From aef03b0f83ab8f707006b1de00b9a1d3e5137833 Mon Sep 17 00:00:00 2001 From: revoltez Date: Tue, 20 Aug 2024 09:23:03 +0100 Subject: [PATCH 01/22] feat: add image signing Couldn't call the command directly because it depends on a global variable rootOptions which is necessary for timeout, but that is actually good since we now can have more control over the options Used Cosign instead of the low level sigstore-go because Cosign will eventually depend on and its not going anywhere. --- cmd/trustedpods/deploy.go | 7 + cmd/trustedpods/flags.go | 2 + cmd/trustedpods/upload.go | 7 + go.mod | 252 +++++-- go.sum | 893 ++++++++++++++++-------- pkg/publisher/images.go | 64 ++ test/integration/sigstore/manifest.yaml | 12 + test/integration/sigstore/run-test.sh | 17 + 8 files changed, 908 insertions(+), 346 deletions(-) create mode 100644 pkg/publisher/images.go create mode 100644 test/integration/sigstore/manifest.yaml create mode 100755 test/integration/sigstore/run-test.sh diff --git a/cmd/trustedpods/deploy.go b/cmd/trustedpods/deploy.go index 81eb8c11..eff8b794 100644 --- a/cmd/trustedpods/deploy.go +++ b/cmd/trustedpods/deploy.go @@ -97,6 +97,13 @@ var deployPodCmd = &cobra.Command{ } configureDeployment(deployment) + if sign { + err := publisher.SignPodImages(pod, publisher.DefaultSignOptions()) + if err != nil { + return fmt.Errorf("failed Signing images: %v", err) + } + } + if authorize { // create the keypair that will be accessible for all pods privateKey, err := ecdsa.GenerateKey(crypto.S256(), rand.Reader) diff --git a/cmd/trustedpods/flags.go b/cmd/trustedpods/flags.go index c9a7eb78..ca7d056e 100644 --- a/cmd/trustedpods/flags.go +++ b/cmd/trustedpods/flags.go @@ -27,6 +27,7 @@ var uploadFlags = &pflag.FlagSet{} var ipfsApi string var uploadImages bool var uploadSecrets bool +var sign bool var fundFlags = &pflag.FlagSet{} var ethereumRpc string @@ -65,6 +66,7 @@ var _ = func() error { uploadFlags.StringVar(&ipfsApi, "ipfs", "/ip4/127.0.0.1/tcp/5001", "multiaddr where the ipfs/kubo api can be accessed") uploadFlags.BoolVar(&uploadImages, "upload-images", true, "upload images") uploadFlags.BoolVar(&uploadSecrets, "upload-secrets", true, "upload secrets") + uploadFlags.BoolVar(&sign, "sign-images", false, "sign images") fundFlags.StringVar(ðereumRpc, "ethereum-rpc", "http://127.0.0.1:8545", "ethereum rpc node") fundFlags.StringVar(&publisherKey, "ethereum-key", "", "account string (private key | http[s]://clef#account | /keystore#account | account (in default keystore))") diff --git a/cmd/trustedpods/upload.go b/cmd/trustedpods/upload.go index 59a3ddbe..f55997f3 100644 --- a/cmd/trustedpods/upload.go +++ b/cmd/trustedpods/upload.go @@ -25,6 +25,13 @@ var uploadPodCmd = &cobra.Command{ } configureDeployment(deployment) + if sign { + err := publisher.SignPodImages(pod, publisher.DefaultSignOptions()) + if err != nil { + return fmt.Errorf("failed Signing images: %v", err) + } + } + ipfs, _, err := tpipfs.GetIpfsClient(ipfsApi) if err != nil { return fmt.Errorf("Failed connecting to IPFS: %w", err) diff --git a/go.mod b/go.mod index cf9a88d7..0582f062 100644 --- a/go.mod +++ b/go.mod @@ -1,17 +1,20 @@ module github.com/comrade-coop/apocryph -go 1.21.1 +go 1.22.5 + +toolchain go1.22.6 require ( connectrpc.com/connect v1.14.0 github.com/bufbuild/protoyaml-go v0.1.4 - github.com/containerd/containerd v1.7.14 + github.com/containerd/containerd v1.7.20 github.com/containerd/imgcrypt v1.1.9 github.com/containerd/log v0.1.0 github.com/containerd/nerdctl v1.7.4 - github.com/containers/ocicrypt v1.1.9 + github.com/containers/ocicrypt v1.1.10 github.com/ethereum/go-ethereum v1.13.15 github.com/go-jose/go-jose/v3 v3.0.3 + github.com/golang/protobuf v1.5.4 github.com/gorilla/websocket v1.5.3 github.com/hashicorp/raft v1.6.1 github.com/hashicorp/raft-boltdb/v2 v2.3.0 @@ -25,12 +28,14 @@ require ( github.com/mitchellh/go-homedir v1.1.0 github.com/multiformats/go-multiaddr v0.12.4 github.com/olekukonko/tablewriter v0.0.5 - github.com/opencontainers/image-spec v1.1.0-rc6 - github.com/spf13/cobra v1.8.0 + github.com/opencontainers/image-spec v1.1.0 + github.com/sigstore/cosign/v2 v2.4.0 + github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 - github.com/spf13/viper v1.16.0 + github.com/spf13/viper v1.19.0 golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 - google.golang.org/protobuf v1.34.1 + golang.org/x/net v0.27.0 + google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v2 v2.4.0 k8s.io/api v0.29.0 k8s.io/apimachinery v0.29.0 @@ -40,126 +45,216 @@ require ( require ( buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.31.0-20230914171853-63dfe56cc2c4.1 // indirect + cloud.google.com/go/auth v0.7.3 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect + cloud.google.com/go/compute/metadata v0.5.0 // indirect + cuelabs.dev/go/oci/ociregistry v0.0.0-20240404174027-a39bec0462d2 // indirect + cuelang.org/go v0.9.2 // indirect + filippo.io/edwards25519 v1.1.0 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect + github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect + github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect + github.com/Azure/go-autorest v14.2.0+incompatible // indirect + github.com/Azure/go-autorest/autorest v0.11.29 // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect + github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect + github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect + github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect + github.com/Azure/go-autorest/logger v0.2.1 // indirect + github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/DataDog/zstd v1.5.2 // indirect github.com/Masterminds/semver/v3 v3.2.1 // indirect - github.com/Microsoft/go-winio v0.6.1 // indirect + github.com/Microsoft/go-winio v0.6.2 // indirect github.com/Microsoft/hcsshim v0.12.0-rc.0 // indirect + github.com/OneOfOne/xxhash v1.2.8 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect github.com/StackExchange/wmi v1.2.1 // indirect + github.com/ThalesIgnite/crypto11 v1.2.5 // indirect github.com/VictoriaMetrics/fastcache v1.12.1 // indirect + github.com/agnivade/levenshtein v1.1.1 // indirect + github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect + github.com/alibabacloud-go/cr-20160607 v1.0.1 // indirect + github.com/alibabacloud-go/cr-20181201 v1.0.10 // indirect + github.com/alibabacloud-go/darabonba-openapi v0.2.1 // indirect + github.com/alibabacloud-go/debug v1.0.0 // indirect + github.com/alibabacloud-go/endpoint-util v1.1.1 // indirect + github.com/alibabacloud-go/openapi-util v0.1.0 // indirect + github.com/alibabacloud-go/tea v1.2.1 // indirect + github.com/alibabacloud-go/tea-utils v1.4.5 // indirect + github.com/alibabacloud-go/tea-xml v1.1.3 // indirect + github.com/aliyun/credentials-go v1.3.1 // indirect github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230512164433-5d1fd1a340c9 // indirect github.com/armon/go-metrics v0.4.1 // indirect + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect + github.com/aws/aws-sdk-go-v2 v1.30.3 // indirect + github.com/aws/aws-sdk-go-v2/config v1.27.27 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.27 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect + github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 // indirect + github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 // indirect + github.com/aws/smithy-go v1.20.3 // indirect + github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect github.com/awslabs/soci-snapshotter v0.4.1 // indirect github.com/benbjohnson/clock v1.3.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bits-and-blooms/bitset v1.10.0 // indirect + github.com/blang/semver v3.5.1+incompatible // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/boltdb/bolt v1.3.1 // indirect github.com/btcsuite/btcd/btcec/v2 v2.3.2 // indirect github.com/btcsuite/btcd/chaincfg/chainhash v1.0.2 // indirect github.com/bufbuild/protovalidate-go v0.3.2 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/buildkite/agent/v3 v3.76.2 // indirect + github.com/buildkite/go-pipeline v0.10.0 // indirect + github.com/buildkite/interpolate v0.1.3 // indirect + github.com/buildkite/roko v1.2.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect + github.com/chzyer/readline v1.5.1 // indirect github.com/cilium/ebpf v0.11.0 // indirect + github.com/clbanning/mxj/v2 v2.7.0 // indirect + github.com/cloudflare/circl v1.3.7 // indirect + github.com/cockroachdb/apd/v3 v3.2.1 // indirect github.com/cockroachdb/errors v1.8.1 // indirect github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f // indirect github.com/cockroachdb/pebble v0.0.0-20230928194634-aa077af62593 // indirect github.com/cockroachdb/redact v1.0.8 // indirect github.com/cockroachdb/sentry-go v0.6.1-cockroachdb.2 // indirect github.com/cockroachdb/tokenbucket v0.0.0-20230807174530-cc333fc44b06 // indirect + github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect github.com/consensys/bavard v0.1.13 // indirect github.com/consensys/gnark-crypto v0.12.1 // indirect github.com/containerd/accelerated-container-image v1.0.2 // indirect github.com/containerd/cgroups v1.1.0 // indirect github.com/containerd/cgroups/v3 v3.0.3 // indirect github.com/containerd/console v1.0.3 // indirect + github.com/containerd/containerd/api v1.7.19 // indirect github.com/containerd/continuity v0.4.3 // indirect + github.com/containerd/errdefs v0.1.0 // indirect github.com/containerd/fifo v1.1.0 // indirect github.com/containerd/go-cni v1.1.9 // indirect github.com/containerd/go-runc v1.0.0 // indirect github.com/containerd/nydus-snapshotter v0.13.4 // indirect + github.com/containerd/platforms v0.2.1 // indirect github.com/containerd/stargz-snapshotter v0.15.1 // indirect github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect github.com/containerd/stargz-snapshotter/ipfs v0.15.1 // indirect - github.com/containerd/ttrpc v1.2.3 // indirect + github.com/containerd/ttrpc v1.2.5 // indirect github.com/containerd/typeurl v1.0.3-0.20220422153119-7f6e6d160d67 // indirect github.com/containerd/typeurl/v2 v2.1.1 // indirect github.com/containernetworking/cni v1.1.2 // indirect github.com/containernetworking/plugins v1.4.0 // indirect github.com/coreos/go-iptables v0.7.0 // indirect + github.com/coreos/go-oidc/v3 v3.11.0 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/crackcomm/go-gitignore v0.0.0-20170627025303-887ab5e44cc3 // indirect github.com/crate-crypto/go-ipa v0.0.0-20231025140028-3c0104f4b233 // indirect github.com/crate-crypto/go-kzg-4844 v0.7.0 // indirect + github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect github.com/deckarep/golang-set/v2 v2.1.0 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect github.com/deepmap/oapi-codegen v1.6.0 // indirect + github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect + github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect + github.com/dimchansky/utfbom v1.1.1 // indirect + github.com/distribution/reference v0.6.0 // indirect github.com/djherbis/times v1.5.0 // indirect github.com/docker/cli v25.0.1+incompatible // indirect - github.com/docker/docker v25.0.5+incompatible // indirect + github.com/docker/distribution v2.8.3+incompatible // indirect + github.com/docker/docker v26.1.4+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.0 // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect github.com/docker/go-units v0.5.0 // indirect + github.com/dustin/go-humanize v1.0.1 // indirect github.com/elastic/gosigar v0.14.2 // indirect github.com/emicklei/go-restful/v3 v3.11.2 // indirect + github.com/emicklei/proto v1.12.1 // indirect github.com/ethereum/c-kzg-4844 v0.4.0 // indirect github.com/evanphx/json-patch/v5 v5.8.1 // indirect github.com/facebookgo/atomicfile v0.0.0-20151019160806-2de1f203e7d5 // indirect github.com/fahedouch/go-logrotate v0.2.0 // indirect github.com/fatih/color v1.16.0 // indirect - github.com/felixge/httpsnoop v1.0.3 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect github.com/ferranbt/fastssz v0.1.2 // indirect github.com/fjl/memsize v0.0.2 // indirect github.com/fluent/fluent-logger-golang v1.9.0 // indirect github.com/flynn/noise v1.1.0 // indirect github.com/francoispqt/gojay v1.2.13 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/gabriel-vasile/mimetype v1.4.2 // indirect github.com/gballet/go-libpcsclite v0.0.0-20190607065134-2772fd86a8ff // indirect github.com/gballet/go-verkle v0.1.1-0.20231031103413-a67434b50f46 // indirect - github.com/go-logr/logr v1.4.1 // indirect + github.com/go-chi/chi v4.1.2+incompatible // indirect + github.com/go-ini/ini v1.67.0 // indirect + github.com/go-jose/go-jose/v4 v4.0.2 // indirect + github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-ole/go-ole v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.20.2 // indirect - github.com/go-openapi/jsonreference v0.20.4 // indirect - github.com/go-openapi/swag v0.22.7 // indirect + github.com/go-openapi/analysis v0.23.0 // indirect + github.com/go-openapi/errors v0.22.0 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.21.0 // indirect + github.com/go-openapi/loads v0.22.0 // indirect + github.com/go-openapi/runtime v0.28.0 // indirect + github.com/go-openapi/spec v0.21.0 // indirect + github.com/go-openapi/strfmt v0.23.0 // indirect + github.com/go-openapi/swag v0.23.0 // indirect + github.com/go-openapi/validate v0.24.0 // indirect + github.com/go-piv/piv-go v1.11.0 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect + github.com/gobwas/glob v0.2.3 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect - github.com/gofrs/flock v0.8.1 // indirect + github.com/gofrs/flock v0.12.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb // indirect github.com/google/cel-go v0.18.1 // indirect - github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/certificate-transparency-go v1.2.1 // indirect + github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect github.com/google/go-cmp v0.6.0 // indirect + github.com/google/go-containerregistry v0.20.1 // indirect + github.com/google/go-github/v55 v55.0.0 // indirect + github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/gopacket v1.1.19 // indirect github.com/google/pprof v0.0.0-20240207164012-fb44976bdcd5 // indirect - github.com/google/uuid v1.5.0 // indirect + github.com/google/s2a-go v0.1.8 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect + github.com/gorilla/mux v1.8.1 // indirect github.com/graph-gophers/graphql-go v1.3.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-bexpr v0.1.10 // indirect + github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v1.6.3 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect github.com/hashicorp/go-msgpack/v2 v2.1.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect + github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/golang-lru v1.0.2 // indirect github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect - github.com/hashicorp/hcl v1.0.0 // indirect + github.com/hashicorp/hcl v1.0.1-vault-5 // indirect github.com/holiman/billy v0.0.0-20240216141850-2abb0c79d3c4 // indirect github.com/holiman/bloomfilter/v2 v2.0.3 // indirect github.com/holiman/uint256 v1.2.4 // indirect github.com/huin/goupnp v1.3.0 // indirect github.com/imdario/mergo v0.3.16 // indirect + github.com/in-toto/in-toto-golang v0.9.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/influxdata/influxdb-client-go/v2 v2.4.0 // indirect github.com/influxdata/influxdb1-client v0.0.0-20220302092344-a9ab5670611c // indirect @@ -181,6 +276,8 @@ require ( github.com/jackpal/go-nat-pmp v1.0.2 // indirect github.com/jbenet/go-temp-err-catcher v0.1.0 // indirect github.com/jbenet/goprocess v0.1.4 // indirect + github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.17.8 // indirect @@ -188,6 +285,7 @@ require ( github.com/koron/go-ssdp v0.0.4 // indirect github.com/kr/pretty v0.3.1 // indirect github.com/kr/text v0.2.0 // indirect + github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect github.com/libp2p/go-buffer-pool v0.1.0 // indirect github.com/libp2p/go-cidranger v1.1.0 // indirect github.com/libp2p/go-flow-metrics v0.1.0 // indirect @@ -204,6 +302,7 @@ require ( github.com/libp2p/go-yamux/v4 v4.0.1 // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mailru/easyjson v0.7.7 // indirect + github.com/manifoldco/promptui v0.9.0 // indirect github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect @@ -213,6 +312,7 @@ require ( github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b // indirect github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc // indirect github.com/minio/sha256-simd v1.0.1 // indirect + github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/pointerstructure v1.2.0 // indirect github.com/mmcloughlin/addchain v0.4.0 // indirect @@ -226,6 +326,7 @@ require ( github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/mozillazg/docker-credential-acr-helper v0.3.0 // indirect github.com/mr-tron/base58 v1.2.0 // indirect github.com/muesli/cancelreader v0.2.2 // indirect github.com/multiformats/go-base32 v0.1.0 // indirect @@ -238,15 +339,20 @@ require ( github.com/multiformats/go-multistream v0.5.0 // indirect github.com/multiformats/go-varint v0.0.7 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect + github.com/oklog/ulid v1.3.1 // indirect + github.com/oleiade/reflections v1.0.1 // indirect github.com/onsi/ginkgo/v2 v2.15.0 // indirect + github.com/open-policy-agent/opa v0.67.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/runtime-spec v1.2.0 // indirect github.com/opencontainers/selinux v1.11.0 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect + github.com/pborman/uuid v1.2.1 // indirect github.com/pelletier/go-toml v1.9.5 // indirect - github.com/pelletier/go-toml/v2 v2.1.1 // indirect - github.com/peterh/liner v1.1.1-0.20190123174540-a2c9a5303de7 // indirect + github.com/pelletier/go-toml/v2 v2.2.2 // indirect + github.com/peterh/liner v1.2.2 // indirect github.com/philhofer/fwd v1.1.2 // indirect github.com/pion/datachannel v1.5.6 // indirect github.com/pion/dtls/v2 v2.2.11 // indirect @@ -265,42 +371,65 @@ require ( github.com/pion/turn/v2 v2.1.6 // indirect github.com/pion/webrtc/v3 v3.2.40 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/polydawn/refmt v0.89.0 // indirect github.com/prometheus/client_golang v1.19.1 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.48.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect + github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf // indirect github.com/quic-go/qpack v0.4.0 // indirect github.com/quic-go/quic-go v0.44.0 // indirect github.com/quic-go/webtransport-go v0.8.0 // indirect github.com/raulk/go-watchdog v1.3.0 // indirect + github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect github.com/rivo/uniseg v0.4.4 // indirect - github.com/rogpeppe/go-internal v1.11.0 // indirect + github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/rootless-containers/bypass4netns v0.4.0 // indirect github.com/rootless-containers/rootlesskit v1.1.1 // indirect github.com/rs/cors v1.11.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect + github.com/sagikazarmark/locafero v0.4.0 // indirect + github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/samber/lo v1.39.0 // indirect + github.com/sassoftware/relic v7.2.1+incompatible // indirect + github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect + github.com/segmentio/ksuid v1.0.4 // indirect + github.com/shibumi/go-pathspec v1.3.0 // indirect github.com/shirou/gopsutil v3.21.4-0.20210419000835-c7a38de76ee5+incompatible // indirect + github.com/sigstore/fulcio v1.5.1 // indirect + github.com/sigstore/protobuf-specs v0.3.2 // indirect + github.com/sigstore/rekor v1.3.6 // indirect + github.com/sigstore/sigstore v1.8.8 // indirect + github.com/sigstore/sigstore-go v0.5.1 // indirect + github.com/sigstore/timestamp-authority v1.2.2 // indirect github.com/sirupsen/logrus v1.9.3 // indirect + github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect + github.com/sourcegraph/conc v0.3.0 // indirect github.com/spaolacci/murmur3 v1.1.0 // indirect - github.com/spf13/afero v1.9.5 // indirect - github.com/spf13/cast v1.5.1 // indirect - github.com/spf13/jwalterweatherman v1.1.0 // indirect + github.com/spf13/afero v1.11.0 // indirect + github.com/spf13/cast v1.6.0 // indirect + github.com/spiffe/go-spiffe/v2 v2.3.0 // indirect github.com/status-im/keycard-go v0.2.0 // indirect - github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 // indirect + github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect github.com/stoewer/go-strcase v1.3.0 // indirect github.com/stretchr/testify v1.9.0 // indirect - github.com/subosito/gotenv v1.4.2 // indirect + github.com/subosito/gotenv v1.6.0 // indirect github.com/supranational/blst v0.3.11 // indirect github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect + github.com/tchap/go-patricia/v2 v2.3.1 // indirect + github.com/thales-e-security/pool v0.0.2 // indirect + github.com/theupdateframework/go-tuf v0.7.0 // indirect + github.com/theupdateframework/go-tuf/v2 v2.0.0 // indirect github.com/tidwall/gjson v1.17.0 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.0 // indirect github.com/tinylib/msgp v1.1.8 // indirect + github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect + github.com/tjfoc/gmsm v1.4.1 // indirect github.com/tklauser/go-sysconf v0.3.12 // indirect github.com/tklauser/numcpus v0.6.1 // indirect + github.com/transparency-dev/merkle v0.0.2 // indirect github.com/tyler-smith/go-bip39 v1.1.0 // indirect github.com/ugorji/go/codec v1.2.12 // indirect github.com/urfave/cli/v2 v2.25.7 // indirect @@ -309,49 +438,58 @@ require ( github.com/vishvananda/netns v0.0.4 // indirect github.com/whyrusleeping/base32 v0.0.0-20170828182744-c30ac30633cc // indirect github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 // indirect + github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1 // indirect + github.com/xanzy/go-gitlab v0.107.0 // indirect + github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect + github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect + github.com/yashtewari/glob-intersection v0.2.0 // indirect github.com/yuchanns/srslog v1.1.0 // indirect - go.etcd.io/bbolt v1.3.7 // indirect + github.com/zeebo/errs v1.3.0 // indirect + go.etcd.io/bbolt v1.3.10 // indirect + go.mongodb.org/mongo-driver v1.14.0 // indirect go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect - go.opentelemetry.io/otel v1.19.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect + go.opentelemetry.io/otel v1.28.0 // indirect go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.19.0 // indirect - go.opentelemetry.io/otel/metric v1.19.0 // indirect - go.opentelemetry.io/otel/trace v1.19.0 // indirect + go.opentelemetry.io/otel/metric v1.28.0 // indirect + go.opentelemetry.io/otel/sdk v1.28.0 // indirect + go.opentelemetry.io/otel/trace v1.28.0 // indirect + go.step.sm/crypto v0.51.1 // indirect go.uber.org/dig v1.17.1 // indirect go.uber.org/fx v1.22.1 // indirect go.uber.org/mock v0.4.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect go4.org v0.0.0-20230225012048-214862532bf5 // indirect - golang.org/x/crypto v0.23.0 // indirect - golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.25.0 // indirect - golang.org/x/oauth2 v0.16.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/crypto v0.25.0 // indirect + golang.org/x/mod v0.19.0 // indirect + golang.org/x/oauth2 v0.22.0 // indirect + golang.org/x/sync v0.8.0 // indirect + golang.org/x/sys v0.22.0 // indirect + golang.org/x/term v0.22.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.21.0 // indirect + golang.org/x/tools v0.23.0 // indirect gonum.org/v1/gonum v0.14.0 // indirect - google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac // indirect - google.golang.org/grpc v1.60.1 // indirect + google.golang.org/api v0.190.0 // indirect + google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect + google.golang.org/grpc v1.65.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/klog/v2 v2.110.1 // indirect + k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 // indirect - k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect + k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect lukechampine.com/blake3 v1.2.2 // indirect rsc.io/tmplfunc v0.0.3 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/release-utils v0.8.4 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index b9790cb5..5581fc68 100644 --- a/go.sum +++ b/go.sum @@ -9,55 +9,95 @@ cloud.google.com/go v0.37.0/go.mod h1:TS1dMSSfndXH133OKGwekG838Om/cQT0BUHV3HcBgo cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= +cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= +cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= +cloud.google.com/go/auth v0.7.3 h1:98Vr+5jMaCZ5NZk6e/uBgf60phTk/XN84r8QEWB9yjY= +cloud.google.com/go/auth v0.7.3/go.mod h1:HJtWUx1P5eqjy/f6Iq5KeytNpbAcGolPhOgyop2LlzA= +cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI= +cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= +cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= +cloud.google.com/go/iam v1.1.12 h1:JixGLimRrNGcxvJEQ8+clfLxPlbeZA6MuRJ+qJNQ5Xw= +cloud.google.com/go/iam v1.1.12/go.mod h1:9LDX8J7dN5YRyzVHxwQzrQs9opFFqn0Mxs9nAeB+Hhg= +cloud.google.com/go/kms v1.18.4 h1:dYN3OCsQ6wJLLtOnI8DGUwQ5shMusXsWCCC+s09ATsk= +cloud.google.com/go/kms v1.18.4/go.mod h1:SG1bgQ3UWW6/KdPo9uuJnzELXY5YTTMJtDYvajiQ22g= +cloud.google.com/go/longrunning v0.5.11 h1:Havn1kGjz3whCfoD8dxMLP73Ph5w+ODyZB9RUsDxtGk= +cloud.google.com/go/longrunning v0.5.11/go.mod h1:rDn7//lmlfWV1Dx6IB4RatCPenTwwmqXuiP0/RgoEO4= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= connectrpc.com/connect v1.14.0 h1:PDS+J7uoz5Oui2VEOMcfz6Qft7opQM9hPiKvtGC01pA= connectrpc.com/connect v1.14.0/go.mod h1:uoAq5bmhhn43TwhaKdGKN/bZcGtzPW1v+ngDTn5u+8s= +cuelabs.dev/go/oci/ociregistry v0.0.0-20240404174027-a39bec0462d2 h1:BnG6pr9TTr6CYlrJznYUDj6V7xldD1W+1iXPum0wT/w= +cuelabs.dev/go/oci/ociregistry v0.0.0-20240404174027-a39bec0462d2/go.mod h1:pK23AUVXuNzzTpfMCA06sxZGeVQ/75FdVtW249de9Uo= +cuelang.org/go v0.9.2 h1:pfNiry2PdRBr02G/aKm5k2vhzmqbAOoaB4WurmEbWvs= +cuelang.org/go v0.9.2/go.mod h1:qpAYsLOf7gTM1YdEg6cxh553uZ4q9ZDWlPbtZr9q1Wk= dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU= dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4= dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU= +filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= +filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 h1:59MxjQVfjXsBpLy+dbd2/ELV5ofnUkUZBvWSC85sheA= github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU= +github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d h1:zjqpY4C7H15HjRPEenkS4SAn3Jy2eRRjkjZbGR30TOg= +github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d/go.mod h1:XNqJ7hv2kY++g8XEHREpi+JqZo3+0l+CH2egBVN4yqM= +github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 h1:8+4G8JaejP8Xa6W46PzJEwisNgBXMvFcz78N6zG/ARw= +github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0/go.mod h1:GgeIE+1be8Ivm7Sh4RgwI42aTtC9qrcj+Y9Y6CjJhJs= github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 h1:cTp8I5+VIoKjsnZuH8vjyaysT/ses3EvZeaV/1UkF2M= github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= +github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= +github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 h1:GJHeeA2N7xrG3q30L2UXDyuWRzDM900/65j70wcM4Ww= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 h1:DRiANoJTiW6obBQe3SqZizkuV1PEgfiiGivmVocDy64= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0/go.mod h1:qLIye2hwb/ZouqhpSD9Zn3SJipvpEnz1Ywl3VUk9Y0s= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= +github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= +github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= +github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw= +github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs= +github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= +github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= +github.com/Azure/go-autorest/autorest/adal v0.9.23 h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8= +github.com/Azure/go-autorest/autorest/adal v0.9.23/go.mod h1:5pcMqFkdPhviJdlEy3kC/v1ZLnQl0MH6XA5YCcMhy4c= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 h1:wkAZRgT/pn8HhFyzfe9UnqOjJYqlembgCTi72Bm/xKk= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.12/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 h1:w77/uPk80ZET2F+AfQExZyEWtn+0Rk/uw17m9fv5Ajc= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.6/go.mod h1:piCfgPho7BiIDdEQ1+g4VmKyD5y+p/XtSNqE6Hc4QD0= +github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= +github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= +github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw= +github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= +github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= +github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= +github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= +github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= +github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= @@ -73,15 +113,23 @@ github.com/Jorropo/jsync v1.0.1 h1:6HgRolFZnsdfzRUj+ImB9og1JYOxQoReSywkHOGSaUU= github.com/Jorropo/jsync v1.0.1/go.mod h1:jCOZj3vrBCri3bSU3ErUYvevKlnbssrXeCivybS5ABQ= github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= -github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= +github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= +github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/Microsoft/hcsshim v0.12.0-rc.0 h1:wX/F5huJxH9APBkhKSEAqaiZsuBvbbDnyBROZAqsSaY= github.com/Microsoft/hcsshim v0.12.0-rc.0/go.mod h1:rvOnw3YlfoNnEp45wReUngvsXbwRW+AFQ10GVjG1kMU= +github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= +github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= +github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE= +github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/Shopify/goreferrer v0.0.0-20181106222321-ec9c9a553398/go.mod h1:a1uqRtAwp2Xwc6WNPJEufxJ7fx3npB4UV/JOLmbu5I0= github.com/StackExchange/wmi v1.2.1 h1:VIkavFPXSjcnS+O8yTq7NI32k0R5Aj+v39y29VYDOSA= github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8= +github.com/ThalesIgnite/crypto11 v1.2.5 h1:1IiIIEqYmBvUYFeMnHqRft4bwf/O36jryEUpY+9ef8E= +github.com/ThalesIgnite/crypto11 v1.2.5/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE= github.com/VictoriaMetrics/fastcache v1.12.1 h1:i0mICQuojGDL3KblA7wUNlY5lOK6a4bwt3uRKnkZU40= github.com/VictoriaMetrics/fastcache v1.12.1/go.mod h1:tX04vaqcNoQeGLD+ra5pU5sWkuxnzWhEzLwhP9w653o= +github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= +github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -89,16 +137,104 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 h1:s6gZFSlWYmbqAuRjVTiNNhvNRfY2Wxp9nhfyel4rklc= github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= +github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0= +github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/alexbrainman/goissue34681 v0.0.0-20191006012335-3fc7a47baff5 h1:iW0a5ljuFxkLGPNem5Ui+KBjFJzKg4Fv2fnxe4dvzpM= github.com/alexbrainman/goissue34681 v0.0.0-20191006012335-3fc7a47baff5/go.mod h1:Y2QMoi1vgtOIfc+6DhrMOGkLoGzqSV2rKp4Sm+opsyA= +github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.2/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc= +github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 h1:iC9YFYKDGEy3n/FtqJnOkZsene9olVspKmkX5A2YBEo= +github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc= +github.com/alibabacloud-go/cr-20160607 v1.0.1 h1:WEnP1iPFKJU74ryUKh/YDPHoxMZawqlPajOymyNAkts= +github.com/alibabacloud-go/cr-20160607 v1.0.1/go.mod h1:QHeKZtZ3F3FOE+/uIXCBAp8POwnUYekpLwr1dtQa5r0= +github.com/alibabacloud-go/cr-20181201 v1.0.10 h1:B60f6S1imsgn2fgC6X6FrVNrONDrbCT0NwYhsJ0C9/c= +github.com/alibabacloud-go/cr-20181201 v1.0.10/go.mod h1:VN9orB/w5G20FjytoSpZROqu9ZqxwycASmGqYUJSoDc= +github.com/alibabacloud-go/darabonba-openapi v0.1.12/go.mod h1:sTAjsFJmVsmcVeklL9d9uDBlFsgl43wZ6jhI6BHqHqU= +github.com/alibabacloud-go/darabonba-openapi v0.1.14/go.mod h1:w4CosR7O/kapCtEEMBm3JsQqWBU/CnZ2o0pHorsTWDI= +github.com/alibabacloud-go/darabonba-openapi v0.2.1 h1:WyzxxKvhdVDlwpAMOHgAiCJ+NXa6g5ZWPFEzaK/ewwY= +github.com/alibabacloud-go/darabonba-openapi v0.2.1/go.mod h1:zXOqLbpIqq543oioL9IuuZYOQgHQ5B8/n5OPrnko8aY= +github.com/alibabacloud-go/darabonba-string v1.0.0/go.mod h1:93cTfV3vuPhhEwGGpKKqhVW4jLe7tDpo3LUM0i0g6mA= +github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68/go.mod h1:6pb/Qy8c+lqua8cFpEy7g39NRRqOWc3rOwAy8m5Y2BY= +github.com/alibabacloud-go/debug v1.0.0 h1:3eIEQWfay1fB24PQIEzXAswlVJtdQok8f3EVN5VrBnA= +github.com/alibabacloud-go/debug v1.0.0/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc= +github.com/alibabacloud-go/endpoint-util v1.1.0/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= +github.com/alibabacloud-go/endpoint-util v1.1.1 h1:ZkBv2/jnghxtU0p+upSU0GGzW1VL9GQdZO3mcSUTUy8= +github.com/alibabacloud-go/endpoint-util v1.1.1/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= +github.com/alibabacloud-go/openapi-util v0.0.9/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws= +github.com/alibabacloud-go/openapi-util v0.0.10/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws= +github.com/alibabacloud-go/openapi-util v0.0.11/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws= +github.com/alibabacloud-go/openapi-util v0.1.0 h1:0z75cIULkDrdEhkLWgi9tnLe+KhAFE/r5Pb3312/eAY= +github.com/alibabacloud-go/openapi-util v0.1.0/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws= +github.com/alibabacloud-go/tea v1.1.0/go.mod h1:IkGyUSX4Ba1V+k4pCtJUc6jDpZLFph9QMy2VUPTwukg= +github.com/alibabacloud-go/tea v1.1.7/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4= +github.com/alibabacloud-go/tea v1.1.8/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4= +github.com/alibabacloud-go/tea v1.1.11/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4= +github.com/alibabacloud-go/tea v1.1.17/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A= +github.com/alibabacloud-go/tea v1.1.19/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A= +github.com/alibabacloud-go/tea v1.2.1 h1:rFF1LnrAdhaiPmKwH5xwYOKlMh66CqRwPUTzIK74ask= +github.com/alibabacloud-go/tea v1.2.1/go.mod h1:qbzof29bM/IFhLMtJPrgTGK3eauV5J2wSyEUo4OEmnA= +github.com/alibabacloud-go/tea-utils v1.3.1/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE= +github.com/alibabacloud-go/tea-utils v1.3.9/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE= +github.com/alibabacloud-go/tea-utils v1.4.3/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw= +github.com/alibabacloud-go/tea-utils v1.4.5 h1:h0/6Xd2f3bPE4XHTvkpjwxowIwRCJAJOqY6Eq8f3zfA= +github.com/alibabacloud-go/tea-utils v1.4.5/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw= +github.com/alibabacloud-go/tea-xml v1.1.2/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8= +github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0= +github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8= +github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw= +github.com/aliyun/credentials-go v1.3.1 h1:uq/0v7kWrxmoLGpqjx7vtQ/s03f0zR//0br/xWDTE28= +github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156 h1:eMwmnE/GDgah4HI848JfFxHt+iPb26b4zyfspmqY0/8= github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156/go.mod h1:Cb/ax3seSYIx7SuZdm2G2xzfwmv3TPSk2ucNfQESPXM= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230512164433-5d1fd1a340c9 h1:goHVqTbFX3AIo0tzGr14pgfAW2ZfPChKO21Z9MGf/gk= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230512164433-5d1fd1a340c9/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= +github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= +github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA= github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= +github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= +github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM= +github.com/aws/aws-sdk-go-v2 v1.30.3 h1:jUeBtG0Ih+ZIFH0F4UkmL9w3cSpaMv9tYYDbzILP8dY= +github.com/aws/aws-sdk-go-v2 v1.30.3/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc= +github.com/aws/aws-sdk-go-v2/config v1.27.27 h1:HdqgGt1OAP0HkEDDShEl0oSYa9ZZBSOmKpdpsDMdO90= +github.com/aws/aws-sdk-go-v2/config v1.27.27/go.mod h1:MVYamCg76dFNINkZFu4n4RjDixhVr51HLj4ErWzrVwg= +github.com/aws/aws-sdk-go-v2/credentials v1.17.27 h1:2raNba6gr2IfA0eqqiP2XiQ0UVOpGPgDSi0I9iAP+UI= +github.com/aws/aws-sdk-go-v2/credentials v1.17.27/go.mod h1:gniiwbGahQByxan6YjQUMcW4Aov6bLC3m+evgcoN4r4= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 h1:KreluoV8FZDEtI6Co2xuNk/UqI9iwMrOx/87PBNIKqw= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11/go.mod h1:SeSUYBLsMYFoRvHE0Tjvn7kbxaUhl75CJi1sbfhMxkU= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 h1:SoNJ4RlFEQEbtDcCEt+QG56MY4fm4W8rYirAmq+/DdU= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15/go.mod h1:U9ke74k1n2bf+RIgoX1SXFed1HLs51OgUSs+Ph0KJP8= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 h1:C6WHdGnTDIYETAm5iErQUiVNsclNx9qbJVPIt03B6bI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15/go.mod h1:ZQLZqhcu+JhSrA9/NXRm8SkDvsycE+JkV3WGY41e+IM= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= +github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 h1:y6LX9GUoEA3mO0qpFl1ZQHj1rFyPWVphlzebiSt2tKE= +github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2/go.mod h1:Q0LcmaN/Qr8+4aSBrdrXXePqoX0eOuYpJLbYpilmWnA= +github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 h1:PpbXaecV3sLAS6rjQiaKw4/jyq3Z8gNzmoJupHAoBp0= +github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2/go.mod h1:fUHpGXr4DrXkEDpGAjClPsviWf+Bszeb0daKE0blxv8= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvGhSoaIhRseqw2I0yH81l7wiR2vjs57O51EAm8= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3/go.mod h1:GlAeCkHwugxdHaueRr4nhPuY+WW+gR8UjlcqzPr1SPI= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 h1:HGErhhrxZlQ044RiM+WdoZxp0p+EGM62y3L6pwA4olE= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17/go.mod h1:RkZEx4l0EHYDJpWppMJ3nD9wZJAa8/0lq9aVC+r2UII= +github.com/aws/aws-sdk-go-v2/service/kms v1.35.3 h1:UPTdlTOwWUX49fVi7cymEN6hDqCwe3LNv1vi7TXUutk= +github.com/aws/aws-sdk-go-v2/service/kms v1.35.3/go.mod h1:gjDP16zn+WWalyaUqwCCioQ8gU8lzttCCc9jYsiQI/8= +github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 h1:BXx0ZIxvrJdSgSvKTZ+yRBeSqqgPM89VPlulEcl37tM= +github.com/aws/aws-sdk-go-v2/service/sso v1.22.4/go.mod h1:ooyCOXjvJEsUw7x+ZDHeISPMhtwI3ZCB7ggFMcFfWLU= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 h1:yiwVzJW2ZxZTurVbYWA7QOrAaCYQR72t0wrSBfoesUE= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4/go.mod h1:0oxfLkpz3rQ/CHlx5hB7H69YUpFiI1tql6Q6Ne+1bCw= +github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 h1:ZsDKRLXGWHk8WdtyYMoGNO7bTudrvuKpDKgMVRlepGE= +github.com/aws/aws-sdk-go-v2/service/sts v1.30.3/go.mod h1:zwySh8fpFyXp9yOr/KVzxOl8SRqgf/IDw5aUt9UKFcQ= +github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= +github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE= +github.com/aws/smithy-go v1.20.3/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= +github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 h1:SoFYaT9UyGkR0+nogNyD/Lj+bsixB+SNuAS4ABlEs6M= +github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8/go.mod h1:2JF49jcDOrLStIXN/j/K1EKRq8a8R2qRnlZA6/o/c7c= github.com/awslabs/soci-snapshotter v0.4.1 h1:f1TdTG5QZ1B6umgSPQfM1pSXDlMZu+raCKWP4QkRYL8= github.com/awslabs/soci-snapshotter v0.4.1/go.mod h1:faOXa3a6SsMRln4misZi82nAa4ez8Nu9i5N39kQyukY= github.com/aymerick/raymond v2.0.3-0.20180322193309-b565731e1464+incompatible/go.mod h1:osfaiScAUVup+UC9Nfq76eWqDhXlp+4UYaA8uhTBO6g= @@ -112,6 +248,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bits-and-blooms/bitset v1.10.0 h1:ePXTeiPEazB5+opbv5fr8umg2R/1NlzgDsyepwsSr88= github.com/bits-and-blooms/bitset v1.10.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8= +github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= +github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY= @@ -128,8 +266,21 @@ github.com/bufbuild/protovalidate-go v0.3.2/go.mod h1:ywZqKUjMhQA8fmhsc+0DUlMfan github.com/bufbuild/protoyaml-go v0.1.4 h1:wPSKIb/DkHwUK71Dqw5cUkLpohWD7JY+TeLBbrlN8nM= github.com/bufbuild/protoyaml-go v0.1.4/go.mod h1:6G7eGacFmps/ilH7uyfjv18HQ74Feri8I5dZi7XMs1o= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/buildkite/agent/v3 v3.76.2 h1:SweFq3e0N20RikWsVeOXzTjfr0AoOskxm9c0bcNyI0E= +github.com/buildkite/agent/v3 v3.76.2/go.mod h1:9ffbmJD7d7C/nOcElj6Qm+uIj1QoYh3NNvka4rkKkss= +github.com/buildkite/go-pipeline v0.10.0 h1:EDffu+LfMY2k5u+iEdo6Jn3obGKsrL5wicc1O/yFeRs= +github.com/buildkite/go-pipeline v0.10.0/go.mod h1:eMH1kiav5VeiTiu0Mk2/M7nZhKyFeL4iGj7Y7rj4f3w= +github.com/buildkite/interpolate v0.1.3 h1:OFEhqji1rNTRg0u9DsSodg63sjJQEb1uWbENq9fUOBM= +github.com/buildkite/interpolate v0.1.3/go.mod h1:UNVe6A+UfiBNKbhAySrBbZFZFxQ+DXr9nWen6WVt/A8= +github.com/buildkite/roko v1.2.0 h1:hbNURz//dQqNl6Eo9awjQOVOZwSDJ8VEbBDxSfT9rGQ= +github.com/buildkite/roko v1.2.0/go.mod h1:23R9e6nHxgedznkwwfmqZ6+0VJZJZ2Sg/uVcp2cP46I= +github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= +github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= +github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= +github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M= +github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/ceramicnetwork/go-dag-jose v0.1.0 h1:yJ/HVlfKpnD3LdYP03AHyTvbm3BpPiz2oZiOeReJRdU= github.com/ceramicnetwork/go-dag-jose v0.1.0/go.mod h1:qYA1nYt0X8u4XoMAVoOV3upUVKtrxy/I670Dg5F0wjI= @@ -138,20 +289,35 @@ github.com/cespare/cp v0.1.0/go.mod h1:SOGHArjBr4JWaSDEVpWpo/hNg6RoKrls6Oh40hiwW github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 h1:krfRl01rzPzxSxyLyrChD+U+MzsBXbm0OwYYB67uF+4= +github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589/go.mod h1:OuDyvmLnMCwa2ep4Jkm6nyA0ocJuZlGyk2gGseVzERM= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/logex v1.2.1 h1:XHDu3E6q+gdHgsdTPH6ImJMIp436vR6MPtH8gP05QzM= +github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/readline v1.5.1 h1:upd/6fQk4src78LMRzh5vItIt361/o4uq553V8B5sGI= +github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/chzyer/test v1.0.0 h1:p3BQDXSxOhOG0P9z6/hGnII4LGiEPOYBhs8asl/fC04= +github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8= github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs= github.com/cilium/ebpf v0.11.0 h1:V8gS/bTCCjX9uUnkUFUpPsksM8n1lXBAvHcpiFk1X2Y= github.com/cilium/ebpf v0.11.0/go.mod h1:WE7CZAnqOL2RouJ4f1uyNhqr2P4CCvXFIqdRDUgWsVs= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= +github.com/clbanning/mxj/v2 v2.5.5/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s= +github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyME= +github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cockroachdb/apd/v3 v3.2.1 h1:U+8j7t0axsIgvQUqthuNm82HIrYXodOV2iWLWtEaIwg= +github.com/cockroachdb/apd/v3 v3.2.1/go.mod h1:klXJcjp+FffLTHlhIG69tezTDvdP065naDsHzKhYSqc= github.com/cockroachdb/datadriven v1.0.0/go.mod h1:5Ib8Meh+jk1RlHIXej6Pzevx/NLlNvQB9pmSBZErGA4= github.com/cockroachdb/datadriven v1.0.3-0.20230413201302-be42291fc80f h1:otljaYPt5hWxV3MUfO5dFPFiOXg9CyG5/kCfayTqsJ4= github.com/cockroachdb/datadriven v1.0.3-0.20230413201302-be42291fc80f/go.mod h1:a9RdTaap04u637JoCzcUoIcDmvwSUtcUFtT/C3kJlTU= @@ -168,7 +334,11 @@ github.com/cockroachdb/sentry-go v0.6.1-cockroachdb.2 h1:IKgmqgMQlVJIZj19CdocBeS github.com/cockroachdb/sentry-go v0.6.1-cockroachdb.2/go.mod h1:8BT+cPK6xvFOcRlk0R8eg+OTkcqI6baNH4xAkpiYVvQ= github.com/cockroachdb/tokenbucket v0.0.0-20230807174530-cc333fc44b06 h1:zuQyyAKVxetITBuuhv3BI9cMrmStnpT18zmgmTxunpo= github.com/cockroachdb/tokenbucket v0.0.0-20230807174530-cc333fc44b06/go.mod h1:7nc4anLGjupUW/PeY5qiNYsdNXj7zopG+eqsS7To5IQ= +github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE= +github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4= github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0/go.mod h1:4Zcjuz89kmFXt9morQgcfYZAYZ5n8WHjt81YYWIwtTM= +github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ= +github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be/go.mod h1:mk5IQ+Y0ZeO87b858TlA645sVcEcbiX6YqP98kt+7+w= github.com/consensys/bavard v0.1.13 h1:oLhMLOFGTLdlda/kma4VOJazblc7IM5y5QPd2A/YjhQ= github.com/consensys/bavard v0.1.13/go.mod h1:9ItSMtA/dXMAiL7BG6bqW2m3NdSEObYWoH223nGHukI= github.com/consensys/gnark-crypto v0.12.1 h1:lHH39WuuFgVHONRl3J0LRBtuYdQTumFSDtJF7HpyG8M= @@ -183,10 +353,14 @@ github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2 github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw= github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= -github.com/containerd/containerd v1.7.14 h1:H/XLzbnGuenZEGK+v0RkwTdv2u1QFAruMe5N0GNPJwA= -github.com/containerd/containerd v1.7.14/go.mod h1:YMC9Qt5yzNqXx/fO4j/5yYVIHXSRrlB3H7sxkUTvspg= +github.com/containerd/containerd v1.7.20 h1:Sl6jQYk3TRavaU83h66QMbI2Nqg9Jm6qzwX57Vsn1SQ= +github.com/containerd/containerd v1.7.20/go.mod h1:52GsS5CwquuqPuLncsXwG0t2CiUce+KsNHJZQJvAgR0= +github.com/containerd/containerd/api v1.7.19 h1:VWbJL+8Ap4Ju2mx9c9qS1uFSB1OVYr5JJrW2yT5vFoA= +github.com/containerd/containerd/api v1.7.19/go.mod h1:fwGavl3LNwAV5ilJ0sbrABL44AQxmNjDRcwheXDb6Ig= github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8= github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= +github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM= +github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0= github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY= github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o= github.com/containerd/go-cni v1.1.9 h1:ORi7P1dYzCwVM6XPN4n3CbkuOx/NZ2DOqy+SHRdo9rU= @@ -201,14 +375,16 @@ github.com/containerd/nerdctl v1.7.4 h1:1X5JEDwdjFHw3ddOuHu1CkULatcnZX+6u49Xqah2 github.com/containerd/nerdctl v1.7.4/go.mod h1:q/2RzzdEhQCwl3HWjm560dwG6qrXmes18ble+5krZn0= github.com/containerd/nydus-snapshotter v0.13.4 h1:veTQCgpfRGdPD031dVNGlU+vK/W9vBhZNlMWR9oupiQ= github.com/containerd/nydus-snapshotter v0.13.4/go.mod h1:y41TM10lXhskfHHvge7kf1VucM4CeWwsCmQ5Q51UJrc= +github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= +github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= github.com/containerd/stargz-snapshotter v0.15.1 h1:fpsP4kf/Z4n2EYnU0WT8ZCE3eiKDwikDhL6VwxIlgeA= github.com/containerd/stargz-snapshotter v0.15.1/go.mod h1:74D+J1m1RMXytLmWxegXWhtOSRHPWZKpKc2NdK3S+us= github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU= github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk= github.com/containerd/stargz-snapshotter/ipfs v0.15.1 h1:MMWRYrTu2iVOn9eRJqEer7v0eg34xY2uFZxbrrm2iCY= github.com/containerd/stargz-snapshotter/ipfs v0.15.1/go.mod h1:DvrczCWAJnbTOau8txguZXDZdA7r39O3/Aj2olx+Q90= -github.com/containerd/ttrpc v1.2.3 h1:4jlhbXIGvijRtNC8F/5CpuJZ7yKOBFGFOOXg1bkISz0= -github.com/containerd/ttrpc v1.2.3/go.mod h1:ieWsXucbb8Mj9PH0rXCw1i8IunRbbAiDkpXkbfflWBM= +github.com/containerd/ttrpc v1.2.5 h1:IFckT1EFQoFBMG4c3sMdT8EP3/aKfumK1msY+Ze4oLU= +github.com/containerd/ttrpc v1.2.5/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o= github.com/containerd/typeurl v1.0.3-0.20220422153119-7f6e6d160d67 h1:rQvjv7gRi6Ki/NS/U9oLZFhqyk4dh/GH2M3o/4BRkMM= github.com/containerd/typeurl v1.0.3-0.20220422153119-7f6e6d160d67/go.mod h1:HDkcKOXRnX6yKnXv3P0QrogFi0DoiauK/LpQi961f0A= github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= @@ -217,12 +393,14 @@ github.com/containernetworking/cni v1.1.2 h1:wtRGZVv7olUHMOqouPpn3cXJWpJgM6+EUl3 github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw= github.com/containernetworking/plugins v1.4.0 h1:+w22VPYgk7nQHw7KT92lsRmuToHvb7wwSv9iTbXzzic= github.com/containernetworking/plugins v1.4.0/go.mod h1:UYhcOyjefnrQvKvmmyEKsUA+M9Nfn7tqULPpH0Pkcj0= -github.com/containers/ocicrypt v1.1.9 h1:2Csfba4jse85Raxk5HIyEk8OwZNjRvfkhEGijOjIdEM= -github.com/containers/ocicrypt v1.1.9/go.mod h1:dTKx1918d8TDkxXvarscpNVY+lyPakPNFN4jwA9GBys= +github.com/containers/ocicrypt v1.1.10 h1:r7UR6o8+lyhkEywetubUUgcKFjOWOaWz8cEBrCPX0ic= +github.com/containers/ocicrypt v1.1.10/go.mod h1:YfzSSr06PTHQwSTUKqDSjish9BeW1E4HUmreluQcMd8= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-iptables v0.7.0 h1:XWM3V+MPRr5/q51NuWSgU0fqMad64Zyxs8ZUoMsamr8= github.com/coreos/go-iptables v0.7.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= +github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI= +github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= @@ -231,8 +409,8 @@ github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSV github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= -github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/crackcomm/go-gitignore v0.0.0-20170627025303-887ab5e44cc3 h1:HVTnpeuvF6Owjd5mniCL8DEXo7uYXdQEmOP4FJbV5tg= github.com/crackcomm/go-gitignore v0.0.0-20170627025303-887ab5e44cc3/go.mod h1:p1d6YEZWvFzEh4KLyvBcVSnrfNDDvK2zfK/4x2v/4pE= github.com/crate-crypto/go-ipa v0.0.0-20231025140028-3c0104f4b233 h1:d28BXYi+wUpz1KBmiF9bWrjEMacUEREV6MBi2ODnrfQ= @@ -240,16 +418,21 @@ github.com/crate-crypto/go-ipa v0.0.0-20231025140028-3c0104f4b233/go.mod h1:geZJ github.com/crate-crypto/go-kzg-4844 v0.7.0 h1:C0vgZRk4q4EZ/JgPfzuSoxdCq3C3mOZMBShovmncxvA= github.com/crate-crypto/go-kzg-4844 v0.7.0/go.mod h1:1kMhvPgI0Ky3yIa+9lFySEBUBXkYxeOi8ZF1sYioxhc= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= -github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= +github.com/creack/pty v1.1.19 h1:tUN6H7LWqNx4hQVxomd0CVsDwaDr9gaRQaI4GpSmrsA= +github.com/creack/pty v1.1.19/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/cskr/pubsub v1.0.2 h1:vlOzMhl6PFn60gRlTQQsIfVwaPB/B/8MziK8FhEPt/0= github.com/cskr/pubsub v1.0.2/go.mod h1:/8MzYXk/NJAz782G8RPkFzXTZVu63VotefPnR9TIRis= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= +github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 h1:2Dx4IHfC1yHWI12AxQDJM1QbRCDfk6M+blLzlZCXdrc= +github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE= +github.com/danieljoos/wincred v1.2.0/go.mod h1:FzQLLMKBFdvu+osBrnFODiv32YGwCfx0SkRa/eYHgec= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c h1:pFUpOrbxDR6AkioZ1ySsx5yxlDQZ8stG2b88gTPxgJU= github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c/go.mod h1:6UhI8N9EjYm1c2odKpFpAYeR8dsBeM7PtzQhRgxRr9U= github.com/deckarep/golang-set/v2 v2.1.0 h1:g47V4Or+DUdzbs8FxCCmgb6VYd+ptPAngjM6dtGktsI= @@ -260,19 +443,36 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnN github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= github.com/deepmap/oapi-codegen v1.6.0 h1:w/d1ntwh91XI0b/8ja7+u5SvA4IFfM0UNNLmiDR1gg0= github.com/deepmap/oapi-codegen v1.6.0/go.mod h1:ryDa9AgbELGeB+YEXE1dR53yAjHwFvE9iAUlWl9Al3M= +github.com/depcheck-test/depcheck-test v0.0.0-20220607135614-199033aaa936 h1:foGzavPWwtoyBvjWyKJYDYsyzy+23iBV7NKTwdk+LRY= +github.com/depcheck-test/depcheck-test v0.0.0-20220607135614-199033aaa936/go.mod h1:ttKPnOepYt4LLzD+loXQ1rT6EmpyIYHro7TAJuIIlHo= github.com/dgraph-io/badger v1.6.0/go.mod h1:zwt7syl517jmP8s94KqSxTlM6IMsdhYy6psNgSztDR4= github.com/dgraph-io/badger v1.6.2 h1:mNw0qs90GVgGGWylh0umH5iag1j6n/PeJtNvL6KY/x8= github.com/dgraph-io/badger v1.6.2/go.mod h1:JW2yswe3V058sS0kZ2h/AXeDSqFjxnZcRrVH//y2UQE= -github.com/dgraph-io/ristretto v0.0.2 h1:a5WaUrDa0qm0YrAAS1tUykT5El3kt62KNZZeMxQn3po= -github.com/dgraph-io/ristretto v0.0.2/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= +github.com/dgraph-io/badger/v3 v3.2103.5 h1:ylPa6qzbjYRQMU6jokoj4wzcaweHylt//CH0AKt0akg= +github.com/dgraph-io/badger/v3 v3.2103.5/go.mod h1:4MPiseMeDQ3FNCYwRbbcBOGJLf5jsE0PPFzRiKjtcdw= +github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8= +github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= +github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g= +github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= +github.com/digitorus/pkcs7 v0.0.0-20230713084857-e76b763bdc49/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc= +github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 h1:ge14PCmCvPjpMQMIAH7uKg0lrtNSOdpYsRXlwk3QbaE= +github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc= +github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 h1:lxmTCgmHE1GUYL7P0MlNa00M67axePTq+9nBSGddR8I= +github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7/go.mod h1:GvWntX9qiTlOud0WkQ6ewFm0LPy5JUR1Xo0Ngbd1w6Y= +github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= +github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= +github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= +github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/djherbis/times v1.5.0 h1:79myA211VwPhFTqUk8xehWrsEO+zcIZj0zT8mXPVARU= github.com/djherbis/times v1.5.0/go.mod h1:5q7FDLvbNg1L/KaBmPcWlVR9NmoKo3+ucqUA3ijQhA0= github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbTO1lpcGSkU= github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/docker v25.0.5+incompatible h1:UmQydMduGkrD5nQde1mecF/YnSbTOaPeFIeP5C4W+DE= -github.com/docker/docker v25.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= +github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/docker v26.1.4+incompatible h1:vuTpXDuoga+Z38m1OZHzl7NKisKWaWlhjQk7IDPSLsU= +github.com/docker/docker v26.1.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8= github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -291,14 +491,14 @@ github.com/elastic/gosigar v0.14.2 h1:Dg80n8cr90OZ7x+bAax/QjoW/XqTI11RmA79ZwIm9/ github.com/elastic/gosigar v0.14.2/go.mod h1:iXRIGg2tLnu7LBdpqzyQfGDEidKCfWcCMS0WKyPWoMs= github.com/emicklei/go-restful/v3 v3.11.2 h1:1onLa9DcsMYO9P+CXaL0dStDqQ2EHHXLiz+BtnqkLAU= github.com/emicklei/go-restful/v3 v3.11.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/proto v1.12.1 h1:6n/Z2pZAnBwuhU66Gs8160B8rrrYKo7h2F2sCOnNceE= +github.com/emicklei/proto v1.12.1/go.mod h1:rn1FgRS/FANiZdD2djyH7TMA9jdRDcYQ9IEN9yvjX0A= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= -github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= +github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A= +github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= github.com/etcd-io/bbolt v1.3.3/go.mod h1:ZF2nL25h33cCyBtcyWeZ2/I3HQOfTP+0PIEvHjkjCrw= github.com/ethereum/c-kzg-4844 v0.4.0 h1:3MS1s4JtA868KpJxroZoepdV0ZKBp3u/O5HcZ7R3nlY= github.com/ethereum/c-kzg-4844 v0.4.0/go.mod h1:VewdlzQmpT5QSrVhbBuGoCdFJkpaJlO1aQputP83wc0= @@ -315,8 +515,8 @@ github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYF github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= -github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= -github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/ferranbt/fastssz v0.1.2 h1:Dky6dXlngF6Qjc+EfDipAkE83N5I5DE68bY6O0VLNPk= github.com/ferranbt/fastssz v0.1.2/go.mod h1:X5UPrE2u1UJjxHA8X54u04SBwdAQjG2sFtWs39YxyWs= github.com/fjl/memsize v0.0.2 h1:27txuSD9or+NZlnOWdKUxeBzTAUkWCVh+4Gf2dWFOzA= @@ -327,6 +527,10 @@ github.com/fluent/fluent-logger-golang v1.9.0/go.mod h1:2/HCT/jTy78yGyeNGQLGQsjF github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/flynn/noise v1.1.0 h1:KjPQoQCEFdZDiP03phOvGi11+SVVhBG2wOWAorLsstg= github.com/flynn/noise v1.1.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag= +github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= +github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= +github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI= +github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= @@ -336,8 +540,8 @@ github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4 github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU= -github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA= +github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= +github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= github.com/gavv/httpexpect v2.0.0+incompatible/go.mod h1:x+9tiU1YnrOvnB725RkpoLv1M62hOWzwo5OXotisrKc= github.com/gballet/go-libpcsclite v0.0.0-20190607065134-2772fd86a8ff h1:tY80oXqGNY4FhTFhk+o9oFHGINQ/+vhlm8HFzi6znCI= github.com/gballet/go-libpcsclite v0.0.0-20190607065134-2772fd86a8ff/go.mod h1:x7DCsMOv1taUwEWCzT4cmDeAkigA5/QCwUodaVOe8Ww= @@ -349,23 +553,27 @@ github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3/go.mod h1:VJ0WA2NB github.com/gin-gonic/gin v1.4.0/go.mod h1:OW2EZn3DO8Ln9oIKOvM++LBO+5UPHJJDH72/q/3rZdM= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-check/check v0.0.0-20180628173108-788fd7840127/go.mod h1:9ES+weclKsC9YodN5RgxqK/VD9HM9JsCSh7rNhMZE98= +github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= +github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk= github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= +github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= +github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= @@ -374,19 +582,45 @@ github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab/go.mod h1:/P9AE github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE= github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78= +github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU= +github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo= +github.com/go-openapi/errors v0.22.0 h1:c4xY/OLxUBSTiepAg3j/MHuAv5mJhnf53LLMWFB+u/w= +github.com/go-openapi/errors v0.22.0/go.mod h1:J3DmZScxCDufmIMsdOuDHxJbdOGC0xtUynjIx092vXE= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= -github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= -github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= -github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= +github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco= +github.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs= +github.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ= +github.com/go-openapi/runtime v0.28.0/go.mod h1:QN7OzcS+XuYmkQLw05akXk0jRH/eZ3kb18+1KwW9gyc= +github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY= +github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk= +github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c= +github.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.22.7 h1:JWrc1uc/P9cSomxfnsFSVWoE1FW6bNbrVPmpQYpCcR8= -github.com/go-openapi/swag v0.22.7/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58= +github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ= +github.com/go-piv/piv-go v1.11.0 h1:5vAaCdRTFSIW4PeqMbnsDlUZ7odMYWnHBDGdmtU/Zhg= +github.com/go-piv/piv-go v1.11.0/go.mod h1:NZ2zmjVkfFaL/CF8cVQ/pXdXtuj110zEKGdJM6fJZZM= +github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI= +github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= +github.com/go-rod/rod v0.116.2 h1:A5t2Ky2A+5eD/ZJQr1EfsQSe5rms5Xof/qj296e+ZqA= +github.com/go-rod/rod v0.116.2/go.mod h1:H+CMO9SCNc2TJ2WfrG+pKhITz57uGNYU43qYHh438Mg= +github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= +github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= +github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/go-yaml/yaml v2.1.0+incompatible/go.mod h1:w2MrLa16VYP0jy6N7M5kHaCkaLENm+P+Tv+MfurjSw0= +github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= +github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo= github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM= @@ -394,8 +628,8 @@ github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= -github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= +github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E= +github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0= github.com/gogo/googleapis v0.0.0-20180223154316-0cd9801be74a/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= @@ -403,9 +637,15 @@ github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/gogo/status v1.1.0/go.mod h1:BFv9nrluPLmrS0EmGVvLaPNmRosr9KapBYd5/hpY1WM= +github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= +github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/glog v1.2.1 h1:OptwRhECazUx5ix5TTWC3EZhsZEHWcYWY4FQHTIubm4= +github.com/golang/glog v1.2.1/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -416,15 +656,10 @@ github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfb github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= @@ -435,8 +670,8 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb h1:PBC98N2aIaM3XXiurYmW7fx4GZkL8feAMVq7nEjURHk= github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -446,61 +681,73 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/cel-go v0.18.1 h1:V/lAXKq4C3BYLDy/ARzMtpkEEYfHQpZzVyzy69nEUjs= github.com/google/cel-go v0.18.1/go.mod h1:PVAybmSnWkNMUZR/tEWFUiJ1Np4Hz0MHsZJcgC4zln4= -github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= -github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/certificate-transparency-go v1.2.1 h1:4iW/NwzqOqYEEoCBEFP+jPbBXbLqMpq3CifMyOnDUME= +github.com/google/certificate-transparency-go v1.2.1/go.mod h1:bvn/ytAccv+I6+DGkqpvSsEdiVGramgaSC6RD3tEmeE= +github.com/google/flatbuffers v23.5.26+incompatible h1:M9dgRyhJemaM4Sw8+66GHBu8ioaQmyPLg1b8VwK5WJg= +github.com/google/flatbuffers v23.5.26+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= +github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU= +github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49/go.mod h1:BkkQ4L1KS1xMt2aWSPStnn55ChGC0DPOn2FQYj+f25M= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-containerregistry v0.20.1 h1:eTgx9QNYugV4DN5mz4U8hiAGTi1ybXn0TPi4Smd8du0= +github.com/google/go-containerregistry v0.20.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= +github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg= +github.com/google/go-github/v55 v55.0.0/go.mod h1:JLahOTA1DnXzhxEymmFF5PP2tSS9JVNj68mSZNDwskA= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= +github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= +github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8= github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20240207164012-fb44976bdcd5 h1:E/LAvt58di64hlYjx7AsNS6C/ysHWYo+2qPCZKTQhRo= github.com/google/pprof v0.0.0-20240207164012-fb44976bdcd5/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= +github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= +github.com/google/tink/go v1.7.0 h1:6Eox8zONGebBFcCBqkVmt60LaWZa6xg1cl/DwAh/J1w= +github.com/google/tink/go v1.7.0/go.mod h1:GAUOd+QE3pgj9q8VKIGTCP33c/B7eb4NhxLcgTJZStM= +github.com/google/trillian v1.6.0 h1:jMBeDBIkINFvS2n6oV5maDqfRlxREAc6CW9QYWQ0qT4= +github.com/google/trillian v1.6.0/go.mod h1:Yu3nIMITzNhhMJEHjAtp6xKiu+H/iHu2Oq5FjV2mCWI= +github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU= -github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= +github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= +github.com/googleapis/gax-go v2.0.0+incompatible h1:j0GKcs05QVmm7yesiZq2+9cxHkNK9YM6zKx4D2qucQU= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= +github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= +github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gopherjs/gopherjs v0.0.0-20190430165422-3e4dfb77656c h1:7lF+Vz0LqiRidnzC1Oq86fpX1q/iEv2KJdrCtttYjT4= -github.com/gopherjs/gopherjs v0.0.0-20190430165422-3e4dfb77656c/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00 h1:l5lAOZEym3oK3SQ2HBHWsJUfbNBiTXJDeW2QDxw9AQ0= +github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= +github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= @@ -508,14 +755,17 @@ github.com/graph-gophers/graphql-go v1.3.0 h1:Eb9x/q6MFpCLz7jBCiP/WTxjSDrYLR1QY4 github.com/graph-gophers/graphql-go v1.3.0/go.mod h1:9CQHMSxwO4MprSdzoIEobiHpoLtHm77vfxsvsIN5Vuc= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 h1:RtRsiaGvWxcwd8y3BiRZxsylPT8hLWZ5SPcfI+3IDNk= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0/go.mod h1:TzP6duP4Py2pHLVPPQp42aoYI92+PCrVotyR5e8Vqlk= +github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-bexpr v0.1.10 h1:9kuI5PFotCboP3dkDYFr/wi0gg0QVbSNz5oFRpxn4uE= github.com/hashicorp/go-bexpr v0.1.10/go.mod h1:oxlubA2vC/gFVfX1A6JGp7ls7uCDlfJn732ehYYg+g0= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= +github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= @@ -528,6 +778,16 @@ github.com/hashicorp/go-msgpack/v2 v2.1.2/go.mod h1:upybraOAblm4S7rx0+jeNy+CWWhz github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= +github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 h1:UpiO20jno/eV1eVZcxqWnUohyKRe1g8FPV/xH1s/2qs= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= +github.com/hashicorp/go-sockaddr v1.0.5 h1:dvk7TIXCZpmfOlM+9mlcrWmWjw/wlKT+VDq2wMvfPJU= +github.com/hashicorp/go-sockaddr v1.0.5/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1 h1:fv1ep09latC32wFoVwnqcnKJGnMSdBanPczbHAYm1BE= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= @@ -538,20 +798,25 @@ github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iP github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= -github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= +github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/hashicorp/raft v1.6.1 h1:v/jm5fcYHvVkL0akByAp+IDdDSzCNCGhdO6VdB56HIM= github.com/hashicorp/raft v1.6.1/go.mod h1:N1sKh6Vn47mrWvEArQgILTyng8GoDRNYlgKyK7PMjs0= github.com/hashicorp/raft-boltdb v0.0.0-20230125174641-2a8082862702 h1:RLKEcCuKcZ+qp2VlaaZsYZfLOmIiuJNpEi48Rl8u9cQ= github.com/hashicorp/raft-boltdb v0.0.0-20230125174641-2a8082862702/go.mod h1:nTakvJ4XYq45UXtn0DbwR4aU9ZdjlnIenpbs6Cd+FM0= github.com/hashicorp/raft-boltdb/v2 v2.3.0 h1:fPpQR1iGEVYjZ2OELvUHX600VAK5qmdnDEv3eXOwZUA= github.com/hashicorp/raft-boltdb/v2 v2.3.0/go.mod h1:YHukhB04ChJsLHLJEUD6vjFyLX2L3dsX3wPBZcX4tmc= +github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU= +github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk= github.com/holiman/billy v0.0.0-20240216141850-2abb0c79d3c4 h1:X4egAf/gcS1zATw6wn4Ej8vjuVGxeHdan+bRb2ebyv4= github.com/holiman/billy v0.0.0-20240216141850-2abb0c79d3c4/go.mod h1:5GuXa7vkL8u9FkFuWdVvfR5ix8hRB7DbOAaYULamFpc= github.com/holiman/bloomfilter/v2 v2.0.3 h1:73e0e/V0tCydx14a0SCYS/EWCxgwLZ18CZcZKVu0fao= github.com/holiman/bloomfilter/v2 v2.0.3/go.mod h1:zpoh+gs7qcpqrHr3dB55AMiJwo0iURXE7ZOP9L9hSkA= github.com/holiman/uint256 v1.2.4 h1:jUc4Nk8fm9jZabQuqr2JzednajVmBpC+oiTiXZJEApU= github.com/holiman/uint256 v1.2.4/go.mod h1:EOMSn4q6Nyt9P6efbI3bueV4e1b3dGlUCXeiRV4ng7E= +github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb28sjiS3i7tcKCkflWFEkHfuAgM= +github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huin/goupnp v1.3.0 h1:UvLUlWDNpoUdYzb2TCn+MuTWtcjXKSza2n6CBdQ0xXc= github.com/huin/goupnp v1.3.0/go.mod h1:gnGPsThkYa7bFi/KWmEysQRf48l2dvR5bxr2OFckNX8= @@ -561,6 +826,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1: github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/imkira/go-interpol v1.1.0/go.mod h1:z0h2/2T3XF8kyEPpRgJ3kmNv+C43p+I/CoI+jC3w2iA= +github.com/in-toto/in-toto-golang v0.9.0 h1:tHny7ac4KgtsfrG6ybU8gVOZux2H8jN05AXJ9EBM1XU= +github.com/in-toto/in-toto-golang v0.9.0/go.mod h1:xsBVrVsHNsB61++S6Dy2vWosKhuA3lUTQd+eF9HdeMo= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= @@ -657,11 +924,22 @@ github.com/jbenet/go-temp-err-catcher v0.1.0 h1:zpb3ZH6wIE8Shj2sKS+khgRvf7T7RABo github.com/jbenet/go-temp-err-catcher v0.1.0/go.mod h1:0kJRvmDZXNMIiJirNPEYfhpPwbGVtZVWC34vc5WLsDk= github.com/jbenet/goprocess v0.1.4 h1:DRGOFReOMqqDNXwW70QkacFW0YN9QnwLV0Vqk+3oU0o= github.com/jbenet/goprocess v0.1.4/go.mod h1:5yspPrukOVuOLORacaBi858NqyClJPQxYZlqdZVfqY4= +github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 h1:TMtDYDHKYY15rFihtRfck/bfFqNfvcabqvXAFQfAUpY= +github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267/go.mod h1:h1nSAbGFqGVzn6Jyl1R/iCcBUHN4g+gW1u9CoBTrb9E= github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= +github.com/jellydator/ttlcache/v3 v3.2.0 h1:6lqVJ8X3ZaUwvzENqPAobDsXNExfUJd61u++uW8a3LE= +github.com/jellydator/ttlcache/v3 v3.2.0/go.mod h1:hi7MGFdMAwZna5n2tuvh63DvFLzVKySzCVW6+0gA2n4= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= +github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= @@ -692,7 +970,6 @@ github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZY github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/koron/go-ssdp v0.0.4 h1:1IDwrghSKYM7yLf7XCzbByg2sJ/JcNOZRXS2jczTwz0= github.com/koron/go-ssdp v0.0.4/go.mod h1:oDXq+E5IL5q0U8uSBcoAXzTzInwy5lEgC91HoKtbmZk= -github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= @@ -711,6 +988,10 @@ github.com/labstack/echo/v4 v4.2.1/go.mod h1:AA49e0DZ8kk5jTOOCKNuPR6oTnBS0dYiM4F github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k= github.com/leanovate/gopter v0.2.9 h1:fQjYxZaynp97ozCzfOyOuAGOU4aU/z37zf/tOujFk7c= github.com/leanovate/gopter v0.2.9/go.mod h1:U2L/78B+KVFIx2VmW6onHJQzXtFb+p5y3y2Sh+Jxxv8= +github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec h1:2tTW6cDth2TSgRbAhD7yjZzTQmcN25sDRPEeinR51yQ= +github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec/go.mod h1:TmwEoGCwIti7BCeJ9hescZgRtatxRE+A72pCoPfmcfk= +github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= +github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/libp2p/go-buffer-pool v0.1.0 h1:oK4mSFcQz7cTQIfqbe4MIj9gLW+mnanjyFtc6cdF0Y8= github.com/libp2p/go-buffer-pool v0.1.0/go.mod h1:N+vh8gMqimBzdKkSMVuydVDq+UV5QTWy5HSiZacSbPg= github.com/libp2p/go-cidranger v1.1.0 h1:ewPN8EZ0dd1LSnrtuwd4709PXVcITVeuwbag38yPW7c= @@ -766,6 +1047,8 @@ github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA= +github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg= github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd h1:br0buuQ854V8u83wA0rVZ8ttrq5CpaPZdvrK0LP2lOk= github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd/go.mod h1:QuCEs1Nt24+FYQEqAAncTDPJIuGs+LxK1MCiFL25pMU= github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ= @@ -798,6 +1081,7 @@ github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/le github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= +github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mikioh/tcp v0.0.0-20190314235350-803a9b46060c h1:bzE/A84HN25pxAuk9Eej1Kz9OUelF97nAc82bDquQI8= @@ -812,6 +1096,8 @@ github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dz github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= +github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= @@ -845,6 +1131,8 @@ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3Rllmb github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ= +github.com/mozillazg/docker-credential-acr-helper v0.3.0 h1:DVWFZ3/O8BP6Ue3iS/Olw+G07u1hCq1EOVCDZZjCIBI= +github.com/mozillazg/docker-credential-acr-helper v0.3.0/go.mod h1:cZlu3tof523ujmLuiNUb6JsjtHcNA70u1jitrrdnuyA= github.com/mr-tron/base58 v1.1.2/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc= github.com/mr-tron/base58 v1.1.3/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc= github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o= @@ -885,10 +1173,17 @@ github.com/nats-io/nkeys v0.0.2/go.mod h1:dab7URMsZm6Z/jp9Z5UGa87Uutgc2mVpXLC4B7 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= +github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 h1:Up6+btDp321ZG5/zdSLo48H9Iaq0UQGthrhWC6pCxzE= +github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481/go.mod h1:yKZQO8QE2bHlgozqWDiRVqTFlLQSj30K/6SAK8EeYFw= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY= github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc= +github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= +github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= +github.com/oleiade/reflections v1.0.1 h1:D1XO3LVEYroYskEsoSiGItp9RUxG6jWnCVvrqH0HHQM= +github.com/oleiade/reflections v1.0.1/go.mod h1:rdFxbxq4QXVZWj0F+e9jqjDkc7dbp97vkRixKo2JR60= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= @@ -906,10 +1201,12 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= github.com/onsi/gomega v1.31.0 h1:54UJxxj6cPInHS3a35wm6BK/F9nHYueZ1NVujHDrnXE= github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk= +github.com/open-policy-agent/opa v0.67.0 h1:FOdsO9yNhfmrh+72oVK7ImWmzruG+VSpfbr5IBqEWVs= +github.com/open-policy-agent/opa v0.67.0/go.mod h1:aqKlHc8E2VAAylYE9x09zJYr/fYzGX+JKne89UGqFzk= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58yxX1Ov9HERHNqU= -github.com/opencontainers/image-spec v1.1.0-rc6/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= +github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= +github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= @@ -925,15 +1222,17 @@ github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0Mw github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 h1:onHthvaw9LFnH4t2DcNVpwGmV9E1BkGknEliJkfwQj0= github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58/go.mod h1:DXv8WO4yhMYhSNPKjeNKa5WY9YCIEBRbNzFFPJbWO6Y= +github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw= +github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml/v2 v2.1.1 h1:LWAJwfNvjQZCFIDKWYQaM62NcYeYViCmWIwmOStowAI= -github.com/pelletier/go-toml/v2 v2.1.1/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= +github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= +github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= github.com/petar/GoLLRB v0.0.0-20210522233825-ae3b015fd3e9 h1:1/WtZae0yGtPq+TI6+Tv1WTxkukpXeMlviSxvL7SRgk= github.com/petar/GoLLRB v0.0.0-20210522233825-ae3b015fd3e9/go.mod h1:x3N5drFsm2uilKKuuYo6LdyD8vZAW55sH/9w+pbo1sw= -github.com/peterh/liner v1.1.1-0.20190123174540-a2c9a5303de7 h1:oYW+YCJ1pachXTQmzR3rNLYGGz4g/UgFcjb28p/viDM= -github.com/peterh/liner v1.1.1-0.20190123174540-a2c9a5303de7/go.mod h1:CRroGNssyjTd/qIG2FyxByd2S8JEAZXBl4qUrZf8GS0= +github.com/peterh/liner v1.2.2 h1:aJ4AOodmL+JxOZZEL2u9iJf8omNRpqHc/EbrK+3mAXw= +github.com/peterh/liner v1.2.2/go.mod h1:xFwJyiKIXJZUKItq5dGHZSTBRAuG/CpeNpWLyiNRNwI= github.com/philhofer/fwd v1.1.2 h1:bnDivRJ1EWPjUIRXV5KfORO897HTbpFAQddBdE8t7Gw= github.com/philhofer/fwd v1.1.2/go.mod h1:qkPdfjR2SIEbspLqpe1tO4n5yICnr2DY7mqEx2tUTP0= github.com/pingcap/errors v0.11.4 h1:lFuQV/oaUMGcD2tqt+01ROSmJs75VG1ToEOkZIZ4nE4= @@ -982,14 +1281,16 @@ github.com/pion/turn/v2 v2.1.6 h1:Xr2niVsiPTB0FPtt+yAWKFUkU1eotQbGgpTIld4x1Gc= github.com/pion/turn/v2 v2.1.6/go.mod h1:huEpByKKHix2/b9kmTAM3YoX6MKP+/D//0ClgUYR2fY= github.com/pion/webrtc/v3 v3.2.40 h1:Wtfi6AZMQg+624cvCXUuSmrKWepSB7zfgYDOYqsSOVU= github.com/pion/webrtc/v3 v3.2.40/go.mod h1:M1RAe3TNTD1tzyvqHrbVODfwdPGSXOUo/OgpoGGJqFY= +github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= +github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/polydawn/refmt v0.89.0 h1:ADJTApkvkeBZsN0tBTx8QjpD9JkmxbKp0cxfr9qszm4= github.com/polydawn/refmt v0.89.0/go.mod h1:/zvteZs/GwLtCgZ4BL6CBsk9IKIlexP43ObX9AxTqTw= github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= @@ -1007,14 +1308,16 @@ github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQy github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= -github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= -github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf h1:014O62zIzQwvoD7Ekj3ePDF5bv9Xxy0w6AZk0qYbjUk= +github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf/go.mod h1:jgxiZysxFPM+iWKwQwPR+y+Jvo54ARd4EisXxKYpB5c= github.com/prysmaticlabs/gohashtree v0.0.1-alpha.0.20220714111606-acbb2962fb48 h1:cSo6/vk8YpvkLbk9v3FO97cakNmUoxwi2KMP8hd5WIw= github.com/prysmaticlabs/gohashtree v0.0.1-alpha.0.20220714111606-acbb2962fb48/go.mod h1:4pWaT30XoEx1j8KNJf3TV+E3mQkaufn7mf+jRNb/Fuk= github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo= @@ -1025,13 +1328,15 @@ github.com/quic-go/webtransport-go v0.8.0 h1:HxSrwun11U+LlmwpgM1kEqIqH90IT4N8auv github.com/quic-go/webtransport-go v0.8.0/go.mod h1:N99tjprW432Ut5ONql/aUhSLT0YVSlwHohQsuac9WaM= github.com/raulk/go-watchdog v1.3.0 h1:oUmdlHxdkXRJlwfG0O9omj8ukerm8MEQavSiDTEtBsk= github.com/raulk/go-watchdog v1.3.0/go.mod h1:fIvOnLbF0b0ZwkB9YU4mOW9Did//4vPZtDqv66NfsMU= +github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= +github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rootless-containers/bypass4netns v0.4.0 h1:7pcI4XWnOMQkgCsPKMXxMzQKhZUjaQ8J1n+eIYiHS0Y= github.com/rootless-containers/bypass4netns v0.4.0/go.mod h1:RPNWMSRT951DMtq9Xv72IZoJPWFeJL6Wg5pF79Lkano= github.com/rootless-containers/rootlesskit v1.1.1 h1:F5psKWoWY9/VjZ3ifVcaosjvFZJOagX85U22M0/EQZE= @@ -1044,11 +1349,29 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/rwcarlsen/goexif v0.0.0-20190401172101-9e8deecbddbd/go.mod h1:hPqNNc0+uJM6H+SuU8sEs5K5IQeKccPqeSjfgcKGgPk= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= +github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= +github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= +github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ= +github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4= +github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= +github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA= github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= +github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A= +github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk= +github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgmZlUv4= +github.com/sassoftware/relic/v7 v7.6.2/go.mod h1:kjmP0IBVkJZ6gXeAu35/KCEfca//+PKM6vTAsyDPY+k= github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw= +github.com/secure-systems-lab/go-securesystemslib v0.8.0 h1:mr5An6X45Kb2nddcFlbmfHkLguCE9laoZCUzEEpIZXA= +github.com/secure-systems-lab/go-securesystemslib v0.8.0/go.mod h1:UH2VZVuJfCYR8WgMlCU1uFsOUU+KeyrTWcSS73NBOzU= +github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c= +github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= +github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= +github.com/shibumi/go-pathspec v1.3.0 h1:QUyMZhFo0Md5B8zV8x2tesohbb5kfbpTi9rBnKh5dkI= +github.com/shibumi/go-pathspec v1.3.0/go.mod h1:Xutfslp817l2I1cZvgcfeMQJG5QnU2lh5tVaaMCl3jE= github.com/shirou/gopsutil v3.21.4-0.20210419000835-c7a38de76ee5+incompatible h1:Bn1aCHHRnjv4Bl16T8rcaFjYSrGrIZvpiGO6P3Q4GpU= github.com/shirou/gopsutil v3.21.4-0.20210419000835-c7a38de76ee5+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY= @@ -1074,47 +1397,77 @@ github.com/shurcooL/sanitized_anchor_name v0.0.0-20170918181015-86672fcb3f95/go. github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/shurcooL/users v0.0.0-20180125191416-49c67e49c537/go.mod h1:QJTqeLYEDaXHZDBsXlPCDqdhQuJkuw4NOtaxYe3xii4= github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5kWdCj2z2KEozexVbfEZIWiTjhE0+UjmZgPqehw= +github.com/sigstore/cosign/v2 v2.4.0 h1:2NdidNgClg+oXr/fDIr37E/BE6j00gqgUhSiBK2kjSQ= +github.com/sigstore/cosign/v2 v2.4.0/go.mod h1:j+fH1DCUkcn92qp6ezDj4JbGMri6eG1nLJC+hs64rvc= +github.com/sigstore/fulcio v1.5.1 h1:Iasy1zfNjaq8BV4S8o6pXspLDU28PQC2z07GmOu9zpM= +github.com/sigstore/fulcio v1.5.1/go.mod h1:W1A/UHrTopy1IBZPMtHmxg7GPYAu+vt5dRXM3W6yjPo= +github.com/sigstore/protobuf-specs v0.3.2 h1:nCVARCN+fHjlNCk3ThNXwrZRqIommIeNKWwQvORuRQo= +github.com/sigstore/protobuf-specs v0.3.2/go.mod h1:RZ0uOdJR4OB3tLQeAyWoJFbNCBFrPQdcokntde4zRBA= +github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8= +github.com/sigstore/rekor v1.3.6/go.mod h1:JDTSNNMdQ/PxdsS49DJkJ+pRJCO/83nbR5p3aZQteXc= +github.com/sigstore/sigstore v1.8.8 h1:B6ZQPBKK7Z7tO3bjLNnlCMG+H66tO4E/+qAphX8T/hg= +github.com/sigstore/sigstore v1.8.8/go.mod h1:GW0GgJSCTBJY3fUOuGDHeFWcD++c4G8Y9K015pwcpDI= +github.com/sigstore/sigstore-go v0.5.1 h1:5IhKvtjlQBeLnjKkzMELNG4tIBf+xXQkDzhLV77+/8Y= +github.com/sigstore/sigstore-go v0.5.1/go.mod h1:TuOfV7THHqiDaUHuJ5+QN23RP/YoKmsbwJpY+aaYPN0= +github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.8 h1:2zHmUvaYCwV6LVeTo+OAkTm8ykOGzA9uFlAjwDPAUWM= +github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.8/go.mod h1:OEhheBplZinUsm7W9BupafztVZV3ldkAxEHbpAeC0Pk= +github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.8 h1:RKk4Z+qMaLORUdT7zntwMqKiYAej1VQlCswg0S7xNSY= +github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.8/go.mod h1:dMJdlBWKHMu2xf0wIKpbo7+QfG+RzVkBB3nHP8EMM5o= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.8 h1:89Xtxj8oqZt3UlSpCP4wApFvnQ2Z/dgowW5QOVhQigI= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.8/go.mod h1:Wa4xn/H3pU/yW/6tHiMXTpObBtBSGC5q29KYFEPKN6o= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.8 h1:Zte3Oogkd8m+nu2oK3yHtGmN++TZWh2Lm6q2iSprT1M= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.8/go.mod h1:j00crVw6ki4/WViXflw0zWgNALrAzZT+GbIK8v7Xlz4= +github.com/sigstore/timestamp-authority v1.2.2 h1:X4qyutnCQqJ0apMewFyx+3t7Tws00JQ/JonBiu3QvLE= +github.com/sigstore/timestamp-authority v1.2.2/go.mod h1:nEah4Eq4wpliDjlY342rXclGSO7Kb9hoRrl9tqLW13A= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA= +github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= +github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= +github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo= github.com/smartystreets/assertions v1.2.0 h1:42S6lae5dvLc7BrLu/0ugRtcFVjoJNMC/N3yZFZkDFs= github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg= github.com/smartystreets/goconvey v1.7.2/go.mod h1:Vw0tHAZW6lzCRk3xgdin6fKYcG+G3Pg9vgXWeJpQFMM= github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= +github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= +github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI= github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM= -github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= +github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= +github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA= -github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48= +github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= +github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= -github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= -github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= -github.com/spf13/viper v1.16.0 h1:rGGH0XDZhdUOryiDWjmIvUSWpbNqisK8Wk0Vyefw8hc= -github.com/spf13/viper v1.16.0/go.mod h1:yg78JgCJcbrQOvV9YLXgkLaZqUidkY9K+Dd1FofRzQg= +github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI= +github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg= +github.com/spiffe/go-spiffe/v2 v2.3.0 h1:g2jYNb/PDMB8I7mBGL2Zuq/Ur6hUhoroxGQFyD6tTj8= +github.com/spiffe/go-spiffe/v2 v2.3.0/go.mod h1:Oxsaio7DBgSNqhAO9i/9tLClaVlfRok7zvJnTV8ZyIY= github.com/status-im/keycard-go v0.2.0 h1:QDLFswOQu1r5jsycloeQh3bVU8n/NatHHaZobtDnDzA= github.com/status-im/keycard-go v0.2.0/go.mod h1:wlp8ZLbsmrF6g6WjugPAx+IzoLrkdf9+mHxBEeo3Hbg= -github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 h1:lIOOHPEbXzO3vnmx2gok1Tfs31Q8GQqKLc8vVqyQq/I= -github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= +github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 h1:pnnLyeX7o/5aX8qUQ69P/mLojDqwda8hFOCBTmP/6hw= +github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6/go.mod h1:39R/xuhNgVhi+K0/zst4TLrJrVmbm6LVgl4A0+ZFS5M= github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs= github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= @@ -1129,17 +1482,26 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8= -github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= +github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= +github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= github.com/supranational/blst v0.3.11 h1:LyU6FolezeWAhvQk0k6O/d49jqgO52MSDDfYgbeoEm4= github.com/supranational/blst v0.3.11/go.mod h1:jZJtfjgudtNl4en1tzwPIV3KjUnQUvG3/j+w+fVonLw= github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d h1:vfofYNRScrDdvS342BElfbETmL1Aiz3i2t0zfRj16Hs= github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d/go.mod h1:RRCYJbIwD5jmqPI9XoAFR0OcDxqUctll6zUj/+B4S48= github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= +github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= +github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= +github.com/thales-e-security/pool v0.0.2 h1:RAPs4q2EbWsTit6tpzuvTFlgFRJ3S8Evf5gtvVDbmPg= +github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= +github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI= +github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug= +github.com/theupdateframework/go-tuf/v2 v2.0.0 h1:rD8d9RotYBprZVgC+9oyTZ5MmawepnTSTqoDuxjWgbs= +github.com/theupdateframework/go-tuf/v2 v2.0.0/go.mod h1:baB22nBHeHBCeuGZcIlctNq4P61PcOdyARlplg5xmLA= github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM= github.com/tidwall/gjson v1.17.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= @@ -1148,10 +1510,17 @@ github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/tinylib/msgp v1.1.8 h1:FCXC1xanKO4I8plpHGH2P7koL/RzZs12l/+r7vakfm0= github.com/tinylib/msgp v1.1.8/go.mod h1:qkpG+2ldGg4xRFmx+jfTvZPxfGFhi64BcnL9vkCm/Tw= +github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= +github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= +github.com/tjfoc/gmsm v1.3.2/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w= +github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho= +github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE= github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFAEVmqU= github.com/tklauser/go-sysconf v0.3.12/go.mod h1:Ho14jnntGE1fpdOqQEEaiKRpvIavV0hSfmBq8nJbHYI= github.com/tklauser/numcpus v0.6.1 h1:ng9scYS7az0Bk4OZLvrNXNSAO2Pxr1XXRAPyjhIx+Fk= github.com/tklauser/numcpus v0.6.1/go.mod h1:1XfjsgE2zo8GVw7POkMbHENHzVg3GzmoZ9fESEdAacY= +github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4= +github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/tyler-smith/go-bip39 v1.1.0 h1:5eUemwrMargf3BSLRRCalXT93Ns6pQJIjYQN2nyfOP8= github.com/tyler-smith/go-bip39 v1.1.0/go.mod h1:gUYDtqQw1JS3ZJ8UWVcGTGqqr6YIN3CWg+kkNaLt55U= @@ -1196,26 +1565,50 @@ github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 h1:EKhdz github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1/go.mod h1:8UvriyWtv5Q5EOgjHaSseUEdkQfvwFv1I/In/O2M9gc= github.com/whyrusleeping/multiaddr-filter v0.0.0-20160516205228-e903e4adabd7 h1:E9S12nwJwEOXe2d6gT6qxdvqMnNq+VnSsKPgm2ZZNds= github.com/whyrusleeping/multiaddr-filter v0.0.0-20160516205228-e903e4adabd7/go.mod h1:X2c0RVCI1eSUFI8eLcY3c0423ykwiUdxLJtkDvruhjI= +github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1 h1:+dBg5k7nuTE38VVdoroRsT0Z88fmvdYrI2EjzJst35I= +github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1/go.mod h1:nmuySobZb4kFgFy6BptpXp/BBw+xFSyvVPP6auoJB4k= +github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y= +github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU= github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8= github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0/go.mod h1:/LWChgwKmvncFJFHJ7Gvn9wZArjbV5/FppcK2fKk/tI= +github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg= +github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= +github.com/ysmood/fetchup v0.2.3 h1:ulX+SonA0Vma5zUFXtv52Kzip/xe7aj4vqT5AJwQ+ZQ= +github.com/ysmood/fetchup v0.2.3/go.mod h1:xhibcRKziSvol0H1/pj33dnKrYyI2ebIvz5cOOkYGns= +github.com/ysmood/goob v0.4.0 h1:HsxXhyLBeGzWXnqVKtmT9qM7EuVs/XOgkX7T6r1o1AQ= +github.com/ysmood/goob v0.4.0/go.mod h1:u6yx7ZhS4Exf2MwciFr6nIM8knHQIE22lFpWHnfql18= +github.com/ysmood/got v0.40.0 h1:ZQk1B55zIvS7zflRrkGfPDrPG3d7+JOza1ZkNxcc74Q= +github.com/ysmood/got v0.40.0/go.mod h1:W7DdpuX6skL3NszLmAsC5hT7JAhuLZhByVzHTq874Qg= +github.com/ysmood/gson v0.7.3 h1:QFkWbTH8MxyUTKPkVWAENJhxqdBa4lYTQWqZCiLG6kE= +github.com/ysmood/gson v0.7.3/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg= +github.com/ysmood/leakless v0.9.0 h1:qxCG5VirSBvmi3uynXFkcnLMzkphdh3xx5FtrORwDCU= +github.com/ysmood/leakless v0.9.0/go.mod h1:R8iAXPRaG97QJwqxs74RdwzcRHT1SWCGTNqY8q0JvMQ= github.com/yuchanns/srslog v1.1.0 h1:CEm97Xxxd8XpJThE0gc/XsqUGgPufh5u5MUjC27/KOk= github.com/yuchanns/srslog v1.1.0/go.mod h1:HsLjdv3XV02C3kgBW2bTyW6i88OQE+VYJZIxrPKPPak= github.com/yudai/gojsondiff v1.0.0/go.mod h1:AY32+k2cwILAkW1fbgxQ5mUmMiZFgLIV+FBNExI05xg= github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDfVJdfcVVdX+jpBxNmX4rDAzaS45IcYoM= github.com/yudai/pp v2.0.1+incompatible/go.mod h1:PuxR/8QJ7cyCkFp/aUDS+JY727OFEZkTdatxwunjIkc= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.30/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ= -go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= +github.com/zalando/go-keyring v0.2.3 h1:v9CUu9phlABObO4LPWycf+zwMG7nlbb3t/B5wa97yms= +github.com/zalando/go-keyring v0.2.3/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= +github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs= +github.com/zeebo/errs v1.3.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= +go.etcd.io/bbolt v1.3.10 h1:+BqfJTcCzTItrop8mq/lbzL8wSGtj94UO/3U31shqG0= +go.etcd.io/bbolt v1.3.10/go.mod h1:bK3UQLPJZly7IlNmV7uVHJDxfe5aK9Ll93e/74Y9oEQ= +go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80= +go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 h1:CCriYyAfq1Br1aIYettdHZTy8mBTIPo7We18TuO/bak= go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= @@ -1223,34 +1616,36 @@ go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 h1:x8Z78aZx8cOF0+Kkazoc7lwUNMGy0LrzEMxTm4BbTxg= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0/go.mod h1:62CPTSry9QZtOaSsE3tOzhx6LzDhHnXJ6xHeMNNiM6Q= -go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs= -go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 h1:vS1Ao/R55RNV4O7TA2Qopok8yN+X0LIP6RVWLFkprck= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0/go.mod h1:BMsdeOxN04K0L5FNUBfjFdvwWGNe/rkmSwH4Aelu/X0= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= +go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= +go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= go.opentelemetry.io/otel/exporters/jaeger v1.14.0 h1:CjbUNd4iN2hHmWekmOqZ+zSCU+dzZppG8XsV+A3oc8Q= go.opentelemetry.io/otel/exporters/jaeger v1.14.0/go.mod h1:4Ay9kk5vELRrbg5z4cpP9EtmQRFap2Wb0woPG4lujZA= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 h1:Mne5On7VWdx7omSrSSZvM4Kw7cS7NQkOOmLcgscI51U= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 h1:3d+S281UTjM+AbF31XSOYn1qXn3BgIdWl8HNEpx08Jk= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0/go.mod h1:0+KuTDyKL4gjKCF75pHOX4wuzYDUZYfAQdSu43o+Z2I= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 h1:R3X6ZXmNPRR8ul6i3WgFURCHzaXjHdm0karRG/+dj3s= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0/go.mod h1:QWFXnDavXWwMx2EEcZsf3yxgEKAqsxQ+Syjp+seyInw= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU= go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.19.0 h1:Nw7Dv4lwvGrI68+wULbcq7su9K2cebeCUrDjVrUJHxM= go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.19.0/go.mod h1:1MsF6Y7gTqosgoZvHlzcaaM8DIMNZgJh87ykokoNH7Y= go.opentelemetry.io/otel/exporters/zipkin v1.14.0 h1:reEVE1upBF9tcujgvSqLJS0SrI7JQPaTKP4s4rymnSs= go.opentelemetry.io/otel/exporters/zipkin v1.14.0/go.mod h1:RcjvOAcvhzcufQP8aHmzRw1gE9g/VEZufDdo2w+s4sk= -go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE= -go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8= -go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o= -go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A= -go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg= -go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo= -go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= -go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= +go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= +go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= +go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= +go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= +go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= +go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= +go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= +go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= +go.step.sm/crypto v0.51.1 h1:ktUg/2hetEMiBAqgz502ktZDGoDoGrcHFg3XpkmkvvA= +go.step.sm/crypto v0.51.1/go.mod h1:PdrhttNU/tG9/YsVd4fdlysBN+UV503p0o2irFZQlAw= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/dig v1.17.1 h1:Tga8Lz8PcYNsWsyHMZ1Vm0OQOUaJNDyvPImgbAu9YSc= @@ -1286,22 +1681,29 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191219195013-becbf705a915/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200602180216-279210d13fed/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= +golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1309,9 +1711,7 @@ golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm0 golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= @@ -1327,23 +1727,19 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= -golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= +golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1362,29 +1758,18 @@ golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= @@ -1393,18 +1778,21 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1412,12 +1800,8 @@ golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= -golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= +golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA= +golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1426,20 +1810,19 @@ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180810173357-98c5dad5d1a0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1456,53 +1839,40 @@ golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200509044756-6aff5f38e54f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200826173525-f9321e4c35a6/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211117180635-dee7805ff2e1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1510,6 +1880,7 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1521,44 +1892,47 @@ golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= +golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= @@ -1590,50 +1964,28 @@ golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= +golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= -golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk= -golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU= +golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= gonum.org/v1/gonum v0.14.0 h1:2NiG67LD1tEH0D7kM+ps2V+fXmsAnpUeec7n8tcr4S0= @@ -1649,17 +2001,8 @@ google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsb google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= +google.golang.org/api v0.190.0 h1:ASM+IhLY1zljNdLu19W1jTmU6A+gMk6M46Wlur61s+Q= +google.golang.org/api v0.190.0/go.mod h1:QIr6I9iedBLnfqoD6L6Vze1UvS5Hzj5r2aUBOaZnLHo= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1667,10 +2010,6 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180518175338-11a468237815/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -1688,36 +2027,14 @@ google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvx google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 h1:nz5NESFLZbJGPFxDT/HCn+V1mZ8JGNoY4nUpmW/Y2eg= -google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917/go.mod h1:pZqR+glSb11aJ+JQcczCvgf47+duRuzNSKqE8YAQnV0= -google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0 h1:s1w3X6gQxwrLEpxnLd/qXTVLgQE2yXwaOaoa6IlY/+o= -google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0/go.mod h1:CAny0tYF+0/9rmDB9fahA9YLzX3+AEVl1qXbv5hhj6c= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac h1:nUQEQmH/csSvFECKYRv6HWEyypysidKl2I6Qpsglq/0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:daQN87bsDqDoe316QbbvX60nMoJQa4r6Ds0ZuoAe5yA= +google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf h1:OqdXDEakZCVtDiZTjcxfwbHPCT11ycCEsTKesBVKvyY= +google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:mCr1K1c8kX+1iSBREvU3Juo11CB+QOEWxbRS01wWl5M= +google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f h1:b1Ln/PG8orm0SsBbHZWke8dDp2lrCD4jSmfglFpTZbk= +google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:AHT0dDg3SoMOgZGnZk29b5xTbPHMoEC8qthmBLJCpys= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf h1:liao9UHurZLtiEwBgT9LMOnKYsHze6eA6w1KQCMVN2Q= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.12.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= @@ -1730,16 +2047,11 @@ google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQ google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.60.1 h1:26+wFr+cNqSGFcOXcabYC0lUVJVRa2Sb2ortSK7VrEU= -google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM= +google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= +google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1748,18 +2060,18 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= -google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= @@ -1768,6 +2080,7 @@ gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8 gopkg.in/go-playground/validator.v8 v8.18.2/go.mod h1:RX2a/7Ha8BgOhfk7j780h4/u/RRjR0eouCJSH80/M2Y= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/ini.v1 v1.56.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA= @@ -1799,8 +2112,6 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A= k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA= k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= @@ -1809,12 +2120,12 @@ k8s.io/apimachinery v0.29.0 h1:+ACVktwyicPz0oc6MTMLwa2Pw3ouLAfAon1wPLtG48o= k8s.io/apimachinery v0.29.0/go.mod h1:eVBxQ/cwiJxH58eK/jd/vAk4mrxmVlnpBH5J2GbMeis= k8s.io/client-go v0.29.0 h1:KmlDtFcrdUzOYrBhXHgKw5ycWzc3ryPX5mQe0SkG3y8= k8s.io/client-go v0.29.0/go.mod h1:yLkXH4HKMAywcrD82KMSmfYg2DlE8mepPR4JGSo5n38= -k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= -k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= +k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 h1:avRdiaB03v88Mfvum2S3BBwkNuTlmuar4LlfO9Hajko= k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022/go.mod h1:sIV51WBTkZrlGOJMCDZDA1IaPBUDTulPpD4y7oe038k= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= lukechampine.com/blake3 v1.2.2 h1:wEAbSg0IVU4ih44CVlpMqMZMpzr5hf/6aqodLlevd/w= lukechampine.com/blake3 v1.2.2/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= @@ -1826,9 +2137,13 @@ sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigw sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/release-utils v0.8.4 h1:4QVr3UgbyY/d9p74LBhg0njSVQofUsAZqYOzVZBhdBw= +sigs.k8s.io/release-utils v0.8.4/go.mod h1:m1bHfscTemQp+z+pLCZnkXih9n0+WukIUU70n6nFnU0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= +software.sslmate.com/src/go-pkcs12 v0.4.0 h1:H2g08FrTvSFKUj+D309j1DPfk5APnIdAQAB8aEykJ5k= +software.sslmate.com/src/go-pkcs12 v0.4.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= diff --git a/pkg/publisher/images.go b/pkg/publisher/images.go new file mode 100644 index 00000000..618fa07e --- /dev/null +++ b/pkg/publisher/images.go @@ -0,0 +1,64 @@ +package publisher + +import ( + "fmt" + "time" + + "github.com/comrade-coop/apocryph/pkg/proto" + "github.com/sigstore/cosign/v2/cmd/cosign/cli/generate" + "github.com/sigstore/cosign/v2/cmd/cosign/cli/options" + "github.com/sigstore/cosign/v2/cmd/cosign/cli/sign" + "github.com/spf13/cobra" +) + +func DefaultSignOptions() *options.SignOptions { + cmd := &cobra.Command{} + o := &options.SignOptions{} + o.AddFlags(cmd) + return o +} + +func SignPodImages(pod *proto.Pod, o *options.SignOptions) error { + var images []string + for _, container := range pod.Containers { + images = append(images, container.Image.Url) + } + + ro := &options.RootOptions{Timeout: 3 * time.Minute} + + oidcClientSecret, err := o.OIDC.ClientSecret() + if err != nil { + return err + } + ko := options.KeyOpts{ + KeyRef: o.Key, + PassFunc: generate.GetPass, + Sk: o.SecurityKey.Use, + Slot: o.SecurityKey.Slot, + FulcioURL: o.Fulcio.URL, + IDToken: o.Fulcio.IdentityToken, + FulcioAuthFlow: o.Fulcio.AuthFlow, + InsecureSkipFulcioVerify: o.Fulcio.InsecureSkipFulcioVerify, + RekorURL: o.Rekor.URL, + OIDCIssuer: o.OIDC.Issuer, + OIDCClientID: o.OIDC.ClientID, + OIDCClientSecret: oidcClientSecret, + OIDCRedirectURL: o.OIDC.RedirectURL, + OIDCDisableProviders: o.OIDC.DisableAmbientProviders, + OIDCProvider: o.OIDC.Provider, + SkipConfirmation: o.SkipConfirmation, + TSAClientCACert: o.TSAClientCACert, + TSAClientCert: o.TSAClientCert, + TSAClientKey: o.TSAClientKey, + TSAServerName: o.TSAServerName, + TSAServerURL: o.TSAServerURL, + IssueCertificateForExistingKey: o.IssueCertificate, + } + if err := sign.SignCmd(ro, ko, *o, images); err != nil { + if o.Attachment == "" { + return fmt.Errorf("signing %v: %w", images, err) + } + return fmt.Errorf("signing attachment %s for image %v: %w", o.Attachment, images, err) + } + return nil +} diff --git a/test/integration/sigstore/manifest.yaml b/test/integration/sigstore/manifest.yaml new file mode 100644 index 00000000..5f3e8428 --- /dev/null +++ b/test/integration/sigstore/manifest.yaml @@ -0,0 +1,12 @@ +containers: + - name: autoscaler + image: + url: ttl.sh/hello-world@sha256:d37ada95d47ad12224c205a938129df7a3e52345828b4fa27b03a98825d1e2e7 + resourceRequests: + - amountMillis: '10' + resource: cpu + - amount: '100000000' + resource: memory +replicas: + min: 0 + max: 1 diff --git a/test/integration/sigstore/run-test.sh b/test/integration/sigstore/run-test.sh new file mode 100755 index 00000000..3e7b644c --- /dev/null +++ b/test/integration/sigstore/run-test.sh @@ -0,0 +1,17 @@ +#!/bin/sh +set -e +set -v + +sudo chmod o+rw /run/containerd/containerd.sock + +cd "$(dirname "$0")" + +trap 'kill $(jobs -p) &>/dev/null' EXIT + +ipfs daemon >/dev/null & +sleep 2 + +docker tag hello-world ttl.sh/hello-world:1h +docker push ttl.sh/hello-world:1h + +go run ../../../cmd/trustedpods pod upload ./manifest.yaml From eeaf7bf29a23f218bef51d019471b3009c230d04 Mon Sep 17 00:00:00 2001 From: revoltez Date: Tue, 20 Aug 2024 11:55:53 +0100 Subject: [PATCH 02/22] feat: add verification of images - Added the verify command - Added the verify flag for deploy - Integration test updated --- cmd/trustedpods/deploy.go | 13 ++++ cmd/trustedpods/flags.go | 10 ++++ cmd/trustedpods/verify.go | 33 +++++++++++ pkg/publisher/images.go | 85 ++++++++++++++++++++++++++- test/integration/sigstore/run-test.sh | 14 ++++- 5 files changed, 152 insertions(+), 3 deletions(-) create mode 100644 cmd/trustedpods/verify.go diff --git a/cmd/trustedpods/deploy.go b/cmd/trustedpods/deploy.go index eff8b794..f272fd05 100644 --- a/cmd/trustedpods/deploy.go +++ b/cmd/trustedpods/deploy.go @@ -104,6 +104,18 @@ var deployPodCmd = &cobra.Command{ } } + if verify { + // NOTE it would be usefull if we continue with this approach to add + // them to the config file + if certificateIdentity == "" || certificateOidcIssuer == "" { + return fmt.Errorf("Must specify certificate-identity & certificate-oidc-issuer flags") + } + err = publisher.VerifyPodImages(pod, publisher.DefaultVerifyOptions(), certificateIdentity, certificateOidcIssuer) + if err != nil { + return fmt.Errorf("Failed verifying Pod Images: %v", err) + } + } + if authorize { // create the keypair that will be accessible for all pods privateKey, err := ecdsa.GenerateKey(crypto.S256(), rand.Reader) @@ -287,6 +299,7 @@ func init() { deployPodCmd.Flags().AddFlagSet(fundFlags) deployPodCmd.Flags().AddFlagSet(syncFlags) deployPodCmd.Flags().AddFlagSet(registryFlags) + deployPodCmd.Flags().AddFlagSet(verifyImagesFlags) deletePodCmd.Flags().AddFlagSet(deploymentFlags) deletePodCmd.Flags().AddFlagSet(syncFlags) diff --git a/cmd/trustedpods/flags.go b/cmd/trustedpods/flags.go index ca7d056e..60b036b9 100644 --- a/cmd/trustedpods/flags.go +++ b/cmd/trustedpods/flags.go @@ -27,7 +27,13 @@ var uploadFlags = &pflag.FlagSet{} var ipfsApi string var uploadImages bool var uploadSecrets bool + var sign bool +var verify bool + +var verifyImagesFlags = &pflag.FlagSet{} +var certificateIdentity string +var certificateOidcIssuer string var fundFlags = &pflag.FlagSet{} var ethereumRpc string @@ -62,12 +68,16 @@ var _ = func() error { deploymentFlags.Int64Var(&expirationOffset, "token-expiration", 10, "authentication token expires after token-expiration seconds (expired after 10 seconds by default)") deploymentFlags.StringVar(&ipfsApi, "ipfs", "/ip4/127.0.0.1/tcp/5001", "multiaddr where the ipfs/kubo api can be accessed") deploymentFlags.BoolVar(&authorize, "authorize", false, "Create a key pair for the application and authorize the returned addresses to control the payment channel") + deploymentFlags.BoolVar(&verify, "verify", false, "verify the pod images (requires certificate-identity & certificate-oidc-issuer flags)") uploadFlags.StringVar(&ipfsApi, "ipfs", "/ip4/127.0.0.1/tcp/5001", "multiaddr where the ipfs/kubo api can be accessed") uploadFlags.BoolVar(&uploadImages, "upload-images", true, "upload images") uploadFlags.BoolVar(&uploadSecrets, "upload-secrets", true, "upload secrets") uploadFlags.BoolVar(&sign, "sign-images", false, "sign images") + verifyImagesFlags.StringVar(&certificateIdentity, "certificate-identity", "", "identity used for signing the image") + verifyImagesFlags.StringVar(&certificateOidcIssuer, "certificate-oidc-issuer", "", "issuer of the oidc") + fundFlags.StringVar(ðereumRpc, "ethereum-rpc", "http://127.0.0.1:8545", "ethereum rpc node") fundFlags.StringVar(&publisherKey, "ethereum-key", "", "account string (private key | http[s]://clef#account | /keystore#account | account (in default keystore))") fundFlags.StringVar(&paymentContractAddress, "payment-contract", "", "payment contract address") diff --git a/cmd/trustedpods/verify.go b/cmd/trustedpods/verify.go new file mode 100644 index 00000000..7c3d826a --- /dev/null +++ b/cmd/trustedpods/verify.go @@ -0,0 +1,33 @@ +package main + +import ( + "fmt" + + "github.com/comrade-coop/apocryph/pkg/publisher" + "github.com/spf13/cobra" +) + +var verifyPodCmd = &cobra.Command{ + Use: fmt.Sprintf("verify [%s]", publisher.DefaultPodFile), + Short: "Verify Pod Images", + Long: "Verify the signatures & the certificates of the specified pod images", + GroupID: "lowlevel", + Args: cobra.ExactArgs(1), + RunE: func(cmd *cobra.Command, args []string) error { + _, _, pod, _, err := publisher.ReadPodAndDeployment(args, manifestFormat, deploymentFormat) + if err != nil { + return err + } + + err = publisher.VerifyPodImages(pod, publisher.DefaultVerifyOptions(), certificateIdentity, certificateOidcIssuer) + if err != nil { + return fmt.Errorf("Failed verifying Pod Images: %v", err) + } + return nil + }, +} + +func init() { + verifyPodCmd.Flags().AddFlagSet(verifyImagesFlags) + podCmd.AddCommand(verifyPodCmd) +} diff --git a/pkg/publisher/images.go b/pkg/publisher/images.go index 618fa07e..bf2f69b6 100644 --- a/pkg/publisher/images.go +++ b/pkg/publisher/images.go @@ -1,16 +1,21 @@ package publisher import ( + "context" "fmt" "time" "github.com/comrade-coop/apocryph/pkg/proto" + "github.com/google/go-containerregistry/pkg/name" "github.com/sigstore/cosign/v2/cmd/cosign/cli/generate" "github.com/sigstore/cosign/v2/cmd/cosign/cli/options" "github.com/sigstore/cosign/v2/cmd/cosign/cli/sign" + "github.com/sigstore/cosign/v2/cmd/cosign/cli/verify" "github.com/spf13/cobra" ) +const TIMEOUT = 3 * time.Minute + func DefaultSignOptions() *options.SignOptions { cmd := &cobra.Command{} o := &options.SignOptions{} @@ -18,13 +23,20 @@ func DefaultSignOptions() *options.SignOptions { return o } +func DefaultVerifyOptions() *options.VerifyOptions { + cmd := &cobra.Command{} + o := &options.VerifyOptions{} + o.AddFlags(cmd) + return o +} + func SignPodImages(pod *proto.Pod, o *options.SignOptions) error { var images []string for _, container := range pod.Containers { images = append(images, container.Image.Url) } - ro := &options.RootOptions{Timeout: 3 * time.Minute} + ro := &options.RootOptions{Timeout: TIMEOUT} oidcClientSecret, err := o.OIDC.ClientSecret() if err != nil { @@ -62,3 +74,74 @@ func SignPodImages(pod *proto.Pod, o *options.SignOptions) error { } return nil } + +func VerifyPodImages(pod *proto.Pod, o *options.VerifyOptions, certificateIdentity, certificateOidcIssuer string) error { + var images []string + for _, container := range pod.Containers { + images = append(images, container.Image.Url) + } + + if o.CommonVerifyOptions.PrivateInfrastructure { + o.CommonVerifyOptions.IgnoreTlog = true + } + + annotations, err := o.AnnotationsMap() + if err != nil { + return err + } + + hashAlgorithm, err := o.SignatureDigest.HashAlgorithm() + if err != nil { + return err + } + + o.CertVerify.CertIdentity = certificateIdentity + o.CertVerify.CertOidcIssuer = certificateOidcIssuer + + v := &verify.VerifyCommand{ + RegistryOptions: o.Registry, + CertVerifyOptions: o.CertVerify, + CheckClaims: o.CheckClaims, + KeyRef: o.Key, + CertRef: o.CertVerify.Cert, + CertChain: o.CertVerify.CertChain, + CAIntermediates: o.CertVerify.CAIntermediates, + CARoots: o.CertVerify.CARoots, + CertGithubWorkflowTrigger: o.CertVerify.CertGithubWorkflowTrigger, + CertGithubWorkflowSha: o.CertVerify.CertGithubWorkflowSha, + CertGithubWorkflowName: o.CertVerify.CertGithubWorkflowName, + CertGithubWorkflowRepository: o.CertVerify.CertGithubWorkflowRepository, + CertGithubWorkflowRef: o.CertVerify.CertGithubWorkflowRef, + IgnoreSCT: o.CertVerify.IgnoreSCT, + SCTRef: o.CertVerify.SCT, + Sk: o.SecurityKey.Use, + Slot: o.SecurityKey.Slot, + Output: o.Output, + RekorURL: o.Rekor.URL, + Attachment: o.Attachment, + Annotations: annotations, + HashAlgorithm: hashAlgorithm, + SignatureRef: o.SignatureRef, + PayloadRef: o.PayloadRef, + LocalImage: o.LocalImage, + Offline: o.CommonVerifyOptions.Offline, + TSACertChainPath: o.CommonVerifyOptions.TSACertChainPath, + IgnoreTlog: o.CommonVerifyOptions.IgnoreTlog, + MaxWorkers: o.CommonVerifyOptions.MaxWorkers, + ExperimentalOCI11: o.CommonVerifyOptions.ExperimentalOCI11, + CertOidcProvider: o.CertVerify.CertOidcIssuer, + } + + if o.CommonVerifyOptions.MaxWorkers == 0 { + return fmt.Errorf("please set the --max-worker flag to a value that is greater than 0") + } + + if o.Registry.AllowInsecure { + v.NameOptions = append(v.NameOptions, name.Insecure) + } + + // if o.CommonVerifyOptions.IgnoreTlog && !o.CommonVerifyOptions.PrivateInfrastructure { + // ui.Warnf(ctx, fmt.Sprintf(ignoreTLogMessage, "signature")) + // } + return v.Exec(context.Background(), images) +} diff --git a/test/integration/sigstore/run-test.sh b/test/integration/sigstore/run-test.sh index 3e7b644c..e286f6b4 100755 --- a/test/integration/sigstore/run-test.sh +++ b/test/integration/sigstore/run-test.sh @@ -1,17 +1,27 @@ #!/bin/sh set -e +echo "USAGE: $0 CERTIFICATE_IDENTITY CERTIFICATE_OIDC_ISSUER" +echo "EXAMPLE: $0 example@email.com https://github.com/login/oauth" +echo "The oidc-issuer for Google is https://accounts.google.com, Microsoft is https://login.microsoftonline.com, GitHub is https://github.com/login/oauth, and GitLab is https://gitlab.com." set -v -sudo chmod o+rw /run/containerd/containerd.sock - cd "$(dirname "$0")" +sudo chmod o+rw /run/containerd/containerd.sock + trap 'kill $(jobs -p) &>/dev/null' EXIT ipfs daemon >/dev/null & sleep 2 + + +CERTIFICATE_IDENTITY=$1 +CERTIFICATE_OIDC_ISSUER=$2 + docker tag hello-world ttl.sh/hello-world:1h docker push ttl.sh/hello-world:1h go run ../../../cmd/trustedpods pod upload ./manifest.yaml + +go run ../../../cmd/trustedpods pod verify ./manifest.yaml --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER From 318bdd57b762f68f673955cde5bb13fb71a2db74 Mon Sep 17 00:00:00 2001 From: revoltez Date: Tue, 20 Aug 2024 20:43:34 +0100 Subject: [PATCH 03/22] chore: decouple & re-organize scripts --- Dockerfile | 2 +- go.mod | 5 +- go.sum | 12 - pkg/proto-ts/pod_pb.ts | 6 + pkg/proto/pod.pb.go | 263 +++++++++--------- proto/pod.proto | 1 + test/e2e/autoscaler/run-test.sh | 22 +- test/e2e/autoscaler/sync-tpodcharts.sh | 11 + test/e2e/common/{ => configs}/config.yaml | 0 test/e2e/common/{ => configs}/config2.yaml | 0 test/e2e/common/{ => configs}/config3.yaml | 0 .../manifests/manifest-attestation.yaml} | 1 + .../{ => manifests}/manifest-autoscaler.yaml | 0 .../{ => manifests}/manifest-guestbook.yaml | 0 .../{ => manifests}/manifest-hello-world.yaml | 0 .../{ => manifests}/manifest-logger.json | 0 .../{ => manifests}/manifest-nginx.yaml | 0 .../manifest-redis-guestbook.yaml | 0 .../manifest-redmine-nostorage.yaml | 0 .../{ => manifests}/manifest-redmine.yaml | 0 test/e2e/common/{ => manifests}/test.html | 0 .../scripts/build-images.sh} | 15 +- test/e2e/common/scripts/pull-images.sh | 3 + .../scripts}/redeploy-contracts.sh | 0 test/e2e/common/scripts/redeploy-images.sh | 6 + .../scripts}/swarm-connect.sh | 2 +- test/e2e/common/scripts/tpodchart-sync.sh | 6 + .../scripts}/wait-deployments.sh | 0 .../miniconstellation/run-test.sh | 2 +- test/e2e/constellation/qemu/run-test.sh | 2 +- test/e2e/minikube/deploy-pod.sh | 23 ++ test/e2e/minikube/run-test.sh | 113 ++------ 32 files changed, 231 insertions(+), 264 deletions(-) create mode 100755 test/e2e/autoscaler/sync-tpodcharts.sh rename test/e2e/common/{ => configs}/config.yaml (100%) rename test/e2e/common/{ => configs}/config2.yaml (100%) rename test/e2e/common/{ => configs}/config3.yaml (100%) rename test/{integration/sigstore/manifest.yaml => e2e/common/manifests/manifest-attestation.yaml} (92%) rename test/e2e/common/{ => manifests}/manifest-autoscaler.yaml (100%) rename test/e2e/common/{ => manifests}/manifest-guestbook.yaml (100%) rename test/e2e/common/{ => manifests}/manifest-hello-world.yaml (100%) rename test/e2e/common/{ => manifests}/manifest-logger.json (100%) rename test/e2e/common/{ => manifests}/manifest-nginx.yaml (100%) rename test/e2e/common/{ => manifests}/manifest-redis-guestbook.yaml (100%) rename test/e2e/common/{ => manifests}/manifest-redmine-nostorage.yaml (100%) rename test/e2e/common/{ => manifests}/manifest-redmine.yaml (100%) rename test/e2e/common/{ => manifests}/test.html (100%) rename test/e2e/{autoscaler/redeploy-images.sh => common/scripts/build-images.sh} (56%) create mode 100755 test/e2e/common/scripts/pull-images.sh rename test/e2e/{autoscaler => common/scripts}/redeploy-contracts.sh (100%) create mode 100755 test/e2e/common/scripts/redeploy-images.sh rename test/e2e/{autoscaler => common/scripts}/swarm-connect.sh (99%) create mode 100755 test/e2e/common/scripts/tpodchart-sync.sh rename test/e2e/{autoscaler => common/scripts}/wait-deployments.sh (100%) create mode 100755 test/e2e/minikube/deploy-pod.sh diff --git a/Dockerfile b/Dockerfile index 34931427..526eb802 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ ## common: ## -FROM docker.io/library/golang@sha256:52362e252f452df17c24131b021bf2ebf1c9869f65c28f88ddb326191defea9c as build-common +FROM docker.io/library/golang:1.22.6@sha256:367bb5295d3103981a86a572651d8297d6973f2ec8b62f716b007860e22cbc25 as build-common # 1.21-bookworm ENV DEBIAN_FRONTEND=noninteractive diff --git a/go.mod b/go.mod index 0582f062..64929062 100644 --- a/go.mod +++ b/go.mod @@ -15,6 +15,7 @@ require ( github.com/ethereum/go-ethereum v1.13.15 github.com/go-jose/go-jose/v3 v3.0.3 github.com/golang/protobuf v1.5.4 + github.com/google/go-containerregistry v0.20.1 github.com/gorilla/websocket v1.5.3 github.com/hashicorp/raft v1.6.1 github.com/hashicorp/raft-boltdb/v2 v2.3.0 @@ -120,7 +121,6 @@ require ( github.com/buildkite/roko v1.2.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect - github.com/chzyer/readline v1.5.1 // indirect github.com/cilium/ebpf v0.11.0 // indirect github.com/clbanning/mxj/v2 v2.7.0 // indirect github.com/cloudflare/circl v1.3.7 // indirect @@ -227,7 +227,6 @@ require ( github.com/google/certificate-transparency-go v1.2.1 // indirect github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect github.com/google/go-cmp v0.6.0 // indirect - github.com/google/go-containerregistry v0.20.1 // indirect github.com/google/go-github/v55 v55.0.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect @@ -302,7 +301,6 @@ require ( github.com/libp2p/go-yamux/v4 v4.0.1 // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/manifoldco/promptui v0.9.0 // indirect github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect @@ -438,7 +436,6 @@ require ( github.com/vishvananda/netns v0.0.4 // indirect github.com/whyrusleeping/base32 v0.0.0-20170828182744-c30ac30633cc // indirect github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 // indirect - github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1 // indirect github.com/xanzy/go-gitlab v0.107.0 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect diff --git a/go.sum b/go.sum index 5581fc68..a6ef3a11 100644 --- a/go.sum +++ b/go.sum @@ -295,14 +295,8 @@ github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 h1:krfRl01rzPzxSxyLyrChD+U+MzsBXbm0OwYYB67uF+4= github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589/go.mod h1:OuDyvmLnMCwa2ep4Jkm6nyA0ocJuZlGyk2gGseVzERM= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/logex v1.2.1 h1:XHDu3E6q+gdHgsdTPH6ImJMIp436vR6MPtH8gP05QzM= -github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/readline v1.5.1 h1:upd/6fQk4src78LMRzh5vItIt361/o4uq553V8B5sGI= -github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/chzyer/test v1.0.0 h1:p3BQDXSxOhOG0P9z6/hGnII4LGiEPOYBhs8asl/fC04= -github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8= github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs= github.com/cilium/ebpf v0.11.0 h1:V8gS/bTCCjX9uUnkUFUpPsksM8n1lXBAvHcpiFk1X2Y= github.com/cilium/ebpf v0.11.0/go.mod h1:WE7CZAnqOL2RouJ4f1uyNhqr2P4CCvXFIqdRDUgWsVs= @@ -1047,8 +1041,6 @@ github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA= -github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg= github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd h1:br0buuQ854V8u83wA0rVZ8ttrq5CpaPZdvrK0LP2lOk= github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd/go.mod h1:QuCEs1Nt24+FYQEqAAncTDPJIuGs+LxK1MCiFL25pMU= github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ= @@ -1565,8 +1557,6 @@ github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 h1:EKhdz github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1/go.mod h1:8UvriyWtv5Q5EOgjHaSseUEdkQfvwFv1I/In/O2M9gc= github.com/whyrusleeping/multiaddr-filter v0.0.0-20160516205228-e903e4adabd7 h1:E9S12nwJwEOXe2d6gT6qxdvqMnNq+VnSsKPgm2ZZNds= github.com/whyrusleeping/multiaddr-filter v0.0.0-20160516205228-e903e4adabd7/go.mod h1:X2c0RVCI1eSUFI8eLcY3c0423ykwiUdxLJtkDvruhjI= -github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1 h1:+dBg5k7nuTE38VVdoroRsT0Z88fmvdYrI2EjzJst35I= -github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1/go.mod h1:nmuySobZb4kFgFy6BptpXp/BBw+xFSyvVPP6auoJB4k= github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y= github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -1822,7 +1812,6 @@ golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1872,7 +1861,6 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211117180635-dee7805ff2e1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/pkg/proto-ts/pod_pb.ts b/pkg/proto-ts/pod_pb.ts index e840de7a..7b3f7ae9 100644 --- a/pkg/proto-ts/pod_pb.ts +++ b/pkg/proto-ts/pod_pb.ts @@ -32,6 +32,11 @@ export class Pod extends Message { */ keyPair?: KeyPair; + /** + * @generated from field: bool ForceAttestation = 5; + */ + ForceAttestation = false; + constructor(data?: PartialMessage) { super(); proto3.util.initPartial(data, this); @@ -44,6 +49,7 @@ export class Pod extends Message { { no: 2, name: "volumes", kind: "message", T: Volume, repeated: true }, { no: 3, name: "replicas", kind: "message", T: Replicas }, { no: 4, name: "keyPair", kind: "message", T: KeyPair }, + { no: 5, name: "ForceAttestation", kind: "scalar", T: 8 /* ScalarType.BOOL */ }, ]); static fromBinary(bytes: Uint8Array, options?: Partial): Pod { diff --git a/pkg/proto/pod.pb.go b/pkg/proto/pod.pb.go index 475a5556..bf329229 100644 --- a/pkg/proto/pod.pb.go +++ b/pkg/proto/pod.pb.go @@ -123,10 +123,11 @@ type Pod struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Containers []*Container `protobuf:"bytes,1,rep,name=containers,proto3" json:"containers,omitempty"` - Volumes []*Volume `protobuf:"bytes,2,rep,name=volumes,proto3" json:"volumes,omitempty"` - Replicas *Replicas `protobuf:"bytes,3,opt,name=replicas,proto3" json:"replicas,omitempty"` - KeyPair *KeyPair `protobuf:"bytes,4,opt,name=keyPair,proto3" json:"keyPair,omitempty"` + Containers []*Container `protobuf:"bytes,1,rep,name=containers,proto3" json:"containers,omitempty"` + Volumes []*Volume `protobuf:"bytes,2,rep,name=volumes,proto3" json:"volumes,omitempty"` + Replicas *Replicas `protobuf:"bytes,3,opt,name=replicas,proto3" json:"replicas,omitempty"` + KeyPair *KeyPair `protobuf:"bytes,4,opt,name=keyPair,proto3" json:"keyPair,omitempty"` + ForceAttestation bool `protobuf:"varint,5,opt,name=ForceAttestation,proto3" json:"ForceAttestation,omitempty"` } func (x *Pod) Reset() { @@ -189,6 +190,13 @@ func (x *Pod) GetKeyPair() *KeyPair { return nil } +func (x *Pod) GetForceAttestation() bool { + if x != nil { + return x.ForceAttestation + } + return false +} + type Container struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1022,7 +1030,7 @@ var File_pod_proto protoreflect.FileDescriptor var file_pod_proto_rawDesc = []byte{ 0x0a, 0x09, 0x70, 0x6f, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, - 0x6f, 0x64, 0x22, 0xf7, 0x01, 0x0a, 0x03, 0x50, 0x6f, 0x64, 0x12, 0x40, 0x0a, 0x0a, 0x63, 0x6f, + 0x6f, 0x64, 0x22, 0xa3, 0x02, 0x0a, 0x03, 0x50, 0x6f, 0x64, 0x12, 0x40, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, @@ -1037,131 +1045,134 @@ var file_pod_proto_rawDesc = []byte{ 0x61, 0x73, 0x12, 0x38, 0x0a, 0x07, 0x6b, 0x65, 0x79, 0x50, 0x61, 0x69, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x50, - 0x61, 0x69, 0x72, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x50, 0x61, 0x69, 0x72, 0x22, 0xf4, 0x06, 0x0a, - 0x09, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3c, - 0x0a, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, + 0x61, 0x69, 0x72, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x50, 0x61, 0x69, 0x72, 0x12, 0x2a, 0x0a, 0x10, + 0x46, 0x6f, 0x72, 0x63, 0x65, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x46, 0x6f, 0x72, 0x63, 0x65, 0x41, 0x74, 0x74, + 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xf4, 0x06, 0x0a, 0x09, 0x43, 0x6f, 0x6e, + 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3c, 0x0a, 0x05, 0x69, 0x6d, + 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x61, 0x70, 0x6f, 0x63, + 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, + 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x49, 0x6d, 0x61, 0x67, + 0x65, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, + 0x61, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, + 0x6e, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x44, 0x69, 0x72, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x44, + 0x69, 0x72, 0x12, 0x3b, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x25, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, + 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, + 0x3b, 0x0a, 0x03, 0x65, 0x6e, 0x76, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x61, + 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, + 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x45, + 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x65, 0x6e, 0x76, 0x12, 0x46, 0x0a, 0x07, + 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, - 0x49, 0x6d, 0x61, 0x67, 0x65, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x1e, 0x0a, 0x0a, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x0a, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x18, 0x0a, 0x07, - 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x63, - 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x44, 0x69, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x44, 0x69, 0x72, 0x12, 0x3b, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, - 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, - 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x70, 0x6f, - 0x72, 0x74, 0x73, 0x12, 0x3b, 0x0a, 0x03, 0x65, 0x6e, 0x76, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x29, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, - 0x65, 0x72, 0x2e, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x65, 0x6e, 0x76, - 0x12, 0x46, 0x0a, 0x07, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x2c, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, - 0x6e, 0x65, 0x72, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x52, - 0x07, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x12, 0x4b, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x09, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x52, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x73, 0x1a, 0x36, 0x0a, 0x08, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, - 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x59, 0x0a, - 0x05, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, 0x64, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, - 0x79, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x1a, 0xbb, 0x01, 0x0a, 0x04, 0x50, 0x6f, 0x72, - 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, - 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x63, 0x6f, - 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x73, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x24, 0x0a, - 0x0c, 0x68, 0x6f, 0x73, 0x74, 0x48, 0x74, 0x74, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0c, 0x68, 0x6f, 0x73, 0x74, 0x48, 0x74, 0x74, 0x70, 0x48, - 0x6f, 0x73, 0x74, 0x12, 0x22, 0x0a, 0x0b, 0x68, 0x6f, 0x73, 0x74, 0x54, 0x63, 0x70, 0x50, 0x6f, - 0x72, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, 0x52, 0x0b, 0x68, 0x6f, 0x73, 0x74, - 0x54, 0x63, 0x70, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x0d, 0x0a, 0x0b, 0x65, 0x78, 0x70, 0x6f, 0x73, - 0x65, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x1a, 0x5b, 0x0a, 0x0b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, - 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6d, 0x6f, 0x75, - 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x6f, - 0x75, 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, - 0x6e, 0x6c, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, - 0x6e, 0x6c, 0x79, 0x22, 0xca, 0x05, 0x0a, 0x06, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x12, 0x12, - 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x12, 0x36, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x22, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x2e, - 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x48, 0x0a, 0x0a, 0x61, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x28, + 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x07, 0x76, 0x6f, 0x6c, + 0x75, 0x6d, 0x65, 0x73, 0x12, 0x4b, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, - 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x2e, 0x41, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, - 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x50, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, - 0x65, 0x6d, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, - 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, - 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, - 0x65, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x0a, 0x66, 0x69, 0x6c, 0x65, - 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x12, 0x44, 0x0a, 0x06, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, - 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, - 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x48, 0x00, 0x52, 0x06, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x1a, 0x5f, 0x0a, 0x10, - 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x12, 0x4b, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x61, 0x70, 0x6f, + 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, + 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x73, 0x1a, 0x36, 0x0a, 0x08, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, + 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x59, 0x0a, 0x05, 0x49, 0x6d, 0x61, + 0x67, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, + 0x03, 0x63, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, + 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x03, 0x75, 0x72, 0x6c, 0x1a, 0xbb, 0x01, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, + 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, + 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x24, 0x0a, 0x0c, 0x68, 0x6f, 0x73, + 0x74, 0x48, 0x74, 0x74, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, + 0x00, 0x52, 0x0c, 0x68, 0x6f, 0x73, 0x74, 0x48, 0x74, 0x74, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x12, + 0x22, 0x0a, 0x0b, 0x68, 0x6f, 0x73, 0x74, 0x54, 0x63, 0x70, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, 0x52, 0x0b, 0x68, 0x6f, 0x73, 0x74, 0x54, 0x63, 0x70, 0x50, + 0x6f, 0x72, 0x74, 0x42, 0x0d, 0x0a, 0x0b, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x64, 0x50, 0x6f, + 0x72, 0x74, 0x1a, 0x5b, 0x0a, 0x0b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, + 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x61, + 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x50, + 0x61, 0x74, 0x68, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x22, + 0xca, 0x05, 0x0a, 0x06, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x36, + 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x22, 0x2e, 0x61, + 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, + 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x2e, 0x54, 0x79, 0x70, 0x65, + 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x48, 0x0a, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, - 0x6f, 0x64, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x10, 0x72, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x1a, 0xa6, 0x01, - 0x0a, 0x0c, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x10, - 0x0a, 0x03, 0x63, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x69, 0x64, - 0x12, 0x2c, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, - 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, - 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x12, - 0x0a, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x65, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x69, - 0x6c, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x66, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x26, - 0x0a, 0x0e, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, - 0x18, 0x67, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, - 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x22, 0x42, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x10, - 0x0a, 0x0c, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x45, 0x4d, 0x50, 0x54, 0x59, 0x10, 0x00, - 0x12, 0x15, 0x0a, 0x11, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x53, - 0x59, 0x53, 0x54, 0x45, 0x4d, 0x10, 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x56, 0x4f, 0x4c, 0x55, 0x4d, - 0x45, 0x5f, 0x53, 0x45, 0x43, 0x52, 0x45, 0x54, 0x10, 0x02, 0x22, 0x33, 0x0a, 0x0a, 0x41, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x11, 0x0a, 0x0d, 0x56, 0x4f, 0x4c, 0x55, - 0x4d, 0x45, 0x5f, 0x52, 0x57, 0x5f, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x56, - 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x52, 0x57, 0x5f, 0x4d, 0x41, 0x4e, 0x59, 0x10, 0x02, 0x42, - 0x0f, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x22, 0x64, 0x0a, 0x08, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x73, 0x12, 0x10, 0x0a, 0x03, - 0x6d, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x6d, 0x69, 0x6e, 0x12, 0x10, - 0x0a, 0x03, 0x6d, 0x61, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x6d, 0x61, 0x78, - 0x12, 0x34, 0x0a, 0x15, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, - 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x15, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x22, 0x72, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x18, - 0x0a, 0x06, 0x61, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, - 0x52, 0x06, 0x61, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x24, 0x0a, 0x0c, 0x61, 0x6d, 0x6f, 0x75, - 0x6e, 0x74, 0x4d, 0x69, 0x6c, 0x6c, 0x69, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, - 0x52, 0x0c, 0x61, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x4d, 0x69, 0x6c, 0x6c, 0x69, 0x73, 0x42, 0x0a, - 0x0a, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0x19, 0x0a, 0x03, 0x4b, 0x65, - 0x79, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, - 0x04, 0x64, 0x61, 0x74, 0x61, 0x22, 0x49, 0x0a, 0x07, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x69, 0x72, - 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, - 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x75, 0x62, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, - 0x42, 0x2c, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, - 0x6f, 0x6d, 0x72, 0x61, 0x64, 0x65, 0x2d, 0x63, 0x6f, 0x6f, 0x70, 0x2f, 0x61, 0x70, 0x6f, 0x63, - 0x72, 0x79, 0x70, 0x68, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4d, 0x6f, 0x64, 0x65, + 0x12, 0x50, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, + 0x75, 0x6d, 0x65, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, + 0x65, 0x6d, 0x12, 0x44, 0x0a, 0x06, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, + 0x65, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, + 0x52, 0x06, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x1a, 0x5f, 0x0a, 0x10, 0x46, 0x69, 0x6c, 0x65, + 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x4b, 0x0a, 0x10, + 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, + 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, + 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x52, + 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x1a, 0xa6, 0x01, 0x0a, 0x0c, 0x53, 0x65, + 0x63, 0x72, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, + 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x03, + 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x70, 0x6f, 0x63, + 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, + 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x69, + 0x6c, 0x65, 0x18, 0x65, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x1a, + 0x0a, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x66, 0x20, 0x01, 0x28, 0x0c, + 0x52, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x63, 0x6f, + 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x67, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x53, 0x74, 0x72, 0x69, + 0x6e, 0x67, 0x22, 0x42, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x10, 0x0a, 0x0c, 0x56, 0x4f, + 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x45, 0x4d, 0x50, 0x54, 0x59, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, + 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x53, 0x59, 0x53, 0x54, 0x45, + 0x4d, 0x10, 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x53, 0x45, + 0x43, 0x52, 0x45, 0x54, 0x10, 0x02, 0x22, 0x33, 0x0a, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x11, 0x0a, 0x0d, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x52, + 0x57, 0x5f, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x56, 0x4f, 0x4c, 0x55, 0x4d, + 0x45, 0x5f, 0x52, 0x57, 0x5f, 0x4d, 0x41, 0x4e, 0x59, 0x10, 0x02, 0x42, 0x0f, 0x0a, 0x0d, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x64, 0x0a, 0x08, + 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x69, 0x6e, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x6d, 0x69, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x61, + 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x6d, 0x61, 0x78, 0x12, 0x34, 0x0a, 0x15, + 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x15, 0x74, 0x61, 0x72, + 0x67, 0x65, 0x74, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x73, 0x22, 0x72, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x1a, + 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x06, 0x61, 0x6d, + 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, 0x52, 0x06, 0x61, 0x6d, + 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x24, 0x0a, 0x0c, 0x61, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x4d, 0x69, + 0x6c, 0x6c, 0x69, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, 0x52, 0x0c, 0x61, 0x6d, + 0x6f, 0x75, 0x6e, 0x74, 0x4d, 0x69, 0x6c, 0x6c, 0x69, 0x73, 0x42, 0x0a, 0x0a, 0x08, 0x71, 0x75, + 0x61, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0x19, 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x12, 0x0a, + 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, + 0x61, 0x22, 0x49, 0x0a, 0x07, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x69, 0x72, 0x12, 0x1e, 0x0a, 0x0a, + 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x1e, 0x0a, 0x0a, + 0x70, 0x75, 0x62, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0a, 0x70, 0x75, 0x62, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x42, 0x2c, 0x5a, 0x2a, + 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6d, 0x72, 0x61, + 0x64, 0x65, 0x2d, 0x63, 0x6f, 0x6f, 0x70, 0x2f, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, + 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( diff --git a/proto/pod.proto b/proto/pod.proto index 9291f981..ff720671 100644 --- a/proto/pod.proto +++ b/proto/pod.proto @@ -10,6 +10,7 @@ message Pod { repeated Volume volumes = 2; Replicas replicas = 3; KeyPair keyPair = 4; + bool ForceAttestation = 5; } message Container { diff --git a/test/e2e/autoscaler/run-test.sh b/test/e2e/autoscaler/run-test.sh index 119b5222..c39240d4 100755 --- a/test/e2e/autoscaler/run-test.sh +++ b/test/e2e/autoscaler/run-test.sh @@ -28,11 +28,11 @@ fi ## 0: Set up the external environment ## 0.1: Build/tag server and p2p-helper and autoscaler images -./redeploy-images.sh +./sync-tpodcharts.sh ## 0.2: Set up a local ethereum node and deploy contracts to it -./redeploy-contracts.sh +../common/scripts/redeploy-contracts.sh ## 0.3: start clusters ./start-clusters.sh @@ -42,7 +42,7 @@ minikube profile c1 helmfile sync -f ../minikube || { while ! kubectl get -n keda endpoints ingress-nginx-controller -o json | jq '.subsets[].addresses[].ip' &>/dev/null; do sleep 1; done; helmfile apply -f ../minikube; } # wait until all the deployments are ready -./wait-deployments.sh +../common/scripts/wait-deployments.sh ## 2.0: Starting the second Cluster @@ -50,7 +50,7 @@ minikube profile c2 helmfile sync -f ../minikube || { while ! kubectl get -n keda endpoints ingress-nginx-controller -o json | jq '.subsets[].addresses[].ip' &>/dev/null; do sleep 1; done; helmfile apply -f ../minikube; } # wait until all the deployments are ready -./wait-deployments.sh +../common/scripts/wait-deployments.sh ## 3.0: Starting the third Cluster @@ -58,7 +58,7 @@ minikube profile c3 helmfile sync -f ../minikube || { while ! kubectl get -n keda endpoints ingress-nginx-controller -o json | jq '.subsets[].addresses[].ip' &>/dev/null; do sleep 1; done; helmfile apply -f ../minikube; } # wait until all the deployments are ready -./wait-deployments.sh +../common/scripts/wait-deployments.sh minikube profile list @@ -126,12 +126,12 @@ PUBLISHER_KEY=$(docker logs anvil | awk '/Private Keys/ {flag=1; next} flag && / FUNDS=10000000000000000000000 minikube profile c1 -source swarm-connect.sh +source ../common/scripts/swarm-connect.sh PROVIDER_ETH=0x70997970C51812dc3A010C7d01b50e0d17dc79C8 #TODO= anvil.accounts[1] echo $PROVIDER_IPFS -go run ../../../cmd/trustedpods/ pod deploy ../common/manifest-autoscaler.yaml \ +go run ../../../cmd/trustedpods/ pod deploy ../common/manifests/manifest-autoscaler.yaml \ --ethereum-key "$PUBLISHER_KEY" \ --payment-contract "$PAYMENT_CONTRACT" \ --registry-contract "$REGISTRY_CONTRACT" \ @@ -145,7 +145,7 @@ sleep 5 ## 5.2: deploy to the second cluster minikube profile c2 -source swarm-connect.sh +source ../common/scripts/swarm-connect.sh # for now just remove the deployment file to avoid uploading instead of deploying rm -f ~/.apocryph/deployment/* @@ -157,7 +157,7 @@ FUNDS=10000000000000000000000 PROVIDER_ETH=0x23618e81E3f5cdF7f54C3d65f7FBc0aBf5B21E8f #TODO= anvil.accounts[7] echo $PROVIDER_IPFS -go run ../../../cmd/trustedpods/ pod deploy ../common/manifest-autoscaler.yaml \ +go run ../../../cmd/trustedpods/ pod deploy ../common/manifests/manifest-autoscaler.yaml \ --ethereum-key "$PUBLISHER_KEY" \ --payment-contract "$PAYMENT_CONTRACT" \ --registry-contract "$REGISTRY_CONTRACT" \ @@ -172,7 +172,7 @@ sleep 5 ## 5.3: deploy to the third cluster minikube profile c3 -source swarm-connect.sh +source ../common/scripts/swarm-connect.sh rm -f ~/.apocryph/deployment/* PUBLISHER_KEY=$(docker logs anvil | awk '/Private Keys/ {flag=1; next} flag && /^\(2\)/ {print $2; exit}') @@ -185,7 +185,7 @@ FUNDS=10000000000000000000000 echo $PROVIDER_IPFS -go run ../../../cmd/trustedpods/ pod deploy ../common/manifest-autoscaler.yaml \ +go run ../../../cmd/trustedpods/ pod deploy ../common/manifests/manifest-autoscaler.yaml \ --ethereum-key "$PUBLISHER_KEY" \ --payment-contract "$PAYMENT_CONTRACT" \ --registry-contract "$REGISTRY_CONTRACT" \ diff --git a/test/e2e/autoscaler/sync-tpodcharts.sh b/test/e2e/autoscaler/sync-tpodcharts.sh new file mode 100755 index 00000000..6e5c43c7 --- /dev/null +++ b/test/e2e/autoscaler/sync-tpodcharts.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +../common/scripts/redeploy-images.sh + +minikube profile c2 +kubectl delete namespace trustedpods +helmfile apply -f ../minikube -l name=trustedpods --skip-deps --set withdraw.address="0x23618e81E3f5cdF7f54C3d65f7FBc0aBf5B21E8f" --set ethKey="0xdbda1821b80551c9d65939329250298aa3472ba22feea921c0cf5d620ea67b97" + +minikube profile c3 +kubectl delete namespace trustedpods +helmfile apply -f ../minikube -l name=trustedpods --skip-deps --set withdraw.address=0xa0Ee7A142d267C1f36714E4a8F75612F20a79720 --set ethKey="0x2a871d0798f97d79848a013d4936a73bf4cc922c825d33c1cf7073dff6d409c6" diff --git a/test/e2e/common/config.yaml b/test/e2e/common/configs/config.yaml similarity index 100% rename from test/e2e/common/config.yaml rename to test/e2e/common/configs/config.yaml diff --git a/test/e2e/common/config2.yaml b/test/e2e/common/configs/config2.yaml similarity index 100% rename from test/e2e/common/config2.yaml rename to test/e2e/common/configs/config2.yaml diff --git a/test/e2e/common/config3.yaml b/test/e2e/common/configs/config3.yaml similarity index 100% rename from test/e2e/common/config3.yaml rename to test/e2e/common/configs/config3.yaml diff --git a/test/integration/sigstore/manifest.yaml b/test/e2e/common/manifests/manifest-attestation.yaml similarity index 92% rename from test/integration/sigstore/manifest.yaml rename to test/e2e/common/manifests/manifest-attestation.yaml index 5f3e8428..28bbc6ed 100644 --- a/test/integration/sigstore/manifest.yaml +++ b/test/e2e/common/manifests/manifest-attestation.yaml @@ -10,3 +10,4 @@ containers: replicas: min: 0 max: 1 +ForceAttestation: true diff --git a/test/e2e/common/manifest-autoscaler.yaml b/test/e2e/common/manifests/manifest-autoscaler.yaml similarity index 100% rename from test/e2e/common/manifest-autoscaler.yaml rename to test/e2e/common/manifests/manifest-autoscaler.yaml diff --git a/test/e2e/common/manifest-guestbook.yaml b/test/e2e/common/manifests/manifest-guestbook.yaml similarity index 100% rename from test/e2e/common/manifest-guestbook.yaml rename to test/e2e/common/manifests/manifest-guestbook.yaml diff --git a/test/e2e/common/manifest-hello-world.yaml b/test/e2e/common/manifests/manifest-hello-world.yaml similarity index 100% rename from test/e2e/common/manifest-hello-world.yaml rename to test/e2e/common/manifests/manifest-hello-world.yaml diff --git a/test/e2e/common/manifest-logger.json b/test/e2e/common/manifests/manifest-logger.json similarity index 100% rename from test/e2e/common/manifest-logger.json rename to test/e2e/common/manifests/manifest-logger.json diff --git a/test/e2e/common/manifest-nginx.yaml b/test/e2e/common/manifests/manifest-nginx.yaml similarity index 100% rename from test/e2e/common/manifest-nginx.yaml rename to test/e2e/common/manifests/manifest-nginx.yaml diff --git a/test/e2e/common/manifest-redis-guestbook.yaml b/test/e2e/common/manifests/manifest-redis-guestbook.yaml similarity index 100% rename from test/e2e/common/manifest-redis-guestbook.yaml rename to test/e2e/common/manifests/manifest-redis-guestbook.yaml diff --git a/test/e2e/common/manifest-redmine-nostorage.yaml b/test/e2e/common/manifests/manifest-redmine-nostorage.yaml similarity index 100% rename from test/e2e/common/manifest-redmine-nostorage.yaml rename to test/e2e/common/manifests/manifest-redmine-nostorage.yaml diff --git a/test/e2e/common/manifest-redmine.yaml b/test/e2e/common/manifests/manifest-redmine.yaml similarity index 100% rename from test/e2e/common/manifest-redmine.yaml rename to test/e2e/common/manifests/manifest-redmine.yaml diff --git a/test/e2e/common/test.html b/test/e2e/common/manifests/test.html similarity index 100% rename from test/e2e/common/test.html rename to test/e2e/common/manifests/test.html diff --git a/test/e2e/autoscaler/redeploy-images.sh b/test/e2e/common/scripts/build-images.sh similarity index 56% rename from test/e2e/autoscaler/redeploy-images.sh rename to test/e2e/common/scripts/build-images.sh index 5512ac1e..09ea03d2 100755 --- a/test/e2e/autoscaler/redeploy-images.sh +++ b/test/e2e/common/scripts/build-images.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash docker build -t comradecoop/apocryph/server:latest ../../.. --target server @@ -17,16 +17,3 @@ docker push localhost:5000/comradecoop/apocryph/p2p-helper:latest docker tag comradecoop/apocryph/autoscaler:latest localhost:5000/comradecoop/apocryph/autoscaler:latest docker push localhost:5000/comradecoop/apocryph/autoscaler:latest -minikube profile c1 -kubectl delete namespace trustedpods -helmfile apply -f ../minikube -l name=trustedpods --skip-deps - -minikube profile c2 -kubectl delete namespace trustedpods -helmfile apply -f ../minikube -l name=trustedpods --skip-deps --set withdraw.address="0x23618e81E3f5cdF7f54C3d65f7FBc0aBf5B21E8f" --set ethKey="0xdbda1821b80551c9d65939329250298aa3472ba22feea921c0cf5d620ea67b97" - - -minikube profile c3 -kubectl delete namespace trustedpods -helmfile apply -f ../minikube -l name=trustedpods --skip-deps --set withdraw.address=0xa0Ee7A142d267C1f36714E4a8F75612F20a79720 --set ethKey="0x2a871d0798f97d79848a013d4936a73bf4cc922c825d33c1cf7073dff6d409c6" - diff --git a/test/e2e/common/scripts/pull-images.sh b/test/e2e/common/scripts/pull-images.sh new file mode 100755 index 00000000..fa768399 --- /dev/null +++ b/test/e2e/common/scripts/pull-images.sh @@ -0,0 +1,3 @@ +#!/bin/bash +docker pull registry:2 +docker pull ghcr.io/foundry-rs/foundry:nightly-619f3c56302b5a665164002cb98263cd9812e4d5 diff --git a/test/e2e/autoscaler/redeploy-contracts.sh b/test/e2e/common/scripts/redeploy-contracts.sh similarity index 100% rename from test/e2e/autoscaler/redeploy-contracts.sh rename to test/e2e/common/scripts/redeploy-contracts.sh diff --git a/test/e2e/common/scripts/redeploy-images.sh b/test/e2e/common/scripts/redeploy-images.sh new file mode 100755 index 00000000..6664eeef --- /dev/null +++ b/test/e2e/common/scripts/redeploy-images.sh @@ -0,0 +1,6 @@ +#!/bin/bash +./build-images.sh +minikube profile c1 +kubectl delete namespace trustedpods +# will use default withdraw address & eth keys specefied in values.yaml +helmfile apply -f ../minikube -l name=trustedpods --skip-deps diff --git a/test/e2e/autoscaler/swarm-connect.sh b/test/e2e/common/scripts/swarm-connect.sh similarity index 99% rename from test/e2e/autoscaler/swarm-connect.sh rename to test/e2e/common/scripts/swarm-connect.sh index 1abc8c5c..a981136c 100755 --- a/test/e2e/autoscaler/swarm-connect.sh +++ b/test/e2e/common/scripts/swarm-connect.sh @@ -1,7 +1,7 @@ #!/bin/bash ## Configure provider/in-cluster IPFS and publisher IPFS ## -pkill ipfs +ipfs shutdown pkill -f "kubectl port-forward" PORT_5004="" diff --git a/test/e2e/common/scripts/tpodchart-sync.sh b/test/e2e/common/scripts/tpodchart-sync.sh new file mode 100755 index 00000000..5dae8a5e --- /dev/null +++ b/test/e2e/common/scripts/tpodchart-sync.sh @@ -0,0 +1,6 @@ +#!/bin/bash +echo "Tpodserver Withdraw address set to $1" +echo "Tpodserver Eth Key set to $2" + +kubectl delete namespace trustedpods +helmfile apply -f ../minikube -l name=trustedpods --skip-deps --set withdraw.address="$1" --set ethKey="$2" diff --git a/test/e2e/autoscaler/wait-deployments.sh b/test/e2e/common/scripts/wait-deployments.sh similarity index 100% rename from test/e2e/autoscaler/wait-deployments.sh rename to test/e2e/common/scripts/wait-deployments.sh diff --git a/test/e2e/constellation/miniconstellation/run-test.sh b/test/e2e/constellation/miniconstellation/run-test.sh index 5f39f3dd..982176a9 100755 --- a/test/e2e/constellation/miniconstellation/run-test.sh +++ b/test/e2e/constellation/miniconstellation/run-test.sh @@ -101,7 +101,7 @@ sleep 1 ## 1.3: Register the provider go run ../../../cmd/tpodserver/ registry register \ - --config ../common/config.yaml \ + --config ../../common/configs/config.yaml \ --ipfs /ip4/127.0.0.1/tcp/5001 \ --ethereum-rpc http://127.0.0.1:8545 \ --ethereum-key 0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d \ diff --git a/test/e2e/constellation/qemu/run-test.sh b/test/e2e/constellation/qemu/run-test.sh index c4946dcd..ed43cd0e 100755 --- a/test/e2e/constellation/qemu/run-test.sh +++ b/test/e2e/constellation/qemu/run-test.sh @@ -56,7 +56,7 @@ TOKEN_CONTRACT=0x5fbdb2315678afecb367f032d93f642f64180aa3 # TODO= result of forg [ "$PORT_5004" == "" ] && { PORT_5004="yes" ; kubectl port-forward --namespace ipfs svc/ipfs-rpc 5004:5001 & sleep 0.5; } go run ../../../../cmd/tpodserver registry register \ - --config ../../common/config.yaml \ + --config ../../common/configs/config.yaml \ --ipfs /ip4/127.0.0.1/tcp/5004 \ --ethereum-rpc http://127.0.0.1:8545 \ --ethereum-key 0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d \ diff --git a/test/e2e/minikube/deploy-pod.sh b/test/e2e/minikube/deploy-pod.sh new file mode 100755 index 00000000..e384ca65 --- /dev/null +++ b/test/e2e/minikube/deploy-pod.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +POD=$1 +PROVIDER_ETH=0x70997970C51812dc3A010C7d01b50e0d17dc79C8 #TODO= anvil.accounts[1] +PUBLISHER_KEY=$(docker logs anvil | awk '/Private Keys/ {flag=1; next} flag && /^\(2\)/ {print $2; exit}') +PAYMENT_CONTRACT=$(cat ../../../contracts/broadcast/Deploy.s.sol/31337/run-latest.json | jq -r '.returns.payment.value') +REGISTRY_CONTRACT=$(cat ../../../contracts/broadcast/Deploy.s.sol/31337/run-latest.json | jq -r '.returns.registry.value') +FUNDS=10000000000000000000000 + +set +v +set -x + +go run ../../../cmd/trustedpods/ pod deploy $POD \ + --ethereum-key "$PUBLISHER_KEY" \ + --payment-contract "$PAYMENT_CONTRACT" \ + --registry-contract "$REGISTRY_CONTRACT" \ + --funds "$FUNDS" \ + --upload-images=true \ + --mint-funds + +set +x +set -v + diff --git a/test/e2e/minikube/run-test.sh b/test/e2e/minikube/run-test.sh index 43efec87..2031597e 100755 --- a/test/e2e/minikube/run-test.sh +++ b/test/e2e/minikube/run-test.sh @@ -3,7 +3,7 @@ set -e -trap 'pkill -f "kubectl port-forward" && kill $(jobs -p) &>/dev/null' EXIT +trap 'pkill -f "kubectl port-forward" && kill $(jobs -p) && pkill $$ &>/dev/null' EXIT if [ "$1" = "teardown" ]; then minikube delete @@ -45,129 +45,57 @@ sudo chmod o+rw /run/containerd/containerd.sock ## 0: Set up the external environment -## 0.1: Build/tag server and p2p-helper images - -docker build -t comradecoop/apocryph/server:latest ../../.. --target server - -docker build -t comradecoop/apocryph/p2p-helper:latest ../../.. --target p2p-helper - -## 0.2: Create local registry and push server and p2p-helper images - -docker run -d -p 5000:5000 --restart=always --name registry registry:2 || echo "Docker registry already running" +# pull registry and foundry images +../common/scripts/pull-images.sh -docker tag comradecoop/apocryph/server:latest localhost:5000/comradecoop/apocryph/server:latest -docker push localhost:5000/comradecoop/apocryph/server:latest +## 0.1: Build/tag server and p2p-helper images -docker tag comradecoop/apocryph/p2p-helper:latest localhost:5000/comradecoop/apocryph/p2p-helper:latest -docker push localhost:5000/comradecoop/apocryph/p2p-helper:latest +../common/scripts/build-images.sh ## 0.3: Set up a local ethereum node and deploy contracts to it -# (NOTE: Unfortunately, we cannot use a port other than 8545, or otherwise the eth-rpc service will break) -docker run -d -p 8545:8545 --restart=always --name=anvil \ - ghcr.io/foundry-rs/foundry:nightly-619f3c56302b5a665164002cb98263cd9812e4d5 \ - -- 'anvil --host 0.0.0.0 --state /anvil-state.json' 2>/dev/null || { - docker exec anvil ash -c 'kill 1 && rm -f /anvil-state.json' # Reset anvil state -} -sleep 5 - -DEPLOYER_KEY=$(docker logs anvil | awk '/Private Keys/ {flag=1; next} flag && /^\(0\)/ {print $2; exit}') # anvil.accounts[0] - -( cd ../../../contracts; forge script script/Deploy.s.sol --private-key "$DEPLOYER_KEY" --rpc-url http://localhost:8545 --broadcast) +../common/scripts/redeploy-contracts.sh ## 1: Set up the Kubernetes environment ## +[ "$(minikube status -f'{{.Kubelet}}')" = "Running" ] || minikube start --insecure-registry='host.minikube.internal:5000' --container-runtime=containerd -p c1 -[ "$(minikube status -f'{{.Kubelet}}')" = "Running" ] || minikube start --insecure-registry='host.minikube.internal:5000' --container-runtime=containerd - -minikube addons enable metrics-server +minikube addons enable metrics-server -p c1 ## 1.1: Apply Helm configurations ## kubectl delete namespace trustedpods 2>/dev/null || true -helmfile sync +helmfile sync || { while ! kubectl get -n keda endpoints ingress-nginx-controller -o json | jq '.subsets[].addresses[].ip' &>/dev/null; do sleep 1; done; helmfile apply; } + +## 1.2: Wait until all deployments are ready +../common/scripts/wait-deployments.sh -## 1.2: Register the provider in the marketplace +## 1.3: Register the provider in the marketplace [ "$PORT_5004" == "" ] && { PORT_5004="yes" ; kubectl port-forward --namespace ipfs svc/ipfs-rpc 5004:5001 & sleep 0.5; } go run ../../../cmd/tpodserver registry register \ - --config ../common/config.yaml \ + --config ../common/configs/config.yaml \ --ipfs /ip4/127.0.0.1/tcp/5004 \ --ethereum-rpc http://127.0.0.1:8545 \ --ethereum-key 0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d \ --token-contract 0x5FbDB2315678afecb367f032d93F642f64180aa3 \ --registry-contract 0x9fe46736679d2d9a65f0992f2272de9f3c7fa6e0 \ -## 1.3: Configure provider/in-cluster IPFS and publisher IPFS ## - -{ while ! kubectl get -n ipfs endpoints ipfs-rpc -o json | jq '.subsets[].addresses[].ip' &>/dev/null; do sleep 1; done; } - -O_IPFS_PATH=$IPFS_PATH -export IPFS_PATH=$(mktemp ipfs.XXXX --tmpdir -d) - -[ "$PORT_5004" == "" ] && { PORT_5004="yes" ; kubectl port-forward --namespace ipfs svc/ipfs-rpc 5004:5001 & sleep 0.5; } -echo /ip4/127.0.0.1/tcp/5004 > $IPFS_PATH/api - -SWARM_ADDRESSES=$(minikube service -n ipfs ipfs-swarm --url | head -n 1 | sed -E 's|http://(.+):(.+)|["/ip4/\1/tcp/\2", "/ip4/\1/udp/\2/quic", "/ip4/\1/udp/\2/quic-v1", "/ip4/\1/udp/\2/quic-v1/webtransport"]|') - -PROVIDER_IPFS=$(curl -X POST "http://127.0.0.1:5004/api/v0/id" | jq '.ID' -r); echo $PROVIDER_IPFS - -CONFIG_BEFORE=$(ipfs config Addresses.AppendAnnounce) -ipfs config Addresses.AppendAnnounce --json "$SWARM_ADDRESSES" -CONFIG_AFTER=$(ipfs config Addresses.AppendAnnounce) - -[ "$CONFIG_BEFORE" = "$CONFIG_AFTER" ] || kubectl delete -n ipfs $(kubectl get po -o name -n ipfs) # Restart ipfs daemon - -export IPFS_PATH=$O_IPFS_PATH - -{ while ! kubectl get -n ipfs endpoints ipfs-rpc -o json | jq '.subsets[].addresses[].ip' &>/dev/null; do sleep 1; done; } - -ipfs id &>/dev/null || ipfs init - -ipfs config --json Experimental.Libp2pStreamMounting true - -[ -n "$IPFS_DAEMON" ] || { IPFS_DAEMON=yes; ipfs daemon & { while ! [ -f ${IPFS_PATH:-~/.ipfs}/api ]; do sleep 0.1; done; } 2>/dev/null; } - -echo "$SWARM_ADDRESSES" | jq -r '.[] + "/p2p/'"$PROVIDER_IPFS"'"' | xargs -n 1 ipfs swarm connect || true - -sleep 1 - - +## 1.4: Configure provider/in-cluster IPFS and publisher IPFS ## +minikube profile c1 +../common/scripts/swarm-connect.sh ## 2: Deploy example manifest to cluster ## -PROVIDER_ETH=0x70997970C51812dc3A010C7d01b50e0d17dc79C8 #TODO= anvil.accounts[1] -PUBLISHER_KEY=$(docker logs anvil | awk '/Private Keys/ {flag=1; next} flag && /^\(2\)/ {print $2; exit}') -PAYMENT_CONTRACT=$(cat ../../../contracts/broadcast/Deploy.s.sol/31337/run-latest.json | jq -r '.returns.payment.value') -REGISTRY_CONTRACT=$(cat ../../../contracts/broadcast/Deploy.s.sol/31337/run-latest.json | jq -r '.returns.registry.value') -FUNDS=10000000000000000000000 - -[ "$PORT_5004" == "" ] && { PORT_5004="yes" ; kubectl port-forward --namespace ipfs svc/ipfs-rpc 5004:5001 & sleep 0.5; } -[ -n "$PROVIDER_IPFS" ] || { PROVIDER_IPFS=$(curl -X POST "http://127.0.0.1:5004/api/v0/id" -s | jq '.ID' -r); echo $PROVIDER_IPFS; } -[ -n "$IPFS_DAEMON" ] || { IPFS_DAEMON=yes; ipfs daemon & { while ! [ -f ${IPFS_PATH:-~/.ipfs}/api ]; do sleep 0.1; done; } 2>/dev/null; } - -set +v -set -x - - -go run ../../../cmd/trustedpods/ pod deploy ../common/manifest-nginx.yaml \ - --ethereum-key "$PUBLISHER_KEY" \ - --payment-contract "$PAYMENT_CONTRACT" \ - --registry-contract "$REGISTRY_CONTRACT" \ - --funds "$FUNDS" \ - --upload-images=true \ - --mint-funds - -set +x -set -v +./deploy-pod.sh ../common/manifests/manifest-nginx.yaml ## 3: Connect and measure balances ## WITHDRAW_ETH=0x90F79bf6EB2c4f870365E785982E1f101E93b906 #TODO copied from trustedpods/tpodserver.yml TOKEN_CONTRACT=$(cat ../../../contracts/broadcast/Deploy.s.sol/31337/run-latest.json | jq -r '.returns.token.value') -INGRESS_URL=$(minikube service -n keda ingress-nginx-controller --url=true | head -n 1); echo $INGRESS_URL +INGRESS_URL=$(minikube service -n keda ingress-nginx-controller --url=true -p c1 | head -n 1); echo $INGRESS_URL MANIFEST_HOST=example.local # From manifest-nginx.yaml echo "Provider balance before:" $(cast call "$TOKEN_CONTRACT" "balanceOf(address)" "$WITHDRAW_ETH" | cast to-fixed-point 18) @@ -205,10 +133,9 @@ export TOKEN_CONTRACT=$(cat ../../../contracts/broadcast/Deploy.s.sol/31337/run- export PAYMENT_CONTRACT=$(cat ../../../contracts/broadcast/Deploy.s.sol/31337/run-latest.json | jq -r '.returns.payment.value') export REGISTRY_CONTRACT=$(cat ../../../contracts/broadcast/Deploy.s.sol/31337/run-latest.json | jq -r '.returns.registry.value') export FUNDS=10000000000000000000000 -export INGRESS_URL=$(minikube service -n keda ingress-nginx-controller --url=true | head -n 1); echo $INGRESS_URL +export INGRESS_URL=$(minikube service -n keda ingress-nginx-controller --url=true -p c1 | head -n 1); echo $INGRESS_URL export MANIFEST_HOST=guestbook.localhost # From manifest-guestbook.yaml [ "$PORT_5004" == "" ] && { PORT_5004="yes" ; kubectl port-forward --namespace ipfs svc/ipfs-rpc 5004:5001 & sleep 0.5; } [ -n "$PROVIDER_IPFS" ] || { PROVIDER_IPFS=$(curl -X POST "http://127.0.0.1:5004/api/v0/id" -s | jq '.ID' -r); echo $PROVIDER_IPFS; } [ -n "$IPFS_DAEMON" ] || { IPFS_DAEMON=yes; ipfs daemon & { while ! [ -f ${IPFS_PATH:-~/.ipfs}/api ]; do sleep 0.1; done; } 2>/dev/null; } -bash From b1960a3e9d504e8cc8c2a65efeee1c14b530e32e Mon Sep 17 00:00:00 2001 From: revoltez Date: Wed, 21 Aug 2024 17:41:42 +0100 Subject: [PATCH 04/22] feat: add policy controller chart & image verification option --- pkg/kubernetes/namespaces.go | 7 ++++++- pkg/kubernetes/pods.go | 3 --- proto/pod.proto | 4 ++-- test/e2e/minikube/helmfile.yaml | 6 +++++- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/pkg/kubernetes/namespaces.go b/pkg/kubernetes/namespaces.go index 9a6bb5f3..7cc80249 100644 --- a/pkg/kubernetes/namespaces.go +++ b/pkg/kubernetes/namespaces.go @@ -22,11 +22,12 @@ const ( AnnotationsTrustedPodsPaymentChannel string = "coop.comrade/apocryph-payment-contract" LabelIpfsP2P string = "coop.comrade/apocryph-p2p-helper" AnnotationsIpfsP2P string = "coop.comrade/apocryph-p2p-helper" + SigstorePolicy string = "policy.sigstore.dev/include" ) var TrustedPodsNamespaceFilter = client.HasLabels{LabelTrustedPodsNamespace} -func NewTrustedPodsNamespace(name string, paymentChannel *pb.PaymentChannel) *corev1.Namespace { +func NewTrustedPodsNamespace(name string, pod *pb.Pod, paymentChannel *pb.PaymentChannel) *corev1.Namespace { namespace := &corev1.Namespace{ ObjectMeta: metav1.ObjectMeta{ Name: name, @@ -35,6 +36,10 @@ func NewTrustedPodsNamespace(name string, paymentChannel *pb.PaymentChannel) *co }, }, } + // force container image verification + if pod.ImageVerification { + namespace.Labels[SigstorePolicy] = "true" + } if paymentChannel != nil { namespace.ObjectMeta.Annotations = map[string]string{ AnnotationsTrustedPodsPaymentChannel: protojson.Format(paymentChannel), diff --git a/pkg/kubernetes/pods.go b/pkg/kubernetes/pods.go index 7b39cfc7..2bd96f58 100644 --- a/pkg/kubernetes/pods.go +++ b/pkg/kubernetes/pods.go @@ -20,9 +20,6 @@ import ( type FetchSecret func(cid []byte) (map[string][]byte, error) -const PRIVATE_KEY = "PRIVATE_KEY" -const PUBLIC_ADDRESS = "PUBLIC_ADDRESS" - func updateOrCreate(ctx context.Context, resourceName, kind, namespace string, resource interface{}, client k8cl.Client, update bool) error { if update { key := &k8cl.ObjectKey{ diff --git a/proto/pod.proto b/proto/pod.proto index ff720671..04c5d917 100644 --- a/proto/pod.proto +++ b/proto/pod.proto @@ -10,7 +10,7 @@ message Pod { repeated Volume volumes = 2; Replicas replicas = 3; KeyPair keyPair = 4; - bool ForceAttestation = 5; + bool ImageVerification = 5; } message Container { @@ -23,11 +23,11 @@ message Container { map env = 7; repeated VolumeMount volumes = 8; repeated Resource resourceRequests = 9; // "cpu", "memory", custom - message Image { bytes cid = 1; Key key = 2; string url = 3; + string signature = 4; } message Port { diff --git a/test/e2e/minikube/helmfile.yaml b/test/e2e/minikube/helmfile.yaml index 1c0ca16b..f34e863b 100644 --- a/test/e2e/minikube/helmfile.yaml +++ b/test/e2e/minikube/helmfile.yaml @@ -7,7 +7,8 @@ repositories: url: https://prometheus-community.github.io/helm-charts - name: grafana url: https://grafana.github.io/helm-charts - + - name: sigstore + url: https://sigstore.github.io/helm-charts releases: - name: keda namespace: keda @@ -64,3 +65,6 @@ releases: - name: eth chart: ./eth namespace: eth + - name: policy-controller + chart: sigstore/policy-controller + namespace: policy-controller From 9187968f39732473e38ac1a9974c0551c131a4f8 Mon Sep 17 00:00:00 2001 From: revoltez Date: Wed, 21 Aug 2024 17:44:22 +0100 Subject: [PATCH 05/22] feat: save image signatures in deployments & pod, skip uploading to registry Add upload-signatures flag in case user wants to upload to the registry --- cmd/trustedpods/deploy.go | 6 +- cmd/trustedpods/flags.go | 3 + cmd/trustedpods/upload.go | 16 ++- go.mod | 17 +-- go.sum | 22 ++++ pkg/constants/constants.go | 4 + pkg/proto-ts/deployment_pb.ts | 6 + pkg/proto-ts/pod_pb.ts | 12 +- pkg/proto/deployment.pb.go | 38 +++--- pkg/proto/pod.pb.go | 114 ++++++++++-------- pkg/provider/server.go | 2 +- pkg/publisher/images.go | 102 ++++++++++------ pkg/publisher/upload.go | 9 +- proto/deployment.proto | 1 + .../manifests/manifest-attestation.yaml | 2 +- test/integration/sigstore/run-test.sh | 6 +- 16 files changed, 230 insertions(+), 130 deletions(-) diff --git a/cmd/trustedpods/deploy.go b/cmd/trustedpods/deploy.go index f272fd05..2160c7dc 100644 --- a/cmd/trustedpods/deploy.go +++ b/cmd/trustedpods/deploy.go @@ -98,7 +98,11 @@ var deployPodCmd = &cobra.Command{ configureDeployment(deployment) if sign { - err := publisher.SignPodImages(pod, publisher.DefaultSignOptions()) + signOptions := publisher.DefaultSignOptions() + if !uploadSignatures { + signOptions.Upload = false + } + err := publisher.SignPodImages(pod, deployment, signOptions) if err != nil { return fmt.Errorf("failed Signing images: %v", err) } diff --git a/cmd/trustedpods/flags.go b/cmd/trustedpods/flags.go index 60b036b9..52ba3517 100644 --- a/cmd/trustedpods/flags.go +++ b/cmd/trustedpods/flags.go @@ -29,6 +29,7 @@ var uploadImages bool var uploadSecrets bool var sign bool +var uploadSignatures bool var verify bool var verifyImagesFlags = &pflag.FlagSet{} @@ -69,11 +70,13 @@ var _ = func() error { deploymentFlags.StringVar(&ipfsApi, "ipfs", "/ip4/127.0.0.1/tcp/5001", "multiaddr where the ipfs/kubo api can be accessed") deploymentFlags.BoolVar(&authorize, "authorize", false, "Create a key pair for the application and authorize the returned addresses to control the payment channel") deploymentFlags.BoolVar(&verify, "verify", false, "verify the pod images (requires certificate-identity & certificate-oidc-issuer flags)") + deploymentFlags.BoolVar(&uploadSignatures, "upload-signatures", false, "skip uploading signatures to the registry") uploadFlags.StringVar(&ipfsApi, "ipfs", "/ip4/127.0.0.1/tcp/5001", "multiaddr where the ipfs/kubo api can be accessed") uploadFlags.BoolVar(&uploadImages, "upload-images", true, "upload images") uploadFlags.BoolVar(&uploadSecrets, "upload-secrets", true, "upload secrets") uploadFlags.BoolVar(&sign, "sign-images", false, "sign images") + uploadFlags.BoolVar(&uploadSignatures, "upload-signatures", false, "skip uploading signatures to the registry") verifyImagesFlags.StringVar(&certificateIdentity, "certificate-identity", "", "identity used for signing the image") verifyImagesFlags.StringVar(&certificateOidcIssuer, "certificate-oidc-issuer", "", "issuer of the oidc") diff --git a/cmd/trustedpods/upload.go b/cmd/trustedpods/upload.go index f55997f3..cd98f3cf 100644 --- a/cmd/trustedpods/upload.go +++ b/cmd/trustedpods/upload.go @@ -25,18 +25,22 @@ var uploadPodCmd = &cobra.Command{ } configureDeployment(deployment) + ipfs, _, err := tpipfs.GetIpfsClient(ipfsApi) + if err != nil { + return fmt.Errorf("Failed connecting to IPFS: %w", err) + } + if sign { - err := publisher.SignPodImages(pod, publisher.DefaultSignOptions()) + signOptions := publisher.DefaultSignOptions() + if !uploadSignatures { + signOptions.Upload = false + } + err := publisher.SignPodImages(pod, deployment, signOptions) if err != nil { return fmt.Errorf("failed Signing images: %v", err) } } - ipfs, _, err := tpipfs.GetIpfsClient(ipfsApi) - if err != nil { - return fmt.Errorf("Failed connecting to IPFS: %w", err) - } - ctrdClient, err := ipcr.GetContainerdClient("k8s.io") if err != nil { return err diff --git a/go.mod b/go.mod index 64929062..ae83d59e 100644 --- a/go.mod +++ b/go.mod @@ -38,9 +38,9 @@ require ( golang.org/x/net v0.27.0 google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.29.0 - k8s.io/apimachinery v0.29.0 - k8s.io/client-go v0.29.0 + k8s.io/api v0.30.2 + k8s.io/apimachinery v0.30.2 + k8s.io/client-go v0.30.2 sigs.k8s.io/controller-runtime v0.16.3 ) @@ -96,8 +96,8 @@ require ( github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect - github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 // indirect - github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect + github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7 // indirect + github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 // indirect @@ -175,8 +175,8 @@ require ( github.com/djherbis/times v1.5.0 // indirect github.com/docker/cli v25.0.1+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v26.1.4+incompatible // indirect - github.com/docker/docker-credential-helpers v0.8.0 // indirect + github.com/docker/docker v27.0.3+incompatible // indirect + github.com/docker/docker-credential-helpers v0.8.2 // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect github.com/docker/go-units v0.5.0 // indirect @@ -396,6 +396,7 @@ require ( github.com/shibumi/go-pathspec v1.3.0 // indirect github.com/shirou/gopsutil v3.21.4-0.20210419000835-c7a38de76ee5+incompatible // indirect github.com/sigstore/fulcio v1.5.1 // indirect + github.com/sigstore/policy-controller v0.10.0 // indirect github.com/sigstore/protobuf-specs v0.3.2 // indirect github.com/sigstore/rekor v1.3.6 // indirect github.com/sigstore/sigstore v1.8.8 // indirect @@ -481,7 +482,7 @@ require ( gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect lukechampine.com/blake3 v1.2.2 // indirect rsc.io/tmplfunc v0.0.3 // indirect diff --git a/go.sum b/go.sum index a6ef3a11..33948c61 100644 --- a/go.sum +++ b/go.sum @@ -216,8 +216,12 @@ github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 h1:y6LX9GUoEA3mO0qpFl1ZQHj1rFyPWVphlzebiSt2tKE= github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2/go.mod h1:Q0LcmaN/Qr8+4aSBrdrXXePqoX0eOuYpJLbYpilmWnA= +github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7 h1:3iaT/LnGV6jNtbBkvHZDlzz7Ky3wMHDJAyFtGd5GUJI= +github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7/go.mod h1:mtzCLxk6M+KZbkJdq3cUH9GCrudw8qCy5C3EHO+5vLc= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 h1:PpbXaecV3sLAS6rjQiaKw4/jyq3Z8gNzmoJupHAoBp0= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2/go.mod h1:fUHpGXr4DrXkEDpGAjClPsviWf+Bszeb0daKE0blxv8= +github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6 h1:h+r5/diSwztgKgxUrntt6AOI5lBYY0ZJv+yzeulGZSU= +github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6/go.mod h1:7+5MHFC52LC85xKCjCuWDHmIncOOvWnll10OT9EAN/g= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvGhSoaIhRseqw2I0yH81l7wiR2vjs57O51EAm8= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3/go.mod h1:GlAeCkHwugxdHaueRr4nhPuY+WW+gR8UjlcqzPr1SPI= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 h1:HGErhhrxZlQ044RiM+WdoZxp0p+EGM62y3L6pwA4olE= @@ -423,6 +427,7 @@ github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53E github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE= github.com/danieljoos/wincred v1.2.0/go.mod h1:FzQLLMKBFdvu+osBrnFODiv32YGwCfx0SkRa/eYHgec= +github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -467,8 +472,12 @@ github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBi github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v26.1.4+incompatible h1:vuTpXDuoga+Z38m1OZHzl7NKisKWaWlhjQk7IDPSLsU= github.com/docker/docker v26.1.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v27.0.3+incompatible h1:aBGI9TeQ4MPlhquTQKq9XbK79rKFVwXNUAYz9aXyEBE= +github.com/docker/docker v27.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8= github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40= +github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= +github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= @@ -778,10 +787,12 @@ github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5O github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 h1:UpiO20jno/eV1eVZcxqWnUohyKRe1g8FPV/xH1s/2qs= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSYmuZJGizr6/x/AEizP0CQc= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= github.com/hashicorp/go-sockaddr v1.0.5 h1:dvk7TIXCZpmfOlM+9mlcrWmWjw/wlKT+VDq2wMvfPJU= github.com/hashicorp/go-sockaddr v1.0.5/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI= +github.com/hashicorp/go-sockaddr v1.0.6 h1:RSG8rKU28VTUTvEKghe5gIhIQpv8evvNpnDEyqO4u9I= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1 h1:fv1ep09latC32wFoVwnqcnKJGnMSdBanPczbHAYm1BE= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= @@ -1393,6 +1404,8 @@ github.com/sigstore/cosign/v2 v2.4.0 h1:2NdidNgClg+oXr/fDIr37E/BE6j00gqgUhSiBK2k github.com/sigstore/cosign/v2 v2.4.0/go.mod h1:j+fH1DCUkcn92qp6ezDj4JbGMri6eG1nLJC+hs64rvc= github.com/sigstore/fulcio v1.5.1 h1:Iasy1zfNjaq8BV4S8o6pXspLDU28PQC2z07GmOu9zpM= github.com/sigstore/fulcio v1.5.1/go.mod h1:W1A/UHrTopy1IBZPMtHmxg7GPYAu+vt5dRXM3W6yjPo= +github.com/sigstore/policy-controller v0.10.0 h1:fVMJfrvolDQUJ5nuKiZl0h8qoirEkEziVVDTNjLq5c0= +github.com/sigstore/policy-controller v0.10.0/go.mod h1:A0ypukI8JQoOZ3R5Xs6D0z5qfk0OsbY92j73xiwJY7Y= github.com/sigstore/protobuf-specs v0.3.2 h1:nCVARCN+fHjlNCk3ThNXwrZRqIommIeNKWwQvORuRQo= github.com/sigstore/protobuf-specs v0.3.2/go.mod h1:RZ0uOdJR4OB3tLQeAyWoJFbNCBFrPQdcokntde4zRBA= github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8= @@ -1622,6 +1635,7 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 h1:R3X6Z go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0/go.mod h1:QWFXnDavXWwMx2EEcZsf3yxgEKAqsxQ+Syjp+seyInw= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0 h1:Xw8U6u2f8DK2XAkGRFV7BBLENgnTGX9i4rQRxJf+/vs= go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.19.0 h1:Nw7Dv4lwvGrI68+wULbcq7su9K2cebeCUrDjVrUJHxM= go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.19.0/go.mod h1:1MsF6Y7gTqosgoZvHlzcaaM8DIMNZgJh87ykokoNH7Y= go.opentelemetry.io/otel/exporters/zipkin v1.14.0 h1:reEVE1upBF9tcujgvSqLJS0SrI7JQPaTKP4s4rymnSs= @@ -2102,16 +2116,24 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A= k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA= +k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= +k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= k8s.io/apimachinery v0.29.0 h1:+ACVktwyicPz0oc6MTMLwa2Pw3ouLAfAon1wPLtG48o= k8s.io/apimachinery v0.29.0/go.mod h1:eVBxQ/cwiJxH58eK/jd/vAk4mrxmVlnpBH5J2GbMeis= +k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= +k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/client-go v0.29.0 h1:KmlDtFcrdUzOYrBhXHgKw5ycWzc3ryPX5mQe0SkG3y8= k8s.io/client-go v0.29.0/go.mod h1:yLkXH4HKMAywcrD82KMSmfYg2DlE8mepPR4JGSo5n38= +k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= +k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 h1:avRdiaB03v88Mfvum2S3BBwkNuTlmuar4LlfO9Hajko= k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022/go.mod h1:sIV51WBTkZrlGOJMCDZDA1IaPBUDTulPpD4y7oe038k= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= lukechampine.com/blake3 v1.2.2 h1:wEAbSg0IVU4ih44CVlpMqMZMpzr5hf/6aqodLlevd/w= diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index 1a7ff78d..f777f3f5 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -1,8 +1,12 @@ package constants +import "time" + const PRIVATE_KEY = "PRIVATE_KEY" const PUBLIC_ADDRESS_KEY = "PUBLIC_ADDRESS" const PAYMENT_ADDR_KEY = "PAYMENT_ADDRESS" const PUBLISHER_ADDR_KEY = "PUBLISHER_ADDRESS" const PROVIDER_ADDR_KEY = "PROVIDER_ADDRESS" const POD_ID_KEY = "POD_ID" +const TIMEOUT = 3 * time.Minute +const OUTPUT_SIGNATURE_PATH = "~/.apocryph/signatures/" diff --git a/pkg/proto-ts/deployment_pb.ts b/pkg/proto-ts/deployment_pb.ts index dc452c16..6f616edc 100644 --- a/pkg/proto-ts/deployment_pb.ts +++ b/pkg/proto-ts/deployment_pb.ts @@ -205,6 +205,11 @@ export class UploadedImage extends Message { */ key?: Key; + /** + * @generated from field: string signature = 5; + */ + signature = ""; + constructor(data?: PartialMessage) { super(); proto3.util.initPartial(data, this); @@ -217,6 +222,7 @@ export class UploadedImage extends Message { { no: 2, name: "digest", kind: "scalar", T: 9 /* ScalarType.STRING */ }, { no: 3, name: "cid", kind: "scalar", T: 12 /* ScalarType.BYTES */ }, { no: 4, name: "key", kind: "message", T: Key }, + { no: 5, name: "signature", kind: "scalar", T: 9 /* ScalarType.STRING */ }, ]); static fromBinary(bytes: Uint8Array, options?: Partial): UploadedImage { diff --git a/pkg/proto-ts/pod_pb.ts b/pkg/proto-ts/pod_pb.ts index 7b3f7ae9..bed63ed8 100644 --- a/pkg/proto-ts/pod_pb.ts +++ b/pkg/proto-ts/pod_pb.ts @@ -33,9 +33,9 @@ export class Pod extends Message { keyPair?: KeyPair; /** - * @generated from field: bool ForceAttestation = 5; + * @generated from field: bool ImageVerification = 5; */ - ForceAttestation = false; + ImageVerification = false; constructor(data?: PartialMessage) { super(); @@ -49,7 +49,7 @@ export class Pod extends Message { { no: 2, name: "volumes", kind: "message", T: Volume, repeated: true }, { no: 3, name: "replicas", kind: "message", T: Replicas }, { no: 4, name: "keyPair", kind: "message", T: KeyPair }, - { no: 5, name: "ForceAttestation", kind: "scalar", T: 8 /* ScalarType.BOOL */ }, + { no: 5, name: "ImageVerification", kind: "scalar", T: 8 /* ScalarType.BOOL */ }, ]); static fromBinary(bytes: Uint8Array, options?: Partial): Pod { @@ -175,6 +175,11 @@ export class Container_Image extends Message { */ url = ""; + /** + * @generated from field: string signature = 4; + */ + signature = ""; + constructor(data?: PartialMessage) { super(); proto3.util.initPartial(data, this); @@ -186,6 +191,7 @@ export class Container_Image extends Message { { no: 1, name: "cid", kind: "scalar", T: 12 /* ScalarType.BYTES */ }, { no: 2, name: "key", kind: "message", T: Key }, { no: 3, name: "url", kind: "scalar", T: 9 /* ScalarType.STRING */ }, + { no: 4, name: "signature", kind: "scalar", T: 9 /* ScalarType.STRING */ }, ]); static fromBinary(bytes: Uint8Array, options?: Partial): Container_Image { diff --git a/pkg/proto/deployment.pb.go b/pkg/proto/deployment.pb.go index 737a7da5..c0ebab5b 100644 --- a/pkg/proto/deployment.pb.go +++ b/pkg/proto/deployment.pb.go @@ -252,6 +252,7 @@ type UploadedImage struct { Digest string `protobuf:"bytes,2,opt,name=digest,proto3" json:"digest,omitempty"` Cid []byte `protobuf:"bytes,3,opt,name=cid,proto3" json:"cid,omitempty"` Key *Key `protobuf:"bytes,4,opt,name=key,proto3" json:"key,omitempty"` + Signature string `protobuf:"bytes,5,opt,name=signature,proto3" json:"signature,omitempty"` } func (x *UploadedImage) Reset() { @@ -314,6 +315,13 @@ func (x *UploadedImage) GetKey() *Key { return nil } +func (x *UploadedImage) GetSignature() string { + if x != nil { + return x.Signature + } + return "" +} + type UploadedSecret struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -440,7 +448,7 @@ var file_deployment_proto_rawDesc = []byte{ 0x73, 0x68, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x10, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x6f, 0x64, 0x49, 0x44, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x0c, 0x52, 0x05, 0x70, 0x6f, 0x64, 0x49, 0x44, 0x22, 0x85, 0x01, 0x0a, 0x0d, 0x55, 0x70, + 0x28, 0x0c, 0x52, 0x05, 0x70, 0x6f, 0x64, 0x49, 0x44, 0x22, 0xa3, 0x01, 0x0a, 0x0d, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x64, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x72, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, @@ -449,19 +457,21 @@ var file_deployment_proto_rawDesc = []byte{ 0x63, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, 0x65, - 0x79, 0x22, 0x8e, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x64, 0x53, 0x65, - 0x63, 0x72, 0x65, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4e, 0x61, - 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, - 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x73, 0x75, - 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x73, - 0x75, 0x6d, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, - 0x03, 0x63, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, - 0x65, 0x79, 0x42, 0x2c, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x63, 0x6f, 0x6d, 0x72, 0x61, 0x64, 0x65, 0x2d, 0x63, 0x6f, 0x6f, 0x70, 0x2f, 0x61, 0x70, - 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22, + 0x8e, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x64, 0x53, 0x65, 0x63, 0x72, + 0x65, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4e, 0x61, 0x6d, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4e, 0x61, + 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x73, 0x75, 0x6d, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x73, 0x75, 0x6d, + 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x63, + 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, 0x65, 0x79, + 0x42, 0x2c, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, + 0x6f, 0x6d, 0x72, 0x61, 0x64, 0x65, 0x2d, 0x63, 0x6f, 0x6f, 0x70, 0x2f, 0x61, 0x70, 0x6f, 0x63, + 0x72, 0x79, 0x70, 0x68, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/pkg/proto/pod.pb.go b/pkg/proto/pod.pb.go index bf329229..42f82b19 100644 --- a/pkg/proto/pod.pb.go +++ b/pkg/proto/pod.pb.go @@ -123,11 +123,11 @@ type Pod struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Containers []*Container `protobuf:"bytes,1,rep,name=containers,proto3" json:"containers,omitempty"` - Volumes []*Volume `protobuf:"bytes,2,rep,name=volumes,proto3" json:"volumes,omitempty"` - Replicas *Replicas `protobuf:"bytes,3,opt,name=replicas,proto3" json:"replicas,omitempty"` - KeyPair *KeyPair `protobuf:"bytes,4,opt,name=keyPair,proto3" json:"keyPair,omitempty"` - ForceAttestation bool `protobuf:"varint,5,opt,name=ForceAttestation,proto3" json:"ForceAttestation,omitempty"` + Containers []*Container `protobuf:"bytes,1,rep,name=containers,proto3" json:"containers,omitempty"` + Volumes []*Volume `protobuf:"bytes,2,rep,name=volumes,proto3" json:"volumes,omitempty"` + Replicas *Replicas `protobuf:"bytes,3,opt,name=replicas,proto3" json:"replicas,omitempty"` + KeyPair *KeyPair `protobuf:"bytes,4,opt,name=keyPair,proto3" json:"keyPair,omitempty"` + ImageVerification bool `protobuf:"varint,5,opt,name=ImageVerification,proto3" json:"ImageVerification,omitempty"` } func (x *Pod) Reset() { @@ -190,9 +190,9 @@ func (x *Pod) GetKeyPair() *KeyPair { return nil } -func (x *Pod) GetForceAttestation() bool { +func (x *Pod) GetImageVerification() bool { if x != nil { - return x.ForceAttestation + return x.ImageVerification } return false } @@ -672,9 +672,10 @@ type Container_Image struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Cid []byte `protobuf:"bytes,1,opt,name=cid,proto3" json:"cid,omitempty"` - Key *Key `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"` - Url string `protobuf:"bytes,3,opt,name=url,proto3" json:"url,omitempty"` + Cid []byte `protobuf:"bytes,1,opt,name=cid,proto3" json:"cid,omitempty"` + Key *Key `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"` + Url string `protobuf:"bytes,3,opt,name=url,proto3" json:"url,omitempty"` + Signature string `protobuf:"bytes,4,opt,name=signature,proto3" json:"signature,omitempty"` } func (x *Container_Image) Reset() { @@ -730,6 +731,13 @@ func (x *Container_Image) GetUrl() string { return "" } +func (x *Container_Image) GetSignature() string { + if x != nil { + return x.Signature + } + return "" +} + type Container_Port struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1030,7 +1038,7 @@ var File_pod_proto protoreflect.FileDescriptor var file_pod_proto_rawDesc = []byte{ 0x0a, 0x09, 0x70, 0x6f, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, - 0x6f, 0x64, 0x22, 0xa3, 0x02, 0x0a, 0x03, 0x50, 0x6f, 0x64, 0x12, 0x40, 0x0a, 0x0a, 0x63, 0x6f, + 0x6f, 0x64, 0x22, 0xa5, 0x02, 0x0a, 0x03, 0x50, 0x6f, 0x64, 0x12, 0x40, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, @@ -1045,48 +1053,50 @@ var file_pod_proto_rawDesc = []byte{ 0x61, 0x73, 0x12, 0x38, 0x0a, 0x07, 0x6b, 0x65, 0x79, 0x50, 0x61, 0x69, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x50, - 0x61, 0x69, 0x72, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x50, 0x61, 0x69, 0x72, 0x12, 0x2a, 0x0a, 0x10, - 0x46, 0x6f, 0x72, 0x63, 0x65, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x46, 0x6f, 0x72, 0x63, 0x65, 0x41, 0x74, 0x74, - 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xf4, 0x06, 0x0a, 0x09, 0x43, 0x6f, 0x6e, - 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3c, 0x0a, 0x05, 0x69, 0x6d, - 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x61, 0x70, 0x6f, 0x63, - 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, - 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x49, 0x6d, 0x61, 0x67, - 0x65, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, - 0x61, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, - 0x6e, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x44, 0x69, 0x72, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x44, - 0x69, 0x72, 0x12, 0x3b, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x25, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, - 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, - 0x3b, 0x0a, 0x03, 0x65, 0x6e, 0x76, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x61, - 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, - 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x45, - 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x65, 0x6e, 0x76, 0x12, 0x46, 0x0a, 0x07, - 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, - 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, - 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, - 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x07, 0x76, 0x6f, 0x6c, - 0x75, 0x6d, 0x65, 0x73, 0x12, 0x4b, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, + 0x61, 0x69, 0x72, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x50, 0x61, 0x69, 0x72, 0x12, 0x2c, 0x0a, 0x11, + 0x49, 0x6d, 0x61, 0x67, 0x65, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x56, 0x65, + 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x92, 0x07, 0x0a, 0x09, 0x43, + 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3c, 0x0a, 0x05, + 0x69, 0x6d, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x61, 0x70, + 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, + 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x49, 0x6d, + 0x61, 0x67, 0x65, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, + 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, + 0x6d, 0x61, 0x6e, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x44, + 0x69, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x44, 0x69, 0x72, 0x12, 0x3b, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x06, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, + 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, + 0x73, 0x12, 0x3b, 0x0a, 0x03, 0x65, 0x6e, 0x76, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, - 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, - 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x73, 0x1a, 0x36, 0x0a, 0x08, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x59, 0x0a, 0x05, 0x49, 0x6d, 0x61, - 0x67, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, - 0x03, 0x63, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, - 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x75, 0x72, 0x6c, 0x1a, 0xbb, 0x01, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, + 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, + 0x2e, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x65, 0x6e, 0x76, 0x12, 0x46, + 0x0a, 0x07, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x2c, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, + 0x72, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x07, 0x76, + 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x12, 0x4b, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x1f, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x52, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x73, 0x1a, 0x36, 0x0a, 0x08, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x77, 0x0a, 0x05, 0x49, + 0x6d, 0x61, 0x67, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x03, 0x63, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x52, + 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, + 0x75, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, + 0x74, 0x75, 0x72, 0x65, 0x1a, 0xbb, 0x01, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, diff --git a/pkg/provider/server.go b/pkg/provider/server.go index 92a34fae..7a47a020 100644 --- a/pkg/provider/server.go +++ b/pkg/provider/server.go @@ -137,7 +137,7 @@ func (s *provisionPodServer) ProvisionPod(ctx context.Context, request *connect. } response := &pb.ProvisionPodResponse{} - ns := tpk8s.NewTrustedPodsNamespace(namespace, request.Msg.Payment) + ns := tpk8s.NewTrustedPodsNamespace(namespace, request.Msg.Pod, request.Msg.Payment) err = tpk8s.RunInNamespaceOrRevert(ctx, s.k8cl, ns, s.dryRun, func(cl client.Client) error { return tpk8s.ApplyPodRequest(ctx, cl, ns.ObjectMeta.Name, false, request.Msg.Pod, request.Msg.Payment, images, secrets, response) }) diff --git a/pkg/publisher/images.go b/pkg/publisher/images.go index bf2f69b6..e64dd6ae 100644 --- a/pkg/publisher/images.go +++ b/pkg/publisher/images.go @@ -3,10 +3,13 @@ package publisher import ( "context" "fmt" - "time" + "os" + "strings" + "github.com/comrade-coop/apocryph/pkg/constants" "github.com/comrade-coop/apocryph/pkg/proto" "github.com/google/go-containerregistry/pkg/name" + "github.com/mitchellh/go-homedir" "github.com/sigstore/cosign/v2/cmd/cosign/cli/generate" "github.com/sigstore/cosign/v2/cmd/cosign/cli/options" "github.com/sigstore/cosign/v2/cmd/cosign/cli/sign" @@ -14,8 +17,6 @@ import ( "github.com/spf13/cobra" ) -const TIMEOUT = 3 * time.Minute - func DefaultSignOptions() *options.SignOptions { cmd := &cobra.Command{} o := &options.SignOptions{} @@ -30,47 +31,74 @@ func DefaultVerifyOptions() *options.VerifyOptions { return o } -func SignPodImages(pod *proto.Pod, o *options.SignOptions) error { +func SignPodImages(pod *proto.Pod, deployment *proto.Deployment, o *options.SignOptions) error { var images []string for _, container := range pod.Containers { images = append(images, container.Image.Url) } - ro := &options.RootOptions{Timeout: TIMEOUT} + for i, image := range images { + ro := &options.RootOptions{Timeout: constants.TIMEOUT} - oidcClientSecret, err := o.OIDC.ClientSecret() - if err != nil { - return err - } - ko := options.KeyOpts{ - KeyRef: o.Key, - PassFunc: generate.GetPass, - Sk: o.SecurityKey.Use, - Slot: o.SecurityKey.Slot, - FulcioURL: o.Fulcio.URL, - IDToken: o.Fulcio.IdentityToken, - FulcioAuthFlow: o.Fulcio.AuthFlow, - InsecureSkipFulcioVerify: o.Fulcio.InsecureSkipFulcioVerify, - RekorURL: o.Rekor.URL, - OIDCIssuer: o.OIDC.Issuer, - OIDCClientID: o.OIDC.ClientID, - OIDCClientSecret: oidcClientSecret, - OIDCRedirectURL: o.OIDC.RedirectURL, - OIDCDisableProviders: o.OIDC.DisableAmbientProviders, - OIDCProvider: o.OIDC.Provider, - SkipConfirmation: o.SkipConfirmation, - TSAClientCACert: o.TSAClientCACert, - TSAClientCert: o.TSAClientCert, - TSAClientKey: o.TSAClientKey, - TSAServerName: o.TSAServerName, - TSAServerURL: o.TSAServerURL, - IssueCertificateForExistingKey: o.IssueCertificate, - } - if err := sign.SignCmd(ro, ko, *o, images); err != nil { - if o.Attachment == "" { - return fmt.Errorf("signing %v: %w", images, err) + oidcClientSecret, err := o.OIDC.ClientSecret() + if err != nil { + return err + } + ko := options.KeyOpts{ + KeyRef: o.Key, + PassFunc: generate.GetPass, + Sk: o.SecurityKey.Use, + Slot: o.SecurityKey.Slot, + FulcioURL: o.Fulcio.URL, + IDToken: o.Fulcio.IdentityToken, + FulcioAuthFlow: o.Fulcio.AuthFlow, + InsecureSkipFulcioVerify: o.Fulcio.InsecureSkipFulcioVerify, + RekorURL: o.Rekor.URL, + OIDCIssuer: o.OIDC.Issuer, + OIDCClientID: o.OIDC.ClientID, + OIDCClientSecret: oidcClientSecret, + OIDCRedirectURL: o.OIDC.RedirectURL, + OIDCDisableProviders: o.OIDC.DisableAmbientProviders, + OIDCProvider: o.OIDC.Provider, + SkipConfirmation: o.SkipConfirmation, + TSAClientCACert: o.TSAClientCACert, + TSAClientCert: o.TSAClientCert, + TSAClientKey: o.TSAClientKey, + TSAServerName: o.TSAServerName, + TSAServerURL: o.TSAServerURL, + IssueCertificateForExistingKey: o.IssueCertificate, + } + + signaturePath, err := homedir.Expand(constants.OUTPUT_SIGNATURE_PATH) + if err != nil { + return err + } + + err = os.MkdirAll(signaturePath, 0755) + if err != nil { + return err + } + + imageName := strings.ReplaceAll(image, "/", "_") + signaturePath = signaturePath + "/" + imageName + ".sig" + _, err = os.Create(signaturePath) + if err != nil { + return err + } + + o.OutputSignature = signaturePath + + if err := sign.SignCmd(ro, ko, *o, []string{image}); err != nil { + if o.Attachment == "" { + return fmt.Errorf("signing %v: %w", images, err) + } + return fmt.Errorf("signing attachment %s for image %v: %w", o.Attachment, images, err) + } + signatureBytes, err := os.ReadFile(signaturePath) + if err != nil { + return err } - return fmt.Errorf("signing attachment %s for image %v: %w", o.Attachment, images, err) + deployment.Images[i].Signature = string(signatureBytes) } return nil } diff --git a/pkg/publisher/upload.go b/pkg/publisher/upload.go index d2d4747e..28caff7d 100644 --- a/pkg/publisher/upload.go +++ b/pkg/publisher/upload.go @@ -94,7 +94,7 @@ func UploadImages(ctx context.Context, client *containerd.Client, IPFSAddress st return err } - uploadedImage := &pb.UploadedImage{SourceUrl: image.Url, Cid: []byte(cid), Key: &pb.Key{Data: prvKey}} + uploadedImage := &pb.UploadedImage{SourceUrl: image.Url, Cid: []byte(cid), Key: &pb.Key{Data: prvKey}, Signature: oldUploadedImages[image.Url].Signature} deployment.Images = append(deployment.Images, uploadedImage) } return nil @@ -131,9 +131,10 @@ func LinkUploadsFromDeployment(pod *pb.Pod, deployment *pb.Deployment) *pb.Pod { for _, container := range pod.Containers { if uploadedImage, ok := uploadedImages[container.Image.Url]; ok { container.Image = &pb.Container_Image{ - Cid: uploadedImage.Cid, - Url: uploadedImage.SourceUrl, - Key: uploadedImage.Key, + Cid: uploadedImage.Cid, + Url: uploadedImage.SourceUrl, + Key: uploadedImage.Key, + Signature: uploadedImage.Signature, } } } diff --git a/proto/deployment.proto b/proto/deployment.proto index 2b3be549..982f149d 100644 --- a/proto/deployment.proto +++ b/proto/deployment.proto @@ -35,6 +35,7 @@ message UploadedImage { string digest = 2; bytes cid = 3; pod.Key key = 4; + string signature = 5; } message UploadedSecret { diff --git a/test/e2e/common/manifests/manifest-attestation.yaml b/test/e2e/common/manifests/manifest-attestation.yaml index 28bbc6ed..305cc392 100644 --- a/test/e2e/common/manifests/manifest-attestation.yaml +++ b/test/e2e/common/manifests/manifest-attestation.yaml @@ -10,4 +10,4 @@ containers: replicas: min: 0 max: 1 -ForceAttestation: true +ImageVerification: true diff --git a/test/integration/sigstore/run-test.sh b/test/integration/sigstore/run-test.sh index e286f6b4..c4a0b229 100755 --- a/test/integration/sigstore/run-test.sh +++ b/test/integration/sigstore/run-test.sh @@ -10,7 +10,7 @@ cd "$(dirname "$0")" sudo chmod o+rw /run/containerd/containerd.sock trap 'kill $(jobs -p) &>/dev/null' EXIT - +ipfs shutdown || true ipfs daemon >/dev/null & sleep 2 @@ -22,6 +22,6 @@ CERTIFICATE_OIDC_ISSUER=$2 docker tag hello-world ttl.sh/hello-world:1h docker push ttl.sh/hello-world:1h -go run ../../../cmd/trustedpods pod upload ./manifest.yaml +go run ../../../cmd/trustedpods pod upload ../../e2e/common/manifests/manifest-attestation.yaml --sign-images -go run ../../../cmd/trustedpods pod verify ./manifest.yaml --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER +go run ../../../cmd/trustedpods pod verify ../../e2e/common/manifests/manifest-attestation.yaml --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER From e818fb52836396b035547df011338447782f7f02 Mon Sep 17 00:00:00 2001 From: revoltez Date: Wed, 21 Aug 2024 18:59:03 +0100 Subject: [PATCH 06/22] feat: add verification of images for localy saved signatures --- cmd/trustedpods/flags.go | 2 ++ cmd/trustedpods/verify.go | 22 ++++++++++++++++++++++ pkg/publisher/images.go | 5 +++++ test/integration/sigstore/run-test.sh | 12 ++++++++---- 4 files changed, 37 insertions(+), 4 deletions(-) diff --git a/cmd/trustedpods/flags.go b/cmd/trustedpods/flags.go index 52ba3517..02d56494 100644 --- a/cmd/trustedpods/flags.go +++ b/cmd/trustedpods/flags.go @@ -31,6 +31,7 @@ var uploadSecrets bool var sign bool var uploadSignatures bool var verify bool +var signaturePath string var verifyImagesFlags = &pflag.FlagSet{} var certificateIdentity string @@ -80,6 +81,7 @@ var _ = func() error { verifyImagesFlags.StringVar(&certificateIdentity, "certificate-identity", "", "identity used for signing the image") verifyImagesFlags.StringVar(&certificateOidcIssuer, "certificate-oidc-issuer", "", "issuer of the oidc") + verifyImagesFlags.StringVar(&signaturePath, "signature", "", "signature path") fundFlags.StringVar(ðereumRpc, "ethereum-rpc", "http://127.0.0.1:8545", "ethereum rpc node") fundFlags.StringVar(&publisherKey, "ethereum-key", "", "account string (private key | http[s]://clef#account | /keystore#account | account (in default keystore))") diff --git a/cmd/trustedpods/verify.go b/cmd/trustedpods/verify.go index 7c3d826a..c5c47f5f 100644 --- a/cmd/trustedpods/verify.go +++ b/cmd/trustedpods/verify.go @@ -27,7 +27,29 @@ var verifyPodCmd = &cobra.Command{ }, } +var verifyImageCmd = &cobra.Command{ + Use: fmt.Sprintf("verify image"), + Short: "Verify image signature", + Long: "Verify the signatures & the certificates of the specified image name", + Example: "verify ttl.sh/hello-world@sha256:d37ada95d47ad12224c205a938129df7a3e52345828b4fa27b03a98825d1e2e7 --certificate-identity=name@example.com --certificate-oidc-issuer=https://github.com/login/oauth", + Args: cobra.ExactArgs(1), + RunE: func(cmd *cobra.Command, args []string) error { + verifyOptions := publisher.DefaultVerifyOptions() + if signaturePath != "" { + verifyOptions.PayloadRef = signaturePath + } + err := publisher.VerifyImages(args, verifyOptions, certificateIdentity, certificateOidcIssuer) + if err != nil { + return fmt.Errorf("Failed verifying Image: %v", err) + } + + return nil + }, +} + func init() { verifyPodCmd.Flags().AddFlagSet(verifyImagesFlags) + verifyImageCmd.Flags().AddFlagSet(verifyImagesFlags) podCmd.AddCommand(verifyPodCmd) + rootCmd.AddCommand(verifyImageCmd) } diff --git a/pkg/publisher/images.go b/pkg/publisher/images.go index e64dd6ae..896ed259 100644 --- a/pkg/publisher/images.go +++ b/pkg/publisher/images.go @@ -108,6 +108,10 @@ func VerifyPodImages(pod *proto.Pod, o *options.VerifyOptions, certificateIdenti for _, container := range pod.Containers { images = append(images, container.Image.Url) } + return VerifyImages(images, o, certificateIdentity, certificateOidcIssuer) +} + +func VerifyImages(images []string, o *options.VerifyOptions, certificateIdentity, certificateOidcIssuer string) error { if o.CommonVerifyOptions.PrivateInfrastructure { o.CommonVerifyOptions.IgnoreTlog = true @@ -172,4 +176,5 @@ func VerifyPodImages(pod *proto.Pod, o *options.VerifyOptions, certificateIdenti // ui.Warnf(ctx, fmt.Sprintf(ignoreTLogMessage, "signature")) // } return v.Exec(context.Background(), images) + } diff --git a/test/integration/sigstore/run-test.sh b/test/integration/sigstore/run-test.sh index c4a0b229..98a64fd6 100755 --- a/test/integration/sigstore/run-test.sh +++ b/test/integration/sigstore/run-test.sh @@ -2,7 +2,7 @@ set -e echo "USAGE: $0 CERTIFICATE_IDENTITY CERTIFICATE_OIDC_ISSUER" echo "EXAMPLE: $0 example@email.com https://github.com/login/oauth" -echo "The oidc-issuer for Google is https://accounts.google.com, Microsoft is https://login.microsoftonline.com, GitHub is https://github.com/login/oauth, and GitLab is https://gitlab.com." +echo "NOTE: The oidc-issuer for Google is https://accounts.google.com, Microsoft is https://login.microsoftonline.com, GitHub is https://github.com/login/oauth, and GitLab is https://gitlab.com." set -v cd "$(dirname "$0")" @@ -21,7 +21,11 @@ CERTIFICATE_OIDC_ISSUER=$2 docker tag hello-world ttl.sh/hello-world:1h docker push ttl.sh/hello-world:1h - -go run ../../../cmd/trustedpods pod upload ../../e2e/common/manifests/manifest-attestation.yaml --sign-images - +# +# go run ../../../cmd/trustedpods pod upload ../../e2e/common/manifests/manifest-attestation.yaml --sign-images +# go run ../../../cmd/trustedpods pod verify ../../e2e/common/manifests/manifest-attestation.yaml --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER + +go run ../../../cmd/trustedpods verify ttl.sh/hello-world@sha256:d37ada95d47ad12224c205a938129df7a3e52345828b4fa27b03a98825d1e2e7 \ + --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER \ + --signature ~/.apocryph/signatures/ttl.sh_hello-world@sha256:d37ada95d47ad12224c205a938129df7a3e52345828b4fa27b03a98825d1e2e7.sig From 94dd5df754ed00151400e752129de0011956e5c1 Mon Sep 17 00:00:00 2001 From: revoltez Date: Thu, 22 Aug 2024 15:00:25 +0100 Subject: [PATCH 07/22] feat!: create & enforce image policy if specified --- cmd/tpodserver/manifest.go | 2 +- cmd/trustedpods/deploy.go | 54 +- cmd/trustedpods/flags.go | 21 +- cmd/trustedpods/init.go | 2 +- cmd/trustedpods/upload.go | 9 +- cmd/trustedpods/verify.go | 16 +- go.mod | 32 ++ go.sum | 9 + pkg/kubernetes/namespaces.go | 1 + pkg/kubernetes/pods.go | 25 +- pkg/kubernetes/utils.go | 3 + pkg/proto-ts/deployment_pb.ts | 8 +- pkg/proto-ts/pod_pb.ts | 165 ++++-- pkg/proto/deployment.pb.go | 40 +- pkg/proto/pod.pb.go | 495 ++++++++++-------- pkg/publisher/images.go | 157 +++--- pkg/publisher/upload.go | 21 +- proto/deployment.proto | 4 +- proto/pod.proto | 20 +- .../manifests/manifest-attestation.yaml | 2 +- test/integration/sigstore/run-test.sh | 12 +- 21 files changed, 686 insertions(+), 412 deletions(-) diff --git a/cmd/tpodserver/manifest.go b/cmd/tpodserver/manifest.go index fc961311..b5bc11ad 100644 --- a/cmd/tpodserver/manifest.go +++ b/cmd/tpodserver/manifest.go @@ -59,7 +59,7 @@ var applyManifestCmd = &cobra.Command{ } response := &pb.ProvisionPodResponse{} - namespace := tpk8s.NewTrustedPodsNamespace("tpods-xx", nil) + namespace := tpk8s.NewTrustedPodsNamespace("tpods-xx", pod, nil) err = tpk8s.RunInNamespaceOrRevert(cmd.Context(), cl, namespace, dryRun, func(cl client.Client) error { return tpk8s.ApplyPodRequest(cmd.Context(), cl, namespace.ObjectMeta.Name, false, pod, nil, images, secrets, response) }) diff --git a/cmd/trustedpods/deploy.go b/cmd/trustedpods/deploy.go index 2160c7dc..e53beb81 100644 --- a/cmd/trustedpods/deploy.go +++ b/cmd/trustedpods/deploy.go @@ -24,6 +24,13 @@ import ( "github.com/spf13/cobra" ) +func checkCertificateFlags() error { + if certificateIdentity == "" || certificateOidcIssuer == "" { + return fmt.Errorf("Must specify certificate identity & oidc issuer if you signed pod images (you might consider removing --sign-images flag)") + } + return nil +} + // if no provider is selected, Fetches providers based on registry args func fetchAndFilterProviders(ipfs *rpc.HttpApi, ethClient *ethclient.Client) (publisher.ProviderHostInfoList, error) { registryContract := common.HexToAddress(registryContractAddress) @@ -97,29 +104,6 @@ var deployPodCmd = &cobra.Command{ } configureDeployment(deployment) - if sign { - signOptions := publisher.DefaultSignOptions() - if !uploadSignatures { - signOptions.Upload = false - } - err := publisher.SignPodImages(pod, deployment, signOptions) - if err != nil { - return fmt.Errorf("failed Signing images: %v", err) - } - } - - if verify { - // NOTE it would be usefull if we continue with this approach to add - // them to the config file - if certificateIdentity == "" || certificateOidcIssuer == "" { - return fmt.Errorf("Must specify certificate-identity & certificate-oidc-issuer flags") - } - err = publisher.VerifyPodImages(pod, publisher.DefaultVerifyOptions(), certificateIdentity, certificateOidcIssuer) - if err != nil { - return fmt.Errorf("Failed verifying Pod Images: %v", err) - } - } - if authorize { // create the keypair that will be accessible for all pods privateKey, err := ecdsa.GenerateKey(crypto.S256(), rand.Reader) @@ -215,6 +199,28 @@ var deployPodCmd = &cobra.Command{ } } + if signImages { + err := checkCertificateFlags() + if err != nil { + return err + } + signOptions := publisher.DefaultSignOptions() + if !uploadSignatures { + signOptions.Upload = false + } + err = publisher.SignPodImages(pod, deployment, signOptions, certificateIdentity, certificateOidcIssuer) + if err != nil { + return fmt.Errorf("failed Signing images: %v", err) + } + } + + if verify { + err = publisher.VerifyPodImages(pod, publisher.DefaultVerifyOptions()) + if err != nil { + return fmt.Errorf("Failed verifying Pod Images: %v", err) + } + } + err = publisher.SaveDeployment(deploymentFile, deploymentFormat, deployment) // Checkpoint uploads and keys so far if err != nil { fmt.Fprintf(cmd.ErrOrStderr(), "warning: %v\n", err) @@ -303,7 +309,7 @@ func init() { deployPodCmd.Flags().AddFlagSet(fundFlags) deployPodCmd.Flags().AddFlagSet(syncFlags) deployPodCmd.Flags().AddFlagSet(registryFlags) - deployPodCmd.Flags().AddFlagSet(verifyImagesFlags) + deployPodCmd.Flags().AddFlagSet(imageCertificateFlags) deletePodCmd.Flags().AddFlagSet(deploymentFlags) deletePodCmd.Flags().AddFlagSet(syncFlags) diff --git a/cmd/trustedpods/flags.go b/cmd/trustedpods/flags.go index 02d56494..8827af0b 100644 --- a/cmd/trustedpods/flags.go +++ b/cmd/trustedpods/flags.go @@ -22,18 +22,22 @@ var registryContractAddress string var tokenContractAddress string var expirationOffset int64 var authorize bool +var debugIdentity string +var debugIssuer string var uploadFlags = &pflag.FlagSet{} var ipfsApi string var uploadImages bool var uploadSecrets bool - -var sign bool var uploadSignatures bool + +var signImages bool var verify bool + +var verifyFlags = &pflag.FlagSet{} var signaturePath string -var verifyImagesFlags = &pflag.FlagSet{} +var imageCertificateFlags = &pflag.FlagSet{} var certificateIdentity string var certificateOidcIssuer string @@ -72,16 +76,19 @@ var _ = func() error { deploymentFlags.BoolVar(&authorize, "authorize", false, "Create a key pair for the application and authorize the returned addresses to control the payment channel") deploymentFlags.BoolVar(&verify, "verify", false, "verify the pod images (requires certificate-identity & certificate-oidc-issuer flags)") deploymentFlags.BoolVar(&uploadSignatures, "upload-signatures", false, "skip uploading signatures to the registry") + deploymentFlags.BoolVar(&signImages, "sign-images", false, "sign pod images") uploadFlags.StringVar(&ipfsApi, "ipfs", "/ip4/127.0.0.1/tcp/5001", "multiaddr where the ipfs/kubo api can be accessed") uploadFlags.BoolVar(&uploadImages, "upload-images", true, "upload images") uploadFlags.BoolVar(&uploadSecrets, "upload-secrets", true, "upload secrets") - uploadFlags.BoolVar(&sign, "sign-images", false, "sign images") + uploadFlags.BoolVar(&signImages, "sign-images", false, "sign pod images (requires certificate identity & issuer flags)") uploadFlags.BoolVar(&uploadSignatures, "upload-signatures", false, "skip uploading signatures to the registry") - verifyImagesFlags.StringVar(&certificateIdentity, "certificate-identity", "", "identity used for signing the image") - verifyImagesFlags.StringVar(&certificateOidcIssuer, "certificate-oidc-issuer", "", "issuer of the oidc") - verifyImagesFlags.StringVar(&signaturePath, "signature", "", "signature path") + imageCertificateFlags.StringVar(&certificateIdentity, "certificate-identity", "", "identity used for signing the image") + imageCertificateFlags.StringVar(&certificateOidcIssuer, "certificate-oidc-issuer", "", "issuer of the oidc") + + verifyFlags.AddFlagSet(imageCertificateFlags) + verifyFlags.StringVar(&signaturePath, "signature", "", "path to the signature you want to verify") fundFlags.StringVar(ðereumRpc, "ethereum-rpc", "http://127.0.0.1:8545", "ethereum rpc node") fundFlags.StringVar(&publisherKey, "ethereum-key", "", "account string (private key | http[s]://clef#account | /keystore#account | account (in default keystore))") diff --git a/cmd/trustedpods/init.go b/cmd/trustedpods/init.go index 06937c8f..74e9ce23 100644 --- a/cmd/trustedpods/init.go +++ b/cmd/trustedpods/init.go @@ -65,7 +65,7 @@ var initPodCmd = &cobra.Command{ Containers: []*pb.Container{ { Name: containerName, - Image: &pb.Container_Image{ + Image: &pb.Image{ Url: initImageName, }, Ports: []*pb.Container_Port{ diff --git a/cmd/trustedpods/upload.go b/cmd/trustedpods/upload.go index cd98f3cf..24753979 100644 --- a/cmd/trustedpods/upload.go +++ b/cmd/trustedpods/upload.go @@ -30,12 +30,16 @@ var uploadPodCmd = &cobra.Command{ return fmt.Errorf("Failed connecting to IPFS: %w", err) } - if sign { + if signImages { + err := checkCertificateFlags() + if err != nil { + return err + } signOptions := publisher.DefaultSignOptions() if !uploadSignatures { signOptions.Upload = false } - err := publisher.SignPodImages(pod, deployment, signOptions) + err = publisher.SignPodImages(pod, deployment, signOptions, certificateIdentity, certificateOidcIssuer) if err != nil { return fmt.Errorf("failed Signing images: %v", err) } @@ -69,4 +73,5 @@ func init() { uploadPodCmd.Flags().AddFlagSet(deploymentFlags) uploadPodCmd.Flags().AddFlagSet(uploadFlags) + uploadPodCmd.Flags().AddFlagSet(imageCertificateFlags) } diff --git a/cmd/trustedpods/verify.go b/cmd/trustedpods/verify.go index c5c47f5f..51c795b3 100644 --- a/cmd/trustedpods/verify.go +++ b/cmd/trustedpods/verify.go @@ -3,6 +3,7 @@ package main import ( "fmt" + "github.com/comrade-coop/apocryph/pkg/proto" "github.com/comrade-coop/apocryph/pkg/publisher" "github.com/spf13/cobra" ) @@ -14,12 +15,14 @@ var verifyPodCmd = &cobra.Command{ GroupID: "lowlevel", Args: cobra.ExactArgs(1), RunE: func(cmd *cobra.Command, args []string) error { - _, _, pod, _, err := publisher.ReadPodAndDeployment(args, manifestFormat, deploymentFormat) + _, _, pod, deployment, err := publisher.ReadPodAndDeployment(args, manifestFormat, deploymentFormat) if err != nil { return err } - - err = publisher.VerifyPodImages(pod, publisher.DefaultVerifyOptions(), certificateIdentity, certificateOidcIssuer) + // in case user deployed the pod himself and wants to verify it and the + // pod does not already specify a certificate identity & owner + pod = publisher.LinkUploadsFromDeployment(pod, deployment) + err = publisher.VerifyPodImages(pod, publisher.DefaultVerifyOptions()) if err != nil { return fmt.Errorf("Failed verifying Pod Images: %v", err) } @@ -38,7 +41,8 @@ var verifyImageCmd = &cobra.Command{ if signaturePath != "" { verifyOptions.PayloadRef = signaturePath } - err := publisher.VerifyImages(args, verifyOptions, certificateIdentity, certificateOidcIssuer) + image := &proto.Image{Url: args[0], VerificationDetails: &proto.VerificationDetails{Identity: certificateIdentity, Issuer: certificateOidcIssuer}} + err := publisher.VerifyImages([]*proto.Image{image}, verifyOptions) if err != nil { return fmt.Errorf("Failed verifying Image: %v", err) } @@ -48,8 +52,8 @@ var verifyImageCmd = &cobra.Command{ } func init() { - verifyPodCmd.Flags().AddFlagSet(verifyImagesFlags) - verifyImageCmd.Flags().AddFlagSet(verifyImagesFlags) + verifyPodCmd.Flags().AddFlagSet(verifyFlags) + verifyImageCmd.Flags().AddFlagSet(verifyFlags) podCmd.AddCommand(verifyPodCmd) rootCmd.AddCommand(verifyImageCmd) } diff --git a/go.mod b/go.mod index ae83d59e..f484c92e 100644 --- a/go.mod +++ b/go.mod @@ -46,9 +46,13 @@ require ( require ( buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.31.0-20230914171853-63dfe56cc2c4.1 // indirect + cloud.google.com/go v0.115.0 // indirect cloud.google.com/go/auth v0.7.3 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect + cloud.google.com/go/iam v1.1.12 // indirect + cloud.google.com/go/kms v1.18.4 // indirect + cloud.google.com/go/longrunning v0.5.11 // indirect cuelabs.dev/go/oci/ociregistry v0.0.0-20240404174027-a39bec0462d2 // indirect cuelang.org/go v0.9.2 // indirect filippo.io/edwards25519 v1.1.0 // indirect @@ -56,6 +60,11 @@ require ( github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.29 // indirect @@ -65,6 +74,7 @@ require ( github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect github.com/DataDog/zstd v1.5.2 // indirect github.com/Masterminds/semver/v3 v3.2.1 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect @@ -89,6 +99,7 @@ require ( github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230512164433-5d1fd1a340c9 // indirect github.com/armon/go-metrics v0.4.1 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect + github.com/aws/aws-sdk-go v1.55.5 // indirect github.com/aws/aws-sdk-go-v2 v1.30.3 // indirect github.com/aws/aws-sdk-go-v2/config v1.27.27 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.17.27 // indirect @@ -100,6 +111,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 // indirect + github.com/aws/aws-sdk-go-v2/service/kms v1.35.3 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 // indirect @@ -111,6 +123,7 @@ require ( github.com/bits-and-blooms/bitset v1.10.0 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/blang/semver/v4 v4.0.0 // indirect + github.com/blendle/zapdriver v1.3.1 // indirect github.com/boltdb/bolt v1.3.1 // indirect github.com/btcsuite/btcd/btcec/v2 v2.3.2 // indirect github.com/btcsuite/btcd/chaincfg/chainhash v1.0.2 // indirect @@ -119,6 +132,7 @@ require ( github.com/buildkite/go-pipeline v0.10.0 // indirect github.com/buildkite/interpolate v0.1.3 // indirect github.com/buildkite/roko v1.2.0 // indirect + github.com/cenkalti/backoff/v3 v3.2.2 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect github.com/cilium/ebpf v0.11.0 // indirect @@ -221,6 +235,7 @@ require ( github.com/gofrs/flock v0.12.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect + github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb // indirect github.com/google/cel-go v0.18.1 // indirect @@ -235,6 +250,7 @@ require ( github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect + github.com/googleapis/gax-go/v2 v2.13.0 // indirect github.com/gorilla/mux v1.8.1 // indirect github.com/graph-gophers/graphql-go v1.3.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect @@ -245,9 +261,14 @@ require ( github.com/hashicorp/go-msgpack/v2 v2.1.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-retryablehttp v0.7.7 // indirect + github.com/hashicorp/go-rootcerts v1.0.2 // indirect + github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect + github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect + github.com/hashicorp/go-sockaddr v1.0.6 // indirect github.com/hashicorp/golang-lru v1.0.2 // indirect github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect github.com/hashicorp/hcl v1.0.1-vault-5 // indirect + github.com/hashicorp/vault/api v1.14.0 // indirect github.com/holiman/billy v0.0.0-20240216141850-2abb0c79d3c4 // indirect github.com/holiman/bloomfilter/v2 v2.0.3 // indirect github.com/holiman/uint256 v1.2.4 // indirect @@ -276,6 +297,7 @@ require ( github.com/jbenet/go-temp-err-catcher v0.1.0 // indirect github.com/jbenet/goprocess v0.1.4 // indirect github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect + github.com/jellydator/ttlcache/v3 v3.2.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect @@ -284,6 +306,7 @@ require ( github.com/koron/go-ssdp v0.0.4 // indirect github.com/kr/pretty v0.3.1 // indirect github.com/kr/text v0.2.0 // indirect + github.com/kylelemons/godebug v1.1.0 // indirect github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect github.com/libp2p/go-buffer-pool v0.1.0 // indirect github.com/libp2p/go-cidranger v1.1.0 // indirect @@ -368,6 +391,7 @@ require ( github.com/pion/transport/v2 v2.2.5 // indirect github.com/pion/turn/v2 v2.1.6 // indirect github.com/pion/webrtc/v3 v3.2.40 // indirect + github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/polydawn/refmt v0.89.0 // indirect @@ -387,6 +411,7 @@ require ( github.com/rootless-containers/rootlesskit v1.1.1 // indirect github.com/rs/cors v1.11.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect + github.com/ryanuber/go-glob v1.0.0 // indirect github.com/sagikazarmark/locafero v0.4.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/samber/lo v1.39.0 // indirect @@ -401,6 +426,10 @@ require ( github.com/sigstore/rekor v1.3.6 // indirect github.com/sigstore/sigstore v1.8.8 // indirect github.com/sigstore/sigstore-go v0.5.1 // indirect + github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.8 // indirect + github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.8 // indirect + github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.8 // indirect + github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.8 // indirect github.com/sigstore/timestamp-authority v1.2.2 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect @@ -448,6 +477,7 @@ require ( go.mongodb.org/mongo-driver v1.14.0 // indirect go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect go.opencensus.io v0.24.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect go.opentelemetry.io/otel v1.28.0 // indirect go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.19.0 // indirect @@ -470,6 +500,7 @@ require ( golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.23.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect gonum.org/v1/gonum v0.14.0 // indirect google.golang.org/api v0.190.0 // indirect google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf // indirect @@ -484,6 +515,7 @@ require ( k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect + knative.dev/pkg v0.0.0-20240116073220-b488e7be5902 // indirect lukechampine.com/blake3 v1.2.2 // indirect rsc.io/tmplfunc v0.0.3 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect diff --git a/go.sum b/go.sum index 33948c61..2d8d51ea 100644 --- a/go.sum +++ b/go.sum @@ -256,6 +256,8 @@ github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdn github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/blendle/zapdriver v1.3.1 h1:C3dydBOWYRiOk+B8X9IVZ5IOe+7cl+tGOexN4QqHfpE= +github.com/blendle/zapdriver v1.3.1/go.mod h1:mdXfREi6u5MArG4j9fewC+FGnXaBR+T4Ox4J2u4eHCc= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4= @@ -788,11 +790,13 @@ github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR3 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 h1:UpiO20jno/eV1eVZcxqWnUohyKRe1g8FPV/xH1s/2qs= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSYmuZJGizr6/x/AEizP0CQc= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8/go.mod h1:aiJI+PIApBRQG7FZTEBx5GiiX+HbOHilUdNxUZi4eV0= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= github.com/hashicorp/go-sockaddr v1.0.5 h1:dvk7TIXCZpmfOlM+9mlcrWmWjw/wlKT+VDq2wMvfPJU= github.com/hashicorp/go-sockaddr v1.0.5/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI= github.com/hashicorp/go-sockaddr v1.0.6 h1:RSG8rKU28VTUTvEKghe5gIhIQpv8evvNpnDEyqO4u9I= +github.com/hashicorp/go-sockaddr v1.0.6/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1 h1:fv1ep09latC32wFoVwnqcnKJGnMSdBanPczbHAYm1BE= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= @@ -1650,6 +1654,7 @@ go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeX go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= go.step.sm/crypto v0.51.1 h1:ktUg/2hetEMiBAqgz502ktZDGoDoGrcHFg3XpkmkvvA= go.step.sm/crypto v0.51.1/go.mod h1:PdrhttNU/tG9/YsVd4fdlysBN+UV503p0o2irFZQlAw= +go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/dig v1.17.1 h1:Tga8Lz8PcYNsWsyHMZ1Vm0OQOUaJNDyvPImgbAu9YSc= @@ -1661,11 +1666,13 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU= go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc= +go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= +go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= @@ -2136,6 +2143,8 @@ k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7F k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +knative.dev/pkg v0.0.0-20240116073220-b488e7be5902 h1:H6+JJN23fhwYWCHY1339sY6uhIyoUwDy1a8dN233fdk= +knative.dev/pkg v0.0.0-20240116073220-b488e7be5902/go.mod h1:NYk8mMYoLkO7CQWnNkti4YGGnvLxN6MIDbUvtgeo0C0= lukechampine.com/blake3 v1.2.2 h1:wEAbSg0IVU4ih44CVlpMqMZMpzr5hf/6aqodLlevd/w= lukechampine.com/blake3 v1.2.2/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/pkg/kubernetes/namespaces.go b/pkg/kubernetes/namespaces.go index 7cc80249..90893fb6 100644 --- a/pkg/kubernetes/namespaces.go +++ b/pkg/kubernetes/namespaces.go @@ -61,6 +61,7 @@ func TrustedPodsNamespaceGetChannel(namespace *corev1.Namespace) (*pb.PaymentCha return paymentChannel, nil } +// Makes sure only the provided active ressources exist, and removes the rest func cleanNamespace(ctx context.Context, namespace string, activeResources []string, client k8cl.Client) error { kindList := []string{"Service", "Volume", "Secret", "Deployment", "HttpSo"} fmt.Printf("Active Resources: %v \n", activeResources) diff --git a/pkg/kubernetes/pods.go b/pkg/kubernetes/pods.go index 2bd96f58..9b84a55b 100644 --- a/pkg/kubernetes/pods.go +++ b/pkg/kubernetes/pods.go @@ -8,9 +8,11 @@ import ( "strings" "github.com/comrade-coop/apocryph/pkg/constants" + "github.com/comrade-coop/apocryph/pkg/proto" pb "github.com/comrade-coop/apocryph/pkg/proto" "github.com/ethereum/go-ethereum/common" kedahttpv1alpha1 "github.com/kedacore/http-add-on/operator/apis/http/v1alpha1" + policy "github.com/sigstore/policy-controller/pkg/apis/policy/v1alpha1" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" @@ -20,6 +22,8 @@ import ( type FetchSecret func(cid []byte) (map[string][]byte, error) +// given a k8s resource; it checks the existence of that resource in the +// cluster, if it exists it Will update it if needed, if not it will create it func updateOrCreate(ctx context.Context, resourceName, kind, namespace string, resource interface{}, client k8cl.Client, update bool) error { if update { key := &k8cl.ObjectKey{ @@ -100,6 +104,7 @@ func ApplyPodRequest( localhostAliases := corev1.HostAlias{IP: "127.0.0.1"} + var details []*proto.VerificationDetails for cIdx, container := range podManifest.Containers { containerSpec := corev1.Container{ Name: container.Name, @@ -182,6 +187,9 @@ func ApplyPodRequest( } else { depLabels["containers"] = depLabels["containers"] + "_" + containerSpec.Name } + if container.Image.VerificationDetails != nil { + details = append(details, container.Image.VerificationDetails) + } } podTemplate.Spec.HostAliases = append(podTemplate.Spec.HostAliases, localhostAliases) for _, volume := range podManifest.Volumes { @@ -279,8 +287,23 @@ func ApplyPodRequest( return err } activeResource = append(activeResource, httpSoName) - } + // create a policy give the previously collected VerificationDetails + if podManifest.ImageVerification { + sigstorePolicy := &policy.ClusterImagePolicy{Spec: policy.ClusterImagePolicySpec{ + Authorities: []policy.Authority{{Keyless: &policy.KeylessRef{}}}, + }} + identities := []policy.Identity{} + for _, detail := range details { + identities = append(identities, policy.Identity{Issuer: detail.Issuer, Subject: detail.Identity}) + } + sigstorePolicy.Spec.Authorities[0].Keyless.Identities = identities + err := updateOrCreate(ctx, "tpod-policy", "SigstorePolicy", namespace, sigstorePolicy, client, update) + if err != nil { + return err + } + } + if update == true { err := cleanNamespace(ctx, namespace, activeResource, client) if err != nil { diff --git a/pkg/kubernetes/utils.go b/pkg/kubernetes/utils.go index 1a85bd1b..5c0e8e96 100644 --- a/pkg/kubernetes/utils.go +++ b/pkg/kubernetes/utils.go @@ -8,6 +8,7 @@ import ( pb "github.com/comrade-coop/apocryph/pkg/proto" kedahttpv1alpha1 "github.com/kedacore/http-add-on/operator/apis/http/v1alpha1" + policy "github.com/sigstore/policy-controller/pkg/apis/policy/v1alpha1" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -71,6 +72,8 @@ func GetResource(kind string) interface{} { return &appsv1.Deployment{} case "HttpSo": return &kedahttpv1alpha1.HTTPScaledObject{} + case "SigstorePolicy": + return &policy.ClusterImagePolicy{} } return nil } diff --git a/pkg/proto-ts/deployment_pb.ts b/pkg/proto-ts/deployment_pb.ts index 6f616edc..f4935134 100644 --- a/pkg/proto-ts/deployment_pb.ts +++ b/pkg/proto-ts/deployment_pb.ts @@ -8,7 +8,7 @@ import type { BinaryReadOptions, FieldList, JsonReadOptions, JsonValue, PartialMessage, PlainMessage } from "@bufbuild/protobuf"; import { Message, proto3 } from "@bufbuild/protobuf"; import { ProvisionPodResponse } from "./provision-pod_pb.js"; -import { Key, KeyPair } from "./pod_pb.js"; +import { Key, KeyPair, VerificationDetails } from "./pod_pb.js"; /** * @generated from message apocryph.proto.v0.deployment.Deployment @@ -206,9 +206,9 @@ export class UploadedImage extends Message { key?: Key; /** - * @generated from field: string signature = 5; + * @generated from field: apocryph.proto.v0.pod.VerificationDetails verificationDetails = 5; */ - signature = ""; + verificationDetails?: VerificationDetails; constructor(data?: PartialMessage) { super(); @@ -222,7 +222,7 @@ export class UploadedImage extends Message { { no: 2, name: "digest", kind: "scalar", T: 9 /* ScalarType.STRING */ }, { no: 3, name: "cid", kind: "scalar", T: 12 /* ScalarType.BYTES */ }, { no: 4, name: "key", kind: "message", T: Key }, - { no: 5, name: "signature", kind: "scalar", T: 9 /* ScalarType.STRING */ }, + { no: 5, name: "verificationDetails", kind: "message", T: VerificationDetails }, ]); static fromBinary(bytes: Uint8Array, options?: Partial): UploadedImage { diff --git a/pkg/proto-ts/pod_pb.ts b/pkg/proto-ts/pod_pb.ts index bed63ed8..3aa07a46 100644 --- a/pkg/proto-ts/pod_pb.ts +++ b/pkg/proto-ts/pod_pb.ts @@ -79,9 +79,9 @@ export class Container extends Message { name = ""; /** - * @generated from field: apocryph.proto.v0.pod.Container.Image image = 2; + * @generated from field: apocryph.proto.v0.pod.Image image = 2; */ - image?: Container_Image; + image?: Image; /** * @generated from field: repeated string entrypoint = 3; @@ -129,7 +129,7 @@ export class Container extends Message { static readonly typeName = "apocryph.proto.v0.pod.Container"; static readonly fields: FieldList = proto3.util.newFieldList(() => [ { no: 1, name: "name", kind: "scalar", T: 9 /* ScalarType.STRING */ }, - { no: 2, name: "image", kind: "message", T: Container_Image }, + { no: 2, name: "image", kind: "message", T: Image }, { no: 3, name: "entrypoint", kind: "scalar", T: 9 /* ScalarType.STRING */, repeated: true }, { no: 4, name: "command", kind: "scalar", T: 9 /* ScalarType.STRING */, repeated: true }, { no: 5, name: "workingDir", kind: "scalar", T: 9 /* ScalarType.STRING */ }, @@ -156,61 +156,6 @@ export class Container extends Message { } } -/** - * @generated from message apocryph.proto.v0.pod.Container.Image - */ -export class Container_Image extends Message { - /** - * @generated from field: bytes cid = 1; - */ - cid = new Uint8Array(0); - - /** - * @generated from field: apocryph.proto.v0.pod.Key key = 2; - */ - key?: Key; - - /** - * @generated from field: string url = 3; - */ - url = ""; - - /** - * @generated from field: string signature = 4; - */ - signature = ""; - - constructor(data?: PartialMessage) { - super(); - proto3.util.initPartial(data, this); - } - - static readonly runtime: typeof proto3 = proto3; - static readonly typeName = "apocryph.proto.v0.pod.Container.Image"; - static readonly fields: FieldList = proto3.util.newFieldList(() => [ - { no: 1, name: "cid", kind: "scalar", T: 12 /* ScalarType.BYTES */ }, - { no: 2, name: "key", kind: "message", T: Key }, - { no: 3, name: "url", kind: "scalar", T: 9 /* ScalarType.STRING */ }, - { no: 4, name: "signature", kind: "scalar", T: 9 /* ScalarType.STRING */ }, - ]); - - static fromBinary(bytes: Uint8Array, options?: Partial): Container_Image { - return new Container_Image().fromBinary(bytes, options); - } - - static fromJson(jsonValue: JsonValue, options?: Partial): Container_Image { - return new Container_Image().fromJson(jsonValue, options); - } - - static fromJsonString(jsonString: string, options?: Partial): Container_Image { - return new Container_Image().fromJsonString(jsonString, options); - } - - static equals(a: Container_Image | PlainMessage | undefined, b: Container_Image | PlainMessage | undefined): boolean { - return proto3.util.equals(Container_Image, a, b); - } -} - /** * @generated from message apocryph.proto.v0.pod.Container.Port */ @@ -333,6 +278,110 @@ export class Container_VolumeMount extends Message { } } +/** + * @generated from message apocryph.proto.v0.pod.Image + */ +export class Image extends Message { + /** + * @generated from field: bytes cid = 1; + */ + cid = new Uint8Array(0); + + /** + * @generated from field: apocryph.proto.v0.pod.Key key = 2; + */ + key?: Key; + + /** + * @generated from field: string url = 3; + */ + url = ""; + + /** + * @generated from field: apocryph.proto.v0.pod.VerificationDetails verificationDetails = 4; + */ + verificationDetails?: VerificationDetails; + + constructor(data?: PartialMessage) { + super(); + proto3.util.initPartial(data, this); + } + + static readonly runtime: typeof proto3 = proto3; + static readonly typeName = "apocryph.proto.v0.pod.Image"; + static readonly fields: FieldList = proto3.util.newFieldList(() => [ + { no: 1, name: "cid", kind: "scalar", T: 12 /* ScalarType.BYTES */ }, + { no: 2, name: "key", kind: "message", T: Key }, + { no: 3, name: "url", kind: "scalar", T: 9 /* ScalarType.STRING */ }, + { no: 4, name: "verificationDetails", kind: "message", T: VerificationDetails }, + ]); + + static fromBinary(bytes: Uint8Array, options?: Partial): Image { + return new Image().fromBinary(bytes, options); + } + + static fromJson(jsonValue: JsonValue, options?: Partial): Image { + return new Image().fromJson(jsonValue, options); + } + + static fromJsonString(jsonString: string, options?: Partial): Image { + return new Image().fromJsonString(jsonString, options); + } + + static equals(a: Image | PlainMessage | undefined, b: Image | PlainMessage | undefined): boolean { + return proto3.util.equals(Image, a, b); + } +} + +/** + * @generated from message apocryph.proto.v0.pod.VerificationDetails + */ +export class VerificationDetails extends Message { + /** + * @generated from field: string signature = 1; + */ + signature = ""; + + /** + * @generated from field: string identity = 2; + */ + identity = ""; + + /** + * @generated from field: string issuer = 3; + */ + issuer = ""; + + constructor(data?: PartialMessage) { + super(); + proto3.util.initPartial(data, this); + } + + static readonly runtime: typeof proto3 = proto3; + static readonly typeName = "apocryph.proto.v0.pod.VerificationDetails"; + static readonly fields: FieldList = proto3.util.newFieldList(() => [ + { no: 1, name: "signature", kind: "scalar", T: 9 /* ScalarType.STRING */ }, + { no: 2, name: "identity", kind: "scalar", T: 9 /* ScalarType.STRING */ }, + { no: 3, name: "issuer", kind: "scalar", T: 9 /* ScalarType.STRING */ }, + ]); + + static fromBinary(bytes: Uint8Array, options?: Partial): VerificationDetails { + return new VerificationDetails().fromBinary(bytes, options); + } + + static fromJson(jsonValue: JsonValue, options?: Partial): VerificationDetails { + return new VerificationDetails().fromJson(jsonValue, options); + } + + static fromJsonString(jsonString: string, options?: Partial): VerificationDetails { + return new VerificationDetails().fromJsonString(jsonString, options); + } + + static equals(a: VerificationDetails | PlainMessage | undefined, b: VerificationDetails | PlainMessage | undefined): boolean { + return proto3.util.equals(VerificationDetails, a, b); + } +} + /** * @generated from message apocryph.proto.v0.pod.Volume */ diff --git a/pkg/proto/deployment.pb.go b/pkg/proto/deployment.pb.go index c0ebab5b..3dcb27aa 100644 --- a/pkg/proto/deployment.pb.go +++ b/pkg/proto/deployment.pb.go @@ -248,11 +248,11 @@ type UploadedImage struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - SourceUrl string `protobuf:"bytes,1,opt,name=sourceUrl,proto3" json:"sourceUrl,omitempty"` - Digest string `protobuf:"bytes,2,opt,name=digest,proto3" json:"digest,omitempty"` - Cid []byte `protobuf:"bytes,3,opt,name=cid,proto3" json:"cid,omitempty"` - Key *Key `protobuf:"bytes,4,opt,name=key,proto3" json:"key,omitempty"` - Signature string `protobuf:"bytes,5,opt,name=signature,proto3" json:"signature,omitempty"` + SourceUrl string `protobuf:"bytes,1,opt,name=sourceUrl,proto3" json:"sourceUrl,omitempty"` + Digest string `protobuf:"bytes,2,opt,name=digest,proto3" json:"digest,omitempty"` + Cid []byte `protobuf:"bytes,3,opt,name=cid,proto3" json:"cid,omitempty"` + Key *Key `protobuf:"bytes,4,opt,name=key,proto3" json:"key,omitempty"` + VerificationDetails *VerificationDetails `protobuf:"bytes,5,opt,name=verificationDetails,proto3" json:"verificationDetails,omitempty"` } func (x *UploadedImage) Reset() { @@ -315,11 +315,11 @@ func (x *UploadedImage) GetKey() *Key { return nil } -func (x *UploadedImage) GetSignature() string { +func (x *UploadedImage) GetVerificationDetails() *VerificationDetails { if x != nil { - return x.Signature + return x.VerificationDetails } - return "" + return nil } type UploadedSecret struct { @@ -448,7 +448,7 @@ var file_deployment_proto_rawDesc = []byte{ 0x73, 0x68, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x10, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x6f, 0x64, 0x49, 0x44, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x0c, 0x52, 0x05, 0x70, 0x6f, 0x64, 0x49, 0x44, 0x22, 0xa3, 0x01, 0x0a, 0x0d, 0x55, 0x70, + 0x28, 0x0c, 0x52, 0x05, 0x70, 0x6f, 0x64, 0x49, 0x44, 0x22, 0xe3, 0x01, 0x0a, 0x0d, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x64, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x55, 0x72, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, @@ -457,8 +457,12 @@ var file_deployment_proto_rawDesc = []byte{ 0x63, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, 0x65, - 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22, + 0x79, 0x12, 0x5c, 0x0a, 0x13, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, + 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, + 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x13, 0x76, 0x65, 0x72, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x8e, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x64, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4e, 0x61, @@ -496,6 +500,7 @@ var file_deployment_proto_goTypes = []interface{}{ (*ProvisionPodResponse)(nil), // 5: apocryph.proto.v0.provisionPod.ProvisionPodResponse (*KeyPair)(nil), // 6: apocryph.proto.v0.pod.KeyPair (*Key)(nil), // 7: apocryph.proto.v0.pod.Key + (*VerificationDetails)(nil), // 8: apocryph.proto.v0.pod.VerificationDetails } var file_deployment_proto_depIdxs = []int32{ 1, // 0: apocryph.proto.v0.deployment.Deployment.provider:type_name -> apocryph.proto.v0.deployment.ProviderConfig @@ -505,12 +510,13 @@ var file_deployment_proto_depIdxs = []int32{ 5, // 4: apocryph.proto.v0.deployment.Deployment.deployed:type_name -> apocryph.proto.v0.provisionPod.ProvisionPodResponse 6, // 5: apocryph.proto.v0.deployment.Deployment.keyPair:type_name -> apocryph.proto.v0.pod.KeyPair 7, // 6: apocryph.proto.v0.deployment.UploadedImage.key:type_name -> apocryph.proto.v0.pod.Key - 7, // 7: apocryph.proto.v0.deployment.UploadedSecret.key:type_name -> apocryph.proto.v0.pod.Key - 8, // [8:8] is the sub-list for method output_type - 8, // [8:8] is the sub-list for method input_type - 8, // [8:8] is the sub-list for extension type_name - 8, // [8:8] is the sub-list for extension extendee - 0, // [0:8] is the sub-list for field type_name + 8, // 7: apocryph.proto.v0.deployment.UploadedImage.verificationDetails:type_name -> apocryph.proto.v0.pod.VerificationDetails + 7, // 8: apocryph.proto.v0.deployment.UploadedSecret.key:type_name -> apocryph.proto.v0.pod.Key + 9, // [9:9] is the sub-list for method output_type + 9, // [9:9] is the sub-list for method input_type + 9, // [9:9] is the sub-list for extension type_name + 9, // [9:9] is the sub-list for extension extendee + 0, // [0:9] is the sub-list for field type_name } func init() { file_deployment_proto_init() } diff --git a/pkg/proto/pod.pb.go b/pkg/proto/pod.pb.go index 42f82b19..b4dfe644 100644 --- a/pkg/proto/pod.pb.go +++ b/pkg/proto/pod.pb.go @@ -68,7 +68,7 @@ func (x Volume_Type) Number() protoreflect.EnumNumber { // Deprecated: Use Volume_Type.Descriptor instead. func (Volume_Type) EnumDescriptor() ([]byte, []int) { - return file_pod_proto_rawDescGZIP(), []int{2, 0} + return file_pod_proto_rawDescGZIP(), []int{4, 0} } type Volume_AccessMode int32 @@ -115,7 +115,7 @@ func (x Volume_AccessMode) Number() protoreflect.EnumNumber { // Deprecated: Use Volume_AccessMode.Descriptor instead. func (Volume_AccessMode) EnumDescriptor() ([]byte, []int) { - return file_pod_proto_rawDescGZIP(), []int{2, 1} + return file_pod_proto_rawDescGZIP(), []int{4, 1} } type Pod struct { @@ -203,7 +203,7 @@ type Container struct { unknownFields protoimpl.UnknownFields Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - Image *Container_Image `protobuf:"bytes,2,opt,name=image,proto3" json:"image,omitempty"` + Image *Image `protobuf:"bytes,2,opt,name=image,proto3" json:"image,omitempty"` Entrypoint []string `protobuf:"bytes,3,rep,name=entrypoint,proto3" json:"entrypoint,omitempty"` Command []string `protobuf:"bytes,4,rep,name=command,proto3" json:"command,omitempty"` WorkingDir string `protobuf:"bytes,5,opt,name=workingDir,proto3" json:"workingDir,omitempty"` @@ -252,7 +252,7 @@ func (x *Container) GetName() string { return "" } -func (x *Container) GetImage() *Container_Image { +func (x *Container) GetImage() *Image { if x != nil { return x.Image } @@ -308,6 +308,140 @@ func (x *Container) GetResourceRequests() []*Resource { return nil } +type Image struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Cid []byte `protobuf:"bytes,1,opt,name=cid,proto3" json:"cid,omitempty"` + Key *Key `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"` + Url string `protobuf:"bytes,3,opt,name=url,proto3" json:"url,omitempty"` + VerificationDetails *VerificationDetails `protobuf:"bytes,4,opt,name=verificationDetails,proto3" json:"verificationDetails,omitempty"` +} + +func (x *Image) Reset() { + *x = Image{} + if protoimpl.UnsafeEnabled { + mi := &file_pod_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Image) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Image) ProtoMessage() {} + +func (x *Image) ProtoReflect() protoreflect.Message { + mi := &file_pod_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Image.ProtoReflect.Descriptor instead. +func (*Image) Descriptor() ([]byte, []int) { + return file_pod_proto_rawDescGZIP(), []int{2} +} + +func (x *Image) GetCid() []byte { + if x != nil { + return x.Cid + } + return nil +} + +func (x *Image) GetKey() *Key { + if x != nil { + return x.Key + } + return nil +} + +func (x *Image) GetUrl() string { + if x != nil { + return x.Url + } + return "" +} + +func (x *Image) GetVerificationDetails() *VerificationDetails { + if x != nil { + return x.VerificationDetails + } + return nil +} + +type VerificationDetails struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Signature string `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"` + Identity string `protobuf:"bytes,2,opt,name=identity,proto3" json:"identity,omitempty"` + Issuer string `protobuf:"bytes,3,opt,name=issuer,proto3" json:"issuer,omitempty"` +} + +func (x *VerificationDetails) Reset() { + *x = VerificationDetails{} + if protoimpl.UnsafeEnabled { + mi := &file_pod_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *VerificationDetails) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*VerificationDetails) ProtoMessage() {} + +func (x *VerificationDetails) ProtoReflect() protoreflect.Message { + mi := &file_pod_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use VerificationDetails.ProtoReflect.Descriptor instead. +func (*VerificationDetails) Descriptor() ([]byte, []int) { + return file_pod_proto_rawDescGZIP(), []int{3} +} + +func (x *VerificationDetails) GetSignature() string { + if x != nil { + return x.Signature + } + return "" +} + +func (x *VerificationDetails) GetIdentity() string { + if x != nil { + return x.Identity + } + return "" +} + +func (x *VerificationDetails) GetIssuer() string { + if x != nil { + return x.Issuer + } + return "" +} + type Volume struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -326,7 +460,7 @@ type Volume struct { func (x *Volume) Reset() { *x = Volume{} if protoimpl.UnsafeEnabled { - mi := &file_pod_proto_msgTypes[2] + mi := &file_pod_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -339,7 +473,7 @@ func (x *Volume) String() string { func (*Volume) ProtoMessage() {} func (x *Volume) ProtoReflect() protoreflect.Message { - mi := &file_pod_proto_msgTypes[2] + mi := &file_pod_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -352,7 +486,7 @@ func (x *Volume) ProtoReflect() protoreflect.Message { // Deprecated: Use Volume.ProtoReflect.Descriptor instead. func (*Volume) Descriptor() ([]byte, []int) { - return file_pod_proto_rawDescGZIP(), []int{2} + return file_pod_proto_rawDescGZIP(), []int{4} } func (x *Volume) GetName() string { @@ -426,7 +560,7 @@ type Replicas struct { func (x *Replicas) Reset() { *x = Replicas{} if protoimpl.UnsafeEnabled { - mi := &file_pod_proto_msgTypes[3] + mi := &file_pod_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -439,7 +573,7 @@ func (x *Replicas) String() string { func (*Replicas) ProtoMessage() {} func (x *Replicas) ProtoReflect() protoreflect.Message { - mi := &file_pod_proto_msgTypes[3] + mi := &file_pod_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -452,7 +586,7 @@ func (x *Replicas) ProtoReflect() protoreflect.Message { // Deprecated: Use Replicas.ProtoReflect.Descriptor instead. func (*Replicas) Descriptor() ([]byte, []int) { - return file_pod_proto_rawDescGZIP(), []int{3} + return file_pod_proto_rawDescGZIP(), []int{5} } func (x *Replicas) GetMin() uint32 { @@ -492,7 +626,7 @@ type Resource struct { func (x *Resource) Reset() { *x = Resource{} if protoimpl.UnsafeEnabled { - mi := &file_pod_proto_msgTypes[4] + mi := &file_pod_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -505,7 +639,7 @@ func (x *Resource) String() string { func (*Resource) ProtoMessage() {} func (x *Resource) ProtoReflect() protoreflect.Message { - mi := &file_pod_proto_msgTypes[4] + mi := &file_pod_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -518,7 +652,7 @@ func (x *Resource) ProtoReflect() protoreflect.Message { // Deprecated: Use Resource.ProtoReflect.Descriptor instead. func (*Resource) Descriptor() ([]byte, []int) { - return file_pod_proto_rawDescGZIP(), []int{4} + return file_pod_proto_rawDescGZIP(), []int{6} } func (x *Resource) GetResource() string { @@ -576,7 +710,7 @@ type Key struct { func (x *Key) Reset() { *x = Key{} if protoimpl.UnsafeEnabled { - mi := &file_pod_proto_msgTypes[5] + mi := &file_pod_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -589,7 +723,7 @@ func (x *Key) String() string { func (*Key) ProtoMessage() {} func (x *Key) ProtoReflect() protoreflect.Message { - mi := &file_pod_proto_msgTypes[5] + mi := &file_pod_proto_msgTypes[7] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -602,7 +736,7 @@ func (x *Key) ProtoReflect() protoreflect.Message { // Deprecated: Use Key.ProtoReflect.Descriptor instead. func (*Key) Descriptor() ([]byte, []int) { - return file_pod_proto_rawDescGZIP(), []int{5} + return file_pod_proto_rawDescGZIP(), []int{7} } func (x *Key) GetData() []byte { @@ -624,7 +758,7 @@ type KeyPair struct { func (x *KeyPair) Reset() { *x = KeyPair{} if protoimpl.UnsafeEnabled { - mi := &file_pod_proto_msgTypes[6] + mi := &file_pod_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -637,7 +771,7 @@ func (x *KeyPair) String() string { func (*KeyPair) ProtoMessage() {} func (x *KeyPair) ProtoReflect() protoreflect.Message { - mi := &file_pod_proto_msgTypes[6] + mi := &file_pod_proto_msgTypes[8] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -650,7 +784,7 @@ func (x *KeyPair) ProtoReflect() protoreflect.Message { // Deprecated: Use KeyPair.ProtoReflect.Descriptor instead. func (*KeyPair) Descriptor() ([]byte, []int) { - return file_pod_proto_rawDescGZIP(), []int{6} + return file_pod_proto_rawDescGZIP(), []int{8} } func (x *KeyPair) GetPrivateKey() string { @@ -667,77 +801,6 @@ func (x *KeyPair) GetPubAddress() string { return "" } -type Container_Image struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Cid []byte `protobuf:"bytes,1,opt,name=cid,proto3" json:"cid,omitempty"` - Key *Key `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"` - Url string `protobuf:"bytes,3,opt,name=url,proto3" json:"url,omitempty"` - Signature string `protobuf:"bytes,4,opt,name=signature,proto3" json:"signature,omitempty"` -} - -func (x *Container_Image) Reset() { - *x = Container_Image{} - if protoimpl.UnsafeEnabled { - mi := &file_pod_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Container_Image) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Container_Image) ProtoMessage() {} - -func (x *Container_Image) ProtoReflect() protoreflect.Message { - mi := &file_pod_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Container_Image.ProtoReflect.Descriptor instead. -func (*Container_Image) Descriptor() ([]byte, []int) { - return file_pod_proto_rawDescGZIP(), []int{1, 1} -} - -func (x *Container_Image) GetCid() []byte { - if x != nil { - return x.Cid - } - return nil -} - -func (x *Container_Image) GetKey() *Key { - if x != nil { - return x.Key - } - return nil -} - -func (x *Container_Image) GetUrl() string { - if x != nil { - return x.Url - } - return "" -} - -func (x *Container_Image) GetSignature() string { - if x != nil { - return x.Signature - } - return "" -} - type Container_Port struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -756,7 +819,7 @@ type Container_Port struct { func (x *Container_Port) Reset() { *x = Container_Port{} if protoimpl.UnsafeEnabled { - mi := &file_pod_proto_msgTypes[9] + mi := &file_pod_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -769,7 +832,7 @@ func (x *Container_Port) String() string { func (*Container_Port) ProtoMessage() {} func (x *Container_Port) ProtoReflect() protoreflect.Message { - mi := &file_pod_proto_msgTypes[9] + mi := &file_pod_proto_msgTypes[10] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -782,7 +845,7 @@ func (x *Container_Port) ProtoReflect() protoreflect.Message { // Deprecated: Use Container_Port.ProtoReflect.Descriptor instead. func (*Container_Port) Descriptor() ([]byte, []int) { - return file_pod_proto_rawDescGZIP(), []int{1, 2} + return file_pod_proto_rawDescGZIP(), []int{1, 1} } func (x *Container_Port) GetName() string { @@ -857,7 +920,7 @@ type Container_VolumeMount struct { func (x *Container_VolumeMount) Reset() { *x = Container_VolumeMount{} if protoimpl.UnsafeEnabled { - mi := &file_pod_proto_msgTypes[10] + mi := &file_pod_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -870,7 +933,7 @@ func (x *Container_VolumeMount) String() string { func (*Container_VolumeMount) ProtoMessage() {} func (x *Container_VolumeMount) ProtoReflect() protoreflect.Message { - mi := &file_pod_proto_msgTypes[10] + mi := &file_pod_proto_msgTypes[11] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -883,7 +946,7 @@ func (x *Container_VolumeMount) ProtoReflect() protoreflect.Message { // Deprecated: Use Container_VolumeMount.ProtoReflect.Descriptor instead. func (*Container_VolumeMount) Descriptor() ([]byte, []int) { - return file_pod_proto_rawDescGZIP(), []int{1, 3} + return file_pod_proto_rawDescGZIP(), []int{1, 2} } func (x *Container_VolumeMount) GetName() string { @@ -918,7 +981,7 @@ type Volume_FilesystemConfig struct { func (x *Volume_FilesystemConfig) Reset() { *x = Volume_FilesystemConfig{} if protoimpl.UnsafeEnabled { - mi := &file_pod_proto_msgTypes[11] + mi := &file_pod_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -931,7 +994,7 @@ func (x *Volume_FilesystemConfig) String() string { func (*Volume_FilesystemConfig) ProtoMessage() {} func (x *Volume_FilesystemConfig) ProtoReflect() protoreflect.Message { - mi := &file_pod_proto_msgTypes[11] + mi := &file_pod_proto_msgTypes[12] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -944,7 +1007,7 @@ func (x *Volume_FilesystemConfig) ProtoReflect() protoreflect.Message { // Deprecated: Use Volume_FilesystemConfig.ProtoReflect.Descriptor instead. func (*Volume_FilesystemConfig) Descriptor() ([]byte, []int) { - return file_pod_proto_rawDescGZIP(), []int{2, 0} + return file_pod_proto_rawDescGZIP(), []int{4, 0} } func (x *Volume_FilesystemConfig) GetResourceRequests() []*Resource { @@ -969,7 +1032,7 @@ type Volume_SecretConfig struct { func (x *Volume_SecretConfig) Reset() { *x = Volume_SecretConfig{} if protoimpl.UnsafeEnabled { - mi := &file_pod_proto_msgTypes[12] + mi := &file_pod_proto_msgTypes[13] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -982,7 +1045,7 @@ func (x *Volume_SecretConfig) String() string { func (*Volume_SecretConfig) ProtoMessage() {} func (x *Volume_SecretConfig) ProtoReflect() protoreflect.Message { - mi := &file_pod_proto_msgTypes[12] + mi := &file_pod_proto_msgTypes[13] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -995,7 +1058,7 @@ func (x *Volume_SecretConfig) ProtoReflect() protoreflect.Message { // Deprecated: Use Volume_SecretConfig.ProtoReflect.Descriptor instead. func (*Volume_SecretConfig) Descriptor() ([]byte, []int) { - return file_pod_proto_rawDescGZIP(), []int{2, 1} + return file_pod_proto_rawDescGZIP(), []int{4, 1} } func (x *Volume_SecretConfig) GetCid() []byte { @@ -1056,64 +1119,74 @@ var file_pod_proto_rawDesc = []byte{ 0x61, 0x69, 0x72, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x50, 0x61, 0x69, 0x72, 0x12, 0x2c, 0x0a, 0x11, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x56, 0x65, - 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x92, 0x07, 0x0a, 0x09, 0x43, + 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x8f, 0x06, 0x0a, 0x09, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3c, 0x0a, 0x05, - 0x69, 0x6d, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x61, 0x70, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x32, 0x0a, 0x05, + 0x69, 0x6d, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, - 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x49, 0x6d, - 0x61, 0x67, 0x65, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, - 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, - 0x6d, 0x61, 0x6e, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x44, - 0x69, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x44, 0x69, 0x72, 0x12, 0x3b, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x06, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, - 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, - 0x73, 0x12, 0x3b, 0x0a, 0x03, 0x65, 0x6e, 0x76, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, - 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, - 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, - 0x2e, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x65, 0x6e, 0x76, 0x12, 0x46, - 0x0a, 0x07, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x2c, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, - 0x72, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x07, 0x76, - 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x12, 0x4b, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x1f, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x52, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x73, 0x1a, 0x36, 0x0a, 0x08, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, - 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x77, 0x0a, 0x05, 0x49, - 0x6d, 0x61, 0x67, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x03, 0x63, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x52, - 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, - 0x75, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, - 0x74, 0x75, 0x72, 0x65, 0x1a, 0xbb, 0x01, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, - 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, - 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x24, 0x0a, 0x0c, 0x68, 0x6f, 0x73, - 0x74, 0x48, 0x74, 0x74, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, - 0x00, 0x52, 0x0c, 0x68, 0x6f, 0x73, 0x74, 0x48, 0x74, 0x74, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x12, - 0x22, 0x0a, 0x0b, 0x68, 0x6f, 0x73, 0x74, 0x54, 0x63, 0x70, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, 0x52, 0x0b, 0x68, 0x6f, 0x73, 0x74, 0x54, 0x63, 0x70, 0x50, - 0x6f, 0x72, 0x74, 0x42, 0x0d, 0x0a, 0x0b, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x64, 0x50, 0x6f, - 0x72, 0x74, 0x1a, 0x5b, 0x0a, 0x0b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, - 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x61, - 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x50, - 0x61, 0x74, 0x68, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x22, + 0x70, 0x6f, 0x64, 0x2e, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, + 0x12, 0x1e, 0x0a, 0x0a, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x03, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, + 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x44, 0x69, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x44, 0x69, 0x72, 0x12, 0x3b, 0x0a, 0x05, 0x70, 0x6f, + 0x72, 0x74, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x61, 0x70, 0x6f, 0x63, + 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, + 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x6f, 0x72, 0x74, + 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x3b, 0x0a, 0x03, 0x65, 0x6e, 0x76, 0x18, 0x07, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, + 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x03, 0x65, 0x6e, 0x76, 0x12, 0x46, 0x0a, 0x07, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x18, + 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, + 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, + 0x75, 0x6e, 0x74, 0x52, 0x07, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x12, 0x4b, 0x0a, 0x10, + 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, + 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, + 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x52, + 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x1a, 0x36, 0x0a, 0x08, 0x45, 0x6e, 0x76, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, + 0x01, 0x1a, 0xbb, 0x01, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x24, + 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, + 0x50, 0x6f, 0x72, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, + 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x24, 0x0a, 0x0c, 0x68, 0x6f, 0x73, 0x74, 0x48, 0x74, + 0x74, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0c, + 0x68, 0x6f, 0x73, 0x74, 0x48, 0x74, 0x74, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x12, 0x22, 0x0a, 0x0b, + 0x68, 0x6f, 0x73, 0x74, 0x54, 0x63, 0x70, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x04, 0x48, 0x00, 0x52, 0x0b, 0x68, 0x6f, 0x73, 0x74, 0x54, 0x63, 0x70, 0x50, 0x6f, 0x72, 0x74, + 0x42, 0x0d, 0x0a, 0x0b, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x1a, + 0x5b, 0x0a, 0x0b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x12, + 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68, + 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x22, 0xb7, 0x01, 0x0a, + 0x05, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, 0x64, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, + 0x79, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x5c, 0x0a, 0x13, 0x76, 0x65, 0x72, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x65, + 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, + 0x73, 0x52, 0x13, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, + 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x67, 0x0a, 0x13, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x1c, 0x0a, + 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x69, + 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x69, + 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, + 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x22, 0xca, 0x05, 0x0a, 0x06, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x36, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x22, 0x2e, 0x61, @@ -1198,46 +1271,48 @@ func file_pod_proto_rawDescGZIP() []byte { } var file_pod_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_pod_proto_msgTypes = make([]protoimpl.MessageInfo, 13) +var file_pod_proto_msgTypes = make([]protoimpl.MessageInfo, 14) var file_pod_proto_goTypes = []interface{}{ (Volume_Type)(0), // 0: apocryph.proto.v0.pod.Volume.Type (Volume_AccessMode)(0), // 1: apocryph.proto.v0.pod.Volume.AccessMode (*Pod)(nil), // 2: apocryph.proto.v0.pod.Pod (*Container)(nil), // 3: apocryph.proto.v0.pod.Container - (*Volume)(nil), // 4: apocryph.proto.v0.pod.Volume - (*Replicas)(nil), // 5: apocryph.proto.v0.pod.Replicas - (*Resource)(nil), // 6: apocryph.proto.v0.pod.Resource - (*Key)(nil), // 7: apocryph.proto.v0.pod.Key - (*KeyPair)(nil), // 8: apocryph.proto.v0.pod.KeyPair - nil, // 9: apocryph.proto.v0.pod.Container.EnvEntry - (*Container_Image)(nil), // 10: apocryph.proto.v0.pod.Container.Image - (*Container_Port)(nil), // 11: apocryph.proto.v0.pod.Container.Port - (*Container_VolumeMount)(nil), // 12: apocryph.proto.v0.pod.Container.VolumeMount - (*Volume_FilesystemConfig)(nil), // 13: apocryph.proto.v0.pod.Volume.FilesystemConfig - (*Volume_SecretConfig)(nil), // 14: apocryph.proto.v0.pod.Volume.SecretConfig + (*Image)(nil), // 4: apocryph.proto.v0.pod.Image + (*VerificationDetails)(nil), // 5: apocryph.proto.v0.pod.VerificationDetails + (*Volume)(nil), // 6: apocryph.proto.v0.pod.Volume + (*Replicas)(nil), // 7: apocryph.proto.v0.pod.Replicas + (*Resource)(nil), // 8: apocryph.proto.v0.pod.Resource + (*Key)(nil), // 9: apocryph.proto.v0.pod.Key + (*KeyPair)(nil), // 10: apocryph.proto.v0.pod.KeyPair + nil, // 11: apocryph.proto.v0.pod.Container.EnvEntry + (*Container_Port)(nil), // 12: apocryph.proto.v0.pod.Container.Port + (*Container_VolumeMount)(nil), // 13: apocryph.proto.v0.pod.Container.VolumeMount + (*Volume_FilesystemConfig)(nil), // 14: apocryph.proto.v0.pod.Volume.FilesystemConfig + (*Volume_SecretConfig)(nil), // 15: apocryph.proto.v0.pod.Volume.SecretConfig } var file_pod_proto_depIdxs = []int32{ 3, // 0: apocryph.proto.v0.pod.Pod.containers:type_name -> apocryph.proto.v0.pod.Container - 4, // 1: apocryph.proto.v0.pod.Pod.volumes:type_name -> apocryph.proto.v0.pod.Volume - 5, // 2: apocryph.proto.v0.pod.Pod.replicas:type_name -> apocryph.proto.v0.pod.Replicas - 8, // 3: apocryph.proto.v0.pod.Pod.keyPair:type_name -> apocryph.proto.v0.pod.KeyPair - 10, // 4: apocryph.proto.v0.pod.Container.image:type_name -> apocryph.proto.v0.pod.Container.Image - 11, // 5: apocryph.proto.v0.pod.Container.ports:type_name -> apocryph.proto.v0.pod.Container.Port - 9, // 6: apocryph.proto.v0.pod.Container.env:type_name -> apocryph.proto.v0.pod.Container.EnvEntry - 12, // 7: apocryph.proto.v0.pod.Container.volumes:type_name -> apocryph.proto.v0.pod.Container.VolumeMount - 6, // 8: apocryph.proto.v0.pod.Container.resourceRequests:type_name -> apocryph.proto.v0.pod.Resource - 0, // 9: apocryph.proto.v0.pod.Volume.type:type_name -> apocryph.proto.v0.pod.Volume.Type - 1, // 10: apocryph.proto.v0.pod.Volume.accessMode:type_name -> apocryph.proto.v0.pod.Volume.AccessMode - 13, // 11: apocryph.proto.v0.pod.Volume.filesystem:type_name -> apocryph.proto.v0.pod.Volume.FilesystemConfig - 14, // 12: apocryph.proto.v0.pod.Volume.secret:type_name -> apocryph.proto.v0.pod.Volume.SecretConfig - 7, // 13: apocryph.proto.v0.pod.Container.Image.key:type_name -> apocryph.proto.v0.pod.Key - 6, // 14: apocryph.proto.v0.pod.Volume.FilesystemConfig.resourceRequests:type_name -> apocryph.proto.v0.pod.Resource - 7, // 15: apocryph.proto.v0.pod.Volume.SecretConfig.key:type_name -> apocryph.proto.v0.pod.Key - 16, // [16:16] is the sub-list for method output_type - 16, // [16:16] is the sub-list for method input_type - 16, // [16:16] is the sub-list for extension type_name - 16, // [16:16] is the sub-list for extension extendee - 0, // [0:16] is the sub-list for field type_name + 6, // 1: apocryph.proto.v0.pod.Pod.volumes:type_name -> apocryph.proto.v0.pod.Volume + 7, // 2: apocryph.proto.v0.pod.Pod.replicas:type_name -> apocryph.proto.v0.pod.Replicas + 10, // 3: apocryph.proto.v0.pod.Pod.keyPair:type_name -> apocryph.proto.v0.pod.KeyPair + 4, // 4: apocryph.proto.v0.pod.Container.image:type_name -> apocryph.proto.v0.pod.Image + 12, // 5: apocryph.proto.v0.pod.Container.ports:type_name -> apocryph.proto.v0.pod.Container.Port + 11, // 6: apocryph.proto.v0.pod.Container.env:type_name -> apocryph.proto.v0.pod.Container.EnvEntry + 13, // 7: apocryph.proto.v0.pod.Container.volumes:type_name -> apocryph.proto.v0.pod.Container.VolumeMount + 8, // 8: apocryph.proto.v0.pod.Container.resourceRequests:type_name -> apocryph.proto.v0.pod.Resource + 9, // 9: apocryph.proto.v0.pod.Image.key:type_name -> apocryph.proto.v0.pod.Key + 5, // 10: apocryph.proto.v0.pod.Image.verificationDetails:type_name -> apocryph.proto.v0.pod.VerificationDetails + 0, // 11: apocryph.proto.v0.pod.Volume.type:type_name -> apocryph.proto.v0.pod.Volume.Type + 1, // 12: apocryph.proto.v0.pod.Volume.accessMode:type_name -> apocryph.proto.v0.pod.Volume.AccessMode + 14, // 13: apocryph.proto.v0.pod.Volume.filesystem:type_name -> apocryph.proto.v0.pod.Volume.FilesystemConfig + 15, // 14: apocryph.proto.v0.pod.Volume.secret:type_name -> apocryph.proto.v0.pod.Volume.SecretConfig + 8, // 15: apocryph.proto.v0.pod.Volume.FilesystemConfig.resourceRequests:type_name -> apocryph.proto.v0.pod.Resource + 9, // 16: apocryph.proto.v0.pod.Volume.SecretConfig.key:type_name -> apocryph.proto.v0.pod.Key + 17, // [17:17] is the sub-list for method output_type + 17, // [17:17] is the sub-list for method input_type + 17, // [17:17] is the sub-list for extension type_name + 17, // [17:17] is the sub-list for extension extendee + 0, // [0:17] is the sub-list for field type_name } func init() { file_pod_proto_init() } @@ -1271,7 +1346,7 @@ func file_pod_proto_init() { } } file_pod_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Volume); i { + switch v := v.(*Image); i { case 0: return &v.state case 1: @@ -1283,7 +1358,7 @@ func file_pod_proto_init() { } } file_pod_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Replicas); i { + switch v := v.(*VerificationDetails); i { case 0: return &v.state case 1: @@ -1295,7 +1370,7 @@ func file_pod_proto_init() { } } file_pod_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Resource); i { + switch v := v.(*Volume); i { case 0: return &v.state case 1: @@ -1307,7 +1382,7 @@ func file_pod_proto_init() { } } file_pod_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Key); i { + switch v := v.(*Replicas); i { case 0: return &v.state case 1: @@ -1319,7 +1394,19 @@ func file_pod_proto_init() { } } file_pod_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*KeyPair); i { + switch v := v.(*Resource); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pod_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Key); i { case 0: return &v.state case 1: @@ -1331,7 +1418,7 @@ func file_pod_proto_init() { } } file_pod_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Container_Image); i { + switch v := v.(*KeyPair); i { case 0: return &v.state case 1: @@ -1342,7 +1429,7 @@ func file_pod_proto_init() { return nil } } - file_pod_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + file_pod_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Container_Port); i { case 0: return &v.state @@ -1354,7 +1441,7 @@ func file_pod_proto_init() { return nil } } - file_pod_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + file_pod_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Container_VolumeMount); i { case 0: return &v.state @@ -1366,7 +1453,7 @@ func file_pod_proto_init() { return nil } } - file_pod_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + file_pod_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Volume_FilesystemConfig); i { case 0: return &v.state @@ -1378,7 +1465,7 @@ func file_pod_proto_init() { return nil } } - file_pod_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + file_pod_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Volume_SecretConfig); i { case 0: return &v.state @@ -1391,15 +1478,15 @@ func file_pod_proto_init() { } } } - file_pod_proto_msgTypes[2].OneofWrappers = []interface{}{ + file_pod_proto_msgTypes[4].OneofWrappers = []interface{}{ (*Volume_Filesystem)(nil), (*Volume_Secret)(nil), } - file_pod_proto_msgTypes[4].OneofWrappers = []interface{}{ + file_pod_proto_msgTypes[6].OneofWrappers = []interface{}{ (*Resource_Amount)(nil), (*Resource_AmountMillis)(nil), } - file_pod_proto_msgTypes[9].OneofWrappers = []interface{}{ + file_pod_proto_msgTypes[10].OneofWrappers = []interface{}{ (*Container_Port_HostHttpHost)(nil), (*Container_Port_HostTcpPort)(nil), } @@ -1409,7 +1496,7 @@ func file_pod_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_pod_proto_rawDesc, NumEnums: 2, - NumMessages: 13, + NumMessages: 14, NumExtensions: 0, NumServices: 0, }, diff --git a/pkg/publisher/images.go b/pkg/publisher/images.go index 896ed259..b1e7325d 100644 --- a/pkg/publisher/images.go +++ b/pkg/publisher/images.go @@ -31,13 +31,18 @@ func DefaultVerifyOptions() *options.VerifyOptions { return o } -func SignPodImages(pod *proto.Pod, deployment *proto.Deployment, o *options.SignOptions) error { +func SignPodImages(pod *proto.Pod, deployment *proto.Deployment, o *options.SignOptions, identity, issuer string) error { var images []string for _, container := range pod.Containers { images = append(images, container.Image.Url) } - for i, image := range images { + imageMap := make(map[string]*proto.UploadedImage) + for _, img := range deployment.Images { + imageMap[img.SourceUrl] = img + } + + for _, image := range images { ro := &options.RootOptions{Timeout: constants.TIMEOUT} oidcClientSecret, err := o.OIDC.ClientSecret() @@ -98,83 +103,103 @@ func SignPodImages(pod *proto.Pod, deployment *proto.Deployment, o *options.Sign if err != nil { return err } - deployment.Images[i].Signature = string(signatureBytes) + verificationDetails := &proto.VerificationDetails{ + Signature: string(signatureBytes), + Identity: identity, + Issuer: issuer, + } + if img, exists := imageMap[image]; exists { + img.VerificationDetails = verificationDetails + } else { + deployment.Images = append(deployment.Images, &proto.UploadedImage{ + SourceUrl: image, + VerificationDetails: verificationDetails, + }) + } } return nil } -func VerifyPodImages(pod *proto.Pod, o *options.VerifyOptions, certificateIdentity, certificateOidcIssuer string) error { - var images []string +func VerifyPodImages(pod *proto.Pod, o *options.VerifyOptions) error { + var images []*proto.Image for _, container := range pod.Containers { - images = append(images, container.Image.Url) + images = append(images, container.Image) } - return VerifyImages(images, o, certificateIdentity, certificateOidcIssuer) + return VerifyImages(images, o) } -func VerifyImages(images []string, o *options.VerifyOptions, certificateIdentity, certificateOidcIssuer string) error { - - if o.CommonVerifyOptions.PrivateInfrastructure { - o.CommonVerifyOptions.IgnoreTlog = true - } +func VerifyImages(images []*proto.Image, o *options.VerifyOptions) error { + for _, image := range images { - annotations, err := o.AnnotationsMap() - if err != nil { - return err - } + if o.CommonVerifyOptions.PrivateInfrastructure { + o.CommonVerifyOptions.IgnoreTlog = true + } - hashAlgorithm, err := o.SignatureDigest.HashAlgorithm() - if err != nil { - return err - } + annotations, err := o.AnnotationsMap() + if err != nil { + return err + } - o.CertVerify.CertIdentity = certificateIdentity - o.CertVerify.CertOidcIssuer = certificateOidcIssuer - - v := &verify.VerifyCommand{ - RegistryOptions: o.Registry, - CertVerifyOptions: o.CertVerify, - CheckClaims: o.CheckClaims, - KeyRef: o.Key, - CertRef: o.CertVerify.Cert, - CertChain: o.CertVerify.CertChain, - CAIntermediates: o.CertVerify.CAIntermediates, - CARoots: o.CertVerify.CARoots, - CertGithubWorkflowTrigger: o.CertVerify.CertGithubWorkflowTrigger, - CertGithubWorkflowSha: o.CertVerify.CertGithubWorkflowSha, - CertGithubWorkflowName: o.CertVerify.CertGithubWorkflowName, - CertGithubWorkflowRepository: o.CertVerify.CertGithubWorkflowRepository, - CertGithubWorkflowRef: o.CertVerify.CertGithubWorkflowRef, - IgnoreSCT: o.CertVerify.IgnoreSCT, - SCTRef: o.CertVerify.SCT, - Sk: o.SecurityKey.Use, - Slot: o.SecurityKey.Slot, - Output: o.Output, - RekorURL: o.Rekor.URL, - Attachment: o.Attachment, - Annotations: annotations, - HashAlgorithm: hashAlgorithm, - SignatureRef: o.SignatureRef, - PayloadRef: o.PayloadRef, - LocalImage: o.LocalImage, - Offline: o.CommonVerifyOptions.Offline, - TSACertChainPath: o.CommonVerifyOptions.TSACertChainPath, - IgnoreTlog: o.CommonVerifyOptions.IgnoreTlog, - MaxWorkers: o.CommonVerifyOptions.MaxWorkers, - ExperimentalOCI11: o.CommonVerifyOptions.ExperimentalOCI11, - CertOidcProvider: o.CertVerify.CertOidcIssuer, - } + hashAlgorithm, err := o.SignatureDigest.HashAlgorithm() + if err != nil { + return err + } + if image.VerificationDetails == nil || image.VerificationDetails.Identity == "" || image.VerificationDetails.Issuer == "" { + return fmt.Errorf("Missing certificate Identity & issuer for Image") + } - if o.CommonVerifyOptions.MaxWorkers == 0 { - return fmt.Errorf("please set the --max-worker flag to a value that is greater than 0") - } + o.CertVerify.CertIdentity = image.VerificationDetails.Identity + o.CertVerify.CertOidcIssuer = image.VerificationDetails.Issuer + + v := &verify.VerifyCommand{ + RegistryOptions: o.Registry, + CertVerifyOptions: o.CertVerify, + CheckClaims: o.CheckClaims, + KeyRef: o.Key, + CertRef: o.CertVerify.Cert, + CertChain: o.CertVerify.CertChain, + CAIntermediates: o.CertVerify.CAIntermediates, + CARoots: o.CertVerify.CARoots, + CertGithubWorkflowTrigger: o.CertVerify.CertGithubWorkflowTrigger, + CertGithubWorkflowSha: o.CertVerify.CertGithubWorkflowSha, + CertGithubWorkflowName: o.CertVerify.CertGithubWorkflowName, + CertGithubWorkflowRepository: o.CertVerify.CertGithubWorkflowRepository, + CertGithubWorkflowRef: o.CertVerify.CertGithubWorkflowRef, + IgnoreSCT: o.CertVerify.IgnoreSCT, + SCTRef: o.CertVerify.SCT, + Sk: o.SecurityKey.Use, + Slot: o.SecurityKey.Slot, + Output: o.Output, + RekorURL: o.Rekor.URL, + Attachment: o.Attachment, + Annotations: annotations, + HashAlgorithm: hashAlgorithm, + SignatureRef: o.SignatureRef, + PayloadRef: o.PayloadRef, + LocalImage: o.LocalImage, + Offline: o.CommonVerifyOptions.Offline, + TSACertChainPath: o.CommonVerifyOptions.TSACertChainPath, + IgnoreTlog: o.CommonVerifyOptions.IgnoreTlog, + MaxWorkers: o.CommonVerifyOptions.MaxWorkers, + ExperimentalOCI11: o.CommonVerifyOptions.ExperimentalOCI11, + CertOidcProvider: o.CertVerify.CertOidcIssuer, + } - if o.Registry.AllowInsecure { - v.NameOptions = append(v.NameOptions, name.Insecure) - } + if o.CommonVerifyOptions.MaxWorkers == 0 { + return fmt.Errorf("please set the --max-worker flag to a value that is greater than 0") + } - // if o.CommonVerifyOptions.IgnoreTlog && !o.CommonVerifyOptions.PrivateInfrastructure { - // ui.Warnf(ctx, fmt.Sprintf(ignoreTLogMessage, "signature")) - // } - return v.Exec(context.Background(), images) + if o.Registry.AllowInsecure { + v.NameOptions = append(v.NameOptions, name.Insecure) + } + // if o.CommonVerifyOptions.IgnoreTlog && !o.CommonVerifyOptions.PrivateInfrastructure { + // ui.Warnf(ctx, fmt.Sprintf(ignoreTLogMessage, "signature")) + // } + err = v.Exec(context.Background(), []string{image.Url}) + if err != nil { + return fmt.Errorf("Failed verifying image: %v", err) + } + } + return nil } diff --git a/pkg/publisher/upload.go b/pkg/publisher/upload.go index 28caff7d..0b92ba17 100644 --- a/pkg/publisher/upload.go +++ b/pkg/publisher/upload.go @@ -94,7 +94,14 @@ func UploadImages(ctx context.Context, client *containerd.Client, IPFSAddress st return err } - uploadedImage := &pb.UploadedImage{SourceUrl: image.Url, Cid: []byte(cid), Key: &pb.Key{Data: prvKey}, Signature: oldUploadedImages[image.Url].Signature} + verificationDetails := &pb.VerificationDetails{} + if img, exists := oldUploadedImages[image.Url]; exists { + verificationDetails = img.VerificationDetails + } + + uploadedImage := &pb.UploadedImage{SourceUrl: image.Url, Cid: []byte(cid), + Key: &pb.Key{Data: prvKey}, + VerificationDetails: verificationDetails} deployment.Images = append(deployment.Images, uploadedImage) } return nil @@ -130,11 +137,13 @@ func LinkUploadsFromDeployment(pod *pb.Pod, deployment *pb.Deployment) *pb.Pod { for _, container := range pod.Containers { if uploadedImage, ok := uploadedImages[container.Image.Url]; ok { - container.Image = &pb.Container_Image{ - Cid: uploadedImage.Cid, - Url: uploadedImage.SourceUrl, - Key: uploadedImage.Key, - Signature: uploadedImage.Signature, + container.Image = &pb.Image{ + Cid: uploadedImage.Cid, + Url: uploadedImage.SourceUrl, + Key: uploadedImage.Key, + VerificationDetails: &pb.VerificationDetails{Signature: uploadedImage.VerificationDetails.Signature, + Identity: uploadedImage.VerificationDetails.Identity, + Issuer: uploadedImage.VerificationDetails.Issuer}, } } } diff --git a/proto/deployment.proto b/proto/deployment.proto index 982f149d..76b5fd7c 100644 --- a/proto/deployment.proto +++ b/proto/deployment.proto @@ -15,7 +15,7 @@ message Deployment { repeated UploadedSecret secrets = 5; provisionPod.ProvisionPodResponse deployed = 6; pod.KeyPair keyPair = 7; - + } message ProviderConfig { @@ -35,7 +35,7 @@ message UploadedImage { string digest = 2; bytes cid = 3; pod.Key key = 4; - string signature = 5; + pod.VerificationDetails verificationDetails = 5; } message UploadedSecret { diff --git a/proto/pod.proto b/proto/pod.proto index 04c5d917..ac62b56c 100644 --- a/proto/pod.proto +++ b/proto/pod.proto @@ -23,13 +23,7 @@ message Container { map env = 7; repeated VolumeMount volumes = 8; repeated Resource resourceRequests = 9; // "cpu", "memory", custom - message Image { - bytes cid = 1; - Key key = 2; - string url = 3; - string signature = 4; - } - + message Port { string name = 1; uint64 containerPort = 2; @@ -49,6 +43,18 @@ message Container { bool readOnly = 3; } } +message Image { + bytes cid = 1; + Key key = 2; + string url = 3; + VerificationDetails verificationDetails = 4; +} + +message VerificationDetails { + string signature = 1; + string identity = 2; + string issuer = 3; +} message Volume { enum Type { diff --git a/test/e2e/common/manifests/manifest-attestation.yaml b/test/e2e/common/manifests/manifest-attestation.yaml index 305cc392..dd398bd1 100644 --- a/test/e2e/common/manifests/manifest-attestation.yaml +++ b/test/e2e/common/manifests/manifest-attestation.yaml @@ -8,6 +8,6 @@ containers: - amount: '100000000' resource: memory replicas: - min: 0 + min: 1 max: 1 ImageVerification: true diff --git a/test/integration/sigstore/run-test.sh b/test/integration/sigstore/run-test.sh index 98a64fd6..d66940c1 100755 --- a/test/integration/sigstore/run-test.sh +++ b/test/integration/sigstore/run-test.sh @@ -3,13 +3,14 @@ set -e echo "USAGE: $0 CERTIFICATE_IDENTITY CERTIFICATE_OIDC_ISSUER" echo "EXAMPLE: $0 example@email.com https://github.com/login/oauth" echo "NOTE: The oidc-issuer for Google is https://accounts.google.com, Microsoft is https://login.microsoftonline.com, GitHub is https://github.com/login/oauth, and GitLab is https://gitlab.com." + +trap 'kill $(jobs -p) &>/dev/null' EXIT set -v cd "$(dirname "$0")" sudo chmod o+rw /run/containerd/containerd.sock -trap 'kill $(jobs -p) &>/dev/null' EXIT ipfs shutdown || true ipfs daemon >/dev/null & sleep 2 @@ -19,12 +20,13 @@ sleep 2 CERTIFICATE_IDENTITY=$1 CERTIFICATE_OIDC_ISSUER=$2 -docker tag hello-world ttl.sh/hello-world:1h -docker push ttl.sh/hello-world:1h +# docker tag hello-world ttl.sh/hello-world:1h +# docker push ttl.sh/hello-world:1h # -# go run ../../../cmd/trustedpods pod upload ../../e2e/common/manifests/manifest-attestation.yaml --sign-images +# go run ../../../cmd/trustedpods pod upload ../../e2e/common/manifests/manifest-attestation.yaml \ +# --sign-images --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER # -go run ../../../cmd/trustedpods pod verify ../../e2e/common/manifests/manifest-attestation.yaml --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER +# go run ../../../cmd/trustedpods pod verify ../../e2e/common/manifests/manifest-attestation.yaml go run ../../../cmd/trustedpods verify ttl.sh/hello-world@sha256:d37ada95d47ad12224c205a938129df7a3e52345828b4fa27b03a98825d1e2e7 \ --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER \ From 9f9d87224c963d9cc08bcafabf8e1baa12dc47be Mon Sep 17 00:00:00 2001 From: revoltez Date: Thu, 22 Aug 2024 22:31:43 +0100 Subject: [PATCH 08/22] fix: add policy schemas, add attestation test, fix policies targets --- pkg/kubernetes/client.go | 5 ++ pkg/kubernetes/namespaces.go | 2 + pkg/kubernetes/pods.go | 56 ++++++++++--------- pkg/kubernetes/utils.go | 2 +- pkg/provider/download.go | 4 +- ...n.yaml => manifest-attestation-hello.yaml} | 2 +- .../manifests/manifest-attestation-nginx.yaml | 17 ++++++ test/e2e/common/scripts/build-images.sh | 8 +-- test/e2e/common/scripts/pull-images.sh | 2 + test/e2e/common/scripts/redeploy-contracts.sh | 2 +- test/e2e/common/scripts/redeploy-images.sh | 2 +- test/e2e/minikube/deploy-pod.sh | 8 ++- test/e2e/minikube/run-attestation-test.sh | 15 +++++ test/e2e/minikube/run-test.sh | 3 - test/integration/sigstore/run-test.sh | 14 ++--- 15 files changed, 92 insertions(+), 50 deletions(-) rename test/e2e/common/manifests/{manifest-attestation.yaml => manifest-attestation-hello.yaml} (93%) create mode 100644 test/e2e/common/manifests/manifest-attestation-nginx.yaml create mode 100755 test/e2e/minikube/run-attestation-test.sh diff --git a/pkg/kubernetes/client.go b/pkg/kubernetes/client.go index f88a6c15..de92d32e 100644 --- a/pkg/kubernetes/client.go +++ b/pkg/kubernetes/client.go @@ -9,6 +9,7 @@ import ( "path/filepath" kedahttpscheme "github.com/kedacore/http-add-on/operator/generated/clientset/versioned/scheme" + policy "github.com/sigstore/policy-controller/pkg/apis/policy/v1beta1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes/scheme" @@ -23,9 +24,13 @@ func GetScheme() (*runtime.Scheme, error) { if err := scheme.AddToScheme(sch); err != nil { return nil, err } + if err := policy.AddToScheme(sch); err != nil { + return nil, err + } if err := kedahttpscheme.AddToScheme(sch); err != nil { return nil, err } + return sch, nil } diff --git a/pkg/kubernetes/namespaces.go b/pkg/kubernetes/namespaces.go index 90893fb6..8c0b58e2 100644 --- a/pkg/kubernetes/namespaces.go +++ b/pkg/kubernetes/namespaces.go @@ -5,6 +5,7 @@ package kubernetes import ( "context" "fmt" + "log" pb "github.com/comrade-coop/apocryph/pkg/proto" kedahttpv1alpha1 "github.com/kedacore/http-add-on/operator/apis/http/v1alpha1" @@ -38,6 +39,7 @@ func NewTrustedPodsNamespace(name string, pod *pb.Pod, paymentChannel *pb.Paymen } // force container image verification if pod.ImageVerification { + log.Println("Image verification is Set") namespace.Labels[SigstorePolicy] = "true" } if paymentChannel != nil { diff --git a/pkg/kubernetes/pods.go b/pkg/kubernetes/pods.go index 9b84a55b..a2fcab29 100644 --- a/pkg/kubernetes/pods.go +++ b/pkg/kubernetes/pods.go @@ -5,14 +5,14 @@ package kubernetes import ( "context" "fmt" + "log" "strings" "github.com/comrade-coop/apocryph/pkg/constants" - "github.com/comrade-coop/apocryph/pkg/proto" pb "github.com/comrade-coop/apocryph/pkg/proto" "github.com/ethereum/go-ethereum/common" kedahttpv1alpha1 "github.com/kedacore/http-add-on/operator/apis/http/v1alpha1" - policy "github.com/sigstore/policy-controller/pkg/apis/policy/v1alpha1" + policy "github.com/sigstore/policy-controller/pkg/apis/policy/v1beta1" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" @@ -39,22 +39,22 @@ func updateOrCreate(ctx context.Context, resourceName, kind, namespace string, r err := client.Get(ctx, *key, oldResource.(k8cl.Object)) updatedResource.SetResourceVersion(oldResource.(k8cl.Object).GetResourceVersion()) // resource version should be retrieved from the old resource in order for httpSo to work if err != nil { - fmt.Printf("Added New Resource: %v \n", resourceName) + log.Printf("Added New Resource: %v \n", resourceName) if err := client.Create(ctx, updatedResource); err != nil { - return err + return fmt.Errorf("Failed creating resource:%v,%v\n", resourceName, err) } return nil } err = client.Update(ctx, updatedResource) if err != nil { - return err + return fmt.Errorf("Failed updating resource:%v, %v\n", resourceName, err) } - fmt.Printf("Updated %v \n", resourceName) + log.Printf("Updated %v \n", resourceName) return nil } if err := client.Create(ctx, resource.(k8cl.Object)); err != nil { - return err + return fmt.Errorf("Failed creating resource:%v,%v\n", resourceName, err) } return nil } @@ -104,7 +104,28 @@ func ApplyPodRequest( localhostAliases := corev1.HostAlias{IP: "127.0.0.1"} - var details []*proto.VerificationDetails + for i, container := range podManifest.Containers { + if container.Image.VerificationDetails != nil { + // create a policy give the previously collected VerificationDetails + if podManifest.ImageVerification { + policyName := fmt.Sprintf("policy-%v-%v", podId, i) + sigstorePolicy := &policy.ClusterImagePolicy{ + TypeMeta: metav1.TypeMeta{Kind: "ClusterImagePolicy"}, ObjectMeta: metav1.ObjectMeta{Name: policyName}, + Spec: policy.ClusterImagePolicySpec{ + Images: []policy.ImagePattern{{Glob: container.Image.Url}}, + Authorities: []policy.Authority{{Keyless: &policy.KeylessRef{}}}, + }} + identity := policy.Identity{Issuer: container.Image.VerificationDetails.Issuer, Subject: container.Image.VerificationDetails.Identity} + sigstorePolicy.Spec.Authorities[0].Keyless.Identities = []policy.Identity{identity} + err := updateOrCreate(ctx, policyName, "ClusterImagePolicy", namespace, sigstorePolicy, client, update) + if err != nil { + return err + } + log.Println("Policy Created") + } + } + } + for cIdx, container := range podManifest.Containers { containerSpec := corev1.Container{ Name: container.Name, @@ -187,9 +208,7 @@ func ApplyPodRequest( } else { depLabels["containers"] = depLabels["containers"] + "_" + containerSpec.Name } - if container.Image.VerificationDetails != nil { - details = append(details, container.Image.VerificationDetails) - } + } podTemplate.Spec.HostAliases = append(podTemplate.Spec.HostAliases, localhostAliases) for _, volume := range podManifest.Volumes { @@ -288,21 +307,6 @@ func ApplyPodRequest( } activeResource = append(activeResource, httpSoName) } - // create a policy give the previously collected VerificationDetails - if podManifest.ImageVerification { - sigstorePolicy := &policy.ClusterImagePolicy{Spec: policy.ClusterImagePolicySpec{ - Authorities: []policy.Authority{{Keyless: &policy.KeylessRef{}}}, - }} - identities := []policy.Identity{} - for _, detail := range details { - identities = append(identities, policy.Identity{Issuer: detail.Issuer, Subject: detail.Identity}) - } - sigstorePolicy.Spec.Authorities[0].Keyless.Identities = identities - err := updateOrCreate(ctx, "tpod-policy", "SigstorePolicy", namespace, sigstorePolicy, client, update) - if err != nil { - return err - } - } if update == true { err := cleanNamespace(ctx, namespace, activeResource, client) diff --git a/pkg/kubernetes/utils.go b/pkg/kubernetes/utils.go index 5c0e8e96..203ff0e7 100644 --- a/pkg/kubernetes/utils.go +++ b/pkg/kubernetes/utils.go @@ -72,7 +72,7 @@ func GetResource(kind string) interface{} { return &appsv1.Deployment{} case "HttpSo": return &kedahttpv1alpha1.HTTPScaledObject{} - case "SigstorePolicy": + case "ClusterImagePolicy": return &policy.ClusterImagePolicy{} } return nil diff --git a/pkg/provider/download.go b/pkg/provider/download.go index c25dacd3..fffe37d6 100644 --- a/pkg/provider/download.go +++ b/pkg/provider/download.go @@ -40,13 +40,11 @@ func DownloadImages(ctx context.Context, client *containerd.Client, ipfsAddress, return nil, err } if !exists { - target := string(c.Image.Cid) + target := string(c.Image.Url) err = ipcr.PullImage(ctx, client, ipfsAddress, string(c.Image.Cid), target) if err != nil { return nil, err } - // Update the url - c.Image.Url = target log.Printf("Pulled Image %v Successfully, Decrypting ...\n", c.Image.Url) err = ipcr.DecryptImage(ctx, client, "", target, c.Image.Key.Data) if err != nil { diff --git a/test/e2e/common/manifests/manifest-attestation.yaml b/test/e2e/common/manifests/manifest-attestation-hello.yaml similarity index 93% rename from test/e2e/common/manifests/manifest-attestation.yaml rename to test/e2e/common/manifests/manifest-attestation-hello.yaml index dd398bd1..01271243 100644 --- a/test/e2e/common/manifests/manifest-attestation.yaml +++ b/test/e2e/common/manifests/manifest-attestation-hello.yaml @@ -1,5 +1,5 @@ containers: - - name: autoscaler + - name: hello image: url: ttl.sh/hello-world@sha256:d37ada95d47ad12224c205a938129df7a3e52345828b4fa27b03a98825d1e2e7 resourceRequests: diff --git a/test/e2e/common/manifests/manifest-attestation-nginx.yaml b/test/e2e/common/manifests/manifest-attestation-nginx.yaml new file mode 100644 index 00000000..c3f1e86d --- /dev/null +++ b/test/e2e/common/manifests/manifest-attestation-nginx.yaml @@ -0,0 +1,17 @@ +containers: + - name: nginx + image: + url: ttl.sh/nginx-hello@sha256:631c081135cc6a81ad685f39d107d9eb6140d3a2265b0aa6792346f06936de72 + ports: + - containerPort: '8080' + hostHttpHost: example.local + name: internal + resourceRequests: + - amountMillis: '10' + resource: cpu + - amount: '100000000' + resource: memory +replicas: + min: 1 + max: 1 +ImageVerification: true diff --git a/test/e2e/common/scripts/build-images.sh b/test/e2e/common/scripts/build-images.sh index 09ea03d2..95501e47 100755 --- a/test/e2e/common/scripts/build-images.sh +++ b/test/e2e/common/scripts/build-images.sh @@ -1,12 +1,10 @@ #!/bin/bash -docker build -t comradecoop/apocryph/server:latest ../../.. --target server +docker build -t comradecoop/apocryph/server:latest ../../../../ --target server -docker build -t comradecoop/apocryph/p2p-helper:latest ../../.. --target p2p-helper +docker build -t comradecoop/apocryph/p2p-helper:latest ../../../../ --target p2p-helper -docker build -t comradecoop/apocryph/autoscaler:latest ../../.. --target autoscaler - -docker run -d -p 5000:5000 --restart=always --name registry registry:2 || echo "Docker registry already running" +docker build -t comradecoop/apocryph/autoscaler:latest ../../../../ --target autoscaler docker tag comradecoop/apocryph/server:latest localhost:5000/comradecoop/apocryph/server:latest docker push localhost:5000/comradecoop/apocryph/server:latest diff --git a/test/e2e/common/scripts/pull-images.sh b/test/e2e/common/scripts/pull-images.sh index fa768399..237ce36f 100755 --- a/test/e2e/common/scripts/pull-images.sh +++ b/test/e2e/common/scripts/pull-images.sh @@ -1,3 +1,5 @@ #!/bin/bash docker pull registry:2 docker pull ghcr.io/foundry-rs/foundry:nightly-619f3c56302b5a665164002cb98263cd9812e4d5 + +docker run -d -p 5000:5000 --restart=always --name registry registry:2 || echo "Docker registry already running" diff --git a/test/e2e/common/scripts/redeploy-contracts.sh b/test/e2e/common/scripts/redeploy-contracts.sh index 8ad9c612..194eac8b 100755 --- a/test/e2e/common/scripts/redeploy-contracts.sh +++ b/test/e2e/common/scripts/redeploy-contracts.sh @@ -12,4 +12,4 @@ sleep 5 # deploy the contracts DEPLOYER_KEY=$(docker logs anvil | awk '/Private Keys/ {flag=1; next} flag && /^\(0\)/ {print $2; exit}') # anvil.accounts[0] -( cd ../../../contracts; forge script script/Deploy.s.sol --private-key "$DEPLOYER_KEY" --rpc-url http://localhost:8545 --broadcast) +( cd ../../../../contracts; forge script script/Deploy.s.sol --private-key "$DEPLOYER_KEY" --rpc-url http://localhost:8545 --broadcast) diff --git a/test/e2e/common/scripts/redeploy-images.sh b/test/e2e/common/scripts/redeploy-images.sh index 6664eeef..e951bc41 100755 --- a/test/e2e/common/scripts/redeploy-images.sh +++ b/test/e2e/common/scripts/redeploy-images.sh @@ -3,4 +3,4 @@ minikube profile c1 kubectl delete namespace trustedpods # will use default withdraw address & eth keys specefied in values.yaml -helmfile apply -f ../minikube -l name=trustedpods --skip-deps +helmfile apply -f ../../minikube -l name=trustedpods --skip-deps diff --git a/test/e2e/minikube/deploy-pod.sh b/test/e2e/minikube/deploy-pod.sh index e384ca65..16598ef5 100755 --- a/test/e2e/minikube/deploy-pod.sh +++ b/test/e2e/minikube/deploy-pod.sh @@ -10,13 +10,17 @@ FUNDS=10000000000000000000000 set +v set -x +## Configure provider/in-cluster IPFS and publisher IPFS ## +minikube profile c1 +../common/scripts/swarm-connect.sh + go run ../../../cmd/trustedpods/ pod deploy $POD \ --ethereum-key "$PUBLISHER_KEY" \ --payment-contract "$PAYMENT_CONTRACT" \ --registry-contract "$REGISTRY_CONTRACT" \ --funds "$FUNDS" \ - --upload-images=true \ - --mint-funds + --upload-images=false \ + --mint-funds $2 $3 $4 $5 $6 $7 set +x set -v diff --git a/test/e2e/minikube/run-attestation-test.sh b/test/e2e/minikube/run-attestation-test.sh new file mode 100755 index 00000000..2d355dd5 --- /dev/null +++ b/test/e2e/minikube/run-attestation-test.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e +echo "USAGE: $0 CERTIFICATE_IDENTITY CERTIFICATE_OIDC_ISSUER" +echo "EXAMPLE: $0 example@email.com https://github.com/login/oauth" +echo "NOTE: The oidc-issuer for Google is https://accounts.google.com, Microsoft is https://login.microsoftonline.com, GitHub is https://github.com/login/oauth, and GitLab is https://gitlab.com." + +docker pull nginxdemos/nginx-hello@sha256:2ab1f0bef4461020a1aabee4260a1fe93b03ed69d7f72908acca3a7ec33cb1c0 +docker tag docker.io/nginxdemos/nginx-hello:latest ttl.sh/nginx-hello:1h +docker push ttl.sh/nginx-hello:1h + +CERTIFICATE_IDENTITY=$1 +CERTIFICATE_OIDC_ISSUER=$2 + +./deploy-pod.sh ../common/manifests/manifest-attestation-nginx.yaml --sign-images --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER diff --git a/test/e2e/minikube/run-test.sh b/test/e2e/minikube/run-test.sh index 2031597e..1c0a24dc 100755 --- a/test/e2e/minikube/run-test.sh +++ b/test/e2e/minikube/run-test.sh @@ -83,9 +83,6 @@ go run ../../../cmd/tpodserver registry register \ --token-contract 0x5FbDB2315678afecb367f032d93F642f64180aa3 \ --registry-contract 0x9fe46736679d2d9a65f0992f2272de9f3c7fa6e0 \ -## 1.4: Configure provider/in-cluster IPFS and publisher IPFS ## -minikube profile c1 -../common/scripts/swarm-connect.sh ## 2: Deploy example manifest to cluster ## diff --git a/test/integration/sigstore/run-test.sh b/test/integration/sigstore/run-test.sh index d66940c1..ec247537 100755 --- a/test/integration/sigstore/run-test.sh +++ b/test/integration/sigstore/run-test.sh @@ -20,13 +20,13 @@ sleep 2 CERTIFICATE_IDENTITY=$1 CERTIFICATE_OIDC_ISSUER=$2 -# docker tag hello-world ttl.sh/hello-world:1h -# docker push ttl.sh/hello-world:1h -# -# go run ../../../cmd/trustedpods pod upload ../../e2e/common/manifests/manifest-attestation.yaml \ -# --sign-images --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER -# -# go run ../../../cmd/trustedpods pod verify ../../e2e/common/manifests/manifest-attestation.yaml +docker tag hello-world ttl.sh/hello-world:1h +docker push ttl.sh/hello-world:1h + +go run ../../../cmd/trustedpods pod upload ../../e2e/common/manifests/manifest-attestation.yaml \ + --sign-images --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER + +go run ../../../cmd/trustedpods pod verify ../../e2e/common/manifests/manifest-attestation.yaml go run ../../../cmd/trustedpods verify ttl.sh/hello-world@sha256:d37ada95d47ad12224c205a938129df7a3e52345828b4fa27b03a98825d1e2e7 \ --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER \ From e90dc477ec0e504412529fb3724d8b00636e59c0 Mon Sep 17 00:00:00 2001 From: revoltez Date: Tue, 27 Aug 2024 18:24:04 +0100 Subject: [PATCH 09/22] feat!: add application verification via its endpoint --- Dockerfile | 11 + cmd/trustedpods/deploy.go | 2 +- cmd/trustedpods/flags.go | 2 - go.mod | 28 +- go.sum | 100 +++--- pkg/constants/constants.go | 4 + pkg/kubernetes/namespaces.go | 2 +- pkg/kubernetes/pods.go | 85 +++-- pkg/kubernetes/utils.go | 44 ++- pkg/proto-ts/pod_pb.ts | 12 +- pkg/proto-ts/provision-pod_connect.ts | 11 +- pkg/proto-ts/provision-pod_pb.ts | 80 ++++- pkg/proto/pod.pb.go | 301 +++++++++--------- pkg/proto/protoconnect/interceptors.go | 7 +- .../protoconnect/provision-pod.connect.go | 30 ++ pkg/proto/provision-pod.pb.go | 241 +++++++++++--- pkg/provider/server.go | 25 ++ pkg/proxy/proxy.go | 59 ++++ proto/pod.proto | 3 +- proto/provision-pod.proto | 11 +- .../manifests/manifest-attestation-nginx.yaml | 5 +- test/e2e/common/scripts/build-images.sh | 3 +- test/e2e/minikube/deploy-pod.sh | 1 + test/e2e/minikube/run-attestation-test.sh | 24 +- 24 files changed, 779 insertions(+), 312 deletions(-) create mode 100644 pkg/proxy/proxy.go diff --git a/Dockerfile b/Dockerfile index 526eb802..4d1db619 100644 --- a/Dockerfile +++ b/Dockerfile @@ -60,4 +60,15 @@ COPY --from=build-autoscaler /usr/local/bin/autoscaler /usr/local/bin/autoscaler ENTRYPOINT ["autoscaler"] +## tpod-proxy: ## +FROM build-common as build-tpod-proxy + +COPY pkg/proxy/ ./proxy +RUN --mount=type=cache,target=/root/.cache/go-build go build -v -o /usr/local/bin/tpod-proxy ./proxy + +FROM run-common as tpod-proxy + +COPY --from=build-tpod-proxy /usr/local/bin/tpod-proxy /usr/local/bin/tpod-proxy + +ENTRYPOINT ["tpod-proxy"] diff --git a/cmd/trustedpods/deploy.go b/cmd/trustedpods/deploy.go index e53beb81..6fd4dd5b 100644 --- a/cmd/trustedpods/deploy.go +++ b/cmd/trustedpods/deploy.go @@ -176,7 +176,7 @@ var deployPodCmd = &cobra.Command{ } else { provisionPodclient, err = publisher.ConnectToProvider(ipfsp2p, deployment, interceptor) if err != nil { - return err + return fmt.Errorf("Failed connecting to provider: %v", err) } } diff --git a/cmd/trustedpods/flags.go b/cmd/trustedpods/flags.go index 8827af0b..aa1f93ec 100644 --- a/cmd/trustedpods/flags.go +++ b/cmd/trustedpods/flags.go @@ -22,8 +22,6 @@ var registryContractAddress string var tokenContractAddress string var expirationOffset int64 var authorize bool -var debugIdentity string -var debugIssuer string var uploadFlags = &pflag.FlagSet{} var ipfsApi string diff --git a/go.mod b/go.mod index f484c92e..7d062433 100644 --- a/go.mod +++ b/go.mod @@ -31,6 +31,7 @@ require ( github.com/olekukonko/tablewriter v0.0.5 github.com/opencontainers/image-spec v1.1.0 github.com/sigstore/cosign/v2 v2.4.0 + github.com/sigstore/policy-controller v0.10.0 github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.19.0 @@ -38,10 +39,10 @@ require ( golang.org/x/net v0.27.0 google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.30.2 - k8s.io/apimachinery v0.30.2 - k8s.io/client-go v0.30.2 - sigs.k8s.io/controller-runtime v0.16.3 + k8s.io/api v0.31.0 + k8s.io/apimachinery v0.31.0 + k8s.io/client-go v0.31.0 + sigs.k8s.io/controller-runtime v0.19.0 ) require ( @@ -96,7 +97,7 @@ require ( github.com/alibabacloud-go/tea-utils v1.4.5 // indirect github.com/alibabacloud-go/tea-xml v1.1.3 // indirect github.com/aliyun/credentials-go v1.3.1 // indirect - github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230512164433-5d1fd1a340c9 // indirect + github.com/antlr4-go/antlr/v4 v4.13.0 // indirect github.com/armon/go-metrics v0.4.1 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go v1.55.5 // indirect @@ -199,7 +200,7 @@ require ( github.com/emicklei/go-restful/v3 v3.11.2 // indirect github.com/emicklei/proto v1.12.1 // indirect github.com/ethereum/c-kzg-4844 v0.4.0 // indirect - github.com/evanphx/json-patch/v5 v5.8.1 // indirect + github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/facebookgo/atomicfile v0.0.0-20151019160806-2de1f203e7d5 // indirect github.com/fahedouch/go-logrotate v0.2.0 // indirect github.com/fatih/color v1.16.0 // indirect @@ -210,6 +211,7 @@ require ( github.com/flynn/noise v1.1.0 // indirect github.com/francoispqt/gojay v1.2.13 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/gballet/go-libpcsclite v0.0.0-20190607065134-2772fd86a8ff // indirect github.com/gballet/go-verkle v0.1.1-0.20231031103413-a67434b50f46 // indirect github.com/go-chi/chi v4.1.2+incompatible // indirect @@ -229,7 +231,7 @@ require ( github.com/go-openapi/swag v0.23.0 // indirect github.com/go-openapi/validate v0.24.0 // indirect github.com/go-piv/piv-go v1.11.0 // indirect - github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect + github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gofrs/flock v0.12.1 // indirect @@ -238,7 +240,7 @@ require ( github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb // indirect - github.com/google/cel-go v0.18.1 // indirect + github.com/google/cel-go v0.20.1 // indirect github.com/google/certificate-transparency-go v1.2.1 // indirect github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect github.com/google/go-cmp v0.6.0 // indirect @@ -246,7 +248,7 @@ require ( github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/gopacket v1.1.19 // indirect - github.com/google/pprof v0.0.0-20240207164012-fb44976bdcd5 // indirect + github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect @@ -363,7 +365,7 @@ require ( github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/oleiade/reflections v1.0.1 // indirect - github.com/onsi/ginkgo/v2 v2.15.0 // indirect + github.com/onsi/ginkgo/v2 v2.19.0 // indirect github.com/open-policy-agent/opa v0.67.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/runtime-spec v1.2.0 // indirect @@ -421,7 +423,6 @@ require ( github.com/shibumi/go-pathspec v1.3.0 // indirect github.com/shirou/gopsutil v3.21.4-0.20210419000835-c7a38de76ee5+incompatible // indirect github.com/sigstore/fulcio v1.5.1 // indirect - github.com/sigstore/policy-controller v0.10.0 // indirect github.com/sigstore/protobuf-specs v0.3.2 // indirect github.com/sigstore/rekor v1.3.6 // indirect github.com/sigstore/sigstore v1.8.8 // indirect @@ -466,6 +467,7 @@ require ( github.com/vishvananda/netns v0.0.4 // indirect github.com/whyrusleeping/base32 v0.0.0-20170828182744-c30ac30633cc // indirect github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 // indirect + github.com/x448/float16 v0.8.4 // indirect github.com/xanzy/go-gitlab v0.107.0 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect @@ -512,9 +514,9 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect + k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect knative.dev/pkg v0.0.0-20240116073220-b488e7be5902 // indirect lukechampine.com/blake3 v1.2.2 // indirect rsc.io/tmplfunc v0.0.3 // indirect diff --git a/go.sum b/go.sum index 2d8d51ea..d1fd7163 100644 --- a/go.sum +++ b/go.sum @@ -186,8 +186,8 @@ github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTs github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156 h1:eMwmnE/GDgah4HI848JfFxHt+iPb26b4zyfspmqY0/8= github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156/go.mod h1:Cb/ax3seSYIx7SuZdm2G2xzfwmv3TPSk2ucNfQESPXM= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= -github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230512164433-5d1fd1a340c9 h1:goHVqTbFX3AIo0tzGr14pgfAW2ZfPChKO21Z9MGf/gk= -github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230512164433-5d1fd1a340c9/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= +github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI= +github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= @@ -197,7 +197,6 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= -github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM= github.com/aws/aws-sdk-go-v2 v1.30.3 h1:jUeBtG0Ih+ZIFH0F4UkmL9w3cSpaMv9tYYDbzILP8dY= github.com/aws/aws-sdk-go-v2 v1.30.3/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc= github.com/aws/aws-sdk-go-v2/config v1.27.27 h1:HdqgGt1OAP0HkEDDShEl0oSYa9ZZBSOmKpdpsDMdO90= @@ -206,20 +205,14 @@ github.com/aws/aws-sdk-go-v2/credentials v1.17.27 h1:2raNba6gr2IfA0eqqiP2XiQ0UVO github.com/aws/aws-sdk-go-v2/credentials v1.17.27/go.mod h1:gniiwbGahQByxan6YjQUMcW4Aov6bLC3m+evgcoN4r4= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 h1:KreluoV8FZDEtI6Co2xuNk/UqI9iwMrOx/87PBNIKqw= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11/go.mod h1:SeSUYBLsMYFoRvHE0Tjvn7kbxaUhl75CJi1sbfhMxkU= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 h1:SoNJ4RlFEQEbtDcCEt+QG56MY4fm4W8rYirAmq+/DdU= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15/go.mod h1:U9ke74k1n2bf+RIgoX1SXFed1HLs51OgUSs+Ph0KJP8= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 h1:C6WHdGnTDIYETAm5iErQUiVNsclNx9qbJVPIt03B6bI= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15/go.mod h1:ZQLZqhcu+JhSrA9/NXRm8SkDvsycE+JkV3WGY41e+IM= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= -github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 h1:y6LX9GUoEA3mO0qpFl1ZQHj1rFyPWVphlzebiSt2tKE= -github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2/go.mod h1:Q0LcmaN/Qr8+4aSBrdrXXePqoX0eOuYpJLbYpilmWnA= github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7 h1:3iaT/LnGV6jNtbBkvHZDlzz7Ky3wMHDJAyFtGd5GUJI= github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7/go.mod h1:mtzCLxk6M+KZbkJdq3cUH9GCrudw8qCy5C3EHO+5vLc= -github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 h1:PpbXaecV3sLAS6rjQiaKw4/jyq3Z8gNzmoJupHAoBp0= -github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2/go.mod h1:fUHpGXr4DrXkEDpGAjClPsviWf+Bszeb0daKE0blxv8= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6 h1:h+r5/diSwztgKgxUrntt6AOI5lBYY0ZJv+yzeulGZSU= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6/go.mod h1:7+5MHFC52LC85xKCjCuWDHmIncOOvWnll10OT9EAN/g= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvGhSoaIhRseqw2I0yH81l7wiR2vjs57O51EAm8= @@ -234,7 +227,6 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 h1:yiwVzJW2ZxZTurVbYWA7QOrA github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4/go.mod h1:0oxfLkpz3rQ/CHlx5hB7H69YUpFiI1tql6Q6Ne+1bCw= github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 h1:ZsDKRLXGWHk8WdtyYMoGNO7bTudrvuKpDKgMVRlepGE= github.com/aws/aws-sdk-go-v2/service/sts v1.30.3/go.mod h1:zwySh8fpFyXp9yOr/KVzxOl8SRqgf/IDw5aUt9UKFcQ= -github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE= github.com/aws/smithy-go v1.20.3/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 h1:SoFYaT9UyGkR0+nogNyD/Lj+bsixB+SNuAS4ABlEs6M= @@ -427,9 +419,8 @@ github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 h github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= -github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE= -github.com/danieljoos/wincred v1.2.0/go.mod h1:FzQLLMKBFdvu+osBrnFODiv32YGwCfx0SkRa/eYHgec= github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs= +github.com/danieljoos/wincred v1.2.1/go.mod h1:uGaFL9fDn3OLTvzCGulzE+SzjEe5NGlh5FdCcyfPwps= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -472,12 +463,8 @@ github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbT github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v26.1.4+incompatible h1:vuTpXDuoga+Z38m1OZHzl7NKisKWaWlhjQk7IDPSLsU= -github.com/docker/docker v26.1.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v27.0.3+incompatible h1:aBGI9TeQ4MPlhquTQKq9XbK79rKFVwXNUAYz9aXyEBE= github.com/docker/docker v27.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8= -github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40= github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -509,8 +496,10 @@ github.com/ethereum/c-kzg-4844 v0.4.0 h1:3MS1s4JtA868KpJxroZoepdV0ZKBp3u/O5HcZ7R github.com/ethereum/c-kzg-4844 v0.4.0/go.mod h1:VewdlzQmpT5QSrVhbBuGoCdFJkpaJlO1aQputP83wc0= github.com/ethereum/go-ethereum v1.13.15 h1:U7sSGYGo4SPjP6iNIifNoyIAiNjrmQkz6EwQG+/EZWo= github.com/ethereum/go-ethereum v1.13.15/go.mod h1:TN8ZiHrdJwSe8Cb6x+p0hs5CxhJZPbqB7hHkaUXcmIU= -github.com/evanphx/json-patch/v5 v5.8.1 h1:iPEdwg0XayoS+E7Mth9JxwUtOgyVxnDTXHtKhZPlZxA= -github.com/evanphx/json-patch/v5 v5.8.1/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/evanphx/json-patch v5.8.1+incompatible h1:2toJaoe7/rNa1zpeQx0UnVEjqk6z2ecyA20V/zg8vTU= +github.com/evanphx/json-patch v5.8.1+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= +github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/facebookgo/atomicfile v0.0.0-20151019160806-2de1f203e7d5 h1:BBso6MBKW8ncyZLv37o+KNyy0HrrHgfnOaGQC2qvN+A= github.com/facebookgo/atomicfile v0.0.0-20151019160806-2de1f203e7d5/go.mod h1:JpoxHjuQauoxiFMl1ie8Xc/7TfLuMZ5eOCONd1sUBHg= github.com/fahedouch/go-logrotate v0.2.0 h1:UR9Fv8MDVfWwnkirmFHck+tRSWzqOwRjVRLMpQgSxaI= @@ -545,6 +534,8 @@ github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4 github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= github.com/gavv/httpexpect v2.0.0+incompatible/go.mod h1:x+9tiU1YnrOvnB725RkpoLv1M62hOWzwo5OXotisrKc= @@ -619,8 +610,8 @@ github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpv github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/go-yaml/yaml v2.1.0+incompatible/go.mod h1:w2MrLa16VYP0jy6N7M5kHaCkaLENm+P+Tv+MfurjSw0= @@ -684,8 +675,8 @@ github.com/golangci/lint-1 v0.0.0-20181222135242-d2cdd8c08219/go.mod h1:/X8TswGS github.com/gomodule/redigo v1.7.1-0.20190724094224-574c33c3df38/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/cel-go v0.18.1 h1:V/lAXKq4C3BYLDy/ARzMtpkEEYfHQpZzVyzy69nEUjs= -github.com/google/cel-go v0.18.1/go.mod h1:PVAybmSnWkNMUZR/tEWFUiJ1Np4Hz0MHsZJcgC4zln4= +github.com/google/cel-go v0.20.1 h1:nDx9r8S3L4pE61eDdt8igGj8rf5kjYR3ILxWIpWNi84= +github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg= github.com/google/certificate-transparency-go v1.2.1 h1:4iW/NwzqOqYEEoCBEFP+jPbBXbLqMpq3CifMyOnDUME= github.com/google/certificate-transparency-go v1.2.1/go.mod h1:bvn/ytAccv+I6+DGkqpvSsEdiVGramgaSC6RD3tEmeE= github.com/google/flatbuffers v23.5.26+incompatible h1:M9dgRyhJemaM4Sw8+66GHBu8ioaQmyPLg1b8VwK5WJg= @@ -700,7 +691,6 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -722,8 +712,8 @@ github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OI github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240207164012-fb44976bdcd5 h1:E/LAvt58di64hlYjx7AsNS6C/ysHWYo+2qPCZKTQhRo= -github.com/google/pprof v0.0.0-20240207164012-fb44976bdcd5/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -740,7 +730,6 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= -github.com/googleapis/gax-go v2.0.0+incompatible h1:j0GKcs05QVmm7yesiZq2+9cxHkNK9YM6zKx4D2qucQU= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= @@ -787,14 +776,10 @@ github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISH github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= -github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 h1:UpiO20jno/eV1eVZcxqWnUohyKRe1g8FPV/xH1s/2qs= -github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSYmuZJGizr6/x/AEizP0CQc= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8/go.mod h1:aiJI+PIApBRQG7FZTEBx5GiiX+HbOHilUdNxUZi4eV0= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= -github.com/hashicorp/go-sockaddr v1.0.5 h1:dvk7TIXCZpmfOlM+9mlcrWmWjw/wlKT+VDq2wMvfPJU= -github.com/hashicorp/go-sockaddr v1.0.5/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI= github.com/hashicorp/go-sockaddr v1.0.6 h1:RSG8rKU28VTUTvEKghe5gIhIQpv8evvNpnDEyqO4u9I= github.com/hashicorp/go-sockaddr v1.0.6/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= @@ -1200,14 +1185,14 @@ github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vv github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= -github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= -github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= +github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= +github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= -github.com/onsi/gomega v1.31.0 h1:54UJxxj6cPInHS3a35wm6BK/F9nHYueZ1NVujHDrnXE= -github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/open-policy-agent/opa v0.67.0 h1:FOdsO9yNhfmrh+72oVK7ImWmzruG+VSpfbr5IBqEWVs= github.com/open-policy-agent/opa v0.67.0/go.mod h1:aqKlHc8E2VAAylYE9x09zJYr/fYzGX+JKne89UGqFzk= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -1223,8 +1208,8 @@ github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFSt github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= -github.com/openzipkin/zipkin-go v0.4.1 h1:kNd/ST2yLLWhaWrkgchya40TJabe8Hioj9udfPcEO5A= -github.com/openzipkin/zipkin-go v0.4.1/go.mod h1:qY0VqDSN1pOBN94dBc6w2GJlWLiovAyg7Qt6/I9HecM= +github.com/openzipkin/zipkin-go v0.4.2 h1:zjqfqHjUpPmB3c1GlCvvgsM1G4LkvqQbBDueDOCg/jA= +github.com/openzipkin/zipkin-go v0.4.2/go.mod h1:ZeVkFjuuBiSy13y8vpSDCjMi9GoI3hPpCJSBx/EYFhY= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 h1:onHthvaw9LFnH4t2DcNVpwGmV9E1BkGknEliJkfwQj0= @@ -1574,6 +1559,8 @@ github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 h1:EKhdz github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1/go.mod h1:8UvriyWtv5Q5EOgjHaSseUEdkQfvwFv1I/In/O2M9gc= github.com/whyrusleeping/multiaddr-filter v0.0.0-20160516205228-e903e4adabd7 h1:E9S12nwJwEOXe2d6gT6qxdvqMnNq+VnSsKPgm2ZZNds= github.com/whyrusleeping/multiaddr-filter v0.0.0-20160516205228-e903e4adabd7/go.mod h1:X2c0RVCI1eSUFI8eLcY3c0423ykwiUdxLJtkDvruhjI= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y= github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -1637,9 +1624,8 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9RO go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 h1:R3X6ZXmNPRR8ul6i3WgFURCHzaXjHdm0karRG/+dj3s= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0/go.mod h1:QWFXnDavXWwMx2EEcZsf3yxgEKAqsxQ+Syjp+seyInw= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0 h1:Xw8U6u2f8DK2XAkGRFV7BBLENgnTGX9i4rQRxJf+/vs= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0/go.mod h1:6KW1Fm6R/s6Z3PGXwSJN2K4eT6wQB3vXX6CVnYX9NmM= go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.19.0 h1:Nw7Dv4lwvGrI68+wULbcq7su9K2cebeCUrDjVrUJHxM= go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.19.0/go.mod h1:1MsF6Y7gTqosgoZvHlzcaaM8DIMNZgJh87ykokoNH7Y= go.opentelemetry.io/otel/exporters/zipkin v1.14.0 h1:reEVE1upBF9tcujgvSqLJS0SrI7JQPaTKP4s4rymnSs= @@ -2084,6 +2070,8 @@ gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= gopkg.in/go-playground/validator.v8 v8.18.2/go.mod h1:RX2a/7Ha8BgOhfk7j780h4/u/RRjR0eouCJSH80/M2Y= @@ -2121,28 +2109,20 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A= -k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA= -k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= -k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= -k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= -k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= -k8s.io/apimachinery v0.29.0 h1:+ACVktwyicPz0oc6MTMLwa2Pw3ouLAfAon1wPLtG48o= -k8s.io/apimachinery v0.29.0/go.mod h1:eVBxQ/cwiJxH58eK/jd/vAk4mrxmVlnpBH5J2GbMeis= -k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= -k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/client-go v0.29.0 h1:KmlDtFcrdUzOYrBhXHgKw5ycWzc3ryPX5mQe0SkG3y8= -k8s.io/client-go v0.29.0/go.mod h1:yLkXH4HKMAywcrD82KMSmfYg2DlE8mepPR4JGSo5n38= -k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= -k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= -k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= -k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 h1:avRdiaB03v88Mfvum2S3BBwkNuTlmuar4LlfO9Hajko= -k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022/go.mod h1:sIV51WBTkZrlGOJMCDZDA1IaPBUDTulPpD4y7oe038k= +k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo= +k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE= +k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk= +k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk= +k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc= +k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= +k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= knative.dev/pkg v0.0.0-20240116073220-b488e7be5902 h1:H6+JJN23fhwYWCHY1339sY6uhIyoUwDy1a8dN233fdk= knative.dev/pkg v0.0.0-20240116073220-b488e7be5902/go.mod h1:NYk8mMYoLkO7CQWnNkti4YGGnvLxN6MIDbUvtgeo0C0= lukechampine.com/blake3 v1.2.2 h1:wEAbSg0IVU4ih44CVlpMqMZMpzr5hf/6aqodLlevd/w= @@ -2152,8 +2132,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= rsc.io/tmplfunc v0.0.3 h1:53XFQh69AfOa8Tw0Jm7t+GV7KZhOi6jzsCzTtKbMvzU= rsc.io/tmplfunc v0.0.3/go.mod h1:AG3sTPzElb1Io3Yg4voV9AGZJuleGAwaVRxL9M49PhA= -sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4= -sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= +sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= +sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/release-utils v0.8.4 h1:4QVr3UgbyY/d9p74LBhg0njSVQofUsAZqYOzVZBhdBw= diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index f777f3f5..fff75f38 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -10,3 +10,7 @@ const PROVIDER_ADDR_KEY = "PROVIDER_ADDRESS" const POD_ID_KEY = "POD_ID" const TIMEOUT = 3 * time.Minute const OUTPUT_SIGNATURE_PATH = "~/.apocryph/signatures/" + +const VerificationInfoAnnotationKey = "verification-info" + +const NamespaceKey = "NAMESPACE_NAME" diff --git a/pkg/kubernetes/namespaces.go b/pkg/kubernetes/namespaces.go index 8c0b58e2..5c289525 100644 --- a/pkg/kubernetes/namespaces.go +++ b/pkg/kubernetes/namespaces.go @@ -38,7 +38,7 @@ func NewTrustedPodsNamespace(name string, pod *pb.Pod, paymentChannel *pb.Paymen }, } // force container image verification - if pod.ImageVerification { + if pod.PublicVerifiability { log.Println("Image verification is Set") namespace.Labels[SigstorePolicy] = "true" } diff --git a/pkg/kubernetes/pods.go b/pkg/kubernetes/pods.go index a2fcab29..e6afc1a0 100644 --- a/pkg/kubernetes/pods.go +++ b/pkg/kubernetes/pods.go @@ -17,6 +17,8 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + "knative.dev/pkg/ptr" k8cl "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -32,7 +34,10 @@ func updateOrCreate(ctx context.Context, resourceName, kind, namespace string, r } oldResource := GetResource(kind) - updatedResource := resource.(k8cl.Object) + updatedResource, ok := resource.(k8cl.Object) + if !ok { + return fmt.Errorf("resource does not implement client.Object") + } updatedResource.SetNamespace(namespace) updatedResource.SetName(resourceName) @@ -41,7 +46,7 @@ func updateOrCreate(ctx context.Context, resourceName, kind, namespace string, r if err != nil { log.Printf("Added New Resource: %v \n", resourceName) if err := client.Create(ctx, updatedResource); err != nil { - return fmt.Errorf("Failed creating resource:%v,%v\n", resourceName, err) + return fmt.Errorf("Failed creating resource:%v: %v\n", resourceName, err) } return nil } @@ -54,7 +59,7 @@ func updateOrCreate(ctx context.Context, resourceName, kind, namespace string, r return nil } if err := client.Create(ctx, resource.(k8cl.Object)); err != nil { - return fmt.Errorf("Failed creating resource:%v,%v\n", resourceName, err) + return fmt.Errorf("Failed creating resource %v:%v\n", resourceName, err) } return nil } @@ -104,33 +109,73 @@ func ApplyPodRequest( localhostAliases := corev1.HostAlias{IP: "127.0.0.1"} + if podManifest.PublicVerifiability { + // used only to use the routing from keda ingress controller + routeHttpsoName := "route-hso" + routeHttpso := NewHttpSo(namespace, routeHttpsoName) + serviceProxyName := "tpod-svc-proxy" + serviceProxy := &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: serviceProxyName, + }, + Spec: corev1.ServiceSpec{ + Type: corev1.ServiceTypeClusterIP, + Ports: []corev1.ServicePort{{Port: 9999, TargetPort: intstr.FromString("tpod-proxy")}}, + Selector: labels, + }, + } + routeHttpso.Spec.ScaleTargetRef.Service = serviceProxy.ObjectMeta.Name + routeHttpso.Spec.ScaleTargetRef.Port = 9999 + routeHttpso.Spec.ScaleTargetRef.APIVersion = "apps/v1" + routeHttpso.Spec.Hosts = []string{podManifest.VerificationHostPath} + routeHttpso.Spec.Replicas = &kedahttpv1alpha1.ReplicaStruct{Min: ptr.Int32(1), Max: ptr.Int32(1)} + proxyContainer := corev1.Container{ + Name: "proxy", + Image: proxyImageReference, + Ports: []corev1.ContainerPort{{ContainerPort: 9999, Name: "tpod-proxy"}}, + } + err := updateOrCreate(ctx, serviceProxyName, "Service", namespace, serviceProxy, client, update) + if err != nil { + return err + } + err = updateOrCreate(ctx, routeHttpsoName, "HttpSo", namespace, routeHttpso, client, update) + if err != nil { + return err + } + proxyContainer.Env = append(proxyContainer.Env, corev1.EnvVar{Name: constants.NamespaceKey, Value: namespace}) + podTemplate.Spec.Containers = append(podTemplate.Spec.Containers, proxyContainer) + } + + annotationValues := []string{} for i, container := range podManifest.Containers { if container.Image.VerificationDetails != nil { - // create a policy give the previously collected VerificationDetails - if podManifest.ImageVerification { - policyName := fmt.Sprintf("policy-%v-%v", podId, i) - sigstorePolicy := &policy.ClusterImagePolicy{ - TypeMeta: metav1.TypeMeta{Kind: "ClusterImagePolicy"}, ObjectMeta: metav1.ObjectMeta{Name: policyName}, - Spec: policy.ClusterImagePolicySpec{ - Images: []policy.ImagePattern{{Glob: container.Image.Url}}, - Authorities: []policy.Authority{{Keyless: &policy.KeylessRef{}}}, - }} - identity := policy.Identity{Issuer: container.Image.VerificationDetails.Issuer, Subject: container.Image.VerificationDetails.Identity} - sigstorePolicy.Spec.Authorities[0].Keyless.Identities = []policy.Identity{identity} - err := updateOrCreate(ctx, policyName, "ClusterImagePolicy", namespace, sigstorePolicy, client, update) - if err != nil { - return err - } - log.Println("Policy Created") + policyName := fmt.Sprintf("policy-%v-%v", podId, i) + sigstorePolicy := &policy.ClusterImagePolicy{ + TypeMeta: metav1.TypeMeta{Kind: "ClusterImagePolicy"}, ObjectMeta: metav1.ObjectMeta{Name: policyName}, + Spec: policy.ClusterImagePolicySpec{ + Images: []policy.ImagePattern{{Glob: container.Image.Url}}, + Authorities: []policy.Authority{{Keyless: &policy.KeylessRef{}}}, + }} + identity := policy.Identity{Issuer: container.Image.VerificationDetails.Issuer, Subject: container.Image.VerificationDetails.Identity} + sigstorePolicy.Spec.Authorities[0].Keyless.Identities = []policy.Identity{identity} + annotationValue := container.Image.Url + ":" + container.Image.VerificationDetails.Signature + annotationValues = append(annotationValues, annotationValue) + err := updateOrCreate(ctx, policyName, "ClusterImagePolicy", namespace, sigstorePolicy, client, update) + if err != nil && strings.Contains(err.Error(), "already exists") { + log.Println("warning: Policies were not deleted properly") + continue + } else { + return err } } } + deployment.Annotations = map[string]string{constants.VerificationInfoAnnotationKey: strings.Join(annotationValues, ",")} for cIdx, container := range podManifest.Containers { containerSpec := corev1.Container{ Name: container.Name, Image: images[container.Name], - ImagePullPolicy: corev1.PullNever, // make sure images are pulled localy + ImagePullPolicy: corev1.PullIfNotPresent, // make sure images are pulled localy (didn't never pull for the tpod-proxy image, for now) Command: container.Entrypoint, Args: container.Command, WorkingDir: container.WorkingDir, diff --git a/pkg/kubernetes/utils.go b/pkg/kubernetes/utils.go index 203ff0e7..0a0f6bb9 100644 --- a/pkg/kubernetes/utils.go +++ b/pkg/kubernetes/utils.go @@ -3,18 +3,50 @@ package kubernetes import ( + "context" "errors" "fmt" + "log" + "strings" pb "github.com/comrade-coop/apocryph/pkg/proto" kedahttpv1alpha1 "github.com/kedacore/http-add-on/operator/apis/http/v1alpha1" - policy "github.com/sigstore/policy-controller/pkg/apis/policy/v1alpha1" + policy "github.com/sigstore/policy-controller/pkg/apis/policy/v1beta1" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" + discovery "k8s.io/api/discovery/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + k8cl "sigs.k8s.io/controller-runtime/pkg/client" ) +var proxyImageReference = "ttl.sh/comradecoop/apocryph/tpod-proxy@sha256:fc671075e920aa8022e65b330cd8e2b56b49f9b46e4b96a958238c63c65a84f2" + +// TODO: use actual comrade account details +var proxyVerificationDetails = &pb.VerificationDetails{ + Identity: "comradecoop@email.com", + Issuer: "https://github.com/login/oauth", +} + +func CreateTpodProxyPolicy(ctx context.Context, client k8cl.Client) error { + policyName := fmt.Sprintf("tpod-policy-proxy") + sigstorePolicy := &policy.ClusterImagePolicy{ + TypeMeta: metav1.TypeMeta{Kind: "ClusterImagePolicy"}, ObjectMeta: metav1.ObjectMeta{Name: policyName}, + Spec: policy.ClusterImagePolicySpec{ + Images: []policy.ImagePattern{{Glob: proxyImageReference}}, + Authorities: []policy.Authority{{Keyless: &policy.KeylessRef{}}}, + }} + identity := policy.Identity{Issuer: proxyVerificationDetails.Issuer, Subject: proxyVerificationDetails.Identity} + sigstorePolicy.Spec.Authorities[0].Keyless.Identities = []policy.Identity{identity} + err := updateOrCreate(ctx, policyName, "ClusterImagePolicy", "default", sigstorePolicy, client, false) + if err != nil && strings.Contains(err.Error(), "already exists") { + log.Println("warning: Policies were not deleted properly") + } else { + return err + } + return nil +} + func NewService(port *pb.Container_Port, portName string, httpSO *kedahttpv1alpha1.HTTPScaledObject, labels map[string]string) (*corev1.Service, int32, error) { servicePort := int32(port.ServicePort) @@ -33,6 +65,8 @@ func NewService(port *pb.Container_Port, portName string, httpSO *kedahttpv1alph Selector: labels, }, } + // since we don't use selectors, we need to manually create the endpoint + // that routes to the tpod insights service switch ep := port.ExposedPort.(type) { case *pb.Container_Port_HostHttpHost: @@ -60,7 +94,7 @@ func NewHttpSo(namespace, name string) *kedahttpv1alpha1.HTTPScaledObject { } } -func GetResource(kind string) interface{} { +func GetResource(kind string) k8cl.Object { switch kind { case "Service": return &corev1.Service{} @@ -74,6 +108,12 @@ func GetResource(kind string) interface{} { return &kedahttpv1alpha1.HTTPScaledObject{} case "ClusterImagePolicy": return &policy.ClusterImagePolicy{} + + case "EndpointSlice": + return &discovery.EndpointSlice{} + case "Endpoints": + return &corev1.Endpoints{} + } return nil } diff --git a/pkg/proto-ts/pod_pb.ts b/pkg/proto-ts/pod_pb.ts index 3aa07a46..87fa454c 100644 --- a/pkg/proto-ts/pod_pb.ts +++ b/pkg/proto-ts/pod_pb.ts @@ -33,9 +33,14 @@ export class Pod extends Message { keyPair?: KeyPair; /** - * @generated from field: bool ImageVerification = 5; + * @generated from field: bool PublicVerifiability = 5; */ - ImageVerification = false; + PublicVerifiability = false; + + /** + * @generated from field: string VerificationHostPath = 6; + */ + VerificationHostPath = ""; constructor(data?: PartialMessage) { super(); @@ -49,7 +54,8 @@ export class Pod extends Message { { no: 2, name: "volumes", kind: "message", T: Volume, repeated: true }, { no: 3, name: "replicas", kind: "message", T: Replicas }, { no: 4, name: "keyPair", kind: "message", T: KeyPair }, - { no: 5, name: "ImageVerification", kind: "scalar", T: 8 /* ScalarType.BOOL */ }, + { no: 5, name: "PublicVerifiability", kind: "scalar", T: 8 /* ScalarType.BOOL */ }, + { no: 6, name: "VerificationHostPath", kind: "scalar", T: 9 /* ScalarType.STRING */ }, ]); static fromBinary(bytes: Uint8Array, options?: Partial): Pod { diff --git a/pkg/proto-ts/provision-pod_connect.ts b/pkg/proto-ts/provision-pod_connect.ts index 006c7d21..739c872a 100644 --- a/pkg/proto-ts/provision-pod_connect.ts +++ b/pkg/proto-ts/provision-pod_connect.ts @@ -5,7 +5,7 @@ /* eslint-disable */ // @ts-nocheck -import { DeletePodRequest, DeletePodResponse, PodLogRequest, PodLogResponse, ProvisionPodRequest, ProvisionPodResponse, UpdatePodRequest } from "./provision-pod_pb.js"; +import { DeletePodRequest, DeletePodResponse, PodInfoRequest, PodInfoResponse, PodLogRequest, PodLogResponse, ProvisionPodRequest, ProvisionPodResponse, UpdatePodRequest } from "./provision-pod_pb.js"; import { MethodKind } from "@bufbuild/protobuf"; /** @@ -41,6 +41,15 @@ export const ProvisionPodService = { O: DeletePodResponse, kind: MethodKind.Unary, }, + /** + * @generated from rpc apocryph.proto.v0.provisionPod.ProvisionPodService.GetPodInfos + */ + getPodInfos: { + name: "GetPodInfos", + I: PodInfoRequest, + O: PodInfoResponse, + kind: MethodKind.Unary, + }, /** * @generated from rpc apocryph.proto.v0.provisionPod.ProvisionPodService.GetPodLogs */ diff --git a/pkg/proto-ts/provision-pod_pb.ts b/pkg/proto-ts/provision-pod_pb.ts index 2fa83ceb..42910508 100644 --- a/pkg/proto-ts/provision-pod_pb.ts +++ b/pkg/proto-ts/provision-pod_pb.ts @@ -376,9 +376,9 @@ export class ProvisionPodResponse_ExposedHostPort extends Message { /** - * @generated from field: string containerName = 1; + * @generated from field: string ContainerName = 1; */ - containerName = ""; + ContainerName = ""; constructor(data?: PartialMessage) { super(); @@ -388,7 +388,7 @@ export class PodLogRequest extends Message { static readonly runtime: typeof proto3 = proto3; static readonly typeName = "apocryph.proto.v0.provisionPod.PodLogRequest"; static readonly fields: FieldList = proto3.util.newFieldList(() => [ - { no: 1, name: "containerName", kind: "scalar", T: 9 /* ScalarType.STRING */ }, + { no: 1, name: "ContainerName", kind: "scalar", T: 9 /* ScalarType.STRING */ }, ]); static fromBinary(bytes: Uint8Array, options?: Partial): PodLogRequest { @@ -488,3 +488,77 @@ export class LogEntry extends Message { } } +/** + * @generated from message apocryph.proto.v0.provisionPod.PodInfoRequest + */ +export class PodInfoRequest extends Message { + /** + * @generated from field: string namespace = 1; + */ + namespace = ""; + + constructor(data?: PartialMessage) { + super(); + proto3.util.initPartial(data, this); + } + + static readonly runtime: typeof proto3 = proto3; + static readonly typeName = "apocryph.proto.v0.provisionPod.PodInfoRequest"; + static readonly fields: FieldList = proto3.util.newFieldList(() => [ + { no: 1, name: "namespace", kind: "scalar", T: 9 /* ScalarType.STRING */ }, + ]); + + static fromBinary(bytes: Uint8Array, options?: Partial): PodInfoRequest { + return new PodInfoRequest().fromBinary(bytes, options); + } + + static fromJson(jsonValue: JsonValue, options?: Partial): PodInfoRequest { + return new PodInfoRequest().fromJson(jsonValue, options); + } + + static fromJsonString(jsonString: string, options?: Partial): PodInfoRequest { + return new PodInfoRequest().fromJsonString(jsonString, options); + } + + static equals(a: PodInfoRequest | PlainMessage | undefined, b: PodInfoRequest | PlainMessage | undefined): boolean { + return proto3.util.equals(PodInfoRequest, a, b); + } +} + +/** + * @generated from message apocryph.proto.v0.provisionPod.PodInfoResponse + */ +export class PodInfoResponse extends Message { + /** + * @generated from field: string info = 1; + */ + info = ""; + + constructor(data?: PartialMessage) { + super(); + proto3.util.initPartial(data, this); + } + + static readonly runtime: typeof proto3 = proto3; + static readonly typeName = "apocryph.proto.v0.provisionPod.PodInfoResponse"; + static readonly fields: FieldList = proto3.util.newFieldList(() => [ + { no: 1, name: "info", kind: "scalar", T: 9 /* ScalarType.STRING */ }, + ]); + + static fromBinary(bytes: Uint8Array, options?: Partial): PodInfoResponse { + return new PodInfoResponse().fromBinary(bytes, options); + } + + static fromJson(jsonValue: JsonValue, options?: Partial): PodInfoResponse { + return new PodInfoResponse().fromJson(jsonValue, options); + } + + static fromJsonString(jsonString: string, options?: Partial): PodInfoResponse { + return new PodInfoResponse().fromJsonString(jsonString, options); + } + + static equals(a: PodInfoResponse | PlainMessage | undefined, b: PodInfoResponse | PlainMessage | undefined): boolean { + return proto3.util.equals(PodInfoResponse, a, b); + } +} + diff --git a/pkg/proto/pod.pb.go b/pkg/proto/pod.pb.go index b4dfe644..0c810e12 100644 --- a/pkg/proto/pod.pb.go +++ b/pkg/proto/pod.pb.go @@ -123,11 +123,12 @@ type Pod struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Containers []*Container `protobuf:"bytes,1,rep,name=containers,proto3" json:"containers,omitempty"` - Volumes []*Volume `protobuf:"bytes,2,rep,name=volumes,proto3" json:"volumes,omitempty"` - Replicas *Replicas `protobuf:"bytes,3,opt,name=replicas,proto3" json:"replicas,omitempty"` - KeyPair *KeyPair `protobuf:"bytes,4,opt,name=keyPair,proto3" json:"keyPair,omitempty"` - ImageVerification bool `protobuf:"varint,5,opt,name=ImageVerification,proto3" json:"ImageVerification,omitempty"` + Containers []*Container `protobuf:"bytes,1,rep,name=containers,proto3" json:"containers,omitempty"` + Volumes []*Volume `protobuf:"bytes,2,rep,name=volumes,proto3" json:"volumes,omitempty"` + Replicas *Replicas `protobuf:"bytes,3,opt,name=replicas,proto3" json:"replicas,omitempty"` + KeyPair *KeyPair `protobuf:"bytes,4,opt,name=keyPair,proto3" json:"keyPair,omitempty"` + PublicVerifiability bool `protobuf:"varint,5,opt,name=PublicVerifiability,proto3" json:"PublicVerifiability,omitempty"` + VerificationHostPath string `protobuf:"bytes,6,opt,name=VerificationHostPath,proto3" json:"VerificationHostPath,omitempty"` } func (x *Pod) Reset() { @@ -190,13 +191,20 @@ func (x *Pod) GetKeyPair() *KeyPair { return nil } -func (x *Pod) GetImageVerification() bool { +func (x *Pod) GetPublicVerifiability() bool { if x != nil { - return x.ImageVerification + return x.PublicVerifiability } return false } +func (x *Pod) GetVerificationHostPath() string { + if x != nil { + return x.VerificationHostPath + } + return "" +} + type Container struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1101,7 +1109,7 @@ var File_pod_proto protoreflect.FileDescriptor var file_pod_proto_rawDesc = []byte{ 0x0a, 0x09, 0x70, 0x6f, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, - 0x6f, 0x64, 0x22, 0xa5, 0x02, 0x0a, 0x03, 0x50, 0x6f, 0x64, 0x12, 0x40, 0x0a, 0x0a, 0x63, 0x6f, + 0x6f, 0x64, 0x22, 0xdd, 0x02, 0x0a, 0x03, 0x50, 0x6f, 0x64, 0x12, 0x40, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, @@ -1116,146 +1124,149 @@ var file_pod_proto_rawDesc = []byte{ 0x61, 0x73, 0x12, 0x38, 0x0a, 0x07, 0x6b, 0x65, 0x79, 0x50, 0x61, 0x69, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x50, - 0x61, 0x69, 0x72, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x50, 0x61, 0x69, 0x72, 0x12, 0x2c, 0x0a, 0x11, - 0x49, 0x6d, 0x61, 0x67, 0x65, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x56, 0x65, - 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x8f, 0x06, 0x0a, 0x09, 0x43, - 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x32, 0x0a, 0x05, - 0x69, 0x6d, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x61, 0x70, - 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, - 0x70, 0x6f, 0x64, 0x2e, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, - 0x12, 0x1e, 0x0a, 0x0a, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, - 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x44, 0x69, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x44, 0x69, 0x72, 0x12, 0x3b, 0x0a, 0x05, 0x70, 0x6f, - 0x72, 0x74, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x61, 0x70, 0x6f, 0x63, - 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, - 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x6f, 0x72, 0x74, - 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x3b, 0x0a, 0x03, 0x65, 0x6e, 0x76, 0x18, 0x07, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, - 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x03, 0x65, 0x6e, 0x76, 0x12, 0x46, 0x0a, 0x07, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x18, - 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, - 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, - 0x75, 0x6e, 0x74, 0x52, 0x07, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x12, 0x4b, 0x0a, 0x10, - 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, - 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, - 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x52, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x1a, 0x36, 0x0a, 0x08, 0x45, 0x6e, 0x76, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, - 0x01, 0x1a, 0xbb, 0x01, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x24, - 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, - 0x50, 0x6f, 0x72, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, - 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x24, 0x0a, 0x0c, 0x68, 0x6f, 0x73, 0x74, 0x48, 0x74, - 0x74, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0c, - 0x68, 0x6f, 0x73, 0x74, 0x48, 0x74, 0x74, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x12, 0x22, 0x0a, 0x0b, - 0x68, 0x6f, 0x73, 0x74, 0x54, 0x63, 0x70, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x04, 0x48, 0x00, 0x52, 0x0b, 0x68, 0x6f, 0x73, 0x74, 0x54, 0x63, 0x70, 0x50, 0x6f, 0x72, 0x74, - 0x42, 0x0d, 0x0a, 0x0b, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x1a, - 0x5b, 0x0a, 0x0b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x12, - 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68, - 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x22, 0xb7, 0x01, 0x0a, - 0x05, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, 0x64, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, - 0x79, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x5c, 0x0a, 0x13, 0x76, 0x65, 0x72, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x65, - 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, - 0x73, 0x52, 0x13, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, - 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x67, 0x0a, 0x13, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x1c, 0x0a, - 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x69, - 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x69, - 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, - 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x22, - 0xca, 0x05, 0x0a, 0x06, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x36, - 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x22, 0x2e, 0x61, + 0x61, 0x69, 0x72, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x50, 0x61, 0x69, 0x72, 0x12, 0x30, 0x0a, 0x13, + 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x61, 0x62, 0x69, 0x6c, + 0x69, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x50, 0x75, 0x62, 0x6c, 0x69, + 0x63, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x32, + 0x0a, 0x14, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x6f, + 0x73, 0x74, 0x50, 0x61, 0x74, 0x68, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x56, 0x65, + 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x6f, 0x73, 0x74, 0x50, 0x61, + 0x74, 0x68, 0x22, 0x8f, 0x06, 0x0a, 0x09, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, + 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x32, 0x0a, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x49, 0x6d, 0x61, 0x67, + 0x65, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, + 0x61, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, + 0x6e, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x44, 0x69, 0x72, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x44, + 0x69, 0x72, 0x12, 0x3b, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x25, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, + 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, + 0x3b, 0x0a, 0x03, 0x65, 0x6e, 0x76, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, - 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x2e, 0x54, 0x79, 0x70, 0x65, - 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x48, 0x0a, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, - 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x61, 0x70, 0x6f, - 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, - 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, - 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4d, 0x6f, 0x64, 0x65, - 0x12, 0x50, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, + 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x45, + 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x65, 0x6e, 0x76, 0x12, 0x46, 0x0a, 0x07, + 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, + 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, + 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, + 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x07, 0x76, 0x6f, 0x6c, + 0x75, 0x6d, 0x65, 0x73, 0x12, 0x4b, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, + 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, + 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, + 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x73, 0x1a, 0x36, 0x0a, 0x08, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, + 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0xbb, 0x01, 0x0a, 0x04, 0x50, 0x6f, + 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, + 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x63, + 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x20, 0x0a, 0x0b, + 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x04, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x24, + 0x0a, 0x0c, 0x68, 0x6f, 0x73, 0x74, 0x48, 0x74, 0x74, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0c, 0x68, 0x6f, 0x73, 0x74, 0x48, 0x74, 0x74, 0x70, + 0x48, 0x6f, 0x73, 0x74, 0x12, 0x22, 0x0a, 0x0b, 0x68, 0x6f, 0x73, 0x74, 0x54, 0x63, 0x70, 0x50, + 0x6f, 0x72, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, 0x52, 0x0b, 0x68, 0x6f, 0x73, + 0x74, 0x54, 0x63, 0x70, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x0d, 0x0a, 0x0b, 0x65, 0x78, 0x70, 0x6f, + 0x73, 0x65, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x1a, 0x5b, 0x0a, 0x0b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, + 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6d, 0x6f, + 0x75, 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, + 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x61, 0x64, + 0x4f, 0x6e, 0x6c, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, + 0x4f, 0x6e, 0x6c, 0x79, 0x22, 0xb7, 0x01, 0x0a, 0x05, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x10, + 0x0a, 0x03, 0x63, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x69, 0x64, + 0x12, 0x2c, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, + 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, + 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, + 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, + 0x12, 0x5c, 0x0a, 0x13, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, + 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, + 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x13, 0x76, 0x65, 0x72, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x67, + 0x0a, 0x13, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, + 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, + 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, + 0x75, 0x72, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, + 0x16, 0x0a, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x22, 0xca, 0x05, 0x0a, 0x06, 0x56, 0x6f, 0x6c, 0x75, + 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x36, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x22, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, - 0x75, 0x6d, 0x65, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, - 0x65, 0x6d, 0x12, 0x44, 0x0a, 0x06, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, + 0x75, 0x6d, 0x65, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x48, + 0x0a, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, - 0x65, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, - 0x52, 0x06, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x1a, 0x5f, 0x0a, 0x10, 0x46, 0x69, 0x6c, 0x65, - 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x4b, 0x0a, 0x10, - 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, - 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, - 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x52, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x1a, 0xa6, 0x01, 0x0a, 0x0c, 0x53, 0x65, - 0x63, 0x72, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x70, 0x6f, 0x63, - 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, - 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x69, - 0x6c, 0x65, 0x18, 0x65, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x1a, - 0x0a, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x66, 0x20, 0x01, 0x28, 0x0c, - 0x52, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x63, 0x6f, - 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x67, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x53, 0x74, 0x72, 0x69, - 0x6e, 0x67, 0x22, 0x42, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x10, 0x0a, 0x0c, 0x56, 0x4f, - 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x45, 0x4d, 0x50, 0x54, 0x59, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, - 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x53, 0x59, 0x53, 0x54, 0x45, - 0x4d, 0x10, 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x53, 0x45, - 0x43, 0x52, 0x45, 0x54, 0x10, 0x02, 0x22, 0x33, 0x0a, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, - 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x11, 0x0a, 0x0d, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x52, - 0x57, 0x5f, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x56, 0x4f, 0x4c, 0x55, 0x4d, - 0x45, 0x5f, 0x52, 0x57, 0x5f, 0x4d, 0x41, 0x4e, 0x59, 0x10, 0x02, 0x42, 0x0f, 0x0a, 0x0d, 0x63, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x64, 0x0a, 0x08, - 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x69, 0x6e, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x6d, 0x69, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x61, - 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x6d, 0x61, 0x78, 0x12, 0x34, 0x0a, 0x15, - 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x15, 0x74, 0x61, 0x72, - 0x67, 0x65, 0x74, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x73, 0x22, 0x72, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x1a, - 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x06, 0x61, 0x6d, - 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, 0x52, 0x06, 0x61, 0x6d, - 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x24, 0x0a, 0x0c, 0x61, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x4d, 0x69, - 0x6c, 0x6c, 0x69, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, 0x52, 0x0c, 0x61, 0x6d, - 0x6f, 0x75, 0x6e, 0x74, 0x4d, 0x69, 0x6c, 0x6c, 0x69, 0x73, 0x42, 0x0a, 0x0a, 0x08, 0x71, 0x75, - 0x61, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0x19, 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x12, 0x0a, - 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, - 0x61, 0x22, 0x49, 0x0a, 0x07, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x69, 0x72, 0x12, 0x1e, 0x0a, 0x0a, - 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x1e, 0x0a, 0x0a, - 0x70, 0x75, 0x62, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0a, 0x70, 0x75, 0x62, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x42, 0x2c, 0x5a, 0x2a, - 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6d, 0x72, 0x61, - 0x64, 0x65, 0x2d, 0x63, 0x6f, 0x6f, 0x70, 0x2f, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, - 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, + 0x65, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0a, 0x61, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x50, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, + 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x61, + 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, + 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x2e, 0x46, 0x69, 0x6c, 0x65, + 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x0a, + 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x12, 0x44, 0x0a, 0x06, 0x73, 0x65, + 0x63, 0x72, 0x65, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x61, 0x70, 0x6f, + 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, + 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x06, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, + 0x1a, 0x5f, 0x0a, 0x10, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x12, 0x4b, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, + 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, + 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, + 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x73, 0x1a, 0xa6, 0x01, 0x0a, 0x0c, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, + 0x03, 0x63, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, + 0x65, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x65, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, + 0x74, 0x73, 0x18, 0x66, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, + 0x74, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x53, 0x74, + 0x72, 0x69, 0x6e, 0x67, 0x18, 0x67, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x74, + 0x65, 0x6e, 0x74, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x22, 0x42, 0x0a, 0x04, 0x54, 0x79, + 0x70, 0x65, 0x12, 0x10, 0x0a, 0x0c, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x45, 0x4d, 0x50, + 0x54, 0x59, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x46, + 0x49, 0x4c, 0x45, 0x53, 0x59, 0x53, 0x54, 0x45, 0x4d, 0x10, 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x56, + 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x53, 0x45, 0x43, 0x52, 0x45, 0x54, 0x10, 0x02, 0x22, 0x33, + 0x0a, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x11, 0x0a, 0x0d, + 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x52, 0x57, 0x5f, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, + 0x12, 0x0a, 0x0e, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x52, 0x57, 0x5f, 0x4d, 0x41, 0x4e, + 0x59, 0x10, 0x02, 0x42, 0x0f, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x64, 0x0a, 0x08, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x73, + 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x6d, + 0x69, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x61, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, + 0x03, 0x6d, 0x61, 0x78, 0x12, 0x34, 0x0a, 0x15, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x65, + 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x0d, 0x52, 0x15, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x65, 0x6e, 0x64, 0x69, + 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x22, 0x72, 0x0a, 0x08, 0x52, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x12, 0x18, 0x0a, 0x06, 0x61, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x04, 0x48, 0x00, 0x52, 0x06, 0x61, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x24, 0x0a, 0x0c, + 0x61, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x4d, 0x69, 0x6c, 0x6c, 0x69, 0x73, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x04, 0x48, 0x00, 0x52, 0x0c, 0x61, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x4d, 0x69, 0x6c, 0x6c, + 0x69, 0x73, 0x42, 0x0a, 0x0a, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0x19, + 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x22, 0x49, 0x0a, 0x07, 0x4b, 0x65, 0x79, + 0x50, 0x61, 0x69, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, + 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, + 0x65, 0x4b, 0x65, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x41, 0x64, 0x64, 0x72, 0x65, + 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x75, 0x62, 0x41, 0x64, 0x64, + 0x72, 0x65, 0x73, 0x73, 0x42, 0x2c, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6d, 0x72, 0x61, 0x64, 0x65, 0x2d, 0x63, 0x6f, 0x6f, 0x70, 0x2f, + 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/pkg/proto/protoconnect/interceptors.go b/pkg/proto/protoconnect/interceptors.go index 6775922e..f13d6662 100644 --- a/pkg/proto/protoconnect/interceptors.go +++ b/pkg/proto/protoconnect/interceptors.go @@ -51,7 +51,9 @@ func NewAuthInterceptor(c client.Client) connect.Interceptor { func (i authInterceptor) WrapUnary(handler connect.UnaryFunc) connect.UnaryFunc { return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) { fmt.Printf("Authenticating gRPC call: %v \n", req.Spec()) - + if req.Spec().Procedure == ProvisionPodServiceGetPodInfosProcedure { + return handler(ctx, req) + } expectedPublisher, err := i.authenticate(req.Header()) if err != nil { return nil, err @@ -187,6 +189,9 @@ func NewAuthInterceptorClient(deployment *pb.Deployment, expirationOffset int64, func (a *AuthInterceptorClient) WrapUnary(handler connect.UnaryFunc) connect.UnaryFunc { return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) { + if req.Spec().Procedure == ProvisionPodServiceGetPodInfosProcedure { + return handler(ctx, req) + } a.authorize(req.Spec().Procedure, req.Header()) return handler(ctx, req) } diff --git a/pkg/proto/protoconnect/provision-pod.connect.go b/pkg/proto/protoconnect/provision-pod.connect.go index d40c3ab5..9ad66380 100644 --- a/pkg/proto/protoconnect/provision-pod.connect.go +++ b/pkg/proto/protoconnect/provision-pod.connect.go @@ -44,6 +44,9 @@ const ( // ProvisionPodServiceDeletePodProcedure is the fully-qualified name of the ProvisionPodService's // DeletePod RPC. ProvisionPodServiceDeletePodProcedure = "/apocryph.proto.v0.provisionPod.ProvisionPodService/DeletePod" + // ProvisionPodServiceGetPodInfosProcedure is the fully-qualified name of the ProvisionPodService's + // GetPodInfos RPC. + ProvisionPodServiceGetPodInfosProcedure = "/apocryph.proto.v0.provisionPod.ProvisionPodService/GetPodInfos" // ProvisionPodServiceGetPodLogsProcedure is the fully-qualified name of the ProvisionPodService's // GetPodLogs RPC. ProvisionPodServiceGetPodLogsProcedure = "/apocryph.proto.v0.provisionPod.ProvisionPodService/GetPodLogs" @@ -55,6 +58,7 @@ var ( provisionPodServiceProvisionPodMethodDescriptor = provisionPodServiceServiceDescriptor.Methods().ByName("ProvisionPod") provisionPodServiceUpdatePodMethodDescriptor = provisionPodServiceServiceDescriptor.Methods().ByName("UpdatePod") provisionPodServiceDeletePodMethodDescriptor = provisionPodServiceServiceDescriptor.Methods().ByName("DeletePod") + provisionPodServiceGetPodInfosMethodDescriptor = provisionPodServiceServiceDescriptor.Methods().ByName("GetPodInfos") provisionPodServiceGetPodLogsMethodDescriptor = provisionPodServiceServiceDescriptor.Methods().ByName("GetPodLogs") ) @@ -64,6 +68,7 @@ type ProvisionPodServiceClient interface { ProvisionPod(context.Context, *connect.Request[proto.ProvisionPodRequest]) (*connect.Response[proto.ProvisionPodResponse], error) UpdatePod(context.Context, *connect.Request[proto.UpdatePodRequest]) (*connect.Response[proto.ProvisionPodResponse], error) DeletePod(context.Context, *connect.Request[proto.DeletePodRequest]) (*connect.Response[proto.DeletePodResponse], error) + GetPodInfos(context.Context, *connect.Request[proto.PodInfoRequest]) (*connect.Response[proto.PodInfoResponse], error) GetPodLogs(context.Context, *connect.Request[proto.PodLogRequest]) (*connect.ServerStreamForClient[proto.PodLogResponse], error) } @@ -96,6 +101,12 @@ func NewProvisionPodServiceClient(httpClient connect.HTTPClient, baseURL string, connect.WithSchema(provisionPodServiceDeletePodMethodDescriptor), connect.WithClientOptions(opts...), ), + getPodInfos: connect.NewClient[proto.PodInfoRequest, proto.PodInfoResponse]( + httpClient, + baseURL+ProvisionPodServiceGetPodInfosProcedure, + connect.WithSchema(provisionPodServiceGetPodInfosMethodDescriptor), + connect.WithClientOptions(opts...), + ), getPodLogs: connect.NewClient[proto.PodLogRequest, proto.PodLogResponse]( httpClient, baseURL+ProvisionPodServiceGetPodLogsProcedure, @@ -110,6 +121,7 @@ type provisionPodServiceClient struct { provisionPod *connect.Client[proto.ProvisionPodRequest, proto.ProvisionPodResponse] updatePod *connect.Client[proto.UpdatePodRequest, proto.ProvisionPodResponse] deletePod *connect.Client[proto.DeletePodRequest, proto.DeletePodResponse] + getPodInfos *connect.Client[proto.PodInfoRequest, proto.PodInfoResponse] getPodLogs *connect.Client[proto.PodLogRequest, proto.PodLogResponse] } @@ -128,6 +140,11 @@ func (c *provisionPodServiceClient) DeletePod(ctx context.Context, req *connect. return c.deletePod.CallUnary(ctx, req) } +// GetPodInfos calls apocryph.proto.v0.provisionPod.ProvisionPodService.GetPodInfos. +func (c *provisionPodServiceClient) GetPodInfos(ctx context.Context, req *connect.Request[proto.PodInfoRequest]) (*connect.Response[proto.PodInfoResponse], error) { + return c.getPodInfos.CallUnary(ctx, req) +} + // GetPodLogs calls apocryph.proto.v0.provisionPod.ProvisionPodService.GetPodLogs. func (c *provisionPodServiceClient) GetPodLogs(ctx context.Context, req *connect.Request[proto.PodLogRequest]) (*connect.ServerStreamForClient[proto.PodLogResponse], error) { return c.getPodLogs.CallServerStream(ctx, req) @@ -139,6 +156,7 @@ type ProvisionPodServiceHandler interface { ProvisionPod(context.Context, *connect.Request[proto.ProvisionPodRequest]) (*connect.Response[proto.ProvisionPodResponse], error) UpdatePod(context.Context, *connect.Request[proto.UpdatePodRequest]) (*connect.Response[proto.ProvisionPodResponse], error) DeletePod(context.Context, *connect.Request[proto.DeletePodRequest]) (*connect.Response[proto.DeletePodResponse], error) + GetPodInfos(context.Context, *connect.Request[proto.PodInfoRequest]) (*connect.Response[proto.PodInfoResponse], error) GetPodLogs(context.Context, *connect.Request[proto.PodLogRequest], *connect.ServerStream[proto.PodLogResponse]) error } @@ -166,6 +184,12 @@ func NewProvisionPodServiceHandler(svc ProvisionPodServiceHandler, opts ...conne connect.WithSchema(provisionPodServiceDeletePodMethodDescriptor), connect.WithHandlerOptions(opts...), ) + provisionPodServiceGetPodInfosHandler := connect.NewUnaryHandler( + ProvisionPodServiceGetPodInfosProcedure, + svc.GetPodInfos, + connect.WithSchema(provisionPodServiceGetPodInfosMethodDescriptor), + connect.WithHandlerOptions(opts...), + ) provisionPodServiceGetPodLogsHandler := connect.NewServerStreamHandler( ProvisionPodServiceGetPodLogsProcedure, svc.GetPodLogs, @@ -180,6 +204,8 @@ func NewProvisionPodServiceHandler(svc ProvisionPodServiceHandler, opts ...conne provisionPodServiceUpdatePodHandler.ServeHTTP(w, r) case ProvisionPodServiceDeletePodProcedure: provisionPodServiceDeletePodHandler.ServeHTTP(w, r) + case ProvisionPodServiceGetPodInfosProcedure: + provisionPodServiceGetPodInfosHandler.ServeHTTP(w, r) case ProvisionPodServiceGetPodLogsProcedure: provisionPodServiceGetPodLogsHandler.ServeHTTP(w, r) default: @@ -203,6 +229,10 @@ func (UnimplementedProvisionPodServiceHandler) DeletePod(context.Context, *conne return nil, connect.NewError(connect.CodeUnimplemented, errors.New("apocryph.proto.v0.provisionPod.ProvisionPodService.DeletePod is not implemented")) } +func (UnimplementedProvisionPodServiceHandler) GetPodInfos(context.Context, *connect.Request[proto.PodInfoRequest]) (*connect.Response[proto.PodInfoResponse], error) { + return nil, connect.NewError(connect.CodeUnimplemented, errors.New("apocryph.proto.v0.provisionPod.ProvisionPodService.GetPodInfos is not implemented")) +} + func (UnimplementedProvisionPodServiceHandler) GetPodLogs(context.Context, *connect.Request[proto.PodLogRequest], *connect.ServerStream[proto.PodLogResponse]) error { return connect.NewError(connect.CodeUnimplemented, errors.New("apocryph.proto.v0.provisionPod.ProvisionPodService.GetPodLogs is not implemented")) } diff --git a/pkg/proto/provision-pod.pb.go b/pkg/proto/provision-pod.pb.go index 10ecaab5..6e6d37a3 100644 --- a/pkg/proto/provision-pod.pb.go +++ b/pkg/proto/provision-pod.pb.go @@ -427,7 +427,7 @@ type PodLogRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - ContainerName string `protobuf:"bytes,1,opt,name=containerName,proto3" json:"containerName,omitempty"` + ContainerName string `protobuf:"bytes,1,opt,name=ContainerName,proto3" json:"ContainerName,omitempty"` } func (x *PodLogRequest) Reset() { @@ -571,6 +571,100 @@ func (x *LogEntry) GetLine() string { return "" } +type PodInfoRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` +} + +func (x *PodInfoRequest) Reset() { + *x = PodInfoRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_provision_pod_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PodInfoRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PodInfoRequest) ProtoMessage() {} + +func (x *PodInfoRequest) ProtoReflect() protoreflect.Message { + mi := &file_provision_pod_proto_msgTypes[10] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PodInfoRequest.ProtoReflect.Descriptor instead. +func (*PodInfoRequest) Descriptor() ([]byte, []int) { + return file_provision_pod_proto_rawDescGZIP(), []int{10} +} + +func (x *PodInfoRequest) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +type PodInfoResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Info string `protobuf:"bytes,1,opt,name=info,proto3" json:"info,omitempty"` +} + +func (x *PodInfoResponse) Reset() { + *x = PodInfoResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_provision_pod_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PodInfoResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PodInfoResponse) ProtoMessage() {} + +func (x *PodInfoResponse) ProtoReflect() protoreflect.Message { + mi := &file_provision_pod_proto_msgTypes[11] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PodInfoResponse.ProtoReflect.Descriptor instead. +func (*PodInfoResponse) Descriptor() ([]byte, []int) { + return file_provision_pod_proto_rawDescGZIP(), []int{11} +} + +func (x *PodInfoResponse) GetInfo() string { + if x != nil { + return x.Info + } + return "" +} + type ProvisionPodResponse_ExposedHostPort struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -584,7 +678,7 @@ type ProvisionPodResponse_ExposedHostPort struct { func (x *ProvisionPodResponse_ExposedHostPort) Reset() { *x = ProvisionPodResponse_ExposedHostPort{} if protoimpl.UnsafeEnabled { - mi := &file_provision_pod_proto_msgTypes[10] + mi := &file_provision_pod_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -597,7 +691,7 @@ func (x *ProvisionPodResponse_ExposedHostPort) String() string { func (*ProvisionPodResponse_ExposedHostPort) ProtoMessage() {} func (x *ProvisionPodResponse_ExposedHostPort) ProtoReflect() protoreflect.Message { - mi := &file_provision_pod_proto_msgTypes[10] + mi := &file_provision_pod_proto_msgTypes[12] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -701,8 +795,8 @@ var file_provision_pod_proto_rawDesc = []byte{ 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x22, 0x35, 0x0a, 0x0d, 0x50, 0x6f, 0x64, 0x4c, 0x6f, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x24, 0x0a, - 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, + 0x0d, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x56, 0x0a, 0x0e, 0x50, 0x6f, 0x64, 0x4c, 0x6f, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x44, 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, @@ -713,41 +807,54 @@ var file_provision_pod_proto_rawDesc = []byte{ 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x55, 0x6e, 0x69, 0x78, 0x45, 0x70, 0x6f, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x14, 0x4e, 0x61, 0x6e, 0x6f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x55, 0x6e, 0x69, 0x78, 0x45, 0x70, 0x6f, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6c, - 0x69, 0x6e, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6c, 0x69, 0x6e, 0x65, 0x32, - 0xe6, 0x03, 0x0a, 0x13, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x79, 0x0a, 0x0c, 0x50, 0x72, 0x6f, 0x76, 0x69, - 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x12, 0x33, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, - 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, - 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, - 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x34, 0x2e, 0x61, - 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, - 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x50, 0x72, - 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x73, 0x0a, 0x09, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x6f, 0x64, 0x12, - 0x30, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, - 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x6f, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x34, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, - 0x6f, 0x64, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x70, 0x0a, 0x09, 0x44, 0x65, 0x6c, 0x65, 0x74, - 0x65, 0x50, 0x6f, 0x64, 0x12, 0x30, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, - 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x6f, 0x64, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, + 0x69, 0x6e, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6c, 0x69, 0x6e, 0x65, 0x22, + 0x2e, 0x0a, 0x0e, 0x50, 0x6f, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x22, + 0x25, 0x0a, 0x0f, 0x50, 0x6f, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x69, 0x6e, 0x66, 0x6f, 0x32, 0xd6, 0x04, 0x0a, 0x13, 0x50, 0x72, 0x6f, 0x76, 0x69, + 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x79, + 0x0a, 0x0c, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x12, 0x33, + 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, + 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, + 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x34, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, + 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, + 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x73, 0x0a, 0x09, 0x55, 0x70, 0x64, + 0x61, 0x74, 0x65, 0x50, 0x6f, 0x64, 0x12, 0x30, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, - 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x6f, - 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6d, 0x0a, 0x0a, 0x47, 0x65, 0x74, - 0x50, 0x6f, 0x64, 0x4c, 0x6f, 0x67, 0x73, 0x12, 0x2d, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, - 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, - 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x50, 0x6f, 0x64, 0x4c, 0x6f, 0x67, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, - 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, - 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x50, 0x6f, 0x64, 0x4c, 0x6f, 0x67, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x42, 0x2c, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6d, 0x72, 0x61, 0x64, 0x65, 0x2d, 0x63, - 0x6f, 0x6f, 0x70, 0x2f, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2f, 0x70, 0x6b, 0x67, - 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x6f, + 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x34, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, + 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, + 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, + 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x70, + 0x0a, 0x09, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x6f, 0x64, 0x12, 0x30, 0x2e, 0x61, 0x70, + 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, + 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x44, 0x65, 0x6c, + 0x65, 0x74, 0x65, 0x50, 0x6f, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, + 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, + 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x44, + 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x6f, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x12, 0x6e, 0x0a, 0x0b, 0x47, 0x65, 0x74, 0x50, 0x6f, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x73, 0x12, + 0x2e, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, + 0x2e, 0x50, 0x6f, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x2f, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, + 0x2e, 0x50, 0x6f, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x12, 0x6d, 0x0a, 0x0a, 0x47, 0x65, 0x74, 0x50, 0x6f, 0x64, 0x4c, 0x6f, 0x67, 0x73, 0x12, 0x2d, + 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, + 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, + 0x50, 0x6f, 0x64, 0x4c, 0x6f, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, + 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, + 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x50, + 0x6f, 0x64, 0x4c, 0x6f, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x42, + 0x2c, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, + 0x6d, 0x72, 0x61, 0x64, 0x65, 0x2d, 0x63, 0x6f, 0x6f, 0x70, 0x2f, 0x61, 0x70, 0x6f, 0x63, 0x72, + 0x79, 0x70, 0x68, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -762,7 +869,7 @@ func file_provision_pod_proto_rawDescGZIP() []byte { return file_provision_pod_proto_rawDescData } -var file_provision_pod_proto_msgTypes = make([]protoimpl.MessageInfo, 11) +var file_provision_pod_proto_msgTypes = make([]protoimpl.MessageInfo, 13) var file_provision_pod_proto_goTypes = []interface{}{ (*ProvisionPodRequest)(nil), // 0: apocryph.proto.v0.provisionPod.ProvisionPodRequest (*DeletePodRequest)(nil), // 1: apocryph.proto.v0.provisionPod.DeletePodRequest @@ -774,26 +881,30 @@ var file_provision_pod_proto_goTypes = []interface{}{ (*PodLogRequest)(nil), // 7: apocryph.proto.v0.provisionPod.PodLogRequest (*PodLogResponse)(nil), // 8: apocryph.proto.v0.provisionPod.PodLogResponse (*LogEntry)(nil), // 9: apocryph.proto.v0.provisionPod.LogEntry - (*ProvisionPodResponse_ExposedHostPort)(nil), // 10: apocryph.proto.v0.provisionPod.ProvisionPodResponse.ExposedHostPort - (*Pod)(nil), // 11: apocryph.proto.v0.pod.Pod + (*PodInfoRequest)(nil), // 10: apocryph.proto.v0.provisionPod.PodInfoRequest + (*PodInfoResponse)(nil), // 11: apocryph.proto.v0.provisionPod.PodInfoResponse + (*ProvisionPodResponse_ExposedHostPort)(nil), // 12: apocryph.proto.v0.provisionPod.ProvisionPodResponse.ExposedHostPort + (*Pod)(nil), // 13: apocryph.proto.v0.pod.Pod } var file_provision_pod_proto_depIdxs = []int32{ - 11, // 0: apocryph.proto.v0.provisionPod.ProvisionPodRequest.pod:type_name -> apocryph.proto.v0.pod.Pod + 13, // 0: apocryph.proto.v0.provisionPod.ProvisionPodRequest.pod:type_name -> apocryph.proto.v0.pod.Pod 5, // 1: apocryph.proto.v0.provisionPod.ProvisionPodRequest.payment:type_name -> apocryph.proto.v0.provisionPod.PaymentChannel - 11, // 2: apocryph.proto.v0.provisionPod.UpdatePodRequest.pod:type_name -> apocryph.proto.v0.pod.Pod + 13, // 2: apocryph.proto.v0.provisionPod.UpdatePodRequest.pod:type_name -> apocryph.proto.v0.pod.Pod 5, // 3: apocryph.proto.v0.provisionPod.UpdatePodRequest.payment:type_name -> apocryph.proto.v0.provisionPod.PaymentChannel - 10, // 4: apocryph.proto.v0.provisionPod.ProvisionPodResponse.addresses:type_name -> apocryph.proto.v0.provisionPod.ProvisionPodResponse.ExposedHostPort + 12, // 4: apocryph.proto.v0.provisionPod.ProvisionPodResponse.addresses:type_name -> apocryph.proto.v0.provisionPod.ProvisionPodResponse.ExposedHostPort 9, // 5: apocryph.proto.v0.provisionPod.PodLogResponse.logEntry:type_name -> apocryph.proto.v0.provisionPod.LogEntry 0, // 6: apocryph.proto.v0.provisionPod.ProvisionPodService.ProvisionPod:input_type -> apocryph.proto.v0.provisionPod.ProvisionPodRequest 3, // 7: apocryph.proto.v0.provisionPod.ProvisionPodService.UpdatePod:input_type -> apocryph.proto.v0.provisionPod.UpdatePodRequest 1, // 8: apocryph.proto.v0.provisionPod.ProvisionPodService.DeletePod:input_type -> apocryph.proto.v0.provisionPod.DeletePodRequest - 7, // 9: apocryph.proto.v0.provisionPod.ProvisionPodService.GetPodLogs:input_type -> apocryph.proto.v0.provisionPod.PodLogRequest - 6, // 10: apocryph.proto.v0.provisionPod.ProvisionPodService.ProvisionPod:output_type -> apocryph.proto.v0.provisionPod.ProvisionPodResponse - 6, // 11: apocryph.proto.v0.provisionPod.ProvisionPodService.UpdatePod:output_type -> apocryph.proto.v0.provisionPod.ProvisionPodResponse - 2, // 12: apocryph.proto.v0.provisionPod.ProvisionPodService.DeletePod:output_type -> apocryph.proto.v0.provisionPod.DeletePodResponse - 8, // 13: apocryph.proto.v0.provisionPod.ProvisionPodService.GetPodLogs:output_type -> apocryph.proto.v0.provisionPod.PodLogResponse - 10, // [10:14] is the sub-list for method output_type - 6, // [6:10] is the sub-list for method input_type + 10, // 9: apocryph.proto.v0.provisionPod.ProvisionPodService.GetPodInfos:input_type -> apocryph.proto.v0.provisionPod.PodInfoRequest + 7, // 10: apocryph.proto.v0.provisionPod.ProvisionPodService.GetPodLogs:input_type -> apocryph.proto.v0.provisionPod.PodLogRequest + 6, // 11: apocryph.proto.v0.provisionPod.ProvisionPodService.ProvisionPod:output_type -> apocryph.proto.v0.provisionPod.ProvisionPodResponse + 6, // 12: apocryph.proto.v0.provisionPod.ProvisionPodService.UpdatePod:output_type -> apocryph.proto.v0.provisionPod.ProvisionPodResponse + 2, // 13: apocryph.proto.v0.provisionPod.ProvisionPodService.DeletePod:output_type -> apocryph.proto.v0.provisionPod.DeletePodResponse + 11, // 14: apocryph.proto.v0.provisionPod.ProvisionPodService.GetPodInfos:output_type -> apocryph.proto.v0.provisionPod.PodInfoResponse + 8, // 15: apocryph.proto.v0.provisionPod.ProvisionPodService.GetPodLogs:output_type -> apocryph.proto.v0.provisionPod.PodLogResponse + 11, // [11:16] is the sub-list for method output_type + 6, // [6:11] is the sub-list for method input_type 6, // [6:6] is the sub-list for extension type_name 6, // [6:6] is the sub-list for extension extendee 0, // [0:6] is the sub-list for field type_name @@ -927,6 +1038,30 @@ func file_provision_pod_proto_init() { } } file_provision_pod_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PodInfoRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_provision_pod_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PodInfoResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_provision_pod_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*ProvisionPodResponse_ExposedHostPort); i { case 0: return &v.state @@ -945,7 +1080,7 @@ func file_provision_pod_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_provision_pod_proto_rawDesc, NumEnums: 0, - NumMessages: 11, + NumMessages: 13, NumExtensions: 0, NumServices: 1, }, diff --git a/pkg/provider/server.go b/pkg/provider/server.go index 7a47a020..90359939 100644 --- a/pkg/provider/server.go +++ b/pkg/provider/server.go @@ -24,6 +24,7 @@ import ( v1 "k8s.io/api/core/v1" meta "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" + cl "sigs.k8s.io/controller-runtime/pkg/client" ) type provisionPodServer struct { @@ -44,6 +45,23 @@ func transformError(err error) (*connect.Response[pb.ProvisionPodResponse], erro }), nil } +func (s *provisionPodServer) GetPodInfos(ctx context.Context, request *connect.Request[pb.PodInfoRequest]) (*connect.Response[pb.PodInfoResponse], error) { + log.Printf("Received Request for retreiving info on namespace: %v \n", request.Msg.Namespace) + list := &appsv1.DeploymentList{} + err := s.k8cl.List(ctx, list, &cl.ListOptions{Namespace: request.Msg.Namespace}) + if err != nil { + return nil, err + } + var info strings.Builder + for _, rsrc := range list.Items { + for k, v := range rsrc.Annotations { + info.WriteString(k + ":" + v + ",") + } + } + response := &pb.PodInfoResponse{Info: info.String()} + return connect.NewResponse(response), nil +} + func (s *provisionPodServer) DeletePod(ctx context.Context, request *connect.Request[pb.DeletePodRequest]) (*connect.Response[pb.DeletePodResponse], error) { log.Println("Received request for pod deletion") @@ -137,6 +155,7 @@ func (s *provisionPodServer) ProvisionPod(ctx context.Context, request *connect. } response := &pb.ProvisionPodResponse{} + ns := tpk8s.NewTrustedPodsNamespace(namespace, request.Msg.Pod, request.Msg.Payment) err = tpk8s.RunInNamespaceOrRevert(ctx, s.k8cl, ns, s.dryRun, func(cl client.Client) error { return tpk8s.ApplyPodRequest(ctx, cl, ns.ObjectMeta.Name, false, request.Msg.Pod, request.Msg.Payment, images, secrets, response) @@ -152,6 +171,12 @@ func (s *provisionPodServer) ProvisionPod(ctx context.Context, request *connect. } func NewTPodServerHandler(ipfsApi string, ipfs *rpc.HttpApi, dryRun bool, ctrdClient *containerd.Client, k8cl client.Client, localOciRegistry string, validator *ethereum.PaymentChannelValidator, lokiHost string) (string, http.Handler) { + + // create the global tpod-proxy policy + err := tpk8s.CreateTpodProxyPolicy(context.Background(), k8cl) + if err != nil { + log.Printf("warning: failed creating policy: %v\n", err) + } return pbcon.NewProvisionPodServiceHandler(&provisionPodServer{ ipfs: ipfs, ipfsApi: ipfsApi, diff --git a/pkg/proxy/proxy.go b/pkg/proxy/proxy.go new file mode 100644 index 00000000..3b781132 --- /dev/null +++ b/pkg/proxy/proxy.go @@ -0,0 +1,59 @@ +package main + +import ( + "context" + "fmt" + "log" + "net/http" + "net/url" + "os" + + "connectrpc.com/connect" + "github.com/comrade-coop/apocryph/pkg/constants" + pb "github.com/comrade-coop/apocryph/pkg/proto" + pbcon "github.com/comrade-coop/apocryph/pkg/proto/protoconnect" +) + +// TargetServerURL is the URL of the server to forward the request to +const TargetServerURL = "tpodserver.trustedpods.svc.cluster.local:8080" + +func main() { + http.HandleFunc("/", handler) + log.Printf("Server is listening on port 9999") + log.Fatal(http.ListenAndServe(":9999", nil)) +} + +func handler(w http.ResponseWriter, r *http.Request) { + // Get the environment variable value + namespace := os.Getenv(constants.NamespaceKey) + if namespace == "" { + http.Error(w, "Environment variable not set", http.StatusInternalServerError) + return + } + + r.Header.Set("X-Namespace", namespace) + client := pbcon.NewProvisionPodServiceClient( + http.DefaultClient, + (&url.URL{Scheme: "http", Host: TargetServerURL}).String()) + // Forward the request to the target server + request := pb.PodInfoRequest{Namespace: namespace} + info, err := forwardRequest(client, &request) + if err != nil { + http.Error(w, fmt.Sprintf("Error forwarding request: %v", err), http.StatusInternalServerError) + return + } + + // Write the info string to the response + w.Header().Set("Content-Type", "text/plain") + w.WriteHeader(http.StatusOK) + _, _ = w.Write([]byte(info)) +} + +func forwardRequest(client pbcon.ProvisionPodServiceClient, request *pb.PodInfoRequest) (string, error) { + response, err := client.GetPodInfos(context.Background(), connect.NewRequest(request)) + if err != nil { + return "", err + } + log.Printf("Retrived info: %v\n", response.Msg.Info) + return response.Msg.Info, nil +} diff --git a/proto/pod.proto b/proto/pod.proto index ac62b56c..6f2da491 100644 --- a/proto/pod.proto +++ b/proto/pod.proto @@ -10,7 +10,8 @@ message Pod { repeated Volume volumes = 2; Replicas replicas = 3; KeyPair keyPair = 4; - bool ImageVerification = 5; + bool PublicVerifiability = 5; + string VerificationHostPath = 6; } message Container { diff --git a/proto/provision-pod.proto b/proto/provision-pod.proto index 43b407e9..90003b87 100644 --- a/proto/provision-pod.proto +++ b/proto/provision-pod.proto @@ -10,6 +10,7 @@ service ProvisionPodService { rpc ProvisionPod(ProvisionPodRequest) returns (ProvisionPodResponse); rpc UpdatePod(UpdatePodRequest) returns (ProvisionPodResponse); rpc DeletePod(DeletePodRequest) returns (DeletePodResponse); + rpc GetPodInfos(PodInfoRequest) returns (PodInfoResponse); rpc GetPodLogs(PodLogRequest) returns (stream PodLogResponse); } @@ -55,7 +56,7 @@ message ProvisionPodResponse { } message PodLogRequest{ - string containerName = 1; + string ContainerName = 1; } message PodLogResponse{ @@ -66,3 +67,11 @@ message LogEntry{ uint64 NanosecondsUnixEpoch = 1; string line= 2; } + +message PodInfoRequest{ + string namespace = 1; +} + +message PodInfoResponse{ + string info = 1; +} diff --git a/test/e2e/common/manifests/manifest-attestation-nginx.yaml b/test/e2e/common/manifests/manifest-attestation-nginx.yaml index c3f1e86d..d04aa013 100644 --- a/test/e2e/common/manifests/manifest-attestation-nginx.yaml +++ b/test/e2e/common/manifests/manifest-attestation-nginx.yaml @@ -3,7 +3,7 @@ containers: image: url: ttl.sh/nginx-hello@sha256:631c081135cc6a81ad685f39d107d9eb6140d3a2265b0aa6792346f06936de72 ports: - - containerPort: '8080' + - containerPort: '9090' hostHttpHost: example.local name: internal resourceRequests: @@ -14,4 +14,5 @@ containers: replicas: min: 1 max: 1 -ImageVerification: true +PublicVerifiability: true +VerificationHostPath: example.local.info diff --git a/test/e2e/common/scripts/build-images.sh b/test/e2e/common/scripts/build-images.sh index 95501e47..b7f8213c 100755 --- a/test/e2e/common/scripts/build-images.sh +++ b/test/e2e/common/scripts/build-images.sh @@ -6,6 +6,8 @@ docker build -t comradecoop/apocryph/p2p-helper:latest ../../../../ --target p2p docker build -t comradecoop/apocryph/autoscaler:latest ../../../../ --target autoscaler +docker build -t comradecoop/apocryph/tpod-proxy:latest ../../../../ --target tpod-proxy + docker tag comradecoop/apocryph/server:latest localhost:5000/comradecoop/apocryph/server:latest docker push localhost:5000/comradecoop/apocryph/server:latest @@ -14,4 +16,3 @@ docker push localhost:5000/comradecoop/apocryph/p2p-helper:latest docker tag comradecoop/apocryph/autoscaler:latest localhost:5000/comradecoop/apocryph/autoscaler:latest docker push localhost:5000/comradecoop/apocryph/autoscaler:latest - diff --git a/test/e2e/minikube/deploy-pod.sh b/test/e2e/minikube/deploy-pod.sh index 16598ef5..ee26370f 100755 --- a/test/e2e/minikube/deploy-pod.sh +++ b/test/e2e/minikube/deploy-pod.sh @@ -8,6 +8,7 @@ REGISTRY_CONTRACT=$(cat ../../../contracts/broadcast/Deploy.s.sol/31337/run-late FUNDS=10000000000000000000000 set +v +sudo chmod o+rw /run/containerd/containerd.sock set -x ## Configure provider/in-cluster IPFS and publisher IPFS ## diff --git a/test/e2e/minikube/run-attestation-test.sh b/test/e2e/minikube/run-attestation-test.sh index 2d355dd5..2a34f7c9 100755 --- a/test/e2e/minikube/run-attestation-test.sh +++ b/test/e2e/minikube/run-attestation-test.sh @@ -3,13 +3,33 @@ set -e echo "USAGE: $0 CERTIFICATE_IDENTITY CERTIFICATE_OIDC_ISSUER" echo "EXAMPLE: $0 example@email.com https://github.com/login/oauth" -echo "NOTE: The oidc-issuer for Google is https://accounts.google.com, Microsoft is https://login.microsoftonline.com, GitHub is https://github.com/login/oauth, and GitLab is https://gitlab.com." +set -v +# NOTE: The oidc-issuer for Google is https://accounts.google.com, Microsoft is https://login.microsoftonline.com, GitHub is https://github.com/login/oauth, and GitLab is https://gitlab.com." + +# based on https://stackoverflow.com/a/31269848 / https://bobcopeland.com/blog/2012/10/goto-in-bash/ +if [ -n "$3" ]; then + STEP=${3:-1} + eval "set -v; $(sed -n "/## $STEP: /{:a;n;p;ba};" $0)" + exit +fi docker pull nginxdemos/nginx-hello@sha256:2ab1f0bef4461020a1aabee4260a1fe93b03ed69d7f72908acca3a7ec33cb1c0 docker tag docker.io/nginxdemos/nginx-hello:latest ttl.sh/nginx-hello:1h docker push ttl.sh/nginx-hello:1h +# for demenstration purposes, we push tpod-proxy and sign it +docker tag comradecoop/apocryph/tpod-proxy:latest ttl.sh/comradecoop/apocryph/tpod-proxy:5h +docker push ttl.sh/comradecoop/apocryph/tpod-proxy:5h +cosign sign ttl.sh/comradecoop/apocryph/tpod-proxy@sha256:bdb4782d4d3100991121ca7a25a2c451da2308332503e5e934275e6ef77ea5ab + CERTIFICATE_IDENTITY=$1 CERTIFICATE_OIDC_ISSUER=$2 -./deploy-pod.sh ../common/manifests/manifest-attestation-nginx.yaml --sign-images --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER +./deploy-pod.sh ../common/manifests/manifest-attestation-nginx.yaml --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER + +## 2: Get Application info +INGRESS_URL=$(minikube service -n keda ingress-nginx-controller --url=true -p c1 | head -n 1); echo $INGRESS_URL +MANIFEST_HOST=example.local.info # From manifest-nginx.yaml + +while ! curl --connect-timeout 40 -H "Host: $MANIFEST_HOST" $INGRESS_URL --fail-with-body; do sleep 10; done +curl -H "Host: $MANIFEST_HOST" $INGRESS_URL --fail-with-body From 1ed2571021ec037c54d50a9a422d1d347e330883 Mon Sep 17 00:00:00 2001 From: revoltez Date: Wed, 28 Aug 2024 14:00:20 +0100 Subject: [PATCH 10/22] chore: deploy tpod proxy policy with the chart remove manual deployment with hardcoded values --- cmd/tpodserver/listen.go | 4 ++- cmd/tpodserver/manifest.go | 2 +- pkg/kubernetes/pods.go | 3 +- pkg/kubernetes/utils.go | 30 ------------------- pkg/provider/server.go | 14 ++++----- test/e2e/common/scripts/build-images.sh | 7 +++++ test/e2e/common/scripts/redeploy-images.sh | 7 ++++- test/e2e/minikube/run-attestation-test.sh | 22 +++++++------- .../trustedpods/templates/proxypolicy.yml | 13 ++++++++ .../trustedpods/templates/tpodserver.yml | 1 + test/e2e/minikube/trustedpods/values.yaml | 8 +++-- 11 files changed, 56 insertions(+), 55 deletions(-) create mode 100644 test/e2e/minikube/trustedpods/templates/proxypolicy.yml diff --git a/cmd/tpodserver/listen.go b/cmd/tpodserver/listen.go index a41a2581..a0664ef3 100644 --- a/cmd/tpodserver/listen.go +++ b/cmd/tpodserver/listen.go @@ -19,6 +19,7 @@ import ( var ipfsApi string var serveAddress string var localOciRegistry string +var proxyImage string var listenCmd = &cobra.Command{ Use: "listen", @@ -67,7 +68,7 @@ var listenCmd = &cobra.Command{ } mux := http.NewServeMux() - mux.Handle(provider.NewTPodServerHandler(ipfsApi, ipfs, dryRun, ctrdClient, k8cl, localOciRegistry, validator, "loki.loki.svc.cluster.local:3100")) + mux.Handle(provider.NewTPodServerHandler(ipfsApi, ipfs, dryRun, ctrdClient, k8cl, localOciRegistry, validator, "loki.loki.svc.cluster.local:3100", proxyImage)) server := &http.Server{Handler: mux} go server.Serve(listener) @@ -91,4 +92,5 @@ func init() { listenCmd.Flags().StringVar(&localOciRegistry, "oci-registry", "", "OCI registry used to resolve IPDR images") listenCmd.Flags().StringVar(ðereumRpc, "ethereum-rpc", "http://127.0.0.1:8545", "client public address") listenCmd.Flags().StringVar(&providerKey, "ethereum-key", "", "provider account string (private key | http[s]://clef#account | /keystore#account | account (in default keystore))") + listenCmd.Flags().StringVar(&proxyImage, "proxy-image", "", "tpod proxy image url (with digest instead of tags)") } diff --git a/cmd/tpodserver/manifest.go b/cmd/tpodserver/manifest.go index b5bc11ad..06bf1505 100644 --- a/cmd/tpodserver/manifest.go +++ b/cmd/tpodserver/manifest.go @@ -61,7 +61,7 @@ var applyManifestCmd = &cobra.Command{ response := &pb.ProvisionPodResponse{} namespace := tpk8s.NewTrustedPodsNamespace("tpods-xx", pod, nil) err = tpk8s.RunInNamespaceOrRevert(cmd.Context(), cl, namespace, dryRun, func(cl client.Client) error { - return tpk8s.ApplyPodRequest(cmd.Context(), cl, namespace.ObjectMeta.Name, false, pod, nil, images, secrets, response) + return tpk8s.ApplyPodRequest(cmd.Context(), cl, namespace.ObjectMeta.Name, false, pod, nil, images, secrets, response, "") }) if err != nil { return err diff --git a/pkg/kubernetes/pods.go b/pkg/kubernetes/pods.go index e6afc1a0..b44c7b76 100644 --- a/pkg/kubernetes/pods.go +++ b/pkg/kubernetes/pods.go @@ -74,6 +74,7 @@ func ApplyPodRequest( images map[string]string, secrets map[string][]byte, response *pb.ProvisionPodResponse, + proxyImage string, ) error { if podManifest == nil { return fmt.Errorf("Expected value for pod") @@ -131,7 +132,7 @@ func ApplyPodRequest( routeHttpso.Spec.Replicas = &kedahttpv1alpha1.ReplicaStruct{Min: ptr.Int32(1), Max: ptr.Int32(1)} proxyContainer := corev1.Container{ Name: "proxy", - Image: proxyImageReference, + Image: proxyImage, Ports: []corev1.ContainerPort{{ContainerPort: 9999, Name: "tpod-proxy"}}, } err := updateOrCreate(ctx, serviceProxyName, "Service", namespace, serviceProxy, client, update) diff --git a/pkg/kubernetes/utils.go b/pkg/kubernetes/utils.go index 0a0f6bb9..5a56a847 100644 --- a/pkg/kubernetes/utils.go +++ b/pkg/kubernetes/utils.go @@ -3,11 +3,8 @@ package kubernetes import ( - "context" "errors" "fmt" - "log" - "strings" pb "github.com/comrade-coop/apocryph/pkg/proto" kedahttpv1alpha1 "github.com/kedacore/http-add-on/operator/apis/http/v1alpha1" @@ -20,33 +17,6 @@ import ( k8cl "sigs.k8s.io/controller-runtime/pkg/client" ) -var proxyImageReference = "ttl.sh/comradecoop/apocryph/tpod-proxy@sha256:fc671075e920aa8022e65b330cd8e2b56b49f9b46e4b96a958238c63c65a84f2" - -// TODO: use actual comrade account details -var proxyVerificationDetails = &pb.VerificationDetails{ - Identity: "comradecoop@email.com", - Issuer: "https://github.com/login/oauth", -} - -func CreateTpodProxyPolicy(ctx context.Context, client k8cl.Client) error { - policyName := fmt.Sprintf("tpod-policy-proxy") - sigstorePolicy := &policy.ClusterImagePolicy{ - TypeMeta: metav1.TypeMeta{Kind: "ClusterImagePolicy"}, ObjectMeta: metav1.ObjectMeta{Name: policyName}, - Spec: policy.ClusterImagePolicySpec{ - Images: []policy.ImagePattern{{Glob: proxyImageReference}}, - Authorities: []policy.Authority{{Keyless: &policy.KeylessRef{}}}, - }} - identity := policy.Identity{Issuer: proxyVerificationDetails.Issuer, Subject: proxyVerificationDetails.Identity} - sigstorePolicy.Spec.Authorities[0].Keyless.Identities = []policy.Identity{identity} - err := updateOrCreate(ctx, policyName, "ClusterImagePolicy", "default", sigstorePolicy, client, false) - if err != nil && strings.Contains(err.Error(), "already exists") { - log.Println("warning: Policies were not deleted properly") - } else { - return err - } - return nil -} - func NewService(port *pb.Container_Port, portName string, httpSO *kedahttpv1alpha1.HTTPScaledObject, labels map[string]string) (*corev1.Service, int32, error) { servicePort := int32(port.ServicePort) diff --git a/pkg/provider/server.go b/pkg/provider/server.go index 90359939..804c32f3 100644 --- a/pkg/provider/server.go +++ b/pkg/provider/server.go @@ -37,6 +37,7 @@ type provisionPodServer struct { paymentValidator *ethereum.PaymentChannelValidator localOciRegistry string dryRun bool + proxyImage string } func transformError(err error) (*connect.Response[pb.ProvisionPodResponse], error) { @@ -96,7 +97,7 @@ func (s *provisionPodServer) UpdatePod(ctx context.Context, request *connect.Req namespace := pbcon.GetNamespace(request) response := &pb.ProvisionPodResponse{} - err = tpk8s.ApplyPodRequest(ctx, s.k8cl, namespace, true, request.Msg.Pod, request.Msg.Payment, images, secrets, response) + err = tpk8s.ApplyPodRequest(ctx, s.k8cl, namespace, true, request.Msg.Pod, request.Msg.Payment, images, secrets, response, s.proxyImage) if err != nil { return transformError(err) } @@ -158,7 +159,7 @@ func (s *provisionPodServer) ProvisionPod(ctx context.Context, request *connect. ns := tpk8s.NewTrustedPodsNamespace(namespace, request.Msg.Pod, request.Msg.Payment) err = tpk8s.RunInNamespaceOrRevert(ctx, s.k8cl, ns, s.dryRun, func(cl client.Client) error { - return tpk8s.ApplyPodRequest(ctx, cl, ns.ObjectMeta.Name, false, request.Msg.Pod, request.Msg.Payment, images, secrets, response) + return tpk8s.ApplyPodRequest(ctx, cl, ns.ObjectMeta.Name, false, request.Msg.Pod, request.Msg.Payment, images, secrets, response, s.proxyImage) }) if err != nil { return transformError(err) @@ -170,13 +171,7 @@ func (s *provisionPodServer) ProvisionPod(ctx context.Context, request *connect. return connect.NewResponse(response), nil } -func NewTPodServerHandler(ipfsApi string, ipfs *rpc.HttpApi, dryRun bool, ctrdClient *containerd.Client, k8cl client.Client, localOciRegistry string, validator *ethereum.PaymentChannelValidator, lokiHost string) (string, http.Handler) { - - // create the global tpod-proxy policy - err := tpk8s.CreateTpodProxyPolicy(context.Background(), k8cl) - if err != nil { - log.Printf("warning: failed creating policy: %v\n", err) - } +func NewTPodServerHandler(ipfsApi string, ipfs *rpc.HttpApi, dryRun bool, ctrdClient *containerd.Client, k8cl client.Client, localOciRegistry string, validator *ethereum.PaymentChannelValidator, lokiHost string, proxyImage string) (string, http.Handler) { return pbcon.NewProvisionPodServiceHandler(&provisionPodServer{ ipfs: ipfs, ipfsApi: ipfsApi, @@ -186,6 +181,7 @@ func NewTPodServerHandler(ipfsApi string, ipfs *rpc.HttpApi, dryRun bool, ctrdCl paymentValidator: validator, localOciRegistry: localOciRegistry, dryRun: dryRun, + proxyImage: proxyImage, }, connect.WithInterceptors( pbcon.NewAuthInterceptor(k8cl), )) diff --git a/test/e2e/common/scripts/build-images.sh b/test/e2e/common/scripts/build-images.sh index b7f8213c..f7304ee5 100755 --- a/test/e2e/common/scripts/build-images.sh +++ b/test/e2e/common/scripts/build-images.sh @@ -16,3 +16,10 @@ docker push localhost:5000/comradecoop/apocryph/p2p-helper:latest docker tag comradecoop/apocryph/autoscaler:latest localhost:5000/comradecoop/apocryph/autoscaler:latest docker push localhost:5000/comradecoop/apocryph/autoscaler:latest + +# TODO tag,sign & push to a proper registry instead of ttl +# for demenstration purposes, we push tpod-proxy and sign it +docker tag comradecoop/apocryph/tpod-proxy:latest ttl.sh/comradecoop/apocryph/tpod-proxy:5h +docker push ttl.sh/comradecoop/apocryph/tpod-proxy:5h +IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' comradecoop/apocryph/tpod-proxy) +# cosign sign $IMAGE_DIGEST diff --git a/test/e2e/common/scripts/redeploy-images.sh b/test/e2e/common/scripts/redeploy-images.sh index e951bc41..841f317d 100755 --- a/test/e2e/common/scripts/redeploy-images.sh +++ b/test/e2e/common/scripts/redeploy-images.sh @@ -1,6 +1,11 @@ #!/bin/bash + +cd "$(dirname "$0")" ./build-images.sh minikube profile c1 kubectl delete namespace trustedpods + +# delete old image policy +kubectl delete ClusterImagePolicy tpod-proxy-policy # will use default withdraw address & eth keys specefied in values.yaml -helmfile apply -f ../../minikube -l name=trustedpods --skip-deps +helmfile apply -f ../../minikube -l name=trustedpods --skip-deps $1 $2 $3 $4 $5 $6 diff --git a/test/e2e/minikube/run-attestation-test.sh b/test/e2e/minikube/run-attestation-test.sh index 2a34f7c9..88d4ec6c 100755 --- a/test/e2e/minikube/run-attestation-test.sh +++ b/test/e2e/minikube/run-attestation-test.sh @@ -1,7 +1,7 @@ #!/bin/sh set -e -echo "USAGE: $0 CERTIFICATE_IDENTITY CERTIFICATE_OIDC_ISSUER" +echo "USAGE: $0 CERTIFICATE_IDENTITY CERTIFICATE_OIDC_ISSUER STEP" echo "EXAMPLE: $0 example@email.com https://github.com/login/oauth" set -v # NOTE: The oidc-issuer for Google is https://accounts.google.com, Microsoft is https://login.microsoftonline.com, GitHub is https://github.com/login/oauth, and GitLab is https://gitlab.com." @@ -13,21 +13,23 @@ if [ -n "$3" ]; then exit fi +CERTIFICATE_IDENTITY=$1 +CERTIFICATE_OIDC_ISSUER=$2 + +IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' comradecoop/apocryph/tpod-proxy) +echo $IMAGE_DIGEST + +## 1: configure the cluster to support image validation +../common/scripts/redeploy-images.sh --set policy.issuer=$CERTIFICATE_OIDC_ISSUER --set policy.subject=$CERTIFICATE_IDENTITY --set policy.image=$IMAGE_DIGEST + +## 2: deploy app docker pull nginxdemos/nginx-hello@sha256:2ab1f0bef4461020a1aabee4260a1fe93b03ed69d7f72908acca3a7ec33cb1c0 docker tag docker.io/nginxdemos/nginx-hello:latest ttl.sh/nginx-hello:1h docker push ttl.sh/nginx-hello:1h -# for demenstration purposes, we push tpod-proxy and sign it -docker tag comradecoop/apocryph/tpod-proxy:latest ttl.sh/comradecoop/apocryph/tpod-proxy:5h -docker push ttl.sh/comradecoop/apocryph/tpod-proxy:5h -cosign sign ttl.sh/comradecoop/apocryph/tpod-proxy@sha256:bdb4782d4d3100991121ca7a25a2c451da2308332503e5e934275e6ef77ea5ab - -CERTIFICATE_IDENTITY=$1 -CERTIFICATE_OIDC_ISSUER=$2 - ./deploy-pod.sh ../common/manifests/manifest-attestation-nginx.yaml --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER -## 2: Get Application info +## 3: Get Application info INGRESS_URL=$(minikube service -n keda ingress-nginx-controller --url=true -p c1 | head -n 1); echo $INGRESS_URL MANIFEST_HOST=example.local.info # From manifest-nginx.yaml diff --git a/test/e2e/minikube/trustedpods/templates/proxypolicy.yml b/test/e2e/minikube/trustedpods/templates/proxypolicy.yml new file mode 100644 index 00000000..d86484cb --- /dev/null +++ b/test/e2e/minikube/trustedpods/templates/proxypolicy.yml @@ -0,0 +1,13 @@ +apiVersion: policy.sigstore.dev/v1beta1 +kind: ClusterImagePolicy +metadata: + name: tpod-proxy-policy +spec: + images: + - glob: {{.Values.policy.image}} + authorities: + - keyless: + identities: + - issuer: {{.Values.policy.issuer}} + subject: {{.Values.policy.subject}} + diff --git a/test/e2e/minikube/trustedpods/templates/tpodserver.yml b/test/e2e/minikube/trustedpods/templates/tpodserver.yml index 3d8cc00e..8609b811 100644 --- a/test/e2e/minikube/trustedpods/templates/tpodserver.yml +++ b/test/e2e/minikube/trustedpods/templates/tpodserver.yml @@ -80,6 +80,7 @@ spec: "--oci-registry", "host.minikube.internal:5000", "--ethereum-rpc", "http://eth-rpc.eth.svc.cluster.local:8545", "--ethereum-key", {{ .Values.ethKey }}, # TODO= anvil.accounts[1] prvkey + "--proxy-image",{{.Values.policy.image}}, ] ports: - containerPort: 8080 diff --git a/test/e2e/minikube/trustedpods/values.yaml b/test/e2e/minikube/trustedpods/values.yaml index dd612595..60a4b2dc 100644 --- a/test/e2e/minikube/trustedpods/values.yaml +++ b/test/e2e/minikube/trustedpods/values.yaml @@ -1,3 +1,7 @@ -ethKey: "0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d" +ethKey: '0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d' withdraw: - address: "0x70997970C51812dc3A010C7d01b50e0d17dc79C8" + address: '0x70997970C51812dc3A010C7d01b50e0d17dc79C8' +policy: + issuer: https://github.com/login/oauth + subject: comrade@email.com + image: comradecoop/apocryph/tpod-proxy:latest From 9f1ba4e5f29da2dd4c5df0210f4e563e6b9a060b Mon Sep 17 00:00:00 2001 From: revoltez Date: Wed, 28 Aug 2024 14:48:23 +0100 Subject: [PATCH 11/22] feat: add default verification host path --- cmd/trustedpods/deploy.go | 19 +++++++++++++++++++ .../manifests/manifest-attestation-nginx.yaml | 1 - test/e2e/minikube/run-attestation-test.sh | 2 +- 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/cmd/trustedpods/deploy.go b/cmd/trustedpods/deploy.go index 6fd4dd5b..39b16919 100644 --- a/cmd/trustedpods/deploy.go +++ b/cmd/trustedpods/deploy.go @@ -226,6 +226,25 @@ var deployPodCmd = &cobra.Command{ fmt.Fprintf(cmd.ErrOrStderr(), "warning: %v\n", err) } + if pod.PublicVerifiability == true && pod.VerificationHostPath == "" { + for _, image := range pod.Containers { + for _, p := range image.Ports { + switch ep := p.ExposedPort.(type) { + case *pb.Container_Port_HostHttpHost: + pod.VerificationHostPath = ep.HostHttpHost + ".tpodinfo" + break + } + } + if pod.VerificationHostPath != "" { + break + } + } + if pod.VerificationHostPath == "" { + return fmt.Errorf("Public verifiability is set but no verification host path is available or could be derived") + } + fmt.Printf("pod manifest verification host path set to:%v\n", pod.VerificationHostPath) + } + err = publisher.FundPaymentChannel(ethClient, publisherAuth, deployment, fundsInt, unlockTimeInt, debugMintFunds) if err != nil { return err diff --git a/test/e2e/common/manifests/manifest-attestation-nginx.yaml b/test/e2e/common/manifests/manifest-attestation-nginx.yaml index d04aa013..ab223908 100644 --- a/test/e2e/common/manifests/manifest-attestation-nginx.yaml +++ b/test/e2e/common/manifests/manifest-attestation-nginx.yaml @@ -15,4 +15,3 @@ replicas: min: 1 max: 1 PublicVerifiability: true -VerificationHostPath: example.local.info diff --git a/test/e2e/minikube/run-attestation-test.sh b/test/e2e/minikube/run-attestation-test.sh index 88d4ec6c..4edc24d6 100755 --- a/test/e2e/minikube/run-attestation-test.sh +++ b/test/e2e/minikube/run-attestation-test.sh @@ -31,7 +31,7 @@ docker push ttl.sh/nginx-hello:1h ## 3: Get Application info INGRESS_URL=$(minikube service -n keda ingress-nginx-controller --url=true -p c1 | head -n 1); echo $INGRESS_URL -MANIFEST_HOST=example.local.info # From manifest-nginx.yaml +MANIFEST_HOST=example.local.tpodinfo # From manifest-nginx.yaml while ! curl --connect-timeout 40 -H "Host: $MANIFEST_HOST" $INGRESS_URL --fail-with-body; do sleep 10; done curl -H "Host: $MANIFEST_HOST" $INGRESS_URL --fail-with-body From 611e3f9cb5ca95f7489f066066622ed4d9df1f92 Mon Sep 17 00:00:00 2001 From: revoltez Date: Wed, 28 Aug 2024 15:40:52 +0100 Subject: [PATCH 12/22] chore: properly marshal annotation values --- pkg/kubernetes/pods.go | 20 ++++++++++++++++---- pkg/kubernetes/utils.go | 7 +++++++ test/e2e/minikube/run-attestation-test.sh | 1 - 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/pkg/kubernetes/pods.go b/pkg/kubernetes/pods.go index b44c7b76..bd2df129 100644 --- a/pkg/kubernetes/pods.go +++ b/pkg/kubernetes/pods.go @@ -4,6 +4,7 @@ package kubernetes import ( "context" + "encoding/json" "fmt" "log" "strings" @@ -147,7 +148,7 @@ func ApplyPodRequest( podTemplate.Spec.Containers = append(podTemplate.Spec.Containers, proxyContainer) } - annotationValues := []string{} + annotationValues := []AnnotationValue{} for i, container := range podManifest.Containers { if container.Image.VerificationDetails != nil { policyName := fmt.Sprintf("policy-%v-%v", podId, i) @@ -159,7 +160,12 @@ func ApplyPodRequest( }} identity := policy.Identity{Issuer: container.Image.VerificationDetails.Issuer, Subject: container.Image.VerificationDetails.Identity} sigstorePolicy.Spec.Authorities[0].Keyless.Identities = []policy.Identity{identity} - annotationValue := container.Image.Url + ":" + container.Image.VerificationDetails.Signature + annotationValue := AnnotationValue{ + URL: container.Image.Url, + Signature: container.Image.VerificationDetails.Signature, + Issuer: container.Image.VerificationDetails.Issuer, + Identity: container.Image.VerificationDetails.Identity, + } annotationValues = append(annotationValues, annotationValue) err := updateOrCreate(ctx, policyName, "ClusterImagePolicy", namespace, sigstorePolicy, client, update) if err != nil && strings.Contains(err.Error(), "already exists") { @@ -170,7 +176,13 @@ func ApplyPodRequest( } } } - deployment.Annotations = map[string]string{constants.VerificationInfoAnnotationKey: strings.Join(annotationValues, ",")} + jsonData, err := json.Marshal(annotationValues) + if err != nil { + return fmt.Errorf("Failed to marshal annotation values: %v", err) + } + deployment.Annotations = map[string]string{ + constants.VerificationInfoAnnotationKey: string(jsonData), + } for cIdx, container := range podManifest.Containers { containerSpec := corev1.Container{ @@ -321,7 +333,7 @@ func ApplyPodRequest( } podTemplate.Spec.Volumes = append(podTemplate.Spec.Volumes, volumeSpec) } - err := updateOrCreate(ctx, deploymentName, "Deployment", namespace, deployment, client, update) + err = updateOrCreate(ctx, deploymentName, "Deployment", namespace, deployment, client, update) if err != nil { return err } diff --git a/pkg/kubernetes/utils.go b/pkg/kubernetes/utils.go index 5a56a847..39e45a7c 100644 --- a/pkg/kubernetes/utils.go +++ b/pkg/kubernetes/utils.go @@ -87,3 +87,10 @@ func GetResource(kind string) k8cl.Object { } return nil } + +type AnnotationValue struct { + URL string `json:"url"` + Issuer string `json:"issuer"` + Identity string `json:"identity"` + Signature string `json:"signature"` +} diff --git a/test/e2e/minikube/run-attestation-test.sh b/test/e2e/minikube/run-attestation-test.sh index 4edc24d6..313309a4 100755 --- a/test/e2e/minikube/run-attestation-test.sh +++ b/test/e2e/minikube/run-attestation-test.sh @@ -34,4 +34,3 @@ INGRESS_URL=$(minikube service -n keda ingress-nginx-controller --url=true -p c MANIFEST_HOST=example.local.tpodinfo # From manifest-nginx.yaml while ! curl --connect-timeout 40 -H "Host: $MANIFEST_HOST" $INGRESS_URL --fail-with-body; do sleep 10; done -curl -H "Host: $MANIFEST_HOST" $INGRESS_URL --fail-with-body From 1c3f3c5edc001fd405c62b26467eb8f77db72b19 Mon Sep 17 00:00:00 2001 From: revoltez Date: Wed, 28 Aug 2024 16:57:02 +0100 Subject: [PATCH 13/22] chore: regroup verification settings --- cmd/trustedpods/deploy.go | 10 +- pkg/kubernetes/namespaces.go | 2 +- pkg/kubernetes/pods.go | 6 +- pkg/proto-ts/pod_pb.ts | 61 ++- pkg/proto/pod.pb.go | 469 ++++++++++-------- pkg/provider/server.go | 7 +- proto/pod.proto | 8 +- .../manifests/manifest-attestation-nginx.yaml | 6 +- test/e2e/common/scripts/build-images.sh | 2 +- 9 files changed, 349 insertions(+), 222 deletions(-) diff --git a/cmd/trustedpods/deploy.go b/cmd/trustedpods/deploy.go index 39b16919..0678be5a 100644 --- a/cmd/trustedpods/deploy.go +++ b/cmd/trustedpods/deploy.go @@ -226,23 +226,23 @@ var deployPodCmd = &cobra.Command{ fmt.Fprintf(cmd.ErrOrStderr(), "warning: %v\n", err) } - if pod.PublicVerifiability == true && pod.VerificationHostPath == "" { + if pod.VerificationSettings.PublicVerifiability == true && pod.VerificationSettings.VerificationHostPath == "" { for _, image := range pod.Containers { for _, p := range image.Ports { switch ep := p.ExposedPort.(type) { case *pb.Container_Port_HostHttpHost: - pod.VerificationHostPath = ep.HostHttpHost + ".tpodinfo" + pod.VerificationSettings.VerificationHostPath = ep.HostHttpHost + ".tpodinfo" break } } - if pod.VerificationHostPath != "" { + if pod.VerificationSettings.VerificationHostPath != "" { break } } - if pod.VerificationHostPath == "" { + if pod.VerificationSettings.VerificationHostPath == "" { return fmt.Errorf("Public verifiability is set but no verification host path is available or could be derived") } - fmt.Printf("pod manifest verification host path set to:%v\n", pod.VerificationHostPath) + fmt.Printf("pod manifest verification host path set to:%v\n", pod.VerificationSettings.VerificationHostPath) } err = publisher.FundPaymentChannel(ethClient, publisherAuth, deployment, fundsInt, unlockTimeInt, debugMintFunds) diff --git a/pkg/kubernetes/namespaces.go b/pkg/kubernetes/namespaces.go index 5c289525..1041fb8c 100644 --- a/pkg/kubernetes/namespaces.go +++ b/pkg/kubernetes/namespaces.go @@ -38,7 +38,7 @@ func NewTrustedPodsNamespace(name string, pod *pb.Pod, paymentChannel *pb.Paymen }, } // force container image verification - if pod.PublicVerifiability { + if pod.VerificationSettings.ForcePolicy { log.Println("Image verification is Set") namespace.Labels[SigstorePolicy] = "true" } diff --git a/pkg/kubernetes/pods.go b/pkg/kubernetes/pods.go index bd2df129..f807176e 100644 --- a/pkg/kubernetes/pods.go +++ b/pkg/kubernetes/pods.go @@ -111,7 +111,7 @@ func ApplyPodRequest( localhostAliases := corev1.HostAlias{IP: "127.0.0.1"} - if podManifest.PublicVerifiability { + if podManifest.VerificationSettings.PublicVerifiability { // used only to use the routing from keda ingress controller routeHttpsoName := "route-hso" routeHttpso := NewHttpSo(namespace, routeHttpsoName) @@ -129,7 +129,7 @@ func ApplyPodRequest( routeHttpso.Spec.ScaleTargetRef.Service = serviceProxy.ObjectMeta.Name routeHttpso.Spec.ScaleTargetRef.Port = 9999 routeHttpso.Spec.ScaleTargetRef.APIVersion = "apps/v1" - routeHttpso.Spec.Hosts = []string{podManifest.VerificationHostPath} + routeHttpso.Spec.Hosts = []string{podManifest.VerificationSettings.VerificationHostPath} routeHttpso.Spec.Replicas = &kedahttpv1alpha1.ReplicaStruct{Min: ptr.Int32(1), Max: ptr.Int32(1)} proxyContainer := corev1.Container{ Name: "proxy", @@ -150,7 +150,7 @@ func ApplyPodRequest( annotationValues := []AnnotationValue{} for i, container := range podManifest.Containers { - if container.Image.VerificationDetails != nil { + if podManifest.VerificationSettings.ForcePolicy == true && container.Image.VerificationDetails != nil { policyName := fmt.Sprintf("policy-%v-%v", podId, i) sigstorePolicy := &policy.ClusterImagePolicy{ TypeMeta: metav1.TypeMeta{Kind: "ClusterImagePolicy"}, ObjectMeta: metav1.ObjectMeta{Name: policyName}, diff --git a/pkg/proto-ts/pod_pb.ts b/pkg/proto-ts/pod_pb.ts index 87fa454c..24b0c124 100644 --- a/pkg/proto-ts/pod_pb.ts +++ b/pkg/proto-ts/pod_pb.ts @@ -33,14 +33,9 @@ export class Pod extends Message { keyPair?: KeyPair; /** - * @generated from field: bool PublicVerifiability = 5; + * @generated from field: apocryph.proto.v0.pod.VerificationSettings verificationSettings = 5; */ - PublicVerifiability = false; - - /** - * @generated from field: string VerificationHostPath = 6; - */ - VerificationHostPath = ""; + verificationSettings?: VerificationSettings; constructor(data?: PartialMessage) { super(); @@ -54,8 +49,7 @@ export class Pod extends Message { { no: 2, name: "volumes", kind: "message", T: Volume, repeated: true }, { no: 3, name: "replicas", kind: "message", T: Replicas }, { no: 4, name: "keyPair", kind: "message", T: KeyPair }, - { no: 5, name: "PublicVerifiability", kind: "scalar", T: 8 /* ScalarType.BOOL */ }, - { no: 6, name: "VerificationHostPath", kind: "scalar", T: 9 /* ScalarType.STRING */ }, + { no: 5, name: "verificationSettings", kind: "message", T: VerificationSettings }, ]); static fromBinary(bytes: Uint8Array, options?: Partial): Pod { @@ -789,3 +783,52 @@ export class KeyPair extends Message { } } +/** + * @generated from message apocryph.proto.v0.pod.VerificationSettings + */ +export class VerificationSettings extends Message { + /** + * @generated from field: bool ForcePolicy = 1; + */ + ForcePolicy = false; + + /** + * @generated from field: bool PublicVerifiability = 2; + */ + PublicVerifiability = false; + + /** + * @generated from field: string VerificationHostPath = 3; + */ + VerificationHostPath = ""; + + constructor(data?: PartialMessage) { + super(); + proto3.util.initPartial(data, this); + } + + static readonly runtime: typeof proto3 = proto3; + static readonly typeName = "apocryph.proto.v0.pod.VerificationSettings"; + static readonly fields: FieldList = proto3.util.newFieldList(() => [ + { no: 1, name: "ForcePolicy", kind: "scalar", T: 8 /* ScalarType.BOOL */ }, + { no: 2, name: "PublicVerifiability", kind: "scalar", T: 8 /* ScalarType.BOOL */ }, + { no: 3, name: "VerificationHostPath", kind: "scalar", T: 9 /* ScalarType.STRING */ }, + ]); + + static fromBinary(bytes: Uint8Array, options?: Partial): VerificationSettings { + return new VerificationSettings().fromBinary(bytes, options); + } + + static fromJson(jsonValue: JsonValue, options?: Partial): VerificationSettings { + return new VerificationSettings().fromJson(jsonValue, options); + } + + static fromJsonString(jsonString: string, options?: Partial): VerificationSettings { + return new VerificationSettings().fromJsonString(jsonString, options); + } + + static equals(a: VerificationSettings | PlainMessage | undefined, b: VerificationSettings | PlainMessage | undefined): boolean { + return proto3.util.equals(VerificationSettings, a, b); + } +} + diff --git a/pkg/proto/pod.pb.go b/pkg/proto/pod.pb.go index 0c810e12..a7e63bf4 100644 --- a/pkg/proto/pod.pb.go +++ b/pkg/proto/pod.pb.go @@ -123,12 +123,11 @@ type Pod struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Containers []*Container `protobuf:"bytes,1,rep,name=containers,proto3" json:"containers,omitempty"` - Volumes []*Volume `protobuf:"bytes,2,rep,name=volumes,proto3" json:"volumes,omitempty"` - Replicas *Replicas `protobuf:"bytes,3,opt,name=replicas,proto3" json:"replicas,omitempty"` - KeyPair *KeyPair `protobuf:"bytes,4,opt,name=keyPair,proto3" json:"keyPair,omitempty"` - PublicVerifiability bool `protobuf:"varint,5,opt,name=PublicVerifiability,proto3" json:"PublicVerifiability,omitempty"` - VerificationHostPath string `protobuf:"bytes,6,opt,name=VerificationHostPath,proto3" json:"VerificationHostPath,omitempty"` + Containers []*Container `protobuf:"bytes,1,rep,name=containers,proto3" json:"containers,omitempty"` + Volumes []*Volume `protobuf:"bytes,2,rep,name=volumes,proto3" json:"volumes,omitempty"` + Replicas *Replicas `protobuf:"bytes,3,opt,name=replicas,proto3" json:"replicas,omitempty"` + KeyPair *KeyPair `protobuf:"bytes,4,opt,name=keyPair,proto3" json:"keyPair,omitempty"` + VerificationSettings *VerificationSettings `protobuf:"bytes,5,opt,name=verificationSettings,proto3" json:"verificationSettings,omitempty"` } func (x *Pod) Reset() { @@ -191,18 +190,11 @@ func (x *Pod) GetKeyPair() *KeyPair { return nil } -func (x *Pod) GetPublicVerifiability() bool { +func (x *Pod) GetVerificationSettings() *VerificationSettings { if x != nil { - return x.PublicVerifiability - } - return false -} - -func (x *Pod) GetVerificationHostPath() string { - if x != nil { - return x.VerificationHostPath + return x.VerificationSettings } - return "" + return nil } type Container struct { @@ -809,6 +801,69 @@ func (x *KeyPair) GetPubAddress() string { return "" } +type VerificationSettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ForcePolicy bool `protobuf:"varint,1,opt,name=ForcePolicy,proto3" json:"ForcePolicy,omitempty"` + PublicVerifiability bool `protobuf:"varint,2,opt,name=PublicVerifiability,proto3" json:"PublicVerifiability,omitempty"` + VerificationHostPath string `protobuf:"bytes,3,opt,name=VerificationHostPath,proto3" json:"VerificationHostPath,omitempty"` +} + +func (x *VerificationSettings) Reset() { + *x = VerificationSettings{} + if protoimpl.UnsafeEnabled { + mi := &file_pod_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *VerificationSettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*VerificationSettings) ProtoMessage() {} + +func (x *VerificationSettings) ProtoReflect() protoreflect.Message { + mi := &file_pod_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use VerificationSettings.ProtoReflect.Descriptor instead. +func (*VerificationSettings) Descriptor() ([]byte, []int) { + return file_pod_proto_rawDescGZIP(), []int{9} +} + +func (x *VerificationSettings) GetForcePolicy() bool { + if x != nil { + return x.ForcePolicy + } + return false +} + +func (x *VerificationSettings) GetPublicVerifiability() bool { + if x != nil { + return x.PublicVerifiability + } + return false +} + +func (x *VerificationSettings) GetVerificationHostPath() string { + if x != nil { + return x.VerificationHostPath + } + return "" +} + type Container_Port struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -827,7 +882,7 @@ type Container_Port struct { func (x *Container_Port) Reset() { *x = Container_Port{} if protoimpl.UnsafeEnabled { - mi := &file_pod_proto_msgTypes[10] + mi := &file_pod_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -840,7 +895,7 @@ func (x *Container_Port) String() string { func (*Container_Port) ProtoMessage() {} func (x *Container_Port) ProtoReflect() protoreflect.Message { - mi := &file_pod_proto_msgTypes[10] + mi := &file_pod_proto_msgTypes[11] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -928,7 +983,7 @@ type Container_VolumeMount struct { func (x *Container_VolumeMount) Reset() { *x = Container_VolumeMount{} if protoimpl.UnsafeEnabled { - mi := &file_pod_proto_msgTypes[11] + mi := &file_pod_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -941,7 +996,7 @@ func (x *Container_VolumeMount) String() string { func (*Container_VolumeMount) ProtoMessage() {} func (x *Container_VolumeMount) ProtoReflect() protoreflect.Message { - mi := &file_pod_proto_msgTypes[11] + mi := &file_pod_proto_msgTypes[12] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -989,7 +1044,7 @@ type Volume_FilesystemConfig struct { func (x *Volume_FilesystemConfig) Reset() { *x = Volume_FilesystemConfig{} if protoimpl.UnsafeEnabled { - mi := &file_pod_proto_msgTypes[12] + mi := &file_pod_proto_msgTypes[13] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1002,7 +1057,7 @@ func (x *Volume_FilesystemConfig) String() string { func (*Volume_FilesystemConfig) ProtoMessage() {} func (x *Volume_FilesystemConfig) ProtoReflect() protoreflect.Message { - mi := &file_pod_proto_msgTypes[12] + mi := &file_pod_proto_msgTypes[13] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1040,7 +1095,7 @@ type Volume_SecretConfig struct { func (x *Volume_SecretConfig) Reset() { *x = Volume_SecretConfig{} if protoimpl.UnsafeEnabled { - mi := &file_pod_proto_msgTypes[13] + mi := &file_pod_proto_msgTypes[14] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1053,7 +1108,7 @@ func (x *Volume_SecretConfig) String() string { func (*Volume_SecretConfig) ProtoMessage() {} func (x *Volume_SecretConfig) ProtoReflect() protoreflect.Message { - mi := &file_pod_proto_msgTypes[13] + mi := &file_pod_proto_msgTypes[14] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1109,7 +1164,7 @@ var File_pod_proto protoreflect.FileDescriptor var file_pod_proto_rawDesc = []byte{ 0x0a, 0x09, 0x70, 0x6f, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, - 0x6f, 0x64, 0x22, 0xdd, 0x02, 0x0a, 0x03, 0x50, 0x6f, 0x64, 0x12, 0x40, 0x0a, 0x0a, 0x63, 0x6f, + 0x6f, 0x64, 0x22, 0xd8, 0x02, 0x0a, 0x03, 0x50, 0x6f, 0x64, 0x12, 0x40, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, @@ -1124,149 +1179,159 @@ var file_pod_proto_rawDesc = []byte{ 0x61, 0x73, 0x12, 0x38, 0x0a, 0x07, 0x6b, 0x65, 0x79, 0x50, 0x61, 0x69, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x50, - 0x61, 0x69, 0x72, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x50, 0x61, 0x69, 0x72, 0x12, 0x30, 0x0a, 0x13, - 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x61, 0x62, 0x69, 0x6c, - 0x69, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x50, 0x75, 0x62, 0x6c, 0x69, - 0x63, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x32, - 0x0a, 0x14, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x6f, - 0x73, 0x74, 0x50, 0x61, 0x74, 0x68, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x56, 0x65, - 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x6f, 0x73, 0x74, 0x50, 0x61, - 0x74, 0x68, 0x22, 0x8f, 0x06, 0x0a, 0x09, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, - 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x32, 0x0a, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x49, 0x6d, 0x61, 0x67, - 0x65, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, - 0x61, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, - 0x6e, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x44, 0x69, 0x72, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x44, - 0x69, 0x72, 0x12, 0x3b, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x25, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, - 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, - 0x3b, 0x0a, 0x03, 0x65, 0x6e, 0x76, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x61, - 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, - 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x45, - 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x65, 0x6e, 0x76, 0x12, 0x46, 0x0a, 0x07, - 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, - 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, - 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, - 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x07, 0x76, 0x6f, 0x6c, - 0x75, 0x6d, 0x65, 0x73, 0x12, 0x4b, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, + 0x61, 0x69, 0x72, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x50, 0x61, 0x69, 0x72, 0x12, 0x5f, 0x0a, 0x14, + 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x74, + 0x69, 0x6e, 0x67, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x61, 0x70, 0x6f, + 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, + 0x6f, 0x64, 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, + 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x14, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x22, 0x8f, 0x06, + 0x0a, 0x09, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, + 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, + 0x32, 0x0a, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, - 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, - 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x73, 0x1a, 0x36, 0x0a, 0x08, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0xbb, 0x01, 0x0a, 0x04, 0x50, 0x6f, - 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, - 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x63, - 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x20, 0x0a, 0x0b, - 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x04, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x24, - 0x0a, 0x0c, 0x68, 0x6f, 0x73, 0x74, 0x48, 0x74, 0x74, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0c, 0x68, 0x6f, 0x73, 0x74, 0x48, 0x74, 0x74, 0x70, - 0x48, 0x6f, 0x73, 0x74, 0x12, 0x22, 0x0a, 0x0b, 0x68, 0x6f, 0x73, 0x74, 0x54, 0x63, 0x70, 0x50, - 0x6f, 0x72, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, 0x52, 0x0b, 0x68, 0x6f, 0x73, - 0x74, 0x54, 0x63, 0x70, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x0d, 0x0a, 0x0b, 0x65, 0x78, 0x70, 0x6f, - 0x73, 0x65, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x1a, 0x5b, 0x0a, 0x0b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, - 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6d, 0x6f, - 0x75, 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, - 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x61, 0x64, - 0x4f, 0x6e, 0x6c, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, - 0x4f, 0x6e, 0x6c, 0x79, 0x22, 0xb7, 0x01, 0x0a, 0x05, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x10, - 0x0a, 0x03, 0x63, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x69, 0x64, - 0x12, 0x2c, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, - 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, - 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, - 0x12, 0x5c, 0x0a, 0x13, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, + 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x52, 0x05, 0x69, 0x6d, + 0x61, 0x67, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x70, 0x6f, 0x69, 0x6e, + 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x70, 0x6f, + 0x69, 0x6e, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x18, 0x04, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x12, 0x1e, 0x0a, + 0x0a, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x44, 0x69, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0a, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x44, 0x69, 0x72, 0x12, 0x3b, 0x0a, + 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x61, + 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, + 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x50, + 0x6f, 0x72, 0x74, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x3b, 0x0a, 0x03, 0x65, 0x6e, + 0x76, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, + 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, + 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x03, 0x65, 0x6e, 0x76, 0x12, 0x46, 0x0a, 0x07, 0x76, 0x6f, 0x6c, 0x75, 0x6d, + 0x65, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, + 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, + 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, + 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x07, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x12, + 0x4b, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x61, 0x70, 0x6f, 0x63, + 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, + 0x64, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x10, 0x72, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x1a, 0x36, 0x0a, 0x08, + 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x3a, 0x02, 0x38, 0x01, 0x1a, 0xbb, 0x01, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, + 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, + 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x24, 0x0a, 0x0c, 0x68, 0x6f, 0x73, + 0x74, 0x48, 0x74, 0x74, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, + 0x00, 0x52, 0x0c, 0x68, 0x6f, 0x73, 0x74, 0x48, 0x74, 0x74, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x12, + 0x22, 0x0a, 0x0b, 0x68, 0x6f, 0x73, 0x74, 0x54, 0x63, 0x70, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, 0x52, 0x0b, 0x68, 0x6f, 0x73, 0x74, 0x54, 0x63, 0x70, 0x50, + 0x6f, 0x72, 0x74, 0x42, 0x0d, 0x0a, 0x0b, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x64, 0x50, 0x6f, + 0x72, 0x74, 0x1a, 0x5b, 0x0a, 0x0b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, + 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x61, + 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x50, + 0x61, 0x74, 0x68, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x22, + 0xb7, 0x01, 0x0a, 0x05, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, 0x64, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x03, 0x6b, + 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, + 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, + 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x5c, 0x0a, 0x13, 0x76, + 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69, + 0x6c, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, + 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, + 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x74, + 0x61, 0x69, 0x6c, 0x73, 0x52, 0x13, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x67, 0x0a, 0x13, 0x56, 0x65, 0x72, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, + 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x1a, + 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x69, 0x73, + 0x73, 0x75, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x69, 0x73, 0x73, 0x75, + 0x65, 0x72, 0x22, 0xca, 0x05, 0x0a, 0x06, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x12, 0x12, 0x0a, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x12, 0x36, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, + 0x22, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x2e, 0x54, + 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x48, 0x0a, 0x0a, 0x61, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, - 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x13, 0x76, 0x65, 0x72, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x67, - 0x0a, 0x13, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x65, - 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, - 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, - 0x75, 0x72, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, - 0x16, 0x0a, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x22, 0xca, 0x05, 0x0a, 0x06, 0x56, 0x6f, 0x6c, 0x75, - 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x36, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0e, 0x32, 0x22, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, - 0x75, 0x6d, 0x65, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x48, - 0x0a, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, - 0x65, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0a, 0x61, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x50, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, - 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x61, + 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x2e, 0x41, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4d, + 0x6f, 0x64, 0x65, 0x12, 0x50, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, + 0x6d, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, + 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, + 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, + 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, + 0x79, 0x73, 0x74, 0x65, 0x6d, 0x12, 0x44, 0x0a, 0x06, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x6f, + 0x6c, 0x75, 0x6d, 0x65, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x48, 0x00, 0x52, 0x06, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x1a, 0x5f, 0x0a, 0x10, 0x46, + 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, + 0x4b, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x61, 0x70, 0x6f, 0x63, + 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, + 0x64, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x10, 0x72, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x1a, 0xa6, 0x01, 0x0a, + 0x0c, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x10, 0x0a, + 0x03, 0x63, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x69, 0x64, 0x12, + 0x2c, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, - 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x2e, 0x46, 0x69, 0x6c, 0x65, - 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x0a, - 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x12, 0x44, 0x0a, 0x06, 0x73, 0x65, - 0x63, 0x72, 0x65, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x61, 0x70, 0x6f, - 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, - 0x6f, 0x64, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x06, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, - 0x1a, 0x5f, 0x0a, 0x10, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x12, 0x4b, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, - 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, - 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, - 0x10, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x73, 0x1a, 0xa6, 0x01, 0x0a, 0x0c, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, - 0x03, 0x63, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1a, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, - 0x65, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x65, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, - 0x74, 0x73, 0x18, 0x66, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, - 0x74, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x53, 0x74, - 0x72, 0x69, 0x6e, 0x67, 0x18, 0x67, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x74, - 0x65, 0x6e, 0x74, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x22, 0x42, 0x0a, 0x04, 0x54, 0x79, - 0x70, 0x65, 0x12, 0x10, 0x0a, 0x0c, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x45, 0x4d, 0x50, - 0x54, 0x59, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x46, - 0x49, 0x4c, 0x45, 0x53, 0x59, 0x53, 0x54, 0x45, 0x4d, 0x10, 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x56, - 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x53, 0x45, 0x43, 0x52, 0x45, 0x54, 0x10, 0x02, 0x22, 0x33, - 0x0a, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x11, 0x0a, 0x0d, - 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x52, 0x57, 0x5f, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, - 0x12, 0x0a, 0x0e, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x52, 0x57, 0x5f, 0x4d, 0x41, 0x4e, - 0x59, 0x10, 0x02, 0x42, 0x0f, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x64, 0x0a, 0x08, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x73, - 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x6d, - 0x69, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x61, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x03, 0x6d, 0x61, 0x78, 0x12, 0x34, 0x0a, 0x15, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x65, - 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x15, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x65, 0x6e, 0x64, 0x69, - 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x22, 0x72, 0x0a, 0x08, 0x52, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x12, 0x18, 0x0a, 0x06, 0x61, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x04, 0x48, 0x00, 0x52, 0x06, 0x61, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x24, 0x0a, 0x0c, - 0x61, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x4d, 0x69, 0x6c, 0x6c, 0x69, 0x73, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x04, 0x48, 0x00, 0x52, 0x0c, 0x61, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x4d, 0x69, 0x6c, 0x6c, - 0x69, 0x73, 0x42, 0x0a, 0x0a, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0x19, - 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x22, 0x49, 0x0a, 0x07, 0x4b, 0x65, 0x79, - 0x50, 0x61, 0x69, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, - 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, - 0x65, 0x4b, 0x65, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x41, 0x64, 0x64, 0x72, 0x65, - 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x75, 0x62, 0x41, 0x64, 0x64, - 0x72, 0x65, 0x73, 0x73, 0x42, 0x2c, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6d, 0x72, 0x61, 0x64, 0x65, 0x2d, 0x63, 0x6f, 0x6f, 0x70, 0x2f, - 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x2e, 0x70, 0x6f, 0x64, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x12, 0x0a, + 0x04, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x65, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x69, 0x6c, + 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x66, 0x20, + 0x01, 0x28, 0x0c, 0x52, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x26, 0x0a, + 0x0e, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x18, + 0x67, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x53, + 0x74, 0x72, 0x69, 0x6e, 0x67, 0x22, 0x42, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x10, 0x0a, + 0x0c, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x45, 0x4d, 0x50, 0x54, 0x59, 0x10, 0x00, 0x12, + 0x15, 0x0a, 0x11, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x53, 0x59, + 0x53, 0x54, 0x45, 0x4d, 0x10, 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, + 0x5f, 0x53, 0x45, 0x43, 0x52, 0x45, 0x54, 0x10, 0x02, 0x22, 0x33, 0x0a, 0x0a, 0x41, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x11, 0x0a, 0x0d, 0x56, 0x4f, 0x4c, 0x55, 0x4d, + 0x45, 0x5f, 0x52, 0x57, 0x5f, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x56, 0x4f, + 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x52, 0x57, 0x5f, 0x4d, 0x41, 0x4e, 0x59, 0x10, 0x02, 0x42, 0x0f, + 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, + 0x64, 0x0a, 0x08, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x6d, + 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x6d, 0x69, 0x6e, 0x12, 0x10, 0x0a, + 0x03, 0x6d, 0x61, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x6d, 0x61, 0x78, 0x12, + 0x34, 0x0a, 0x15, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x15, + 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x73, 0x22, 0x72, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x18, 0x0a, + 0x06, 0x61, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, 0x52, + 0x06, 0x61, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x24, 0x0a, 0x0c, 0x61, 0x6d, 0x6f, 0x75, 0x6e, + 0x74, 0x4d, 0x69, 0x6c, 0x6c, 0x69, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, 0x52, + 0x0c, 0x61, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x4d, 0x69, 0x6c, 0x6c, 0x69, 0x73, 0x42, 0x0a, 0x0a, + 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0x19, 0x0a, 0x03, 0x4b, 0x65, 0x79, + 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, + 0x64, 0x61, 0x74, 0x61, 0x22, 0x49, 0x0a, 0x07, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x69, 0x72, 0x12, + 0x1e, 0x0a, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, + 0x1e, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x75, 0x62, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x22, + 0x9e, 0x01, 0x0a, 0x14, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x20, 0x0a, 0x0b, 0x46, 0x6f, 0x72, 0x63, + 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x46, + 0x6f, 0x72, 0x63, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x30, 0x0a, 0x13, 0x50, 0x75, + 0x62, 0x6c, 0x69, 0x63, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, + 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x56, + 0x65, 0x72, 0x69, 0x66, 0x69, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x32, 0x0a, 0x14, + 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x6f, 0x73, 0x74, + 0x50, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x56, 0x65, 0x72, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x6f, 0x73, 0x74, 0x50, 0x61, 0x74, 0x68, + 0x42, 0x2c, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, + 0x6f, 0x6d, 0x72, 0x61, 0x64, 0x65, 0x2d, 0x63, 0x6f, 0x6f, 0x70, 0x2f, 0x61, 0x70, 0x6f, 0x63, + 0x72, 0x79, 0x70, 0x68, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1282,7 +1347,7 @@ func file_pod_proto_rawDescGZIP() []byte { } var file_pod_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_pod_proto_msgTypes = make([]protoimpl.MessageInfo, 14) +var file_pod_proto_msgTypes = make([]protoimpl.MessageInfo, 15) var file_pod_proto_goTypes = []interface{}{ (Volume_Type)(0), // 0: apocryph.proto.v0.pod.Volume.Type (Volume_AccessMode)(0), // 1: apocryph.proto.v0.pod.Volume.AccessMode @@ -1295,35 +1360,37 @@ var file_pod_proto_goTypes = []interface{}{ (*Resource)(nil), // 8: apocryph.proto.v0.pod.Resource (*Key)(nil), // 9: apocryph.proto.v0.pod.Key (*KeyPair)(nil), // 10: apocryph.proto.v0.pod.KeyPair - nil, // 11: apocryph.proto.v0.pod.Container.EnvEntry - (*Container_Port)(nil), // 12: apocryph.proto.v0.pod.Container.Port - (*Container_VolumeMount)(nil), // 13: apocryph.proto.v0.pod.Container.VolumeMount - (*Volume_FilesystemConfig)(nil), // 14: apocryph.proto.v0.pod.Volume.FilesystemConfig - (*Volume_SecretConfig)(nil), // 15: apocryph.proto.v0.pod.Volume.SecretConfig + (*VerificationSettings)(nil), // 11: apocryph.proto.v0.pod.VerificationSettings + nil, // 12: apocryph.proto.v0.pod.Container.EnvEntry + (*Container_Port)(nil), // 13: apocryph.proto.v0.pod.Container.Port + (*Container_VolumeMount)(nil), // 14: apocryph.proto.v0.pod.Container.VolumeMount + (*Volume_FilesystemConfig)(nil), // 15: apocryph.proto.v0.pod.Volume.FilesystemConfig + (*Volume_SecretConfig)(nil), // 16: apocryph.proto.v0.pod.Volume.SecretConfig } var file_pod_proto_depIdxs = []int32{ 3, // 0: apocryph.proto.v0.pod.Pod.containers:type_name -> apocryph.proto.v0.pod.Container 6, // 1: apocryph.proto.v0.pod.Pod.volumes:type_name -> apocryph.proto.v0.pod.Volume 7, // 2: apocryph.proto.v0.pod.Pod.replicas:type_name -> apocryph.proto.v0.pod.Replicas 10, // 3: apocryph.proto.v0.pod.Pod.keyPair:type_name -> apocryph.proto.v0.pod.KeyPair - 4, // 4: apocryph.proto.v0.pod.Container.image:type_name -> apocryph.proto.v0.pod.Image - 12, // 5: apocryph.proto.v0.pod.Container.ports:type_name -> apocryph.proto.v0.pod.Container.Port - 11, // 6: apocryph.proto.v0.pod.Container.env:type_name -> apocryph.proto.v0.pod.Container.EnvEntry - 13, // 7: apocryph.proto.v0.pod.Container.volumes:type_name -> apocryph.proto.v0.pod.Container.VolumeMount - 8, // 8: apocryph.proto.v0.pod.Container.resourceRequests:type_name -> apocryph.proto.v0.pod.Resource - 9, // 9: apocryph.proto.v0.pod.Image.key:type_name -> apocryph.proto.v0.pod.Key - 5, // 10: apocryph.proto.v0.pod.Image.verificationDetails:type_name -> apocryph.proto.v0.pod.VerificationDetails - 0, // 11: apocryph.proto.v0.pod.Volume.type:type_name -> apocryph.proto.v0.pod.Volume.Type - 1, // 12: apocryph.proto.v0.pod.Volume.accessMode:type_name -> apocryph.proto.v0.pod.Volume.AccessMode - 14, // 13: apocryph.proto.v0.pod.Volume.filesystem:type_name -> apocryph.proto.v0.pod.Volume.FilesystemConfig - 15, // 14: apocryph.proto.v0.pod.Volume.secret:type_name -> apocryph.proto.v0.pod.Volume.SecretConfig - 8, // 15: apocryph.proto.v0.pod.Volume.FilesystemConfig.resourceRequests:type_name -> apocryph.proto.v0.pod.Resource - 9, // 16: apocryph.proto.v0.pod.Volume.SecretConfig.key:type_name -> apocryph.proto.v0.pod.Key - 17, // [17:17] is the sub-list for method output_type - 17, // [17:17] is the sub-list for method input_type - 17, // [17:17] is the sub-list for extension type_name - 17, // [17:17] is the sub-list for extension extendee - 0, // [0:17] is the sub-list for field type_name + 11, // 4: apocryph.proto.v0.pod.Pod.verificationSettings:type_name -> apocryph.proto.v0.pod.VerificationSettings + 4, // 5: apocryph.proto.v0.pod.Container.image:type_name -> apocryph.proto.v0.pod.Image + 13, // 6: apocryph.proto.v0.pod.Container.ports:type_name -> apocryph.proto.v0.pod.Container.Port + 12, // 7: apocryph.proto.v0.pod.Container.env:type_name -> apocryph.proto.v0.pod.Container.EnvEntry + 14, // 8: apocryph.proto.v0.pod.Container.volumes:type_name -> apocryph.proto.v0.pod.Container.VolumeMount + 8, // 9: apocryph.proto.v0.pod.Container.resourceRequests:type_name -> apocryph.proto.v0.pod.Resource + 9, // 10: apocryph.proto.v0.pod.Image.key:type_name -> apocryph.proto.v0.pod.Key + 5, // 11: apocryph.proto.v0.pod.Image.verificationDetails:type_name -> apocryph.proto.v0.pod.VerificationDetails + 0, // 12: apocryph.proto.v0.pod.Volume.type:type_name -> apocryph.proto.v0.pod.Volume.Type + 1, // 13: apocryph.proto.v0.pod.Volume.accessMode:type_name -> apocryph.proto.v0.pod.Volume.AccessMode + 15, // 14: apocryph.proto.v0.pod.Volume.filesystem:type_name -> apocryph.proto.v0.pod.Volume.FilesystemConfig + 16, // 15: apocryph.proto.v0.pod.Volume.secret:type_name -> apocryph.proto.v0.pod.Volume.SecretConfig + 8, // 16: apocryph.proto.v0.pod.Volume.FilesystemConfig.resourceRequests:type_name -> apocryph.proto.v0.pod.Resource + 9, // 17: apocryph.proto.v0.pod.Volume.SecretConfig.key:type_name -> apocryph.proto.v0.pod.Key + 18, // [18:18] is the sub-list for method output_type + 18, // [18:18] is the sub-list for method input_type + 18, // [18:18] is the sub-list for extension type_name + 18, // [18:18] is the sub-list for extension extendee + 0, // [0:18] is the sub-list for field type_name } func init() { file_pod_proto_init() } @@ -1440,8 +1507,8 @@ func file_pod_proto_init() { return nil } } - file_pod_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Container_Port); i { + file_pod_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*VerificationSettings); i { case 0: return &v.state case 1: @@ -1453,7 +1520,7 @@ func file_pod_proto_init() { } } file_pod_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Container_VolumeMount); i { + switch v := v.(*Container_Port); i { case 0: return &v.state case 1: @@ -1465,7 +1532,7 @@ func file_pod_proto_init() { } } file_pod_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Volume_FilesystemConfig); i { + switch v := v.(*Container_VolumeMount); i { case 0: return &v.state case 1: @@ -1477,6 +1544,18 @@ func file_pod_proto_init() { } } file_pod_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Volume_FilesystemConfig); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pod_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Volume_SecretConfig); i { case 0: return &v.state @@ -1497,7 +1576,7 @@ func file_pod_proto_init() { (*Resource_Amount)(nil), (*Resource_AmountMillis)(nil), } - file_pod_proto_msgTypes[10].OneofWrappers = []interface{}{ + file_pod_proto_msgTypes[11].OneofWrappers = []interface{}{ (*Container_Port_HostHttpHost)(nil), (*Container_Port_HostTcpPort)(nil), } @@ -1507,7 +1586,7 @@ func file_pod_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_pod_proto_rawDesc, NumEnums: 2, - NumMessages: 14, + NumMessages: 15, NumExtensions: 0, NumServices: 0, }, diff --git a/pkg/provider/server.go b/pkg/provider/server.go index 804c32f3..d8b276a0 100644 --- a/pkg/provider/server.go +++ b/pkg/provider/server.go @@ -12,6 +12,7 @@ import ( "strings" "connectrpc.com/connect" + "github.com/comrade-coop/apocryph/pkg/constants" "github.com/comrade-coop/apocryph/pkg/ethereum" tpk8s "github.com/comrade-coop/apocryph/pkg/kubernetes" "github.com/comrade-coop/apocryph/pkg/loki" @@ -54,10 +55,8 @@ func (s *provisionPodServer) GetPodInfos(ctx context.Context, request *connect.R return nil, err } var info strings.Builder - for _, rsrc := range list.Items { - for k, v := range rsrc.Annotations { - info.WriteString(k + ":" + v + ",") - } + if len(list.Items) > 0 { + info.WriteString(list.Items[0].Annotations[constants.VerificationInfoAnnotationKey]) } response := &pb.PodInfoResponse{Info: info.String()} return connect.NewResponse(response), nil diff --git a/proto/pod.proto b/proto/pod.proto index 6f2da491..170c99b5 100644 --- a/proto/pod.proto +++ b/proto/pod.proto @@ -10,8 +10,7 @@ message Pod { repeated Volume volumes = 2; Replicas replicas = 3; KeyPair keyPair = 4; - bool PublicVerifiability = 5; - string VerificationHostPath = 6; + VerificationSettings verificationSettings = 5; } message Container { @@ -109,3 +108,8 @@ message KeyPair { string privateKey= 2; string pubAddress = 3; } +message VerificationSettings{ + bool ForcePolicy = 1; + bool PublicVerifiability = 2; + string VerificationHostPath = 3; +} diff --git a/test/e2e/common/manifests/manifest-attestation-nginx.yaml b/test/e2e/common/manifests/manifest-attestation-nginx.yaml index ab223908..33d44a87 100644 --- a/test/e2e/common/manifests/manifest-attestation-nginx.yaml +++ b/test/e2e/common/manifests/manifest-attestation-nginx.yaml @@ -3,7 +3,7 @@ containers: image: url: ttl.sh/nginx-hello@sha256:631c081135cc6a81ad685f39d107d9eb6140d3a2265b0aa6792346f06936de72 ports: - - containerPort: '9090' + - containerPort: '8080' hostHttpHost: example.local name: internal resourceRequests: @@ -14,4 +14,6 @@ containers: replicas: min: 1 max: 1 -PublicVerifiability: true +verificationSettings: + ForcePolicy: true + PublicVerifiability: true diff --git a/test/e2e/common/scripts/build-images.sh b/test/e2e/common/scripts/build-images.sh index f7304ee5..3da5662f 100755 --- a/test/e2e/common/scripts/build-images.sh +++ b/test/e2e/common/scripts/build-images.sh @@ -22,4 +22,4 @@ docker push localhost:5000/comradecoop/apocryph/autoscaler:latest docker tag comradecoop/apocryph/tpod-proxy:latest ttl.sh/comradecoop/apocryph/tpod-proxy:5h docker push ttl.sh/comradecoop/apocryph/tpod-proxy:5h IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' comradecoop/apocryph/tpod-proxy) -# cosign sign $IMAGE_DIGEST +cosign sign $IMAGE_DIGEST From c613aa68cb3c4bf855b7eaf46b951d22028420a4 Mon Sep 17 00:00:00 2001 From: revoltez Date: Wed, 28 Aug 2024 18:47:38 +0100 Subject: [PATCH 14/22] feat: add url verification support for verify command --- cmd/trustedpods/flags.go | 2 + cmd/trustedpods/verify.go | 72 +++++++++++++++++++--- pkg/proxy/proxy.go | 2 +- test/e2e/common/scripts/redeploy-images.sh | 5 +- test/e2e/minikube/run-attestation-test.sh | 10 +-- 5 files changed, 74 insertions(+), 17 deletions(-) diff --git a/cmd/trustedpods/flags.go b/cmd/trustedpods/flags.go index aa1f93ec..ff32bc89 100644 --- a/cmd/trustedpods/flags.go +++ b/cmd/trustedpods/flags.go @@ -34,6 +34,7 @@ var verify bool var verifyFlags = &pflag.FlagSet{} var signaturePath string +var hostHeader string var imageCertificateFlags = &pflag.FlagSet{} var certificateIdentity string @@ -87,6 +88,7 @@ var _ = func() error { verifyFlags.AddFlagSet(imageCertificateFlags) verifyFlags.StringVar(&signaturePath, "signature", "", "path to the signature you want to verify") + verifyFlags.StringVar(&hostHeader, "host-header", "", "the verification host header when passing a tpod ip endpoint to verify") fundFlags.StringVar(ðereumRpc, "ethereum-rpc", "http://127.0.0.1:8545", "ethereum rpc node") fundFlags.StringVar(&publisherKey, "ethereum-key", "", "account string (private key | http[s]://clef#account | /keystore#account | account (in default keystore))") diff --git a/cmd/trustedpods/verify.go b/cmd/trustedpods/verify.go index 51c795b3..d2688f05 100644 --- a/cmd/trustedpods/verify.go +++ b/cmd/trustedpods/verify.go @@ -1,8 +1,15 @@ package main import ( + "encoding/json" "fmt" + "io" + "log" + "net/http" + "net/url" + "strings" + tpk8s "github.com/comrade-coop/apocryph/pkg/kubernetes" "github.com/comrade-coop/apocryph/pkg/proto" "github.com/comrade-coop/apocryph/pkg/publisher" "github.com/spf13/cobra" @@ -33,20 +40,65 @@ var verifyPodCmd = &cobra.Command{ var verifyImageCmd = &cobra.Command{ Use: fmt.Sprintf("verify image"), Short: "Verify image signature", - Long: "Verify the signatures & the certificates of the specified image name", + Long: "Verify the signatures & the certificates of the specified image name or Tpod URL", Example: "verify ttl.sh/hello-world@sha256:d37ada95d47ad12224c205a938129df7a3e52345828b4fa27b03a98825d1e2e7 --certificate-identity=name@example.com --certificate-oidc-issuer=https://github.com/login/oauth", Args: cobra.ExactArgs(1), RunE: func(cmd *cobra.Command, args []string) error { - verifyOptions := publisher.DefaultVerifyOptions() - if signaturePath != "" { - verifyOptions.PayloadRef = signaturePath - } - image := &proto.Image{Url: args[0], VerificationDetails: &proto.VerificationDetails{Identity: certificateIdentity, Issuer: certificateOidcIssuer}} - err := publisher.VerifyImages([]*proto.Image{image}, verifyOptions) - if err != nil { - return fmt.Errorf("Failed verifying Image: %v", err) - } + parsedURL, err := url.ParseRequestURI(args[0]) + if err == nil && parsedURL.Scheme != "" && parsedURL.Host != "" { + req, err := http.NewRequest("GET", args[0], nil) + if err != nil { + log.Fatalf("Failed to create request: %v", err) + } + host := parsedURL.Host + // Check if the Host is an ip Address by detecting if the port is passed + if strings.Contains(host, ":") { + if hostHeader == "" { + return fmt.Errorf("Must pass the host-header flag when passing an ip endpoint") + } + req.Host = hostHeader + } + + // Send the request + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return fmt.Errorf("failed to send request: %v", err) + } + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + return fmt.Errorf("Failed to read response body: %v", err) + } + + var annotationValues []tpk8s.AnnotationValue + if err := json.Unmarshal(body, &annotationValues); err != nil { + return fmt.Errorf("Failed to unmarshal JSON response: %v", err) + } + // Verify each image from the response + verifyOptions := publisher.DefaultVerifyOptions() + images := []*proto.Image{} + for _, av := range annotationValues { + image := &proto.Image{Url: av.URL, VerificationDetails: &proto.VerificationDetails{Signature: av.Signature, Identity: av.Identity, Issuer: av.Issuer}} + images = append(images, image) + } + err = publisher.VerifyImages(images, verifyOptions) + if err != nil { + return fmt.Errorf("Failed verifying Images: %v", err) + } + } else { + verifyOptions := publisher.DefaultVerifyOptions() + if signaturePath != "" { + verifyOptions.PayloadRef = signaturePath + } + image := &proto.Image{Url: args[0], VerificationDetails: &proto.VerificationDetails{Identity: certificateIdentity, Issuer: certificateOidcIssuer}} + err := publisher.VerifyImages([]*proto.Image{image}, verifyOptions) + if err != nil { + return fmt.Errorf("Failed verifying Image: %v", err) + } + } return nil }, } diff --git a/pkg/proxy/proxy.go b/pkg/proxy/proxy.go index 3b781132..d9a96b20 100644 --- a/pkg/proxy/proxy.go +++ b/pkg/proxy/proxy.go @@ -44,7 +44,7 @@ func handler(w http.ResponseWriter, r *http.Request) { } // Write the info string to the response - w.Header().Set("Content-Type", "text/plain") + w.Header().Set("Content-Type", "application/json") w.WriteHeader(http.StatusOK) _, _ = w.Write([]byte(info)) } diff --git a/test/e2e/common/scripts/redeploy-images.sh b/test/e2e/common/scripts/redeploy-images.sh index 841f317d..4a8c36df 100755 --- a/test/e2e/common/scripts/redeploy-images.sh +++ b/test/e2e/common/scripts/redeploy-images.sh @@ -5,7 +5,10 @@ cd "$(dirname "$0")" minikube profile c1 kubectl delete namespace trustedpods +IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' comradecoop/apocryph/tpod-proxy) +echo $IMAGE_DIGEST + # delete old image policy kubectl delete ClusterImagePolicy tpod-proxy-policy # will use default withdraw address & eth keys specefied in values.yaml -helmfile apply -f ../../minikube -l name=trustedpods --skip-deps $1 $2 $3 $4 $5 $6 +helmfile apply -f ../../minikube -l name=trustedpods --skip-deps --set policy.image=$IMAGE_DIGEST $1 $2 $3 $4 $5 $6 diff --git a/test/e2e/minikube/run-attestation-test.sh b/test/e2e/minikube/run-attestation-test.sh index 313309a4..0b1f1ad8 100755 --- a/test/e2e/minikube/run-attestation-test.sh +++ b/test/e2e/minikube/run-attestation-test.sh @@ -16,21 +16,21 @@ fi CERTIFICATE_IDENTITY=$1 CERTIFICATE_OIDC_ISSUER=$2 -IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' comradecoop/apocryph/tpod-proxy) -echo $IMAGE_DIGEST - ## 1: configure the cluster to support image validation -../common/scripts/redeploy-images.sh --set policy.issuer=$CERTIFICATE_OIDC_ISSUER --set policy.subject=$CERTIFICATE_IDENTITY --set policy.image=$IMAGE_DIGEST +../common/scripts/redeploy-images.sh --set policy.issuer=$CERTIFICATE_OIDC_ISSUER --set policy.subject=$CERTIFICATE_IDENTITY ## 2: deploy app docker pull nginxdemos/nginx-hello@sha256:2ab1f0bef4461020a1aabee4260a1fe93b03ed69d7f72908acca3a7ec33cb1c0 docker tag docker.io/nginxdemos/nginx-hello:latest ttl.sh/nginx-hello:1h docker push ttl.sh/nginx-hello:1h -./deploy-pod.sh ../common/manifests/manifest-attestation-nginx.yaml --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER +./deploy-pod.sh ../common/manifests/manifest-attestation-nginx.yaml --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER --sign-images --upload-signatures ## 3: Get Application info INGRESS_URL=$(minikube service -n keda ingress-nginx-controller --url=true -p c1 | head -n 1); echo $INGRESS_URL MANIFEST_HOST=example.local.tpodinfo # From manifest-nginx.yaml while ! curl --connect-timeout 40 -H "Host: $MANIFEST_HOST" $INGRESS_URL --fail-with-body; do sleep 10; done +echo + +go run ../../../cmd/trustedpods verify $INGRESS_URL --host-header $MANIFEST_HOST From faf0f593e5bf9b35d1404a7ead67cbefb942cb8e Mon Sep 17 00:00:00 2001 From: revoltez Date: Thu, 29 Aug 2024 09:04:49 +0100 Subject: [PATCH 15/22] chore: move tpodinfo before the TLD --- cmd/trustedpods/deploy.go | 9 ++++++++- test/e2e/minikube/run-attestation-test.sh | 11 ++++++----- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/cmd/trustedpods/deploy.go b/cmd/trustedpods/deploy.go index 0678be5a..e0fc3595 100644 --- a/cmd/trustedpods/deploy.go +++ b/cmd/trustedpods/deploy.go @@ -8,6 +8,7 @@ import ( "fmt" "math/big" "path/filepath" + "strings" "github.com/comrade-coop/apocryph/pkg/abi" "github.com/comrade-coop/apocryph/pkg/ethereum" @@ -231,7 +232,13 @@ var deployPodCmd = &cobra.Command{ for _, p := range image.Ports { switch ep := p.ExposedPort.(type) { case *pb.Container_Port_HostHttpHost: - pod.VerificationSettings.VerificationHostPath = ep.HostHttpHost + ".tpodinfo" + lastDotIndex := strings.LastIndex(ep.HostHttpHost, ".") + var host string + if lastDotIndex == -1 { + host = ep.HostHttpHost + ".tpodinfo" + } + host = ep.HostHttpHost[:lastDotIndex] + ".tpodinfo" + ep.HostHttpHost[lastDotIndex:] + pod.VerificationSettings.VerificationHostPath = host break } } diff --git a/test/e2e/minikube/run-attestation-test.sh b/test/e2e/minikube/run-attestation-test.sh index 0b1f1ad8..515ab3c8 100755 --- a/test/e2e/minikube/run-attestation-test.sh +++ b/test/e2e/minikube/run-attestation-test.sh @@ -6,15 +6,16 @@ echo "EXAMPLE: $0 example@email.com https://github.com/login/oauth" set -v # NOTE: The oidc-issuer for Google is https://accounts.google.com, Microsoft is https://login.microsoftonline.com, GitHub is https://github.com/login/oauth, and GitLab is https://gitlab.com." +CERTIFICATE_IDENTITY=$1 +CERTIFICATE_OIDC_ISSUER=$2 + # based on https://stackoverflow.com/a/31269848 / https://bobcopeland.com/blog/2012/10/goto-in-bash/ if [ -n "$3" ]; then STEP=${3:-1} - eval "set -v; $(sed -n "/## $STEP: /{:a;n;p;ba};" $0)" + eval "set -v; $(sed -n "/## $STEP: /{:a;n;p;ba};" $0 )" exit fi -CERTIFICATE_IDENTITY=$1 -CERTIFICATE_OIDC_ISSUER=$2 ## 1: configure the cluster to support image validation ../common/scripts/redeploy-images.sh --set policy.issuer=$CERTIFICATE_OIDC_ISSUER --set policy.subject=$CERTIFICATE_IDENTITY @@ -24,11 +25,11 @@ docker pull nginxdemos/nginx-hello@sha256:2ab1f0bef4461020a1aabee4260a1fe93b03ed docker tag docker.io/nginxdemos/nginx-hello:latest ttl.sh/nginx-hello:1h docker push ttl.sh/nginx-hello:1h -./deploy-pod.sh ../common/manifests/manifest-attestation-nginx.yaml --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER --sign-images --upload-signatures +./deploy-pod.sh ../common/manifests/manifest-attestation-nginx.yaml --certificate-identity $CERTIFICATE_IDENTITY --certificate-oidc-issuer $CERTIFICATE_OIDC_ISSUER ## 3: Get Application info INGRESS_URL=$(minikube service -n keda ingress-nginx-controller --url=true -p c1 | head -n 1); echo $INGRESS_URL -MANIFEST_HOST=example.local.tpodinfo # From manifest-nginx.yaml +MANIFEST_HOST=example.tpodinfo.local # From manifest-nginx.yaml while ! curl --connect-timeout 40 -H "Host: $MANIFEST_HOST" $INGRESS_URL --fail-with-body; do sleep 10; done echo From cc1ecbeff3a51525176e14ec69c38e7110a3fedc Mon Sep 17 00:00:00 2001 From: revoltez Date: Thu, 29 Aug 2024 09:30:48 +0100 Subject: [PATCH 16/22] chore: rename to verificationHost --- cmd/trustedpods/deploy.go | 10 +++++----- pkg/kubernetes/pods.go | 2 +- pkg/proto-ts/pod_pb.ts | 6 +++--- pkg/proto/pod.pb.go | 25 ++++++++++++------------- proto/pod.proto | 2 +- 5 files changed, 22 insertions(+), 23 deletions(-) diff --git a/cmd/trustedpods/deploy.go b/cmd/trustedpods/deploy.go index e0fc3595..b1a4ae62 100644 --- a/cmd/trustedpods/deploy.go +++ b/cmd/trustedpods/deploy.go @@ -227,7 +227,7 @@ var deployPodCmd = &cobra.Command{ fmt.Fprintf(cmd.ErrOrStderr(), "warning: %v\n", err) } - if pod.VerificationSettings.PublicVerifiability == true && pod.VerificationSettings.VerificationHostPath == "" { + if pod.VerificationSettings.PublicVerifiability == true && pod.VerificationSettings.VerificationHost == "" { for _, image := range pod.Containers { for _, p := range image.Ports { switch ep := p.ExposedPort.(type) { @@ -238,18 +238,18 @@ var deployPodCmd = &cobra.Command{ host = ep.HostHttpHost + ".tpodinfo" } host = ep.HostHttpHost[:lastDotIndex] + ".tpodinfo" + ep.HostHttpHost[lastDotIndex:] - pod.VerificationSettings.VerificationHostPath = host + pod.VerificationSettings.VerificationHost = host break } } - if pod.VerificationSettings.VerificationHostPath != "" { + if pod.VerificationSettings.VerificationHost != "" { break } } - if pod.VerificationSettings.VerificationHostPath == "" { + if pod.VerificationSettings.VerificationHost == "" { return fmt.Errorf("Public verifiability is set but no verification host path is available or could be derived") } - fmt.Printf("pod manifest verification host path set to:%v\n", pod.VerificationSettings.VerificationHostPath) + fmt.Printf("pod manifest verification host path set to:%v\n", pod.VerificationSettings.VerificationHost) } err = publisher.FundPaymentChannel(ethClient, publisherAuth, deployment, fundsInt, unlockTimeInt, debugMintFunds) diff --git a/pkg/kubernetes/pods.go b/pkg/kubernetes/pods.go index f807176e..bd8e0093 100644 --- a/pkg/kubernetes/pods.go +++ b/pkg/kubernetes/pods.go @@ -129,7 +129,7 @@ func ApplyPodRequest( routeHttpso.Spec.ScaleTargetRef.Service = serviceProxy.ObjectMeta.Name routeHttpso.Spec.ScaleTargetRef.Port = 9999 routeHttpso.Spec.ScaleTargetRef.APIVersion = "apps/v1" - routeHttpso.Spec.Hosts = []string{podManifest.VerificationSettings.VerificationHostPath} + routeHttpso.Spec.Hosts = []string{podManifest.VerificationSettings.VerificationHost} routeHttpso.Spec.Replicas = &kedahttpv1alpha1.ReplicaStruct{Min: ptr.Int32(1), Max: ptr.Int32(1)} proxyContainer := corev1.Container{ Name: "proxy", diff --git a/pkg/proto-ts/pod_pb.ts b/pkg/proto-ts/pod_pb.ts index 24b0c124..f56b22af 100644 --- a/pkg/proto-ts/pod_pb.ts +++ b/pkg/proto-ts/pod_pb.ts @@ -798,9 +798,9 @@ export class VerificationSettings extends Message { PublicVerifiability = false; /** - * @generated from field: string VerificationHostPath = 3; + * @generated from field: string VerificationHost = 3; */ - VerificationHostPath = ""; + VerificationHost = ""; constructor(data?: PartialMessage) { super(); @@ -812,7 +812,7 @@ export class VerificationSettings extends Message { static readonly fields: FieldList = proto3.util.newFieldList(() => [ { no: 1, name: "ForcePolicy", kind: "scalar", T: 8 /* ScalarType.BOOL */ }, { no: 2, name: "PublicVerifiability", kind: "scalar", T: 8 /* ScalarType.BOOL */ }, - { no: 3, name: "VerificationHostPath", kind: "scalar", T: 9 /* ScalarType.STRING */ }, + { no: 3, name: "VerificationHost", kind: "scalar", T: 9 /* ScalarType.STRING */ }, ]); static fromBinary(bytes: Uint8Array, options?: Partial): VerificationSettings { diff --git a/pkg/proto/pod.pb.go b/pkg/proto/pod.pb.go index a7e63bf4..57bd87ee 100644 --- a/pkg/proto/pod.pb.go +++ b/pkg/proto/pod.pb.go @@ -806,9 +806,9 @@ type VerificationSettings struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - ForcePolicy bool `protobuf:"varint,1,opt,name=ForcePolicy,proto3" json:"ForcePolicy,omitempty"` - PublicVerifiability bool `protobuf:"varint,2,opt,name=PublicVerifiability,proto3" json:"PublicVerifiability,omitempty"` - VerificationHostPath string `protobuf:"bytes,3,opt,name=VerificationHostPath,proto3" json:"VerificationHostPath,omitempty"` + ForcePolicy bool `protobuf:"varint,1,opt,name=ForcePolicy,proto3" json:"ForcePolicy,omitempty"` + PublicVerifiability bool `protobuf:"varint,2,opt,name=PublicVerifiability,proto3" json:"PublicVerifiability,omitempty"` + VerificationHost string `protobuf:"bytes,3,opt,name=VerificationHost,proto3" json:"VerificationHost,omitempty"` } func (x *VerificationSettings) Reset() { @@ -857,9 +857,9 @@ func (x *VerificationSettings) GetPublicVerifiability() bool { return false } -func (x *VerificationSettings) GetVerificationHostPath() string { +func (x *VerificationSettings) GetVerificationHost() string { if x != nil { - return x.VerificationHostPath + return x.VerificationHost } return "" } @@ -1318,20 +1318,19 @@ var file_pod_proto_rawDesc = []byte{ 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x75, 0x62, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x22, - 0x9e, 0x01, 0x0a, 0x14, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x96, 0x01, 0x0a, 0x14, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x20, 0x0a, 0x0b, 0x46, 0x6f, 0x72, 0x63, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x46, 0x6f, 0x72, 0x63, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x30, 0x0a, 0x13, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x56, - 0x65, 0x72, 0x69, 0x66, 0x69, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x32, 0x0a, 0x14, + 0x65, 0x72, 0x69, 0x66, 0x69, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x2a, 0x0a, 0x10, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x6f, 0x73, 0x74, - 0x50, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x56, 0x65, 0x72, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x6f, 0x73, 0x74, 0x50, 0x61, 0x74, 0x68, - 0x42, 0x2c, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, - 0x6f, 0x6d, 0x72, 0x61, 0x64, 0x65, 0x2d, 0x63, 0x6f, 0x6f, 0x70, 0x2f, 0x61, 0x70, 0x6f, 0x63, - 0x72, 0x79, 0x70, 0x68, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x6f, 0x73, 0x74, 0x42, 0x2c, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6d, 0x72, 0x61, 0x64, 0x65, 0x2d, 0x63, + 0x6f, 0x6f, 0x70, 0x2f, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2f, 0x70, 0x6b, 0x67, + 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proto/pod.proto b/proto/pod.proto index 170c99b5..5cacde53 100644 --- a/proto/pod.proto +++ b/proto/pod.proto @@ -111,5 +111,5 @@ message KeyPair { message VerificationSettings{ bool ForcePolicy = 1; bool PublicVerifiability = 2; - string VerificationHostPath = 3; + string VerificationHost = 3; } From 7d5848c4641b2da5cd92b4f8fc145178c0d4b243 Mon Sep 17 00:00:00 2001 From: Bojidar Marinov Date: Mon, 7 Oct 2024 13:13:43 +0300 Subject: [PATCH 17/22] fix: round off a few minor issues --- cmd/trustedpods/flags.go | 7 ++++--- pkg/kubernetes/pods.go | 18 +++++++----------- .../manifests/manifest-attestation-hello.yaml | 3 ++- 3 files changed, 13 insertions(+), 15 deletions(-) diff --git a/cmd/trustedpods/flags.go b/cmd/trustedpods/flags.go index ff32bc89..1985fb06 100644 --- a/cmd/trustedpods/flags.go +++ b/cmd/trustedpods/flags.go @@ -77,15 +77,16 @@ var _ = func() error { deploymentFlags.BoolVar(&uploadSignatures, "upload-signatures", false, "skip uploading signatures to the registry") deploymentFlags.BoolVar(&signImages, "sign-images", false, "sign pod images") + imageCertificateFlags.StringVar(&certificateIdentity, "certificate-identity", "", "identity used for signing the image") + imageCertificateFlags.StringVar(&certificateOidcIssuer, "certificate-oidc-issuer", "", "issuer of the oidc") + uploadFlags.StringVar(&ipfsApi, "ipfs", "/ip4/127.0.0.1/tcp/5001", "multiaddr where the ipfs/kubo api can be accessed") uploadFlags.BoolVar(&uploadImages, "upload-images", true, "upload images") uploadFlags.BoolVar(&uploadSecrets, "upload-secrets", true, "upload secrets") uploadFlags.BoolVar(&signImages, "sign-images", false, "sign pod images (requires certificate identity & issuer flags)") + uploadFlags.AddFlagSet(imageCertificateFlags) uploadFlags.BoolVar(&uploadSignatures, "upload-signatures", false, "skip uploading signatures to the registry") - imageCertificateFlags.StringVar(&certificateIdentity, "certificate-identity", "", "identity used for signing the image") - imageCertificateFlags.StringVar(&certificateOidcIssuer, "certificate-oidc-issuer", "", "issuer of the oidc") - verifyFlags.AddFlagSet(imageCertificateFlags) verifyFlags.StringVar(&signaturePath, "signature", "", "path to the signature you want to verify") verifyFlags.StringVar(&hostHeader, "host-header", "", "the verification host header when passing a tpod ip endpoint to verify") diff --git a/pkg/kubernetes/pods.go b/pkg/kubernetes/pods.go index bd8e0093..3be992de 100644 --- a/pkg/kubernetes/pods.go +++ b/pkg/kubernetes/pods.go @@ -27,7 +27,7 @@ type FetchSecret func(cid []byte) (map[string][]byte, error) // given a k8s resource; it checks the existence of that resource in the // cluster, if it exists it Will update it if needed, if not it will create it -func updateOrCreate(ctx context.Context, resourceName, kind, namespace string, resource interface{}, client k8cl.Client, update bool) error { +func updateOrCreate(ctx context.Context, resourceName, kind, namespace string, resource k8cl.Object, client k8cl.Client, update bool) error { if update { key := &k8cl.ObjectKey{ Namespace: namespace, @@ -35,24 +35,20 @@ func updateOrCreate(ctx context.Context, resourceName, kind, namespace string, r } oldResource := GetResource(kind) - updatedResource, ok := resource.(k8cl.Object) - if !ok { - return fmt.Errorf("resource does not implement client.Object") - } - updatedResource.SetNamespace(namespace) - updatedResource.SetName(resourceName) + resource.SetNamespace(namespace) + resource.SetName(resourceName) - err := client.Get(ctx, *key, oldResource.(k8cl.Object)) - updatedResource.SetResourceVersion(oldResource.(k8cl.Object).GetResourceVersion()) // resource version should be retrieved from the old resource in order for httpSo to work + err := client.Get(ctx, *key, oldResource) + resource.SetResourceVersion(oldResource.GetResourceVersion()) // resource version should be retrieved from the old resource in order for httpSo to work if err != nil { log.Printf("Added New Resource: %v \n", resourceName) - if err := client.Create(ctx, updatedResource); err != nil { + if err := client.Create(ctx, resource); err != nil { return fmt.Errorf("Failed creating resource:%v: %v\n", resourceName, err) } return nil } - err = client.Update(ctx, updatedResource) + err = client.Update(ctx, resource) if err != nil { return fmt.Errorf("Failed updating resource:%v, %v\n", resourceName, err) } diff --git a/test/e2e/common/manifests/manifest-attestation-hello.yaml b/test/e2e/common/manifests/manifest-attestation-hello.yaml index 01271243..cc6f7074 100644 --- a/test/e2e/common/manifests/manifest-attestation-hello.yaml +++ b/test/e2e/common/manifests/manifest-attestation-hello.yaml @@ -10,4 +10,5 @@ containers: replicas: min: 1 max: 1 -ImageVerification: true +verificationSettings: + ImageVerification: true From c18fc28eb54795524b88a14eac9c795339d9d636 Mon Sep 17 00:00:00 2001 From: Bojidar Marinov Date: Mon, 7 Oct 2024 13:17:37 +0300 Subject: [PATCH 18/22] fix: return VerificationHost from the server instead of computing it at the client For consistency with similar features. --- cmd/trustedpods/deploy.go | 26 ----- pkg/kubernetes/pods.go | 157 ++++++++++++++------------ pkg/proto/provision-pod.pb.go | 155 +++++++++++++------------ pkg/proto/provisioning-capacity.pb.go | 4 +- pkg/proto/registry.pb.go | 4 +- proto/pod.proto | 8 +- proto/provision-pod.proto | 1 + 7 files changed, 179 insertions(+), 176 deletions(-) diff --git a/cmd/trustedpods/deploy.go b/cmd/trustedpods/deploy.go index b1a4ae62..6fd4dd5b 100644 --- a/cmd/trustedpods/deploy.go +++ b/cmd/trustedpods/deploy.go @@ -8,7 +8,6 @@ import ( "fmt" "math/big" "path/filepath" - "strings" "github.com/comrade-coop/apocryph/pkg/abi" "github.com/comrade-coop/apocryph/pkg/ethereum" @@ -227,31 +226,6 @@ var deployPodCmd = &cobra.Command{ fmt.Fprintf(cmd.ErrOrStderr(), "warning: %v\n", err) } - if pod.VerificationSettings.PublicVerifiability == true && pod.VerificationSettings.VerificationHost == "" { - for _, image := range pod.Containers { - for _, p := range image.Ports { - switch ep := p.ExposedPort.(type) { - case *pb.Container_Port_HostHttpHost: - lastDotIndex := strings.LastIndex(ep.HostHttpHost, ".") - var host string - if lastDotIndex == -1 { - host = ep.HostHttpHost + ".tpodinfo" - } - host = ep.HostHttpHost[:lastDotIndex] + ".tpodinfo" + ep.HostHttpHost[lastDotIndex:] - pod.VerificationSettings.VerificationHost = host - break - } - } - if pod.VerificationSettings.VerificationHost != "" { - break - } - } - if pod.VerificationSettings.VerificationHost == "" { - return fmt.Errorf("Public verifiability is set but no verification host path is available or could be derived") - } - fmt.Printf("pod manifest verification host path set to:%v\n", pod.VerificationSettings.VerificationHost) - } - err = publisher.FundPaymentChannel(ethClient, publisherAuth, deployment, fundsInt, unlockTimeInt, debugMintFunds) if err != nil { return err diff --git a/pkg/kubernetes/pods.go b/pkg/kubernetes/pods.go index 3be992de..b96e3762 100644 --- a/pkg/kubernetes/pods.go +++ b/pkg/kubernetes/pods.go @@ -99,6 +99,7 @@ func ApplyPodRequest( }, }, } + deploymentAnnotationValues := []AnnotationValue{} podTemplate := &deployment.Spec.Template @@ -107,53 +108,36 @@ func ApplyPodRequest( localhostAliases := corev1.HostAlias{IP: "127.0.0.1"} - if podManifest.VerificationSettings.PublicVerifiability { - // used only to use the routing from keda ingress controller - routeHttpsoName := "route-hso" - routeHttpso := NewHttpSo(namespace, routeHttpsoName) - serviceProxyName := "tpod-svc-proxy" - serviceProxy := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ - Name: serviceProxyName, - }, - Spec: corev1.ServiceSpec{ - Type: corev1.ServiceTypeClusterIP, - Ports: []corev1.ServicePort{{Port: 9999, TargetPort: intstr.FromString("tpod-proxy")}}, - Selector: labels, - }, - } - routeHttpso.Spec.ScaleTargetRef.Service = serviceProxy.ObjectMeta.Name - routeHttpso.Spec.ScaleTargetRef.Port = 9999 - routeHttpso.Spec.ScaleTargetRef.APIVersion = "apps/v1" - routeHttpso.Spec.Hosts = []string{podManifest.VerificationSettings.VerificationHost} - routeHttpso.Spec.Replicas = &kedahttpv1alpha1.ReplicaStruct{Min: ptr.Int32(1), Max: ptr.Int32(1)} - proxyContainer := corev1.Container{ - Name: "proxy", - Image: proxyImage, - Ports: []corev1.ContainerPort{{ContainerPort: 9999, Name: "tpod-proxy"}}, - } - err := updateOrCreate(ctx, serviceProxyName, "Service", namespace, serviceProxy, client, update) - if err != nil { - return err - } - err = updateOrCreate(ctx, routeHttpsoName, "HttpSo", namespace, routeHttpso, client, update) - if err != nil { - return err + + for cIdx, container := range podManifest.Containers { + containerSpec := corev1.Container{ + Name: container.Name, + Image: images[container.Name], + ImagePullPolicy: corev1.PullIfNotPresent, // make sure images are pulled localy (didn't never pull for the tpod-proxy image, for now) + Command: container.Entrypoint, + Args: container.Command, + WorkingDir: container.WorkingDir, } - proxyContainer.Env = append(proxyContainer.Env, corev1.EnvVar{Name: constants.NamespaceKey, Value: namespace}) - podTemplate.Spec.Containers = append(podTemplate.Spec.Containers, proxyContainer) - } - annotationValues := []AnnotationValue{} - for i, container := range podManifest.Containers { - if podManifest.VerificationSettings.ForcePolicy == true && container.Image.VerificationDetails != nil { - policyName := fmt.Sprintf("policy-%v-%v", podId, i) + if podManifest.KeyPair != nil { + // save as hex to parse later as hex + containerSpec.Env = append(containerSpec.Env, corev1.EnvVar{Name: constants.PAYMENT_ADDR_KEY, Value: common.BytesToAddress(paymentChannel.ContractAddress).Hex()}) + containerSpec.Env = append(containerSpec.Env, corev1.EnvVar{Name: constants.PUBLISHER_ADDR_KEY, Value: common.BytesToAddress(paymentChannel.PublisherAddress).Hex()}) + containerSpec.Env = append(containerSpec.Env, corev1.EnvVar{Name: constants.PROVIDER_ADDR_KEY, Value: common.BytesToAddress(paymentChannel.ProviderAddress).Hex()}) + containerSpec.Env = append(containerSpec.Env, corev1.EnvVar{Name: constants.POD_ID_KEY, Value: common.BytesToHash(paymentChannel.PodID).Hex()}) + containerSpec.Env = append(containerSpec.Env, corev1.EnvVar{Name: constants.PUBLIC_ADDRESS_KEY, Value: podManifest.KeyPair.PubAddress}) + containerSpec.Env = append(containerSpec.Env, corev1.EnvVar{Name: constants.PRIVATE_KEY, Value: podManifest.KeyPair.PrivateKey}) + } + + if podManifest.VerificationSettings.GetForcePolicy() && container.Image.VerificationDetails != nil { + policyName := fmt.Sprintf("policy-%v-%v", podId, cIdx) // NOTE: Will break for two-digit container ids (see note around podId) sigstorePolicy := &policy.ClusterImagePolicy{ TypeMeta: metav1.TypeMeta{Kind: "ClusterImagePolicy"}, ObjectMeta: metav1.ObjectMeta{Name: policyName}, Spec: policy.ClusterImagePolicySpec{ Images: []policy.ImagePattern{{Glob: container.Image.Url}}, Authorities: []policy.Authority{{Keyless: &policy.KeylessRef{}}}, - }} + }, + } identity := policy.Identity{Issuer: container.Image.VerificationDetails.Issuer, Subject: container.Image.VerificationDetails.Identity} sigstorePolicy.Spec.Authorities[0].Keyless.Identities = []policy.Identity{identity} annotationValue := AnnotationValue{ @@ -162,7 +146,7 @@ func ApplyPodRequest( Issuer: container.Image.VerificationDetails.Issuer, Identity: container.Image.VerificationDetails.Identity, } - annotationValues = append(annotationValues, annotationValue) + deploymentAnnotationValues = append(deploymentAnnotationValues, annotationValue) err := updateOrCreate(ctx, policyName, "ClusterImagePolicy", namespace, sigstorePolicy, client, update) if err != nil && strings.Contains(err.Error(), "already exists") { log.Println("warning: Policies were not deleted properly") @@ -171,34 +155,6 @@ func ApplyPodRequest( return err } } - } - jsonData, err := json.Marshal(annotationValues) - if err != nil { - return fmt.Errorf("Failed to marshal annotation values: %v", err) - } - deployment.Annotations = map[string]string{ - constants.VerificationInfoAnnotationKey: string(jsonData), - } - - for cIdx, container := range podManifest.Containers { - containerSpec := corev1.Container{ - Name: container.Name, - Image: images[container.Name], - ImagePullPolicy: corev1.PullIfNotPresent, // make sure images are pulled localy (didn't never pull for the tpod-proxy image, for now) - Command: container.Entrypoint, - Args: container.Command, - WorkingDir: container.WorkingDir, - } - - if podManifest.KeyPair != nil { - // save as hex to parse later as hex - containerSpec.Env = append(containerSpec.Env, corev1.EnvVar{Name: constants.PAYMENT_ADDR_KEY, Value: common.BytesToAddress(paymentChannel.ContractAddress).Hex()}) - containerSpec.Env = append(containerSpec.Env, corev1.EnvVar{Name: constants.PUBLISHER_ADDR_KEY, Value: common.BytesToAddress(paymentChannel.PublisherAddress).Hex()}) - containerSpec.Env = append(containerSpec.Env, corev1.EnvVar{Name: constants.PROVIDER_ADDR_KEY, Value: common.BytesToAddress(paymentChannel.ProviderAddress).Hex()}) - containerSpec.Env = append(containerSpec.Env, corev1.EnvVar{Name: constants.POD_ID_KEY, Value: common.BytesToHash(paymentChannel.PodID).Hex()}) - containerSpec.Env = append(containerSpec.Env, corev1.EnvVar{Name: constants.PUBLIC_ADDRESS_KEY, Value: podManifest.KeyPair.PubAddress}) - containerSpec.Env = append(containerSpec.Env, corev1.EnvVar{Name: constants.PRIVATE_KEY, Value: podManifest.KeyPair.PrivateKey}) - } for field, value := range container.Env { containerSpec.Env = append(containerSpec.Env, corev1.EnvVar{Name: field, Value: value}) @@ -262,9 +218,10 @@ func ApplyPodRequest( } else { depLabels["containers"] = depLabels["containers"] + "_" + containerSpec.Name } - } + podTemplate.Spec.HostAliases = append(podTemplate.Spec.HostAliases, localhostAliases) + for _, volume := range podManifest.Volumes { volumeSpec := corev1.Volume{ Name: volume.Name, @@ -329,6 +286,66 @@ func ApplyPodRequest( } podTemplate.Spec.Volumes = append(podTemplate.Spec.Volumes, volumeSpec) } + + if podManifest.VerificationSettings.GetPublicVerifiability() == true { + verificationHost := podManifest.VerificationSettings.GetVerificationHost() + if verificationHost == "" { + httpHost := httpSO.Spec.Hosts[0] + lastDotIndex := strings.LastIndex(httpHost, ".") + if lastDotIndex == -1 { + verificationHost = httpHost + ".tpodinfo" + } else { + verificationHost = httpHost[:lastDotIndex] + ".tpodinfo" + httpHost[lastDotIndex:] + } + } + if verificationHost == "" { + return fmt.Errorf("Public verifiability is set but no verification host path is available or could be derived") + } + response.VerificationHost = verificationHost + // used only to use the routing from keda ingress controller + routeHttpsoName := "route-hso" + routeHttpso := NewHttpSo(namespace, routeHttpsoName) + serviceProxyName := "tpod-svc-proxy" + serviceProxy := &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: serviceProxyName, + }, + Spec: corev1.ServiceSpec{ + Type: corev1.ServiceTypeClusterIP, + Ports: []corev1.ServicePort{{Port: 9999, TargetPort: intstr.FromString("tpod-proxy")}}, + Selector: labels, + }, + } + routeHttpso.Spec.ScaleTargetRef.Service = serviceProxy.ObjectMeta.Name + routeHttpso.Spec.ScaleTargetRef.Port = 9999 + routeHttpso.Spec.ScaleTargetRef.APIVersion = "apps/v1" + routeHttpso.Spec.Hosts = []string{verificationHost} + routeHttpso.Spec.Replicas = &kedahttpv1alpha1.ReplicaStruct{Min: ptr.Int32(1), Max: ptr.Int32(1)} + proxyContainer := corev1.Container{ + Name: "proxy", + Image: proxyImage, + Ports: []corev1.ContainerPort{{ContainerPort: 9999, Name: "tpod-proxy"}}, + } + err := updateOrCreate(ctx, serviceProxyName, "Service", namespace, serviceProxy, client, update) + if err != nil { + return err + } + err = updateOrCreate(ctx, routeHttpsoName, "HttpSo", namespace, routeHttpso, client, update) + if err != nil { + return err + } + proxyContainer.Env = append(proxyContainer.Env, corev1.EnvVar{Name: constants.NamespaceKey, Value: namespace}) + podTemplate.Spec.Containers = append(podTemplate.Spec.Containers, proxyContainer) + } + + annotationValuesJson, err := json.Marshal(deploymentAnnotationValues) + if err != nil { + return fmt.Errorf("Failed to marshal annotation values: %v", err) + } + deployment.Annotations = map[string]string{ + AnnotationVerificationInfo: string(annotationValuesJson), + } + err = updateOrCreate(ctx, deploymentName, "Deployment", namespace, deployment, client, update) if err != nil { return err diff --git a/pkg/proto/provision-pod.pb.go b/pkg/proto/provision-pod.pb.go index 6e6d37a3..b5322b3e 100644 --- a/pkg/proto/provision-pod.pb.go +++ b/pkg/proto/provision-pod.pb.go @@ -364,9 +364,10 @@ type ProvisionPodResponse struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Error string `protobuf:"bytes,1,opt,name=error,proto3" json:"error,omitempty"` - Addresses []*ProvisionPodResponse_ExposedHostPort `protobuf:"bytes,2,rep,name=addresses,proto3" json:"addresses,omitempty"` - Namespace string `protobuf:"bytes,3,opt,name=namespace,proto3" json:"namespace,omitempty"` + Error string `protobuf:"bytes,1,opt,name=error,proto3" json:"error,omitempty"` + Addresses []*ProvisionPodResponse_ExposedHostPort `protobuf:"bytes,2,rep,name=addresses,proto3" json:"addresses,omitempty"` + Namespace string `protobuf:"bytes,3,opt,name=namespace,proto3" json:"namespace,omitempty"` + VerificationHost string `protobuf:"bytes,4,opt,name=verificationHost,proto3" json:"verificationHost,omitempty"` } func (x *ProvisionPodResponse) Reset() { @@ -422,6 +423,13 @@ func (x *ProvisionPodResponse) GetNamespace() string { return "" } +func (x *ProvisionPodResponse) GetVerificationHost() string { + if x != nil { + return x.VerificationHost + } + return "" +} + type PodLogRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -774,7 +782,7 @@ var file_provision_pod_proto_rawDesc = []byte{ 0x0a, 0x0f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x6f, 0x64, 0x49, - 0x44, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x70, 0x6f, 0x64, 0x49, 0x44, 0x22, 0xab, + 0x44, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x70, 0x6f, 0x64, 0x49, 0x44, 0x22, 0xd7, 0x02, 0x0a, 0x14, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x62, 0x0a, @@ -785,76 +793,79 @@ var file_provision_pod_proto_rawDesc = []byte{ 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x64, 0x48, 0x6f, 0x73, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x09, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x1a, - 0x7b, 0x0a, 0x0f, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x64, 0x48, 0x6f, 0x73, 0x74, 0x50, 0x6f, - 0x72, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x61, 0x64, 0x64, 0x72, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x61, 0x64, 0x64, 0x72, - 0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, - 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, - 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x63, - 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x22, 0x35, 0x0a, 0x0d, - 0x50, 0x6f, 0x64, 0x4c, 0x6f, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x24, 0x0a, - 0x0d, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, - 0x61, 0x6d, 0x65, 0x22, 0x56, 0x0a, 0x0e, 0x50, 0x6f, 0x64, 0x4c, 0x6f, 0x67, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x44, 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, - 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, - 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x4c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x22, 0x52, 0x0a, 0x08, 0x4c, - 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x32, 0x0a, 0x14, 0x4e, 0x61, 0x6e, 0x6f, 0x73, - 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x55, 0x6e, 0x69, 0x78, 0x45, 0x70, 0x6f, 0x63, 0x68, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x14, 0x4e, 0x61, 0x6e, 0x6f, 0x73, 0x65, 0x63, 0x6f, 0x6e, - 0x64, 0x73, 0x55, 0x6e, 0x69, 0x78, 0x45, 0x70, 0x6f, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6c, - 0x69, 0x6e, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6c, 0x69, 0x6e, 0x65, 0x22, - 0x2e, 0x0a, 0x0e, 0x50, 0x6f, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x22, - 0x25, 0x0a, 0x0f, 0x50, 0x6f, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x69, 0x6e, 0x66, 0x6f, 0x32, 0xd6, 0x04, 0x0a, 0x13, 0x50, 0x72, 0x6f, 0x76, 0x69, - 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x79, - 0x0a, 0x0c, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x12, 0x33, - 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, - 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, - 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x34, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, + 0x2a, 0x0a, 0x10, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, + 0x6f, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x76, 0x65, 0x72, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x6f, 0x73, 0x74, 0x1a, 0x7b, 0x0a, 0x0f, 0x45, + 0x78, 0x70, 0x6f, 0x73, 0x65, 0x64, 0x48, 0x6f, 0x73, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1c, + 0x0a, 0x09, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x09, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x61, 0x64, 0x64, 0x72, 0x12, 0x24, 0x0a, 0x0d, + 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, 0x61, + 0x6d, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, + 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, + 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x22, 0x35, 0x0a, 0x0d, 0x50, 0x6f, 0x64, 0x4c, + 0x6f, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x24, 0x0a, 0x0d, 0x43, 0x6f, 0x6e, + 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0d, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x22, + 0x56, 0x0a, 0x0e, 0x50, 0x6f, 0x64, 0x4c, 0x6f, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x12, 0x44, 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, - 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, - 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x73, 0x0a, 0x09, 0x55, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x50, 0x6f, 0x64, 0x12, 0x30, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, - 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, - 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x6f, - 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x34, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, - 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, - 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x70, - 0x0a, 0x09, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x6f, 0x64, 0x12, 0x30, 0x2e, 0x61, 0x70, - 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, - 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x44, 0x65, 0x6c, - 0x65, 0x74, 0x65, 0x50, 0x6f, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, - 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, - 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x44, - 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x6f, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x6e, 0x0a, 0x0b, 0x47, 0x65, 0x74, 0x50, 0x6f, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x73, 0x12, - 0x2e, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x4c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x6c, + 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x22, 0x52, 0x0a, 0x08, 0x4c, 0x6f, 0x67, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x32, 0x0a, 0x14, 0x4e, 0x61, 0x6e, 0x6f, 0x73, 0x65, 0x63, 0x6f, 0x6e, + 0x64, 0x73, 0x55, 0x6e, 0x69, 0x78, 0x45, 0x70, 0x6f, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x04, 0x52, 0x14, 0x4e, 0x61, 0x6e, 0x6f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x55, 0x6e, + 0x69, 0x78, 0x45, 0x70, 0x6f, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6c, 0x69, 0x6e, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6c, 0x69, 0x6e, 0x65, 0x22, 0x2e, 0x0a, 0x0e, 0x50, + 0x6f, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1c, 0x0a, + 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x22, 0x25, 0x0a, 0x0f, 0x50, + 0x6f, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x12, + 0x0a, 0x04, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x69, 0x6e, + 0x66, 0x6f, 0x32, 0xd6, 0x04, 0x0a, 0x13, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, + 0x50, 0x6f, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x79, 0x0a, 0x0c, 0x50, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x12, 0x33, 0x2e, 0x61, 0x70, 0x6f, + 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, + 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x50, 0x72, 0x6f, 0x76, + 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x34, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, - 0x2e, 0x50, 0x6f, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x2f, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, - 0x2e, 0x50, 0x6f, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x6d, 0x0a, 0x0a, 0x47, 0x65, 0x74, 0x50, 0x6f, 0x64, 0x4c, 0x6f, 0x67, 0x73, 0x12, 0x2d, - 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, - 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, - 0x50, 0x6f, 0x64, 0x4c, 0x6f, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, - 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, - 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x50, - 0x6f, 0x64, 0x4c, 0x6f, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x42, - 0x2c, 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, - 0x6d, 0x72, 0x61, 0x64, 0x65, 0x2d, 0x63, 0x6f, 0x6f, 0x70, 0x2f, 0x61, 0x70, 0x6f, 0x63, 0x72, - 0x79, 0x70, 0x68, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x73, 0x0a, 0x09, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, + 0x6f, 0x64, 0x12, 0x30, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, + 0x50, 0x6f, 0x64, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x6f, 0x64, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x34, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, + 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, + 0x6f, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x70, 0x0a, 0x09, 0x44, 0x65, + 0x6c, 0x65, 0x74, 0x65, 0x50, 0x6f, 0x64, 0x12, 0x30, 0x2e, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, + 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x76, + 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, + 0x6f, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, 0x61, 0x70, 0x6f, 0x63, + 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, + 0x65, 0x50, 0x6f, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6e, 0x0a, 0x0b, + 0x47, 0x65, 0x74, 0x50, 0x6f, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x73, 0x12, 0x2e, 0x2e, 0x61, 0x70, + 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, + 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x50, 0x6f, 0x64, + 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x61, 0x70, + 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, + 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x50, 0x6f, 0x64, + 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6d, 0x0a, 0x0a, + 0x47, 0x65, 0x74, 0x50, 0x6f, 0x64, 0x4c, 0x6f, 0x67, 0x73, 0x12, 0x2d, 0x2e, 0x61, 0x70, 0x6f, + 0x63, 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, + 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x50, 0x6f, 0x64, 0x4c, + 0x6f, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x61, 0x70, 0x6f, 0x63, + 0x72, 0x79, 0x70, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x30, 0x2e, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x64, 0x2e, 0x50, 0x6f, 0x64, 0x4c, 0x6f, + 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x42, 0x2c, 0x5a, 0x2a, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6d, 0x72, 0x61, 0x64, + 0x65, 0x2d, 0x63, 0x6f, 0x6f, 0x70, 0x2f, 0x61, 0x70, 0x6f, 0x63, 0x72, 0x79, 0x70, 0x68, 0x2f, + 0x70, 0x6b, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, } var ( diff --git a/pkg/proto/provisioning-capacity.pb.go b/pkg/proto/provisioning-capacity.pb.go index e67107d3..64a4475e 100644 --- a/pkg/proto/provisioning-capacity.pb.go +++ b/pkg/proto/provisioning-capacity.pb.go @@ -2,8 +2,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.12.4 +// protoc-gen-go v1.31.0 +// protoc v5.28.2 // source: provisioning-capacity.proto package proto diff --git a/pkg/proto/registry.pb.go b/pkg/proto/registry.pb.go index 3f0370d0..7a405d01 100644 --- a/pkg/proto/registry.pb.go +++ b/pkg/proto/registry.pb.go @@ -2,8 +2,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.12.4 +// protoc-gen-go v1.31.0 +// protoc v5.28.2 // source: registry.proto package proto diff --git a/proto/pod.proto b/proto/pod.proto index 5cacde53..79303b33 100644 --- a/proto/pod.proto +++ b/proto/pod.proto @@ -44,10 +44,10 @@ message Container { } } message Image { - bytes cid = 1; - Key key = 2; - string url = 3; - VerificationDetails verificationDetails = 4; + bytes cid = 1; + Key key = 2; + string url = 3; + VerificationDetails verificationDetails = 4; } message VerificationDetails { diff --git a/proto/provision-pod.proto b/proto/provision-pod.proto index 90003b87..9ac38b32 100644 --- a/proto/provision-pod.proto +++ b/proto/provision-pod.proto @@ -48,6 +48,7 @@ message ProvisionPodResponse { string error = 1; repeated ExposedHostPort addresses = 2; string namespace = 3; + string verificationHost = 4; message ExposedHostPort { string multiaddr = 1; string containerName = 2; From a0a3f89fbc1b247276e0d235d565a5fefe911f74 Mon Sep 17 00:00:00 2001 From: Bojidar Marinov Date: Mon, 7 Oct 2024 13:19:23 +0300 Subject: [PATCH 19/22] chore!: refactor constants.go, moving things around for consistency --- pkg/constants/constants.go | 8 ++------ pkg/kubernetes/namespaces.go | 2 ++ pkg/kubernetes/pods.go | 8 +++++++- pkg/proto/autoscaler.pb.go | 6 +++--- pkg/proto/deployment.pb.go | 4 ++-- pkg/proto/pod.pb.go | 4 ++-- pkg/proto/pricing.pb.go | 4 ++-- pkg/proto/provision-pod.pb.go | 4 ++-- pkg/provider/server.go | 3 +-- pkg/publisher/images.go | 5 ++++- pkg/publisher/upload.go | 6 ++++-- 11 files changed, 31 insertions(+), 23 deletions(-) diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index fff75f38..9d805c34 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -1,16 +1,12 @@ package constants -import "time" - const PRIVATE_KEY = "PRIVATE_KEY" const PUBLIC_ADDRESS_KEY = "PUBLIC_ADDRESS" const PAYMENT_ADDR_KEY = "PAYMENT_ADDRESS" const PUBLISHER_ADDR_KEY = "PUBLISHER_ADDRESS" const PROVIDER_ADDR_KEY = "PROVIDER_ADDRESS" const POD_ID_KEY = "POD_ID" -const TIMEOUT = 3 * time.Minute -const OUTPUT_SIGNATURE_PATH = "~/.apocryph/signatures/" +const NamespaceKey = "NAMESPACE_NAME" -const VerificationInfoAnnotationKey = "verification-info" +const OUTPUT_SIGNATURE_PATH = "~/.apocryph/signatures/" -const NamespaceKey = "NAMESPACE_NAME" diff --git a/pkg/kubernetes/namespaces.go b/pkg/kubernetes/namespaces.go index 1041fb8c..fd1b8a1e 100644 --- a/pkg/kubernetes/namespaces.go +++ b/pkg/kubernetes/namespaces.go @@ -24,6 +24,8 @@ const ( LabelIpfsP2P string = "coop.comrade/apocryph-p2p-helper" AnnotationsIpfsP2P string = "coop.comrade/apocryph-p2p-helper" SigstorePolicy string = "policy.sigstore.dev/include" + AnnotationVerificationInfo string = "coop.comrade/apocryph-verification-info" + LabelClusterImagePolicy string = "coop.comrade/apocryph-for-pod" ) var TrustedPodsNamespaceFilter = client.HasLabels{LabelTrustedPodsNamespace} diff --git a/pkg/kubernetes/pods.go b/pkg/kubernetes/pods.go index b96e3762..b87969f4 100644 --- a/pkg/kubernetes/pods.go +++ b/pkg/kubernetes/pods.go @@ -132,7 +132,13 @@ func ApplyPodRequest( if podManifest.VerificationSettings.GetForcePolicy() && container.Image.VerificationDetails != nil { policyName := fmt.Sprintf("policy-%v-%v", podId, cIdx) // NOTE: Will break for two-digit container ids (see note around podId) sigstorePolicy := &policy.ClusterImagePolicy{ - TypeMeta: metav1.TypeMeta{Kind: "ClusterImagePolicy"}, ObjectMeta: metav1.ObjectMeta{Name: policyName}, + TypeMeta: metav1.TypeMeta{Kind: "ClusterImagePolicy"}, + ObjectMeta: metav1.ObjectMeta{ + Name: policyName, + Labels: map[string]string{ + LabelClusterImagePolicy: podId, + }, + }, Spec: policy.ClusterImagePolicySpec{ Images: []policy.ImagePattern{{Glob: container.Image.Url}}, Authorities: []policy.Authority{{Keyless: &policy.KeylessRef{}}}, diff --git a/pkg/proto/autoscaler.pb.go b/pkg/proto/autoscaler.pb.go index a48379b0..ec6bc8b3 100644 --- a/pkg/proto/autoscaler.pb.go +++ b/pkg/proto/autoscaler.pb.go @@ -2,16 +2,16 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.12.4 +// protoc-gen-go v1.31.0 +// protoc v5.28.2 // source: autoscaler.proto package proto import ( - _ "github.com/golang/protobuf/ptypes/empty" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" + _ "google.golang.org/protobuf/types/known/emptypb" reflect "reflect" sync "sync" ) diff --git a/pkg/proto/deployment.pb.go b/pkg/proto/deployment.pb.go index 3dcb27aa..0c18f9d3 100644 --- a/pkg/proto/deployment.pb.go +++ b/pkg/proto/deployment.pb.go @@ -2,8 +2,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.12.4 +// protoc-gen-go v1.31.0 +// protoc v5.28.2 // source: deployment.proto package proto diff --git a/pkg/proto/pod.pb.go b/pkg/proto/pod.pb.go index 57bd87ee..eb24af7c 100644 --- a/pkg/proto/pod.pb.go +++ b/pkg/proto/pod.pb.go @@ -2,8 +2,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.12.4 +// protoc-gen-go v1.31.0 +// protoc v5.28.2 // source: pod.proto package proto diff --git a/pkg/proto/pricing.pb.go b/pkg/proto/pricing.pb.go index 5e8ab2a7..742fcbe7 100644 --- a/pkg/proto/pricing.pb.go +++ b/pkg/proto/pricing.pb.go @@ -2,8 +2,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.12.4 +// protoc-gen-go v1.31.0 +// protoc v5.28.2 // source: pricing.proto package proto diff --git a/pkg/proto/provision-pod.pb.go b/pkg/proto/provision-pod.pb.go index b5322b3e..088dfa0b 100644 --- a/pkg/proto/provision-pod.pb.go +++ b/pkg/proto/provision-pod.pb.go @@ -2,8 +2,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.12.4 +// protoc-gen-go v1.31.0 +// protoc v5.28.2 // source: provision-pod.proto package proto diff --git a/pkg/provider/server.go b/pkg/provider/server.go index d8b276a0..cb34ffbc 100644 --- a/pkg/provider/server.go +++ b/pkg/provider/server.go @@ -12,7 +12,6 @@ import ( "strings" "connectrpc.com/connect" - "github.com/comrade-coop/apocryph/pkg/constants" "github.com/comrade-coop/apocryph/pkg/ethereum" tpk8s "github.com/comrade-coop/apocryph/pkg/kubernetes" "github.com/comrade-coop/apocryph/pkg/loki" @@ -56,7 +55,7 @@ func (s *provisionPodServer) GetPodInfos(ctx context.Context, request *connect.R } var info strings.Builder if len(list.Items) > 0 { - info.WriteString(list.Items[0].Annotations[constants.VerificationInfoAnnotationKey]) + info.WriteString(list.Items[0].Annotations[tpk8s.AnnotationVerificationInfo]) } response := &pb.PodInfoResponse{Info: info.String()} return connect.NewResponse(response), nil diff --git a/pkg/publisher/images.go b/pkg/publisher/images.go index b1e7325d..4e83a0f4 100644 --- a/pkg/publisher/images.go +++ b/pkg/publisher/images.go @@ -5,6 +5,7 @@ import ( "fmt" "os" "strings" + "time" "github.com/comrade-coop/apocryph/pkg/constants" "github.com/comrade-coop/apocryph/pkg/proto" @@ -17,6 +18,8 @@ import ( "github.com/spf13/cobra" ) +const SignatureTimeout = 3 * time.Minute + func DefaultSignOptions() *options.SignOptions { cmd := &cobra.Command{} o := &options.SignOptions{} @@ -43,7 +46,7 @@ func SignPodImages(pod *proto.Pod, deployment *proto.Deployment, o *options.Sign } for _, image := range images { - ro := &options.RootOptions{Timeout: constants.TIMEOUT} + ro := &options.RootOptions{Timeout: SignatureTimeout} oidcClientSecret, err := o.OIDC.ClientSecret() if err != nil { diff --git a/pkg/publisher/upload.go b/pkg/publisher/upload.go index 0b92ba17..666ef2a5 100644 --- a/pkg/publisher/upload.go +++ b/pkg/publisher/upload.go @@ -141,9 +141,11 @@ func LinkUploadsFromDeployment(pod *pb.Pod, deployment *pb.Deployment) *pb.Pod { Cid: uploadedImage.Cid, Url: uploadedImage.SourceUrl, Key: uploadedImage.Key, - VerificationDetails: &pb.VerificationDetails{Signature: uploadedImage.VerificationDetails.Signature, + VerificationDetails: &pb.VerificationDetails{ + Signature: uploadedImage.VerificationDetails.Signature, Identity: uploadedImage.VerificationDetails.Identity, - Issuer: uploadedImage.VerificationDetails.Issuer}, + Issuer: uploadedImage.VerificationDetails.Issuer, + }, } } } From a49db434ff60f7cbe286a7c4e842f822e412a3c9 Mon Sep 17 00:00:00 2001 From: Bojidar Marinov Date: Mon, 7 Oct 2024 13:19:55 +0300 Subject: [PATCH 20/22] feat: cleanup old sigstore ClusterImagePolicy-ies when removing pod ...This might still run into some issues when removing and re-adding containers in a pod. --- pkg/provider/server.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pkg/provider/server.go b/pkg/provider/server.go index cb34ffbc..3fddba39 100644 --- a/pkg/provider/server.go +++ b/pkg/provider/server.go @@ -17,6 +17,7 @@ import ( "github.com/comrade-coop/apocryph/pkg/loki" pb "github.com/comrade-coop/apocryph/pkg/proto" pbcon "github.com/comrade-coop/apocryph/pkg/proto/protoconnect" + policy "github.com/sigstore/policy-controller/pkg/apis/policy/v1beta1" "github.com/containerd/containerd" "github.com/ipfs/kubo/client/rpc" "golang.org/x/exp/slices" @@ -78,6 +79,16 @@ func (s *provisionPodServer) DeletePod(ctx context.Context, request *connect.Req log.Printf("Could not delete namespace: %v\n", request) return nil, err } + + podId := strings.Split(namespace, "-")[1] + err = s.k8cl.DeleteAllOf(ctx, &policy.ClusterImagePolicy{}, cl.MatchingLabels{ + tpk8s.LabelClusterImagePolicy: podId, + }) + if err != nil { + log.Printf("Could not delete cluster image policies: %v\n", request) + return nil, err + } + response := &pb.DeletePodResponse{Success: true} return connect.NewResponse(response), nil } From cd739e56ccc6e4bb0a7ccec9131572172f612d40 Mon Sep 17 00:00:00 2001 From: Bojidar Marinov Date: Mon, 7 Oct 2024 13:21:10 +0300 Subject: [PATCH 21/22] chore!: run buf format, fix capitalization of proto fields --- proto/autoscaler.proto | 8 +++---- proto/deployment.proto | 6 ++--- proto/pod.proto | 20 ++++++++-------- proto/provision-pod.proto | 24 +++++++++---------- proto/registry.proto | 3 +-- .../manifests/manifest-attestation-hello.yaml | 2 +- .../manifests/manifest-attestation-nginx.yaml | 4 ++-- 7 files changed, 33 insertions(+), 34 deletions(-) diff --git a/proto/autoscaler.proto b/proto/autoscaler.proto index 362a21ec..46639859 100644 --- a/proto/autoscaler.proto +++ b/proto/autoscaler.proto @@ -3,17 +3,17 @@ syntax = "proto3"; package apocryph.proto.v0.autoscaler; -option go_package = "github.com/comrade-coop/apocryph/pkg/proto"; - import "google/protobuf/empty.proto"; +option go_package = "github.com/comrade-coop/apocryph/pkg/proto"; + service AutoscalerService { rpc ConnectCluster(ConnectClusterRequest) returns (ConnectClusterResponse); rpc TriggerNode(ConnectClusterRequest) returns (TriggerNodeResponse); } message ConnectClusterRequest { - // could get it from within the cluster maybe? + // could get it from within the cluster maybe? string nodeGateway = 1; repeated string servers = 2; uint32 timeout = 3; @@ -25,5 +25,5 @@ message ConnectClusterResponse { } message TriggerNodeResponse { - string peerID =1; + string peerID = 1; } diff --git a/proto/deployment.proto b/proto/deployment.proto index 76b5fd7c..beaece28 100644 --- a/proto/deployment.proto +++ b/proto/deployment.proto @@ -2,10 +2,11 @@ syntax = "proto3"; package apocryph.proto.v0.deployment; -option go_package = "github.com/comrade-coop/apocryph/pkg/proto"; -import "provision-pod.proto"; import "pod.proto"; +import "provision-pod.proto"; + +option go_package = "github.com/comrade-coop/apocryph/pkg/proto"; message Deployment { string podManifestFile = 1; @@ -15,7 +16,6 @@ message Deployment { repeated UploadedSecret secrets = 5; provisionPod.ProvisionPodResponse deployed = 6; pod.KeyPair keyPair = 7; - } message ProviderConfig { diff --git a/proto/pod.proto b/proto/pod.proto index 79303b33..69bbc23f 100644 --- a/proto/pod.proto +++ b/proto/pod.proto @@ -23,7 +23,7 @@ message Container { map env = 7; repeated VolumeMount volumes = 8; repeated Resource resourceRequests = 9; // "cpu", "memory", custom - + message Port { string name = 1; uint64 containerPort = 2; @@ -51,9 +51,9 @@ message Image { } message VerificationDetails { - string signature = 1; - string identity = 2; - string issuer = 3; + string signature = 1; + string identity = 2; + string issuer = 3; } message Volume { @@ -105,11 +105,11 @@ message Key { } message KeyPair { - string privateKey= 2; - string pubAddress = 3; + string privateKey = 2; + string pubAddress = 3; } -message VerificationSettings{ - bool ForcePolicy = 1; - bool PublicVerifiability = 2; - string VerificationHost = 3; +message VerificationSettings { + bool forcePolicy = 1; + bool publicVerifiability = 2; + string verificationHost = 3; } diff --git a/proto/provision-pod.proto b/proto/provision-pod.proto index 9ac38b32..c617caeb 100644 --- a/proto/provision-pod.proto +++ b/proto/provision-pod.proto @@ -3,9 +3,10 @@ syntax = "proto3"; package apocryph.proto.v0.provisionPod; -option go_package = "github.com/comrade-coop/apocryph/pkg/proto"; import "pod.proto"; +option go_package = "github.com/comrade-coop/apocryph/pkg/proto"; + service ProvisionPodService { rpc ProvisionPod(ProvisionPodRequest) returns (ProvisionPodResponse); rpc UpdatePod(UpdatePodRequest) returns (ProvisionPodResponse); @@ -19,12 +20,11 @@ message ProvisionPodRequest { PaymentChannel payment = 3; } -message DeletePodRequest { -} +message DeletePodRequest {} message DeletePodResponse { - bool success = 1; - string error = 2; + bool success = 1; + string error = 2; } message UpdatePodRequest { @@ -56,23 +56,23 @@ message ProvisionPodResponse { } } -message PodLogRequest{ +message PodLogRequest { string ContainerName = 1; } -message PodLogResponse{ - LogEntry logEntry = 1; +message PodLogResponse { + LogEntry logEntry = 1; } -message LogEntry{ +message LogEntry { uint64 NanosecondsUnixEpoch = 1; - string line= 2; + string line = 2; } -message PodInfoRequest{ +message PodInfoRequest { string namespace = 1; } -message PodInfoResponse{ +message PodInfoResponse { string info = 1; } diff --git a/proto/registry.proto b/proto/registry.proto index cf2ba55f..3c2b507d 100644 --- a/proto/registry.proto +++ b/proto/registry.proto @@ -8,11 +8,10 @@ option go_package = "github.com/comrade-coop/apocryph/pkg/proto"; message HostInfo { repeated string multiaddrs = 1; repeated Region regions = 2; - + message Region { string name = 1; string zone = 2; uint32 num = 3; } } - diff --git a/test/e2e/common/manifests/manifest-attestation-hello.yaml b/test/e2e/common/manifests/manifest-attestation-hello.yaml index cc6f7074..f14a0f26 100644 --- a/test/e2e/common/manifests/manifest-attestation-hello.yaml +++ b/test/e2e/common/manifests/manifest-attestation-hello.yaml @@ -11,4 +11,4 @@ replicas: min: 1 max: 1 verificationSettings: - ImageVerification: true + imageVerification: true diff --git a/test/e2e/common/manifests/manifest-attestation-nginx.yaml b/test/e2e/common/manifests/manifest-attestation-nginx.yaml index 33d44a87..174d458a 100644 --- a/test/e2e/common/manifests/manifest-attestation-nginx.yaml +++ b/test/e2e/common/manifests/manifest-attestation-nginx.yaml @@ -15,5 +15,5 @@ replicas: min: 1 max: 1 verificationSettings: - ForcePolicy: true - PublicVerifiability: true + forcePolicy: true + publicVerifiability: true From 2c719ea1bf7e5abff1e9b8702235a61393a478aa Mon Sep 17 00:00:00 2001 From: Bojidar Marinov Date: Mon, 7 Oct 2024 13:27:31 +0300 Subject: [PATCH 22/22] fixup: oops, fix potential crash --- pkg/kubernetes/pods.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/kubernetes/pods.go b/pkg/kubernetes/pods.go index b87969f4..4ecd6c80 100644 --- a/pkg/kubernetes/pods.go +++ b/pkg/kubernetes/pods.go @@ -295,7 +295,7 @@ func ApplyPodRequest( if podManifest.VerificationSettings.GetPublicVerifiability() == true { verificationHost := podManifest.VerificationSettings.GetVerificationHost() - if verificationHost == "" { + if verificationHost == "" && len(httpSO.Spec.Hosts) > 0 { httpHost := httpSO.Spec.Hosts[0] lastDotIndex := strings.LastIndex(httpHost, ".") if lastDotIndex == -1 {