {
// BackendID: backend ID (ID of the backend the frontend should pass traffic to).
BackendID string `json:"backend_id"`
// TimeoutClient: maximum allowed inactivity time on the client side.
// Default value: 300000
TimeoutClient *time.Duration `json:"timeout_client"`
// Deprecated: CertificateID: certificate ID, deprecated in favor of certificate_ids array.
CertificateID *string `json:"certificate_id,omitempty"`
@ -5932,6 +5976,7 @@ type UpdateFrontendRequest struct {
// BackendID: backend ID (ID of the backend the frontend should pass traffic to).
BackendID string `json:"backend_id"`
// TimeoutClient: maximum allowed inactivity time on the client side.
// Default value: 300000
TimeoutClient *time.Duration `json:"timeout_client"`
// Deprecated: CertificateID: certificate ID, deprecated in favor of certificate_ids array.
CertificateID *string `json:"certificate_id,omitempty"`

15
vendor/github.com/scaleway/scaleway-sdk-go/internal/auth/auth.go generated vendored
View File

@ -12,3 +12,18 @@ type Auth interface {
// This method could be use for logging purpose.
AnonymizedHeaders() http.Header
}
type headerAnonymizer func(header http.Header) http.Header
var headerAnonymizers = []headerAnonymizer{
AnonymizeTokenHeaders,
AnonymizeJWTHeaders,
}
func AnonymizeHeaders(headers http.Header) http.Header {
for _, anonymizer := range headerAnonymizers {
headers = anonymizer(headers)
}
return headers
}

55
vendor/github.com/scaleway/scaleway-sdk-go/internal/auth/jwt.go generated vendored Normal file
View File

@ -0,0 +1,55 @@
package auth
import (
"net/http"
"strings"
)
// JWT is the session token used in browser.
type JWT struct {
Token string
}
// XSessionTokenHeader is Scaleway auth header for browser
const XSessionTokenHeader = "x-session-token" // #nosec G101
// NewJWT create a token authentication from a jwt
func NewJWT(token string) *JWT {
return &JWT{Token: token}
}
// Headers returns headers that must be added to the http request
func (j *JWT) Headers() http.Header {
headers := http.Header{}
headers.Set(XSessionTokenHeader, j.Token)
return headers
}
func AnonymizeJWTHeaders(headers http.Header) http.Header {
token := headers.Get(XSessionTokenHeader)
if token != "" {
headers.Set(XSessionTokenHeader, HideJWT(token))
}
return headers
}
// AnonymizedHeaders returns an anonymized version of Headers()
// This method could be used for logging purpose.
func (j *JWT) AnonymizedHeaders() http.Header {
return AnonymizeJWTHeaders(j.Headers())
}
func HideJWT(token string) string {
if len(token) == 0 {
return ""
}
// token should be (header).(payload).(signature)
lastDot := strings.LastIndex(token, ".")
if lastDot != -1 {
token = token[:lastDot]
}
return token
}

17
vendor/github.com/scaleway/scaleway-sdk-go/internal/generic/fields.go generated vendored Normal file
View File

@ -0,0 +1,17 @@
package generic
import "reflect"
// HasField returns true if given struct has a field with given name
// Also allow a slice, it will use the underlying type
func HasField(i interface{}, fieldName string) bool {
value := reflect.Indirect(reflect.ValueOf(i))
typ := value.Type()
if value.Kind() == reflect.Slice {
typ = indirectType(typ.Elem())
}
_, fieldExists := typ.FieldByName(fieldName)
return fieldExists
}

11
vendor/github.com/scaleway/scaleway-sdk-go/internal/generic/ptr.go generated vendored Normal file
View File

@ -0,0 +1,11 @@
package generic
import "reflect"
func indirectType(typ reflect.Type) reflect.Type {
if typ.Kind() == reflect.Ptr {
return typ.Elem()
}
return typ
}

13
vendor/github.com/scaleway/scaleway-sdk-go/scw/client.go generated vendored
View File

@ -235,13 +235,12 @@ func (c *Client) do(req *ScalewayRequest, res interface{}) (sdkErr error) {
if res != nil {
contentType := httpResponse.Header.Get("Content-Type")
switch contentType {
case "application/json":
if strings.HasPrefix(contentType, "application/json") {
err = json.NewDecoder(httpResponse.Body).Decode(&res)
if err != nil {
return errors.Wrap(err, "could not parse %s response body", contentType)
}
default:
} else {
buffer, isBuffer := res.(io.Writer)
if !isBuffer {
return errors.Wrap(err, "could not handle %s response body with %T result type", contentType, buffer)
@ -473,6 +472,10 @@ func (c *Client) doListRegions(req *ScalewayRequest, res interface{}, regions []
// sortSliceByZones sorts a slice of struct using a Zone field that should exist
func sortSliceByZones(list interface{}, zones []Zone) {
if !generic.HasField(list, "Zone") {
return
}
zoneMap := map[Zone]int{}
for i, zone := range zones {
zoneMap[zone] = i
@ -484,6 +487,10 @@ func sortSliceByZones(list interface{}, zones []Zone) {
// sortSliceByRegions sorts a slice of struct using a Region field that should exist
func sortSliceByRegions(list interface{}, regions []Region) {
if !generic.HasField(list, "Region") {
return
}
regionMap := map[Region]int{}
for i, region := range regions {
regionMap[region] = i

7
vendor/github.com/scaleway/scaleway-sdk-go/scw/client_option.go generated vendored
View File

@ -38,6 +38,13 @@ func WithAuth(accessKey, secretKey string) ClientOption {
}
}
// WithJWT client option sets the client session token.
func WithJWT(token string) ClientOption {
return func(s *settings) {
s.token = auth.NewJWT(token)
}
}
// WithAPIURL client option overrides the API URL of the Scaleway API to the given URL.
func WithAPIURL(apiURL string) ClientOption {
return func(s *settings) {

3
vendor/github.com/scaleway/scaleway-sdk-go/scw/errors.go generated vendored
View File

@ -102,7 +102,8 @@ func hasResponseError(res *http.Response) error {
newErr.RawBody = body
// The error content is not encoded in JSON, only returns HTTP data.
if res.Header.Get("Content-Type") != "application/json" {
contentType := res.Header.Get("Content-Type")
if !strings.HasPrefix(contentType, "application/json") {
newErr.Message = res.Status
return newErr
}

2
vendor/github.com/scaleway/scaleway-sdk-go/scw/transport.go generated vendored
View File

@ -22,7 +22,7 @@ func (l *requestLoggerTransport) RoundTrip(request *http.Request) (*http.Respons
originalHeaders := request.Header
// Get anonymized headers
request.Header = auth.AnonymizeTokenHeaders(request.Header.Clone())
request.Header = auth.AnonymizeHeaders(request.Header.Clone())
dump, err := httputil.DumpRequestOut(request, true)
if err != nil {

158
vendor/gomodules.xyz/jsonpatch/v2/jsonpatch.go generated vendored
View File

@ -1,7 +1,6 @@
package jsonpatch
import (
"bytes"
"encoding/json"
"fmt"
"reflect"
@ -24,21 +23,28 @@ func (j *Operation) Json() string {
}
func (j *Operation) MarshalJSON() ([]byte, error) {
var b bytes.Buffer
b.WriteString("{")
b.WriteString(fmt.Sprintf(`"op":"%s"`, j.Operation))
b.WriteString(fmt.Sprintf(`,"path":"%s"`, j.Path))
// Consider omitting Value for non-nullable operations.
if j.Value != nil || j.Operation == "replace" || j.Operation == "add" {
v, err := json.Marshal(j.Value)
if err != nil {
return nil, err
}
b.WriteString(`,"value":`)
b.Write(v)
// Ensure for add and replace we emit `value: null`
if j.Value == nil && (j.Operation == "replace" || j.Operation == "add") {
return json.Marshal(struct {
Operation string `json:"op"`
Path string `json:"path"`
Value interface{} `json:"value"`
}{
Operation: j.Operation,
Path: j.Path,
})
}
b.WriteString("}")
return b.Bytes(), nil
// otherwise just marshal normally. We cannot literally do json.Marshal(j) as it would be recursively
// calling this function.
return json.Marshal(struct {
Operation string `json:"op"`
Path string `json:"path"`
Value interface{} `json:"value,omitempty"`
}{
Operation: j.Operation,
Path: j.Path,
Value: j.Value,
})
}
type ByPath []Operation
@ -149,9 +155,6 @@ func makePath(path string, newPart interface{}) string {
if path == "" {
return "/" + key
}
if strings.HasSuffix(path, "/") {
return path + key
}
return path + "/" + key
}
@ -211,22 +214,18 @@ func handleValues(av, bv interface{}, p string, patch []Operation) ([]Operation,
}
case []interface{}:
bt := bv.([]interface{})
if isSimpleArray(at) && isSimpleArray(bt) {
patch = append(patch, compareEditDistance(at, bt, p)...)
} else {
n := min(len(at), len(bt))
for i := len(at) - 1; i >= n; i-- {
patch = append(patch, NewOperation("remove", makePath(p, i), nil))
}
for i := n; i < len(bt); i++ {
patch = append(patch, NewOperation("add", makePath(p, i), bt[i]))
}
for i := 0; i < n; i++ {
var err error
patch, err = handleValues(at[i], bt[i], makePath(p, i), patch)
if err != nil {
return nil, err
}
n := min(len(at), len(bt))
for i := len(at) - 1; i >= n; i-- {
patch = append(patch, NewOperation("remove", makePath(p, i), nil))
}
for i := n; i < len(bt); i++ {
patch = append(patch, NewOperation("add", makePath(p, i), bt[i]))
}
for i := 0; i < n; i++ {
var err error
patch, err = handleValues(at[i], bt[i], makePath(p, i), patch)
if err != nil {
return nil, err
}
}
default:
@ -235,100 +234,9 @@ func handleValues(av, bv interface{}, p string, patch []Operation) ([]Operation,
return patch, nil
}
func isBasicType(a interface{}) bool {
switch a.(type) {
case string, float64, bool:
default:
return false
}
return true
}
func isSimpleArray(a []interface{}) bool {
for i := range a {
switch a[i].(type) {
case string, float64, bool:
default:
val := reflect.ValueOf(a[i])
if val.Kind() == reflect.Map {
for _, k := range val.MapKeys() {
av := val.MapIndex(k)
if av.Kind() == reflect.Ptr || av.Kind() == reflect.Interface {
if av.IsNil() {
continue
}
av = av.Elem()
}
if av.Kind() != reflect.String && av.Kind() != reflect.Float64 && av.Kind() != reflect.Bool {
return false
}
}
return true
}
return false
}
}
return true
}
// https://en.wikipedia.org/wiki/Wagner%E2%80%93Fischer_algorithm
// Adapted from https://github.com/texttheater/golang-levenshtein
func compareEditDistance(s, t []interface{}, p string) []Operation {
m := len(s)
n := len(t)
d := make([][]int, m+1)
for i := 0; i <= m; i++ {
d[i] = make([]int, n+1)
d[i][0] = i
}
for j := 0; j <= n; j++ {
d[0][j] = j
}
for j := 1; j <= n; j++ {
for i := 1; i <= m; i++ {
if reflect.DeepEqual(s[i-1], t[j-1]) {
d[i][j] = d[i-1][j-1] // no op required
} else {
del := d[i-1][j] + 1
add := d[i][j-1] + 1
rep := d[i-1][j-1] + 1
d[i][j] = min(rep, min(add, del))
}
}
}
return backtrace(s, t, p, m, n, d)
}
func min(x int, y int) int {
if y < x {
return y
}
return x
}
func backtrace(s, t []interface{}, p string, i int, j int, matrix [][]int) []Operation {
if i > 0 && matrix[i-1][j]+1 == matrix[i][j] {
op := NewOperation("remove", makePath(p, i-1), nil)
return append([]Operation{op}, backtrace(s, t, p, i-1, j, matrix)...)
}
if j > 0 && matrix[i][j-1]+1 == matrix[i][j] {
op := NewOperation("add", makePath(p, i), t[j-1])
return append([]Operation{op}, backtrace(s, t, p, i, j-1, matrix)...)
}
if i > 0 && j > 0 && matrix[i-1][j-1]+1 == matrix[i][j] {
if isBasicType(s[0]) {
op := NewOperation("replace", makePath(p, i-1), t[j-1])
return append([]Operation{op}, backtrace(s, t, p, i-1, j-1, matrix)...)
}
p2, _ := handleValues(s[i-1], t[j-1], makePath(p, i-1), []Operation{})
return append(p2, backtrace(s, t, p, i-1, j-1, matrix)...)
}
if i > 0 && j > 0 && matrix[i-1][j-1] == matrix[i][j] {
return backtrace(s, t, p, i-1, j-1, matrix)
}
return []Operation{}
}

2
vendor/google.golang.org/api/internal/version.go generated vendored
View File

@ -5,4 +5,4 @@
package internal
// Version is the current tagged release of the library.
const Version = "0.123.0"
const Version = "0.124.0"

21
vendor/k8s.io/kube-openapi/pkg/cached/cache.go generated vendored
View File

@ -37,8 +37,11 @@ limitations under the License.
// # Atomicity
//
// Most of the operations are not atomic/thread-safe, except for
// [Replaceable.Replace] which can be performed while the objects
// are being read.
// [Replaceable.Replace] which can be performed while the objects are
// being read. Specifically, `Get` methods are NOT thread-safe. Never
// call `Get()` without a lock on a multi-threaded environment, since
// it's usually performing updates to caches that will require write
// operations.
//
// # Etags
//
@ -97,6 +100,13 @@ func (r Result[T]) Get() Result[T] {
type Data[T any] interface {
// Returns the cached data, as well as an "etag" to identify the
// version of the cache, or an error if something happened.
//
// # Important note
//
// This method is NEVER thread-safe, never assume it is OK to
// call `Get()` without holding a proper mutex in a
// multi-threaded environment, especially since `Get()` will
// usually update the cache and perform write operations.
Get() Result[T]
}
@ -249,6 +259,13 @@ type Replaceable[T any] struct {
// previously had returned a success, that success will be returned
// instead. If the cache fails but we never returned a success, that
// failure is returned.
//
// # Important note
//
// As all implementations of Get, this implementation is NOT
// thread-safe. Please properly lock a mutex before calling this method
// if you are in a multi-threaded environment, since this method will
// update the cache and perform write operations.
func (c *Replaceable[T]) Get() Result[T] {
result := (*c.cache.Load()).Get()
if result.Err != nil && c.result != nil && c.result.Err == nil {

27
vendor/modules.txt generated vendored
View File

@ -94,7 +94,7 @@ github.com/aws/amazon-ec2-instance-selector/v2/pkg/instancetypes
github.com/aws/amazon-ec2-instance-selector/v2/pkg/selector
github.com/aws/amazon-ec2-instance-selector/v2/pkg/selector/outputs
github.com/aws/amazon-ec2-instance-selector/v2/pkg/sorter
# github.com/aws/aws-sdk-go v1.44.266
# github.com/aws/aws-sdk-go v1.44.270
## explicit; go 1.11
github.com/aws/aws-sdk-go/aws
github.com/aws/aws-sdk-go/aws/arn
@ -173,7 +173,7 @@ github.com/beorn7/perks/quantile
# github.com/blang/semver/v4 v4.0.0
## explicit; go 1.14
github.com/blang/semver/v4
# github.com/cert-manager/cert-manager v1.12.0
# github.com/cert-manager/cert-manager v1.12.1
## explicit; go 1.20
github.com/cert-manager/cert-manager/pkg/apis/acme
github.com/cert-manager/cert-manager/pkg/apis/acme/v1
@ -447,7 +447,7 @@ github.com/google/gofuzz/bytesource
# github.com/google/logger v1.1.1
## explicit; go 1.12
github.com/google/logger
# github.com/google/s2a-go v0.1.3
# github.com/google/s2a-go v0.1.4
## explicit; go 1.16
github.com/google/s2a-go
github.com/google/s2a-go/fallback
@ -468,6 +468,7 @@ github.com/google/s2a-go/internal/v2
github.com/google/s2a-go/internal/v2/certverifier
github.com/google/s2a-go/internal/v2/remotesigner
github.com/google/s2a-go/internal/v2/tlsconfigstore
github.com/google/s2a-go/stream
# github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
## explicit; go 1.13
github.com/google/shlex
@ -484,7 +485,7 @@ github.com/googleapis/gax-go/v2
github.com/googleapis/gax-go/v2/apierror
github.com/googleapis/gax-go/v2/apierror/internal/proto
github.com/googleapis/gax-go/v2/internal
# github.com/gophercloud/gophercloud v1.3.0
# github.com/gophercloud/gophercloud v1.4.0
## explicit; go 1.14
github.com/gophercloud/gophercloud
github.com/gophercloud/gophercloud/openstack
@ -764,7 +765,7 @@ github.com/russross/blackfriday/v2
# github.com/sahilm/fuzzy v0.1.0
## explicit
github.com/sahilm/fuzzy
# github.com/scaleway/scaleway-sdk-go v1.0.0-beta.16
# github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17
## explicit; go 1.17
github.com/scaleway/scaleway-sdk-go/api/iam/v1alpha1
github.com/scaleway/scaleway-sdk-go/api/instance/v1
@ -930,7 +931,7 @@ golang.org/x/crypto/scrypt
golang.org/x/crypto/ssh
golang.org/x/crypto/ssh/agent
golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
# golang.org/x/exp v0.0.0-20230519143937-03e91628a987
# golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
## explicit; go 1.20
golang.org/x/exp/constraints
# golang.org/x/mod v0.10.0
@ -1018,10 +1019,10 @@ golang.org/x/tools/internal/pkgbits
golang.org/x/tools/internal/tokeninternal
golang.org/x/tools/internal/typeparams
golang.org/x/tools/internal/typesinternal
# gomodules.xyz/jsonpatch/v2 v2.2.0
## explicit; go 1.12
# gomodules.xyz/jsonpatch/v2 v2.3.0
## explicit; go 1.20
gomodules.xyz/jsonpatch/v2
# google.golang.org/api v0.123.0
# google.golang.org/api v0.124.0
## explicit; go 1.19
google.golang.org/api/cloudresourcemanager/v1
google.golang.org/api/compute/v0.alpha
@ -1696,7 +1697,7 @@ k8s.io/klog/v2/internal/dbg
k8s.io/klog/v2/internal/serialize
k8s.io/klog/v2/internal/severity
k8s.io/klog/v2/klogr
# k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f
# k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5
## explicit; go 1.19
k8s.io/kube-openapi/pkg/builder3/util
k8s.io/kube-openapi/pkg/cached
@ -1761,7 +1762,7 @@ oras.land/oras-go/pkg/registry/remote/auth
oras.land/oras-go/pkg/registry/remote/internal/errutil
oras.land/oras-go/pkg/registry/remote/internal/syncutil
oras.land/oras-go/pkg/target
# sigs.k8s.io/controller-runtime v0.15.0-beta.0
# sigs.k8s.io/controller-runtime v0.15.0
## explicit; go 1.20
sigs.k8s.io/controller-runtime
sigs.k8s.io/controller-runtime/pkg/builder
@ -1803,8 +1804,8 @@ sigs.k8s.io/controller-runtime/pkg/webhook
sigs.k8s.io/controller-runtime/pkg/webhook/admission
sigs.k8s.io/controller-runtime/pkg/webhook/conversion
sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics
# sigs.k8s.io/gateway-api v0.6.2
## explicit; go 1.18
# sigs.k8s.io/gateway-api v0.7.0
## explicit; go 1.19
sigs.k8s.io/gateway-api/apis/v1beta1
# sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd
## explicit; go 1.18

6
vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/http.go generated vendored
View File

@ -93,7 +93,7 @@ func (wh *Webhook) ServeHTTP(w http.ResponseWriter, r *http.Request) {
wh.writeResponse(w, reviewResponse)
return
}
wh.getLogger(&req).V(1).Info("received request")
wh.getLogger(&req).V(4).Info("received request")
reviewResponse = wh.Handle(ctx, req)
wh.writeResponseTyped(w, reviewResponse, actualAdmRevGVK)
@ -136,11 +136,11 @@ func (wh *Webhook) writeAdmissionResponse(w io.Writer, ar v1.AdmissionReview) {
}
} else {
res := ar.Response
if log := wh.getLogger(nil); log.V(1).Enabled() {
if log := wh.getLogger(nil); log.V(4).Enabled() {
if res.Result != nil {
log = log.WithValues("code", res.Result.Code, "reason", res.Result.Reason, "message", res.Result.Message)
}
log.V(1).Info("wrote response", "requestID", res.UID, "allowed", res.Allowed)
log.V(4).Info("wrote response", "requestID", res.UID, "allowed", res.Allowed)
}
}
}

162
vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gateway_types.go generated vendored
View File

@ -41,7 +41,7 @@ type Gateway struct {
// Status defines the current state of Gateway.
//
// +kubebuilder:default={conditions: {{type: "Accepted", status: "Unknown", reason:"NotReconciled", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"}}}
// +kubebuilder:default={conditions: {{type: "Accepted", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"},{type: "Programmed", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"}}}
Status GatewayStatus `json:"status,omitempty"`
}
@ -488,6 +488,7 @@ type GatewayStatus struct {
// Known condition types are:
//
// * "Accepted"
// * "Programmed"
// * "Ready"
//
// +optional
@ -535,6 +536,8 @@ const (
//
// * "Invalid"
// * "Pending"
// * "NoResources"
// * "AddressNotAssigned"
//
// Possible reasons for this condition to be Unknown are:
//
@ -549,9 +552,20 @@ const (
// true.
GatewayReasonProgrammed GatewayConditionReason = "Programmed"
// This reason is used with the "Programmed" condition when the Listener is
// This reason is used with the "Programmed" and "Accepted" conditions when the Gateway is
// syntactically or semantically invalid.
GatewayReasonInvalid GatewayConditionReason = "Invalid"
// This reason is used with the "Programmed" condition when the
// Gateway is not scheduled because insufficient infrastructure
// resources are available.
GatewayReasonNoResources GatewayConditionReason = "NoResources"
// This reason is used with the "Programmed" condition when none of the requested
// addresses have been assigned to the Gateway. This reason can be used to
// express a range of circumstances, including (but not limited to) IPAM
// address exhaustion, address not yet allocated, or a named address not being found.
GatewayReasonAddressNotAssigned GatewayConditionReason = "AddressNotAssigned"
)
const (
@ -563,11 +577,14 @@ const (
// Possible reasons for this condition to be True are:
//
// * "Accepted"
// * "ListenersNotValid"
//
// Possible reasons for this condition to be False are:
//
// * "Invalid"
// * "NotReconciled"
// * "NoResources"
// * "UnsupportedAddress"
// * "ListenersNotValid"
//
// Possible reasons for this condition to be Unknown are:
//
@ -578,76 +595,65 @@ const (
// interoperability.
GatewayConditionAccepted GatewayConditionType = "Accepted"
// Deprecated: use "Accepted" instead.
GatewayConditionScheduled GatewayConditionType = "Scheduled"
// This reason is used with the "Accepted" condition when the condition is
// True.
GatewayReasonAccepted GatewayConditionReason = "Accepted"
// This reason is used with the "Accepted" condition when one or
// more Listeners have an invalid or unsupported configuration
// and cannot be configured on the Gateway.
// This can be the reason when "Accepted" is "True" or "False", depending on whether
// the listener being invalid causes the entire Gateway to not be accepted.
GatewayReasonListenersNotValid GatewayConditionReason = "ListenersNotValid"
// This reason is used with the "Accepted" and "Programmed"
// conditions when the status is "Unknown" and no controller has reconciled
// the Gateway.
GatewayReasonPending GatewayConditionReason = "Pending"
// This reason is used with the "Accepted" condition when the Gateway could not be configured
// because the requested address is not supported. This reason could be used in a number of
// instances, including:
//
// * The address is already in use.
// * The type of address is not supported by the implementation.
GatewaReasonUnsupportedAddress GatewayConditionReason = "UnsupportedAddress"
)
const (
// Deprecated: use "Accepted" instead.
GatewayConditionScheduled GatewayConditionType = "Scheduled"
// This reason is used with the "Scheduled" condition when the condition is
// True.
//
// Deprecated: use the "Accepted" condition with reason "Accepted" instead.
GatewayReasonScheduled GatewayConditionReason = "Scheduled"
// This reason is used with the "Accepted", "Programmed" and "Ready"
// conditions when the status is "Unknown" and no controller has reconciled
// the Gateway.
GatewayReasonPending GatewayConditionReason = "Pending"
// Deprecated: Use "Pending" instead.
GatewayReasonNotReconciled GatewayConditionReason = "NotReconciled"
// This reason is used with the "Accepted" condition when the
// Gateway is not scheduled because insufficient infrastructure
// resources are available.
GatewayReasonNoResources GatewayConditionReason = "NoResources"
)
const (
// Ready is an optional Condition that has Extended support. When it's set,
// the condition indicates whether the Gateway has been completely configured
// and traffic is ready to flow through the data plane immediately.
// "Ready" is a condition type reserved for future use. It should not be used by implementations.
//
// If both the "ListenersNotValid" and "ListenersNotReady"
// reasons are true, the Gateway controller should prefer the
// "ListenersNotValid" reason.
// If used in the future, "Ready" will represent the final state where all configuration is confirmed good
// _and has completely propagated to the data plane_. That is, it is a _guarantee_ that, as soon as something
// sees the Condition as `true`, then connections will be correctly routed _immediately_.
//
// Possible reasons for this condition to be true are:
// This is a very strong guarantee, and to date no implementation has satisfied it enough to implement it.
// This reservation can be discussed in the future if necessary.
//
// * "Ready"
//
// Possible reasons for this condition to be False are:
//
// * "ListenersNotValid"
// * "ListenersNotReady"
// * "AddressNotAssigned"
//
// Controllers may raise this condition with other reasons,
// but should prefer to use the reasons listed above to improve
// interoperability.
// Note: This condition is not really "deprecated", but rather "reserved"; however, deprecated triggers Go linters
// to alert about usage.
// Deprecated: Ready is reserved for future use
GatewayConditionReady GatewayConditionType = "Ready"
// This reason is used with the "Ready" condition when the condition is
// true.
// Deprecated: Ready is reserved for future use
GatewayReasonReady GatewayConditionReason = "Ready"
// This reason is used with the "Ready" condition when one or
// more Listeners have an invalid or unsupported configuration
// and cannot be configured on the Gateway.
GatewayReasonListenersNotValid GatewayConditionReason = "ListenersNotValid"
// This reason is used with the "Ready" condition when one or
// more Listeners are not ready to serve traffic.
// Deprecated: Ready is reserved for future use
GatewayReasonListenersNotReady GatewayConditionReason = "ListenersNotReady"
// This reason is used with the "Ready" condition when none of the requested
// addresses have been assigned to the Gateway. This reason can be used to
// express a range of circumstances, including (but not limited to) IPAM
// address exhaustion, invalid or unsupported address requests, or a named
// address not being found.
GatewayReasonAddressNotAssigned GatewayConditionReason = "AddressNotAssigned"
)
// ListenerStatus is the status associated with a Listener.
@ -744,7 +750,6 @@ const (
//
// * "PortUnavailable"
// * "UnsupportedProtocol"
// * "UnsupportedAddress"
//
// Possible reasons for this condition to be Unknown are:
//
@ -780,14 +785,6 @@ const (
// Listener could not be attached to be Gateway because its
// protocol type is not supported.
ListenerReasonUnsupportedProtocol ListenerConditionReason = "UnsupportedProtocol"
// This reason is used with the "Accepted" condition when the Listener could
// not be attached to the Gateway because the requested address is not
// supported. This reason could be used in a number of instances, including:
//
// * The address is already in use.
// * The type of address is not supported by the implementation.
ListenerReasonUnsupportedAddress ListenerConditionReason = "UnsupportedAddress"
)
const (
@ -869,34 +866,6 @@ const (
// This reason is used with the "Programmed" condition when the condition is
// true.
ListenerReasonProgrammed ListenerConditionReason = "Programmed"
)
const (
// Ready is an optional Condition that has Extended support. When it's set,
// the condition indicates whether the Listener has been configured on the
// Gateway and traffic is ready to flow through the data plane immediately.
//
// Possible reasons for this condition to be True are:
//
// * "Ready"
//
// Possible reasons for this condition to be False are:
//
// * "Invalid"
// * "Pending"
//
// Possible reasons for this condition to be Unknown are:
//
// * "Pending"
//
// Controllers may raise this condition with other reasons,
// but should prefer to use the reasons listed above to improve
// interoperability.
ListenerConditionReady ListenerConditionType = "Ready"
// This reason is used with the "Ready" condition when the condition is
// true.
ListenerReasonReady ListenerConditionReason = "Ready"
// This reason is used with the "Ready" and "Programmed" conditions when the
// Listener is syntactically or semantically invalid.
@ -907,3 +876,22 @@ const (
// online and ready to accept client traffic.
ListenerReasonPending ListenerConditionReason = "Pending"
)
const (
// "Ready" is a condition type reserved for future use. It should not be used by implementations.
// Note: This condition is not really "deprecated", but rather "reserved"; however, deprecated triggers Go linters
// to alert about usage.
//
// If used in the future, "Ready" will represent the final state where all configuration is confirmed good
// _and has completely propagated to the data plane_. That is, it is a _guarantee_ that, as soon as something
// sees the Condition as `true`, then connections will be correctly routed _immediately_.
//
// This is a very strong guarantee, and to date no implementation has satisfied it enough to implement it.
// This reservation can be discussed in the future if necessary.
//
// Deprecated: Ready is reserved for future use
ListenerConditionReady ListenerConditionType = "Ready"
// Deprecated: Ready is reserved for future use
ListenerReasonReady ListenerConditionReason = "Ready"
)

2
vendor/sigs.k8s.io/gateway-api/apis/v1beta1/gatewayclass_types.go generated vendored
View File

@ -42,7 +42,7 @@ import (
// If implementations choose to propagate GatewayClass changes to existing
// Gateways, that MUST be clearly documented by the implementation.
//
// Whenever one or more Gateways are using a GatewayClass, implementations MUST
// Whenever one or more Gateways are using a GatewayClass, implementations SHOULD
// add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the
// associated GatewayClass. This ensures that a GatewayClass associated with a
// Gateway is not deleted while in use.

61
vendor/sigs.k8s.io/gateway-api/apis/v1beta1/httproute_types.go generated vendored
View File

@ -156,10 +156,13 @@ type HTTPRouteRule struct {
// ties. Across all rules specified on applicable Routes, precedence must be
// given to the match with the largest number of:
//
// * Characters in a matching path.
// * Characters in a matching "Exact" path match
// * Characters in a matching "Prefix" path match
// * Header matches.
// * Query param matches.
//
// Note: The precedence of RegularExpression path matches are implementation-specific.
//
// If ties still exist across multiple Routes, matching precedence MUST be
// determined in order of the following criteria, continuing on ties:
//
@ -232,6 +235,8 @@ type HTTPRouteRule struct {
//
// Support: Core for Kubernetes Service
//
// Support: Extended for Kubernetes ServiceImport
//
// Support: Implementation-specific for any other resource
//
// Support for weight: Core
@ -343,12 +348,8 @@ const (
//
// - ":method" - ":" is an invalid character. This means that HTTP/2 pseudo
// headers are not currently supported by this type.
// - "/invalid" - "/" is an invalid character
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=256
// +kubebuilder:validation:Pattern=`^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$`
type HTTPHeaderName string
// - "/invalid" - "/ " is an invalid character
type HTTPHeaderName HeaderName
// HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request
// headers.
@ -449,10 +450,7 @@ type HTTPQueryParamMatch struct {
//
// Users SHOULD NOT route traffic based on repeated query params to guard
// themselves against potential differences in the implementations.
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=256
Name string `json:"name"`
Name HTTPHeaderName `json:"name"`
// Value is the value of HTTP query param to be matched.
//
@ -587,8 +585,7 @@ type HTTPRouteFilter struct {
// Reason of `UnsupportedValue`.
//
// +unionDiscriminator
// +kubebuilder:validation:Enum=RequestHeaderModifier;RequestMirror;RequestRedirect;ExtensionRef
// <gateway:experimental:validation:Enum=RequestHeaderModifier;ResponseHeaderModifier;RequestMirror;RequestRedirect;URLRewrite;ExtensionRef>
// +kubebuilder:validation:Enum=RequestHeaderModifier;ResponseHeaderModifier;RequestMirror;RequestRedirect;URLRewrite;ExtensionRef
Type HTTPRouteFilterType `json:"type"`
// RequestHeaderModifier defines a schema for a filter that modifies request
@ -605,7 +602,6 @@ type HTTPRouteFilter struct {
// Support: Extended
//
// +optional
// <gateway:experimental>
ResponseHeaderModifier *HTTPHeaderFilter `json:"responseHeaderModifier,omitempty"`
// RequestMirror defines a schema for a filter that mirrors requests.
@ -629,7 +625,6 @@ type HTTPRouteFilter struct {
//
// Support: Extended
//
// <gateway:experimental>
// +optional
URLRewrite *HTTPURLRewriteFilter `json:"urlRewrite,omitempty"`
@ -662,7 +657,6 @@ const (
// Support in HTTPRouteRule: Extended
//
// Support in HTTPBackendRef: Extended
// <gateway:experimental>
HTTPRouteFilterResponseHeaderModifier HTTPRouteFilterType = "ResponseHeaderModifier"
// HTTPRouteFilterRequestRedirect can be used to redirect a request to
@ -683,8 +677,6 @@ const (
// Support in HTTPRouteRule: Extended
//
// Support in HTTPBackendRef: Extended
//
// <gateway:experimental>
HTTPRouteFilterURLRewrite HTTPRouteFilterType = "URLRewrite"
// HTTPRouteFilterRequestMirror can be used to mirror HTTP requests to a
@ -821,7 +813,6 @@ const (
)
// HTTPPathModifier defines configuration for path modifiers.
// <gateway:experimental>
type HTTPPathModifier struct {
// Type defines the type of path modifier. Additional types may be
// added in a future release of the API.
@ -833,14 +824,12 @@ type HTTPPathModifier struct {
// Accepted Condition for the Route to `status: False`, with a
// Reason of `UnsupportedValue`.
//
// <gateway:experimental>
// +kubebuilder:validation:Enum=ReplaceFullPath;ReplacePrefixMatch
Type HTTPPathModifierType `json:"type"`
// ReplaceFullPath specifies the value with which to replace the full path
// of a request during a rewrite or redirect.
//
// <gateway:experimental>
// +kubebuilder:validation:MaxLength=1024
// +optional
ReplaceFullPath *string `json:"replaceFullPath,omitempty"`
@ -855,7 +844,6 @@ type HTTPPathModifier struct {
// ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all
// match the prefix `/abc`, but the path `/abcd` would not.
//
// <gateway:experimental>
// +kubebuilder:validation:MaxLength=1024
// +optional
ReplacePrefixMatch *string `json:"replacePrefixMatch,omitempty"`
@ -867,6 +855,9 @@ type HTTPRequestRedirectFilter struct {
// Scheme is the scheme to be used in the value of the `Location` header in
// the response. When empty, the scheme of the request is used.
//
// Scheme redirects can affect the port of the redirect, for more information,
// refer to the documentation for the port field of this filter.
//
// Note that values may be added to this enum, implementations
// must ensure that unknown values will not cause a crash.
//
@ -882,7 +873,7 @@ type HTTPRequestRedirectFilter struct {
// Hostname is the hostname to be used in the value of the `Location`
// header in the response.
// When empty, the hostname of the request is used.
// When empty, the hostname in the `Host` header of the request is used.
//
// Support: Core
//
@ -895,13 +886,29 @@ type HTTPRequestRedirectFilter struct {
//
// Support: Extended
//
// <gateway:experimental>
// +optional
Path *HTTPPathModifier `json:"path,omitempty"`
// Port is the port to be used in the value of the `Location`
// header in the response.
// When empty, port (if specified) of the request is used.
//
// If no port is specified, the redirect port MUST be derived using the
// following rules:
//
// * If redirect scheme is not-empty, the redirect port MUST be the well-known
// port associated with the redirect scheme. Specifically "http" to port 80
// and "https" to port 443. If the redirect scheme does not have a
// well-known port, the listener port of the Gateway SHOULD be used.
// * If redirect scheme is empty, the redirect port MUST be the Gateway
// Listener port.
//
// Implementations SHOULD NOT add the port number in the 'Location'
// header in the following cases:
//
// * A Location header that will use HTTP (whether that is determined via
// the Listener protocol or the Scheme field) _and_ use port 80.
// * A Location header that will use HTTPS (whether that is determined via
// the Listener protocol or the Scheme field) _and_ use port 443.
//
// Support: Extended
//
@ -930,15 +937,12 @@ type HTTPRequestRedirectFilter struct {
// MUST NOT be used on the same Route rule as a HTTPRequestRedirect filter.
//
// Support: Extended
//
// <gateway:experimental>
type HTTPURLRewriteFilter struct {
// Hostname is the value to be used to replace the Host header value during
// forwarding.
//
// Support: Extended
//
// <gateway:experimental>
// +optional
Hostname *PreciseHostname `json:"hostname,omitempty"`
@ -946,7 +950,6 @@ type HTTPURLRewriteFilter struct {
//
// Support: Extended
//
// <gateway:experimental>
// +optional
Path *HTTPPathModifier `json:"path,omitempty"`
}

16
vendor/sigs.k8s.io/gateway-api/apis/v1beta1/object_reference_types.go generated vendored
View File

@ -53,7 +53,7 @@ type SecretObjectReference struct {
// +kubebuilder:default=""
Group *Group `json:"group"`
// Kind is kind of the referent. For example "HTTPRoute" or "Service".
// Kind is kind of the referent. For example "Secret".
//
// +optional
// +kubebuilder:default=Secret
@ -99,9 +99,21 @@ type BackendObjectReference struct {
// +kubebuilder:default=""
Group *Group `json:"group,omitempty"`
// Kind is kind of the referent. For example "HTTPRoute" or "Service".
// Kind is the Kubernetes resource kind of the referent. For example
// "Service".
//
// Defaults to "Service" when not specified.
//
// ExternalName services can refer to CNAME DNS records that may live
// outside of the cluster and as such are difficult to reason about in
// terms of conformance. They also may not be safe to forward to (see
// CVE-2021-25740 for more information). Implementations SHOULD NOT
// support ExternalName Services.
//
// Support: Core (Services with a type other than ExternalName)
//
// Support: Implementation-specific (Services with type ExternalName)
//
// +optional
// +kubebuilder:default=Service
Kind *Kind `json:"kind,omitempty"`

8
vendor/sigs.k8s.io/gateway-api/apis/v1beta1/shared_types.go generated vendored
View File

@ -546,6 +546,14 @@ type AnnotationValue string
// +kubebuilder:validation:Pattern=`^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$`
type AddressType string
// HeaderName is the name of a header or query parameter.
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=256
// +kubebuilder:validation:Pattern=`^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$`
// +k8s:deepcopy-gen=false
type HeaderName string
const (
// A textual representation of a numeric IP address. IPv4
// addresses must be in dotted-decimal form. IPv6 addresses