diff --git a/.gitattributes b/.gitattributes index 3c4605c943bdb..6ef435cfe5d18 100644 --- a/.gitattributes +++ b/.gitattributes @@ -5,9 +5,14 @@ docs/operator-manual/resource_actions_builtin.md linguist-generated=true docs/operator-manual/server-commands/argocd-*.md linguist-generated=true docs/user-guide/commands/argocd_*.md linguist-generated=true manifests/core-install.yaml linguist-generated=true +manifests/core-install-with-hydrator.yaml linguist-generated=true manifests/crds/*-crd.yaml linguist-generated=true manifests/ha/install.yaml linguist-generated=true +manifests/ha/install-with-hydrator.yaml linguist-generated=true manifests/ha/namespace-install.yaml linguist-generated=true +manifests/ha/namespace-install-with-hydrator.yaml linguist-generated=true manifests/install.yaml linguist-generated=true +manifests/install-with-hydrator.yaml linguist-generated=true manifests/namespace-install.yaml linguist-generated=true +manifests/namespace-install-with-hydrator.yaml linguist-generated=true pkg/apis/api-rules/violation_exceptions.list linguist-generated=true diff --git a/.golangci.yaml b/.golangci.yaml index 371d6eb41c2f8..b36b5a98800ae 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -20,6 +20,8 @@ linters: - importas - ineffassign - misspell + # Disabled because of https://github.com/argoproj/argo-cd/issues/21705 + # - nolintlint - perfsprint - revive - staticcheck @@ -28,18 +30,14 @@ linters: - unparam - unused - usestdlibvars - - whitespace + - whitespace linters-settings: gocritic: disabled-checks: - appendAssign - - assignOp # Keep it disabled for readability - - badCond - - commentFormatting + - assignOp # Keep it disabled for readability - exitAfterDefer - - ifElseChain - mapKey - - singleCaseSwitch - typeSwitchVar goimports: local-prefixes: github.com/argoproj/argo-cd/v3 @@ -52,13 +50,13 @@ linters-settings: - github.com/imdario/mergo: recommendations: - dario.cat/mergo - reason: "`github.com/imdario/mergo` has been renamed." + reason: '`github.com/imdario/mergo` has been renamed.' - github.com/pkg/errors: recommendations: - errors importas: alias: - - alias: jwtgo + - alias: jwtgo pkg: github.com/golang-jwt/jwt/v5 - alias: appsv1 pkg: k8s.io/api/apps/v1 @@ -66,14 +64,16 @@ linters-settings: pkg: k8s.io/api/core/v1 - alias: rbacv1 pkg: k8s.io/api/rbac/v1 - - alias: apierrors + - alias: apierrors pkg: k8s.io/apimachinery/pkg/api/errors - - alias: metav1 + - alias: metav1 pkg: k8s.io/apimachinery/pkg/apis/meta/v1 - alias: informersv1 pkg: k8s.io/client-go/informers/core/v1 - alias: stderrors pkg: errors + nolintlint: + require-specific: true perfsprint: # Optimizes even if it requires an int or uint type cast. int-conversion: true @@ -86,92 +86,57 @@ linters-settings: # Optimizes into strings concatenation. strconcat: true revive: + # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md rules: - # Blank import should be only in a main or test package, or have a comment justifying it. + - name: bool-literal-in-expr - name: blank-imports disabled: true - # context.Context() should be the first parameter of a function when provided as argument. - name: context-as-argument - disabled: false arguments: - # Allow functions with test or bench signatures. - - allowTypesBefore: "*testing.T,testing.TB" - # Basic types should not be used as a key in `context.WithValue` + - allowTypesBefore: '*testing.T,testing.TB' - name: context-keys-type disabled: true - # Importing with `.` makes the programs much harder to understand - name: dot-imports disabled: true - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#duplicated-imports - name: duplicated-imports - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#early-return - name: early-return - disabled: false arguments: - - "preserveScope" - # Empty blocks make code less readable and could be a symptom of a bug or unfinished refactoring. + - 'preserveScope' - name: empty-block disabled: true - # for better readability, variables of type `error` must be named with the prefix `err`. - name: error-naming disabled: true - # for better readability, the errors should be last in the list of returned values by a function. - name: error-return - disabled: false - # for better readability, error messages should not be capitalized or end with punctuation or a newline. - name: error-strings disabled: true - # report when replacing `errors.New(fmt.Sprintf())` with `fmt.Errorf()` is possible - name: errorf - disabled: false - # incrementing an integer variable by 1 is recommended to be done using the `++` operator + - name: identical-branches + - name: if-return - name: increment-decrement - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#indent-error-flow - name: indent-error-flow - disabled: false arguments: - - "preserveScope" - # This rule suggests a shorter way of writing ranges that do not use the second value. + - 'preserveScope' + - name: modifies-parameter + - name: optimize-operands-order - name: range - disabled: false - # receiver names in a method should reflect the struct name (p for Person, for example) - name: receiver-naming - disabled: false - # redefining built in names (true, false, append, make) can lead to bugs very difficult to detect. - name: redefines-builtin-id disabled: true - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#redundant-import-alias - name: redundant-import-alias - disabled: false - # redundant else-blocks that can be eliminated from the code. - name: superfluous-else - disabled: false arguments: - - "preserveScope" - # prevent confusing name for variables when using `time` package + - 'preserveScope' + - name: time-equal - name: time-naming disabled: true - # warns when an exported function or method returns a value of an un-exported type. - name: unexported-return disabled: true - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#unnecessary-stmt - name: unnecessary-stmt - disabled: false - # spots and proposes to remove unreachable code. also helps to spot errors - name: unreachable-code - disabled: false - # Functions or methods with unused parameters can be a symptom of an unfinished refactoring or a bug. - name: unused-parameter - disabled: false - # Since Go 1.18, interface{} has an alias: any. This rule proposes to replace instances of interface{} with any. - name: use-any - disabled: false - # report when a variable declaration can be simplified + - name: useless-break - name: var-declaration - disabled: false - # warns when initialism, variable or package naming conventions are not followed. - name: var-naming disabled: true testifylint: diff --git a/.goreleaser.yaml b/.goreleaser.yaml index c635e676c58c7..b614f6542f7cf 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -79,6 +79,8 @@ release: All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify. + ## Release Notes Blog Post + For a detailed breakdown of the key changes and improvements in this release, check out the [official blog post](https://blog.argoproj.io/argo-cd-v2-14-release-candidate-57a664791e2a) ## Upgrading diff --git a/.mockery.yaml b/.mockery.yaml index 848de8c80d931..7bb81a856dc71 100644 --- a/.mockery.yaml +++ b/.mockery.yaml @@ -66,6 +66,9 @@ packages: github.com/argoproj/argo-cd/v3/util/notification/argocd: interfaces: Service: + github.com/argoproj/argo-cd/v3/util/workloadidentity: + interfaces: + TokenProvider: # These mocks are not currently used, but they are part of the public API of this package. github.com/argoproj/argo-cd/v3/pkg/apiclient/session: interfaces: @@ -73,4 +76,4 @@ packages: SessionServiceClient: github.com/argoproj/argo-cd/v3/pkg/apiclient/cluster: interfaces: - ClusterServiceServer: + ClusterServiceServer: \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 45c1deb4d8c9b..da9e4e3dd5226 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 +ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab #################################################################################################### # Builder image # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image diff --git a/Makefile b/Makefile index f5f5ac67842e0..8dec6f04a4143 100644 --- a/Makefile +++ b/Makefile @@ -355,11 +355,6 @@ mod-vendor: test-tools-image mod-vendor-local: mod-download-local go mod vendor -# Deprecated - replace by install-tools-local -.PHONY: install-lint-tools -install-lint-tools: - ./hack/install.sh lint-tools - # Run linter on the code .PHONY: lint lint: test-tools-image @@ -435,7 +430,7 @@ test-e2e: test-e2e-local: cli-local # NO_PROXY ensures all tests don't go out through a proxy if one is configured on the test system export GO111MODULE=off - DIST_DIR=${DIST_DIR} RERUN_FAILS=5 PACKAGES="./test/e2e" ARGOCD_E2E_RECORD=${ARGOCD_E2E_RECORD} ARGOCD_GPG_ENABLED=true NO_PROXY=* ./hack/test.sh -timeout $(ARGOCD_E2E_TEST_TIMEOUT) -v -args -test.gocoverdir="$(PWD)/test-results" + DIST_DIR=${DIST_DIR} RERUN_FAILS=5 PACKAGES="./test/e2e" ARGOCD_E2E_RECORD=${ARGOCD_E2E_RECORD} ARGOCD_CONFIG_DIR=$(HOME)/.config/argocd-e2e ARGOCD_GPG_ENABLED=true NO_PROXY=* ./hack/test.sh -timeout $(ARGOCD_E2E_TEST_TIMEOUT) -v -args -test.gocoverdir="$(PWD)/test-results" # Spawns a shell in the test server container for debugging purposes debug-test-server: test-tools-image @@ -599,6 +594,7 @@ install-codegen-tools-local: .PHONY: install-go-tools-local install-go-tools-local: ./hack/install.sh codegen-go-tools + ./hack/install.sh lint-tools .PHONY: dep-ui dep-ui: test-tools-image @@ -679,7 +675,6 @@ help: @echo 'debug:' @echo ' list -- list all make targets' @echo ' install-tools-local -- install all the tools below' - @echo ' install-lint-tools(-local)' @echo @echo 'codegen:' @echo ' codegen(-local) -- if using -local, run the following targets first' diff --git a/USERS.md b/USERS.md index ecc6ee6736826..952718742e2da 100644 --- a/USERS.md +++ b/USERS.md @@ -192,10 +192,10 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Lian Chu Securities](https://lczq.com) 1. [Liatrio](https://www.liatrio.com) 1. [Lightricks](https://www.lightricks.com/) -1. [LINE](https://linecorp.com/en/) 1. [Loom](https://www.loom.com/) 1. [Lucid Motors](https://www.lucidmotors.com/) 1. [Lytt](https://www.lytt.co/) +1. [LY Corporation](https://www.lycorp.co.jp/en/) 1. [Magic Leap](https://www.magicleap.com/) 1. [Majid Al Futtaim](https://www.majidalfuttaim.com/) 1. [Major League Baseball](https://mlb.com) diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go index 549b8eccf5391..7498d6bbfcc7c 100644 --- a/applicationset/controllers/applicationset_controller.go +++ b/applicationset/controllers/applicationset_controller.go @@ -524,38 +524,9 @@ func (r *ApplicationSetReconciler) getMinRequeueAfter(applicationSetInfo *argov1 } func ignoreNotAllowedNamespaces(namespaces []string) predicate.Predicate { - return predicate.Funcs{ - CreateFunc: func(e event.CreateEvent) bool { - return utils.IsNamespaceAllowed(namespaces, e.Object.GetNamespace()) - }, - } -} - -// ignoreWhenAnnotationApplicationSetRefreshIsRemoved returns a predicate that ignores updates to ApplicationSet resources -// when the ApplicationSetRefresh annotation is removed -// First reconciliation is triggered when the annotation is added by [webhook.go#refreshApplicationSet] -// Using this predicate we avoid a second reconciliation triggered by the controller himself when the annotation is removed. -func ignoreWhenAnnotationApplicationSetRefreshIsRemoved() predicate.Predicate { - return predicate.Funcs{ - UpdateFunc: func(e event.UpdateEvent) bool { - oldAppset, isAppSet := e.ObjectOld.(*argov1alpha1.ApplicationSet) - if !isAppSet { - return false - } - newAppset, isAppSet := e.ObjectNew.(*argov1alpha1.ApplicationSet) - if !isAppSet { - return false - } - - _, oldHasRefreshAnnotation := oldAppset.Annotations[common.AnnotationApplicationSetRefresh] - _, newHasRefreshAnnotation := newAppset.Annotations[common.AnnotationApplicationSetRefresh] - - if oldHasRefreshAnnotation && !newHasRefreshAnnotation { - return false - } - return true - }, - } + return predicate.NewPredicateFuncs(func(object client.Object) bool { + return utils.IsNamespaceAllowed(namespaces, object.GetNamespace()) + }) } func appControllerIndexer(rawObj client.Object) []string { @@ -579,12 +550,13 @@ func (r *ApplicationSetReconciler) SetupWithManager(mgr ctrl.Manager, enableProg return fmt.Errorf("error setting up with manager: %w", err) } - ownsHandler := getOwnsHandlerPredicates(enableProgressiveSyncs) + appOwnsHandler := getApplicationOwnsHandler(enableProgressiveSyncs) + appSetOwnsHandler := getApplicationSetOwnsHandler() return ctrl.NewControllerManagedBy(mgr).WithOptions(controller.Options{ MaxConcurrentReconciles: maxConcurrentReconciliations, - }).For(&argov1alpha1.ApplicationSet{}, builder.WithPredicates(ignoreWhenAnnotationApplicationSetRefreshIsRemoved())). - Owns(&argov1alpha1.Application{}, builder.WithPredicates(ownsHandler)). + }).For(&argov1alpha1.ApplicationSet{}, builder.WithPredicates(appSetOwnsHandler)). + Owns(&argov1alpha1.Application{}, builder.WithPredicates(appOwnsHandler)). WithEventFilter(ignoreNotAllowedNamespaces(r.ApplicationSetNamespaces)). Watches( &corev1.Secret{}, @@ -592,7 +564,6 @@ func (r *ApplicationSetReconciler) SetupWithManager(mgr ctrl.Manager, enableProg Client: mgr.GetClient(), Log: log.WithField("type", "createSecretEventHandler"), }). - // TODO: also watch Applications and respond on changes if we own them. Complete(r) } @@ -1486,7 +1457,7 @@ func syncApplication(application argov1alpha1.Application, prune bool) argov1alp return application } -func getOwnsHandlerPredicates(enableProgressiveSyncs bool) predicate.Funcs { +func getApplicationOwnsHandler(enableProgressiveSyncs bool) predicate.Funcs { return predicate.Funcs{ CreateFunc: func(e event.CreateEvent) bool { // if we are the owner and there is a create event, we most likely created it and do not need to @@ -1523,8 +1494,8 @@ func getOwnsHandlerPredicates(enableProgressiveSyncs bool) predicate.Funcs { if !isApp { return false } - requeue := shouldRequeueApplicationSet(appOld, appNew, enableProgressiveSyncs) - logCtx.WithField("requeue", requeue).Debugf("requeue: %t caused by application %s", requeue, appNew.Name) + requeue := shouldRequeueForApplication(appOld, appNew, enableProgressiveSyncs) + logCtx.WithField("requeue", requeue).Debugf("requeue caused by application %s", appNew.Name) return requeue }, GenericFunc: func(e event.GenericEvent) bool { @@ -1541,13 +1512,13 @@ func getOwnsHandlerPredicates(enableProgressiveSyncs bool) predicate.Funcs { } } -// shouldRequeueApplicationSet determines when we want to requeue an ApplicationSet for reconciling based on an owned +// shouldRequeueForApplication determines when we want to requeue an ApplicationSet for reconciling based on an owned // application change // The applicationset controller owns a subset of the Application CR. // We do not need to re-reconcile if parts of the application change outside the applicationset's control. // An example being, Application.ApplicationStatus.ReconciledAt which gets updated by the application controller. // Additionally, Application.ObjectMeta.ResourceVersion and Application.ObjectMeta.Generation which are set by K8s. -func shouldRequeueApplicationSet(appOld *argov1alpha1.Application, appNew *argov1alpha1.Application, enableProgressiveSyncs bool) bool { +func shouldRequeueForApplication(appOld *argov1alpha1.Application, appNew *argov1alpha1.Application, enableProgressiveSyncs bool) bool { if appOld == nil || appNew == nil { return false } @@ -1580,4 +1551,81 @@ func shouldRequeueApplicationSet(appOld *argov1alpha1.Application, appNew *argov return false } +func getApplicationSetOwnsHandler() predicate.Funcs { + return predicate.Funcs{ + CreateFunc: func(e event.CreateEvent) bool { + appSet, isApp := e.Object.(*argov1alpha1.ApplicationSet) + if !isApp { + return false + } + log.WithField("applicationset", appSet.QualifiedName()).Debugln("received create event") + // Always queue a new applicationset + return true + }, + DeleteFunc: func(e event.DeleteEvent) bool { + appSet, isApp := e.Object.(*argov1alpha1.ApplicationSet) + if !isApp { + return false + } + log.WithField("applicationset", appSet.QualifiedName()).Debugln("received delete event") + // Always queue for the deletion of an applicationset + return true + }, + UpdateFunc: func(e event.UpdateEvent) bool { + appSetOld, isAppSet := e.ObjectOld.(*argov1alpha1.ApplicationSet) + if !isAppSet { + return false + } + appSetNew, isAppSet := e.ObjectNew.(*argov1alpha1.ApplicationSet) + if !isAppSet { + return false + } + requeue := shouldRequeueForApplicationSet(appSetOld, appSetNew) + log.WithField("applicationset", appSetNew.QualifiedName()). + WithField("requeue", requeue).Debugln("received update event") + return requeue + }, + GenericFunc: func(e event.GenericEvent) bool { + appSet, isApp := e.Object.(*argov1alpha1.ApplicationSet) + if !isApp { + return false + } + log.WithField("applicationset", appSet.QualifiedName()).Debugln("received generic event") + // Always queue for the generic of an applicationset + return true + }, + } +} + +// shouldRequeueForApplicationSet determines when we need to requeue an applicationset +func shouldRequeueForApplicationSet(appSetOld, appSetNew *argov1alpha1.ApplicationSet) bool { + if appSetOld == nil || appSetNew == nil { + return false + } + // only compare the applicationset spec, annotations, labels and finalizers, specifically avoiding + // the status field. status is owned by the applicationset controller, + // and we do not need to requeue when it does bookkeeping + // NB: the ApplicationDestination comes from the ApplicationSpec being embedded + // in the ApplicationSetTemplate from the generators + if !cmp.Equal(appSetOld.Spec, appSetNew.Spec, cmpopts.EquateEmpty(), cmpopts.EquateComparable(argov1alpha1.ApplicationDestination{})) || + !cmp.Equal(appSetOld.ObjectMeta.GetLabels(), appSetNew.ObjectMeta.GetLabels(), cmpopts.EquateEmpty()) || + !cmp.Equal(appSetOld.ObjectMeta.GetFinalizers(), appSetNew.ObjectMeta.GetFinalizers(), cmpopts.EquateEmpty()) { + return true + } + + // Requeue only when the refresh annotation is newly added to the ApplicationSet. + // Changes to other annotations made simultaneously might be missed, but such cases are rare. + if !cmp.Equal(appSetOld.ObjectMeta.GetAnnotations(), appSetNew.ObjectMeta.GetAnnotations(), cmpopts.EquateEmpty()) { + _, oldHasRefreshAnnotation := appSetOld.Annotations[common.AnnotationApplicationSetRefresh] + _, newHasRefreshAnnotation := appSetNew.Annotations[common.AnnotationApplicationSetRefresh] + + if oldHasRefreshAnnotation && !newHasRefreshAnnotation { + return false + } + return true + } + + return false +} + var _ handler.EventHandler = &clusterSecretEventHandler{} diff --git a/applicationset/controllers/applicationset_controller_test.go b/applicationset/controllers/applicationset_controller_test.go index d7d2c1a67363d..e79672c7a1c9f 100644 --- a/applicationset/controllers/applicationset_controller_test.go +++ b/applicationset/controllers/applicationset_controller_test.go @@ -41,6 +41,39 @@ import ( "github.com/argoproj/argo-cd/v3/util/settings" ) +// getDefaultTestClientSet creates a Clientset with the default argo objects +// and objects specified in parameters +func getDefaultTestClientSet(obj ...runtime.Object) *kubefake.Clientset { + argoCDSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: argocommon.ArgoCDSecretName, + Namespace: "argocd", + Labels: map[string]string{ + "app.kubernetes.io/part-of": "argocd", + }, + }, + Data: map[string][]byte{ + "admin.password": nil, + "server.secretkey": nil, + }, + } + + emptyArgoCDConfigMap := &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: argocommon.ArgoCDConfigMapName, + Namespace: "argocd", + Labels: map[string]string{ + "app.kubernetes.io/part-of": "argocd", + }, + }, + Data: map[string]string{}, + } + + objects := append(obj, emptyArgoCDConfigMap, argoCDSecret) + kubeclientset := kubefake.NewClientset(objects...) + return kubeclientset +} + func TestCreateOrUpdateInCluster(t *testing.T) { scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) @@ -1317,8 +1350,7 @@ func TestRemoveFinalizerOnInvalidDestination_DestinationTypes(t *testing.T) { }, } - objects := append([]runtime.Object{}, secret) - kubeclientset := kubefake.NewSimpleClientset(objects...) + kubeclientset := getDefaultTestClientSet(secret) metrics := appsetmetrics.NewFakeAppsetMetrics() argodb := db.NewDB("argocd", settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd"), kubeclientset) @@ -2054,8 +2086,7 @@ func TestValidateGeneratedApplications(t *testing.T) { }, } - objects := append([]runtime.Object{}, secret) - kubeclientset := kubefake.NewSimpleClientset(objects...) + kubeclientset := getDefaultTestClientSet(secret) argodb := db.NewDB("argocd", settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd"), kubeclientset) @@ -2117,7 +2148,7 @@ func TestReconcilerValidationProjectErrorBehaviour(t *testing.T) { }, } - kubeclientset := kubefake.NewSimpleClientset() + kubeclientset := getDefaultTestClientSet() client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet, &project).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() metrics := appsetmetrics.NewFakeAppsetMetrics() @@ -2404,8 +2435,7 @@ func applicationsUpdateSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp }, } - objects := append([]runtime.Object{}, secret) - kubeclientset := kubefake.NewSimpleClientset(objects...) + kubeclientset := getDefaultTestClientSet(secret) client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet, &defaultProject).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() metrics := appsetmetrics.NewFakeAppsetMetrics() @@ -2580,8 +2610,7 @@ func applicationsDeleteSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp }, } - objects := append([]runtime.Object{}, secret) - kubeclientset := kubefake.NewSimpleClientset(objects...) + kubeclientset := getDefaultTestClientSet(secret) client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet, &defaultProject).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() metrics := appsetmetrics.NewFakeAppsetMetrics() @@ -2700,7 +2729,7 @@ func TestPolicies(t *testing.T) { Spec: v1alpha1.AppProjectSpec{SourceRepos: []string{"*"}, Destinations: []v1alpha1.ApplicationDestination{{Namespace: "*", Server: "https://kubernetes.default.svc"}}}, } - kubeclientset := kubefake.NewSimpleClientset() + kubeclientset := getDefaultTestClientSet() for _, c := range []struct { name string @@ -6390,13 +6419,13 @@ func TestResourceStatusAreOrdered(t *testing.T) { } } -func TestOwnsHandler(t *testing.T) { +func TestApplicationOwnsHandler(t *testing.T) { // progressive syncs do not affect create, delete, or generic - ownsHandler := getOwnsHandlerPredicates(true) + ownsHandler := getApplicationOwnsHandler(true) assert.False(t, ownsHandler.CreateFunc(event.CreateEvent{})) assert.True(t, ownsHandler.DeleteFunc(event.DeleteEvent{})) assert.True(t, ownsHandler.GenericFunc(event.GenericEvent{})) - ownsHandler = getOwnsHandlerPredicates(false) + ownsHandler = getApplicationOwnsHandler(false) assert.False(t, ownsHandler.CreateFunc(event.CreateEvent{})) assert.True(t, ownsHandler.DeleteFunc(event.DeleteEvent{})) assert.True(t, ownsHandler.GenericFunc(event.GenericEvent{})) @@ -6576,7 +6605,7 @@ func TestOwnsHandler(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - ownsHandler = getOwnsHandlerPredicates(tt.args.enableProgressiveSyncs) + ownsHandler = getApplicationOwnsHandler(tt.args.enableProgressiveSyncs) assert.Equalf(t, tt.want, ownsHandler.UpdateFunc(tt.args.e), "UpdateFunc(%v)", tt.args.e) }) } @@ -6653,7 +6682,9 @@ func TestMigrateStatus(t *testing.T) { } } -func TestIgnoreWhenAnnotationApplicationSetRefreshIsRemoved(t *testing.T) { +func TestApplicationSetOwnsHandlerUpdate(t *testing.T) { + ownsHandler := getApplicationSetOwnsHandler() + buildAppSet := func(annotations map[string]string) *v1alpha1.ApplicationSet { return &v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -6663,67 +6694,327 @@ func TestIgnoreWhenAnnotationApplicationSetRefreshIsRemoved(t *testing.T) { } tests := []struct { - name string - oldAppSet crtclient.Object - newAppSet crtclient.Object - reconcileExpected bool + name string + appSetOld crtclient.Object + appSetNew crtclient.Object + want bool }{ + { + name: "Different Spec", + appSetOld: &v1alpha1.ApplicationSet{ + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + {List: &v1alpha1.ListGenerator{}}, + }, + }, + }, + appSetNew: &v1alpha1.ApplicationSet{ + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + {Git: &v1alpha1.GitGenerator{}}, + }, + }, + }, + want: true, + }, + { + name: "Different Annotations", + appSetOld: buildAppSet(map[string]string{"key1": "value1"}), + appSetNew: buildAppSet(map[string]string{"key1": "value2"}), + want: true, + }, + { + name: "Different Labels", + appSetOld: &v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{"key1": "value1"}, + }, + }, + appSetNew: &v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{"key1": "value2"}, + }, + }, + want: true, + }, + { + name: "Different Finalizers", + appSetOld: &v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Finalizers: []string{"finalizer1"}, + }, + }, + appSetNew: &v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Finalizers: []string{"finalizer2"}, + }, + }, + want: true, + }, + { + name: "No Changes", + appSetOld: &v1alpha1.ApplicationSet{ + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + {List: &v1alpha1.ListGenerator{}}, + }, + }, + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{"key1": "value1"}, + Labels: map[string]string{"key1": "value1"}, + Finalizers: []string{"finalizer1"}, + }, + }, + appSetNew: &v1alpha1.ApplicationSet{ + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{ + {List: &v1alpha1.ListGenerator{}}, + }, + }, + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{"key1": "value1"}, + Labels: map[string]string{"key1": "value1"}, + Finalizers: []string{"finalizer1"}, + }, + }, + want: false, + }, { name: "annotation removed", - oldAppSet: buildAppSet(map[string]string{ + appSetOld: buildAppSet(map[string]string{ argocommon.AnnotationApplicationSetRefresh: "true", }), - newAppSet: buildAppSet(map[string]string{}), - reconcileExpected: false, + appSetNew: buildAppSet(map[string]string{}), + want: false, }, { name: "annotation not removed", - oldAppSet: buildAppSet(map[string]string{ + appSetOld: buildAppSet(map[string]string{ argocommon.AnnotationApplicationSetRefresh: "true", }), - newAppSet: buildAppSet(map[string]string{ + appSetNew: buildAppSet(map[string]string{ argocommon.AnnotationApplicationSetRefresh: "true", }), - reconcileExpected: true, - }, - { - name: "annotation never existed", - oldAppSet: buildAppSet(map[string]string{}), - newAppSet: buildAppSet(map[string]string{}), - reconcileExpected: true, + want: false, }, { name: "annotation added", - oldAppSet: buildAppSet(map[string]string{}), - newAppSet: buildAppSet(map[string]string{ + appSetOld: buildAppSet(map[string]string{}), + appSetNew: buildAppSet(map[string]string{ argocommon.AnnotationApplicationSetRefresh: "true", }), - reconcileExpected: true, + want: true, }, { - name: "old object is not an appset", - oldAppSet: &v1alpha1.Application{}, - newAppSet: buildAppSet(map[string]string{}), - reconcileExpected: false, + name: "old object is not an appset", + appSetOld: &v1alpha1.Application{}, + appSetNew: buildAppSet(map[string]string{}), + want: false, }, { - name: "new object is not an appset", - oldAppSet: buildAppSet(map[string]string{}), - newAppSet: &v1alpha1.Application{}, - reconcileExpected: false, + name: "new object is not an appset", + appSetOld: buildAppSet(map[string]string{}), + appSetNew: &v1alpha1.Application{}, + want: false, }, } - predicate := ignoreWhenAnnotationApplicationSetRefreshIsRemoved() + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + requeue := ownsHandler.UpdateFunc(event.UpdateEvent{ + ObjectOld: tt.appSetOld, + ObjectNew: tt.appSetNew, + }) + assert.Equalf(t, tt.want, requeue, "ownsHandler.UpdateFunc(%v, %v)", tt.appSetOld, tt.appSetNew) + }) + } +} + +func TestApplicationSetOwnsHandlerGeneric(t *testing.T) { + ownsHandler := getApplicationSetOwnsHandler() + tests := []struct { + name string + obj crtclient.Object + want bool + }{ + { + name: "Object is ApplicationSet", + obj: &v1alpha1.ApplicationSet{}, + want: true, + }, + { + name: "Object is not ApplicationSet", + obj: &v1alpha1.Application{}, + want: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + requeue := ownsHandler.GenericFunc(event.GenericEvent{ + Object: tt.obj, + }) + assert.Equalf(t, tt.want, requeue, "ownsHandler.GenericFunc(%v)", tt.obj) + }) + } +} + +func TestApplicationSetOwnsHandlerCreate(t *testing.T) { + ownsHandler := getApplicationSetOwnsHandler() + tests := []struct { + name string + obj crtclient.Object + want bool + }{ + { + name: "Object is ApplicationSet", + obj: &v1alpha1.ApplicationSet{}, + want: true, + }, + { + name: "Object is not ApplicationSet", + obj: &v1alpha1.Application{}, + want: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + requeue := ownsHandler.CreateFunc(event.CreateEvent{ + Object: tt.obj, + }) + assert.Equalf(t, tt.want, requeue, "ownsHandler.CreateFunc(%v)", tt.obj) + }) + } +} + +func TestApplicationSetOwnsHandlerDelete(t *testing.T) { + ownsHandler := getApplicationSetOwnsHandler() + tests := []struct { + name string + obj crtclient.Object + want bool + }{ + { + name: "Object is ApplicationSet", + obj: &v1alpha1.ApplicationSet{}, + want: true, + }, + { + name: "Object is not ApplicationSet", + obj: &v1alpha1.Application{}, + want: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + requeue := ownsHandler.DeleteFunc(event.DeleteEvent{ + Object: tt.obj, + }) + assert.Equalf(t, tt.want, requeue, "ownsHandler.DeleteFunc(%v)", tt.obj) + }) + } +} + +func TestShouldRequeueForApplicationSet(t *testing.T) { + type args struct { + appSetOld *v1alpha1.ApplicationSet + appSetNew *v1alpha1.ApplicationSet + } + tests := []struct { + name string + args args + want bool + }{ + {name: "NilAppSet", args: args{appSetNew: &v1alpha1.ApplicationSet{}, appSetOld: nil}, want: false}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + assert.Equalf(t, tt.want, shouldRequeueForApplicationSet(tt.args.appSetOld, tt.args.appSetNew), "shouldRequeueForApplicationSet(%v, %v)", tt.args.appSetOld, tt.args.appSetNew) + }) + } +} + +func TestIgnoreNotAllowedNamespaces(t *testing.T) { + tests := []struct { + name string + namespaces []string + objectNS string + expected bool + }{ + { + name: "Namespace allowed", + namespaces: []string{"allowed-namespace"}, + objectNS: "allowed-namespace", + expected: true, + }, + { + name: "Namespace not allowed", + namespaces: []string{"allowed-namespace"}, + objectNS: "not-allowed-namespace", + expected: false, + }, + { + name: "Empty allowed namespaces", + namespaces: []string{}, + objectNS: "any-namespace", + expected: false, + }, + { + name: "Multiple allowed namespaces", + namespaces: []string{"allowed-namespace-1", "allowed-namespace-2"}, + objectNS: "allowed-namespace-2", + expected: true, + }, + { + name: "Namespace not in multiple allowed namespaces", + namespaces: []string{"allowed-namespace-1", "allowed-namespace-2"}, + objectNS: "not-allowed-namespace", + expected: false, + }, + { + name: "Namespace matched by glob pattern", + namespaces: []string{"allowed-namespace-*"}, + objectNS: "allowed-namespace-1", + expected: true, + }, + { + name: "Namespace matched by regex pattern", + namespaces: []string{"/^allowed-namespace-[^-]+$/"}, + objectNS: "allowed-namespace-1", + expected: true, + }, + } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - e := event.UpdateEvent{ - ObjectOld: tt.oldAppSet, - ObjectNew: tt.newAppSet, + predicate := ignoreNotAllowedNamespaces(tt.namespaces) + object := &v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: tt.objectNS, + }, } - result := predicate.Update(e) - assert.Equal(t, tt.reconcileExpected, result) + + t.Run(tt.name+":Create", func(t *testing.T) { + result := predicate.Create(event.CreateEvent{Object: object}) + assert.Equal(t, tt.expected, result) + }) + + t.Run(tt.name+":Update", func(t *testing.T) { + result := predicate.Update(event.UpdateEvent{ObjectNew: object}) + assert.Equal(t, tt.expected, result) + }) + + t.Run(tt.name+":Delete", func(t *testing.T) { + result := predicate.Delete(event.DeleteEvent{Object: object}) + assert.Equal(t, tt.expected, result) + }) + + t.Run(tt.name+":Generic", func(t *testing.T) { + result := predicate.Generic(event.GenericEvent{Object: object}) + assert.Equal(t, tt.expected, result) + }) }) } } diff --git a/applicationset/generators/git.go b/applicationset/generators/git.go index a2269fbb3d38e..ed1358ae43692 100644 --- a/applicationset/generators/git.go +++ b/applicationset/generators/git.go @@ -83,11 +83,12 @@ func (g *GitGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Applic var err error var res []map[string]any - if len(appSetGenerator.Git.Directories) != 0 { + switch { + case len(appSetGenerator.Git.Directories) != 0: res, err = g.generateParamsForGitDirectories(appSetGenerator, noRevisionCache, verifyCommit, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) - } else if len(appSetGenerator.Git.Files) != 0 { + case len(appSetGenerator.Git.Files) != 0: res, err = g.generateParamsForGitFiles(appSetGenerator, noRevisionCache, verifyCommit, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) - } else { + default: return nil, EmptyAppSetGeneratorError } if err != nil { diff --git a/applicationset/generators/pull_request.go b/applicationset/generators/pull_request.go index 13256b9315b1b..96a8003c7889a 100644 --- a/applicationset/generators/pull_request.go +++ b/applicationset/generators/pull_request.go @@ -222,5 +222,5 @@ func (g *PullRequestGenerator) github(ctx context.Context, cfg *argoprojiov1alph if err != nil { return nil, fmt.Errorf("error fetching Secret token: %w", err) } - return pullrequest.NewGithubService(ctx, token, cfg.API, cfg.Owner, cfg.Repo, cfg.Labels) + return pullrequest.NewGithubService(token, cfg.API, cfg.Owner, cfg.Repo, cfg.Labels) } diff --git a/applicationset/generators/scm_provider.go b/applicationset/generators/scm_provider.go index 02d1a7905a476..a58b66b93dd8d 100644 --- a/applicationset/generators/scm_provider.go +++ b/applicationset/generators/scm_provider.go @@ -138,15 +138,16 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha ctx := context.Background() var provider scm_provider.SCMProviderService - if g.overrideProvider != nil { + switch { + case g.overrideProvider != nil: provider = g.overrideProvider - } else if providerConfig.Github != nil { + case providerConfig.Github != nil: var err error provider, err = g.githubProvider(ctx, providerConfig.Github, applicationSetInfo) if err != nil { return nil, fmt.Errorf("scm provider: %w", err) } - } else if providerConfig.Gitlab != nil { + case providerConfig.Gitlab != nil: providerConfig := providerConfig.Gitlab var caCerts []byte var scmError error @@ -164,7 +165,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha if err != nil { return nil, fmt.Errorf("error initializing Gitlab service: %w", err) } - } else if providerConfig.Gitea != nil { + case providerConfig.Gitea != nil: token, err := utils.GetSecretRef(ctx, g.client, providerConfig.Gitea.TokenRef, applicationSetInfo.Namespace, g.tokenRefStrictMode) if err != nil { return nil, fmt.Errorf("error fetching Gitea token: %w", err) @@ -173,7 +174,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha if err != nil { return nil, fmt.Errorf("error initializing Gitea service: %w", err) } - } else if providerConfig.BitbucketServer != nil { + case providerConfig.BitbucketServer != nil: providerConfig := providerConfig.BitbucketServer var caCerts []byte var scmError error @@ -183,25 +184,26 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha return nil, fmt.Errorf("error fetching CA certificates from ConfigMap: %w", scmError) } } - if providerConfig.BearerToken != nil { + switch { + case providerConfig.BearerToken != nil: appToken, err := utils.GetSecretRef(ctx, g.client, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace, g.tokenRefStrictMode) if err != nil { return nil, fmt.Errorf("error fetching Secret Bearer token: %w", err) } provider, scmError = scm_provider.NewBitbucketServerProviderBearerToken(ctx, appToken, providerConfig.API, providerConfig.Project, providerConfig.AllBranches, g.scmRootCAPath, providerConfig.Insecure, caCerts) - } else if providerConfig.BasicAuth != nil { + case providerConfig.BasicAuth != nil: password, err := utils.GetSecretRef(ctx, g.client, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace, g.tokenRefStrictMode) if err != nil { return nil, fmt.Errorf("error fetching Secret token: %w", err) } provider, scmError = scm_provider.NewBitbucketServerProviderBasicAuth(ctx, providerConfig.BasicAuth.Username, password, providerConfig.API, providerConfig.Project, providerConfig.AllBranches, g.scmRootCAPath, providerConfig.Insecure, caCerts) - } else { + default: provider, scmError = scm_provider.NewBitbucketServerProviderNoAuth(ctx, providerConfig.API, providerConfig.Project, providerConfig.AllBranches, g.scmRootCAPath, providerConfig.Insecure, caCerts) } if scmError != nil { return nil, fmt.Errorf("error initializing Bitbucket Server service: %w", scmError) } - } else if providerConfig.AzureDevOps != nil { + case providerConfig.AzureDevOps != nil: token, err := utils.GetSecretRef(ctx, g.client, providerConfig.AzureDevOps.AccessTokenRef, applicationSetInfo.Namespace, g.tokenRefStrictMode) if err != nil { return nil, fmt.Errorf("error fetching Azure Devops access token: %w", err) @@ -210,7 +212,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha if err != nil { return nil, fmt.Errorf("error initializing Azure Devops service: %w", err) } - } else if providerConfig.Bitbucket != nil { + case providerConfig.Bitbucket != nil: appPassword, err := utils.GetSecretRef(ctx, g.client, providerConfig.Bitbucket.AppPasswordRef, applicationSetInfo.Namespace, g.tokenRefStrictMode) if err != nil { return nil, fmt.Errorf("error fetching Bitbucket cloud appPassword: %w", err) @@ -219,13 +221,13 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha if err != nil { return nil, fmt.Errorf("error initializing Bitbucket cloud service: %w", err) } - } else if providerConfig.AWSCodeCommit != nil { + case providerConfig.AWSCodeCommit != nil: var awsErr error provider, awsErr = scm_provider.NewAWSCodeCommitProvider(ctx, providerConfig.AWSCodeCommit.TagFilters, providerConfig.AWSCodeCommit.Role, providerConfig.AWSCodeCommit.Region, providerConfig.AWSCodeCommit.AllBranches) if awsErr != nil { return nil, fmt.Errorf("error initializing AWS codecommit service: %w", awsErr) } - } else { + default: return nil, errors.New("no SCM provider implementation configured") } @@ -289,5 +291,5 @@ func (g *SCMProviderGenerator) githubProvider(ctx context.Context, github *argop if err != nil { return nil, fmt.Errorf("error fetching Github token: %w", err) } - return scm_provider.NewGithubProvider(ctx, github.Organization, token, github.API, github.AllBranches) + return scm_provider.NewGithubProvider(github.Organization, token, github.API, github.AllBranches) } diff --git a/applicationset/services/pull_request/bitbucket_server_test.go b/applicationset/services/pull_request/bitbucket_server_test.go index e556ed95c8c14..19b9eb9e467cb 100644 --- a/applicationset/services/pull_request/bitbucket_server_test.go +++ b/applicationset/services/pull_request/bitbucket_server_test.go @@ -277,7 +277,7 @@ func TestListPullRequestTLS(t *testing.T) { defer ts.Close() var certs []byte - if test.passCerts == true { + if test.passCerts { for _, cert := range ts.TLS.Certificates { for _, c := range cert.Certificate { parsedCert, err := x509.ParseCertificate(c) diff --git a/applicationset/services/pull_request/github.go b/applicationset/services/pull_request/github.go index eaee02ffb171d..a69f5a967c6da 100644 --- a/applicationset/services/pull_request/github.go +++ b/applicationset/services/pull_request/github.go @@ -3,10 +3,10 @@ package pull_request import ( "context" "fmt" + "net/http" "os" "github.com/google/go-github/v66/github" - "golang.org/x/oauth2" ) type GithubService struct { @@ -18,21 +18,15 @@ type GithubService struct { var _ PullRequestService = (*GithubService)(nil) -func NewGithubService(ctx context.Context, token, url, owner, repo string, labels []string) (PullRequestService, error) { - var ts oauth2.TokenSource +func NewGithubService(token, url, owner, repo string, labels []string) (PullRequestService, error) { // Undocumented environment variable to set a default token, to be used in testing to dodge anonymous rate limits. if token == "" { token = os.Getenv("GITHUB_TOKEN") } - if token != "" { - ts = oauth2.StaticTokenSource( - &oauth2.Token{AccessToken: token}, - ) - } - httpClient := oauth2.NewClient(ctx, ts) + httpClient := &http.Client{} var client *github.Client if url == "" { - client = github.NewClient(httpClient) + client = github.NewClient(httpClient).WithAuthToken(token) } else { var err error client, err = github.NewClient(httpClient).WithEnterpriseURLs(url, url) diff --git a/applicationset/services/pull_request/gitlab_test.go b/applicationset/services/pull_request/gitlab_test.go index f46982823e927..36ec039a6a171 100644 --- a/applicationset/services/pull_request/gitlab_test.go +++ b/applicationset/services/pull_request/gitlab_test.go @@ -167,7 +167,7 @@ func TestListWithStateTLS(t *testing.T) { defer ts.Close() var certs []byte - if test.passCerts == true { + if test.passCerts { for _, cert := range ts.TLS.Certificates { for _, c := range cert.Certificate { parsedCert, err := x509.ParseCertificate(c) diff --git a/applicationset/services/scm_provider/bitbucket_server_test.go b/applicationset/services/scm_provider/bitbucket_server_test.go index 753e8f75f7834..3b468d5ecdbbc 100644 --- a/applicationset/services/scm_provider/bitbucket_server_test.go +++ b/applicationset/services/scm_provider/bitbucket_server_test.go @@ -452,7 +452,7 @@ func TestListReposTLS(t *testing.T) { defer ts.Close() var certs []byte - if test.passCerts == true { + if test.passCerts { for _, cert := range ts.TLS.Certificates { for _, c := range cert.Certificate { parsedCert, err := x509.ParseCertificate(c) diff --git a/applicationset/services/scm_provider/github.go b/applicationset/services/scm_provider/github.go index 2e2f2a7faf3d4..489940ad2b083 100644 --- a/applicationset/services/scm_provider/github.go +++ b/applicationset/services/scm_provider/github.go @@ -7,7 +7,6 @@ import ( "os" "github.com/google/go-github/v66/github" - "golang.org/x/oauth2" ) type GithubProvider struct { @@ -18,21 +17,15 @@ type GithubProvider struct { var _ SCMProviderService = &GithubProvider{} -func NewGithubProvider(ctx context.Context, organization string, token string, url string, allBranches bool) (*GithubProvider, error) { - var ts oauth2.TokenSource +func NewGithubProvider(organization string, token string, url string, allBranches bool) (*GithubProvider, error) { // Undocumented environment variable to set a default token, to be used in testing to dodge anonymous rate limits. if token == "" { token = os.Getenv("GITHUB_TOKEN") } - if token != "" { - ts = oauth2.StaticTokenSource( - &oauth2.Token{AccessToken: token}, - ) - } - httpClient := oauth2.NewClient(ctx, ts) + httpClient := &http.Client{} var client *github.Client if url == "" { - client = github.NewClient(httpClient) + client = github.NewClient(httpClient).WithAuthToken(token) } else { var err error client, err = github.NewClient(httpClient).WithEnterpriseURLs(url, url) diff --git a/applicationset/services/scm_provider/github_test.go b/applicationset/services/scm_provider/github_test.go index f1fb0e412abb6..303237fc1fe40 100644 --- a/applicationset/services/scm_provider/github_test.go +++ b/applicationset/services/scm_provider/github_test.go @@ -243,7 +243,7 @@ func TestGithubListRepos(t *testing.T) { defer ts.Close() for _, c := range cases { t.Run(c.name, func(t *testing.T) { - provider, _ := NewGithubProvider(context.Background(), "argoproj", "", ts.URL, c.allBranches) + provider, _ := NewGithubProvider("argoproj", "", ts.URL, c.allBranches) rawRepos, err := ListRepos(context.Background(), provider, c.filters, c.proto) if c.hasError { require.Error(t, err) @@ -273,7 +273,7 @@ func TestGithubHasPath(t *testing.T) { githubMockHandler(t)(w, r) })) defer ts.Close() - host, _ := NewGithubProvider(context.Background(), "argoproj", "", ts.URL, false) + host, _ := NewGithubProvider("argoproj", "", ts.URL, false) repo := &Repository{ Organization: "argoproj", Repository: "argo-cd", @@ -293,7 +293,7 @@ func TestGithubGetBranches(t *testing.T) { githubMockHandler(t)(w, r) })) defer ts.Close() - host, _ := NewGithubProvider(context.Background(), "argoproj", "", ts.URL, false) + host, _ := NewGithubProvider("argoproj", "", ts.URL, false) repo := &Repository{ Organization: "argoproj", Repository: "argo-cd", diff --git a/applicationset/services/scm_provider/gitlab.go b/applicationset/services/scm_provider/gitlab.go index 012b59b9ecf35..2ab3234c5f4c2 100644 --- a/applicationset/services/scm_provider/gitlab.go +++ b/applicationset/services/scm_provider/gitlab.go @@ -2,10 +2,10 @@ package scm_provider import ( "context" + "errors" "fmt" "net/http" "os" - pathpkg "path" "github.com/hashicorp/go-retryablehttp" gitlab "gitlab.com/gitlab-org/api/client-go" @@ -129,40 +129,31 @@ func (g *GitlabProvider) ListRepos(_ context.Context, cloneProtocol string) ([]* func (g *GitlabProvider) RepoHasPath(_ context.Context, repo *Repository, path string) (bool, error) { p, _, err := g.client.Projects.GetProject(repo.Organization+"/"+repo.Repository, nil) if err != nil { - return false, err - } - directories := []string{ - path, - pathpkg.Dir(path), + return false, fmt.Errorf("error getting Project Info: %w", err) } - for _, directory := range directories { - options := gitlab.ListTreeOptions{ - Path: &directory, - Ref: &repo.Branch, - } - for { - treeNode, resp, err := g.client.Repositories.ListTree(p.ID, &options) - if err != nil { - return false, err - } - if path == directory { - if resp.TotalItems > 0 { - return true, nil - } + + // search if the path is a file and exists in the repo + fileOptions := gitlab.GetFileOptions{Ref: &repo.Branch} + _, _, err = g.client.RepositoryFiles.GetFile(p.ID, path, &fileOptions) + if err != nil { + if errors.Is(err, gitlab.ErrNotFound) { + // no file found, check for a directory + options := gitlab.ListTreeOptions{ + Path: &path, + Ref: &repo.Branch, } - for i := range treeNode { - if treeNode[i].Path == path { - return true, nil + _, _, err := g.client.Repositories.ListTree(p.ID, &options) + if err != nil { + if errors.Is(err, gitlab.ErrNotFound) { + return false, nil // no file or directory found } + return false, err } - if resp.NextPage == 0 { - // no future pages - break - } - options.Page = resp.NextPage + return true, nil // directory found } + return false, err } - return false, nil + return true, nil // file found } func (g *GitlabProvider) listBranches(_ context.Context, repo *Repository) ([]gitlab.Branch, error) { diff --git a/applicationset/services/scm_provider/gitlab_test.go b/applicationset/services/scm_provider/gitlab_test.go index 4ae1296c2535a..a4d92b9224d24 100644 --- a/applicationset/services/scm_provider/gitlab_test.go +++ b/applicationset/services/scm_provider/gitlab_test.go @@ -20,6 +20,7 @@ func gitlabMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { t.Helper() return func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json") + fmt.Println(r.RequestURI) switch r.RequestURI { case "/api/v4": fmt.Println("here1") @@ -1040,6 +1041,32 @@ func gitlabMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { if err != nil { t.Fail() } + // Recent versions of the Gitlab API (v17.7+) listTree return 404 not only when a file doesn't exist, but also + // when a path is to a file instead of a directory. Code was refactored to explicitly search for file then + // search for directory, catching 404 errors as "file not found". + case "/api/v4/projects/27084533/repository/files/argocd?ref=master": + w.WriteHeader(http.StatusNotFound) + case "/api/v4/projects/27084533/repository/files/argocd%2Finstall%2Eyaml?ref=master": + _, err := io.WriteString(w, `{"file_name":"install.yaml","file_path":"argocd/install.yaml","size":0,"encoding":"base64","content_sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","ref":"main","blob_id":"e69de29bb2d1d6434b8b29ae775ad8c2e48c5391","commit_id":"6d4c0f9d34534ccc73aa3f3180b25e2aebe630eb","last_commit_id":"b50eb63f9c0e09bfdb070db26fd32c7210291f52","execute_filemode":false,"content":""}`) + if err != nil { + t.Fail() + } + case "/api/v4/projects/27084533/repository/files/notathing?ref=master": + w.WriteHeader(http.StatusNotFound) + case "/api/v4/projects/27084533/repository/tree?path=notathing&ref=master": + w.WriteHeader(http.StatusNotFound) + case "/api/v4/projects/27084533/repository/files/argocd%2Fnotathing%2Eyaml?ref=master": + w.WriteHeader(http.StatusNotFound) + case "/api/v4/projects/27084533/repository/tree?path=argocd%2Fnotathing.yaml&ref=master": + w.WriteHeader(http.StatusNotFound) + case "/api/v4/projects/27084533/repository/files/notathing%2Fnotathing%2Eyaml?ref=master": + w.WriteHeader(http.StatusNotFound) + case "/api/v4/projects/27084533/repository/tree?path=notathing%2Fnotathing.yaml&ref=master": + w.WriteHeader(http.StatusNotFound) + case "/api/v4/projects/27084533/repository/files/notathing%2Fnotathing%2Fnotathing%2Eyaml?ref=master": + w.WriteHeader(http.StatusNotFound) + case "/api/v4/projects/27084533/repository/tree?path=notathing%2Fnotathing%2Fnotathing.yaml&ref=master": + w.WriteHeader(http.StatusNotFound) case "/api/v4/projects/27084533/repository/branches/foo": w.WriteHeader(http.StatusNotFound) default: @@ -1194,6 +1221,16 @@ func TestGitlabHasPath(t *testing.T) { path: "argocd/notathing.yaml", exists: false, }, + { + name: "noexistent file in noexistent directory", + path: "notathing/notathing.yaml", + exists: false, + }, + { + name: "noexistent file in nested noexistent directory", + path: "notathing/notathing/notathing.yaml", + exists: false, + }, } for _, c := range cases { @@ -1273,7 +1310,7 @@ func TestGetBranchesTLS(t *testing.T) { defer ts.Close() var certs []byte - if test.passCerts == true { + if test.passCerts { for _, cert := range ts.TLS.Certificates { for _, c := range cert.Certificate { parsedCert, err := x509.ParseCertificate(c) diff --git a/applicationset/utils/clusterUtils.go b/applicationset/utils/clusterUtils.go index 8d31f3b2fd93e..a708ba73ca5c2 100644 --- a/applicationset/utils/clusterUtils.go +++ b/applicationset/utils/clusterUtils.go @@ -68,12 +68,12 @@ func getLocalCluster(clientset kubernetes.Interface) *appv1.Cluster { initLocalCluster.Do(func() { info, err := clientset.Discovery().ServerVersion() if err == nil { - // nolint:staticcheck + //nolint:staticcheck localCluster.ServerVersion = fmt.Sprintf("%s.%s", info.Major, info.Minor) - // nolint:staticcheck + //nolint:staticcheck localCluster.ConnectionState = appv1.ConnectionState{Status: appv1.ConnectionStatusSuccessful} } else { - // nolint:staticcheck + //nolint:staticcheck localCluster.ConnectionState = appv1.ConnectionState{ Status: appv1.ConnectionStatusFailed, Message: err.Error(), @@ -82,7 +82,7 @@ func getLocalCluster(clientset kubernetes.Interface) *appv1.Cluster { }) cluster := localCluster.DeepCopy() now := metav1.Now() - // nolint:staticcheck + //nolint:staticcheck cluster.ConnectionState.ModifiedAt = &now return cluster } diff --git a/assets/builtin-policy.csv b/assets/builtin-policy.csv index 28f565260d88d..088f5fbd08ad3 100644 --- a/assets/builtin-policy.csv +++ b/assets/builtin-policy.csv @@ -18,7 +18,9 @@ p, role:readonly, logs, get, */*, allow p, role:admin, applications, create, */*, allow p, role:admin, applications, update, */*, allow +p, role:admin, applications, update/*, */*, allow p, role:admin, applications, delete, */*, allow +p, role:admin, applications, delete/*, */*, allow p, role:admin, applications, sync, */*, allow p, role:admin, applications, override, */*, allow p, role:admin, applications, action/*, */*, allow @@ -47,4 +49,4 @@ p, role:admin, gpgkeys, delete, *, allow p, role:admin, exec, create, */*, allow g, role:admin, role:readonly -g, admin, role:admin \ No newline at end of file +g, admin, role:admin diff --git a/assets/swagger.json b/assets/swagger.json index bcde9040fd099..0a6aac80f51ef 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -3771,6 +3771,12 @@ "description": "Whether to force HTTP basic auth.", "name": "forceHttpBasicAuth", "in": "query" + }, + { + "type": "boolean", + "description": "Whether to use azure workload identity for authentication.", + "name": "useAzureWorkloadIdentity", + "in": "query" } ], "responses": { @@ -4597,6 +4603,12 @@ "description": "Whether to force HTTP basic auth.", "name": "forceHttpBasicAuth", "in": "query" + }, + { + "type": "boolean", + "description": "Whether to use azure workload identity for authentication.", + "name": "useAzureWorkloadIdentity", + "in": "query" } ], "responses": { @@ -8940,6 +8952,10 @@ "type": "string", "title": "URL is the URL to which these credentials match" }, + "useAzureWorkloadIdentity": { + "type": "boolean", + "title": "UseAzureWorkloadIdentity specifies whether to use Azure Workload Identity for authentication" + }, "username": { "type": "string", "title": "Username for authenticating at the repo server" @@ -9054,6 +9070,10 @@ "description": "Type specifies the type of the repo. Can be either \"git\" or \"helm. \"git\" is assumed if empty or absent.", "type": "string" }, + "useAzureWorkloadIdentity": { + "type": "boolean", + "title": "UseAzureWorkloadIdentity specifies whether to use Azure Workload Identity for authentication" + }, "username": { "type": "string", "title": "Username contains the user name used for authenticating at the remote repository" @@ -10077,6 +10097,10 @@ "type": "object", "title": "SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps", "properties": { + "andOperator": { + "type": "boolean", + "title": "UseAndOperator use AND operator for matching applications, namespaces and clusters instead of the default OR operator" + }, "applications": { "type": "array", "title": "Applications contains a list of applications that the window will apply to", diff --git a/cmd/argocd-application-controller/commands/argocd_application_controller.go b/cmd/argocd-application-controller/commands/argocd_application_controller.go index e14e20aee13be..cba2909b491b6 100644 --- a/cmd/argocd-application-controller/commands/argocd_application_controller.go +++ b/cmd/argocd-application-controller/commands/argocd_application_controller.go @@ -72,6 +72,7 @@ func NewCommand() *cobra.Command { metricsCacheExpiration time.Duration metricsAplicationLabels []string metricsAplicationConditions []string + metricsClusterLabels []string kubectlParallelismLimit int64 cacheSource func() (*appstatecache.Cache, error) redisClient *redis.Client @@ -202,6 +203,7 @@ func NewCommand() *cobra.Command { metricsCacheExpiration, metricsAplicationLabels, metricsAplicationConditions, + metricsClusterLabels, kubectlParallelismLimit, persistResourceHealth, clusterSharding, @@ -272,6 +274,7 @@ func NewCommand() *cobra.Command { command.Flags().BoolVar(&repoServerStrictTLS, "repo-server-strict-tls", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS", false), "Whether to use strict validation of the TLS cert presented by the repo server") command.Flags().StringSliceVar(&metricsAplicationLabels, "metrics-application-labels", []string{}, "List of Application labels that will be added to the argocd_application_labels metric") command.Flags().StringSliceVar(&metricsAplicationConditions, "metrics-application-conditions", []string{}, "List of Application conditions that will be added to the argocd_application_conditions metric") + command.Flags().StringSliceVar(&metricsClusterLabels, "metrics-cluster-labels", []string{}, "List of Cluster labels that will be added to the argocd_cluster_labels metric") command.Flags().StringVar(&otlpAddress, "otlp-address", env.StringFromEnv("ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS", ""), "OpenTelemetry collector address to send traces to") command.Flags().BoolVar(&otlpInsecure, "otlp-insecure", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE", true), "OpenTelemetry collector insecure mode") command.Flags().StringToStringVar(&otlpHeaders, "otlp-headers", env.ParseStringToStringFromEnv("ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS", map[string]string{}, ","), "List of OpenTelemetry collector extra headers sent with traces, headers are comma-separated key-value pairs(e.g. key1=value1,key2=value2)") diff --git a/cmd/argocd/commands/admin/app_test.go b/cmd/argocd/commands/admin/app_test.go index 8d1f4d09c1904..672a67a053d59 100644 --- a/cmd/argocd/commands/admin/app_test.go +++ b/cmd/argocd/commands/admin/app_test.go @@ -16,6 +16,7 @@ import ( kubefake "k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/tools/cache" + "github.com/argoproj/argo-cd/v3/common" statecache "github.com/argoproj/argo-cd/v3/controller/cache" cachemocks "github.com/argoproj/argo-cd/v3/controller/cache/mocks" "github.com/argoproj/argo-cd/v3/controller/metrics" @@ -57,15 +58,28 @@ func TestGetReconcileResults(t *testing.T) { func TestGetReconcileResults_Refresh(t *testing.T) { ctx := context.Background() - cm := corev1.ConfigMap{ + argoCM := &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ - Name: "argocd-cm", + Name: common.ArgoCDConfigMapName, Namespace: "default", Labels: map[string]string{ "app.kubernetes.io/part-of": "argocd", }, }, } + argoCDSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: common.ArgoCDSecretName, + Namespace: "default", + Labels: map[string]string{ + "app.kubernetes.io/part-of": "argocd", + }, + }, + Data: map[string][]byte{ + "admin.password": nil, + "server.secretkey": nil, + }, + } proj := &v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{ Name: "default", @@ -91,7 +105,7 @@ func TestGetReconcileResults_Refresh(t *testing.T) { appClientset := appfake.NewSimpleClientset(app, proj) deployment := test.NewDeployment() - kubeClientset := kubefake.NewClientset(deployment, &cm) + kubeClientset := kubefake.NewClientset(deployment, argoCM, argoCDSecret) clusterCache := clustermocks.ClusterCache{} clusterCache.On("IsNamespaced", mock.Anything).Return(true, nil) clusterCache.On("GetGVKParser", mock.Anything).Return(nil) diff --git a/cmd/argocd/commands/admin/backup.go b/cmd/argocd/commands/admin/backup.go index 5d4b25903665c..23512cbe8aa4b 100644 --- a/cmd/argocd/commands/admin/backup.go +++ b/cmd/argocd/commands/admin/backup.go @@ -275,7 +275,8 @@ func NewImportCommand() *cobra.Command { updateTracking(bakObj, &liveObj) } - if !exists { + switch { + case !exists: isForbidden := false if !dryRun { _, err = dynClient.Create(ctx, bakObj, metav1.CreateOptions{}) @@ -289,11 +290,11 @@ func NewImportCommand() *cobra.Command { if !isForbidden { fmt.Printf("%s/%s %s in namespace %s created%s\n", gvk.Group, gvk.Kind, bakObj.GetName(), bakObj.GetNamespace(), dryRunMsg) } - } else if specsEqual(*bakObj, liveObj) && checkAppHasNoNeedToStopOperation(liveObj, stopOperation) { + case specsEqual(*bakObj, liveObj) && checkAppHasNoNeedToStopOperation(liveObj, stopOperation): if verbose { fmt.Printf("%s/%s %s unchanged%s\n", gvk.Group, gvk.Kind, bakObj.GetName(), dryRunMsg) } - } else { + default: isForbidden := false if !dryRun { newLive := updateLive(bakObj, &liveObj, stopOperation) diff --git a/cmd/argocd/commands/admin/cluster.go b/cmd/argocd/commands/admin/cluster.go index a9d51d55feb3a..97e3a74bd8e52 100644 --- a/cmd/argocd/commands/admin/cluster.go +++ b/cmd/argocd/commands/admin/cluster.go @@ -229,7 +229,7 @@ func NewClusterShardsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comm // parse all added flags so far to get the redis-compression flag that was added by AddCacheFlagsToCmd() above // we can ignore unchecked error here as the command will be parsed again and checked when command.Execute() is run later - // nolint:errcheck + //nolint:errcheck command.ParseFlags(os.Args[1:]) redisCompressionStr, _ = command.Flags().GetString(cacheutil.CLIFlagRedisCompress) return &command @@ -517,7 +517,7 @@ argocd admin cluster stats target-cluster`, // parse all added flags so far to get the redis-compression flag that was added by AddCacheFlagsToCmd() above // we can ignore unchecked error here as the command will be parsed again and checked when command.Execute() is run later - // nolint:errcheck + //nolint:errcheck command.ParseFlags(os.Args[1:]) redisCompressionStr, _ = command.Flags().GetString(cacheutil.CLIFlagRedisCompress) return &command @@ -616,13 +616,14 @@ func NewGenClusterConfigCommand(pathOpts *clientcmd.PathOptions) *cobra.Command var awsAuthConf *v1alpha1.AWSAuthConfig var execProviderConf *v1alpha1.ExecProviderConfig - if clusterOpts.AwsClusterName != "" { + switch { + case clusterOpts.AwsClusterName != "": awsAuthConf = &v1alpha1.AWSAuthConfig{ ClusterName: clusterOpts.AwsClusterName, RoleARN: clusterOpts.AwsRoleArn, Profile: clusterOpts.AwsProfile, } - } else if clusterOpts.ExecProviderCommand != "" { + case clusterOpts.ExecProviderCommand != "": execProviderConf = &v1alpha1.ExecProviderConfig{ Command: clusterOpts.ExecProviderCommand, Args: clusterOpts.ExecProviderArgs, @@ -630,10 +631,10 @@ func NewGenClusterConfigCommand(pathOpts *clientcmd.PathOptions) *cobra.Command APIVersion: clusterOpts.ExecProviderAPIVersion, InstallHint: clusterOpts.ExecProviderInstallHint, } - } else if generateToken { + case generateToken: bearerToken, err = GenerateToken(clusterOpts, conf) errors.CheckError(err) - } else if bearerToken == "" { + case bearerToken == "": bearerToken = "bearer-token" } if clusterOpts.Name != "" { diff --git a/cmd/argocd/commands/admin/cluster_test.go b/cmd/argocd/commands/admin/cluster_test.go index 288319bedce77..0b3f47ecf80eb 100644 --- a/cmd/argocd/commands/admin/cluster_test.go +++ b/cmd/argocd/commands/admin/cluster_test.go @@ -70,11 +70,9 @@ func Test_loadClusters(t *testing.T) { ID: "", Server: "https://kubernetes.default.svc", Name: "in-cluster", - //nolint:staticcheck ConnectionState: v1alpha1.ConnectionState{ Status: "Successful", }, - //nolint:staticcheck ServerVersion: ".", Shard: ptr.To(int64(0)), }, diff --git a/cmd/argocd/commands/admin/project.go b/cmd/argocd/commands/admin/project.go index 6c42f2e155bfe..244253c2ceae5 100644 --- a/cmd/argocd/commands/admin/project.go +++ b/cmd/argocd/commands/admin/project.go @@ -223,13 +223,14 @@ func updateProjects(ctx context.Context, projIf appclient.AppProjectInterface, p break } policyPermission := modification(proj.Name, action) - if actionPolicyIndex == -1 && policyPermission != "" { + switch { + case actionPolicyIndex == -1 && policyPermission != "": updated = true role.Policies = append(role.Policies, formatPolicy(proj.Name, role.Name, policyPermission)) - } else if actionPolicyIndex > -1 && policyPermission == "" { + case actionPolicyIndex > -1 && policyPermission == "": updated = true role.Policies = append(role.Policies[:actionPolicyIndex], role.Policies[actionPolicyIndex+1:]...) - } else if actionPolicyIndex > -1 && policyPermission != "" { + case actionPolicyIndex > -1 && policyPermission != "": updated = true role.Policies[actionPolicyIndex] = formatPolicy(proj.Name, role.Name, policyPermission) } diff --git a/cmd/argocd/commands/admin/repo.go b/cmd/argocd/commands/admin/repo.go index c13c3b247f625..3f1f7207f5b03 100644 --- a/cmd/argocd/commands/admin/repo.go +++ b/cmd/argocd/commands/admin/repo.go @@ -126,6 +126,7 @@ func NewGenRepoSpecCommand() *cobra.Command { repoOpts.Repo.Insecure = repoOpts.InsecureSkipServerVerification repoOpts.Repo.EnableLFS = repoOpts.EnableLfs repoOpts.Repo.EnableOCI = repoOpts.EnableOci + repoOpts.Repo.UseAzureWorkloadIdentity = repoOpts.UseAzureWorkloadIdentity if repoOpts.Repo.Type == "helm" && repoOpts.Repo.Name == "" { errors.CheckError(stderrors.New("must specify --name for repos of type 'helm'")) diff --git a/cmd/argocd/commands/admin/settings.go b/cmd/argocd/commands/admin/settings.go index 8e22cb5d6ad6f..4776b5963339a 100644 --- a/cmd/argocd/commands/admin/settings.go +++ b/cmd/argocd/commands/admin/settings.go @@ -64,9 +64,10 @@ func setSettingsMeta(obj metav1.Object) { func (opts *settingsOpts) createSettingsManager(ctx context.Context) (*settings.SettingsManager, error) { var argocdCM *corev1.ConfigMap - if opts.argocdCMPath == "" && !opts.loadClusterSettings { + switch { + case opts.argocdCMPath == "" && !opts.loadClusterSettings: return nil, stderrors.New("either --argocd-cm-path must be provided or --load-cluster-settings must be set to true") - } else if opts.argocdCMPath == "" { + case opts.argocdCMPath == "": realClientset, ns, err := opts.getK8sClient() if err != nil { return nil, err @@ -76,7 +77,7 @@ func (opts *settingsOpts) createSettingsManager(ctx context.Context) (*settings. if err != nil { return nil, err } - } else { + default: data, err := os.ReadFile(opts.argocdCMPath) if err != nil { return nil, err @@ -89,7 +90,8 @@ func (opts *settingsOpts) createSettingsManager(ctx context.Context) (*settings. setSettingsMeta(argocdCM) var argocdSecret *corev1.Secret - if opts.argocdSecretPath != "" { + switch { + case opts.argocdSecretPath != "": data, err := os.ReadFile(opts.argocdSecretPath) if err != nil { return nil, err @@ -99,7 +101,7 @@ func (opts *settingsOpts) createSettingsManager(ctx context.Context) (*settings. return nil, err } setSettingsMeta(argocdSecret) - } else if opts.loadClusterSettings { + case opts.loadClusterSettings: realClientset, ns, err := opts.getK8sClient() if err != nil { return nil, err @@ -108,7 +110,7 @@ func (opts *settingsOpts) createSettingsManager(ctx context.Context) (*settings. if err != nil { return nil, err } - } else { + default: argocdSecret = &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDSecretName, @@ -514,12 +516,12 @@ argocd admin settings resource-overrides health ./deploy.yaml --argocd-cm-path . executeResourceOverrideCommand(ctx, cmdCtx, args, func(res unstructured.Unstructured, _ v1alpha1.ResourceOverride, overrides map[string]v1alpha1.ResourceOverride) { gvk := res.GroupVersionKind() resHealth, err := healthutil.GetResourceHealth(&res, lua.ResourceHealthOverrides(overrides)) - - if err != nil { + switch { + case err != nil: errors.CheckError(err) - } else if resHealth == nil { + case resHealth == nil: fmt.Printf("Health script is not configured for '%s/%s'\n", gvk.Group, gvk.Kind) - } else { + default: _, _ = fmt.Printf("STATUS: %s\n", resHealth.Status) _, _ = fmt.Printf("MESSAGE: %s\n", resHealth.Message) } diff --git a/cmd/argocd/commands/admin/settings_test.go b/cmd/argocd/commands/admin/settings_test.go index 998a4e19f7b2a..899ab14746b15 100644 --- a/cmd/argocd/commands/admin/settings_test.go +++ b/cmd/argocd/commands/admin/settings_test.go @@ -68,7 +68,7 @@ func newSettingsManager(data map[string]string) *settings.SettingsManager { type fakeCmdContext struct { mgr *settings.SettingsManager - // nolint:unused,structcheck + //nolint:unused,structcheck out bytes.Buffer } diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go index bc0ae2a985f0f..3ce81351b33a1 100644 --- a/cmd/argocd/commands/app.go +++ b/cmd/argocd/commands/app.go @@ -188,11 +188,12 @@ func NewApplicationCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra. errors.CheckError(err) var action string - if existing == nil { + switch { + case existing == nil: action = "created" - } else if !hasAppChanged(existing, created, upsert) { + case !hasAppChanged(existing, created, upsert): action = "unchanged" - } else { + default: action = "updated" } @@ -1285,7 +1286,8 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co argoSettings, err := settingsIf.Get(ctx, &settings.SettingsQuery{}) errors.CheckError(err) diffOption := &DifferenceOption{} - if app.Spec.HasMultipleSources() && len(revisions) > 0 && len(sourcePositions) > 0 { + switch { + case app.Spec.HasMultipleSources() && len(revisions) > 0 && len(sourcePositions) > 0: numOfSources := int64(len(app.Spec.GetSources())) for _, pos := range sourcePositions { if pos <= 0 || pos > numOfSources { @@ -1305,7 +1307,7 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co diffOption.res = res diffOption.revisions = revisions diffOption.sourcePositions = sourcePositions - } else if revision != "" { + case revision != "": q := application.ApplicationManifestQuery{ Name: &appName, Revision: &revision, @@ -1315,7 +1317,7 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co errors.CheckError(err) diffOption.res = res diffOption.revision = revision - } else if local != "" { + case local != "": if serverSideGenerate { client, err := appIf.GetManifestsWithFiles(ctx, grpc_retry.Disable()) errors.CheckError(err) @@ -1381,10 +1383,11 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *arg liveObjs, err := cmdutil.LiveObjects(resources.Items) errors.CheckError(err) items := make([]objKeyLiveTarget, 0) - if diffOptions.local != "" { + switch { + case diffOptions.local != "": localObjs := groupObjsByKey(getLocalObjects(ctx, app, proj, diffOptions.local, diffOptions.localRepoRoot, argoSettings.AppLabelKey, diffOptions.cluster.Info.ServerVersion, diffOptions.cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod), liveObjs, app.Spec.Destination.Namespace) items = groupObjsForDiff(resources, localObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace), app.Spec.Destination.Namespace) - } else if diffOptions.revision != "" || len(diffOptions.revisions) > 0 { + case diffOptions.revision != "" || len(diffOptions.revisions) > 0: var unstructureds []*unstructured.Unstructured for _, mfst := range diffOptions.res.Manifests { obj, err := argoappv1.UnmarshalToUnstructured(mfst) @@ -1393,7 +1396,7 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *arg } groupedObjs := groupObjsByKey(unstructureds, liveObjs, app.Spec.Destination.Namespace) items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace), app.Spec.Destination.Namespace) - } else if diffOptions.serversideRes != nil { + case diffOptions.serversideRes != nil: var unstructureds []*unstructured.Unstructured for _, mfst := range diffOptions.serversideRes.Manifests { obj, err := argoappv1.UnmarshalToUnstructured(mfst) @@ -1402,7 +1405,7 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *arg } groupedObjs := groupObjsByKey(unstructureds, liveObjs, app.Spec.Destination.Namespace) items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace), app.Spec.Destination.Namespace) - } else { + default: for i := range resources.Items { res := resources.Items[i] live := &unstructured.Unstructured{} @@ -2456,25 +2459,26 @@ func checkResourceStatus(watch watchOpts, healthStatus string, syncStatus string } healthCheckPassed := true - if watch.suspended && watch.health && watch.degraded { + switch { + case watch.suspended && watch.health && watch.degraded: healthCheckPassed = healthStatus == string(health.HealthStatusHealthy) || healthStatus == string(health.HealthStatusSuspended) || healthStatus == string(health.HealthStatusDegraded) - } else if watch.suspended && watch.degraded { + case watch.suspended && watch.degraded: healthCheckPassed = healthStatus == string(health.HealthStatusDegraded) || healthStatus == string(health.HealthStatusSuspended) - } else if watch.degraded && watch.health { + case watch.degraded && watch.health: healthCheckPassed = healthStatus == string(health.HealthStatusHealthy) || healthStatus == string(health.HealthStatusDegraded) // below are good - } else if watch.suspended && watch.health { + case watch.suspended && watch.health: healthCheckPassed = healthStatus == string(health.HealthStatusHealthy) || healthStatus == string(health.HealthStatusSuspended) - } else if watch.suspended { + case watch.suspended: healthCheckPassed = healthStatus == string(health.HealthStatusSuspended) - } else if watch.health { + case watch.health: healthCheckPassed = healthStatus == string(health.HealthStatusHealthy) - } else if watch.degraded { + case watch.degraded: healthCheckPassed = healthStatus == string(health.HealthStatusDegraded) } @@ -3019,7 +3023,8 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob var unstructureds []*unstructured.Unstructured switch source { case "git": - if local != "" { + switch { + case local != "": settingsConn, settingsIf := clientset.NewSettingsClientOrDie() defer argoio.Close(settingsConn) argoSettings, err := settingsIf.Get(context.Background(), &settings.SettingsQuery{}) @@ -3031,9 +3036,9 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob errors.CheckError(err) proj := getProject(ctx, c, clientOpts, app.Spec.Project) - // nolint:staticcheck + //nolint:staticcheck unstructureds = getLocalObjects(context.Background(), app, proj.Project, local, localRepoRoot, argoSettings.AppLabelKey, cluster.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod) - } else if len(revisions) > 0 && len(sourcePositions) > 0 { + case len(revisions) > 0 && len(sourcePositions) > 0: q := application.ApplicationManifestQuery{ Name: &appName, AppNamespace: &appNs, @@ -3049,7 +3054,7 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob errors.CheckError(err) unstructureds = append(unstructureds, obj) } - } else if revision != "" { + case revision != "": q := application.ApplicationManifestQuery{ Name: &appName, AppNamespace: &appNs, @@ -3063,7 +3068,7 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob errors.CheckError(err) unstructureds = append(unstructureds, obj) } - } else { + default: targetObjs, err := targetObjects(resources.Items) errors.CheckError(err) unstructureds = targetObjs diff --git a/cmd/argocd/commands/app_resources.go b/cmd/argocd/commands/app_resources.go index 6df7368894866..58d7b0f9f9818 100644 --- a/cmd/argocd/commands/app_resources.go +++ b/cmd/argocd/commands/app_resources.go @@ -211,7 +211,8 @@ func printTreeViewAppResourcesOrphaned(nodeMapping map[string]v1alpha1.ResourceN func printResources(listAll bool, orphaned bool, appResourceTree *v1alpha1.ApplicationTree, output string) { w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) - if output == "tree=detailed" { + switch output { + case "tree=detailed": fmt.Fprintf(w, "GROUP\tKIND\tNAMESPACE\tNAME\tORPHANED\tAGE\tHEALTH\tREASON\n") if !orphaned || listAll { @@ -223,7 +224,7 @@ func printResources(listAll bool, orphaned bool, appResourceTree *v1alpha1.Appli mapUidToNode, mapParentToChild, parentNode := parentChildInfo(appResourceTree.OrphanedNodes) printDetailedTreeViewAppResourcesOrphaned(mapUidToNode, mapParentToChild, parentNode, w) } - } else if output == "tree" { + case "tree": fmt.Fprintf(w, "GROUP\tKIND\tNAMESPACE\tNAME\tORPHANED\n") if !orphaned || listAll { @@ -235,7 +236,7 @@ func printResources(listAll bool, orphaned bool, appResourceTree *v1alpha1.Appli mapUidToNode, mapParentToChild, parentNode := parentChildInfo(appResourceTree.OrphanedNodes) printTreeViewAppResourcesOrphaned(mapUidToNode, mapParentToChild, parentNode, w) } - } else { + default: headers := []any{"GROUP", "KIND", "NAMESPACE", "NAME", "ORPHANED"} fmtStr := "%s\t%s\t%s\t%s\t%s\n" _, _ = fmt.Fprintf(w, fmtStr, headers...) diff --git a/cmd/argocd/commands/applicationset.go b/cmd/argocd/commands/applicationset.go index f01f897a9adf5..1bdb041e4303c 100644 --- a/cmd/argocd/commands/applicationset.go +++ b/cmd/argocd/commands/applicationset.go @@ -173,11 +173,12 @@ func NewApplicationSetCreateCommand(clientOpts *argocdclient.ClientOptions) *cob } var action string - if existing == nil { + switch { + case existing == nil: action = "created" - } else if !hasAppSetChanged(existing, created, upsert) { + case !hasAppSetChanged(existing, created, upsert): action = "unchanged" - } else { + default: action = "updated" } diff --git a/cmd/argocd/commands/cluster.go b/cmd/argocd/commands/cluster.go index c97bb2305310e..a77f5f3e005ca 100644 --- a/cmd/argocd/commands/cluster.go +++ b/cmd/argocd/commands/cluster.go @@ -117,13 +117,14 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie managerBearerToken := "" var awsAuthConf *argoappv1.AWSAuthConfig var execProviderConf *argoappv1.ExecProviderConfig - if clusterOpts.AwsClusterName != "" { + switch { + case clusterOpts.AwsClusterName != "": awsAuthConf = &argoappv1.AWSAuthConfig{ ClusterName: clusterOpts.AwsClusterName, RoleARN: clusterOpts.AwsRoleArn, Profile: clusterOpts.AwsProfile, } - } else if clusterOpts.ExecProviderCommand != "" { + case clusterOpts.ExecProviderCommand != "": execProviderConf = &argoappv1.ExecProviderConfig{ Command: clusterOpts.ExecProviderCommand, Args: clusterOpts.ExecProviderArgs, @@ -131,7 +132,7 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie APIVersion: clusterOpts.ExecProviderAPIVersion, InstallHint: clusterOpts.ExecProviderInstallHint, } - } else { + default: // Install RBAC resources for managing the cluster if clusterOpts.ServiceAccount != "" { managerBearerToken, err = clusterauth.GetServiceAccountBearerToken(clientset, clusterOpts.SystemNamespace, clusterOpts.ServiceAccount, common.BearerTokenTimeout) @@ -166,13 +167,14 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie if clusterOpts.InClusterEndpoint() { clst.Server = argoappv1.KubernetesInternalAPIServerAddr } else if clusterOpts.ClusterEndpoint == string(cmdutil.KubePublicEndpoint) { - endpoint, err := cmdutil.GetKubePublicEndpoint(clientset) + endpoint, caData, err := cmdutil.GetKubePublicEndpoint(clientset) if err != nil || len(endpoint) == 0 { log.Warnf("Failed to find the cluster endpoint from kube-public data: %v", err) log.Infof("Falling back to the endpoint '%s' as listed in the kubeconfig context", clst.Server) endpoint = clst.Server } clst.Server = endpoint + clst.Config.TLSClientConfig.CAData = caData } if clusterOpts.Shard >= 0 { @@ -370,7 +372,7 @@ func printClusterDetails(clusters []argoappv1.Cluster) { fmt.Printf("Cluster information\n\n") fmt.Printf(" Server URL: %s\n", cluster.Server) fmt.Printf(" Server Name: %s\n", strWithDefault(cluster.Name, "-")) - // nolint:staticcheck + //nolint:staticcheck fmt.Printf(" Server Version: %s\n", cluster.ServerVersion) fmt.Printf(" Namespaces: %s\n", formatNamespaces(cluster)) fmt.Printf("\nTLS configuration\n\n") @@ -465,7 +467,7 @@ func printClusterTable(clusters []argoappv1.Cluster) { if len(c.Namespaces) > 0 { server = fmt.Sprintf("%s (%d namespaces)", c.Server, len(c.Namespaces)) } - // nolint:staticcheck + //nolint:staticcheck _, _ = fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\t%s\n", server, c.Name, c.ServerVersion, c.ConnectionState.Status, c.ConnectionState.Message, c.Project) } _ = w.Flush() diff --git a/cmd/argocd/commands/login.go b/cmd/argocd/commands/login.go index 007bedf8d3a8f..fff0bba2d0b4c 100644 --- a/cmd/argocd/commands/login.go +++ b/cmd/argocd/commands/login.go @@ -23,11 +23,11 @@ import ( argocdclient "github.com/argoproj/argo-cd/v3/pkg/apiclient" sessionpkg "github.com/argoproj/argo-cd/v3/pkg/apiclient/session" settingspkg "github.com/argoproj/argo-cd/v3/pkg/apiclient/settings" + claimsutil "github.com/argoproj/argo-cd/v3/util/claims" "github.com/argoproj/argo-cd/v3/util/cli" "github.com/argoproj/argo-cd/v3/util/errors" grpc_util "github.com/argoproj/argo-cd/v3/util/grpc" "github.com/argoproj/argo-cd/v3/util/io" - jwtutil "github.com/argoproj/argo-cd/v3/util/jwt" "github.com/argoproj/argo-cd/v3/util/localconfig" oidcutil "github.com/argoproj/argo-cd/v3/util/oidc" "github.com/argoproj/argo-cd/v3/util/rand" @@ -67,11 +67,12 @@ argocd login cd.argoproj.io --core`, os.Exit(1) } - if globalClientOpts.PortForward { + switch { + case globalClientOpts.PortForward: server = "port-forward" - } else if globalClientOpts.Core { + case globalClientOpts.Core: server = "kubernetes" - } else { + default: server = args[0] if !skipTestTLS { @@ -142,7 +143,9 @@ argocd login cd.argoproj.io --core`, claims := jwt.MapClaims{} _, _, err := parser.ParseUnverified(tokenString, &claims) errors.CheckError(err) - fmt.Printf("'%s' logged in successfully\n", userDisplayName(claims)) + argoClaims, err := claimsutil.MapClaimsToArgoClaims(claims) + errors.CheckError(err) + fmt.Printf("'%s' logged in successfully\n", userDisplayName(argoClaims)) } // login successful. Persist the config @@ -189,14 +192,17 @@ argocd login cd.argoproj.io --core`, return command } -func userDisplayName(claims jwt.MapClaims) string { - if email := jwtutil.StringField(claims, "email"); email != "" { - return email +func userDisplayName(claims *claimsutil.ArgoClaims) string { + if claims == nil { + return "" + } + if claims.Email != "" { + return claims.Email } - if name := jwtutil.StringField(claims, "name"); name != "" { - return name + if claims.Name != "" { + return claims.Name } - return jwtutil.StringField(claims, "sub") + return claims.GetUserIdentifier() } // oauth2Login opens a browser, runs a temporary HTTP server to delegate OAuth2 login flow and diff --git a/cmd/argocd/commands/login_test.go b/cmd/argocd/commands/login_test.go index e34bc7453fcb8..b5d6af48f8a85 100644 --- a/cmd/argocd/commands/login_test.go +++ b/cmd/argocd/commands/login_test.go @@ -5,10 +5,12 @@ import ( "os" "testing" + claimsutil "github.com/argoproj/argo-cd/v3/util/claims" utils "github.com/argoproj/argo-cd/v3/util/io" "github.com/golang-jwt/jwt/v5" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func captureStdout(callback func()) (string, error) { @@ -35,26 +37,45 @@ func captureStdout(callback func()) (string, error) { } func Test_userDisplayName_email(t *testing.T) { - claims := jwt.MapClaims{"iss": "qux", "sub": "foo", "email": "firstname.lastname@example.com", "groups": []string{"baz"}} + claims, err := claimsutil.MapClaimsToArgoClaims(jwt.MapClaims{"iss": "qux", "sub": "foo", "email": "firstname.lastname@example.com", "groups": []string{"baz"}}) + require.NoError(t, err) actualName := userDisplayName(claims) expectedName := "firstname.lastname@example.com" assert.Equal(t, expectedName, actualName) } func Test_userDisplayName_name(t *testing.T) { - claims := jwt.MapClaims{"iss": "qux", "sub": "foo", "name": "Firstname Lastname", "groups": []string{"baz"}} + claims, err := claimsutil.MapClaimsToArgoClaims(jwt.MapClaims{"iss": "qux", "sub": "foo", "name": "Firstname Lastname", "groups": []string{"baz"}}) + require.NoError(t, err) actualName := userDisplayName(claims) expectedName := "Firstname Lastname" assert.Equal(t, expectedName, actualName) } func Test_userDisplayName_sub(t *testing.T) { - claims := jwt.MapClaims{"iss": "qux", "sub": "foo", "groups": []string{"baz"}} + claims, err := claimsutil.MapClaimsToArgoClaims(jwt.MapClaims{"iss": "qux", "sub": "foo", "groups": []string{"baz"}}) + require.NoError(t, err) actualName := userDisplayName(claims) expectedName := "foo" assert.Equal(t, expectedName, actualName) } +func Test_userDisplayName_federatedClaims(t *testing.T) { + claims, err := claimsutil.MapClaimsToArgoClaims(jwt.MapClaims{ + "iss": "qux", + "sub": "foo", + "groups": []string{"baz"}, + "federated_claims": map[string]any{ + "connector_id": "dex", + "user_id": "ldap-123", + }, + }) + require.NoError(t, err) + actualName := userDisplayName(claims) + expectedName := "ldap-123" + assert.Equal(t, expectedName, actualName) +} + func Test_ssoAuthFlow_ssoLaunchBrowser_false(t *testing.T) { out, _ := captureStdout(func() { ssoAuthFlow("http://test-sso-browser-flow.com", false) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 65646aba431c7..3366e2ffcd239 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -489,7 +489,7 @@ func NewProjectAddSourceCommand(clientOpts *argocdclient.ClientOptions) *cobra.C errors.CheckError(err) for _, item := range proj.Spec.SourceRepos { - if item == "*" && item == url { + if item == "*" { fmt.Printf("Source repository '*' already allowed in project\n") return } diff --git a/cmd/argocd/commands/project_role.go b/cmd/argocd/commands/project_role.go index bf8a33b5b87b0..2d6dc2a2d6ec0 100644 --- a/cmd/argocd/commands/project_role.go +++ b/cmd/argocd/commands/project_role.go @@ -16,6 +16,7 @@ import ( argocdclient "github.com/argoproj/argo-cd/v3/pkg/apiclient" projectpkg "github.com/argoproj/argo-cd/v3/pkg/apiclient/project" "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" + claimsutil "github.com/argoproj/argo-cd/v3/util/claims" "github.com/argoproj/argo-cd/v3/util/errors" "github.com/argoproj/argo-cd/v3/util/io" "github.com/argoproj/argo-cd/v3/util/jwt" @@ -191,7 +192,7 @@ func NewProjectRoleCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra. command := &cobra.Command{ Use: "create PROJECT ROLE-NAME", Short: "Create a project role", - Example: templates.Examples(` + Example: templates.Examples(` # Create a project role in the "my-project" project with the name "my-role". argocd proj role create my-project my-role --description "My project role description" `), @@ -321,18 +322,24 @@ Create token succeeded for proj:test-project:test-role. }) errors.CheckError(err) - token, err := jwtgo.Parse(tokenResponse.Token, nil) - if token == nil { + var claims jwtgo.MapClaims + _, _, err = jwtgo.NewParser().ParseUnverified(tokenResponse.Token, &claims) + if err != nil { err = fmt.Errorf("received malformed token %w", err) errors.CheckError(err) return } - claims := token.Claims.(jwtgo.MapClaims) + argoClaims, err := claimsutil.MapClaimsToArgoClaims(claims) + if err != nil { + errors.CheckError(fmt.Errorf("invalid argo claims: %w", err)) + return + } + issuedAt, _ := jwt.IssuedAt(claims) expiresAt := int64(jwt.Float64Field(claims, "exp")) - id := jwt.StringField(claims, "jti") - subject := jwt.StringField(claims, "sub") + id := argoClaims.ID + subject := argoClaims.GetUserIdentifier() if !outputTokenOnly { fmt.Printf("Create token succeeded for %s.\n", subject) @@ -496,7 +503,7 @@ func NewProjectRoleListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co command := &cobra.Command{ Use: "list PROJECT", Short: "List all the roles in a project", - Example: templates.Examples(` + Example: templates.Examples(` # This command will list all the roles in argocd-project in a default table format. argocd proj role list PROJECT diff --git a/cmd/argocd/commands/projectwindows.go b/cmd/argocd/commands/projectwindows.go index 0491bfa52a121..e019738f10bca 100644 --- a/cmd/argocd/commands/projectwindows.go +++ b/cmd/argocd/commands/projectwindows.go @@ -149,6 +149,7 @@ func NewProjectWindowsAddWindowCommand(clientOpts *argocdclient.ClientOptions) * clusters []string manualSync bool timeZone string + andOperator bool ) command := &cobra.Command{ Use: "add PROJECT", @@ -185,7 +186,7 @@ argocd proj windows add PROJECT \ proj, err := projIf.Get(ctx, &projectpkg.ProjectQuery{Name: projName}) errors.CheckError(err) - err = proj.Spec.AddWindow(kind, schedule, duration, applications, namespaces, clusters, manualSync, timeZone) + err = proj.Spec.AddWindow(kind, schedule, duration, applications, namespaces, clusters, manualSync, timeZone, andOperator) errors.CheckError(err) _, err = projIf.Update(ctx, &projectpkg.ProjectUpdateRequest{Project: proj}) @@ -200,6 +201,7 @@ argocd proj windows add PROJECT \ command.Flags().StringSliceVar(&clusters, "clusters", []string{}, "Clusters that the schedule will be applied to. Comma separated, wildcards supported (e.g. --clusters prod,staging)") command.Flags().BoolVar(&manualSync, "manual-sync", false, "Allow manual syncs for both deny and allow windows") command.Flags().StringVar(&timeZone, "time-zone", "UTC", "Time zone of the sync window") + command.Flags().BoolVar(&andOperator, "use-and-operator", false, "Use AND operator for matching applications, namespaces and clusters instead of the default OR operator") return command } @@ -369,8 +371,9 @@ func printSyncWindows(proj *v1alpha1.AppProject) { formatListOutput(window.Applications), formatListOutput(window.Namespaces), formatListOutput(window.Clusters), - formatManualOutput(window.ManualSync), + formatBoolEnabledOutput(window.ManualSync), window.TimeZone, + formatBoolEnabledOutput(window.UseAndOperator), } fmt.Fprintf(w, fmtStr, vals...) } @@ -398,7 +401,7 @@ func formatBoolOutput(active bool) string { return o } -func formatManualOutput(active bool) string { +func formatBoolEnabledOutput(active bool) string { var o string if active { o = "Enabled" diff --git a/cmd/argocd/commands/repo.go b/cmd/argocd/commands/repo.go index c465236da10f7..33b35225fff44 100644 --- a/cmd/argocd/commands/repo.go +++ b/cmd/argocd/commands/repo.go @@ -182,6 +182,7 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { repoOpts.Repo.Proxy = repoOpts.Proxy repoOpts.Repo.NoProxy = repoOpts.NoProxy repoOpts.Repo.ForceHttpBasicAuth = repoOpts.ForceHttpBasicAuth + repoOpts.Repo.UseAzureWorkloadIdentity = repoOpts.UseAzureWorkloadIdentity if repoOpts.Repo.Type == "helm" && repoOpts.Repo.Name == "" { errors.CheckError(stderrors.New("Must specify --name for repos of type 'helm'")) @@ -222,6 +223,7 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { Project: repoOpts.Repo.Project, GcpServiceAccountKey: repoOpts.Repo.GCPServiceAccountKey, ForceHttpBasicAuth: repoOpts.Repo.ForceHttpBasicAuth, + UseAzureWorkloadIdentity: repoOpts.Repo.UseAzureWorkloadIdentity, } _, err := repoIf.ValidateAccess(ctx, &repoAccessReq) errors.CheckError(err) diff --git a/cmd/argocd/commands/repocreds.go b/cmd/argocd/commands/repocreds.go index 8fc58af4619ee..50589a3c3a597 100644 --- a/cmd/argocd/commands/repocreds.go +++ b/cmd/argocd/commands/repocreds.go @@ -189,6 +189,7 @@ func NewRepoCredsAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comma command.Flags().StringVar(&repo.Type, "type", common.DefaultRepoType, "type of the repository, \"git\" or \"helm\"") command.Flags().StringVar(&gcpServiceAccountKeyPath, "gcp-service-account-key-path", "", "service account key for the Google Cloud Platform") command.Flags().BoolVar(&repo.ForceHttpBasicAuth, "force-http-basic-auth", false, "whether to force basic auth when connecting via HTTP") + command.Flags().BoolVar(&repo.UseAzureWorkloadIdentity, "use-azure-workload-identity", false, "whether to use azure workload identity for authentication") command.Flags().StringVar(&repo.Proxy, "proxy-url", "", "If provided, this URL will be used to connect via proxy") return command } diff --git a/cmd/util/app.go b/cmd/util/app.go index 6613e648262c5..6e748f716977c 100644 --- a/cmd/util/app.go +++ b/cmd/util/app.go @@ -199,11 +199,12 @@ func SetAppSpecOptions(flags *pflag.FlagSet, spec *argoappv1.ApplicationSpec, ap } source, visited = ConstructSource(source, *appOpts, flags) if spec.HasMultipleSources() { - if sourcePosition == 0 { + switch { + case sourcePosition == 0: spec.Sources[sourcePosition] = *source - } else if sourcePosition > 0 { + case sourcePosition > 0: spec.Sources[sourcePosition-1] = *source - } else { + default: spec.Sources = append(spec.Sources, *source) } } else { @@ -259,7 +260,8 @@ func SetAppSpecOptions(flags *pflag.FlagSet, spec *argoappv1.ApplicationSpec, ap spec.SyncPolicy = nil } case "sync-retry-limit": - if appOpts.retryLimit > 0 { + switch { + case appOpts.retryLimit > 0: if spec.SyncPolicy == nil { spec.SyncPolicy = &argoappv1.SyncPolicy{} } @@ -271,13 +273,13 @@ func SetAppSpecOptions(flags *pflag.FlagSet, spec *argoappv1.ApplicationSpec, ap Factor: ptr.To(appOpts.retryBackoffFactor), }, } - } else if appOpts.retryLimit == 0 { + case appOpts.retryLimit == 0: if spec.SyncPolicy.IsZero() { spec.SyncPolicy = nil } else { spec.SyncPolicy.Retry = nil } - } else { + default: log.Fatalf("Invalid sync-retry-limit [%d]", appOpts.retryLimit) } } diff --git a/cmd/util/cluster.go b/cmd/util/cluster.go index 2db8369822c8c..f4508979f847d 100644 --- a/cmd/util/cluster.go +++ b/cmd/util/cluster.go @@ -123,28 +123,30 @@ func NewCluster(name string, namespaces []string, clusterResources bool, conf *r return &clst } -// GetKubePublicEndpoint returns the kubernetes apiserver endpoint as published +// GetKubePublicEndpoint returns the kubernetes apiserver endpoint and certificate authority data as published // in the kube-public. -func GetKubePublicEndpoint(client kubernetes.Interface) (string, error) { +func GetKubePublicEndpoint(client kubernetes.Interface) (string, []byte, error) { clusterInfo, err := client.CoreV1().ConfigMaps("kube-public").Get(context.TODO(), "cluster-info", metav1.GetOptions{}) if err != nil { - return "", err + return "", nil, err } kubeconfig, ok := clusterInfo.Data["kubeconfig"] if !ok { - return "", stderrors.New("cluster-info does not contain a public kubeconfig") + return "", nil, stderrors.New("cluster-info does not contain a public kubeconfig") } // Parse Kubeconfig and get server address config := &clientcmdapiv1.Config{} err = yaml.Unmarshal([]byte(kubeconfig), config) if err != nil { - return "", fmt.Errorf("failed to parse cluster-info kubeconfig: %w", err) + return "", nil, fmt.Errorf("failed to parse cluster-info kubeconfig: %w", err) } if len(config.Clusters) == 0 { - return "", stderrors.New("cluster-info kubeconfig does not have any clusters") + return "", nil, stderrors.New("cluster-info kubeconfig does not have any clusters") } - return config.Clusters[0].Cluster.Server, nil + endpoint := config.Clusters[0].Cluster.Server + certificateAuthorityData := config.Clusters[0].Cluster.CertificateAuthorityData + return endpoint, certificateAuthorityData, nil } type ClusterOptions struct { diff --git a/cmd/util/cluster_test.go b/cmd/util/cluster_test.go index f3ebe89273301..c2a5735274ec6 100644 --- a/cmd/util/cluster_test.go +++ b/cmd/util/cluster_test.go @@ -96,8 +96,23 @@ func TestGetKubePublicEndpoint(t *testing.T) { name string clusterInfo *corev1.ConfigMap expectedEndpoint string + expectedCAData []byte expectError bool }{ + { + name: "has public endpoint and certificate authority data", + clusterInfo: &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "kube-public", + Name: "cluster-info", + }, + Data: map[string]string{ + "kubeconfig": kubeconfigFixture("https://test-cluster:6443", []byte("test-ca-data")), + }, + }, + expectedEndpoint: "https://test-cluster:6443", + expectedCAData: []byte("test-ca-data"), + }, { name: "has public endpoint", clusterInfo: &corev1.ConfigMap{ @@ -106,10 +121,11 @@ func TestGetKubePublicEndpoint(t *testing.T) { Name: "cluster-info", }, Data: map[string]string{ - "kubeconfig": kubeconfigFixture("https://test-cluster:6443"), + "kubeconfig": kubeconfigFixture("https://test-cluster:6443", nil), }, }, expectedEndpoint: "https://test-cluster:6443", + expectedCAData: nil, }, { name: "no cluster-info", @@ -136,7 +152,7 @@ func TestGetKubePublicEndpoint(t *testing.T) { Name: "cluster-info", }, Data: map[string]string{ - "kubeconfig": kubeconfigFixture(""), + "kubeconfig": kubeconfigFixture("", nil), }, }, expectError: true, @@ -163,25 +179,27 @@ func TestGetKubePublicEndpoint(t *testing.T) { objects = append(objects, tc.clusterInfo) } clientset := fake.NewClientset(objects...) - endpoint, err := GetKubePublicEndpoint(clientset) + endpoint, caData, err := GetKubePublicEndpoint(clientset) if tc.expectError { require.Error(t, err) } else { require.NoError(t, err) } require.Equalf(t, tc.expectedEndpoint, endpoint, "expected endpoint %s, got %s", tc.expectedEndpoint, endpoint) + require.Equalf(t, tc.expectedCAData, caData, "expected caData %s, got %s", tc.expectedCAData, caData) }) } } -func kubeconfigFixture(endpoint string) string { +func kubeconfigFixture(endpoint string, certificateAuthorityData []byte) string { kubeconfig := &clientcmdapiv1.Config{} if len(endpoint) > 0 { kubeconfig.Clusters = []clientcmdapiv1.NamedCluster{ { Name: "test-kube", Cluster: clientcmdapiv1.Cluster{ - Server: endpoint, + Server: endpoint, + CertificateAuthorityData: certificateAuthorityData, }, }, } diff --git a/cmd/util/project.go b/cmd/util/project.go index 86e7b2b95a337..46a05801696df 100644 --- a/cmd/util/project.go +++ b/cmd/util/project.go @@ -202,13 +202,14 @@ func ConstructAppProj(fileURL string, args []string, opts ProjectOpts, c *cobra. APIVersion: application.Group + "/v1alpha1", }, } - if fileURL == "-" { + switch { + case fileURL == "-": // read stdin err := readProjFromStdin(&proj) if err != nil { return nil, err } - } else if fileURL != "" { + case fileURL != "": // read uri err := readProjFromURI(fileURL, &proj) if err != nil { @@ -218,7 +219,7 @@ func ConstructAppProj(fileURL string, args []string, opts ProjectOpts, c *cobra. if len(args) == 1 && args[0] != proj.Name { return nil, fmt.Errorf("project name '%s' does not match project spec metadata.name '%s'", args[0], proj.Name) } - } else { + default: // read arguments if len(args) == 0 { c.HelpFunc()(c, args) diff --git a/cmd/util/repo.go b/cmd/util/repo.go index 4eac8b81f0662..a5c1d16200498 100644 --- a/cmd/util/repo.go +++ b/cmd/util/repo.go @@ -25,6 +25,7 @@ type RepoOptions struct { NoProxy string GCPServiceAccountKeyPath string ForceHttpBasicAuth bool + UseAzureWorkloadIdentity bool } func AddRepoFlags(command *cobra.Command, opts *RepoOptions) { @@ -48,4 +49,5 @@ func AddRepoFlags(command *cobra.Command, opts *RepoOptions) { command.Flags().StringVar(&opts.NoProxy, "no-proxy", "", "don't access these targets via proxy") command.Flags().StringVar(&opts.GCPServiceAccountKeyPath, "gcp-service-account-key-path", "", "service account key for the Google Cloud Platform") command.Flags().BoolVar(&opts.ForceHttpBasicAuth, "force-http-basic-auth", false, "whether to force use of basic auth when connecting repository via HTTP") + command.Flags().BoolVar(&opts.UseAzureWorkloadIdentity, "use-azure-workload-identity", false, "whether to use azure workload identity for authentication") } diff --git a/commitserver/apiclient/clientset.go b/commitserver/apiclient/clientset.go index 7e32912983675..7148ef88c917a 100644 --- a/commitserver/apiclient/clientset.go +++ b/commitserver/apiclient/clientset.go @@ -34,7 +34,7 @@ func NewConnection(address string) (*grpc.ClientConn, error) { opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials())) // TODO: switch to grpc.NewClient. - // nolint:staticcheck + //nolint:staticcheck conn, err := grpc.Dial(address, opts...) if err != nil { log.Errorf("Unable to connect to commit service with address %s", address) diff --git a/commitserver/commit/commit.go b/commitserver/commit/commit.go index 70f2f5ab77e20..b752ad509b323 100644 --- a/commitserver/commit/commit.go +++ b/commitserver/commit/commit.go @@ -176,15 +176,15 @@ func (s *Service) initGitClient(logCtx *log.Entry, r *apiclient.CommitHydratedMa } // FIXME: make it work for GHE - //logCtx.Debugf("Getting user info for repo credentials") - //gitCreds := r.Repo.GetGitCreds(s.gitCredsStore) - //startTime := time.Now() - //authorName, authorEmail, err := gitCreds.GetUserInfo(ctx) - //s.metricsServer.ObserveUserInfoRequestDuration(r.Repo.Repo, getCredentialType(r.Repo), time.Since(startTime)) - //if err != nil { - // cleanupOrLog() - // return nil, "", nil, fmt.Errorf("failed to get github app info: %w", err) - //} + // logCtx.Debugf("Getting user info for repo credentials") + // gitCreds := r.Repo.GetGitCreds(s.gitCredsStore) + // startTime := time.Now() + // authorName, authorEmail, err := gitCreds.GetUserInfo(ctx) + // s.metricsServer.ObserveUserInfoRequestDuration(r.Repo.Repo, getCredentialType(r.Repo), time.Since(startTime)) + // if err != nil { + // cleanupOrLog() + // return nil, "", nil, fmt.Errorf("failed to get github app info: %w", err) + // } var authorName, authorEmail string if authorName == "" { diff --git a/common/common.go b/common/common.go index 30ddc279e349d..5467d6d8c98e9 100644 --- a/common/common.go +++ b/common/common.go @@ -158,6 +158,8 @@ const ( ArgoCDCLIClientAppName = "Argo CD CLI" // ArgoCDCLIClientAppID is the Oauth client ID we will use when registering our CLI to dex ArgoCDCLIClientAppID = "argo-cd-cli" + // DexFederatedScope allows to receive the federated_claims from Dex. https://dexidp.io/docs/configuration/custom-scopes-claims-clients/ + DexFederatedScope = "federated:id" ) // Resource metadata labels and annotations (keys and values) used by Argo CD components @@ -277,6 +279,8 @@ const ( EnvLogLevel = "ARGOCD_LOG_LEVEL" // EnvLogFormatEnableFullTimestamp enables the FullTimestamp option in logs EnvLogFormatEnableFullTimestamp = "ARGOCD_LOG_FORMAT_ENABLE_FULL_TIMESTAMP" + // EnvLogFormatTimestamp is the timestamp format used in logs + EnvLogFormatTimestamp = "ARGOCD_LOG_FORMAT_TIMESTAMP" // EnvMaxCookieNumber max number of chunks a cookie can be broken into EnvMaxCookieNumber = "ARGOCD_MAX_COOKIE_NUMBER" // EnvPluginSockFilePath allows to override the pluginSockFilePath for repo server and cmp server diff --git a/controller/appcontroller.go b/controller/appcontroller.go index be9f499ba7b81..9ef906724a27f 100644 --- a/controller/appcontroller.go +++ b/controller/appcontroller.go @@ -139,6 +139,7 @@ type ApplicationController struct { refreshRequestedApps map[string]CompareWith refreshRequestedAppsMutex *sync.Mutex metricsServer *metrics.MetricsServer + metricsClusterLabels []string kubectlSemaphore *semaphore.Weighted clusterSharding sharding.ClusterShardingCache projByNameCache sync.Map @@ -173,6 +174,7 @@ func NewApplicationController( metricsCacheExpiration time.Duration, metricsApplicationLabels []string, metricsApplicationConditions []string, + metricsClusterLabels []string, kubectlParallelismLimit int64, persistResourceHealth bool, clusterSharding sharding.ClusterShardingCache, @@ -218,6 +220,7 @@ func NewApplicationController( applicationNamespaces: applicationNamespaces, dynamicClusterDistributionEnabled: dynamicClusterDistributionEnabled, ignoreNormalizerOpts: ignoreNormalizerOpts, + metricsClusterLabels: metricsClusterLabels, } if hydratorEnabled { ctrl.hydrator = hydrator.NewHydrator(&ctrl, appResyncPeriod, commitClientset) @@ -857,8 +860,8 @@ func (ctrl *ApplicationController) Run(ctx context.Context, statusProcessors int defer ctrl.appHydrateQueue.ShutDown() defer ctrl.hydrationQueue.ShutDown() - ctrl.metricsServer.RegisterClustersInfoSource(ctx, ctrl.stateCache) ctrl.RegisterClusterSecretUpdater(ctx) + ctrl.metricsServer.RegisterClustersInfoSource(ctx, ctrl.stateCache, ctrl.db, ctrl.metricsClusterLabels) go ctrl.appInformer.Run(ctx.Done()) go ctrl.projInformer.Run(ctx.Done()) @@ -936,7 +939,7 @@ func (ctrl *ApplicationController) requestAppRefresh(appName string, compareWith key := ctrl.toAppKey(appName) if compareWith != nil && after != nil { - ctrl.appComparisonTypeRefreshQueue.AddAfter(fmt.Sprintf("%s/%d", key, compareWith), *after) + ctrl.appComparisonTypeRefreshQueue.AddAfter(fmt.Sprintf("%s/%d", key, *compareWith), *after) } else { if compareWith != nil { ctrl.refreshRequestedAppsMutex.Lock() @@ -1365,7 +1368,8 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli state = app.Status.OperationState.DeepCopy() terminating = state.Phase == synccommon.OperationTerminating // Failed operation with retry strategy might have be in-progress and has completion time - if state.FinishedAt != nil && !terminating { + switch { + case state.FinishedAt != nil && !terminating: retryAt, err := app.Status.OperationState.Operation.Retry.NextRetryAt(state.FinishedAt.Time, state.RetryCount) if err != nil { state.Phase = synccommon.OperationFailed @@ -1385,12 +1389,12 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli ctrl.setOperationState(app, state) // Get rid of sync results and null out previous operation completion time state.SyncResult = nil - } else if ctrl.syncTimeout != time.Duration(0) && time.Now().After(state.StartedAt.Add(ctrl.syncTimeout)) && !terminating { + case ctrl.syncTimeout != time.Duration(0) && time.Now().After(state.StartedAt.Add(ctrl.syncTimeout)) && !terminating: state.Phase = synccommon.OperationTerminating state.Message = "operation is terminating due to timeout" ctrl.setOperationState(app, state) logCtx.Infof("Terminating in-progress operation due to timeout. Started at: %v, timeout: %v", state.StartedAt, ctrl.syncTimeout) - } else { + default: logCtx.Infof("Resuming in-progress operation. phase: %s, message: %s", state.Phase, state.Message) } } else { @@ -1630,29 +1634,25 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo }).Info("Reconciliation completed") }() - destCluster, err := argo.GetDestinationCluster(context.Background(), app.Spec.Destination, ctrl.db) - if err != nil { - logCtx.Errorf("Failed to get destination cluster: %v", err) - return - } - if comparisonLevel == ComparisonWithNothing { - managedResources := make([]*appv1.ResourceDiff, 0) - err := ctrl.cache.GetAppManagedResources(app.InstanceName(ctrl.namespace), &managedResources) - if err == nil { - var tree *appv1.ApplicationTree - if tree, err = ctrl.getResourceTree(destCluster, app, managedResources); err == nil { - app.Status.Summary = tree.GetSummary(app) - if err := ctrl.cache.SetAppResourcesTree(app.InstanceName(ctrl.namespace), tree); err != nil { - logCtx.Errorf("Failed to cache resources tree: %v", err) - return + // If the destination cluster is invalid, fallback to the normal reconciliation flow + if destCluster, err := argo.GetDestinationCluster(context.Background(), app.Spec.Destination, ctrl.db); err == nil { + managedResources := make([]*appv1.ResourceDiff, 0) + if err := ctrl.cache.GetAppManagedResources(app.InstanceName(ctrl.namespace), &managedResources); err == nil { + var tree *appv1.ApplicationTree + if tree, err = ctrl.getResourceTree(destCluster, app, managedResources); err == nil { + app.Status.Summary = tree.GetSummary(app) + if err := ctrl.cache.SetAppResourcesTree(app.InstanceName(ctrl.namespace), tree); err != nil { + logCtx.Errorf("Failed to cache resources tree: %v", err) + return + } } - } - patchMs = ctrl.persistAppStatus(origApp, &app.Status) - return + patchMs = ctrl.persistAppStatus(origApp, &app.Status) + return + } + logCtx.Warnf("Failed to get cached managed resources for tree reconciliation, fall back to full reconciliation") } - logCtx.Warnf("Failed to get cached managed resources for tree reconciliation, fall back to full reconciliation") } ts.AddCheckpoint("comparison_with_nothing_ms") @@ -1675,6 +1675,13 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo return } + destCluster, err := argo.GetDestinationCluster(context.Background(), app.Spec.Destination, ctrl.db) + if err != nil { + logCtx.Errorf("Failed to get destination cluster: %v", err) + // exit the reconciliation. ctrl.refreshAppConditions should have caught the error + return + } + var localManifests []string if opState := app.Status.OperationState; opState != nil && opState.Operation.Sync != nil { localManifests = opState.Operation.Sync.Manifests @@ -1722,6 +1729,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo ctrl.normalizeApplication(origApp, app) ts.AddCheckpoint("normalize_application_ms") + tree, err := ctrl.setAppManagedResources(destCluster, app, compareResult) ts.AddCheckpoint("set_app_managed_resources_ms") if err != nil { diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go index 25e573424a92b..c09e922a3cec2 100644 --- a/controller/appcontroller_test.go +++ b/controller/appcontroller_test.go @@ -177,6 +177,7 @@ func newFakeControllerWithResync(data *fakeData, appResyncPeriod time.Duration, data.metricsCacheExpiration, []string{}, []string{}, + []string{}, 0, true, nil, @@ -1409,6 +1410,25 @@ func TestNeedRefreshAppStatus(t *testing.T) { assert.Equal(t, CompareWithRecent, compareWith) }) + t.Run("requesting refresh with delay gives correct compression level", func(t *testing.T) { + needRefresh, _, _ := ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour) + assert.False(t, needRefresh) + + // use a one-off controller so other tests don't have a manual refresh request + ctrl := newFakeController(&fakeData{apps: []runtime.Object{}}, nil) + + // refresh app with a non-nil delay + // use zero-second delay to test the add later logic without waiting in the test + delay := time.Duration(0) + ctrl.requestAppRefresh(app.Name, CompareWithRecent.Pointer(), &delay) + + ctrl.processAppComparisonTypeQueueItem() + needRefresh, refreshType, compareWith := ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour) + assert.True(t, needRefresh) + assert.Equal(t, v1alpha1.RefreshTypeNormal, refreshType) + assert.Equal(t, CompareWithRecent, compareWith) + }) + t.Run("refresh application which status is not reconciled using latest commit", func(t *testing.T) { app := app.DeepCopy() needRefresh, _, _ := ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour) diff --git a/controller/cache/cache_test.go b/controller/cache/cache_test.go index 64a3ca2f7a1c0..a64815d4cd890 100644 --- a/controller/cache/cache_test.go +++ b/controller/cache/cache_test.go @@ -152,7 +152,7 @@ func TestHandleDeleteEvent_CacheDeadlock(t *testing.T) { clusterSharding: sharding.NewClusterSharding(db, 0, 1, common.DefaultShardingAlgorithm), settingsMgr: settingsMgr, // Set the lock here so we can reference it later - // nolint We need to overwrite here to have access to the lock + //nolint:govet // We need to overwrite here to have access to the lock lock: liveStateCacheLock, } channel := make(chan string) diff --git a/controller/cache/info.go b/controller/cache/info.go index dc94de479bfb6..78de447bbe482 100644 --- a/controller/cache/info.go +++ b/controller/cache/info.go @@ -405,17 +405,18 @@ func populatePodInfo(un *unstructured.Unstructured, res *ResourceInfo) { container := pod.Status.ContainerStatuses[i] restarts += int(container.RestartCount) - if container.State.Waiting != nil && container.State.Waiting.Reason != "" { + switch { + case container.State.Waiting != nil && container.State.Waiting.Reason != "": reason = container.State.Waiting.Reason - } else if container.State.Terminated != nil && container.State.Terminated.Reason != "" { + case container.State.Terminated != nil && container.State.Terminated.Reason != "": reason = container.State.Terminated.Reason - } else if container.State.Terminated != nil && container.State.Terminated.Reason == "" { + case container.State.Terminated != nil && container.State.Terminated.Reason == "": if container.State.Terminated.Signal != 0 { reason = fmt.Sprintf("Signal:%d", container.State.Terminated.Signal) } else { reason = fmt.Sprintf("ExitCode:%d", container.State.Terminated.ExitCode) } - } else if container.Ready && container.State.Running != nil { + case container.Ready && container.State.Running != nil: hasRunning = true readyContainers++ } diff --git a/controller/clusterinfoupdater.go b/controller/clusterinfoupdater.go index 2870b6ea1755e..65f4aed5960f2 100644 --- a/controller/clusterinfoupdater.go +++ b/controller/clusterinfoupdater.go @@ -147,15 +147,16 @@ func (c *clusterInfoUpdater) getUpdatedClusterInfo(ctx context.Context, apps []* if info != nil { clusterInfo.ServerVersion = info.K8SVersion clusterInfo.APIVersions = argo.APIResourcesToStrings(info.APIResources, true) - if info.LastCacheSyncTime == nil { + switch { + case info.LastCacheSyncTime == nil: clusterInfo.ConnectionState.Status = appv1.ConnectionStatusUnknown - } else if info.SyncError == nil { + case info.SyncError == nil: clusterInfo.ConnectionState.Status = appv1.ConnectionStatusSuccessful syncTime := metav1.NewTime(*info.LastCacheSyncTime) clusterInfo.CacheInfo.LastCacheSyncTime = &syncTime clusterInfo.CacheInfo.APIsCount = int64(info.APIsCount) clusterInfo.CacheInfo.ResourcesCount = int64(info.ResourcesCount) - } else { + default: clusterInfo.ConnectionState.Status = appv1.ConnectionStatusFailed clusterInfo.ConnectionState.Message = info.SyncError.Error() } diff --git a/controller/hydrator/hydrator.go b/controller/hydrator/hydrator.go index c48f6d546e846..743f2dbeac0e9 100644 --- a/controller/hydrator/hydrator.go +++ b/controller/hydrator/hydrator.go @@ -125,7 +125,10 @@ func (h *Hydrator) ProcessHydrationQueueItem(hydrationKey HydrationQueueKey) (pr app.Status.SourceHydrator.CurrentOperation.Phase = appv1.HydrateOperationPhaseFailed failedAt := metav1.Now() app.Status.SourceHydrator.CurrentOperation.FinishedAt = &failedAt - app.Status.SourceHydrator.CurrentOperation.Message = fmt.Sprintf("Failed to hydrated revision %s: %v", drySHA, err.Error()) + app.Status.SourceHydrator.CurrentOperation.Message = fmt.Sprintf("Failed to hydrate revision %q: %v", drySHA, err.Error()) + // We may or may not have gotten far enough in the hydration process to get a non-empty SHA, but set it just + // in case we did. + app.Status.SourceHydrator.CurrentOperation.DrySHA = drySHA h.dependencies.PersistAppHydratorStatus(origApp, &app.Status.SourceHydrator) logCtx = logCtx.WithField("app", app.QualifiedName()) logCtx.Errorf("Failed to hydrate app: %v", err) @@ -164,7 +167,7 @@ func (h *Hydrator) hydrateAppsLatestCommit(logCtx *log.Entry, hydrationKey Hydra return nil, "", "", fmt.Errorf("failed to get relevant apps for hydration: %w", err) } - hydratedRevision, dryRevision, err := h.hydrate(logCtx, relevantApps) + dryRevision, hydratedRevision, err := h.hydrate(logCtx, relevantApps) if err != nil { return relevantApps, dryRevision, "", fmt.Errorf("failed to hydrate apps: %w", err) } @@ -259,6 +262,8 @@ func (h *Hydrator) hydrate(logCtx *log.Entry, apps []*appv1.Application) (string return "", "", fmt.Errorf("failed to get repo objects: %w", err) } + // This should be the DRY SHA. We set it here so that after processing the first app, all apps are hydrated + // using the same SHA. targetRevision = resp.Revision // Set up a ManifestsRequest @@ -310,12 +315,12 @@ func (h *Hydrator) hydrate(logCtx *log.Entry, apps []*appv1.Application) (string closer, commitService, err := h.commitClientset.NewCommitServerClient() if err != nil { - return "", "", fmt.Errorf("failed to create commit service: %w", err) + return targetRevision, "", fmt.Errorf("failed to create commit service: %w", err) } defer argoio.Close(closer) resp, err := commitService.CommitHydratedManifests(context.Background(), &manifestsRequest) if err != nil { - return "", "", fmt.Errorf("failed to commit hydrated manifests: %w", err) + return targetRevision, "", fmt.Errorf("failed to commit hydrated manifests: %w", err) } return targetRevision, resp.HydratedSha, nil } @@ -331,15 +336,16 @@ func appNeedsHydration(app *appv1.Application, statusHydrateTimeout time.Duratio hydratedAt = &app.Status.SourceHydrator.CurrentOperation.StartedAt } - if app.IsHydrateRequested() { + switch { + case app.IsHydrateRequested(): return true, "hydrate requested" - } else if app.Status.SourceHydrator.CurrentOperation == nil { + case app.Status.SourceHydrator.CurrentOperation == nil: return true, "no previous hydrate operation" - } else if !app.Spec.SourceHydrator.DeepEquals(app.Status.SourceHydrator.CurrentOperation.SourceHydrator) { + case !app.Spec.SourceHydrator.DeepEquals(app.Status.SourceHydrator.CurrentOperation.SourceHydrator): return true, "spec.sourceHydrator differs" - } else if app.Status.SourceHydrator.CurrentOperation.Phase == appv1.HydrateOperationPhaseFailed && metav1.Now().Sub(app.Status.SourceHydrator.CurrentOperation.FinishedAt.Time) > 2*time.Minute { + case app.Status.SourceHydrator.CurrentOperation.Phase == appv1.HydrateOperationPhaseFailed && metav1.Now().Sub(app.Status.SourceHydrator.CurrentOperation.FinishedAt.Time) > 2*time.Minute: return true, "previous hydrate operation failed more than 2 minutes ago" - } else if hydratedAt == nil || hydratedAt.Add(statusHydrateTimeout).Before(time.Now().UTC()) { + case hydratedAt == nil || hydratedAt.Add(statusHydrateTimeout).Before(time.Now().UTC()): return true, "hydration expired" } diff --git a/controller/metrics/clustercollector.go b/controller/metrics/clustercollector.go index edbe8c2581f18..1881ae6efea44 100644 --- a/controller/metrics/clustercollector.go +++ b/controller/metrics/clustercollector.go @@ -6,21 +6,27 @@ import ( "time" "github.com/argoproj/gitops-engine/pkg/cache" - "github.com/prometheus/client_golang/prometheus" + log "github.com/sirupsen/logrus" + + argoappv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" + metricsutil "github.com/argoproj/argo-cd/v3/util/metrics" ) const ( metricsCollectionInterval = 30 * time.Second + metricsCollectionTimeout = 10 * time.Second ) var ( descClusterDefaultLabels = []string{"server"} + descClusterLabels *prometheus.Desc + descClusterInfo = prometheus.NewDesc( "argocd_cluster_info", "Information about cluster.", - append(descClusterDefaultLabels, "k8s_version"), + append(descClusterDefaultLabels, "k8s_version", "name"), nil, ) descClusterCacheResources = prometheus.NewDesc( @@ -53,28 +59,99 @@ type HasClustersInfo interface { GetClustersInfo() []cache.ClusterInfo } +type ClusterLister func(ctx context.Context) (*argoappv1.ClusterList, error) + type clusterCollector struct { - infoSource HasClustersInfo - info []cache.ClusterInfo - lock sync.Mutex + infoSource HasClustersInfo + lock sync.RWMutex + clusterLabels []string + clusterLister ClusterLister + + latestInfo []*clusterData +} + +type clusterData struct { + info *cache.ClusterInfo + cluster *argoappv1.Cluster } -func (c *clusterCollector) Run(ctx context.Context) { - // FIXME: complains about SA1015 - // nolint:staticcheck +func NewClusterCollector(ctx context.Context, source HasClustersInfo, clusterLister ClusterLister, clusterLabels []string) prometheus.Collector { + if len(clusterLabels) > 0 { + normalizedClusterLabels := metricsutil.NormalizeLabels("label", clusterLabels) + descClusterLabels = prometheus.NewDesc( + "argocd_cluster_labels", + "Argo Cluster labels converted to Prometheus labels", + append(append(descClusterDefaultLabels, "name"), normalizedClusterLabels...), + nil, + ) + } + + collector := &clusterCollector{ + infoSource: source, + clusterLabels: clusterLabels, + clusterLister: clusterLister, + lock: sync.RWMutex{}, + } + + collector.setClusterData() + go collector.run(ctx) + + return collector +} + +func (c *clusterCollector) run(ctx context.Context) { + //nolint:staticcheck // FIXME: complains about SA1015 tick := time.Tick(metricsCollectionInterval) for { select { case <-ctx.Done(): - break case <-tick: - info := c.infoSource.GetClustersInfo() + c.setClusterData() + } + } +} + +func (c *clusterCollector) setClusterData() { + if clusterData, err := c.getClusterData(); err == nil { + c.lock.Lock() + c.latestInfo = clusterData + c.lock.Unlock() + } else { + log.Warnf("error collecting cluster metrics: %v", err) + } +} + +func (c *clusterCollector) getClusterData() ([]*clusterData, error) { + clusterDatas := []*clusterData{} + clusterInfos := c.infoSource.GetClustersInfo() + + ctx, cancel := context.WithTimeout(context.Background(), metricsCollectionTimeout) + defer cancel() + clusters, err := c.clusterLister(ctx) + if err != nil { + return nil, err + } - c.lock.Lock() - c.info = info - c.lock.Unlock() + clusterMap := map[string]*argoappv1.Cluster{} + for i, cluster := range clusters.Items { + clusterMap[cluster.Server] = &clusters.Items[i] + } + + // Base the cluster data on the ClusterInfo because it only contains the + // clusters managed by this controller instance + for i, info := range clusterInfos { + cluster, ok := clusterMap[info.Server] + if !ok { + // This should not happen, but we cannot emit incomplete metrics, so we skip this cluster + log.WithField("server", info.Server).Warnf("could find cluster for metrics collection") + continue } + clusterDatas = append(clusterDatas, &clusterData{ + info: &clusterInfos[i], + cluster: cluster, + }) } + return clusterDatas, nil } // Describe implements the prometheus.Collector interface @@ -84,20 +161,41 @@ func (c *clusterCollector) Describe(ch chan<- *prometheus.Desc) { ch <- descClusterAPIs ch <- descClusterCacheAgeSeconds ch <- descClusterConnectionStatus + if len(c.clusterLabels) > 0 { + ch <- descClusterLabels + } } func (c *clusterCollector) Collect(ch chan<- prometheus.Metric) { + c.lock.RLock() + latestInfo := c.latestInfo + c.lock.RUnlock() + now := time.Now() - for _, c := range c.info { - defaultValues := []string{c.Server} - ch <- prometheus.MustNewConstMetric(descClusterInfo, prometheus.GaugeValue, 1, append(defaultValues, c.K8SVersion)...) - ch <- prometheus.MustNewConstMetric(descClusterCacheResources, prometheus.GaugeValue, float64(c.ResourcesCount), defaultValues...) - ch <- prometheus.MustNewConstMetric(descClusterAPIs, prometheus.GaugeValue, float64(c.APIsCount), defaultValues...) + for _, clusterData := range latestInfo { + info := clusterData.info + name := clusterData.cluster.Name + labels := clusterData.cluster.Labels + + defaultValues := []string{info.Server} + ch <- prometheus.MustNewConstMetric(descClusterInfo, prometheus.GaugeValue, 1, append(defaultValues, info.K8SVersion, name)...) + ch <- prometheus.MustNewConstMetric(descClusterCacheResources, prometheus.GaugeValue, float64(info.ResourcesCount), defaultValues...) + ch <- prometheus.MustNewConstMetric(descClusterAPIs, prometheus.GaugeValue, float64(info.APIsCount), defaultValues...) cacheAgeSeconds := -1 - if c.LastCacheSyncTime != nil { - cacheAgeSeconds = int(now.Sub(*c.LastCacheSyncTime).Seconds()) + if info.LastCacheSyncTime != nil { + cacheAgeSeconds = int(now.Sub(*info.LastCacheSyncTime).Seconds()) } ch <- prometheus.MustNewConstMetric(descClusterCacheAgeSeconds, prometheus.GaugeValue, float64(cacheAgeSeconds), defaultValues...) - ch <- prometheus.MustNewConstMetric(descClusterConnectionStatus, prometheus.GaugeValue, boolFloat64(c.SyncError == nil), append(defaultValues, c.K8SVersion)...) + ch <- prometheus.MustNewConstMetric(descClusterConnectionStatus, prometheus.GaugeValue, boolFloat64(info.SyncError == nil), append(defaultValues, info.K8SVersion)...) + + if len(c.clusterLabels) > 0 && labels != nil { + labelValues := []string{} + labelValues = append(labelValues, info.Server, name) + for _, desiredLabel := range c.clusterLabels { + value := labels[desiredLabel] + labelValues = append(labelValues, value) + } + ch <- prometheus.MustNewConstMetric(descClusterLabels, prometheus.GaugeValue, 1, labelValues...) + } } } diff --git a/controller/metrics/clustercollector_test.go b/controller/metrics/clustercollector_test.go index cbe124ca29f9f..3f1881447bd2e 100644 --- a/controller/metrics/clustercollector_test.go +++ b/controller/metrics/clustercollector_test.go @@ -5,21 +5,36 @@ import ( "testing" gitopsCache "github.com/argoproj/gitops-engine/pkg/cache" + "github.com/stretchr/testify/mock" + + dbmocks "github.com/argoproj/argo-cd/v3/util/db/mocks" + + "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" ) func TestMetricClusterConnectivity(t *testing.T) { + db := dbmocks.ArgoDB{} + cluster1 := v1alpha1.Cluster{Name: "cluster1", Server: "server1", Labels: map[string]string{"env": "dev", "team": "team1"}} + cluster2 := v1alpha1.Cluster{Name: "cluster2", Server: "server2", Labels: map[string]string{"env": "staging", "team": "team2"}} + cluster3 := v1alpha1.Cluster{Name: "cluster3", Server: "server3", Labels: map[string]string{"env": "production", "team": "team3"}} + clusterList := &v1alpha1.ClusterList{Items: []v1alpha1.Cluster{cluster1, cluster2, cluster3}} + db.On("ListClusters", mock.Anything).Return(clusterList, nil) + type testCases struct { testCombination - skip bool - description string - metricLabels []string - clustersInfo []gitopsCache.ClusterInfo + skip bool + description string + metricLabels []string + clusterLabels []string + clustersInfo []gitopsCache.ClusterInfo } + cases := []testCases{ { - description: "metric will have value 1 if connected with the cluster", - skip: false, - metricLabels: []string{"non-existing"}, + description: "metric will have value 1 if connected with the cluster", + skip: false, + metricLabels: []string{"non-existing"}, + clusterLabels: []string{"env"}, testCombination: testCombination{ applications: []string{fakeApp}, responseContains: ` @@ -36,9 +51,10 @@ argocd_cluster_connection_status{k8s_version="1.21",server="server1"} 1 }, }, { - description: "metric will have value 0 if not connected with the cluster", - skip: false, - metricLabels: []string{"non-existing"}, + description: "metric will have value 0 if not connected with the cluster", + skip: false, + metricLabels: []string{"non-existing"}, + clusterLabels: []string{"env"}, testCombination: testCombination{ applications: []string{fakeApp}, responseContains: ` @@ -55,9 +71,10 @@ argocd_cluster_connection_status{k8s_version="1.21",server="server1"} 0 }, }, { - description: "will have one metric per cluster", - skip: false, - metricLabels: []string{"non-existing"}, + description: "will have one metric per cluster", + skip: false, + metricLabels: []string{"non-existing"}, + clusterLabels: []string{"env", "team"}, testCombination: testCombination{ applications: []string{fakeApp}, responseContains: ` @@ -65,6 +82,16 @@ argocd_cluster_connection_status{k8s_version="1.21",server="server1"} 0 argocd_cluster_connection_status{k8s_version="1.21",server="server1"} 1 argocd_cluster_connection_status{k8s_version="1.21",server="server2"} 1 argocd_cluster_connection_status{k8s_version="1.21",server="server3"} 1 + +# TYPE argocd_cluster_info gauge +argocd_cluster_info{k8s_version="1.21",name="cluster1",server="server1"} 1 +argocd_cluster_info{k8s_version="1.21",name="cluster2",server="server2"} 1 +argocd_cluster_info{k8s_version="1.21",name="cluster3",server="server3"} 1 + +# TYPE argocd_cluster_labels gauge +argocd_cluster_labels{label_env="dev",label_team="team1",name="cluster1",server="server1"} 1 +argocd_cluster_labels{label_env="staging",label_team="team2",name="cluster2",server="server2"} 1 +argocd_cluster_labels{label_env="production",label_team="team3",name="cluster3",server="server3"} 1 `, }, clustersInfo: []gitopsCache.ClusterInfo{ @@ -95,7 +122,9 @@ argocd_cluster_connection_status{k8s_version="1.21",server="server3"} 1 FakeAppYAMLs: c.applications, ExpectedResponse: c.responseContains, AppLabels: c.metricLabels, + ClusterLabels: c.clusterLabels, ClustersInfo: c.clustersInfo, + ClusterLister: db.ListClusters, } runTest(t, cfg) } diff --git a/controller/metrics/metrics.go b/controller/metrics/metrics.go index 0913763b271fd..e040e7e38a4da 100644 --- a/controller/metrics/metrics.go +++ b/controller/metrics/metrics.go @@ -20,6 +20,7 @@ import ( "github.com/argoproj/argo-cd/v3/common" argoappv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" applister "github.com/argoproj/argo-cd/v3/pkg/client/listers/application/v1alpha1" + "github.com/argoproj/argo-cd/v3/util/db" "github.com/argoproj/argo-cd/v3/util/git" "github.com/argoproj/argo-cd/v3/util/healthz" metricsutil "github.com/argoproj/argo-cd/v3/util/metrics" @@ -49,8 +50,6 @@ type MetricsServer struct { const ( // MetricsPath is the endpoint to collect application metrics MetricsPath = "/metrics" - // EnvVarLegacyControllerMetrics is a env var to re-enable deprecated prometheus metrics - EnvVarLegacyControllerMetrics = "ARGOCD_LEGACY_CONTROLLER_METRICS" ) // Follow Prometheus naming practices @@ -68,28 +67,6 @@ var ( nil, ) - // Deprecated - descAppCreated = prometheus.NewDesc( - "argocd_app_created_time", - "Creation time in unix timestamp for an application.", - descAppDefaultLabels, - nil, - ) - // Deprecated: superseded by sync_status label in argocd_app_info - descAppSyncStatusCode = prometheus.NewDesc( - "argocd_app_sync_status", - "The application current sync status.", - append(descAppDefaultLabels, "sync_status"), - nil, - ) - // Deprecated: superseded by health_status label in argocd_app_info - descAppHealthStatus = prometheus.NewDesc( - "argocd_app_health_status", - "The application current health status.", - append(descAppDefaultLabels, "health_status"), - nil, - ) - syncCounter = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "argocd_app_sync_total", @@ -246,9 +223,8 @@ func NewMetricsServer(addr string, appLister applister.ApplicationLister, appFil }, nil } -func (m *MetricsServer) RegisterClustersInfoSource(ctx context.Context, source HasClustersInfo) { - collector := &clusterCollector{infoSource: source} - go collector.Run(ctx) +func (m *MetricsServer) RegisterClustersInfoSource(ctx context.Context, source HasClustersInfo, db db.ArgoDB, clusterLabels []string) { + collector := NewClusterCollector(ctx, source, db.ListClusters, clusterLabels) m.registry.MustRegister(collector) } @@ -381,8 +357,6 @@ func (c *appCollector) Describe(ch chan<- *prometheus.Desc) { ch <- descAppConditions } ch <- descAppInfo - ch <- descAppSyncStatusCode - ch <- descAppHealthStatus } // Collect implements the prometheus.Collector interface @@ -456,21 +430,4 @@ func (c *appCollector) collectApps(ch chan<- prometheus.Metric, app *argoappv1.A addGauge(descAppConditions, float64(count), conditionType) } } - - // Deprecated controller metrics - if os.Getenv(EnvVarLegacyControllerMetrics) == "true" { - addGauge(descAppCreated, float64(app.CreationTimestamp.Unix())) - - addGauge(descAppSyncStatusCode, boolFloat64(syncStatus == argoappv1.SyncStatusCodeSynced), string(argoappv1.SyncStatusCodeSynced)) - addGauge(descAppSyncStatusCode, boolFloat64(syncStatus == argoappv1.SyncStatusCodeOutOfSync), string(argoappv1.SyncStatusCodeOutOfSync)) - addGauge(descAppSyncStatusCode, boolFloat64(syncStatus == argoappv1.SyncStatusCodeUnknown || syncStatus == ""), string(argoappv1.SyncStatusCodeUnknown)) - - healthStatus := app.Status.Health.Status - addGauge(descAppHealthStatus, boolFloat64(healthStatus == health.HealthStatusUnknown || healthStatus == ""), string(health.HealthStatusUnknown)) - addGauge(descAppHealthStatus, boolFloat64(healthStatus == health.HealthStatusProgressing), string(health.HealthStatusProgressing)) - addGauge(descAppHealthStatus, boolFloat64(healthStatus == health.HealthStatusSuspended), string(health.HealthStatusSuspended)) - addGauge(descAppHealthStatus, boolFloat64(healthStatus == health.HealthStatusHealthy), string(health.HealthStatusHealthy)) - addGauge(descAppHealthStatus, boolFloat64(healthStatus == health.HealthStatusDegraded), string(health.HealthStatusDegraded)) - addGauge(descAppHealthStatus, boolFloat64(healthStatus == health.HealthStatusMissing), string(health.HealthStatusMissing)) - } } diff --git a/controller/metrics/metrics_test.go b/controller/metrics/metrics_test.go index 41eac978c4111..1a64d969bd1cb 100644 --- a/controller/metrics/metrics_test.go +++ b/controller/metrics/metrics_test.go @@ -230,7 +230,9 @@ type TestMetricServerConfig struct { ExpectedResponse string AppLabels []string AppConditions []string + ClusterLabels []string ClustersInfo []gitopsCache.ClusterInfo + ClusterLister ClusterLister } func testMetricServer(t *testing.T, fakeAppYAMLs []string, expectedResponse string, appLabels []string, appConditions []string) { @@ -240,6 +242,7 @@ func testMetricServer(t *testing.T, fakeAppYAMLs []string, expectedResponse stri ExpectedResponse: expectedResponse, AppLabels: appLabels, AppConditions: appConditions, + ClusterLabels: []string{}, ClustersInfo: []gitopsCache.ClusterInfo{}, } runTest(t, cfg) @@ -254,10 +257,7 @@ func runTest(t *testing.T, cfg TestMetricServerConfig) { if len(cfg.ClustersInfo) > 0 { ci := &fakeClusterInfo{clustersInfo: cfg.ClustersInfo} - collector := &clusterCollector{ - infoSource: ci, - info: ci.GetClustersInfo(), - } + collector := NewClusterCollector(context.Background(), ci, cfg.ClusterLister, cfg.ClusterLabels) metricsServ.registry.MustRegister(collector) } @@ -399,30 +399,6 @@ argocd_app_condition{condition="ExcludedResourceWarning",name="my-app-4",namespa } } -func TestLegacyMetrics(t *testing.T) { - t.Setenv(EnvVarLegacyControllerMetrics, "true") - - expectedResponse := ` -# HELP argocd_app_created_time Creation time in unix timestamp for an application. -# TYPE argocd_app_created_time gauge -argocd_app_created_time{name="my-app",namespace="argocd",project="important-project"} -6.21355968e+10 -# HELP argocd_app_health_status The application current health status. -# TYPE argocd_app_health_status gauge -argocd_app_health_status{health_status="Degraded",name="my-app",namespace="argocd",project="important-project"} 0 -argocd_app_health_status{health_status="Healthy",name="my-app",namespace="argocd",project="important-project"} 1 -argocd_app_health_status{health_status="Missing",name="my-app",namespace="argocd",project="important-project"} 0 -argocd_app_health_status{health_status="Progressing",name="my-app",namespace="argocd",project="important-project"} 0 -argocd_app_health_status{health_status="Suspended",name="my-app",namespace="argocd",project="important-project"} 0 -argocd_app_health_status{health_status="Unknown",name="my-app",namespace="argocd",project="important-project"} 0 -# HELP argocd_app_sync_status The application current sync status. -# TYPE argocd_app_sync_status gauge -argocd_app_sync_status{name="my-app",namespace="argocd",project="important-project",sync_status="OutOfSync"} 0 -argocd_app_sync_status{name="my-app",namespace="argocd",project="important-project",sync_status="Synced"} 1 -argocd_app_sync_status{name="my-app",namespace="argocd",project="important-project",sync_status="Unknown"} 0 -` - testApp(t, []string{fakeApp}, expectedResponse) -} - func TestMetricsSyncCounter(t *testing.T) { cancel, appLister := newFakeLister() defer cancel() diff --git a/controller/sharding/cache.go b/controller/sharding/cache.go index b1aa29ba6859f..0aa263c86e073 100644 --- a/controller/sharding/cache.go +++ b/controller/sharding/cache.go @@ -153,11 +153,12 @@ func (sharding *ClusterSharding) updateDistribution() { } existingShard, ok := sharding.Shards[k] - if ok && existingShard != shard { + switch { + case ok && existingShard != shard: log.Infof("Cluster %s has changed shard from %d to %d", k, existingShard, shard) - } else if !ok { + case !ok: log.Infof("Cluster %s has been assigned to shard %d", k, shard) - } else { + default: log.Debugf("Cluster %s has not changed shard", k) } sharding.Shards[k] = shard diff --git a/controller/state.go b/controller/state.go index 5b1c7dbc0833a..5ea71e80909eb 100644 --- a/controller/state.go +++ b/controller/state.go @@ -821,12 +821,13 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 // namespace from being pruned. isManagedNs := isManagedNamespace(targetObj, app) && liveObj == nil - if resState.Hook || ignore.Ignore(obj) || (targetObj != nil && hookutil.Skip(targetObj)) || !isSelfReferencedObj { + switch { + case resState.Hook || ignore.Ignore(obj) || (targetObj != nil && hookutil.Skip(targetObj)) || !isSelfReferencedObj: // For resource hooks, skipped resources or objects that may have // been created by another controller with annotations copied from // the source object, don't store sync status, and do not affect // overall sync status - } else if !isManagedNs && (diffResult.Modified || targetObj == nil || liveObj == nil) { + case !isManagedNs && (diffResult.Modified || targetObj == nil || liveObj == nil): // Set resource state to OutOfSync since one of the following is true: // * target and live resource are different // * target resource not defined and live resource is extra @@ -837,7 +838,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 if !(needsPruning && resourceutil.HasAnnotationOption(obj, common.AnnotationCompareOptions, "IgnoreExtraneous")) { syncCode = v1alpha1.SyncStatusCodeOutOfSync } - } else { + default: resState.Status = v1alpha1.SyncStatusCodeSynced } // set unknown status to all resource that are not permitted in the app project diff --git a/controller/testdata/diff-cache.yaml b/controller/testdata/diff-cache.yaml index 41a1e8a4bbeb1..18523c859522d 100644 --- a/controller/testdata/diff-cache.yaml +++ b/controller/testdata/diff-cache.yaml @@ -51,7 +51,7 @@ spec: - name: RELEASE_NAME value: test-lla - name: CHART_REPOSITORY - value: oci://europe-west1-docker.pkg.dev/platform-89be/charts + value: oci://europe-west1-docker.pkg.dev/foo/charts - name: CHART_NAME value: velero - name: PREVIEW @@ -67,7 +67,7 @@ spec: - name: HELM_ARGS value: "" name: cmp-helm-v2 - repoURL: https://github.com/mirakl/manifests-velero.git + repoURL: https://github.com/foo/manifests-velero.git targetRevision: test-lla syncPolicy: retry: @@ -98,7 +98,7 @@ status: - name: RELEASE_NAME value: test-lla - name: CHART_REPOSITORY - value: oci://europe-west1-docker.pkg.dev/platform-89be/charts + value: oci://europe-west1-docker.pkg.dev/foo/charts - name: CHART_NAME value: velero - name: PREVIEW @@ -114,7 +114,7 @@ status: - name: HELM_ARGS value: "" name: cmp-helm-v2 - repoURL: https://github.com/mirakl/manifests-velero.git + repoURL: https://github.com/foo/manifests-velero.git targetRevision: test-lla - deployStartedAt: "2024-03-04T22:08:29Z" deployedAt: "2024-03-04T22:08:30Z" @@ -127,7 +127,7 @@ status: - name: RELEASE_NAME value: test-lla - name: CHART_REPOSITORY - value: oci://europe-west1-docker.pkg.dev/platform-89be/charts + value: oci://europe-west1-docker.pkg.dev/foo/charts - name: CHART_NAME value: velero - name: PREVIEW @@ -143,7 +143,7 @@ status: - name: HELM_ARGS value: "" name: cmp-helm-v2 - repoURL: https://github.com/mirakl/manifests-velero.git + repoURL: https://github.com/foo/manifests-velero.git targetRevision: test-lla - deployStartedAt: "2024-03-04T22:09:16Z" deployedAt: "2024-03-04T22:09:16Z" @@ -156,7 +156,7 @@ status: - name: RELEASE_NAME value: test-lla - name: CHART_REPOSITORY - value: oci://europe-west1-docker.pkg.dev/platform-89be/charts + value: oci://europe-west1-docker.pkg.dev/foo/charts - name: CHART_NAME value: velero - name: PREVIEW @@ -172,7 +172,7 @@ status: - name: HELM_ARGS value: "" name: cmp-helm-v2 - repoURL: https://github.com/mirakl/manifests-velero.git + repoURL: https://github.com/foo/manifests-velero.git targetRevision: test-lla - deployStartedAt: "2024-03-04T22:11:41Z" deployedAt: "2024-03-04T22:11:41Z" @@ -185,7 +185,7 @@ status: - name: RELEASE_NAME value: test-lla - name: CHART_REPOSITORY - value: oci://europe-west1-docker.pkg.dev/platform-89be/charts + value: oci://europe-west1-docker.pkg.dev/foo/charts - name: CHART_NAME value: velero - name: PREVIEW @@ -201,7 +201,7 @@ status: - name: HELM_ARGS value: "" name: cmp-helm-v2 - repoURL: https://github.com/mirakl/manifests-velero.git + repoURL: https://github.com/foo/manifests-velero.git targetRevision: test-lla - deployStartedAt: "2024-03-04T22:50:55Z" deployedAt: "2024-03-04T22:50:55Z" @@ -214,7 +214,7 @@ status: - name: RELEASE_NAME value: test-lla - name: CHART_REPOSITORY - value: oci://europe-west1-docker.pkg.dev/platform-89be/charts + value: oci://europe-west1-docker.pkg.dev/foo/charts - name: CHART_NAME value: velero - name: PREVIEW @@ -230,7 +230,7 @@ status: - name: HELM_ARGS value: "" name: cmp-helm-v2 - repoURL: https://github.com/mirakl/manifests-velero.git + repoURL: https://github.com/foo/manifests-velero.git targetRevision: test-lla - deployStartedAt: "2024-03-04T22:52:56Z" deployedAt: "2024-03-04T22:52:56Z" @@ -243,7 +243,7 @@ status: - name: RELEASE_NAME value: test-lla - name: CHART_REPOSITORY - value: oci://europe-west1-docker.pkg.dev/platform-89be/charts + value: oci://europe-west1-docker.pkg.dev/foo/charts - name: CHART_NAME value: velero - name: PREVIEW @@ -259,7 +259,7 @@ status: - name: HELM_ARGS value: "" name: cmp-helm-v2 - repoURL: https://github.com/mirakl/manifests-velero.git + repoURL: https://github.com/foo/manifests-velero.git targetRevision: test-lla - deployStartedAt: "2024-03-04T22:56:15Z" deployedAt: "2024-03-04T22:56:15Z" @@ -272,7 +272,7 @@ status: - name: RELEASE_NAME value: test-lla - name: CHART_REPOSITORY - value: oci://europe-west1-docker.pkg.dev/platform-89be/charts + value: oci://europe-west1-docker.pkg.dev/foo/charts - name: CHART_NAME value: velero - name: PREVIEW @@ -288,7 +288,7 @@ status: - name: HELM_ARGS value: "" name: cmp-helm-v2 - repoURL: https://github.com/mirakl/manifests-velero.git + repoURL: https://github.com/foo/manifests-velero.git targetRevision: test-lla - deployStartedAt: "2024-03-05T07:31:56Z" deployedAt: "2024-03-05T07:31:57Z" @@ -301,7 +301,7 @@ status: - name: RELEASE_NAME value: test-lla - name: CHART_REPOSITORY - value: oci://europe-west1-docker.pkg.dev/platform-89be/charts + value: oci://europe-west1-docker.pkg.dev/foo/charts - name: CHART_NAME value: velero - name: PREVIEW @@ -317,7 +317,7 @@ status: - name: HELM_ARGS value: "" name: cmp-helm-v2 - repoURL: https://github.com/mirakl/manifests-velero.git + repoURL: https://github.com/foo/manifests-velero.git targetRevision: test-lla - deployStartedAt: "2024-03-05T07:32:44Z" deployedAt: "2024-03-05T07:32:44Z" @@ -330,7 +330,7 @@ status: - name: RELEASE_NAME value: test-lla - name: CHART_REPOSITORY - value: oci://europe-west1-docker.pkg.dev/platform-89be/charts + value: oci://europe-west1-docker.pkg.dev/foo/charts - name: CHART_NAME value: velero - name: PREVIEW @@ -346,7 +346,7 @@ status: - name: HELM_ARGS value: "" name: cmp-helm-v2 - repoURL: https://github.com/mirakl/manifests-velero.git + repoURL: https://github.com/foo/manifests-velero.git targetRevision: test-lla - deployStartedAt: "2024-03-05T07:33:03Z" deployedAt: "2024-03-05T07:33:04Z" @@ -359,7 +359,7 @@ status: - name: RELEASE_NAME value: test-lla - name: CHART_REPOSITORY - value: oci://europe-west1-docker.pkg.dev/platform-89be/charts + value: oci://europe-west1-docker.pkg.dev/foo/charts - name: CHART_NAME value: velero - name: PREVIEW @@ -375,14 +375,14 @@ status: - name: HELM_ARGS value: "" name: cmp-helm-v2 - repoURL: https://github.com/mirakl/manifests-velero.git + repoURL: https://github.com/foo/manifests-velero.git targetRevision: test-lla operationState: finishedAt: "2024-03-05T07:33:04Z" message: successfully synced (all tasks run) operation: initiatedBy: - username: laurent.lavaud@mirakl.com + username: foo@example.com retry: backoff: duration: 5s @@ -425,7 +425,7 @@ status: - name: RELEASE_NAME value: test-lla - name: CHART_REPOSITORY - value: oci://europe-west1-docker.pkg.dev/platform-89be/charts + value: oci://europe-west1-docker.pkg.dev/foo/charts - name: CHART_NAME value: velero - name: PREVIEW @@ -441,7 +441,7 @@ status: - name: HELM_ARGS value: "" name: cmp-helm-v2 - repoURL: https://github.com/mirakl/manifests-velero.git + repoURL: https://github.com/foo/manifests-velero.git targetRevision: test-lla reconciledAt: "2024-03-05T07:33:04Z" resources: @@ -476,7 +476,7 @@ status: - name: RELEASE_NAME value: test-lla - name: CHART_REPOSITORY - value: oci://europe-west1-docker.pkg.dev/platform-89be/charts + value: oci://europe-west1-docker.pkg.dev/foo/charts - name: CHART_NAME value: velero - name: PREVIEW @@ -492,7 +492,7 @@ status: - name: HELM_ARGS value: "" name: cmp-helm-v2 - repoURL: https://github.com/mirakl/manifests-velero.git + repoURL: https://github.com/foo/manifests-velero.git targetRevision: test-lla revision: rev1 status: Synced diff --git a/docs/assets/repo-add-azure-workload-identity.png b/docs/assets/repo-add-azure-workload-identity.png new file mode 100755 index 0000000000000..3a844c0c68797 Binary files /dev/null and b/docs/assets/repo-add-azure-workload-identity.png differ diff --git a/docs/developer-guide/contributors-quickstart.md b/docs/developer-guide/contributors-quickstart.md index 5544742b7a06b..7d9e27cc166a2 100644 --- a/docs/developer-guide/contributors-quickstart.md +++ b/docs/developer-guide/contributors-quickstart.md @@ -24,11 +24,11 @@ Before starting, ensure you have the following tools installed with the specifie 2. Clone the forked repository: ```shell -mkdir -p $GOPATH/src/github.com/argoproj/ -cd $GOPATH/src/github.com/argoproj/ git clone https://github.com/YOUR-USERNAME/argo-cd.git ``` +Please note that the local build process uses GOPATH and that path should not be used, unless the Argo CD repository was directly cloned in it. + 3. Add the upstream remote for rebasing: ```shell cd argo-cd @@ -134,15 +134,31 @@ DOCKER=podman make start-local ARGOCD_GPG_ENABLED=false ## Common Make Targets -Here are some frequently used make targets: +Here are some frequently used make targets (all will run on your machine): + +### Local Toolchain Make Targets + +* `make build-local` - Build Argo CD binaries +* `make test-local` - Run unit tests +* `make codegen-local` - Re-generate auto generated Swagger and Protobuf (after changing API code) +* `make lint-local` - Run linting +* `make pre-commit-local` - Run pre-commit checks +* `make start-e2e-local` - Start server for end-to-end tests +* `make test-e2e-local` - Run end-to-end tests +* `make serve-docs-local` - Serve documentation +* `make start-local` - Start Argo CD + +### Virtualized Toolchain Make Targets -* `make start-local` - Start Argo CD locally +* `make build` - Build Argo CD binaries * `make test` - Run unit tests -* `make test-e2e` - Run end-to-end tests +* `make codegen` - Re-generate auto generated Swagger and Protobuf (after changing API code) * `make lint` - Run linting -* `make serve-docs` - Serve documentation locally -* `make pre-commit-local` - Run pre-commit checks locally -* `make build` - Build Argo CD binaries +* `make pre-commit` - Run pre-commit checks +* `make start-e2e` - Start server for end-to-end tests +* `make test-e2e` - Run end-to-end tests +* `make serve-docs` - Serve documentation +* `make start` - Start Argo CD ## Making Changes diff --git a/docs/developer-guide/release-process-and-cadence.md b/docs/developer-guide/release-process-and-cadence.md index 515a777226a94..a4b77799c23da 100644 --- a/docs/developer-guide/release-process-and-cadence.md +++ b/docs/developer-guide/release-process-and-cadence.md @@ -17,7 +17,7 @@ These are the upcoming releases dates: | v2.12 | Monday, Jun. 17, 2024 | Monday, Aug. 5, 2024 | [Ishita Sequeira](https://github.com/ishitasequeira) | [Pavel Kostohrys](https://github.com/pasha-codefresh) | [checklist](https://github.com/argoproj/argo-cd/issues/19063) | | v2.13 | Monday, Sep. 16, 2024 | Monday, Nov. 4, 2024 | [Regina Voloshin](https://github.com/reggie-k) | [Pavel Kostohrys](https://github.com/pasha-codefresh) | [checklist](https://github.com/argoproj/argo-cd/issues/19513) | | v2.14 | Monday, Dec. 16, 2024 | Monday, Feb. 3, 2025 | [Ryan Umstead](https://github.com/rumstead) | [Pavel Kostohrys](https://github.com/pasha-codefresh) | [checklist](https://github.com/argoproj/argo-cd/issues/20869) | -| v3.0 | Monday, Mar. 17, 2025 | Monday, May 5, 2025 | [Michael Crenshaw](https://github.com/crenshaw-dev) | | | +| v3.0 | Monday, Mar. 17, 2025 | Monday, May 5, 2025 | [Regina Voloshin](https://github.com/reggie-k) | | [checklist](https://github.com/argoproj/argo-cd/issues/21735) | Actual release dates might differ from the plan by a few days. diff --git a/docs/developer-guide/releasing.md b/docs/developer-guide/releasing.md index bb51ebfa8d14b..ed3a0163c8e7f 100644 --- a/docs/developer-guide/releasing.md +++ b/docs/developer-guide/releasing.md @@ -20,6 +20,7 @@ triggered. This will be automated in the very near future. * Update `CHANGELOG.md` with changes for this release * Commit & push changes to `CHANGELOG.md` +* Update `goreleaser.yaml` with the updated blog post link in the `Release Notes Blog Post` section. **The `Init ARGOCD Release` workflow will perform the following steps:** diff --git a/docs/developer-guide/toolchain-guide.md b/docs/developer-guide/toolchain-guide.md index c767acb2bafd3..46525280f42da 100644 --- a/docs/developer-guide/toolchain-guide.md +++ b/docs/developer-guide/toolchain-guide.md @@ -148,9 +148,7 @@ The following steps are required no matter whether you chose to use a virtualize ### Clone the Argo CD repository from your personal fork on GitHub -* `mkdir -p ~/go/src/github.com/argoproj` -* `cd ~/go/src/github.com/argoproj` -* `git clone https://github.com/yourghuser/argo-cd` +* `git clone https://github.com/YOUR-USERNAME/argo-cd` * `cd argo-cd` ### Optional: Setup an additional Git remote @@ -349,4 +347,6 @@ The final step is running the End-to-End testsuite, which makes sure that your K * First, start the End-to-End server: `make start-e2e-local`. This will spawn a number of processes and services on your system. * When all components have started, run `make test-e2e-local` to run the end-to-end tests against your local services. +To run a single test, you can use `TEST_FLAGS="-run TestName" make test-e2e-local`. + For more information about End-to-End tests, refer to the [End-to-End test documentation](test-e2e.md). diff --git a/docs/operator-manual/applicationset/Generators-Git.md b/docs/operator-manual/applicationset/Generators-Git.md index 569eb60034389..2a53419b6faf1 100644 --- a/docs/operator-manual/applicationset/Generators-Git.md +++ b/docs/operator-manual/applicationset/Generators-Git.md @@ -204,7 +204,7 @@ spec: You may pass additional, arbitrary string key-value pairs via the `values` field of the git directory generator. Values added via the `values` field are added as `values.(field)`. -In this example, a `cluster` parameter value is passed. It is interpolated from the `branch` and `path` variable, to then be used to determine the destination namespace. +In this example, a `cluster` parameter value is passed. It is interpolated from the `path` variable, to then be used to determine the destination namespace. ```yaml apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet @@ -221,7 +221,7 @@ spec: directories: - path: '*' values: - cluster: '{{.branch}}-{{.path.basename}}' + cluster: '{{.path.basename}}' template: metadata: name: '{{.path.basename}}' diff --git a/docs/operator-manual/argocd-cmd-params-cm.yaml b/docs/operator-manual/argocd-cmd-params-cm.yaml index 59382a30e9db7..4d2068d0812c9 100644 --- a/docs/operator-manual/argocd-cmd-params-cm.yaml +++ b/docs/operator-manual/argocd-cmd-params-cm.yaml @@ -28,6 +28,8 @@ data: otlp.insecure: "true" # Open-Telemetry collector headers: (e.g. "key1=value1,key2=value2") otlp.headers: "" + # Open-Telemetry collector attrs: (e.g. "key1:value1,key2:value2") + otlp.attrs: "" # List of additional namespaces where applications may be created in and # reconciled from. The namespace where Argo CD is installed to will always @@ -36,6 +38,11 @@ data: # Feature state: Beta application.namespaces: ns1, ns2, ns3 + # Set the logging timestamp format. The default is "" which means "2006-01-02T15:04:05Z07:00" (RFC3339). + # See https://pkg.go.dev/time#pkg-constants for more options. + # This option is used for all components. + log.format.timestamp: "" + ## Controller Properties # Repo server RPC call timeout seconds. controller.repo.server.timeout.seconds: "60" diff --git a/docs/operator-manual/argocd-repositories.yaml b/docs/operator-manual/argocd-repositories.yaml index 8f48429ebd60b..2907ab0cd5b27 100644 --- a/docs/operator-manual/argocd-repositories.yaml +++ b/docs/operator-manual/argocd-repositories.yaml @@ -68,4 +68,19 @@ metadata: labels: argocd.argoproj.io/secret-type: repository stringData: - url: https://github.com/argoproj/private-repo \ No newline at end of file + url: https://github.com/argoproj/private-repo +--- +apiVersion: v1 +kind: Secret +metadata: + name: aci-private-repo + namespace: argocd + labels: + argocd.argoproj.io/secret-type: repository +stringData: + type: helm + url: contoso.azurecr.io/charts + name: contosocharts + enableOCI: "true" + useAzureWorkloadIdentity: "true" + \ No newline at end of file diff --git a/docs/operator-manual/declarative-setup.md b/docs/operator-manual/declarative-setup.md index 4e58422ab276d..56a0d7b580624 100644 --- a/docs/operator-manual/declarative-setup.md +++ b/docs/operator-manual/declarative-setup.md @@ -288,6 +288,10 @@ stringData: !!! tip The Kubernetes documentation has [instructions for creating a secret containing a private key](https://kubernetes.io/docs/concepts/configuration/secret/#use-case-pod-with-ssh-keys). +Example for Azure Container Registry/ Azure Devops repositories using Azure workload identity: + +Refer to [Azure Container Registry/Azure Repos using Azure Workload Identity](../user-guide/private-repositories.md#azure-container-registryazure-repos-using-azure-workload-identity) + ### Repository Credentials If you want to use the same credentials for multiple repositories, you can configure credential templates. Credential templates can carry the same credentials information as repositories. diff --git a/docs/operator-manual/metrics.md b/docs/operator-manual/metrics.md index deb6037aab94c..028698c96a150 100644 --- a/docs/operator-manual/metrics.md +++ b/docs/operator-manual/metrics.md @@ -105,6 +105,30 @@ Similar to the same metric in application controller (`argocd_app_labels`) the m Once enabled it works exactly the same as application controller metrics (label_ appended to normalized label name). Available labels include Name, Namespace + all labels enabled by the command line options and their value (exactly like application controller metrics described in the previous section). +### Exposing Cluster labels as Prometheus metrics + +As the Cluster labels are specific to each company, this feature is disabled by default. To enable it, add the +`--metrics-cluster-labels` flag to the Argo CD application controller. + +The example below will expose the Argo CD Application labels `team-name` and `environment` to Prometheus: + + containers: + - command: + - argocd-application-controller + - --metrics-cluster-labels + - team-name + - --metrics-cluster-labels + - environment + +In this case, the metric would look like: + +``` +# TYPE argocd_app_labels gauge +argocd_cluster_labels{label_environment="dev",label_team_name="team1",name="cluster1",server="server1"} 1 +argocd_cluster_labels{label_environment="staging",label_team_name="team2",name="cluster2",server="server2"} 1 +argocd_cluster_labels{label_environment="production",label_team_name="team3",name="cluster3",server="server3"} 1 +``` + ## API Server Metrics Metrics about API Server API request and response activity (request totals, response codes, etc...). Scraped at the `argocd-server-metrics:8083/metrics` endpoint. diff --git a/docs/operator-manual/notifications/index.md b/docs/operator-manual/notifications/index.md index 002f67249c616..13e7170c4710a 100644 --- a/docs/operator-manual/notifications/index.md +++ b/docs/operator-manual/notifications/index.md @@ -112,4 +112,4 @@ metadata: When the same notification service and trigger are defined in controller level configuration and application level configuration, both notifications will be sent according to its own configuration. -[Defining and using secrets within notification templates](templates.md/#defining-and-using-secrets-within-notification-templates) function is not available when flag `--self-service-notification-enable` is on. +[Defining and using secrets within notification templates](templates/#defining-and-using-secrets-within-notification-templates) function is not available when flag `--self-service-notification-enable` is on. diff --git a/docs/operator-manual/rbac.md b/docs/operator-manual/rbac.md index 9b7775a65e3e5..8648448f49804 100644 --- a/docs/operator-manual/rbac.md +++ b/docs/operator-manual/rbac.md @@ -114,8 +114,8 @@ The `applications` resource is an [Application-Specific Policy](#application-spe #### Fine-grained Permissions for `update`/`delete` action -The `update` and `delete` actions, when granted on an application, will allow the user to perform the operation on the application itself **and** all of its resources. -It can be desirable to only allow `update` or `delete` on specific resources within an application. +The `update` and `delete` actions, when granted on an application, will allow the user to perform the operation on the application itself, +but not on its resources. To do so, when the action if performed on an application's resource, the `` will have the `////` format. @@ -130,9 +130,9 @@ p, example-user, applications, delete/*/Pod/*/*, default/prod-app, allow Argo CD RBAC does not use `/` as a separator when evaluating glob patterns. So the pattern `delete/*/kind/*` will match `delete//kind//` but also `delete///kind/`. - The fact that both of these match will generally not be a problem, because resource kinds generally contain capital - letters, and namespaces cannot contain capital letters. However, it is possible for a resource kind to be lowercase. - So it is better to just always include all the parts of the resource in the pattern (in other words, always use four + The fact that both of these match will generally not be a problem, because resource kinds generally contain capital + letters, and namespaces cannot contain capital letters. However, it is possible for a resource kind to be lowercase. + So it is better to just always include all the parts of the resource in the pattern (in other words, always use four slashes). If we want to grant access to the user to update all resources of an application, but not the application itself: @@ -148,14 +148,30 @@ p, example-user, applications, delete, default/prod-app, deny p, example-user, applications, delete/*/Pod/*/*, default/prod-app, allow ``` -!!! note +If we want to explicitly allow updates to the application, but deny updates to any sub-resources: + +```csv +p, example-user, applications, update, default/prod-app, allow +p, example-user, applications, update/*, default/prod-app, deny +``` + +!!! note "Preserve Application permission Inheritance (Since v3.0.0)" + + Prior to v3, `update` and `delete` actions (without a `/*`) were also evaluated + on sub-resources. + + To preserve this behavior, you can set the config value + `server.rbac.disableApplicationFineGrainedRBACInheritance` to `false` in + the Argo CD ConfigMap `argocd-cm`. - It is not possible to deny fine-grained permissions for a sub-resource if the action was **explicitly allowed on the application**. - For instance, the following policies will **allow** a user to delete the Pod and any other resources in the application: + When disabled, it is not possible to deny fine-grained permissions for a sub-resource + if the action was **explicitly allowed on the application**. + For instance, the following policies will **allow** a user to delete the Pod and any + other resources in the application: ```csv p, example-user, applications, delete, default/prod-app, allow - p, example-user, applications, delete/*/Pod/*/*, default/prod-app, deny + p, example-user, applications, delete/*/Pod/*, default/prod-app, deny ``` #### The `action` action diff --git a/docs/operator-manual/secret-management.md b/docs/operator-manual/secret-management.md index 95343789c4868..e141e952c36b0 100644 --- a/docs/operator-manual/secret-management.md +++ b/docs/operator-manual/secret-management.md @@ -1,29 +1,47 @@ # Secret Management -Argo CD is un-opinionated about how secrets are managed. There are many ways to do it, and there's no one-size-fits-all solution. +There are two general ways to populate secrets when doing GitOps: on the destination cluster, or in Argo CD during +manifest generation. We strongly recommend the former, as it is more secure and provides a better user experience. -Many solutions use plugins to inject secrets into the application manifests. See [Mitigating Risks of Secret-Injection Plugins](#mitigating-risks-of-secret-injection-plugins) -below to make sure you use those plugins securely. +For further discussion, see [#1364](https://github.com/argoproj/argo-cd/issues/1364). -Here are some ways people are doing GitOps secrets: +## Destination Cluster Secret Management -* [Bitnami Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) -* [External Secrets Operator](https://github.com/external-secrets/external-secrets) -* [Hashicorp Vault](https://www.vaultproject.io) -* [Bank-Vaults](https://bank-vaults.dev/) -* [Helm Secrets](https://github.com/jkroepke/helm-secrets) -* [Kustomize secret generator plugins](https://github.com/kubernetes-sigs/kustomize/blob/fd7a353df6cece4629b8e8ad56b71e30636f38fc/examples/kvSourceGoPlugin.md#secret-values-from-anywhere) +In this approach, secrets are populated on the destination cluster, and Argo CD does not need to directly manage them. +[Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets), [External Secrets Operator](https://github.com/external-secrets/external-secrets), +and [Kubernetes Secrets Store CSI Driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) are examples of this style of secret management. + +This approach has two main advantages: + +1) Security: Argo CD does not need to have access to the secrets, which reduces the risk of leaking them. +2) User Experience: Secret updates are decoupled from app sync operations, which reduces the risk of unintentionally + applying Secret updates during an unrelated release. + +We strongly recommend this style of secret management. + +Other examples of this style of secret management include: * [aws-secret-operator](https://github.com/mumoshu/aws-secret-operator) -* [KSOPS](https://github.com/viaduct-ai/kustomize-sops#argo-cd-integration) -* [argocd-vault-plugin](https://github.com/argoproj-labs/argocd-vault-plugin) -* [argocd-vault-replacer](https://github.com/crumbhole/argocd-vault-replacer) -* [Kubernetes Secrets Store CSI Driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) -* [Vals-Operator](https://github.com/digitalis-io/vals-operator) -* [argocd-secret-replacer](https://github.com/mmalyska/argocd-secret-replacer) +* [Vault Secrets Operator](https://developer.hashicorp.com/vault/docs/platform/k8s/vso) + +## Argo CD Manifest Generation-Based Secret Management -For discussion, see [#1364](https://github.com/argoproj/argo-cd/issues/1364) +In this approach, Argo CD's manifest generation step is used to inject secrets. This may be done using a +[Config Management Plugin](config-management-plugins.md) like [argocd-vault-plugin](https://github.com/argoproj-labs/argocd-vault-plugin). -## Mitigating Risks of Secret-Injection Plugins +**We strongly caution against this style of secret management**, as it has several disadvantages: + +1) Security: Argo CD needs access to the secrets, which increases the risk of leaking them. Argo CD stores generated + manifests in plaintext in its Redis cache, so injecting secrets into the manifests increases risk. +2) User Experience: Secret updates are coupled with app sync operations, which increases the risk of unintentionally + applying Secret updates during an unrelated release. +3) Rendered Manifests Pattern: This approach is incompatible with the "Rendered Manifests" pattern, which is + increasingly becoming a best practice for GitOps. + +Many users have already adopted generation-based solutions, and we understand that migrating to an operator-based +solution can be a significant effort. Argo CD will continue to support generation-based secret management, but we will +not prioritize new features or improvements that solely support this style of secret management. + +### Mitigating Risks of Secret-Injection Plugins Argo CD caches the manifests generated by plugins, along with the injected secrets, in its Redis instance. Those manifests are also available via the repo-server API (a gRPC service). This means that the secrets are available to @@ -34,4 +52,3 @@ Consider these steps to mitigate the risks of secret-injection plugins: 1. Set up network policies to prevent direct access to Argo CD components (Redis and the repo-server). Make sure your cluster supports those network policies and can actually enforce them. 2. Consider running Argo CD on its own cluster, with no other applications running on it. - diff --git a/docs/operator-manual/server-commands/argocd-application-controller.md b/docs/operator-manual/server-commands/argocd-application-controller.md index 4eabca77d167f..9d6ca5fe496f7 100644 --- a/docs/operator-manual/server-commands/argocd-application-controller.md +++ b/docs/operator-manual/server-commands/argocd-application-controller.md @@ -45,6 +45,7 @@ argocd-application-controller [flags] --metrics-application-conditions strings List of Application conditions that will be added to the argocd_application_conditions metric --metrics-application-labels strings List of Application labels that will be added to the argocd_application_labels metric --metrics-cache-expiration duration Prometheus metrics cache expiration (disabled by default. e.g. 24h0m0s) + --metrics-cluster-labels strings List of Cluster labels that will be added to the argocd_cluster_labels metric --metrics-port int Start metrics server on given port (default 8082) -n, --namespace string If present, the namespace scope for this CLI request --operation-processors int Number of application operation processors (default 10) diff --git a/docs/operator-manual/upgrading/2.13-2.14.md b/docs/operator-manual/upgrading/2.13-2.14.md new file mode 100644 index 0000000000000..4ee50fd1c11dc --- /dev/null +++ b/docs/operator-manual/upgrading/2.13-2.14.md @@ -0,0 +1,6 @@ +# v2.13 to 2.14 + +## Upgraded Helm Version + +Helm was upgraded to 3.16.2 and the skipSchemaValidation Flag was added to +the [CLI and Application CR](https://argo-cd.readthedocs.io/en/latest/user-guide/helm/#helm-skip-schema-validation). \ No newline at end of file diff --git a/docs/operator-manual/upgrading/2.14-3.0.md b/docs/operator-manual/upgrading/2.14-3.0.md index 0d3e9e73603d7..f1e82ac89b716 100644 --- a/docs/operator-manual/upgrading/2.14-3.0.md +++ b/docs/operator-manual/upgrading/2.14-3.0.md @@ -9,7 +9,67 @@ most recent minor versions (so 2.14 until 3.2 is released, and 2.13 until 3.1 is ## Breaking Changes -So far no breaking changes have been merged. We will update this section as changes are merged. +### Fine-Grained RBAC for application `update` and `delete` sub-resources + +The default behavior of fine-grained policies have changed so they do not apply to sub-resources anymore. +Prior to v3, when `update` or `delete` actions were allowed on an application, it gave the permission to +update and delete the application itself and any of its sub-resources. + +Starting with v3, the `update` or `delete` actions only apply on the application. New policies must be defined +to allow the `update/*` or `delete/*` actions on the application to give permissions on sub-resources. + +The v2 behavior can be preserved by setting the config value `server.rbac.disableApplicationFineGrainedRBACInheritance` +to `false` in the Argo CD ConfigMap `argocd-cm`. + +Read the [RBAC documentation](../rbac.md#fine-grained-permissions-for-updatedelete-action) for more detailed inforamtion. + +### Removal of `argocd_app_sync_status`, `argocd_app_health_status` and `argocd_app_created_time` Metrics + +The `argocd_app_sync_status`, `argocd_app_health_status` and `argocd_app_created_time`, deprecated and disabled by +default since 1.5.0, have been removed. The information previously provided by these metrics is now available as labels +on the `argocd_app_info` metric. + +#### Detection + +Starting with 1.5.0, these metrics are only available if `ARGOCD_LEGACY_CONTROLLER_METRICS` is explicitly set to `true`. +If it is not set to true, you can safely upgrade with no changes. + +#### Migration + +If you are using these metrics, you will need to update your monitoring dashboards and alerts to use the new metric and +labels before upgrading. + +### Changes to RBAC with Dex SSO Authentication + +When using Dex, the `sub` claim returned in the authentication was used as the subject for RBAC. That value depends on +the Dex internal implementation and should not be considered an immutable value that represent the subject. + +The new behavior will request the `federated:id` [scope](https://dexidp.io/docs/configuration/custom-scopes-claims-clients/) from Dex, and the new value used as the RBAC subject will be based +on the `federated_claims.user_id` claim instead of the `sub` claim. + +If you were using the Dex sub claim in RBAC policies, you will need to update them to maintain the same access. + +You can know the correct `user_id` to use by decoding the current `sub` claims defined in your policies. You can also configure which +value is used as `user_id` for some [connectors](https://dexidp.io/docs/connectors/). + +```sh +$> echo "ChdleGFtcGxlQGFyZ29wcm9qLmlvEgJkZXhfY29ubl9pZA" | base64 -d + +example@argoproj.iodex_conn_i% +``` + +```yaml +# Policies based on the Dex sub claim (wrong) +- g, ChdleGFtcGxlQGFyZ29wcm9qLmlvEgJkZXhfY29ubl9pZA, role:example +- p, ChdleGFtcGxlQGFyZ29wcm9qLmlvEgJkZXhfY29ubl9pZA, applications, *, *, allow + +# Policies now based on federated_claims.user_id claim (correct) +- g, example@argoproj.io, role:example +- p, example@argoproj.io, applications, *, *, allow +``` + +If authenticating with the CLI, make sure to use the new version as well to obtain an authentication token with the +appropriate claims. ### Ignoring ApplicationSet `applyNestedSelectors` field @@ -31,8 +91,8 @@ kubectl get appsets -o=json | jq -r '.items[] | select( ) | .metadata.name' ``` -The command will print the name of any ApplicationSet that has `applyNestedSelectors` unset or set to `false` and has -one or more nested selectors. +The command will print the name of any ApplicationSet that has `applyNestedSelectors` unset or set to `false` and has +one or more nested selectors. #### Remediation @@ -82,3 +142,16 @@ spec: server: '{{.url}}' namespace: guestbook ``` + +## Other changes + +### Using `cluster.inClusterEnabled: "false"` + +When `cluster.inClusterEnabled: "false"` is explicitly configured, Applications currently configured to +sync on the in-cluster cluster will now be in an Unknown state, without the possibility to sync resources. + +It will not be possible to create new Applications using the in-cluster cluster. When deleting existing +Application, it will not delete the previously managed resources. + +It is recommended to perform any cleanup or migration to existing in-cluster Application before upgrading +when in-cluster is disabled. To perform cleanup post-migration, the in-cluster will need to be enabled temporarily. diff --git a/docs/operator-manual/user-management/microsoft.md b/docs/operator-manual/user-management/microsoft.md index 72a3a3ce77980..ac431bdc78c0e 100644 --- a/docs/operator-manual/user-management/microsoft.md +++ b/docs/operator-manual/user-management/microsoft.md @@ -3,76 +3,10 @@ !!! note "" Entra ID was formerly known as Azure AD. -* [Entra ID SAML Enterprise App Auth using Dex](#entra-id-saml-enterprise-app-auth-using-dex) * [Entra ID App Registration Auth using OIDC](#entra-id-app-registration-auth-using-oidc) +* [Entra ID SAML Enterprise App Auth using Dex](#entra-id-saml-enterprise-app-auth-using-dex) * [Entra ID App Registration Auth using Dex](#entra-id-app-registration-auth-using-dex) -## Entra ID SAML Enterprise App Auth using Dex -### Configure a new Entra ID Enterprise App - -1. From the `Microsoft Entra ID` > `Enterprise applications` menu, choose `+ New application` -2. Select `Non-gallery application` -3. Enter a `Name` for the application (e.g. `Argo CD`), then choose `Add` -4. Once the application is created, open it from the `Enterprise applications` menu. -5. From the `Users and groups` menu of the app, add any users or groups requiring access to the service. - ![Azure Enterprise SAML Users](../../assets/azure-enterprise-users.png "Azure Enterprise SAML Users") -6. From the `Single sign-on` menu, edit the `Basic SAML Configuration` section as follows (replacing `my-argo-cd-url` with your Argo URL): - - **Identifier (Entity ID):** https://``/api/dex/callback - - **Reply URL (Assertion Consumer Service URL):** https://``/api/dex/callback - - **Sign on URL:** https://``/auth/login - - **Relay State:** `` - - **Logout Url:** `` - ![Azure Enterprise SAML URLs](../../assets/azure-enterprise-saml-urls.png "Azure Enterprise SAML URLs") -7. From the `Single sign-on` menu, edit the `User Attributes & Claims` section to create the following claims: - - `+ Add new claim` | **Name:** email | **Source:** Attribute | **Source attribute:** user.mail - - `+ Add group claim` | **Which groups:** All groups | **Source attribute:** Group ID | **Customize:** True | **Name:** Group | **Namespace:** `` | **Emit groups as role claims:** False - - *Note: The `Unique User Identifier` required claim can be left as the default `user.userprincipalname`* - ![Azure Enterprise SAML Claims](../../assets/azure-enterprise-claims.png "Azure Enterprise SAML Claims") -8. From the `Single sign-on` menu, download the SAML Signing Certificate (Base64) - - Base64 encode the contents of the downloaded certificate file, for example: - - `$ cat ArgoCD.cer | base64` - - *Keep a copy of the encoded output to be used in the next section.* -9. From the `Single sign-on` menu, copy the `Login URL` parameter, to be used in the next section. - -### Configure Argo to use the new Entra ID Enterprise App - -1. Edit `argocd-cm` and add the following `dex.config` to the data section, replacing the `caData`, `my-argo-cd-url` and `my-login-url` your values from the Entra ID App: - - data: - url: https://my-argo-cd-url - dex.config: | - logger: - level: debug - format: json - connectors: - - type: saml - id: saml - name: saml - config: - entityIssuer: https://my-argo-cd-url/api/dex/callback - ssoURL: https://my-login-url (e.g. https://login.microsoftonline.com/xxxxx/a/saml2) - caData: | - MY-BASE64-ENCODED-CERTIFICATE-DATA - redirectURI: https://my-argo-cd-url/api/dex/callback - usernameAttr: email - emailAttr: email - groupsAttr: Group - -2. Edit `argocd-rbac-cm` to configure permissions, similar to example below. - - Use Entra ID `Group IDs` for assigning roles. - - See [RBAC Configurations](../rbac.md) for more detailed scenarios. - - # example policy - policy.default: role:readonly - policy.csv: | - p, role:org-admin, applications, *, */*, allow - p, role:org-admin, clusters, get, *, allow - p, role:org-admin, repositories, get, *, allow - p, role:org-admin, repositories, create, *, allow - p, role:org-admin, repositories, update, *, allow - p, role:org-admin, repositories, delete, *, allow - g, "84ce98d1-e359-4f3b-85af-985b458de3c6", role:org-admin # (azure group assigned to role) - ## Entra ID App Registration Auth using OIDC ### Configure a new Entra ID App registration #### Add a new Entra ID App registration @@ -96,7 +30,18 @@ ![Azure App registration's Authentication](../../assets/azure-app-registration-authentication.png "Azure App registration's Authentication") #### Add credentials a new Entra ID App registration - +##### Using Workload Identity Federation (Recommended) +1. **Label the Pods:** Add the `azure.workload.identity/use: "true"` label to the `argocd-server` pods. +2. **Add Annotation to Service Account:** Add `azure.workload.identity/client-id: "$CLIENT_ID"` annotation to the `argocd-server` service account using the details from application created in previous step. +3. From the `Certificates & secrets` menu, navigate to `Federated credentials`, then choose `+ Add credential` +4. Choose `Federated credential scenario` as `Kubernetes Accessing Azure resources` + - Enter Cluster Issuer URL, refer to [retrieve the OIDC issuer URL](https://learn.microsoft.com/en-us/azure/aks/workload-identity-deploy-cluster#retrieve-the-oidc-issuer-url) documentation + - Enter namespace as the namespace where the argocd is deployed + - Enter service account name as `argocd-server` + - Enter a unique name + - Click Add. + +##### Using Client Secret 1. From the `Certificates & secrets` menu, choose `+ New client secret` 2. Enter a `Name` for the secret (e.g. `ArgoCD-SSO`). - Make sure to copy and save generated value. This is a value for the `client_secret`. @@ -129,7 +74,9 @@ name: Azure issuer: https://login.microsoftonline.com/{directory_tenant_id}/v2.0 clientID: {azure_ad_application_client_id} - clientSecret: $oidc.azure.clientSecret + clientSecret: $oidc.azure.clientSecret // if using client secret for authentication + azure: + useWorkloadIdentity: true // if using azure workload identity for authentication requestedIDTokenClaims: groups: essential: true @@ -139,7 +86,7 @@ - profile - email -2. Edit `argocd-secret` and configure the `data.oidc.azure.clientSecret` section: +2. Skip this step if using azure workload identity. Edit `argocd-secret` and configure the `data.oidc.azure.clientSecret` section: Secret -> argocd-secret @@ -177,6 +124,72 @@ Refer to [operator-manual/argocd-rbac-cm.yaml](https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-rbac-cm.yaml) for all of the available variables. +## Entra ID SAML Enterprise App Auth using Dex +### Configure a new Entra ID Enterprise App + +1. From the `Microsoft Entra ID` > `Enterprise applications` menu, choose `+ New application` +2. Select `Non-gallery application` +3. Enter a `Name` for the application (e.g. `Argo CD`), then choose `Add` +4. Once the application is created, open it from the `Enterprise applications` menu. +5. From the `Users and groups` menu of the app, add any users or groups requiring access to the service. + ![Azure Enterprise SAML Users](../../assets/azure-enterprise-users.png "Azure Enterprise SAML Users") +6. From the `Single sign-on` menu, edit the `Basic SAML Configuration` section as follows (replacing `my-argo-cd-url` with your Argo URL): + - **Identifier (Entity ID):** https://``/api/dex/callback + - **Reply URL (Assertion Consumer Service URL):** https://``/api/dex/callback + - **Sign on URL:** https://``/auth/login + - **Relay State:** `` + - **Logout Url:** `` + ![Azure Enterprise SAML URLs](../../assets/azure-enterprise-saml-urls.png "Azure Enterprise SAML URLs") +7. From the `Single sign-on` menu, edit the `User Attributes & Claims` section to create the following claims: + - `+ Add new claim` | **Name:** email | **Source:** Attribute | **Source attribute:** user.mail + - `+ Add group claim` | **Which groups:** All groups | **Source attribute:** Group ID | **Customize:** True | **Name:** Group | **Namespace:** `` | **Emit groups as role claims:** False + - *Note: The `Unique User Identifier` required claim can be left as the default `user.userprincipalname`* + ![Azure Enterprise SAML Claims](../../assets/azure-enterprise-claims.png "Azure Enterprise SAML Claims") +8. From the `Single sign-on` menu, download the SAML Signing Certificate (Base64) + - Base64 encode the contents of the downloaded certificate file, for example: + - `$ cat ArgoCD.cer | base64` + - *Keep a copy of the encoded output to be used in the next section.* +9. From the `Single sign-on` menu, copy the `Login URL` parameter, to be used in the next section. + +### Configure Argo to use the new Entra ID Enterprise App + +1. Edit `argocd-cm` and add the following `dex.config` to the data section, replacing the `caData`, `my-argo-cd-url` and `my-login-url` your values from the Entra ID App: + + data: + url: https://my-argo-cd-url + dex.config: | + logger: + level: debug + format: json + connectors: + - type: saml + id: saml + name: saml + config: + entityIssuer: https://my-argo-cd-url/api/dex/callback + ssoURL: https://my-login-url (e.g. https://login.microsoftonline.com/xxxxx/a/saml2) + caData: | + MY-BASE64-ENCODED-CERTIFICATE-DATA + redirectURI: https://my-argo-cd-url/api/dex/callback + usernameAttr: email + emailAttr: email + groupsAttr: Group + +2. Edit `argocd-rbac-cm` to configure permissions, similar to example below. + - Use Entra ID `Group IDs` for assigning roles. + - See [RBAC Configurations](../rbac.md) for more detailed scenarios. + + # example policy + policy.default: role:readonly + policy.csv: | + p, role:org-admin, applications, *, */*, allow + p, role:org-admin, clusters, get, *, allow + p, role:org-admin, repositories, get, *, allow + p, role:org-admin, repositories, create, *, allow + p, role:org-admin, repositories, update, *, allow + p, role:org-admin, repositories, delete, *, allow + g, "84ce98d1-e359-4f3b-85af-985b458de3c6", role:org-admin # (azure group assigned to role) + ## Entra ID App Registration Auth using Dex Configure a new AD App Registration, as above. diff --git a/docs/snyk/index.md b/docs/snyk/index.md index 76c74ecca4c03..b3287e5a0e928 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -23,57 +23,57 @@ recent minor releases. | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.14.0-rc5 +### v2.14.0-rc7 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.14.0-rc5/argocd-test.html) | 0 | 2 | 7 | 0 | -| [ui/yarn.lock](v2.14.0-rc5/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.41.1](v2.14.0-rc5/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 0 | 0 | 2 | -| [haproxy:2.6.17-alpine](v2.14.0-rc5/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 4 | -| [redis:7.0.15-alpine](v2.14.0-rc5/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [argocd:v2.14.0-rc5](v2.14.0-rc5/quay.io_argoproj_argocd_v2.14.0-rc5.html) | 0 | 0 | 4 | 10 | -| [redis:7.0.15-alpine](v2.14.0-rc5/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.14.0-rc5/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.14.0-rc5/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.14.0-rc7/argocd-test.html) | 0 | 1 | 7 | 0 | +| [ui/yarn.lock](v2.14.0-rc7/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.41.1](v2.14.0-rc7/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 0 | 0 | 2 | +| [haproxy:2.6.17-alpine](v2.14.0-rc7/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 4 | +| [redis:7.0.15-alpine](v2.14.0-rc7/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [argocd:v2.14.0-rc7](v2.14.0-rc7/quay.io_argoproj_argocd_v2.14.0-rc7.html) | 0 | 0 | 4 | 10 | +| [redis:7.0.15-alpine](v2.14.0-rc7/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [install.yaml](v2.14.0-rc7/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.14.0-rc7/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.13.3 +### v2.13.4 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.13.3/argocd-test.html) | 1 | 2 | 8 | 2 | -| [ui/yarn.lock](v2.13.3/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.41.1](v2.13.3/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 0 | 0 | 2 | -| [haproxy:2.6.17-alpine](v2.13.3/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 4 | -| [redis:7.0.15-alpine](v2.13.3/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [argocd:v2.13.3](v2.13.3/quay.io_argoproj_argocd_v2.13.3.html) | 0 | 0 | 4 | 10 | -| [redis:7.0.15-alpine](v2.13.3/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.13.3/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.13.3/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.13.4/argocd-test.html) | 0 | 0 | 7 | 2 | +| [ui/yarn.lock](v2.13.4/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.41.1](v2.13.4/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 0 | 0 | 2 | +| [haproxy:2.6.17-alpine](v2.13.4/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 4 | +| [redis:7.0.15-alpine](v2.13.4/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [argocd:v2.13.4](v2.13.4/quay.io_argoproj_argocd_v2.13.4.html) | 0 | 0 | 4 | 10 | +| [redis:7.0.15-alpine](v2.13.4/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [install.yaml](v2.13.4/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.13.4/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.12.9 +### v2.12.10 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.12.9/argocd-test.html) | 1 | 2 | 9 | 2 | -| [ui/yarn.lock](v2.12.9/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.38.0](v2.12.9/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 7 | -| [haproxy:2.6.17-alpine](v2.12.9/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 4 | -| [redis:7.0.15-alpine](v2.12.9/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [argocd:v2.12.9](v2.12.9/quay.io_argoproj_argocd_v2.12.9.html) | 0 | 0 | 4 | 10 | -| [redis:7.0.15-alpine](v2.12.9/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.12.9/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.12.9/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.12.10/argocd-test.html) | 0 | 0 | 8 | 2 | +| [ui/yarn.lock](v2.12.10/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.38.0](v2.12.10/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 7 | +| [haproxy:2.6.17-alpine](v2.12.10/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 4 | +| [redis:7.0.15-alpine](v2.12.10/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [argocd:v2.12.10](v2.12.10/quay.io_argoproj_argocd_v2.12.10.html) | 0 | 0 | 4 | 10 | +| [redis:7.0.15-alpine](v2.12.10/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [install.yaml](v2.12.10/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.12.10/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.11.12 +### v2.11.13 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.11.12/argocd-test.html) | 1 | 3 | 10 | 2 | -| [ui/yarn.lock](v2.11.12/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.38.0](v2.11.12/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 7 | -| [haproxy:2.6.14-alpine](v2.11.12/haproxy_2.6.14-alpine.html) | 0 | 1 | 7 | 7 | -| [argocd:v2.11.12](v2.11.12/quay.io_argoproj_argocd_v2.11.12.html) | 0 | 0 | 5 | 21 | -| [redis:7.0.15-alpine](v2.11.12/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.11.12/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.11.12/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.11.13/argocd-test.html) | 0 | 1 | 9 | 2 | +| [ui/yarn.lock](v2.11.13/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.38.0](v2.11.13/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 7 | +| [haproxy:2.6.14-alpine](v2.11.13/haproxy_2.6.14-alpine.html) | 0 | 1 | 7 | 7 | +| [argocd:v2.11.13](v2.11.13/quay.io_argoproj_argocd_v2.11.13.html) | 0 | 0 | 4 | 19 | +| [redis:7.0.15-alpine](v2.11.13/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [install.yaml](v2.11.13/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.11.13/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index a675e8c3c2656..69f72697b8bf4 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

Snyk test report

-

January 12th 2025, 12:22:26 am (UTC+00:00)

+

February 2nd 2025, 12:21:10 am (UTC+00:00)

Scanned the following path: @@ -881,7 +881,7 @@

Container could be running with outdated image

  • - Line number: 24926 + Line number: 24944
    • @@ -933,7 +933,7 @@

    Container could be running with outdated image

  • - Line number: 25233 + Line number: 25263
    • @@ -1049,7 +1049,7 @@

    Container has no CPU limit

  • - Line number: 24728 + Line number: 24740
    • @@ -1107,7 +1107,7 @@

    Container has no CPU limit

  • - Line number: 24682 + Line number: 24688
    • @@ -1165,7 +1165,7 @@

    Container has no CPU limit

  • - Line number: 24790 + Line number: 24802
    • @@ -1223,7 +1223,7 @@

    Container has no CPU limit

  • - Line number: 24897 + Line number: 24915
    • @@ -1281,7 +1281,7 @@

    Container has no CPU limit

  • - Line number: 24921 + Line number: 24939
    • @@ -1339,7 +1339,7 @@

    Container has no CPU limit

  • - Line number: 25233 + Line number: 25263
    • @@ -1397,7 +1397,7 @@

    Container has no CPU limit

  • - Line number: 24980 + Line number: 24998
    • @@ -1455,7 +1455,7 @@

    Container has no CPU limit

  • - Line number: 25320 + Line number: 25350
    • @@ -1513,7 +1513,7 @@

    Container has no CPU limit

  • - Line number: 25718 + Line number: 25754
    • @@ -1565,7 +1565,7 @@

    Container is running with multiple open ports

  • - Line number: 24708 + Line number: 24720
    • @@ -1669,7 +1669,7 @@

    Container is running without liveness probe

  • - Line number: 24682 + Line number: 24688
    • @@ -1721,7 +1721,7 @@

    Container is running without liveness probe

  • - Line number: 24897 + Line number: 24915
    • @@ -1837,7 +1837,7 @@

    Container is running without memory limit

  • - Line number: 24682 + Line number: 24688
    • @@ -1895,7 +1895,7 @@

    Container is running without memory limit

  • - Line number: 24728 + Line number: 24740
    • @@ -1953,7 +1953,7 @@

    Container is running without memory limit

  • - Line number: 24790 + Line number: 24802
    • @@ -2011,7 +2011,7 @@

    Container is running without memory limit

  • - Line number: 24897 + Line number: 24915
    • @@ -2069,7 +2069,7 @@

    Container is running without memory limit

  • - Line number: 24921 + Line number: 24939
    • @@ -2127,7 +2127,7 @@

    Container is running without memory limit

  • - Line number: 25233 + Line number: 25263
    • @@ -2185,7 +2185,7 @@

    Container is running without memory limit

  • - Line number: 24980 + Line number: 24998
    • @@ -2243,7 +2243,7 @@

    Container is running without memory limit

  • - Line number: 25320 + Line number: 25350
    • @@ -2301,7 +2301,7 @@

    Container is running without memory limit

  • - Line number: 25718 + Line number: 25754
    • @@ -2357,7 +2357,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 24604 + Line number: 24610
    • @@ -2413,7 +2413,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 24736 + Line number: 24748
    • @@ -2469,7 +2469,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 24711 + Line number: 24723
    • @@ -2525,7 +2525,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 24829 + Line number: 24847
    • @@ -2581,7 +2581,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 24914 + Line number: 24932
    • @@ -2637,7 +2637,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 24928 + Line number: 24946
    • @@ -2693,7 +2693,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 25240 + Line number: 25270
    • @@ -2749,7 +2749,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 25206 + Line number: 25236
    • @@ -2805,7 +2805,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 25617 + Line number: 25653
    • @@ -2861,7 +2861,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 25963 + Line number: 26011
    • diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index b7a80609b5e0d..a0fb3178f149a 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    January 12th 2025, 12:22:35 am (UTC+00:00)

    +

    February 2nd 2025, 12:21:20 am (UTC+00:00)

    Scanned the following path: @@ -835,7 +835,7 @@

    Container could be running with outdated image

  • - Line number: 1156 + Line number: 1174
    • @@ -887,7 +887,7 @@

    Container could be running with outdated image

  • - Line number: 1463 + Line number: 1493
    • @@ -1003,7 +1003,7 @@

    Container has no CPU limit

  • - Line number: 958 + Line number: 970
    • @@ -1061,7 +1061,7 @@

    Container has no CPU limit

  • - Line number: 912 + Line number: 918
    • @@ -1119,7 +1119,7 @@

    Container has no CPU limit

  • - Line number: 1020 + Line number: 1032
    • @@ -1177,7 +1177,7 @@

    Container has no CPU limit

  • - Line number: 1127 + Line number: 1145
    • @@ -1235,7 +1235,7 @@

    Container has no CPU limit

  • - Line number: 1151 + Line number: 1169
    • @@ -1293,7 +1293,7 @@

    Container has no CPU limit

  • - Line number: 1463 + Line number: 1493
    • @@ -1351,7 +1351,7 @@

    Container has no CPU limit

  • - Line number: 1210 + Line number: 1228
    • @@ -1409,7 +1409,7 @@

    Container has no CPU limit

  • - Line number: 1550 + Line number: 1580
    • @@ -1467,7 +1467,7 @@

    Container has no CPU limit

  • - Line number: 1948 + Line number: 1984
    • @@ -1519,7 +1519,7 @@

    Container is running with multiple open ports

  • - Line number: 938 + Line number: 950
    • @@ -1623,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 912 + Line number: 918
    • @@ -1675,7 +1675,7 @@

    Container is running without liveness probe

  • - Line number: 1127 + Line number: 1145
    • @@ -1791,7 +1791,7 @@

    Container is running without memory limit

  • - Line number: 912 + Line number: 918
    • @@ -1849,7 +1849,7 @@

    Container is running without memory limit

  • - Line number: 958 + Line number: 970
    • @@ -1907,7 +1907,7 @@

    Container is running without memory limit

  • - Line number: 1020 + Line number: 1032
    • @@ -1965,7 +1965,7 @@

    Container is running without memory limit

  • - Line number: 1127 + Line number: 1145
    • @@ -2023,7 +2023,7 @@

    Container is running without memory limit

  • - Line number: 1151 + Line number: 1169
    • @@ -2081,7 +2081,7 @@

    Container is running without memory limit

  • - Line number: 1463 + Line number: 1493
    • @@ -2139,7 +2139,7 @@

    Container is running without memory limit

  • - Line number: 1210 + Line number: 1228
    • @@ -2197,7 +2197,7 @@

    Container is running without memory limit

  • - Line number: 1550 + Line number: 1580
    • @@ -2255,7 +2255,7 @@

    Container is running without memory limit

  • - Line number: 1948 + Line number: 1984
    • @@ -2311,7 +2311,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 834 + Line number: 840
    • @@ -2367,7 +2367,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 966 + Line number: 978
    • @@ -2423,7 +2423,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 941 + Line number: 953
    • @@ -2479,7 +2479,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1059 + Line number: 1077
    • @@ -2535,7 +2535,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1144 + Line number: 1162
    • @@ -2591,7 +2591,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1158 + Line number: 1176
    • @@ -2647,7 +2647,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1470 + Line number: 1500
    • @@ -2703,7 +2703,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1436 + Line number: 1466
    • @@ -2759,7 +2759,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1847 + Line number: 1883
    • @@ -2815,7 +2815,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 2193 + Line number: 2241
    • diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index 8e8a3ac8595bb..f8af37d95f1d2 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    January 12th 2025, 12:20:03 am (UTC+00:00)

    +

    February 2nd 2025, 12:18:51 am (UTC+00:00)

    Scanned the following paths: @@ -470,7 +470,7 @@

    Snyk test report

    7 known vulnerabilities
    26 vulnerable dependency paths
    -
    2084 dependencies
    +
    2085 dependencies
    @@ -628,7 +628,7 @@

    MPL-2.0 license

  • Introduced through: - github.com/argoproj/argo-cd/v3@0.0.0, code.gitea.io/sdk/gitea@0.19.0 and others + github.com/argoproj/argo-cd/v3@0.0.0, code.gitea.io/sdk/gitea@0.20.0 and others
    • @@ -642,7 +642,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v3@0.0.0 › - code.gitea.io/sdk/gitea@0.19.0 + code.gitea.io/sdk/gitea@0.20.0 › github.com/hashicorp/go-version@1.6.0 diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.41.1.html index 5fc3c206daceb..eab39b66e11b8 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.41.1.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.41.1.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    January 12th 2025, 12:20:13 am (UTC+00:00)

    +

    February 2nd 2025, 12:19:00 am (UTC+00:00)

    Scanned the following paths: diff --git a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html index f92ffad87e2f0..063ad6dad48b2 100644 --- a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html +++ b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    January 12th 2025, 12:20:20 am (UTC+00:00)

    +

    February 2nd 2025, 12:19:06 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html index 73b92a5ac151a..4104d73d3c510 100644 --- a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html +++ b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    January 12th 2025, 12:20:26 am (UTC+00:00)

    +

    February 2nd 2025, 12:19:12 am (UTC+00:00)

    Scanned the following paths: diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index 57f7aa027835b..257cb0a8b7a28 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    January 12th 2025, 12:20:50 am (UTC+00:00)

    +

    February 2nd 2025, 12:19:34 am (UTC+00:00)

    Scanned the following paths: @@ -470,9 +470,9 @@

    Snyk test report

    -
    22 known vulnerabilities
    -
    105 vulnerable dependency paths
    -
    2383 dependencies
    +
    23 known vulnerabilities
    +
    106 vulnerable dependency paths
    +
    2382 dependencies
    @@ -480,89 +480,6 @@

    Snyk test report

    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:latest/helm/v3 › /usr/local/bin/helm -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/html -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/html@v0.26.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - › - golang.org/x/net/html@v0.26.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions parseDoctype, htmlIntegrationPoint, inBodyIM and inTableIM due to inefficient usage of the method strings.ToLower combining with the == operator to convert strings to lowercase and then comparing them.

    -

    An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/html to version 0.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -

    CVE-2024-56433

    @@ -728,7 +645,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - util-linux@2.39.3-9ubuntu6.1 + util-linux@2.39.3-9ubuntu6.2 › pam/libpam0g@1.5.3-5ubuntu5.1 @@ -967,7 +884,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - util-linux@2.39.3-9ubuntu6.1 + util-linux@2.39.3-9ubuntu6.2 › pam/libpam0g@1.5.3-5ubuntu5.1 @@ -1169,7 +1086,7 @@

    CVE-2024-26462

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.2 and others
    • @@ -1183,7 +1100,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1198,7 +1115,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1215,7 +1132,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1230,7 +1147,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1247,7 +1164,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1266,7 +1183,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1292,7 +1209,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1305,7 +1222,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1770,6 +1687,144 @@

    Detailed paths

    More about this vulnerability

    +
    +
    +

    Generation of Error Message Containing Sensitive Information

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v3 › /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/argoproj/gitops-engine/pkg/utils/kube +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v3@* and github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250129155113-7e21b91e9d0f + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v3@* + › + github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250129155113-7e21b91e9d0f + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.

    +

    Remediation

    +

    A fix was pushed into the master branch but not yet published.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Generation of Error Message Containing Sensitive Information

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v3 › /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/argoproj/gitops-engine/pkg/diff +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v3@* and github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250129155113-7e21b91e9d0f + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v3@* + › + github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250129155113-7e21b91e9d0f + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.

    +

    Remediation

    +

    A fix was pushed into the master branch but not yet published.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Release of Invalid Pointer or Reference

    @@ -2022,7 +2077,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2037,7 +2092,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2054,7 +2109,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2243,7 +2298,7 @@

    Detailed paths

    › pam/libpam-modules@1.5.3-5ubuntu5.1 › - systemd/libsystemd0@255.4-1ubuntu8.4 + systemd/libsystemd0@255.4-1ubuntu8.5 › libgcrypt20@1.10.3-2build1 @@ -2304,7 +2359,7 @@

    CVE-2024-26458

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.2 and others
    • @@ -2318,7 +2373,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2333,7 +2388,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2350,7 +2405,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2365,7 +2420,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2382,7 +2437,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2401,7 +2456,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2427,7 +2482,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2440,7 +2495,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2512,7 +2567,7 @@

    CVE-2024-26461

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.2 and others
    • @@ -2526,7 +2581,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2541,7 +2596,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2558,7 +2613,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2573,7 +2628,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2590,7 +2645,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2609,7 +2664,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2635,7 +2690,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2648,7 +2703,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2947,7 +3002,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.2 and others
    • @@ -2961,9 +3016,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › - git/git-man@1:2.43.0-1ubuntu7.1 + git/git-man@1:2.43.0-1ubuntu7.2 @@ -2972,7 +3027,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 @@ -2983,7 +3038,7 @@

    Detailed paths

    › git-lfs@3.4.1-1ubuntu0.2 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2     diff --git a/docs/snyk/master/redis_7.0.15-alpine.html b/docs/snyk/master/redis_7.0.15-alpine.html index 43800db75af1d..27e59d89c3972 100644 --- a/docs/snyk/master/redis_7.0.15-alpine.html +++ b/docs/snyk/master/redis_7.0.15-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    January 12th 2025, 12:20:55 am (UTC+00:00)

    +

    February 2nd 2025, 12:19:38 am (UTC+00:00)

    Scanned the following paths: diff --git a/docs/snyk/v2.11.12/argocd-iac-install.html b/docs/snyk/v2.11.13/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.11.12/argocd-iac-install.html rename to docs/snyk/v2.11.13/argocd-iac-install.html index b9849f4ea39da..def470d0590d8 100644 --- a/docs/snyk/v2.11.12/argocd-iac-install.html +++ b/docs/snyk/v2.11.13/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    January 12th 2025, 12:32:52 am (UTC+00:00)

    +

    February 2nd 2025, 12:31:28 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.11.12/argocd-iac-namespace-install.html b/docs/snyk/v2.11.13/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.11.12/argocd-iac-namespace-install.html rename to docs/snyk/v2.11.13/argocd-iac-namespace-install.html index fad8238557f71..4a366d43e32c0 100644 --- a/docs/snyk/v2.11.12/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.11.13/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    January 12th 2025, 12:33:02 am (UTC+00:00)

    +

    February 2nd 2025, 12:31:37 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.11.12/argocd-test.html b/docs/snyk/v2.11.13/argocd-test.html similarity index 77% rename from docs/snyk/v2.11.12/argocd-test.html rename to docs/snyk/v2.11.13/argocd-test.html index a4200bd7342d6..8561c034eb9cc 100644 --- a/docs/snyk/v2.11.12/argocd-test.html +++ b/docs/snyk/v2.11.13/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    January 12th 2025, 12:30:49 am (UTC+00:00)

    +

    February 2nd 2025, 12:29:26 am (UTC+00:00)

    Scanned the following paths: @@ -467,9 +467,9 @@

    Snyk test report

    -
    17 known vulnerabilities
    -
    1176 vulnerable dependency paths
    -
    2041 dependencies
    +
    13 known vulnerabilities
    +
    936 vulnerable dependency paths
    +
    2046 dependencies
    @@ -477,277 +477,6 @@

    Snyk test report

    -
    -

    Incorrect Implementation of Authentication Algorithm

    -
    - -
    - critical severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/crypto/ssh -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.19.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - golang.org/x/crypto/ssh@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - golang.org/x/crypto/ssh/knownhosts@0.19.0 - › - golang.org/x/crypto/ssh@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - golang.org/x/crypto/ssh@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - golang.org/x/crypto/ssh@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh/knownhosts@0.19.0 - › - golang.org/x/crypto/ssh@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.19.0 - › - golang.org/x/crypto/ssh@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - golang.org/x/crypto/ssh@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh/knownhosts@0.19.0 - › - golang.org/x/crypto/ssh@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.19.0 - › - golang.org/x/crypto/ssh@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh/knownhosts@0.19.0 - › - golang.org/x/crypto/ssh@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.19.0 - › - golang.org/x/crypto/ssh@0.19.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/crypto/ssh is a SSH client and server

    -

    Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

    -

    Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

    -

    Remediation

    -

    Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -

    Denial of Service (DoS)

    @@ -1025,7 +754,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 › @@ -1103,7 +832,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 › @@ -1129,7 +858,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 › @@ -1142,7 +871,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 › @@ -1155,7 +884,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 › @@ -1168,7 +897,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 › @@ -1181,7 +910,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 › @@ -1194,7 +923,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 › @@ -1207,7 +936,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 › @@ -1220,7 +949,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 › @@ -1233,7 +962,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 › @@ -1246,7 +975,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/core/install@1.26.11 › @@ -1259,7 +988,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 › @@ -1272,7 +1001,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/events/install@1.26.11 › @@ -1285,7 +1014,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 › @@ -1298,7 +1027,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 › @@ -1311,7 +1040,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 › @@ -1324,7 +1053,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 › @@ -1337,7 +1066,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/node/install@1.26.11 › @@ -1350,7 +1079,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 › @@ -1363,7 +1092,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 › @@ -1376,7 +1105,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 › @@ -1389,7 +1118,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -1454,7 +1183,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/scheme@0.26.11 › @@ -1779,7 +1508,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/runtime@0.26.11 › @@ -1805,7 +1534,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 › @@ -1818,7 +1547,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 › @@ -1831,7 +1560,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/testing@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/testing@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 › @@ -1900,7 +1629,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 › @@ -1915,7 +1644,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 › @@ -1930,7 +1659,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/testing@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/testing@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 › @@ -2005,7 +1734,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 › @@ -2185,7 +1914,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 › @@ -2200,7 +1929,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 › @@ -2215,7 +1944,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/testing@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/testing@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 › @@ -2365,7 +2094,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/util/managedfields@0.26.11 › @@ -2500,9 +2229,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 › @@ -2515,9 +2244,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 › @@ -2530,9 +2259,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 › @@ -2545,9 +2274,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 › @@ -2560,9 +2289,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 › @@ -2575,9 +2304,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 › @@ -2590,9 +2319,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 › @@ -2605,9 +2334,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 › @@ -2620,9 +2349,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 › @@ -2635,9 +2364,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 › @@ -2650,9 +2379,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 › @@ -2665,9 +2394,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 › @@ -2680,9 +2409,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 › @@ -2695,9 +2424,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 › @@ -2710,9 +2439,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 › @@ -2725,9 +2454,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 › @@ -2740,9 +2469,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 › @@ -2755,9 +2484,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 › @@ -2770,9 +2499,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/core/install@1.26.11 › @@ -2785,9 +2514,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/core/install@1.26.11 › @@ -2800,9 +2529,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 › @@ -2815,9 +2544,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 › @@ -2830,9 +2559,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/events/install@1.26.11 › @@ -2845,9 +2574,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/events/install@1.26.11 › @@ -2860,9 +2589,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 › @@ -2875,9 +2604,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 › @@ -2890,9 +2619,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 › @@ -2905,9 +2634,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 › @@ -2920,9 +2649,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 › @@ -2935,9 +2664,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 › @@ -2950,9 +2679,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 › @@ -2965,9 +2694,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 › @@ -2980,9 +2709,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/node/install@1.26.11 › @@ -2995,9 +2724,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/node/install@1.26.11 › @@ -3010,9 +2739,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 › @@ -3025,9 +2754,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 › @@ -3040,9 +2769,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 › @@ -3055,9 +2784,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 › @@ -3070,9 +2799,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 › @@ -3085,9 +2814,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 › @@ -3100,9 +2829,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -3115,9 +2844,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -3205,7 +2934,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -3220,7 +2949,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -3235,7 +2964,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -3250,9 +2979,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/scheme@0.26.11 › @@ -3265,7 +2994,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -3280,9 +3009,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/scheme@0.26.11 › @@ -3295,9 +3024,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/scheme@0.26.11 › @@ -3310,7 +3039,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -3325,7 +3054,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › k8s.io/client-go/tools/watch@0.26.11 › @@ -3385,7 +3114,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -3400,7 +3129,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -3415,7 +3144,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -3790,7 +3519,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 › @@ -3880,7 +3609,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 › @@ -3940,7 +3669,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 › @@ -4025,11 +3754,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 › @@ -4229,7 +3958,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 › @@ -4246,7 +3975,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 › @@ -4450,7 +4179,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 › @@ -4467,7 +4196,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 › @@ -4484,7 +4213,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/testing@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/testing@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 › @@ -4569,7 +4298,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 › @@ -4841,7 +4570,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -4858,7 +4587,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -4875,7 +4604,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -4977,11 +4706,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 › @@ -4994,11 +4723,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 › @@ -5011,11 +4740,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 › @@ -5028,11 +4757,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 › @@ -5045,11 +4774,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 › @@ -5062,11 +4791,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 › @@ -5079,11 +4808,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 › @@ -5096,11 +4825,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 › @@ -5113,7 +4842,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -5130,11 +4859,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 › @@ -5147,11 +4876,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 › @@ -5164,11 +4893,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 › @@ -5181,11 +4910,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 › @@ -5198,11 +4927,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 › @@ -5215,11 +4944,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 › @@ -5232,11 +4961,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 › @@ -5249,11 +4978,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 › @@ -5266,11 +4995,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 › @@ -5283,11 +5012,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 › @@ -5300,11 +5029,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 › @@ -5317,11 +5046,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 › @@ -5334,11 +5063,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 › @@ -5351,11 +5080,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 › @@ -5368,11 +5097,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 › @@ -5385,11 +5114,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 › @@ -5402,11 +5131,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 › @@ -5419,11 +5148,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 › @@ -5436,11 +5165,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 › @@ -5453,11 +5182,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 › @@ -5470,11 +5199,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 › @@ -5487,11 +5216,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 › @@ -5504,11 +5233,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 › @@ -5521,11 +5250,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 › @@ -5538,11 +5267,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 › @@ -5555,11 +5284,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 › @@ -5572,11 +5301,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 › @@ -5589,11 +5318,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 › @@ -5606,11 +5335,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/core/install@1.26.11 › @@ -5623,11 +5352,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/core/install@1.26.11 › @@ -5640,11 +5369,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/core/install@1.26.11 › @@ -5657,11 +5386,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/core/install@1.26.11 › @@ -5674,11 +5403,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 › @@ -5691,11 +5420,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 › @@ -5708,11 +5437,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 › @@ -5725,11 +5454,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 › @@ -5742,11 +5471,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/events/install@1.26.11 › @@ -5759,11 +5488,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/events/install@1.26.11 › @@ -5776,11 +5505,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/events/install@1.26.11 › @@ -5793,11 +5522,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/events/install@1.26.11 › @@ -5810,11 +5539,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 › @@ -5827,11 +5556,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 › @@ -5844,11 +5573,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 › @@ -5861,11 +5590,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 › @@ -5878,11 +5607,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 › @@ -5895,11 +5624,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 › @@ -5912,11 +5641,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 › @@ -5929,11 +5658,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 › @@ -5946,11 +5675,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 › @@ -5963,11 +5692,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 › @@ -5980,11 +5709,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 › @@ -5997,11 +5726,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 › @@ -6014,11 +5743,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 › @@ -6031,11 +5760,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 › @@ -6048,11 +5777,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 › @@ -6065,11 +5794,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 › @@ -6082,11 +5811,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/node/install@1.26.11 › @@ -6099,11 +5828,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/node/install@1.26.11 › @@ -6116,11 +5845,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/node/install@1.26.11 › @@ -6133,11 +5862,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/node/install@1.26.11 › @@ -6150,11 +5879,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 › @@ -6167,11 +5896,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 › @@ -6184,11 +5913,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 › @@ -6201,11 +5930,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 › @@ -6218,11 +5947,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 › @@ -6235,11 +5964,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 › @@ -6252,11 +5981,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 › @@ -6269,11 +5998,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 › @@ -6286,11 +6015,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 › @@ -6303,11 +6032,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 › @@ -6320,11 +6049,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 › @@ -6337,11 +6066,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 › @@ -6354,11 +6083,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -6371,11 +6100,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -6388,11 +6117,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -6405,11 +6134,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -6626,9 +6355,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -6643,9 +6372,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -6728,7 +6457,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -6745,7 +6474,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -6762,7 +6491,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -6779,9 +6508,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -6796,9 +6525,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -6813,9 +6542,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -6830,7 +6559,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -6847,7 +6576,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -6864,7 +6593,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -6932,7 +6661,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › k8s.io/client-go/tools/watch@0.26.11 › @@ -7391,7 +7120,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset@0.26.11 › @@ -8133,7 +7862,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 › @@ -8494,9 +8223,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -8513,9 +8242,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -8608,9 +8337,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -8627,9 +8356,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -8646,7 +8375,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -8817,13 +8546,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/scheme@0.26.11 › @@ -8836,13 +8565,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/scheme@0.26.11 › @@ -8855,9 +8584,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -8874,9 +8603,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -8893,9 +8622,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -8950,7 +8679,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -8969,7 +8698,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -8988,7 +8717,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -9007,9 +8736,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -9026,9 +8755,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -9045,9 +8774,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -9064,7 +8793,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -9083,7 +8812,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -9102,7 +8831,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -9311,7 +9040,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -9330,7 +9059,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -9349,7 +9078,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -9710,11 +9439,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 › @@ -9929,7 +9658,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -10034,11 +9763,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 › @@ -10517,15 +10246,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 › @@ -10538,15 +10267,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 › @@ -10559,15 +10288,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 › @@ -10580,15 +10309,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 › @@ -10601,11 +10330,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -10622,11 +10351,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -10643,11 +10372,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -10664,11 +10393,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -10685,15 +10414,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 › @@ -10706,15 +10435,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 › @@ -10727,15 +10456,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 › @@ -10748,15 +10477,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 › @@ -10769,15 +10498,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 › @@ -10790,15 +10519,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 › @@ -10811,15 +10540,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 › @@ -10832,15 +10561,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 › @@ -10853,15 +10582,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 › @@ -10874,15 +10603,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 › @@ -10895,15 +10624,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 › @@ -10916,15 +10645,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 › @@ -10937,15 +10666,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 › @@ -10958,15 +10687,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 › @@ -10979,15 +10708,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/core/install@1.26.11 › @@ -11000,15 +10729,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/core/install@1.26.11 › @@ -11021,15 +10750,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 › @@ -11042,15 +10771,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 › @@ -11063,15 +10792,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/events/install@1.26.11 › @@ -11084,15 +10813,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/events/install@1.26.11 › @@ -11105,15 +10834,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 › @@ -11126,15 +10855,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 › @@ -11147,15 +10876,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 › @@ -11168,15 +10897,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 › @@ -11189,15 +10918,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 › @@ -11210,15 +10939,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 › @@ -11231,15 +10960,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 › @@ -11252,15 +10981,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 › @@ -11273,15 +11002,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/node/install@1.26.11 › @@ -11294,15 +11023,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/node/install@1.26.11 › @@ -11315,15 +11044,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 › @@ -11336,15 +11065,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 › @@ -11357,15 +11086,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 › @@ -11378,15 +11107,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 › @@ -11399,15 +11128,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 › @@ -11420,15 +11149,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 › @@ -11441,9 +11170,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -11462,9 +11191,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -11483,15 +11212,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -11504,15 +11233,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -11525,7 +11254,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -11546,7 +11275,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -11567,7 +11296,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -11672,7 +11401,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -11693,13 +11422,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -11714,13 +11443,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -11882,15 +11611,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/scheme@0.26.11 › @@ -11924,9 +11653,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -11945,9 +11674,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -11966,9 +11695,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -11987,13 +11716,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -12008,13 +11737,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -12029,9 +11758,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -12050,9 +11779,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -12071,9 +11800,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -12134,7 +11863,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -12155,7 +11884,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -12176,7 +11905,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -12344,9 +12073,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -12365,9 +12094,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -12470,7 +12199,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -12491,7 +12220,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -12512,7 +12241,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -12785,7 +12514,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -12827,7 +12556,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -12850,7 +12579,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -12873,7 +12602,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -13034,7 +12763,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -13103,7 +12832,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -13126,7 +12855,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -13149,7 +12878,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -13241,7 +12970,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -13264,13 +12993,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -13287,13 +13016,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -13356,17 +13085,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 › @@ -13379,17 +13108,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 › @@ -13402,17 +13131,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 › @@ -13425,17 +13154,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 › @@ -13448,17 +13177,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 › @@ -13471,17 +13200,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 › @@ -13494,17 +13223,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 › @@ -13517,17 +13246,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 › @@ -13540,17 +13269,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 › @@ -13563,17 +13292,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/core/install@1.26.11 › @@ -13586,17 +13315,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 › @@ -13609,17 +13338,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/events/install@1.26.11 › @@ -13632,17 +13361,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 › @@ -13655,17 +13384,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 › @@ -13678,17 +13407,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 › @@ -13701,17 +13430,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 › @@ -13724,17 +13453,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/node/install@1.26.11 › @@ -13747,17 +13476,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 › @@ -13770,17 +13499,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 › @@ -13793,17 +13522,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 › @@ -13816,11 +13545,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -13839,11 +13568,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -13862,11 +13591,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -13885,11 +13614,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -13908,17 +13637,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -13931,9 +13660,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -13954,9 +13683,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -14069,15 +13798,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -14115,13 +13844,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -14138,13 +13867,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -14184,15 +13913,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -14207,13 +13936,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -14230,13 +13959,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -14253,7 +13982,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -14276,7 +14005,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -14299,7 +14028,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -14345,9 +14074,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -14368,9 +14097,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -14506,9 +14235,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -14529,9 +14258,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -14644,7 +14373,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -14667,7 +14396,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -14690,7 +14419,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -14811,7 +14540,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -14836,7 +14565,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -14861,7 +14590,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -14886,9 +14615,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -14986,15 +14715,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -15036,15 +14765,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -15061,15 +14790,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -15136,15 +14865,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -15211,13 +14940,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -15236,13 +14965,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -15261,15 +14990,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -15286,9 +15015,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/cache@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -15311,9 +15040,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -15336,9 +15065,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -15361,13 +15090,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -15386,13 +15115,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -15461,7 +15190,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -15486,13 +15215,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -15511,13 +15240,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -15846,17 +15575,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -15873,15 +15602,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -15900,15 +15629,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -15927,7 +15656,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -15954,13 +15683,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -15981,13 +15710,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -16089,7 +15818,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/replace@0.26.11 › @@ -16116,15 +15845,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -16143,15 +15872,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -16224,7 +15953,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -16251,13 +15980,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -16278,13 +16007,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -16359,15 +16088,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -16440,7 +16169,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/diff@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -16467,13 +16196,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -16494,13 +16223,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -16577,13 +16306,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -16635,17 +16364,17 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#a4b7cc110bf1 › k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 › @@ -16664,15 +16393,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -16780,9 +16509,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/replace@0.26.11 › @@ -16809,9 +16538,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/replace@0.26.11 › @@ -16838,9 +16567,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/replace@0.26.11 › @@ -16867,13 +16596,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -16896,13 +16625,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -16925,7 +16654,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/replace@0.26.11 › @@ -16954,15 +16683,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -17041,15 +16770,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/util/openapi@0.26.11 › @@ -17161,15 +16890,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/util@0.26.11 › @@ -17192,9 +16921,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/health@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/replace@0.26.11 › @@ -17223,9 +16952,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/replace@0.26.11 › @@ -17254,9 +16983,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/replace@0.26.11 › @@ -17351,13 +17080,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/replace@0.26.11 › @@ -17384,13 +17113,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/replace@0.26.11 › @@ -17417,15 +17146,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/replace@0.26.11 › @@ -17452,13 +17181,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/replace@0.26.11 › @@ -17487,13 +17216,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/replace@0.26.11 › @@ -17522,15 +17251,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/ignore@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/sync/common@#a4b7cc110bf1 › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + github.com/argoproj/gitops-engine/pkg/utils/kube@#a4b7cc110bf1 › k8s.io/kubectl/pkg/cmd/replace@0.26.11 › @@ -17604,12 +17333,12 @@

    References

    -
    -

    Allocation of Resources Without Limits or Throttling

    +
    +

    LGPL-3.0 license

    -
    - high severity +
    + medium severity
    @@ -17622,15 +17351,15 @@

    Allocation of Resources Without Limits or Throttling

  • - Vulnerable module: + Module: - golang.org/x/net/http2 + gopkg.in/retry.v1
  • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.26.11 and others + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others
    • @@ -17644,3974 +17373,22 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 › - k8s.io/apimachinery/pkg/util/net@0.26.11 + github.com/Azure/kubelogin/pkg/token@0.0.20 › - golang.org/x/net/http2@0.19.0 + gopkg.in/retry.v1@1.0.3 -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/soheilhy/cmux@0.1.5 - › - golang.org/x/net/http2@0.19.0 - - + -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - +
    • - -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - golang.org/x/net/http2@0.19.0 - - +
    + +

    LGPL-3.0 license

    -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/record@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.46.1 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/clientcmd@0.26.11 - › - k8s.io/client-go/tools/auth@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/discovery/fake@0.26.11 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes/fake@0.26.11 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers/apps/v1@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/remotecommand@0.26.11 - › - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/api/rbac/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/api/errors@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/api/equality@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/reflection@1.59.0 - › - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - google.golang.org/grpc/health@1.59.0 - › - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - › - k8s.io/client-go/tools/clientcmd@0.26.11 - › - k8s.io/client-go/tools/auth@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers/core/v1@0.26.11 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/term@0.26.11 - › - k8s.io/client-go/tools/remotecommand@0.26.11 - › - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - › - k8s.io/client-go/tools/leaderelection@0.26.11 - › - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/utils/testing@#18ba62e1f1fb - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/scheme@0.14.7 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/resource@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/util/retry@0.26.11 - › - k8s.io/apimachinery/pkg/api/errors@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/util/managedfields@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/tools/pager@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/portforward@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.26.11 - › - k8s.io/apimachinery/pkg/api/equality@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/api/validation@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/discovery/fake@0.26.11 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes/fake@0.26.11 - › - k8s.io/client-go/testing@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/remotecommand@0.26.11 - › - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - › - k8s.io/client-go/restmapper@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 - › - k8s.io/client-go/tools/clientcmd@0.26.11 - › - k8s.io/client-go/tools/auth@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb - › - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers/core/v1@0.26.11 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/record@0.26.11 - › - k8s.io/client-go/tools/reference@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb - › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/tools/pager@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers/apps/v1@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/tools/pager@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/informers@0.26.11 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/tools/pager@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/term@0.26.11 - › - k8s.io/client-go/tools/remotecommand@0.26.11 - › - k8s.io/client-go/transport/spdy@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - › - k8s.io/client-go/tools/leaderelection@0.26.11 - › - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - k8s.io/client-go/transport@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - google.golang.org/api/option@0.132.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - › - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - › - k8s.io/client-go/listers/core/v1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes@0.26.11 - › - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - › - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 - › - k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/clientcmd@0.26.11 - › - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - › - k8s.io/client-go/tools/cache@0.26.11 - › - k8s.io/client-go/tools/pager@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - google.golang.org/api/option@0.132.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb - › - k8s.io/kubectl/pkg/cmd/util@0.26.11 - › - k8s.io/kubectl/pkg/validation@0.26.11 - › - k8s.io/cli-runtime/pkg/resource@0.26.11 - › - k8s.io/client-go/restmapper@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb - › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb - › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - › - k8s.io/client-go/tools/leaderelection@0.26.11 - › - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - google.golang.org/api/option@0.132.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - › - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - › - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - › - k8s.io/client-go/tools/clientcmd@0.26.11 - › - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - › - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/kubernetes@0.26.11 - › - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb - › - k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 - › - k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.26.11 - › - k8s.io/api/storage/v1alpha1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - google.golang.org/api/option@0.132.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb - › - github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb - › - github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - › - k8s.io/client-go/tools/leaderelection@0.26.11 - › - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - › - k8s.io/client-go/rest@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - › - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - › - google.golang.org/api/chat/v1@0.132.0 - › - google.golang.org/api/transport/http@0.132.0 - › - google.golang.org/api/option@0.132.0 - › - google.golang.org/grpc@1.59.0 - › - google.golang.org/grpc/internal/transport@1.59.0 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb - › - k8s.io/kubectl/pkg/util/openapi@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - › - k8s.io/client-go/restmapper@0.26.11 - › - k8s.io/client-go/discovery@0.26.11 - › - k8s.io/client-go/kubernetes/scheme@0.26.11 - › - k8s.io/api/storage/v1beta1@0.26.11 - › - k8s.io/api/core/v1@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - › - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - › - k8s.io/client-go/dynamic@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - › - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - › - k8s.io/apimachinery/pkg/watch@0.26.11 - › - k8s.io/apimachinery/pkg/util/net@0.26.11 - › - golang.org/x/net/http2@0.19.0 - - - -
    • - - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-git/go-git/v5/plumbing -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/go-git/go-git/v5/plumbing@5.11.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/config@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/utils/merkletrie/filesystem@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/config@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/utils/merkletrie/index@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/objfile@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/config@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/cache@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.11.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/idxfile@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/utils/merkletrie/index@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.11.0 - › - github.com/go-git/go-git/v5/utils/binary@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/config@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/object@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.11.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.11.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.11.0 - › - github.com/go-git/go-git/v5/utils/binary@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.11.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.11.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/object@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/object@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/diff@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.11.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.11.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/objfile@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/config@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/config@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.11.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.11.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/cache@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/object@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/diff@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.11.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.11.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/idxfile@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.11.0 - › - github.com/go-git/go-git/v5/utils/binary@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/config@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.11.0 - › - github.com/go-git/go-git/v5/utils/binary@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.11.0 - › - github.com/go-git/go-git/v5/utils/binary@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.11.0 - › - github.com/go-git/go-git/v5/storage/memory@5.11.0 - › - github.com/go-git/go-git/v5/storage@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.11.0 - › - github.com/go-git/go-git/v5/utils/binary@5.11.0 - › - github.com/go-git/go-git/v5/plumbing@5.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/go-git/go-git/v5/plumbing is a highly extensible git implementation library written in pure Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via specially crafted responses from a Git server, which triggers resource exhaustion in clients.

    -

    Workaround

    -

    In cases where a bump to the latest version of go-git is not possible, we recommend limiting its use to only trustworthy Git servers.

    -

    Remediation

    -

    Upgrade github.com/go-git/go-git/v5/plumbing to version 5.13.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - gopkg.in/retry.v1 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - gopkg.in/retry.v1@1.0.3 - - - -
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    +

    More about this vulnerability

    @@ -22522,332 +18299,6 @@

    Detailed paths

    More about this vulnerability

    -
    -
    -

    Arbitrary Argument Injection

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-git/go-git/v5/plumbing/transport -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/git@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/git@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.11.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Arbitrary Argument Injection via a malicious URL value, which allows an attacker to set flags on the git-upload-pack command, if the file: protocol is in use.

    -

    Remediation

    -

    Upgrade github.com/go-git/go-git/v5/plumbing/transport to version 5.13.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    diff --git a/docs/snyk/v2.12.9/ghcr.io_dexidp_dex_v2.38.0.html b/docs/snyk/v2.11.13/ghcr.io_dexidp_dex_v2.38.0.html similarity index 96% rename from docs/snyk/v2.12.9/ghcr.io_dexidp_dex_v2.38.0.html rename to docs/snyk/v2.11.13/ghcr.io_dexidp_dex_v2.38.0.html index f5079fa6bfd0c..6a64e7c3d908a 100644 --- a/docs/snyk/v2.12.9/ghcr.io_dexidp_dex_v2.38.0.html +++ b/docs/snyk/v2.11.13/ghcr.io_dexidp_dex_v2.38.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    January 12th 2025, 12:28:28 am (UTC+00:00)

    +

    February 2nd 2025, 12:29:34 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    45 known vulnerabilities
    -
    133 vulnerable dependency paths
    +
    46 known vulnerabilities
    +
    134 vulnerable dependency paths
    829 dependencies
    @@ -2695,6 +2695,131 @@

    References

    More about this vulnerability

    +
    +
    +

    Cross-site Scripting (XSS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/hashicorp/consul/api +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/consul/api@v1.13.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + › + github.com/hashicorp/consul/api@v1.13.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via requests sent with a Content-Type text value, which is insufficiently validated against the content of the request.

    +

    Note: This vulnerability has also been patched in Enterprise releases 1.15.16, 1.18.6, and 1.19.4.

    +

    Details

    +

    A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

    +

    This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

    +

    Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

    +

    Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

    +

    The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

    +

    Types of attacks

    +

    There are a few methods by which XSS can be manipulated:

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    TypeOriginDescription
    StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
    ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
    DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
    MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
    +

    Affected environments

    +

    The following environments are susceptible to an XSS attack:

    +
      +
    • Web servers
      • +
    • Application servers
      • +
    • Web application environments
      • +
    +

    How to prevent

    +

    This section describes the top best practices designed to specifically protect your code:

    +
      +
    • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
      • +
    • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
      • +
    • Give users the option to disable client-side scripts.
      • +
    • Redirect invalid requests.
      • +
    • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
      • +
    • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
      • +
    • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
      • +
    +

    Remediation

    +

    Upgrade github.com/hashicorp/consul/api to version 1.20.2 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    MPL-2.0 license

    diff --git a/docs/snyk/v2.11.12/haproxy_2.6.14-alpine.html b/docs/snyk/v2.11.13/haproxy_2.6.14-alpine.html similarity index 99% rename from docs/snyk/v2.11.12/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.11.13/haproxy_2.6.14-alpine.html index 70798249f7648..82428d7261d59 100644 --- a/docs/snyk/v2.11.12/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.11.13/haproxy_2.6.14-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    January 12th 2025, 12:31:03 am (UTC+00:00)

    +

    February 2nd 2025, 12:29:39 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.11.12/quay.io_argoproj_argocd_v2.11.12.html b/docs/snyk/v2.11.13/quay.io_argoproj_argocd_v2.11.13.html similarity index 90% rename from docs/snyk/v2.11.12/quay.io_argoproj_argocd_v2.11.12.html rename to docs/snyk/v2.11.13/quay.io_argoproj_argocd_v2.11.13.html index d31a4f2dd35a2..a1ed9f5458205 100644 --- a/docs/snyk/v2.11.12/quay.io_argoproj_argocd_v2.11.12.html +++ b/docs/snyk/v2.11.13/quay.io_argoproj_argocd_v2.11.13.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,22 +456,22 @@

    Snyk test report

    -

    January 12th 2025, 12:31:25 am (UTC+00:00)

    +

    February 2nd 2025, 12:29:59 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.11.12/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.11.12//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.11.12/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.11.12/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.11.13/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.11.13/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.11.13//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.11.13/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.11.13/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    -
    43 known vulnerabilities
    -
    205 vulnerable dependency paths
    +
    39 known vulnerabilities
    +
    200 vulnerable dependency paths
    2280 dependencies
    @@ -480,80 +480,6 @@

    Snyk test report

    -
    -

    Incorrect Implementation of Authentication Algorithm

    -
    - -
    - critical severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/crypto/ssh -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.19.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - golang.org/x/crypto/ssh@v0.19.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/crypto/ssh is a SSH client and server

    -

    Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

    -

    Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

    -

    Remediation

    -

    Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -

    Denial of Service (DoS)

    @@ -566,7 +492,7 @@

    Denial of Service (DoS)

    • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd
    • Package Manager: golang @@ -660,7 +586,7 @@

      Allocation of Resources Without Limits or Throttling

    • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.13/helm/v3 › /usr/local/bin/helm
    • Package Manager: golang @@ -673,7 +599,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.17.0
    @@ -684,15 +610,6 @@

    Allocation of Resources Without Limits or Throttling

    Detailed paths

      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - golang.org/x/net/http2@v0.19.0 - - - -
    • Introduced through: helm.sh/helm/v3@* @@ -741,7 +658,7 @@

      Denial of Service (DoS)

      • - Manifest file: quay.io/argoproj/argocd:v2.11.12/helm/v3 › /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.11.13/helm/v3 › /usr/local/bin/helm
      • Package Manager: golang @@ -811,76 +728,6 @@

        References

        More about this vulnerability

    - -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-git/go-git/v5/plumbing -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/go-git/go-git/v5/plumbing@v5.11.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/go-git/go-git/v5/plumbing@v5.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/go-git/go-git/v5/plumbing is a highly extensible git implementation library written in pure Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via specially crafted responses from a Git server, which triggers resource exhaustion in clients.

    -

    Workaround

    -

    In cases where a bump to the latest version of go-git is not possible, we recommend limiting its use to only trustworthy Git servers.

    -

    Remediation

    -

    Upgrade github.com/go-git/go-git/v5/plumbing to version 5.13.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    CVE-2024-56433

    @@ -894,7 +741,7 @@

    CVE-2024-56433

    • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
    • Package Manager: ubuntu:22.04 @@ -907,7 +754,7 @@

      CVE-2024-56433

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.11.13 and shadow/passwd@1:4.8.1-2ubuntu2.2
    @@ -920,7 +767,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -929,7 +776,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › @@ -940,7 +787,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › openssh/openssh-client@1:8.9p1-3ubuntu0.10 › @@ -951,7 +798,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › shadow/login@1:4.8.1-2ubuntu2.2 @@ -997,7 +844,7 @@

      Insecure Storage of Sensitive Information

      • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
      • Package Manager: ubuntu:22.04 @@ -1010,7 +857,7 @@

        Insecure Storage of Sensitive Information

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and pam/libpam0g@1.4.0-11ubuntu2.4 + docker-image|quay.io/argoproj/argocd@v2.11.13 and pam/libpam0g@1.4.0-11ubuntu2.5
      @@ -1023,164 +870,164 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › - pam/libpam0g@1.4.0-11ubuntu2.4 + pam/libpam0g@1.4.0-11ubuntu2.5
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › shadow/login@1:4.8.1-2ubuntu2.2 › - pam/libpam0g@1.4.0-11ubuntu2.4 + pam/libpam0g@1.4.0-11ubuntu2.5
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › util-linux@2.37.2-4ubuntu3.4 › - pam/libpam0g@1.4.0-11ubuntu2.4 + pam/libpam0g@1.4.0-11ubuntu2.5
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam0g@1.4.0-11ubuntu2.4 + pam/libpam0g@1.4.0-11ubuntu2.5
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › - pam/libpam0g@1.4.0-11ubuntu2.4 + pam/libpam0g@1.4.0-11ubuntu2.5
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › - pam/libpam-modules-bin@1.4.0-11ubuntu2.4 + pam/libpam-modules-bin@1.4.0-11ubuntu2.5 › - pam/libpam0g@1.4.0-11ubuntu2.4 + pam/libpam0g@1.4.0-11ubuntu2.5
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › - pam/libpam-modules-bin@1.4.0-11ubuntu2.4 + pam/libpam-modules-bin@1.4.0-11ubuntu2.5
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › - pam/libpam-modules-bin@1.4.0-11ubuntu2.4 + pam/libpam-modules-bin@1.4.0-11ubuntu2.5
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › - pam/libpam-runtime@1.4.0-11ubuntu2.4 + pam/libpam-runtime@1.4.0-11ubuntu2.5 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › shadow/login@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › - pam/libpam-runtime@1.4.0-11ubuntu2.4 + pam/libpam-runtime@1.4.0-11ubuntu2.5
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › shadow/login@1:4.8.1-2ubuntu2.2 › - pam/libpam-runtime@1.4.0-11ubuntu2.4 + pam/libpam-runtime@1.4.0-11ubuntu2.5 @@ -1226,7 +1073,7 @@

        CVE-2024-26462

        • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
        • Package Manager: ubuntu:22.04 @@ -1239,7 +1086,7 @@

          CVE-2024-26462

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.4 + docker-image|quay.io/argoproj/argocd@v2.11.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.4
        @@ -1252,7 +1099,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › krb5/libk5crypto3@1.19.2-2ubuntu0.4 @@ -1261,13 +1108,13 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › libnsl/libnsl2@1.3.0-2build2 › @@ -1282,13 +1129,13 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › libnsl/libnsl2@1.3.0-2build2 › @@ -1305,7 +1152,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › krb5/libkrb5-3@1.19.2-2ubuntu0.4 @@ -1314,13 +1161,13 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › libnsl/libnsl2@1.3.0-2build2 › @@ -1335,7 +1182,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 @@ -1344,7 +1191,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › openssh/openssh-client@1:8.9p1-3ubuntu0.10 › @@ -1355,11 +1202,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.12 › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.20 › krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 @@ -1368,11 +1215,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.12 › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.20 › libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 › @@ -1383,13 +1230,13 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › libnsl/libnsl2@1.3.0-2build2 › @@ -1402,7 +1249,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › krb5/libkrb5support0@1.19.2-2ubuntu0.4 @@ -1447,7 +1294,7 @@

          LGPL-3.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd
          • Package Manager: golang @@ -1507,7 +1354,7 @@

            Denial of Service (DoS)

            • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd
            • Package Manager: golang @@ -1617,7 +1464,7 @@

              MPL-2.0 license

              • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd
              • Package Manager: golang @@ -1677,7 +1524,7 @@

                MPL-2.0 license

                • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                • Package Manager: golang @@ -1737,7 +1584,7 @@

                  Insertion of Sensitive Information into Log File

                  • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                  • Package Manager: golang @@ -1805,7 +1652,7 @@

                    MPL-2.0 license

                    • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                    • Package Manager: golang @@ -1865,7 +1712,7 @@

                      MPL-2.0 license

                      • - Manifest file: quay.io/argoproj/argocd:v2.11.12/helm/v3 › /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.11.13/helm/v3 › /usr/local/bin/helm
                      • Package Manager: golang @@ -1925,7 +1772,7 @@

                        MPL-2.0 license

                        • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                        • Package Manager: golang @@ -1985,7 +1832,7 @@

                          MPL-2.0 license

                          • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                          • Package Manager: golang @@ -2034,7 +1881,76 @@

                            Detailed paths

    -

    Arbitrary Argument Injection

    +

    Generation of Error Message Containing Sensitive Information

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/argoproj/gitops-engine/pkg/utils/kube +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250129155113-a4b7cc110bf1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + › + github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250129155113-a4b7cc110bf1 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.

    +

    Remediation

    +

    A fix was pushed into the master branch but not yet published.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Generation of Error Message Containing Sensitive Information

    @@ -2045,7 +1961,7 @@

    Arbitrary Argument Injection

    • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd
    • Package Manager: golang @@ -2053,12 +1969,12 @@

      Arbitrary Argument Injection

    • Vulnerable module: - github.com/go-git/go-git/v5/plumbing/transport + github.com/argoproj/gitops-engine/pkg/diff
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/go-git/go-git/v5/plumbing/transport@v5.11.0 + github.com/argoproj/argo-cd/v2@* and github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250129155113-a4b7cc110bf1
    @@ -2073,7 +1989,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* › - github.com/go-git/go-git/v5/plumbing/transport@v5.11.0 + github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250129155113-a4b7cc110bf1 @@ -2085,18 +2001,20 @@

    Detailed paths

    Overview

    -

    Affected versions of this package are vulnerable to Arbitrary Argument Injection via a malicious URL value, which allows an attacker to set flags on the git-upload-pack command, if the file: protocol is in use.

    +

    Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.

    Remediation

    -

    Upgrade github.com/go-git/go-git/v5/plumbing/transport to version 5.13.0 or higher.

    +

    A fix was pushed into the master branch but not yet published.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -2112,7 +2030,7 @@

    CVE-2023-4039

    • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2125,7 +2043,7 @@

      CVE-2023-4039

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.11.13 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
    @@ -2138,7 +2056,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -2147,7 +2065,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › apt@2.4.13 › @@ -2158,7 +2076,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › apt@2.4.13 › @@ -2171,7 +2089,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 @@ -2180,7 +2098,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -2224,78 +2142,6 @@

      References

      More about this vulnerability

    -
    -
    -

    CVE-2024-50602

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - expat/libexpat1 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.11.12, git@1:2.34.1-1ubuntu1.11 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 - › - git@1:2.34.1-1ubuntu1.11 - › - expat/libexpat1@2.4.7-1ubuntu0.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 expat to version 2.4.7-1ubuntu0.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    CVE-2023-7008

    @@ -2309,7 +2155,7 @@

    CVE-2023-7008

    • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2322,7 +2168,7 @@

      CVE-2023-7008

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and systemd/libsystemd0@249.11-0ubuntu3.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 and systemd/libsystemd0@249.11-0ubuntu3.12
    @@ -2335,7 +2181,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2344,7 +2190,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › apt@2.4.13 › @@ -2355,7 +2201,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › procps/libprocps8@2:3.3.17-6ubuntu2.1 › @@ -2366,7 +2212,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › util-linux@2.37.2-4ubuntu3.4 › @@ -2377,7 +2223,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › util-linux/bsdutils@1:2.37.2-4ubuntu3.4 › @@ -2388,7 +2234,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › apt@2.4.13 › @@ -2401,7 +2247,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › systemd/libudev1@249.11-0ubuntu3.12 @@ -2410,7 +2256,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › libfido2/libfido2-1@1.10.0-1 › @@ -2421,7 +2267,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › util-linux@2.37.2-4ubuntu3.4 › @@ -2432,7 +2278,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › apt@2.4.13 › @@ -2488,7 +2334,7 @@

      Arbitrary Code Injection

      • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
      • Package Manager: ubuntu:22.04 @@ -2501,7 +2347,7 @@

        Arbitrary Code Injection

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.11.13 and shadow/passwd@1:4.8.1-2ubuntu2.2
      @@ -2514,7 +2360,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -2523,7 +2369,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › @@ -2534,7 +2380,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › openssh/openssh-client@1:8.9p1-3ubuntu0.10 › @@ -2545,7 +2391,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › shadow/login@1:4.8.1-2ubuntu2.2 @@ -2592,7 +2438,7 @@

        Uncontrolled Recursion

        • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
        • Package Manager: ubuntu:22.04 @@ -2605,7 +2451,7 @@

          Uncontrolled Recursion

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.11.13 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
        @@ -2618,7 +2464,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -2627,7 +2473,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › grep@3.7-1build1 › @@ -2680,7 +2526,7 @@

          Integer Overflow or Wraparound

          • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
          • Package Manager: ubuntu:22.04 @@ -2693,7 +2539,7 @@

            Integer Overflow or Wraparound

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and pcre2/libpcre2-8-0@10.39-3ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.11.13 and pcre2/libpcre2-8-0@10.39-3ubuntu0.1
          @@ -2706,7 +2552,7 @@

          Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › pcre2/libpcre2-8-0@10.39-3ubuntu0.1 @@ -2751,7 +2597,7 @@

            Release of Invalid Pointer or Reference

            • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
            • Package Manager: ubuntu:22.04 @@ -2764,7 +2610,7 @@

              Release of Invalid Pointer or Reference

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.11.13 and patch@2.7.6-7build2
            @@ -2777,7 +2623,7 @@

            Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › patch@2.7.6-7build2 @@ -2821,7 +2667,7 @@

              Double Free

              • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
              • Package Manager: ubuntu:22.04 @@ -2834,7 +2680,7 @@

                Double Free

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.11.13 and patch@2.7.6-7build2
              @@ -2847,7 +2693,7 @@

              Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › patch@2.7.6-7build2 @@ -2896,7 +2742,7 @@

                CVE-2024-41996

                • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
                • Package Manager: ubuntu:22.04 @@ -2909,7 +2755,7 @@

                  CVE-2024-41996

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and openssl/libssl3@3.0.2-0ubuntu1.18 + docker-image|quay.io/argoproj/argocd@v2.11.13 and openssl/libssl3@3.0.2-0ubuntu1.18
                @@ -2922,7 +2768,7 @@

                Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › openssl/libssl3@3.0.2-0ubuntu1.18 @@ -2931,7 +2777,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 › @@ -2942,7 +2788,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › libfido2/libfido2-1@1.10.0-1 › @@ -2953,7 +2799,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › openssh/openssh-client@1:8.9p1-3ubuntu0.10 › @@ -2964,7 +2810,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ca-certificates@20240203~22.04.1 › @@ -2977,11 +2823,11 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.12 › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.20 › libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 › @@ -2992,13 +2838,13 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › libnsl/libnsl2@1.3.0-2build2 › @@ -3015,7 +2861,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › openssl@3.0.2-0ubuntu1.18 @@ -3024,7 +2870,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ca-certificates@20240203~22.04.1 › @@ -3072,7 +2918,7 @@

                  CVE-2023-50495

                  • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
                  • Package Manager: ubuntu:22.04 @@ -3085,7 +2931,7 @@

                    CVE-2023-50495

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.11.13 and ncurses/libtinfo6@6.3-2ubuntu0.1
                  @@ -3098,7 +2944,7 @@

                  Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3107,7 +2953,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › bash@5.1-6ubuntu1.1 › @@ -3118,7 +2964,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ncurses/libncursesw6@6.3-2ubuntu0.1 › @@ -3129,7 +2975,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › less@590-1ubuntu0.22.04.3 › @@ -3140,7 +2986,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › libedit/libedit2@3.1-20210910-1build1 › @@ -3151,7 +2997,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ncurses/libncurses6@6.3-2ubuntu0.1 › @@ -3162,7 +3008,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ncurses/ncurses-bin@6.3-2ubuntu0.1 › @@ -3173,7 +3019,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › procps@2:3.3.17-6ubuntu2.1 › @@ -3184,7 +3030,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › util-linux@2.37.2-4ubuntu3.4 › @@ -3195,7 +3041,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gpg@2.2.27-3ubuntu2.1 › @@ -3210,7 +3056,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3225,7 +3071,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3234,7 +3080,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › procps@2:3.3.17-6ubuntu2.1 › @@ -3245,7 +3091,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3260,7 +3106,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3269,7 +3115,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › procps@2:3.3.17-6ubuntu2.1 › @@ -3280,7 +3126,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3289,7 +3135,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3336,7 +3182,7 @@

                    CVE-2023-45918

                    • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
                    • Package Manager: ubuntu:22.04 @@ -3349,7 +3195,7 @@

                      CVE-2023-45918

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.11.13 and ncurses/libtinfo6@6.3-2ubuntu0.1
                    @@ -3362,7 +3208,7 @@

                    Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3371,7 +3217,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › bash@5.1-6ubuntu1.1 › @@ -3382,7 +3228,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ncurses/libncursesw6@6.3-2ubuntu0.1 › @@ -3393,7 +3239,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › less@590-1ubuntu0.22.04.3 › @@ -3404,7 +3250,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › libedit/libedit2@3.1-20210910-1build1 › @@ -3415,7 +3261,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ncurses/libncurses6@6.3-2ubuntu0.1 › @@ -3426,7 +3272,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ncurses/ncurses-bin@6.3-2ubuntu0.1 › @@ -3437,7 +3283,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › procps@2:3.3.17-6ubuntu2.1 › @@ -3448,7 +3294,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › util-linux@2.37.2-4ubuntu3.4 › @@ -3459,7 +3305,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gpg@2.2.27-3ubuntu2.1 › @@ -3474,7 +3320,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3489,7 +3335,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3498,7 +3344,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › procps@2:3.3.17-6ubuntu2.1 › @@ -3509,7 +3355,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3524,7 +3370,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3533,7 +3379,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › procps@2:3.3.17-6ubuntu2.1 › @@ -3544,7 +3390,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3553,7 +3399,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3599,7 +3445,7 @@

                      Resource Exhaustion

                      • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
                      • Package Manager: ubuntu:22.04 @@ -3612,7 +3458,7 @@

                        Resource Exhaustion

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and libzstd/libzstd1@1.4.8+dfsg-3build1 + docker-image|quay.io/argoproj/argocd@v2.11.13 and libzstd/libzstd1@1.4.8+dfsg-3build1
                      @@ -3625,7 +3471,7 @@

                      Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › libzstd/libzstd1@1.4.8+dfsg-3build1 @@ -3676,7 +3522,7 @@

                        Information Exposure

                        • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
                        • Package Manager: ubuntu:22.04 @@ -3689,7 +3535,7 @@

                          Information Exposure

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.11.13 and libgcrypt20@1.9.4-3ubuntu3
                        @@ -3702,7 +3548,7 @@

                        Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › libgcrypt20@1.9.4-3ubuntu3 @@ -3711,7 +3557,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/dirmngr@2.2.27-3ubuntu2.1 › @@ -3722,7 +3568,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gpg@2.2.27-3ubuntu2.1 › @@ -3733,7 +3579,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › apt@2.4.13 › @@ -3746,7 +3592,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › apt@2.4.13 › @@ -3759,7 +3605,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gpg@2.2.27-3ubuntu2.1 › @@ -3772,7 +3618,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3785,7 +3631,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3798,7 +3644,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3811,7 +3657,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3824,7 +3670,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -3837,7 +3683,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › apt@2.4.13 › @@ -3890,7 +3736,7 @@

                          Integer Overflow or Wraparound

                          • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
                          • Package Manager: ubuntu:22.04 @@ -3903,7 +3749,7 @@

                            Integer Overflow or Wraparound

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.4 + docker-image|quay.io/argoproj/argocd@v2.11.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.4
                          @@ -3916,7 +3762,7 @@

                          Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › krb5/libk5crypto3@1.19.2-2ubuntu0.4 @@ -3925,13 +3771,13 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › libnsl/libnsl2@1.3.0-2build2 › @@ -3946,13 +3792,13 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › libnsl/libnsl2@1.3.0-2build2 › @@ -3969,7 +3815,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › krb5/libkrb5-3@1.19.2-2ubuntu0.4 @@ -3978,13 +3824,13 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › libnsl/libnsl2@1.3.0-2build2 › @@ -3999,7 +3845,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 @@ -4008,7 +3854,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › openssh/openssh-client@1:8.9p1-3ubuntu0.10 › @@ -4019,11 +3865,11 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.12 › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.20 › krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 @@ -4032,11 +3878,11 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.12 › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.20 › libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 › @@ -4047,13 +3893,13 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › libnsl/libnsl2@1.3.0-2build2 › @@ -4066,7 +3912,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › krb5/libkrb5support0@1.19.2-2ubuntu0.4 @@ -4114,7 +3960,7 @@

                            CVE-2024-26461

                            • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
                            • Package Manager: ubuntu:22.04 @@ -4127,7 +3973,7 @@

                              CVE-2024-26461

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.4 + docker-image|quay.io/argoproj/argocd@v2.11.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.4
                            @@ -4140,7 +3986,7 @@

                            Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › krb5/libk5crypto3@1.19.2-2ubuntu0.4 @@ -4149,13 +3995,13 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › libnsl/libnsl2@1.3.0-2build2 › @@ -4170,13 +4016,13 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › libnsl/libnsl2@1.3.0-2build2 › @@ -4193,7 +4039,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › krb5/libkrb5-3@1.19.2-2ubuntu0.4 @@ -4202,13 +4048,13 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › libnsl/libnsl2@1.3.0-2build2 › @@ -4223,7 +4069,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 @@ -4232,7 +4078,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › openssh/openssh-client@1:8.9p1-3ubuntu0.10 › @@ -4243,11 +4089,11 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.12 › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.20 › krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 @@ -4256,11 +4102,11 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.12 › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.20 › libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 › @@ -4271,13 +4117,13 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › libnsl/libnsl2@1.3.0-2build2 › @@ -4290,7 +4136,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › krb5/libkrb5support0@1.19.2-2ubuntu0.4 @@ -4335,7 +4181,7 @@

                              CVE-2024-26458

                              • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
                              • Package Manager: ubuntu:22.04 @@ -4348,7 +4194,7 @@

                                CVE-2024-26458

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.4 + docker-image|quay.io/argoproj/argocd@v2.11.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.4
                              @@ -4361,7 +4207,7 @@

                              Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › krb5/libk5crypto3@1.19.2-2ubuntu0.4 @@ -4370,13 +4216,13 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › libnsl/libnsl2@1.3.0-2build2 › @@ -4391,13 +4237,13 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › libnsl/libnsl2@1.3.0-2build2 › @@ -4414,7 +4260,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › krb5/libkrb5-3@1.19.2-2ubuntu0.4 @@ -4423,13 +4269,13 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › libnsl/libnsl2@1.3.0-2build2 › @@ -4444,7 +4290,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 @@ -4453,7 +4299,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › openssh/openssh-client@1:8.9p1-3ubuntu0.10 › @@ -4464,11 +4310,11 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.12 › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.20 › krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 @@ -4477,11 +4323,11 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.12 › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.20 › libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 › @@ -4492,13 +4338,13 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › adduser@3.118ubuntu5 › shadow/passwd@1:4.8.1-2ubuntu2.2 › - pam/libpam-modules@1.4.0-11ubuntu2.4 + pam/libpam-modules@1.4.0-11ubuntu2.5 › libnsl/libnsl2@1.3.0-2build2 › @@ -4511,7 +4357,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › krb5/libkrb5support0@1.19.2-2ubuntu0.4 @@ -4556,7 +4402,7 @@

                                Out-of-bounds Write

                                • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
                                • Package Manager: ubuntu:22.04 @@ -4569,7 +4415,7 @@

                                  Out-of-bounds Write

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.11.13 and gnupg2/gpgv@2.2.27-3ubuntu2.1
                                @@ -4582,7 +4428,7 @@

                                Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -4591,7 +4437,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › apt@2.4.13 › @@ -4602,7 +4448,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -4613,7 +4459,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/dirmngr@2.2.27-3ubuntu2.1 › @@ -4624,7 +4470,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gpg@2.2.27-3ubuntu2.1 › @@ -4635,7 +4481,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -4648,7 +4494,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -4661,7 +4507,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4670,7 +4516,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -4681,7 +4527,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -4694,7 +4540,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -4703,7 +4549,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -4714,7 +4560,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -4723,7 +4569,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -4734,7 +4580,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4743,7 +4589,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -4754,7 +4600,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -4767,7 +4613,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -4780,7 +4626,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -4789,7 +4635,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -4800,7 +4646,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -4813,7 +4659,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -4826,7 +4672,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -4835,7 +4681,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -4846,7 +4692,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -4855,7 +4701,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -4866,7 +4712,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -4875,7 +4721,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 › @@ -4886,7 +4732,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4935,7 +4781,7 @@

                                  Allocation of Resources Without Limits or Throttling

                                • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
                                • Package Manager: ubuntu:22.04 @@ -4948,7 +4794,7 @@

                                  Allocation of Resources Without Limits or Throttling

                                  Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and glibc/libc-bin@2.35-0ubuntu3.8 + docker-image|quay.io/argoproj/argocd@v2.11.13 and glibc/libc-bin@2.35-0ubuntu3.8
                                @@ -4961,7 +4807,7 @@

                                Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › glibc/libc-bin@2.35-0ubuntu3.8 @@ -4970,7 +4816,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › glibc/libc6@2.35-0ubuntu3.8 @@ -5016,7 +4862,7 @@

                                  Insufficient Documentation of Error Handling Techniques<
                                  • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                                  • Package Manager: golang @@ -5085,7 +4931,7 @@

                                    Insufficient Documentation of Error Handling Techniques<
                                    • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                                    • Package Manager: golang @@ -5154,7 +5000,7 @@

                                      Improper Input Validation

                                      • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
                                      • Package Manager: ubuntu:22.04 @@ -5168,7 +5014,7 @@

                                        Improper Input Validation

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12, git@1:2.34.1-1ubuntu1.11 and others + docker-image|quay.io/argoproj/argocd@v2.11.13, git@1:2.34.1-1ubuntu1.12 and others
                                      @@ -5180,31 +5026,31 @@

                                      Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.12 › - git/git-man@1:2.34.1-1ubuntu1.11 + git/git-man@1:2.34.1-1ubuntu1.12
                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.12
                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › - git-lfs@3.0.2-1ubuntu0.2 + git-lfs@3.0.2-1ubuntu0.3 › - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.12 @@ -5247,7 +5093,7 @@

                                        Uncontrolled Recursion

                                        • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
                                        • Package Manager: ubuntu:22.04 @@ -5260,7 +5106,7 @@

                                          Uncontrolled Recursion

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.11.13 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
                                        @@ -5273,7 +5119,7 @@

                                        Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -5282,7 +5128,7 @@

                                          Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › apt@2.4.13 › @@ -5293,7 +5139,7 @@

                                          Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › apt@2.4.13 › @@ -5306,7 +5152,7 @@

                                          Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 @@ -5315,7 +5161,7 @@

                                          Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -5349,181 +5195,6 @@

                                          References

                                          More about this vulnerability

    - -
    -

    Insufficient Comparison

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.11.12, git@1:2.34.1-1ubuntu1.11 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    When curl is asked to use HSTS, the expiry time for a subdomain might - overwrite a parent domain's cache entry, making it end sooner or later than - otherwise intended.

    -

    This affects curl using applications that enable HSTS and use URLs with the - insecure HTTP:// scheme and perform transfers with hosts like - x.example.com as well as example.com where the first host is a subdomain - of the second host.

    -

    (The HSTS cache either needs to have been populated manually or there needs to - have been previous HTTPS accesses done as the cache needs to have entries for - the domains involved to trigger this problem.)

    -

    When x.example.com responds with Strict-Transport-Security: headers, this - bug can make the subdomain's expiry timeout bleed over and get set for the - parent domain example.com in curl's HSTS cache.

    -

    The result of a triggered bug is that HTTP accesses to example.com get - converted to HTTPS for a different period of time than what was asked for by - the origin server. If example.com for example stops supporting HTTPS at its - expiry time, curl might then fail to access http://example.com until the - (wrongly set) timeout expires. This bug can also expire the parent's entry - earlier, thus making curl inadvertently switch back to insecure HTTP earlier - than otherwise intended.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.19 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-11053

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - curl/libcurl3-gnutls -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.11.12, git@1:2.34.1-1ubuntu1.11 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 - › - git@1:2.34.1-1ubuntu1.11 - › - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    When asked to both use a .netrc file for credentials and to follow HTTP - redirects, curl could leak the password used for the first host to the - followed-to host under certain circumstances.

    -

    This flaw only manifests itself if the netrc file has an entry that matches - the redirect target hostname but the entry either omits just the password or - omits both login and password.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.20 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Improper Input Validation

    @@ -5537,7 +5208,7 @@

    Improper Input Validation

    • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.13/argoproj/argocd › Dockerfile
    • Package Manager: ubuntu:22.04 @@ -5550,7 +5221,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@v2.11.13 and coreutils@8.32-4.1ubuntu1.2
    @@ -5563,7 +5234,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + docker-image|quay.io/argoproj/argocd@v2.11.13 › coreutils@8.32-4.1ubuntu1.2 diff --git a/docs/snyk/v2.11.12/redis_7.0.15-alpine.html b/docs/snyk/v2.11.13/redis_7.0.15-alpine.html similarity index 99% rename from docs/snyk/v2.11.12/redis_7.0.15-alpine.html rename to docs/snyk/v2.11.13/redis_7.0.15-alpine.html index a34bdb9629e3d..8950240209ecd 100644 --- a/docs/snyk/v2.11.12/redis_7.0.15-alpine.html +++ b/docs/snyk/v2.11.13/redis_7.0.15-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      January 12th 2025, 12:31:30 am (UTC+00:00)

      +

      February 2nd 2025, 12:30:03 am (UTC+00:00)

      Scanned the following paths: diff --git a/docs/snyk/v2.12.9/argocd-iac-install.html b/docs/snyk/v2.12.10/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.12.9/argocd-iac-install.html rename to docs/snyk/v2.12.10/argocd-iac-install.html index 58fd1d95b8cc7..08718df7bfafb 100644 --- a/docs/snyk/v2.12.9/argocd-iac-install.html +++ b/docs/snyk/v2.12.10/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      January 12th 2025, 12:30:23 am (UTC+00:00)

      +

      February 2nd 2025, 12:29:01 am (UTC+00:00)

      Scanned the following path: diff --git a/docs/snyk/v2.12.9/argocd-iac-namespace-install.html b/docs/snyk/v2.12.10/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.12.9/argocd-iac-namespace-install.html rename to docs/snyk/v2.12.10/argocd-iac-namespace-install.html index 80637e5552b6b..cb7d8b4a816c8 100644 --- a/docs/snyk/v2.12.9/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.12.10/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      January 12th 2025, 12:30:32 am (UTC+00:00)

      +

      February 2nd 2025, 12:29:11 am (UTC+00:00)

      Scanned the following path: diff --git a/docs/snyk/v2.12.10/argocd-test.html b/docs/snyk/v2.12.10/argocd-test.html new file mode 100644 index 0000000000000..3a63c1868599c --- /dev/null +++ b/docs/snyk/v2.12.10/argocd-test.html @@ -0,0 +1,1714 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
      +
      +
      +
      + + + Snyk - Open Source Security + + + + + + + +
      +

      Snyk test report

      + +

      February 2nd 2025, 12:26:57 am (UTC+00:00)

      +
      +
      + Scanned the following paths: +
        +
      • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
        • +
      • /argo-cd/ui/yarn.lock (yarn)
        • +
      +
      + +
      +
      11 known vulnerabilities
      +
      37 vulnerable dependency paths
      +
      2066 dependencies
      +
      +
      +
      +
      + +
      +
      +
      +

      LGPL-3.0 license

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
        • +
      • + Package Manager: golang +
        • +
      • + Module: + + gopkg.in/retry.v1 +
        • + +
      • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/Azure/kubelogin/pkg/token@0.0.20 + › + gopkg.in/retry.v1@1.0.3 + + + +
        • +
      + +
      + +
      + +

      LGPL-3.0 license

      + +
      + +
      +

      More about this vulnerability

      +
      + +
      +
      +

      Denial of Service (DoS)

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
        • +
      • + Package Manager: golang +
        • +
      • + Vulnerable module: + + github.com/rs/cors +
        • + +
      • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 and others +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + › + github.com/rs/cors@1.9.0 + + + +
        • +
      + +
      + +
      + +

      Overview

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS) through the processing of malicious preflight requests that include a Access-Control-Request-Headers header with excessive commas. An attacker can induce excessive memory consumption and potentially crash the server by sending specially crafted requests.

      +

      PoC

      + 
      
+        func BenchmarkPreflightAdversarialACRH(b *testing.B) {
+            resps := makeFakeResponses(b.N)
+            req, _ := http.NewRequest(http.MethodOptions, dummyEndpoint, nil)
+            req.Header.Add(headerOrigin, dummyOrigin)
+            req.Header.Add(headerACRM, http.MethodGet)
+            req.Header[headerACRH] = adversarialACRH
+            handler := Default().Handler(testHandler)
+        
+            b.ReportAllocs()
+            b.ResetTimer()
+            for i := 0; i < b.N; i++ {
+                handler.ServeHTTP(resps[i], req)
+            }
+        }
+        
+        var adversarialACRH []string
+        
+        func init() { // populates adversarialACRH
+            n := int(math.Floor(math.Sqrt(http.DefaultMaxHeaderBytes)))
+            commas := strings.Repeat(",", n)
+            res := make([]string, n)
+            for i := range res {
+                res[i] = commas
+            }
+            adversarialACRH = res
+        }
+
      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      +
        +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
        • +
      +

      Remediation

      +

      Upgrade github.com/rs/cors to version 1.11.0 or higher.

      +

      References

      + + +
      + +
      +

      More about this vulnerability

      +
      + +
      +
      +

      MPL-2.0 license

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
        • +
      • + Package Manager: golang +
        • +
      • + Module: + + github.com/r3labs/diff +
        • + +
      • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 + +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/r3labs/diff@1.1.0 + + + +
        • +
      + +
      + +
      + +

      MPL-2.0 license

      + +
      + +
      +

      More about this vulnerability

      +
      + +
      +
      +

      MPL-2.0 license

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
        • +
      • + Package Manager: golang +
        • +
      • + Module: + + github.com/hashicorp/go-version +
        • + +
      • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.18.0 and others +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + code.gitea.io/sdk/gitea@0.18.0 + › + github.com/hashicorp/go-version@1.6.0 + + + +
        • +
      + +
      + +
      + +

      MPL-2.0 license

      + +
      + +
      +

      More about this vulnerability

      +
      + +
      +
      +

      MPL-2.0 license

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
        • +
      • + Package Manager: golang +
        • +
      • + Module: + + github.com/hashicorp/go-retryablehttp +
        • + +
      • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.7 + +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/xanzy/go-gitlab@0.91.1 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
        • +
      + +
      + +
      + +

      MPL-2.0 license

      + +
      + +
      +

      More about this vulnerability

      +
      + +
      +
      +

      MPL-2.0 license

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
        • +
      • + Package Manager: golang +
        • +
      • + Module: + + github.com/hashicorp/go-cleanhttp +
        • + +
      • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.7 and others +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + › + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/xanzy/go-gitlab@0.91.1 + › + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/xanzy/go-gitlab@0.91.1 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + › + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + › + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + › + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + › + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + › + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + › + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
        • +
      + +
      + +
      + +

      MPL-2.0 license

      + +
      + +
      +

      More about this vulnerability

      +
      + +
      +
      +

      MPL-2.0 license

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
        • +
      • + Package Manager: golang +
        • +
      • + Module: + + github.com/gosimple/slug +
        • + +
      • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 + +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/gosimple/slug@1.13.1 + + + +
        • +
      + +
      + +
      + +

      MPL-2.0 license

      + +
      + +
      +

      More about this vulnerability

      +
      + +
      +
      +

      Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
        • +
      • + Package Manager: golang +
        • +
      • + Vulnerable module: + + github.com/Azure/azure-sdk-for-go/sdk/azidentity +
        • + +
      • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/Azure/kubelogin/pkg/token@0.0.20 + › + github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0 + + + +
        • +
      + +
      + +
      + +

      Overview

      +

      github.com/Azure/azure-sdk-for-go/sdk/azidentity is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.

      +

      Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

      +

      Notes:

      +
        +

      1. An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;

        +
        2. +

      2. An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;

        +
        3. +

      3. The vulnerability exists in the following credential types: DefaultAzureCredential and ManagedIdentityCredential;

        +
        4. +

      4. The vulnerability exists in the following credential types:

        +
        5. +
      +

      ManagedIdentityApplication (.NET)

      +

      ManagedIdentityApplication (Java)

      +

      ManagedIdentityApplication (Node.js)

      +

      Remediation

      +

      Upgrade github.com/Azure/azure-sdk-for-go/sdk/azidentity to version 1.6.0 or higher.

      +

      References

      + + +
      + +
      +

      More about this vulnerability

      +
      + +
      +
      +

      Regular Expression Denial of Service (ReDoS)

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Manifest file: /argo-cd › ui/yarn.lock +
        • +
      • + Package Manager: npm +
        • +
      • + Vulnerable module: + + foundation-sites +
        • + +
      • Introduced through: + + argo-cd-ui@1.0.0 and foundation-sites@6.8.1 + +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + argo-cd-ui@1.0.0 + › + foundation-sites@6.8.1 + + + +
        • +
      • + Introduced through: + argo-cd-ui@1.0.0 + › + argo-ui@1.0.0 + › + foundation-sites@6.8.1 + + + +
        • +
      + +
      + +
      + +

      Overview

      +

      foundation-sites is a responsive front-end framework

      +

      Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to inefficient backtracking in the regular expressions used in URL forms.

      +

      PoC

      + 
      https://www.''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
+
      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

      +

      The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

      +

      Let’s take the following regular expression as an example:

      + 
      regex = /A(B|C+)+D/
+
      +

      This regular expression accomplishes the following:

      +
        +
      • A The string must start with the letter 'A'
        • +
      • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
        • +
      • D Finally, we ensure this section of the string ends with a 'D'
        • +
      +

      The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

      +

      It most cases, it doesn't take very long for a regex engine to find a match:

      + 
      $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
      +

      The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

      +

      Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

      +

      Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

      +
        +
      1. CCC
        2. +
      2. CC+C
        3. +
      3. C+CC
        4. +
      4. C+C+C.
        5. +
      +

      The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

      +

      From there, the number of steps the engine must use to validate a string just continues to grow.

      + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      StringNumber of C'sNumber of steps
      ACCCX338
      ACCCCX471
      ACCCCCX5136
      ACCCCCCCCCCCCCCX1465,553
      +

      By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

      +

      Remediation

      +

      There is no fixed version for foundation-sites.

      +

      References

      + + +
      + +
      +

      More about this vulnerability

      +
      + +
      +
      +

      Insufficient Documentation of Error Handling Techniques

      +
      + +
      + low severity +
      + +
      + +
        +
      • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
        • +
      • + Package Manager: golang +
        • +
      • + Vulnerable module: + + github.com/golang-jwt/jwt/v4 +
        • + +
      • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/golang-jwt/jwt/v4@4.5.0 + +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/bradleyfalzon/ghinstallation/v2@2.6.0 + › + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/bradleyfalzon/ghinstallation/v2@2.6.0 + › + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/bradleyfalzon/ghinstallation/v2@2.6.0 + › + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/bradleyfalzon/ghinstallation/v2@2.6.0 + › + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/Azure/kubelogin/pkg/token@0.0.20 + › + github.com/Azure/go-autorest/autorest/azure@0.11.29 + › + github.com/Azure/go-autorest/autorest@0.11.29 + › + github.com/Azure/go-autorest/autorest/adal@0.9.23 + › + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/bradleyfalzon/ghinstallation/v2@2.6.0 + › + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
        • +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/bradleyfalzon/ghinstallation/v2@2.6.0 + › + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
        • +
      + +
      + +
      + +

      Overview

      +

      Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the ParseWithClaims function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.

      +

      Workaround

      +

      Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see example_test.go

      +

      Remediation

      +

      Upgrade github.com/golang-jwt/jwt/v4 to version 4.5.1 or higher.

      +

      References

      + + +
      + +
      +

      More about this vulnerability

      +
      + +
      +
      +

      Insufficient Documentation of Error Handling Techniques

      +
      + +
      + low severity +
      + +
      + +
        +
      • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
        • +
      • + Package Manager: golang +
        • +
      • + Vulnerable module: + + github.com/golang-jwt/jwt +
        • + +
      • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/Azure/kubelogin/pkg/token@0.0.20 + › + github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential@0.5.2 + › + github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/accesstokens@0.5.2 + › + github.com/golang-jwt/jwt@3.2.2 + + + +
        • +
      + +
      + +
      + +

      Overview

      +

      Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the ParseWithClaims function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.

      +

      Workaround

      +

      Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see example_test.go

      +

      Remediation

      +

      A fix was pushed into the master branch but not yet published.

      +

      References

      + + +
      + +
      +

      More about this vulnerability

      +
      + +
      +
      +
      +
      + + + diff --git a/docs/snyk/v2.11.12/ghcr.io_dexidp_dex_v2.38.0.html b/docs/snyk/v2.12.10/ghcr.io_dexidp_dex_v2.38.0.html similarity index 96% rename from docs/snyk/v2.11.12/ghcr.io_dexidp_dex_v2.38.0.html rename to docs/snyk/v2.12.10/ghcr.io_dexidp_dex_v2.38.0.html index cad5e78022a00..717223f3b69b1 100644 --- a/docs/snyk/v2.11.12/ghcr.io_dexidp_dex_v2.38.0.html +++ b/docs/snyk/v2.12.10/ghcr.io_dexidp_dex_v2.38.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

      Snyk test report

      -

      January 12th 2025, 12:30:57 am (UTC+00:00)

      +

      February 2nd 2025, 12:27:05 am (UTC+00:00)

      Scanned the following paths: @@ -469,8 +469,8 @@

      Snyk test report

      -
      45 known vulnerabilities
      -
      133 vulnerable dependency paths
      +
      46 known vulnerabilities
      +
      134 vulnerable dependency paths
      829 dependencies
      @@ -2695,6 +2695,131 @@

      References

      More about this vulnerability

      +
      +
      +

      Cross-site Scripting (XSS)

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 › /usr/local/bin/gomplate +
        • +
      • + Package Manager: golang +
        • +
      • + Vulnerable module: + + github.com/hashicorp/consul/api +
        • + +
      • Introduced through: + + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/consul/api@v1.13.0 + +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + › + github.com/hashicorp/consul/api@v1.13.0 + + + +
        • +
      + +
      + +
      + +

      Overview

      +

      Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via requests sent with a Content-Type text value, which is insufficiently validated against the content of the request.

      +

      Note: This vulnerability has also been patched in Enterprise releases 1.15.16, 1.18.6, and 1.19.4.

      +

      Details

      +

      A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

      +

      This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

      +

      Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

      +

      Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

      +

      The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

      +

      Types of attacks

      +

      There are a few methods by which XSS can be manipulated:

      + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      TypeOriginDescription
      StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
      ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
      DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
      MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
      +

      Affected environments

      +

      The following environments are susceptible to an XSS attack:

      +
        +
      • Web servers
        • +
      • Application servers
        • +
      • Web application environments
        • +
      +

      How to prevent

      +

      This section describes the top best practices designed to specifically protect your code:

      +
        +
      • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
        • +
      • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
        • +
      • Give users the option to disable client-side scripts.
        • +
      • Redirect invalid requests.
        • +
      • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
        • +
      • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
        • +
      • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
        • +
      +

      Remediation

      +

      Upgrade github.com/hashicorp/consul/api to version 1.20.2 or higher.

      +

      References

      + + +
      + +
      +

      More about this vulnerability

      +
      +

      MPL-2.0 license

      diff --git a/docs/snyk/v2.12.9/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.12.10/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html similarity index 99% rename from docs/snyk/v2.12.9/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html rename to docs/snyk/v2.12.10/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html index 44a72913c282c..f6c89052e2ff5 100644 --- a/docs/snyk/v2.12.9/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html +++ b/docs/snyk/v2.12.10/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      January 12th 2025, 12:28:32 am (UTC+00:00)

      +

      February 2nd 2025, 12:27:09 am (UTC+00:00)

      Scanned the following path: diff --git a/docs/snyk/v2.14.0-rc5/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.12.10/public.ecr.aws_docker_library_redis_7.0.15-alpine.html similarity index 99% rename from docs/snyk/v2.14.0-rc5/public.ecr.aws_docker_library_redis_7.0.15-alpine.html rename to docs/snyk/v2.12.10/public.ecr.aws_docker_library_redis_7.0.15-alpine.html index 13ff4c09025c0..cabef146606fa 100644 --- a/docs/snyk/v2.14.0-rc5/public.ecr.aws_docker_library_redis_7.0.15-alpine.html +++ b/docs/snyk/v2.12.10/public.ecr.aws_docker_library_redis_7.0.15-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      January 12th 2025, 12:23:07 am (UTC+00:00)

      +

      February 2nd 2025, 12:27:14 am (UTC+00:00)

      Scanned the following paths: diff --git a/docs/snyk/v2.13.3/quay.io_argoproj_argocd_v2.13.3.html b/docs/snyk/v2.12.10/quay.io_argoproj_argocd_v2.12.10.html similarity index 92% rename from docs/snyk/v2.13.3/quay.io_argoproj_argocd_v2.13.3.html rename to docs/snyk/v2.12.10/quay.io_argoproj_argocd_v2.12.10.html index 1a3222ac88f63..f419f0edcc559 100644 --- a/docs/snyk/v2.13.3/quay.io_argoproj_argocd_v2.13.3.html +++ b/docs/snyk/v2.12.10/quay.io_argoproj_argocd_v2.12.10.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

      Snyk test report

      -

      January 12th 2025, 12:26:13 am (UTC+00:00)

      +

      February 2nd 2025, 12:27:34 am (UTC+00:00)

      Scanned the following paths:
        -
      • quay.io/argoproj/argocd:v2.13.3/argoproj/argocd/Dockerfile (deb)
        • -
      • quay.io/argoproj/argocd:v2.13.3/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
        • -
      • quay.io/argoproj/argocd:v2.13.3//usr/local/bin/kustomize (gomodules)
        • -
      • quay.io/argoproj/argocd:v2.13.3/helm/v3//usr/local/bin/helm (gomodules)
        • -
      • quay.io/argoproj/argocd:v2.13.3/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
        • +
      • quay.io/argoproj/argocd:v2.12.10/argoproj/argocd/Dockerfile (deb)
        • +
      • quay.io/argoproj/argocd:v2.12.10/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
        • +
      • quay.io/argoproj/argocd:v2.12.10//usr/local/bin/kustomize (gomodules)
        • +
      • quay.io/argoproj/argocd:v2.12.10/helm/v3//usr/local/bin/helm (gomodules)
        • +
      • quay.io/argoproj/argocd:v2.12.10/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      27 known vulnerabilities
      -
      111 vulnerable dependency paths
      -
      2354 dependencies
      +
      110 vulnerable dependency paths
      +
      2292 dependencies
      @@ -480,80 +480,6 @@

      Snyk test report

      -
      -

      Incorrect Implementation of Authentication Algorithm

      -
      - -
      - critical severity -
      - -
      - -
        -
      • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
        • -
      • - Package Manager: golang -
        • -
      • - Vulnerable module: - - golang.org/x/crypto/ssh -
        • - -
      • Introduced through: - - github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.27.0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - golang.org/x/crypto/ssh@v0.27.0 - - - -
        • -
      - -
      - -
      - -

      Overview

      -

      golang.org/x/crypto/ssh is a SSH client and server

      -

      Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

      -

      Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

      -

      Remediation

      -

      Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -

      Denial of Service (DoS)

      @@ -566,7 +492,7 @@

      Denial of Service (DoS)

      • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.10/helm/v3 › /usr/local/bin/helm
      • Package Manager: golang @@ -579,7 +505,7 @@

        Denial of Service (DoS)

      • Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/html@v0.29.0 + helm.sh/helm/v3@* and golang.org/x/net/html@v0.23.0
      @@ -590,15 +516,6 @@

      Denial of Service (DoS)

      Detailed paths

        -
      • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - golang.org/x/net/html@v0.29.0 - - - -
      • Introduced through: helm.sh/helm/v3@* @@ -645,76 +562,6 @@

        References

        More about this vulnerability

      -
      -
      -

      Allocation of Resources Without Limits or Throttling

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
        • -
      • - Package Manager: golang -
        • -
      • - Vulnerable module: - - github.com/go-git/go-git/v5/plumbing -
        • - -
      • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/go-git/go-git/v5/plumbing@v5.12.0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/go-git/go-git/v5/plumbing@v5.12.0 - - - -
        • -
      - -
      - -
      - -

      Overview

      -

      github.com/go-git/go-git/v5/plumbing is a highly extensible git implementation library written in pure Go.

      -

      Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via specially crafted responses from a Git server, which triggers resource exhaustion in clients.

      -

      Workaround

      -

      In cases where a bump to the latest version of go-git is not possible, we recommend limiting its use to only trustworthy Git servers.

      -

      Remediation

      -

      Upgrade github.com/go-git/go-git/v5/plumbing to version 5.13.0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      -

      CVE-2024-56433

      @@ -728,7 +575,7 @@

      CVE-2024-56433

      • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argocd › Dockerfile
      • Package Manager: ubuntu:24.04 @@ -741,7 +588,7 @@

        CVE-2024-56433

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + docker-image|quay.io/argoproj/argocd@v2.12.10 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
      @@ -754,7 +601,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 @@ -763,7 +610,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › openssh/openssh-client@1:9.6p1-3ubuntu13.5 › @@ -774,7 +621,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › apt@2.7.14build2 › @@ -787,7 +634,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 @@ -833,7 +680,7 @@

        Insecure Storage of Sensitive Information

        • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argocd › Dockerfile
        • Package Manager: ubuntu:24.04 @@ -846,7 +693,7 @@

          Insecure Storage of Sensitive Information

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 and pam/libpam0g@1.5.3-5ubuntu5.1 + docker-image|quay.io/argoproj/argocd@v2.12.10 and pam/libpam0g@1.5.3-5ubuntu5.1
        @@ -859,7 +706,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › pam/libpam0g@1.5.3-5ubuntu5.1 @@ -868,7 +715,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -879,9 +726,9 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - util-linux@2.39.3-9ubuntu6.1 + util-linux@2.39.3-9ubuntu6.2 › pam/libpam0g@1.5.3-5ubuntu5.1 @@ -890,7 +737,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › apt@2.7.14build2 › @@ -905,7 +752,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › apt@2.7.14build2 › @@ -922,7 +769,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › apt@2.7.14build2 › @@ -941,7 +788,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › pam/libpam-modules-bin@1.5.3-5ubuntu5.1 @@ -950,7 +797,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › apt@2.7.14build2 › @@ -967,7 +814,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › pam/libpam-modules@1.5.3-5ubuntu5.1 @@ -976,7 +823,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › pam/libpam-runtime@1.5.3-5ubuntu5.1 › @@ -987,7 +834,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -998,7 +845,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › apt@2.7.14build2 › @@ -1013,7 +860,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › pam/libpam-runtime@1.5.3-5ubuntu5.1 @@ -1022,7 +869,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -1072,7 +919,7 @@

          Improper Authentication

          • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argocd › Dockerfile
          • Package Manager: ubuntu:24.04 @@ -1085,7 +932,7 @@

            Improper Authentication

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 and pam/libpam0g@1.5.3-5ubuntu5.1 + docker-image|quay.io/argoproj/argocd@v2.12.10 and pam/libpam0g@1.5.3-5ubuntu5.1
          @@ -1098,7 +945,7 @@

          Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › pam/libpam0g@1.5.3-5ubuntu5.1 @@ -1107,7 +954,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -1118,9 +965,9 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - util-linux@2.39.3-9ubuntu6.1 + util-linux@2.39.3-9ubuntu6.2 › pam/libpam0g@1.5.3-5ubuntu5.1 @@ -1129,7 +976,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › apt@2.7.14build2 › @@ -1144,7 +991,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › apt@2.7.14build2 › @@ -1161,7 +1008,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › apt@2.7.14build2 › @@ -1180,7 +1027,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › pam/libpam-modules-bin@1.5.3-5ubuntu5.1 @@ -1189,7 +1036,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › apt@2.7.14build2 › @@ -1206,7 +1053,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › pam/libpam-modules@1.5.3-5ubuntu5.1 @@ -1215,7 +1062,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › pam/libpam-runtime@1.5.3-5ubuntu5.1 › @@ -1226,7 +1073,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -1237,7 +1084,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › apt@2.7.14build2 › @@ -1252,7 +1099,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › pam/libpam-runtime@1.5.3-5ubuntu5.1 @@ -1261,7 +1108,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -1308,7 +1155,7 @@

            CVE-2024-26462

            • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argocd › Dockerfile
            • Package Manager: ubuntu:24.04 @@ -1322,7 +1169,7 @@

              CVE-2024-26462

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.12.10, git@1:2.43.0-1ubuntu7.2 and others
            @@ -1334,9 +1181,9 @@

            Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1349,9 +1196,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1366,9 +1213,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1381,9 +1228,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1398,9 +1245,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1417,9 +1264,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1432,7 +1279,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › openssh/openssh-client@1:9.6p1-3ubuntu13.5 › @@ -1443,9 +1290,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1456,9 +1303,9 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1471,7 +1318,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -1516,7 +1363,7 @@

              LGPL-3.0 license

              • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argo-cd/v2 › /usr/local/bin/argocd
              • Package Manager: golang @@ -1563,6 +1410,116 @@

                Detailed paths

                More about this vulnerability

      +
      +
      +

      Denial of Service (DoS)

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argo-cd/v2 › /usr/local/bin/argocd +
        • +
      • + Package Manager: golang +
        • +
      • + Vulnerable module: + + github.com/rs/cors +
        • + +
      • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/rs/cors@v1.9.0 + +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@* + › + github.com/rs/cors@v1.9.0 + + + +
        • +
      + +
      + +
      + +

      Overview

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS) through the processing of malicious preflight requests that include a Access-Control-Request-Headers header with excessive commas. An attacker can induce excessive memory consumption and potentially crash the server by sending specially crafted requests.

      +

      PoC

      + 
      
+        func BenchmarkPreflightAdversarialACRH(b *testing.B) {
+            resps := makeFakeResponses(b.N)
+            req, _ := http.NewRequest(http.MethodOptions, dummyEndpoint, nil)
+            req.Header.Add(headerOrigin, dummyOrigin)
+            req.Header.Add(headerACRM, http.MethodGet)
+            req.Header[headerACRH] = adversarialACRH
+            handler := Default().Handler(testHandler)
+        
+            b.ReportAllocs()
+            b.ResetTimer()
+            for i := 0; i < b.N; i++ {
+                handler.ServeHTTP(resps[i], req)
+            }
+        }
+        
+        var adversarialACRH []string
+        
+        func init() { // populates adversarialACRH
+            n := int(math.Floor(math.Sqrt(http.DefaultMaxHeaderBytes)))
+            commas := strings.Repeat(",", n)
+            res := make([]string, n)
+            for i := range res {
+                res[i] = commas
+            }
+            adversarialACRH = res
+        }
+
      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      +
        +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
        • +
      +

      Remediation

      +

      Upgrade github.com/rs/cors to version 1.11.0 or higher.

      +

      References

      + + +
      + +
      +

      More about this vulnerability

      +
      +

      MPL-2.0 license

      @@ -1576,7 +1533,7 @@

      MPL-2.0 license

      • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argo-cd/v2 › /usr/local/bin/argocd
      • Package Manager: golang @@ -1636,7 +1593,7 @@

        MPL-2.0 license

        • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argo-cd/v2 › /usr/local/bin/argocd
        • Package Manager: golang @@ -1696,7 +1653,7 @@

          MPL-2.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argo-cd/v2 › /usr/local/bin/argocd
          • Package Manager: golang @@ -1756,7 +1713,7 @@

            MPL-2.0 license

            • - Manifest file: quay.io/argoproj/argocd:v2.13.3/helm/v3 › /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.12.10/helm/v3 › /usr/local/bin/helm
            • Package Manager: golang @@ -1816,7 +1773,7 @@

              MPL-2.0 license

              • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argo-cd/v2 › /usr/local/bin/argocd
              • Package Manager: golang @@ -1876,7 +1833,7 @@

                MPL-2.0 license

                • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                • Package Manager: golang @@ -1889,7 +1846,7 @@

                  MPL-2.0 license

                • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.14.0 + github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1
                @@ -1904,7 +1861,7 @@

                Detailed paths

                Introduced through: github.com/argoproj/argo-cd/v2@* › - github.com/gosimple/slug@v1.14.0 + github.com/gosimple/slug@v1.13.1 @@ -1925,7 +1882,7 @@

                Detailed paths

      -

      Arbitrary Argument Injection

      +

      Generation of Error Message Containing Sensitive Information

      @@ -1936,7 +1893,7 @@

      Arbitrary Argument Injection

      • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argo-cd/v2 › /usr/local/bin/argocd
      • Package Manager: golang @@ -1944,12 +1901,12 @@

        Arbitrary Argument Injection

      • Vulnerable module: - github.com/go-git/go-git/v5/plumbing/transport + github.com/argoproj/gitops-engine/pkg/utils/kube
      • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/go-git/go-git/v5/plumbing/transport@v5.12.0 + github.com/argoproj/argo-cd/v2@* and github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250129155113-faf5a4e5c37d
      @@ -1964,7 +1921,7 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@* › - github.com/go-git/go-git/v5/plumbing/transport@v5.12.0 + github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250129155113-faf5a4e5c37d @@ -1976,18 +1933,89 @@

      Detailed paths

      Overview

      -

      Affected versions of this package are vulnerable to Arbitrary Argument Injection via a malicious URL value, which allows an attacker to set flags on the git-upload-pack command, if the file: protocol is in use.

      +

      Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.

      Remediation

      -

      Upgrade github.com/go-git/go-git/v5/plumbing/transport to version 5.13.0 or higher.

      +

      A fix was pushed into the master branch but not yet published.

      +

      References

      + + +
      + +
      +

      More about this vulnerability

      +
      + +
      +
      +

      Generation of Error Message Containing Sensitive Information

      +
      + +
      + medium severity +
      + +
      + +
        +
      • + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argo-cd/v2 › /usr/local/bin/argocd +
        • +
      • + Package Manager: golang +
        • +
      • + Vulnerable module: + + github.com/argoproj/gitops-engine/pkg/diff +
        • + +
      • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250129155113-faf5a4e5c37d + +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + github.com/argoproj/argo-cd/v2@* + › + github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250129155113-faf5a4e5c37d + + + +
        • +
      + +
      + +
      + +

      Overview

      +

      Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.

      +

      Remediation

      +

      A fix was pushed into the master branch but not yet published.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

      @@ -2003,7 +2031,7 @@

      Release of Invalid Pointer or Reference

      • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argocd › Dockerfile
      • Package Manager: ubuntu:24.04 @@ -2016,7 +2044,7 @@

        Release of Invalid Pointer or Reference

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 and patch@2.7.6-7build3 + docker-image|quay.io/argoproj/argocd@v2.12.10 and patch@2.7.6-7build3
      @@ -2029,7 +2057,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › patch@2.7.6-7build3 @@ -2073,7 +2101,7 @@

        Double Free

        • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argocd › Dockerfile
        • Package Manager: ubuntu:24.04 @@ -2086,7 +2114,7 @@

          Double Free

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 and patch@2.7.6-7build3 + docker-image|quay.io/argoproj/argocd@v2.12.10 and patch@2.7.6-7build3
        @@ -2099,7 +2127,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › patch@2.7.6-7build3 @@ -2148,7 +2176,7 @@

          CVE-2024-41996

          • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argocd › Dockerfile
          • Package Manager: ubuntu:24.04 @@ -2161,7 +2189,7 @@

            CVE-2024-41996

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 and openssl/libssl3t64@3.0.13-0ubuntu3.4 + docker-image|quay.io/argoproj/argocd@v2.12.10 and openssl/libssl3t64@3.0.13-0ubuntu3.4
          @@ -2174,7 +2202,7 @@

          Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › openssl/libssl3t64@3.0.13-0ubuntu3.4 @@ -2183,7 +2211,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › coreutils@9.4-3ubuntu6 › @@ -2194,7 +2222,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1 › @@ -2205,7 +2233,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › libfido2/libfido2-1@1.14.0-1build3 › @@ -2216,7 +2244,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › openssh/openssh-client@1:9.6p1-3ubuntu13.5 › @@ -2227,7 +2255,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › ca-certificates@20240203 › @@ -2240,9 +2268,9 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2255,9 +2283,9 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2272,9 +2300,9 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2289,7 +2317,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › openssl@3.0.13-0ubuntu3.4 @@ -2298,7 +2326,7 @@

            Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › ca-certificates@20240203 › @@ -2346,7 +2374,7 @@

            Information Exposure

            • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argocd › Dockerfile
            • Package Manager: ubuntu:24.04 @@ -2359,7 +2387,7 @@

              Information Exposure

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 and libgcrypt20@1.10.3-2build1 + docker-image|quay.io/argoproj/argocd@v2.12.10 and libgcrypt20@1.10.3-2build1
            @@ -2372,7 +2400,7 @@

            Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › libgcrypt20@1.10.3-2build1 @@ -2381,7 +2409,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › gnupg2/dirmngr@2.4.4-2ubuntu17 › @@ -2392,7 +2420,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › gnupg2/gpg@2.4.4-2ubuntu17 › @@ -2403,7 +2431,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › gnupg2/gpg-agent@2.4.4-2ubuntu17 › @@ -2414,7 +2442,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › apt@2.7.14build2 › @@ -2427,7 +2455,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › apt@2.7.14build2 › @@ -2440,7 +2468,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › gnupg2/gpg@2.4.4-2ubuntu17 › @@ -2453,7 +2481,7 @@

              Detailed paths

            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › apt@2.7.14build2 › @@ -2463,7 +2491,7 @@

              Detailed paths

              › pam/libpam-modules@1.5.3-5ubuntu5.1 › - systemd/libsystemd0@255.4-1ubuntu8.4 + systemd/libsystemd0@255.4-1ubuntu8.5 › libgcrypt20@1.10.3-2build1 @@ -2510,7 +2538,7 @@

              CVE-2024-26458

              • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argocd › Dockerfile
              • Package Manager: ubuntu:24.04 @@ -2524,7 +2552,7 @@

                CVE-2024-26458

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.12.10, git@1:2.43.0-1ubuntu7.2 and others
              @@ -2536,9 +2564,9 @@

              Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2551,9 +2579,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2568,9 +2596,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2583,9 +2611,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2600,9 +2628,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2619,9 +2647,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2634,7 +2662,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › openssh/openssh-client@1:9.6p1-3ubuntu13.5 › @@ -2645,9 +2673,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2658,9 +2686,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2673,7 +2701,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -2718,7 +2746,7 @@

                CVE-2024-26461

                • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argocd › Dockerfile
                • Package Manager: ubuntu:24.04 @@ -2732,7 +2760,7 @@

                  CVE-2024-26461

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.12.10, git@1:2.43.0-1ubuntu7.2 and others
                @@ -2744,9 +2772,9 @@

                Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2759,9 +2787,9 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2776,9 +2804,9 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2791,9 +2819,9 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2808,9 +2836,9 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2827,9 +2855,9 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2842,7 +2870,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › openssh/openssh-client@1:9.6p1-3ubuntu13.5 › @@ -2853,9 +2881,9 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2866,9 +2894,9 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2881,7 +2909,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -2926,7 +2954,7 @@

                  Out-of-bounds Write

                  • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argocd › Dockerfile
                  • Package Manager: ubuntu:24.04 @@ -2939,7 +2967,7 @@

                    Out-of-bounds Write

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 and gnupg2/gpgv@2.4.4-2ubuntu17 + docker-image|quay.io/argoproj/argocd@v2.12.10 and gnupg2/gpgv@2.4.4-2ubuntu17
                  @@ -2952,7 +2980,7 @@

                  Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › gnupg2/gpgv@2.4.4-2ubuntu17 @@ -2961,7 +2989,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › apt@2.7.14build2 › @@ -2972,7 +3000,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › gnupg2/dirmngr@2.4.4-2ubuntu17 › @@ -2983,7 +3011,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › gnupg2/gpg-agent@2.4.4-2ubuntu17 › @@ -2994,7 +3022,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › gnupg2/gpg@2.4.4-2ubuntu17 › @@ -3005,7 +3033,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › gnupg2/dirmngr@2.4.4-2ubuntu17 @@ -3014,7 +3042,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › gnupg2/gpg@2.4.4-2ubuntu17 @@ -3023,7 +3051,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › gnupg2/gpg-agent@2.4.4-2ubuntu17 @@ -3072,7 +3100,7 @@

                    Allocation of Resources Without Limits or Throttling

                  • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argocd › Dockerfile
                  • Package Manager: ubuntu:24.04 @@ -3085,7 +3113,7 @@

                    Allocation of Resources Without Limits or Throttling

                    Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 and glibc/libc-bin@2.39-0ubuntu8.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 and glibc/libc-bin@2.39-0ubuntu8.3
                  @@ -3098,7 +3126,7 @@

                  Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › glibc/libc-bin@2.39-0ubuntu8.3 @@ -3107,7 +3135,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › glibc/libc6@2.39-0ubuntu8.3 @@ -3153,7 +3181,7 @@

                    Insufficient Documentation of Error Handling Techniques<
                    • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                    • Package Manager: golang @@ -3222,7 +3250,7 @@

                      Insufficient Documentation of Error Handling Techniques<
                      • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                      • Package Manager: golang @@ -3291,7 +3319,7 @@

                        Improper Input Validation

                        • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argocd › Dockerfile
                        • Package Manager: ubuntu:24.04 @@ -3305,7 +3333,7 @@

                          Improper Input Validation

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.12.10, git@1:2.43.0-1ubuntu7.2 and others
                        @@ -3317,31 +3345,31 @@

                        Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › - git/git-man@1:2.43.0-1ubuntu7.1 + git/git-man@1:2.43.0-1ubuntu7.2
                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2
                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › git-lfs@3.4.1-1ubuntu0.2 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 @@ -3384,7 +3412,7 @@

                          Improper Input Validation

                          • - Manifest file: quay.io/argoproj/argocd:v2.13.3/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.10/argoproj/argocd › Dockerfile
                          • Package Manager: ubuntu:24.04 @@ -3397,7 +3425,7 @@

                            Improper Input Validation

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 and coreutils@9.4-3ubuntu6 + docker-image|quay.io/argoproj/argocd@v2.12.10 and coreutils@9.4-3ubuntu6
                          @@ -3410,7 +3438,7 @@

                          Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.3 + docker-image|quay.io/argoproj/argocd@v2.12.10 › coreutils@9.4-3ubuntu6 diff --git a/docs/snyk/v2.13.3/redis_7.0.15-alpine.html b/docs/snyk/v2.12.10/redis_7.0.15-alpine.html similarity index 99% rename from docs/snyk/v2.13.3/redis_7.0.15-alpine.html rename to docs/snyk/v2.12.10/redis_7.0.15-alpine.html index 8d9c031e1ee52..e74cdc1b94f20 100644 --- a/docs/snyk/v2.13.3/redis_7.0.15-alpine.html +++ b/docs/snyk/v2.12.10/redis_7.0.15-alpine.html @@ -456,7 +456,7 @@

                            Snyk test report

                            -

                            January 12th 2025, 12:26:18 am (UTC+00:00)

                            +

                            February 2nd 2025, 12:27:38 am (UTC+00:00)

                            Scanned the following paths: diff --git a/docs/snyk/v2.12.9/argocd-test.html b/docs/snyk/v2.12.9/argocd-test.html deleted file mode 100644 index 935cefbcb20fe..0000000000000 --- a/docs/snyk/v2.12.9/argocd-test.html +++ /dev/null @@ -1,4012 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
                            -
                            -
                            -
                            - - - Snyk - Open Source Security - - - - - - - -
                            -

                            Snyk test report

                            - -

                            January 12th 2025, 12:28:19 am (UTC+00:00)

                            -
                            -
                            - Scanned the following paths: -
                              -
                            • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
                              • -
                            • /argo-cd/ui/yarn.lock (yarn)
                              • -
                            -
                            - -
                            -
                            15 known vulnerabilities
                            -
                            153 vulnerable dependency paths
                            -
                            2061 dependencies
                            -
                            -
                            -
                            -
                            - -
                            -
                            -
                            -

                            Incorrect Implementation of Authentication Algorithm

                            -
                            - -
                            - critical severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Vulnerable module: - - golang.org/x/crypto/ssh -
                              • - -
                            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.23.0 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - golang.org/x/crypto/ssh@0.23.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - code.gitea.io/sdk/gitea@0.18.0 - › - golang.org/x/crypto/ssh@0.23.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - golang.org/x/crypto/ssh/knownhosts@0.23.0 - › - golang.org/x/crypto/ssh@0.23.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - golang.org/x/crypto/ssh@0.23.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - code.gitea.io/sdk/gitea@0.18.0 - › - github.com/go-fed/httpsig@1.1.0 - › - golang.org/x/crypto/ssh@0.23.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh@0.23.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - code.gitea.io/sdk/gitea@0.18.0 - › - golang.org/x/crypto/ssh/agent@0.23.0 - › - golang.org/x/crypto/ssh@0.23.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - golang.org/x/crypto/ssh@0.23.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.23.0 - › - golang.org/x/crypto/ssh@0.23.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh/knownhosts@0.23.0 - › - golang.org/x/crypto/ssh@0.23.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh@0.23.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - golang.org/x/crypto/ssh@0.23.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.23.0 - › - golang.org/x/crypto/ssh@0.23.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh/knownhosts@0.23.0 - › - golang.org/x/crypto/ssh@0.23.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh@0.23.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.23.0 - › - golang.org/x/crypto/ssh@0.23.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh/knownhosts@0.23.0 - › - golang.org/x/crypto/ssh@0.23.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            golang.org/x/crypto/ssh is a SSH client and server

                            -

                            Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

                            -

                            Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

                            -

                            Remediation

                            -

                            Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            Denial of Service (DoS)

                            -
                            - -
                            - high severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Vulnerable module: - - golang.org/x/net/html -
                              • - -
                            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/client-go/transport/spdy@0.29.6 and others -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/transport/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/proxy@0.29.6 - › - golang.org/x/net/html@0.25.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/remotecommand@0.29.6 - › - k8s.io/client-go/transport/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/proxy@0.29.6 - › - golang.org/x/net/html@0.25.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/term@0.29.6 - › - k8s.io/client-go/tools/remotecommand@0.29.6 - › - k8s.io/client-go/transport/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/proxy@0.29.6 - › - golang.org/x/net/html@0.25.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/diff@#adb68bcaab73 - › - k8s.io/kubectl/pkg/cmd/util@0.29.6 - › - k8s.io/kubectl/pkg/util/templates@0.29.6 - › - k8s.io/kubectl/pkg/util/term@0.29.6 - › - k8s.io/client-go/tools/remotecommand@0.29.6 - › - k8s.io/client-go/transport/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/proxy@0.29.6 - › - golang.org/x/net/html@0.25.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync@#adb68bcaab73 - › - k8s.io/kubectl/pkg/cmd/util@0.29.6 - › - k8s.io/kubectl/pkg/util/templates@0.29.6 - › - k8s.io/kubectl/pkg/util/term@0.29.6 - › - k8s.io/client-go/tools/remotecommand@0.29.6 - › - k8s.io/client-go/transport/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/proxy@0.29.6 - › - golang.org/x/net/html@0.25.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#adb68bcaab73 - › - k8s.io/kubectl/pkg/cmd/util@0.29.6 - › - k8s.io/kubectl/pkg/util/templates@0.29.6 - › - k8s.io/kubectl/pkg/util/term@0.29.6 - › - k8s.io/client-go/tools/remotecommand@0.29.6 - › - k8s.io/client-go/transport/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/proxy@0.29.6 - › - golang.org/x/net/html@0.25.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/cache@#adb68bcaab73 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#adb68bcaab73 - › - k8s.io/kubectl/pkg/cmd/util@0.29.6 - › - k8s.io/kubectl/pkg/util/templates@0.29.6 - › - k8s.io/kubectl/pkg/util/term@0.29.6 - › - k8s.io/client-go/tools/remotecommand@0.29.6 - › - k8s.io/client-go/transport/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/proxy@0.29.6 - › - golang.org/x/net/html@0.25.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/health@#adb68bcaab73 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#adb68bcaab73 - › - k8s.io/kubectl/pkg/cmd/util@0.29.6 - › - k8s.io/kubectl/pkg/util/templates@0.29.6 - › - k8s.io/kubectl/pkg/util/term@0.29.6 - › - k8s.io/client-go/tools/remotecommand@0.29.6 - › - k8s.io/client-go/transport/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/proxy@0.29.6 - › - golang.org/x/net/html@0.25.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#adb68bcaab73 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#adb68bcaab73 - › - k8s.io/kubectl/pkg/cmd/util@0.29.6 - › - k8s.io/kubectl/pkg/util/templates@0.29.6 - › - k8s.io/kubectl/pkg/util/term@0.29.6 - › - k8s.io/client-go/tools/remotecommand@0.29.6 - › - k8s.io/client-go/transport/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/proxy@0.29.6 - › - golang.org/x/net/html@0.25.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/hook@#adb68bcaab73 - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#adb68bcaab73 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#adb68bcaab73 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#adb68bcaab73 - › - k8s.io/kubectl/pkg/cmd/util@0.29.6 - › - k8s.io/kubectl/pkg/util/templates@0.29.6 - › - k8s.io/kubectl/pkg/util/term@0.29.6 - › - k8s.io/client-go/tools/remotecommand@0.29.6 - › - k8s.io/client-go/transport/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/proxy@0.29.6 - › - golang.org/x/net/html@0.25.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#adb68bcaab73 - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#adb68bcaab73 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#adb68bcaab73 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#adb68bcaab73 - › - k8s.io/kubectl/pkg/cmd/util@0.29.6 - › - k8s.io/kubectl/pkg/util/templates@0.29.6 - › - k8s.io/kubectl/pkg/util/term@0.29.6 - › - k8s.io/client-go/tools/remotecommand@0.29.6 - › - k8s.io/client-go/transport/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/proxy@0.29.6 - › - golang.org/x/net/html@0.25.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#adb68bcaab73 - › - github.com/argoproj/gitops-engine/pkg/sync/hook@#adb68bcaab73 - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#adb68bcaab73 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#adb68bcaab73 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#adb68bcaab73 - › - k8s.io/kubectl/pkg/cmd/util@0.29.6 - › - k8s.io/kubectl/pkg/util/templates@0.29.6 - › - k8s.io/kubectl/pkg/util/term@0.29.6 - › - k8s.io/client-go/tools/remotecommand@0.29.6 - › - k8s.io/client-go/transport/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 - › - k8s.io/apimachinery/pkg/util/proxy@0.29.6 - › - golang.org/x/net/html@0.25.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

                            -

                            Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions parseDoctype, htmlIntegrationPoint, inBodyIM and inTableIM due to inefficient usage of the method strings.ToLower combining with the == operator to convert strings to lowercase and then comparing them.

                            -

                            An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.

                            -

                            Details

                            -

                            Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                            -

                            Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

                            -

                            One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

                            -

                            When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

                            -

                            Two common types of DoS vulnerabilities:

                            -
                              -

                            • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

                              -
                              • -

                            • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

                              -
                              • -
                            -

                            Remediation

                            -

                            Upgrade golang.org/x/net/html to version 0.33.0 or higher.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            Allocation of Resources Without Limits or Throttling

                            -
                            - -
                            - high severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Vulnerable module: - - github.com/go-git/go-git/v5/plumbing -
                              • - -
                            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/go-git/go-git/v5/plumbing@5.12.0 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/config@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/utils/merkletrie/filesystem@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/config@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/utils/merkletrie/index@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/objfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/config@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/cache@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/idxfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/utils/merkletrie/index@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/utils/binary@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/config@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/object@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/utils/binary@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/object@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/object@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/diff@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/objfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/config@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/config@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/cache@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/object@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/diff@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/idxfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/utils/binary@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/config@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/utils/binary@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/utils/binary@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/utils/binary@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            github.com/go-git/go-git/v5/plumbing is a highly extensible git implementation library written in pure Go.

                            -

                            Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via specially crafted responses from a Git server, which triggers resource exhaustion in clients.

                            -

                            Workaround

                            -

                            In cases where a bump to the latest version of go-git is not possible, we recommend limiting its use to only trustworthy Git servers.

                            -

                            Remediation

                            -

                            Upgrade github.com/go-git/go-git/v5/plumbing to version 5.13.0 or higher.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            LGPL-3.0 license

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Module: - - gopkg.in/retry.v1 -
                              • - -
                            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - gopkg.in/retry.v1@1.0.3 - - - -
                              • -
                            - -
                            - -
                            - -

                            LGPL-3.0 license

                            - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            Denial of Service (DoS)

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Vulnerable module: - - github.com/rs/cors -
                              • - -
                            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 and others -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - › - github.com/rs/cors@1.9.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            Affected versions of this package are vulnerable to Denial of Service (DoS) through the processing of malicious preflight requests that include a Access-Control-Request-Headers header with excessive commas. An attacker can induce excessive memory consumption and potentially crash the server by sending specially crafted requests.

                            -

                            PoC

                            - 
                            
-        func BenchmarkPreflightAdversarialACRH(b *testing.B) {
-            resps := makeFakeResponses(b.N)
-            req, _ := http.NewRequest(http.MethodOptions, dummyEndpoint, nil)
-            req.Header.Add(headerOrigin, dummyOrigin)
-            req.Header.Add(headerACRM, http.MethodGet)
-            req.Header[headerACRH] = adversarialACRH
-            handler := Default().Handler(testHandler)
-        
-            b.ReportAllocs()
-            b.ResetTimer()
-            for i := 0; i < b.N; i++ {
-                handler.ServeHTTP(resps[i], req)
-            }
-        }
-        
-        var adversarialACRH []string
-        
-        func init() { // populates adversarialACRH
-            n := int(math.Floor(math.Sqrt(http.DefaultMaxHeaderBytes)))
-            commas := strings.Repeat(",", n)
-            res := make([]string, n)
-            for i := range res {
-                res[i] = commas
-            }
-            adversarialACRH = res
-        }
-
                            -

                            Details

                            -

                            Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                            -

                            Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

                            -

                            One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

                            -

                            When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

                            -

                            Two common types of DoS vulnerabilities:

                            -
                              -

                            • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

                              -
                              • -

                            • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

                              -
                              • -
                            -

                            Remediation

                            -

                            Upgrade github.com/rs/cors to version 1.11.0 or higher.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            MPL-2.0 license

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Module: - - github.com/r3labs/diff -
                              • - -
                            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/r3labs/diff@1.1.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            MPL-2.0 license

                            - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            MPL-2.0 license

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Module: - - github.com/hashicorp/go-version -
                              • - -
                            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.18.0 and others -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - code.gitea.io/sdk/gitea@0.18.0 - › - github.com/hashicorp/go-version@1.6.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            MPL-2.0 license

                            - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            MPL-2.0 license

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Module: - - github.com/hashicorp/go-retryablehttp -
                              • - -
                            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.7 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/xanzy/go-gitlab@0.91.1 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            - -
                            - -
                            - -

                            MPL-2.0 license

                            - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            MPL-2.0 license

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Module: - - github.com/hashicorp/go-cleanhttp -
                              • - -
                            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.7 and others -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/xanzy/go-gitlab@0.91.1 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/xanzy/go-gitlab@0.91.1 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
                              • -
                            - -
                            - -
                            - -

                            MPL-2.0 license

                            - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            MPL-2.0 license

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Module: - - github.com/gosimple/slug -
                              • - -
                            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/gosimple/slug@1.13.1 - - - -
                              • -
                            - -
                            - -
                            - -

                            MPL-2.0 license

                            - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            Arbitrary Argument Injection

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Vulnerable module: - - github.com/go-git/go-git/v5/plumbing/transport -
                              • - -
                            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/git@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/git@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            Affected versions of this package are vulnerable to Arbitrary Argument Injection via a malicious URL value, which allows an attacker to set flags on the git-upload-pack command, if the file: protocol is in use.

                            -

                            Remediation

                            -

                            Upgrade github.com/go-git/go-git/v5/plumbing/transport to version 5.13.0 or higher.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Vulnerable module: - - github.com/Azure/azure-sdk-for-go/sdk/azidentity -
                              • - -
                            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            github.com/Azure/azure-sdk-for-go/sdk/azidentity is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.

                            -

                            Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

                            -

                            Notes:

                            -
                              -

                            1. An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;

                              -
                              2. -

                            2. An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;

                              -
                              3. -

                            3. The vulnerability exists in the following credential types: DefaultAzureCredential and ManagedIdentityCredential;

                              -
                              4. -

                            4. The vulnerability exists in the following credential types:

                              -
                              5. -
                            -

                            ManagedIdentityApplication (.NET)

                            -

                            ManagedIdentityApplication (Java)

                            -

                            ManagedIdentityApplication (Node.js)

                            -

                            Remediation

                            -

                            Upgrade github.com/Azure/azure-sdk-for-go/sdk/azidentity to version 1.6.0 or higher.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            Regular Expression Denial of Service (ReDoS)

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd › ui/yarn.lock -
                              • -
                            • - Package Manager: npm -
                              • -
                            • - Vulnerable module: - - foundation-sites -
                              • - -
                            • Introduced through: - - argo-cd-ui@1.0.0 and foundation-sites@6.8.1 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - argo-cd-ui@1.0.0 - › - foundation-sites@6.8.1 - - - -
                              • -
                            • - Introduced through: - argo-cd-ui@1.0.0 - › - argo-ui@1.0.0 - › - foundation-sites@6.8.1 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            foundation-sites is a responsive front-end framework

                            -

                            Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to inefficient backtracking in the regular expressions used in URL forms.

                            -

                            PoC

                            - 
                            https://www.''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
-
                            -

                            Details

                            -

                            Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

                            -

                            The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

                            -

                            Let’s take the following regular expression as an example:

                            - 
                            regex = /A(B|C+)+D/
-
                            -

                            This regular expression accomplishes the following:

                            -
                              -
                            • A The string must start with the letter 'A'
                              • -
                            • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
                              • -
                            • D Finally, we ensure this section of the string ends with a 'D'
                              • -
                            -

                            The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

                            -

                            It most cases, it doesn't take very long for a regex engine to find a match:

                            - 
                            $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
                            -

                            The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

                            -

                            Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

                            -

                            Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

                            -
                              -
                            1. CCC
                              2. -
                            2. CC+C
                              3. -
                            3. C+CC
                              4. -
                            4. C+C+C.
                              5. -
                            -

                            The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

                            -

                            From there, the number of steps the engine must use to validate a string just continues to grow.

                            - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                            StringNumber of C'sNumber of steps
                            ACCCX338
                            ACCCCX471
                            ACCCCCX5136
                            ACCCCCCCCCCCCCCX1465,553
                            -

                            By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

                            -

                            Remediation

                            -

                            There is no fixed version for foundation-sites.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            Insufficient Documentation of Error Handling Techniques

                            -
                            - -
                            - low severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Vulnerable module: - - github.com/golang-jwt/jwt/v4 -
                              • - -
                            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/golang-jwt/jwt/v4@4.5.0 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - › - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - › - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - › - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - › - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - github.com/Azure/go-autorest/autorest/azure@0.11.29 - › - github.com/Azure/go-autorest/autorest@0.11.29 - › - github.com/Azure/go-autorest/autorest/adal@0.9.23 - › - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - › - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - › - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the ParseWithClaims function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.

                            -

                            Workaround

                            -

                            Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see example_test.go

                            -

                            Remediation

                            -

                            Upgrade github.com/golang-jwt/jwt/v4 to version 4.5.1 or higher.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            Insufficient Documentation of Error Handling Techniques

                            -
                            - -
                            - low severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Vulnerable module: - - github.com/golang-jwt/jwt -
                              • - -
                            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential@0.5.2 - › - github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/accesstokens@0.5.2 - › - github.com/golang-jwt/jwt@3.2.2 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the ParseWithClaims function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.

                            -

                            Workaround

                            -

                            Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see example_test.go

                            -

                            Remediation

                            -

                            A fix was pushed into the master branch but not yet published.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -
                            -
                            - - - diff --git a/docs/snyk/v2.13.3/argocd-test.html b/docs/snyk/v2.13.3/argocd-test.html deleted file mode 100644 index 308b15110c554..0000000000000 --- a/docs/snyk/v2.13.3/argocd-test.html +++ /dev/null @@ -1,3915 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
                            -
                            -
                            -
                            - - - Snyk - Open Source Security - - - - - - - -
                            -

                            Snyk test report

                            - -

                            January 12th 2025, 12:25:37 am (UTC+00:00)

                            -
                            -
                            - Scanned the following paths: -
                              -
                            • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
                              • -
                            • /argo-cd/ui/yarn.lock (yarn)
                              • -
                            -
                            - -
                            -
                            14 known vulnerabilities
                            -
                            153 vulnerable dependency paths
                            -
                            2131 dependencies
                            -
                            -
                            -
                            -
                            - -
                            -
                            -
                            -

                            Incorrect Implementation of Authentication Algorithm

                            -
                            - -
                            - critical severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Vulnerable module: - - golang.org/x/crypto/ssh -
                              • - -
                            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.27.0 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - golang.org/x/crypto/ssh@0.27.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - code.gitea.io/sdk/gitea@0.19.0 - › - golang.org/x/crypto/ssh@0.27.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - golang.org/x/crypto/ssh/knownhosts@0.27.0 - › - golang.org/x/crypto/ssh@0.27.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - golang.org/x/crypto/ssh@0.27.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - code.gitea.io/sdk/gitea@0.19.0 - › - github.com/go-fed/httpsig@1.1.0 - › - golang.org/x/crypto/ssh@0.27.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh@0.27.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - code.gitea.io/sdk/gitea@0.19.0 - › - golang.org/x/crypto/ssh/agent@0.27.0 - › - golang.org/x/crypto/ssh@0.27.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - golang.org/x/crypto/ssh@0.27.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.27.0 - › - golang.org/x/crypto/ssh@0.27.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh/knownhosts@0.27.0 - › - golang.org/x/crypto/ssh@0.27.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh@0.27.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - golang.org/x/crypto/ssh@0.27.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.27.0 - › - golang.org/x/crypto/ssh@0.27.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh/knownhosts@0.27.0 - › - golang.org/x/crypto/ssh@0.27.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh@0.27.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/xanzy/ssh-agent@0.3.3 - › - golang.org/x/crypto/ssh/agent@0.27.0 - › - golang.org/x/crypto/ssh@0.27.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/skeema/knownhosts@1.2.2 - › - golang.org/x/crypto/ssh/knownhosts@0.27.0 - › - golang.org/x/crypto/ssh@0.27.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            golang.org/x/crypto/ssh is a SSH client and server

                            -

                            Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

                            -

                            Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

                            -

                            Remediation

                            -

                            Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            Denial of Service (DoS)

                            -
                            - -
                            - high severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Vulnerable module: - - golang.org/x/net/html -
                              • - -
                            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/client-go/tools/portforward@0.31.0 and others -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/portforward@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.0 - › - golang.org/x/net/html@0.29.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.0 - › - golang.org/x/net/html@0.29.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.0 - › - golang.org/x/net/html@0.29.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.0 - › - golang.org/x/net/html@0.29.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/diff@#bd7681ae3f8b - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.0 - › - golang.org/x/net/html@0.29.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync@#bd7681ae3f8b - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.0 - › - golang.org/x/net/html@0.29.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#bd7681ae3f8b - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.0 - › - golang.org/x/net/html@0.29.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/cache@#bd7681ae3f8b - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#bd7681ae3f8b - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.0 - › - golang.org/x/net/html@0.29.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/health@#bd7681ae3f8b - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#bd7681ae3f8b - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.0 - › - golang.org/x/net/html@0.29.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#bd7681ae3f8b - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#bd7681ae3f8b - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.0 - › - golang.org/x/net/html@0.29.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/hook@#bd7681ae3f8b - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#bd7681ae3f8b - › - github.com/argoproj/gitops-engine/pkg/sync/common@#bd7681ae3f8b - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#bd7681ae3f8b - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.0 - › - golang.org/x/net/html@0.29.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#bd7681ae3f8b - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#bd7681ae3f8b - › - github.com/argoproj/gitops-engine/pkg/sync/common@#bd7681ae3f8b - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#bd7681ae3f8b - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.0 - › - golang.org/x/net/html@0.29.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#bd7681ae3f8b - › - github.com/argoproj/gitops-engine/pkg/sync/hook@#bd7681ae3f8b - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#bd7681ae3f8b - › - github.com/argoproj/gitops-engine/pkg/sync/common@#bd7681ae3f8b - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#bd7681ae3f8b - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.0 - › - golang.org/x/net/html@0.29.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

                            -

                            Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions parseDoctype, htmlIntegrationPoint, inBodyIM and inTableIM due to inefficient usage of the method strings.ToLower combining with the == operator to convert strings to lowercase and then comparing them.

                            -

                            An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.

                            -

                            Details

                            -

                            Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                            -

                            Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

                            -

                            One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

                            -

                            When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

                            -

                            Two common types of DoS vulnerabilities:

                            -
                              -

                            • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

                              -
                              • -

                            • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

                              -
                              • -
                            -

                            Remediation

                            -

                            Upgrade golang.org/x/net/html to version 0.33.0 or higher.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            Allocation of Resources Without Limits or Throttling

                            -
                            - -
                            - high severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Vulnerable module: - - github.com/go-git/go-git/v5/plumbing -
                              • - -
                            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/go-git/go-git/v5/plumbing@5.12.0 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/config@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/utils/merkletrie/filesystem@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/config@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/utils/merkletrie/index@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/objfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/config@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/cache@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/idxfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/utils/merkletrie/index@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/utils/binary@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/config@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/object@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/utils/binary@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/object@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/object@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/diff@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/objfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/config@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/config@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/cache@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/revlist@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/object@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/diff@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem@5.12.0 - › - github.com/go-git/go-git/v5/storage/filesystem/dotgit@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/packfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/idxfile@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/utils/binary@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/config@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/utils/binary@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/utils/binary@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/protocol/packp@5.12.0 - › - github.com/go-git/go-git/v5/storage/memory@5.12.0 - › - github.com/go-git/go-git/v5/storage@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/storer@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/format/index@5.12.0 - › - github.com/go-git/go-git/v5/utils/binary@5.12.0 - › - github.com/go-git/go-git/v5/plumbing@5.12.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            github.com/go-git/go-git/v5/plumbing is a highly extensible git implementation library written in pure Go.

                            -

                            Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via specially crafted responses from a Git server, which triggers resource exhaustion in clients.

                            -

                            Workaround

                            -

                            In cases where a bump to the latest version of go-git is not possible, we recommend limiting its use to only trustworthy Git servers.

                            -

                            Remediation

                            -

                            Upgrade github.com/go-git/go-git/v5/plumbing to version 5.13.0 or higher.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            LGPL-3.0 license

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Module: - - gopkg.in/retry.v1 -
                              • - -
                            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - gopkg.in/retry.v1@1.0.3 - - - -
                              • -
                            - -
                            - -
                            - -

                            LGPL-3.0 license

                            - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            MPL-2.0 license

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Module: - - github.com/r3labs/diff -
                              • - -
                            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/r3labs/diff@1.1.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            MPL-2.0 license

                            - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            MPL-2.0 license

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Module: - - github.com/hashicorp/go-version -
                              • - -
                            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.19.0 and others -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - code.gitea.io/sdk/gitea@0.19.0 - › - github.com/hashicorp/go-version@1.6.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            MPL-2.0 license

                            - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            MPL-2.0 license

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Module: - - github.com/hashicorp/go-retryablehttp -
                              • - -
                            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.7 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/xanzy/go-gitlab@0.109.0 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
                              • -
                            - -
                            - -
                            - -

                            MPL-2.0 license

                            - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            MPL-2.0 license

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Module: - - github.com/hashicorp/go-cleanhttp -
                              • - -
                            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.7 and others -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/xanzy/go-gitlab@0.109.0 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/xanzy/go-gitlab@0.109.0 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - › - github.com/hashicorp/go-retryablehttp@0.7.7 - › - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
                              • -
                            - -
                            - -
                            - -

                            MPL-2.0 license

                            - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            MPL-2.0 license

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Module: - - github.com/gosimple/slug -
                              • - -
                            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.14.0 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/gosimple/slug@1.14.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            MPL-2.0 license

                            - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            Arbitrary Argument Injection

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Vulnerable module: - - github.com/go-git/go-git/v5/plumbing/transport -
                              • - -
                            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/git@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/git@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/http@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/file@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/server@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/go-git/go-git/v5@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport/internal/common@5.12.0 - › - github.com/go-git/go-git/v5/plumbing/transport@5.12.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            Affected versions of this package are vulnerable to Arbitrary Argument Injection via a malicious URL value, which allows an attacker to set flags on the git-upload-pack command, if the file: protocol is in use.

                            -

                            Remediation

                            -

                            Upgrade github.com/go-git/go-git/v5/plumbing/transport to version 5.13.0 or higher.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Vulnerable module: - - github.com/Azure/azure-sdk-for-go/sdk/azidentity -
                              • - -
                            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            github.com/Azure/azure-sdk-for-go/sdk/azidentity is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.

                            -

                            Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

                            -

                            Notes:

                            -
                              -

                            1. An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;

                              -
                              2. -

                            2. An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;

                              -
                              3. -

                            3. The vulnerability exists in the following credential types: DefaultAzureCredential and ManagedIdentityCredential;

                              -
                              4. -

                            4. The vulnerability exists in the following credential types:

                              -
                              5. -
                            -

                            ManagedIdentityApplication (.NET)

                            -

                            ManagedIdentityApplication (Java)

                            -

                            ManagedIdentityApplication (Node.js)

                            -

                            Remediation

                            -

                            Upgrade github.com/Azure/azure-sdk-for-go/sdk/azidentity to version 1.6.0 or higher.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            Regular Expression Denial of Service (ReDoS)

                            -
                            - -
                            - medium severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd › ui/yarn.lock -
                              • -
                            • - Package Manager: npm -
                              • -
                            • - Vulnerable module: - - foundation-sites -
                              • - -
                            • Introduced through: - - argo-cd-ui@1.0.0 and foundation-sites@6.8.1 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - argo-cd-ui@1.0.0 - › - foundation-sites@6.8.1 - - - -
                              • -
                            • - Introduced through: - argo-cd-ui@1.0.0 - › - argo-ui@1.0.0 - › - foundation-sites@6.8.1 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            foundation-sites is a responsive front-end framework

                            -

                            Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to inefficient backtracking in the regular expressions used in URL forms.

                            -

                            PoC

                            - 
                            https://www.''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
-
                            -

                            Details

                            -

                            Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

                            -

                            The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

                            -

                            Let’s take the following regular expression as an example:

                            - 
                            regex = /A(B|C+)+D/
-
                            -

                            This regular expression accomplishes the following:

                            -
                              -
                            • A The string must start with the letter 'A'
                              • -
                            • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
                              • -
                            • D Finally, we ensure this section of the string ends with a 'D'
                              • -
                            -

                            The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

                            -

                            It most cases, it doesn't take very long for a regex engine to find a match:

                            - 
                            $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
                            -

                            The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

                            -

                            Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

                            -

                            Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

                            -
                              -
                            1. CCC
                              2. -
                            2. CC+C
                              3. -
                            3. C+CC
                              4. -
                            4. C+C+C.
                              5. -
                            -

                            The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

                            -

                            From there, the number of steps the engine must use to validate a string just continues to grow.

                            - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                            StringNumber of C'sNumber of steps
                            ACCCX338
                            ACCCCX471
                            ACCCCCX5136
                            ACCCCCCCCCCCCCCX1465,553
                            -

                            By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

                            -

                            Remediation

                            -

                            There is no fixed version for foundation-sites.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            Insufficient Documentation of Error Handling Techniques

                            -
                            - -
                            - low severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Vulnerable module: - - github.com/golang-jwt/jwt/v4 -
                              • - -
                            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/golang-jwt/jwt/v4@4.5.0 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/bradleyfalzon/ghinstallation/v2@2.11.0 - › - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/bradleyfalzon/ghinstallation/v2@2.11.0 - › - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/bradleyfalzon/ghinstallation/v2@2.11.0 - › - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/bradleyfalzon/ghinstallation/v2@2.11.0 - › - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - github.com/Azure/go-autorest/autorest/azure@0.11.29 - › - github.com/Azure/go-autorest/autorest@0.11.29 - › - github.com/Azure/go-autorest/autorest/adal@0.9.23 - › - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/bradleyfalzon/ghinstallation/v2@2.11.0 - › - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
                              • -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - › - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - › - github.com/bradleyfalzon/ghinstallation/v2@2.11.0 - › - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the ParseWithClaims function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.

                            -

                            Workaround

                            -

                            Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see example_test.go

                            -

                            Remediation

                            -

                            Upgrade github.com/golang-jwt/jwt/v4 to version 4.5.1 or higher.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -

                            Insufficient Documentation of Error Handling Techniques

                            -
                            - -
                            - low severity -
                            - -
                            - -
                              -
                            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Vulnerable module: - - github.com/golang-jwt/jwt -
                              • - -
                            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/Azure/kubelogin/pkg/token@0.0.20 - › - github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential@0.5.2 - › - github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/accesstokens@0.5.2 - › - github.com/golang-jwt/jwt@3.2.2 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the ParseWithClaims function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.

                            -

                            Workaround

                            -

                            Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see example_test.go

                            -

                            Remediation

                            -

                            A fix was pushed into the master branch but not yet published.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -
                            -
                            -
                            -
                            - - - diff --git a/docs/snyk/v2.13.3/argocd-iac-install.html b/docs/snyk/v2.13.4/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.13.3/argocd-iac-install.html rename to docs/snyk/v2.13.4/argocd-iac-install.html index 1f00315678609..ea7f0465dc980 100644 --- a/docs/snyk/v2.13.3/argocd-iac-install.html +++ b/docs/snyk/v2.13.4/argocd-iac-install.html @@ -456,7 +456,7 @@

                            Snyk test report

                            -

                            January 12th 2025, 12:27:45 am (UTC+00:00)

                            +

                            February 2nd 2025, 12:26:21 am (UTC+00:00)

                            Scanned the following path: diff --git a/docs/snyk/v2.13.3/argocd-iac-namespace-install.html b/docs/snyk/v2.13.4/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.13.3/argocd-iac-namespace-install.html rename to docs/snyk/v2.13.4/argocd-iac-namespace-install.html index 96ad6f64733dd..11719bbcfdd68 100644 --- a/docs/snyk/v2.13.3/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.13.4/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

                            Snyk test report

                            -

                            January 12th 2025, 12:28:00 am (UTC+00:00)

                            +

                            February 2nd 2025, 12:26:38 am (UTC+00:00)

                            Scanned the following path: diff --git a/docs/snyk/v2.13.4/argocd-test.html b/docs/snyk/v2.13.4/argocd-test.html new file mode 100644 index 0000000000000..d7649b64afc6a --- /dev/null +++ b/docs/snyk/v2.13.4/argocd-test.html @@ -0,0 +1,1602 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
                            +
                            +
                            +
                            + + + Snyk - Open Source Security + + + + + + + +
                            +

                            Snyk test report

                            + +

                            February 2nd 2025, 12:24:15 am (UTC+00:00)

                            +
                            +
                            + Scanned the following paths: +
                              +
                            • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
                              • +
                            • /argo-cd/ui/yarn.lock (yarn)
                              • +
                            +
                            + +
                            +
                            10 known vulnerabilities
                            +
                            36 vulnerable dependency paths
                            +
                            2141 dependencies
                            +
                            +
                            +
                            +
                            + +
                            +
                            +
                            +

                            LGPL-3.0 license

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
                              • +
                            • + Package Manager: golang +
                              • +
                            • + Module: + + gopkg.in/retry.v1 +
                              • + +
                            • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/Azure/kubelogin/pkg/token@0.0.20 + › + gopkg.in/retry.v1@1.0.3 + + + +
                              • +
                            + +
                            + +
                            + +

                            LGPL-3.0 license

                            + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            MPL-2.0 license

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
                              • +
                            • + Package Manager: golang +
                              • +
                            • + Module: + + github.com/r3labs/diff +
                              • + +
                            • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/r3labs/diff@1.1.0 + + + +
                              • +
                            + +
                            + +
                            + +

                            MPL-2.0 license

                            + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            MPL-2.0 license

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
                              • +
                            • + Package Manager: golang +
                              • +
                            • + Module: + + github.com/hashicorp/go-version +
                              • + +
                            • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.19.0 and others +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + code.gitea.io/sdk/gitea@0.19.0 + › + github.com/hashicorp/go-version@1.6.0 + + + +
                              • +
                            + +
                            + +
                            + +

                            MPL-2.0 license

                            + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            MPL-2.0 license

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
                              • +
                            • + Package Manager: golang +
                              • +
                            • + Module: + + github.com/hashicorp/go-retryablehttp +
                              • + +
                            • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.7 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/xanzy/go-gitlab@0.109.0 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
                              • +
                            + +
                            + +
                            + +

                            MPL-2.0 license

                            + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            MPL-2.0 license

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
                              • +
                            • + Package Manager: golang +
                              • +
                            • + Module: + + github.com/hashicorp/go-cleanhttp +
                              • + +
                            • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.7 and others +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + › + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/xanzy/go-gitlab@0.109.0 + › + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/xanzy/go-gitlab@0.109.0 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + › + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + › + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + › + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + › + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + › + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + › + github.com/hashicorp/go-retryablehttp@0.7.7 + › + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
                              • +
                            + +
                            + +
                            + +

                            MPL-2.0 license

                            + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            MPL-2.0 license

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
                              • +
                            • + Package Manager: golang +
                              • +
                            • + Module: + + github.com/gosimple/slug +
                              • + +
                            • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.14.0 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/gosimple/slug@1.14.0 + + + +
                              • +
                            + +
                            + +
                            + +

                            MPL-2.0 license

                            + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
                              • +
                            • + Package Manager: golang +
                              • +
                            • + Vulnerable module: + + github.com/Azure/azure-sdk-for-go/sdk/azidentity +
                              • + +
                            • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/Azure/kubelogin/pkg/token@0.0.20 + › + github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0 + + + +
                              • +
                            + +
                            + +
                            + +

                            Overview

                            +

                            github.com/Azure/azure-sdk-for-go/sdk/azidentity is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.

                            +

                            Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

                            +

                            Notes:

                            +
                              +

                            1. An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;

                              +
                              2. +

                            2. An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;

                              +
                              3. +

                            3. The vulnerability exists in the following credential types: DefaultAzureCredential and ManagedIdentityCredential;

                              +
                              4. +

                            4. The vulnerability exists in the following credential types:

                              +
                              5. +
                            +

                            ManagedIdentityApplication (.NET)

                            +

                            ManagedIdentityApplication (Java)

                            +

                            ManagedIdentityApplication (Node.js)

                            +

                            Remediation

                            +

                            Upgrade github.com/Azure/azure-sdk-for-go/sdk/azidentity to version 1.6.0 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            Regular Expression Denial of Service (ReDoS)

                            +
                            + +
                            + medium severity +
                            + +
                            + +
                              +
                            • + Manifest file: /argo-cd › ui/yarn.lock +
                              • +
                            • + Package Manager: npm +
                              • +
                            • + Vulnerable module: + + foundation-sites +
                              • + +
                            • Introduced through: + + argo-cd-ui@1.0.0 and foundation-sites@6.8.1 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + argo-cd-ui@1.0.0 + › + foundation-sites@6.8.1 + + + +
                              • +
                            • + Introduced through: + argo-cd-ui@1.0.0 + › + argo-ui@1.0.0 + › + foundation-sites@6.8.1 + + + +
                              • +
                            + +
                            + +
                            + +

                            Overview

                            +

                            foundation-sites is a responsive front-end framework

                            +

                            Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to inefficient backtracking in the regular expressions used in URL forms.

                            +

                            PoC

                            + 
                            https://www.''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
+
                            +

                            Details

                            +

                            Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

                            +

                            The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

                            +

                            Let’s take the following regular expression as an example:

                            + 
                            regex = /A(B|C+)+D/
+
                            +

                            This regular expression accomplishes the following:

                            +
                              +
                            • A The string must start with the letter 'A'
                              • +
                            • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
                              • +
                            • D Finally, we ensure this section of the string ends with a 'D'
                              • +
                            +

                            The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

                            +

                            It most cases, it doesn't take very long for a regex engine to find a match:

                            + 
                            $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
                            +

                            The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

                            +

                            Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

                            +

                            Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

                            +
                              +
                            1. CCC
                              2. +
                            2. CC+C
                              3. +
                            3. C+CC
                              4. +
                            4. C+C+C.
                              5. +
                            +

                            The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

                            +

                            From there, the number of steps the engine must use to validate a string just continues to grow.

                            + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                            StringNumber of C'sNumber of steps
                            ACCCX338
                            ACCCCX471
                            ACCCCCX5136
                            ACCCCCCCCCCCCCCX1465,553
                            +

                            By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

                            +

                            Remediation

                            +

                            There is no fixed version for foundation-sites.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            Insufficient Documentation of Error Handling Techniques

                            +
                            + +
                            + low severity +
                            + +
                            + +
                              +
                            • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
                              • +
                            • + Package Manager: golang +
                              • +
                            • + Vulnerable module: + + github.com/golang-jwt/jwt/v4 +
                              • + +
                            • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/golang-jwt/jwt/v4@4.5.0 + +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/bradleyfalzon/ghinstallation/v2@2.11.0 + › + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/bradleyfalzon/ghinstallation/v2@2.11.0 + › + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/bradleyfalzon/ghinstallation/v2@2.11.0 + › + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/bradleyfalzon/ghinstallation/v2@2.11.0 + › + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/Azure/kubelogin/pkg/token@0.0.20 + › + github.com/Azure/go-autorest/autorest/azure@0.11.29 + › + github.com/Azure/go-autorest/autorest@0.11.29 + › + github.com/Azure/go-autorest/autorest/adal@0.9.23 + › + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/bradleyfalzon/ghinstallation/v2@2.11.0 + › + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
                              • +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + › + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + › + github.com/bradleyfalzon/ghinstallation/v2@2.11.0 + › + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
                              • +
                            + +
                            + +
                            + +

                            Overview

                            +

                            Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the ParseWithClaims function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.

                            +

                            Workaround

                            +

                            Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see example_test.go

                            +

                            Remediation

                            +

                            Upgrade github.com/golang-jwt/jwt/v4 to version 4.5.1 or higher.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +

                            Insufficient Documentation of Error Handling Techniques

                            +
                            + +
                            + low severity +
                            + +
                            + +
                              +
                            • + Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod +
                              • +
                            • + Package Manager: golang +
                              • +
                            • + Vulnerable module: + + github.com/golang-jwt/jwt +
                              • + +
                            • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others +
                              • +
                            + +
                            + + +

                            Detailed paths

                            + +
                              +
                            • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + › + github.com/Azure/kubelogin/pkg/token@0.0.20 + › + github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential@0.5.2 + › + github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/accesstokens@0.5.2 + › + github.com/golang-jwt/jwt@3.2.2 + + + +
                              • +
                            + +
                            + +
                            + +

                            Overview

                            +

                            Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the ParseWithClaims function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.

                            +

                            Workaround

                            +

                            Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see example_test.go

                            +

                            Remediation

                            +

                            A fix was pushed into the master branch but not yet published.

                            +

                            References

                            + + +
                            + +
                            +

                            More about this vulnerability

                            +
                            + +
                            +
                            +
                            +
                            + + + diff --git a/docs/snyk/v2.13.3/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v2.13.4/ghcr.io_dexidp_dex_v2.41.1.html similarity index 99% rename from docs/snyk/v2.13.3/ghcr.io_dexidp_dex_v2.41.1.html rename to docs/snyk/v2.13.4/ghcr.io_dexidp_dex_v2.41.1.html index 200861c3be48b..0bc09edfde962 100644 --- a/docs/snyk/v2.13.3/ghcr.io_dexidp_dex_v2.41.1.html +++ b/docs/snyk/v2.13.4/ghcr.io_dexidp_dex_v2.41.1.html @@ -456,7 +456,7 @@

                            Snyk test report

                            -

                            January 12th 2025, 12:25:45 am (UTC+00:00)

                            +

                            February 2nd 2025, 12:24:22 am (UTC+00:00)

                            Scanned the following paths: diff --git a/docs/snyk/v2.14.0-rc5/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.13.4/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html similarity index 99% rename from docs/snyk/v2.14.0-rc5/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html rename to docs/snyk/v2.13.4/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html index 419dd5f2c1e70..bf74aa1747043 100644 --- a/docs/snyk/v2.14.0-rc5/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html +++ b/docs/snyk/v2.13.4/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html @@ -456,7 +456,7 @@

                            Snyk test report

                            -

                            January 12th 2025, 12:23:03 am (UTC+00:00)

                            +

                            February 2nd 2025, 12:24:26 am (UTC+00:00)

                            Scanned the following path: diff --git a/docs/snyk/v2.12.9/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.13.4/public.ecr.aws_docker_library_redis_7.0.15-alpine.html similarity index 99% rename from docs/snyk/v2.12.9/public.ecr.aws_docker_library_redis_7.0.15-alpine.html rename to docs/snyk/v2.13.4/public.ecr.aws_docker_library_redis_7.0.15-alpine.html index df2a25d27441e..2c469a55ee7c8 100644 --- a/docs/snyk/v2.12.9/public.ecr.aws_docker_library_redis_7.0.15-alpine.html +++ b/docs/snyk/v2.13.4/public.ecr.aws_docker_library_redis_7.0.15-alpine.html @@ -456,7 +456,7 @@

                            Snyk test report

                            -

                            January 12th 2025, 12:28:36 am (UTC+00:00)

                            +

                            February 2nd 2025, 12:24:31 am (UTC+00:00)

                            Scanned the following paths: diff --git a/docs/snyk/v2.12.9/quay.io_argoproj_argocd_v2.12.9.html b/docs/snyk/v2.13.4/quay.io_argoproj_argocd_v2.13.4.html similarity index 89% rename from docs/snyk/v2.12.9/quay.io_argoproj_argocd_v2.12.9.html rename to docs/snyk/v2.13.4/quay.io_argoproj_argocd_v2.13.4.html index 65059ea67911d..d01097c474a34 100644 --- a/docs/snyk/v2.12.9/quay.io_argoproj_argocd_v2.12.9.html +++ b/docs/snyk/v2.13.4/quay.io_argoproj_argocd_v2.13.4.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

                            Snyk test report

                            -

                            January 12th 2025, 12:28:58 am (UTC+00:00)

                            +

                            February 2nd 2025, 12:24:50 am (UTC+00:00)

                            Scanned the following paths:
                              -
                            • quay.io/argoproj/argocd:v2.12.9/argoproj/argocd/Dockerfile (deb)
                              • -
                            • quay.io/argoproj/argocd:v2.12.9/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
                              • -
                            • quay.io/argoproj/argocd:v2.12.9//usr/local/bin/kustomize (gomodules)
                              • -
                            • quay.io/argoproj/argocd:v2.12.9/helm/v3//usr/local/bin/helm (gomodules)
                              • -
                            • quay.io/argoproj/argocd:v2.12.9/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
                              • +
                            • quay.io/argoproj/argocd:v2.13.4/argoproj/argocd/Dockerfile (deb)
                              • +
                            • quay.io/argoproj/argocd:v2.13.4/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
                              • +
                            • quay.io/argoproj/argocd:v2.13.4//usr/local/bin/kustomize (gomodules)
                              • +
                            • quay.io/argoproj/argocd:v2.13.4/helm/v3//usr/local/bin/helm (gomodules)
                              • +
                            • quay.io/argoproj/argocd:v2.13.4/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
                            -
                            28 known vulnerabilities
                            -
                            112 vulnerable dependency paths
                            -
                            2292 dependencies
                            +
                            26 known vulnerabilities
                            +
                            109 vulnerable dependency paths
                            +
                            2359 dependencies
                            @@ -480,80 +480,6 @@

                            Snyk test report

                            -
                            -

                            Incorrect Implementation of Authentication Algorithm

                            -
                            - -
                            - critical severity -
                            - -
                            - -
                              -
                            • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Vulnerable module: - - golang.org/x/crypto/ssh -
                              • - -
                            • Introduced through: - - github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.23.0 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - golang.org/x/crypto/ssh@v0.23.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            golang.org/x/crypto/ssh is a SSH client and server

                            -

                            Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

                            -

                            Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

                            -

                            Remediation

                            -

                            Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            - -

                            Denial of Service (DoS)

                            @@ -566,7 +492,7 @@

                            Denial of Service (DoS)

                            • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.4/helm/v3 › /usr/local/bin/helm
                            • Package Manager: golang @@ -579,7 +505,7 @@

                              Denial of Service (DoS)

                            • Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/html@v0.25.0 + helm.sh/helm/v3@* and golang.org/x/net/html@v0.23.0
                            @@ -590,15 +516,6 @@

                            Denial of Service (DoS)

                            Detailed paths

                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - golang.org/x/net/html@v0.25.0 - - - -
                            • Introduced through: helm.sh/helm/v3@* @@ -645,76 +562,6 @@

                              References

                              More about this vulnerability

                            -
                            -
                            -

                            Allocation of Resources Without Limits or Throttling

                            -
                            - -
                            - high severity -
                            - -
                            - -
                              -
                            • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd -
                              • -
                            • - Package Manager: golang -
                              • -
                            • - Vulnerable module: - - github.com/go-git/go-git/v5/plumbing -
                              • - -
                            • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/go-git/go-git/v5/plumbing@v5.12.0 - -
                              • -
                            - -
                            - - -

                            Detailed paths

                            - -
                              -
                            • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - github.com/go-git/go-git/v5/plumbing@v5.12.0 - - - -
                              • -
                            - -
                            - -
                            - -

                            Overview

                            -

                            github.com/go-git/go-git/v5/plumbing is a highly extensible git implementation library written in pure Go.

                            -

                            Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via specially crafted responses from a Git server, which triggers resource exhaustion in clients.

                            -

                            Workaround

                            -

                            In cases where a bump to the latest version of go-git is not possible, we recommend limiting its use to only trustworthy Git servers.

                            -

                            Remediation

                            -

                            Upgrade github.com/go-git/go-git/v5/plumbing to version 5.13.0 or higher.

                            -

                            References

                            - - -
                            - -
                            -

                            More about this vulnerability

                            -
                            -

                            CVE-2024-56433

                            @@ -728,7 +575,7 @@

                            CVE-2024-56433

                            • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argocd › Dockerfile
                            • Package Manager: ubuntu:24.04 @@ -741,7 +588,7 @@

                              CVE-2024-56433

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + docker-image|quay.io/argoproj/argocd@v2.13.4 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                            @@ -754,7 +601,7 @@

                            Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 @@ -763,7 +610,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › openssh/openssh-client@1:9.6p1-3ubuntu13.5 › @@ -774,7 +621,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › apt@2.7.14build2 › @@ -787,7 +634,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 @@ -833,7 +680,7 @@

                              Insecure Storage of Sensitive Information

                              • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argocd › Dockerfile
                              • Package Manager: ubuntu:24.04 @@ -846,7 +693,7 @@

                                Insecure Storage of Sensitive Information

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 and pam/libpam0g@1.5.3-5ubuntu5.1 + docker-image|quay.io/argoproj/argocd@v2.13.4 and pam/libpam0g@1.5.3-5ubuntu5.1
                              @@ -859,7 +706,7 @@

                              Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › pam/libpam0g@1.5.3-5ubuntu5.1 @@ -868,7 +715,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -879,9 +726,9 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - util-linux@2.39.3-9ubuntu6.1 + util-linux@2.39.3-9ubuntu6.2 › pam/libpam0g@1.5.3-5ubuntu5.1 @@ -890,7 +737,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › apt@2.7.14build2 › @@ -905,7 +752,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › apt@2.7.14build2 › @@ -922,7 +769,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › apt@2.7.14build2 › @@ -941,7 +788,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › pam/libpam-modules-bin@1.5.3-5ubuntu5.1 @@ -950,7 +797,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › apt@2.7.14build2 › @@ -967,7 +814,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › pam/libpam-modules@1.5.3-5ubuntu5.1 @@ -976,7 +823,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › pam/libpam-runtime@1.5.3-5ubuntu5.1 › @@ -987,7 +834,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -998,7 +845,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › apt@2.7.14build2 › @@ -1013,7 +860,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › pam/libpam-runtime@1.5.3-5ubuntu5.1 @@ -1022,7 +869,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -1072,7 +919,7 @@

                                Improper Authentication

                                • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argocd › Dockerfile
                                • Package Manager: ubuntu:24.04 @@ -1085,7 +932,7 @@

                                  Improper Authentication

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 and pam/libpam0g@1.5.3-5ubuntu5.1 + docker-image|quay.io/argoproj/argocd@v2.13.4 and pam/libpam0g@1.5.3-5ubuntu5.1
                                @@ -1098,7 +945,7 @@

                                Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › pam/libpam0g@1.5.3-5ubuntu5.1 @@ -1107,7 +954,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -1118,9 +965,9 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - util-linux@2.39.3-9ubuntu6.1 + util-linux@2.39.3-9ubuntu6.2 › pam/libpam0g@1.5.3-5ubuntu5.1 @@ -1129,7 +976,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › apt@2.7.14build2 › @@ -1144,7 +991,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › apt@2.7.14build2 › @@ -1161,7 +1008,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › apt@2.7.14build2 › @@ -1180,7 +1027,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › pam/libpam-modules-bin@1.5.3-5ubuntu5.1 @@ -1189,7 +1036,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › apt@2.7.14build2 › @@ -1206,7 +1053,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › pam/libpam-modules@1.5.3-5ubuntu5.1 @@ -1215,7 +1062,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › pam/libpam-runtime@1.5.3-5ubuntu5.1 › @@ -1226,7 +1073,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -1237,7 +1084,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › apt@2.7.14build2 › @@ -1252,7 +1099,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › pam/libpam-runtime@1.5.3-5ubuntu5.1 @@ -1261,7 +1108,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -1308,7 +1155,7 @@

                                  CVE-2024-26462

                                  • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argocd › Dockerfile
                                  • Package Manager: ubuntu:24.04 @@ -1322,7 +1169,7 @@

                                    CVE-2024-26462

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.13.4, git@1:2.43.0-1ubuntu7.2 and others
                                  @@ -1334,9 +1181,9 @@

                                  Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1349,9 +1196,9 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1366,9 +1213,9 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1381,9 +1228,9 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1398,9 +1245,9 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1417,9 +1264,9 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1432,7 +1279,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › openssh/openssh-client@1:9.6p1-3ubuntu13.5 › @@ -1443,9 +1290,9 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1456,9 +1303,9 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1471,7 +1318,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -1516,7 +1363,7 @@

                                    LGPL-3.0 license

                                    • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                                    • Package Manager: golang @@ -1565,7 +1412,7 @@

                                      Detailed paths

                            -

                            Denial of Service (DoS)

                            +

                            MPL-2.0 license

                            @@ -1576,20 +1423,20 @@

                            Denial of Service (DoS)

                            • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                            • Package Manager: golang
                            • - Vulnerable module: + Module: - github.com/rs/cors + github.com/r3labs/diff
                            • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/rs/cors@v1.9.0 + github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0
                            @@ -1604,7 +1451,7 @@

                            Detailed paths

                            Introduced through: github.com/argoproj/argo-cd/v2@* › - github.com/rs/cors@v1.9.0 + github.com/r3labs/diff@v1.1.0 @@ -1615,62 +1462,12 @@

                            Detailed paths

                            -

                            Overview

                            -

                            Affected versions of this package are vulnerable to Denial of Service (DoS) through the processing of malicious preflight requests that include a Access-Control-Request-Headers header with excessive commas. An attacker can induce excessive memory consumption and potentially crash the server by sending specially crafted requests.

                            -

                            PoC

                            - 
                            
-        func BenchmarkPreflightAdversarialACRH(b *testing.B) {
-            resps := makeFakeResponses(b.N)
-            req, _ := http.NewRequest(http.MethodOptions, dummyEndpoint, nil)
-            req.Header.Add(headerOrigin, dummyOrigin)
-            req.Header.Add(headerACRM, http.MethodGet)
-            req.Header[headerACRH] = adversarialACRH
-            handler := Default().Handler(testHandler)
-        
-            b.ReportAllocs()
-            b.ResetTimer()
-            for i := 0; i < b.N; i++ {
-                handler.ServeHTTP(resps[i], req)
-            }
-        }
-        
-        var adversarialACRH []string
-        
-        func init() { // populates adversarialACRH
-            n := int(math.Floor(math.Sqrt(http.DefaultMaxHeaderBytes)))
-            commas := strings.Repeat(",", n)
-            res := make([]string, n)
-            for i := range res {
-                res[i] = commas
-            }
-            adversarialACRH = res
-        }
-
                            -

                            Details

                            -

                            Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                            -

                            Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

                            -

                            One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

                            -

                            When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

                            -

                            Two common types of DoS vulnerabilities:

                            -
                              -

                            • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

                              -
                              • -

                            • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

                              -
                              • -
                            -

                            Remediation

                            -

                            Upgrade github.com/rs/cors to version 1.11.0 or higher.

                            -

                            References

                            - +

                            MPL-2.0 license

                            -

                            More about this vulnerability

                            +

                            More about this vulnerability

                            @@ -1686,7 +1483,7 @@

                            MPL-2.0 license

                            • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                            • Package Manager: golang @@ -1694,12 +1491,12 @@

                              MPL-2.0 license

                            • Module: - github.com/r3labs/diff + github.com/hashicorp/go-version
                            • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.6.0
                            @@ -1714,7 +1511,7 @@

                            Detailed paths

                            Introduced through: github.com/argoproj/argo-cd/v2@* › - github.com/r3labs/diff@v1.1.0 + github.com/hashicorp/go-version@v1.6.0 @@ -1730,7 +1527,7 @@

                            Detailed paths

                            -

                            More about this vulnerability

                            +

                            More about this vulnerability

                            @@ -1746,7 +1543,7 @@

                            MPL-2.0 license

                            • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                            • Package Manager: golang @@ -1754,12 +1551,12 @@

                              MPL-2.0 license

                            • Module: - github.com/hashicorp/go-version + github.com/hashicorp/go-retryablehttp
                            • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.6.0 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.7
                            @@ -1774,7 +1571,7 @@

                            Detailed paths

                            Introduced through: github.com/argoproj/argo-cd/v2@* › - github.com/hashicorp/go-version@v1.6.0 + github.com/hashicorp/go-retryablehttp@v0.7.7 @@ -1790,7 +1587,7 @@

                            Detailed paths

                            -

                            More about this vulnerability

                            +

                            More about this vulnerability

                            @@ -1806,7 +1603,7 @@

                            MPL-2.0 license

                            • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.4/helm/v3 › /usr/local/bin/helm
                            • Package Manager: golang @@ -1814,12 +1611,12 @@

                              MPL-2.0 license

                            • Module: - github.com/hashicorp/go-retryablehttp + github.com/hashicorp/go-multierror
                            • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.7 + helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1
                            @@ -1832,9 +1629,9 @@

                            Detailed paths

                            @@ -1866,7 +1663,7 @@

                            MPL-2.0 license

                            • - Manifest file: quay.io/argoproj/argocd:v2.12.9/helm/v3 › /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                            • Package Manager: golang @@ -1874,12 +1671,12 @@

                              MPL-2.0 license

                            • Module: - github.com/hashicorp/go-multierror + github.com/hashicorp/go-cleanhttp
                            • Introduced through: - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2
                            @@ -1892,9 +1689,9 @@

                            Detailed paths

                            @@ -1926,7 +1723,7 @@

                            MPL-2.0 license

                            • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                            • Package Manager: golang @@ -1934,12 +1731,12 @@

                              MPL-2.0 license

                            • Module: - github.com/hashicorp/go-cleanhttp + github.com/gosimple/slug
                            • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 + github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.14.0
                            @@ -1954,7 +1751,7 @@

                            Detailed paths

                            Introduced through: github.com/argoproj/argo-cd/v2@* › - github.com/hashicorp/go-cleanhttp@v0.5.2 + github.com/gosimple/slug@v1.14.0 @@ -1970,12 +1767,12 @@

                            Detailed paths

                            -

                            More about this vulnerability

                            +

                            More about this vulnerability

                            -

                            MPL-2.0 license

                            +

                            Generation of Error Message Containing Sensitive Information

                            @@ -1986,20 +1783,20 @@

                            MPL-2.0 license

                            • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                            • Package Manager: golang
                            • - Module: + Vulnerable module: - github.com/gosimple/slug + github.com/argoproj/gitops-engine/pkg/utils/kube
                            • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 + github.com/argoproj/argo-cd/v2@* and github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250129155113-4c6e03c46314
                            @@ -2014,7 +1811,7 @@

                            Detailed paths

                            Introduced through: github.com/argoproj/argo-cd/v2@* › - github.com/gosimple/slug@v1.13.1 + github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250129155113-4c6e03c46314 @@ -2025,17 +1822,26 @@

                            Detailed paths

                            -

                            MPL-2.0 license

                            +

                            Overview

                            +

                            Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.

                            +

                            Remediation

                            +

                            A fix was pushed into the master branch but not yet published.

                            +

                            References

                            +
                            -

                            More about this vulnerability

                            +

                            More about this vulnerability

                            -

                            Arbitrary Argument Injection

                            +

                            Generation of Error Message Containing Sensitive Information

                            @@ -2046,7 +1852,7 @@

                            Arbitrary Argument Injection

                            • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                            • Package Manager: golang @@ -2054,12 +1860,12 @@

                              Arbitrary Argument Injection

                            • Vulnerable module: - github.com/go-git/go-git/v5/plumbing/transport + github.com/argoproj/gitops-engine/pkg/diff
                            • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/go-git/go-git/v5/plumbing/transport@v5.12.0 + github.com/argoproj/argo-cd/v2@* and github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250129155113-4c6e03c46314
                            @@ -2074,7 +1880,7 @@

                            Detailed paths

                            Introduced through: github.com/argoproj/argo-cd/v2@* › - github.com/go-git/go-git/v5/plumbing/transport@v5.12.0 + github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250129155113-4c6e03c46314 @@ -2086,18 +1892,20 @@

                            Detailed paths

                            Overview

                            -

                            Affected versions of this package are vulnerable to Arbitrary Argument Injection via a malicious URL value, which allows an attacker to set flags on the git-upload-pack command, if the file: protocol is in use.

                            +

                            Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.

                            Remediation

                            -

                            Upgrade github.com/go-git/go-git/v5/plumbing/transport to version 5.13.0 or higher.

                            +

                            A fix was pushed into the master branch but not yet published.

                            References

                            -

                            More about this vulnerability

                            +

                            More about this vulnerability

                            @@ -2113,7 +1921,7 @@

                            Release of Invalid Pointer or Reference

                            • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argocd › Dockerfile
                            • Package Manager: ubuntu:24.04 @@ -2126,7 +1934,7 @@

                              Release of Invalid Pointer or Reference

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 and patch@2.7.6-7build3 + docker-image|quay.io/argoproj/argocd@v2.13.4 and patch@2.7.6-7build3
                            @@ -2139,7 +1947,7 @@

                            Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › patch@2.7.6-7build3 @@ -2183,7 +1991,7 @@

                              Double Free

                              • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argocd › Dockerfile
                              • Package Manager: ubuntu:24.04 @@ -2196,7 +2004,7 @@

                                Double Free

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 and patch@2.7.6-7build3 + docker-image|quay.io/argoproj/argocd@v2.13.4 and patch@2.7.6-7build3
                              @@ -2209,7 +2017,7 @@

                              Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › patch@2.7.6-7build3 @@ -2258,7 +2066,7 @@

                                CVE-2024-41996

                                • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argocd › Dockerfile
                                • Package Manager: ubuntu:24.04 @@ -2271,7 +2079,7 @@

                                  CVE-2024-41996

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 and openssl/libssl3t64@3.0.13-0ubuntu3.4 + docker-image|quay.io/argoproj/argocd@v2.13.4 and openssl/libssl3t64@3.0.13-0ubuntu3.4
                                @@ -2284,7 +2092,7 @@

                                Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › openssl/libssl3t64@3.0.13-0ubuntu3.4 @@ -2293,7 +2101,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › coreutils@9.4-3ubuntu6 › @@ -2304,7 +2112,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1 › @@ -2315,7 +2123,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › libfido2/libfido2-1@1.14.0-1build3 › @@ -2326,7 +2134,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › openssh/openssh-client@1:9.6p1-3ubuntu13.5 › @@ -2337,7 +2145,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › ca-certificates@20240203 › @@ -2350,9 +2158,9 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2365,9 +2173,9 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2382,9 +2190,9 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2399,7 +2207,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › openssl@3.0.13-0ubuntu3.4 @@ -2408,7 +2216,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › ca-certificates@20240203 › @@ -2456,7 +2264,7 @@

                                  Information Exposure

                                  • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argocd › Dockerfile
                                  • Package Manager: ubuntu:24.04 @@ -2469,7 +2277,7 @@

                                    Information Exposure

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 and libgcrypt20@1.10.3-2build1 + docker-image|quay.io/argoproj/argocd@v2.13.4 and libgcrypt20@1.10.3-2build1
                                  @@ -2482,7 +2290,7 @@

                                  Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › libgcrypt20@1.10.3-2build1 @@ -2491,7 +2299,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › gnupg2/dirmngr@2.4.4-2ubuntu17 › @@ -2502,7 +2310,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › gnupg2/gpg@2.4.4-2ubuntu17 › @@ -2513,7 +2321,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › gnupg2/gpg-agent@2.4.4-2ubuntu17 › @@ -2524,7 +2332,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › apt@2.7.14build2 › @@ -2537,7 +2345,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › apt@2.7.14build2 › @@ -2550,7 +2358,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › gnupg2/gpg@2.4.4-2ubuntu17 › @@ -2563,7 +2371,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › apt@2.7.14build2 › @@ -2573,7 +2381,7 @@

                                    Detailed paths

                                    › pam/libpam-modules@1.5.3-5ubuntu5.1 › - systemd/libsystemd0@255.4-1ubuntu8.4 + systemd/libsystemd0@255.4-1ubuntu8.5 › libgcrypt20@1.10.3-2build1 @@ -2620,7 +2428,7 @@

                                    CVE-2024-26458

                                    • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argocd › Dockerfile
                                    • Package Manager: ubuntu:24.04 @@ -2634,7 +2442,7 @@

                                      CVE-2024-26458

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.13.4, git@1:2.43.0-1ubuntu7.2 and others
                                    @@ -2646,9 +2454,9 @@

                                    Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2661,9 +2469,9 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2678,9 +2486,9 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2693,9 +2501,9 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2710,9 +2518,9 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2729,9 +2537,9 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2744,7 +2552,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › openssh/openssh-client@1:9.6p1-3ubuntu13.5 › @@ -2755,9 +2563,9 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2768,9 +2576,9 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2783,7 +2591,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -2828,7 +2636,7 @@

                                      CVE-2024-26461

                                      • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argocd › Dockerfile
                                      • Package Manager: ubuntu:24.04 @@ -2842,7 +2650,7 @@

                                        CVE-2024-26461

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.13.4, git@1:2.43.0-1ubuntu7.2 and others
                                      @@ -2854,9 +2662,9 @@

                                      Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2869,9 +2677,9 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2886,9 +2694,9 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2901,9 +2709,9 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2918,9 +2726,9 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2937,9 +2745,9 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2952,7 +2760,7 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › openssh/openssh-client@1:9.6p1-3ubuntu13.5 › @@ -2963,9 +2771,9 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2976,9 +2784,9 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2991,7 +2799,7 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -3036,7 +2844,7 @@

                                        Out-of-bounds Write

                                        • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argocd › Dockerfile
                                        • Package Manager: ubuntu:24.04 @@ -3049,7 +2857,7 @@

                                          Out-of-bounds Write

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 and gnupg2/gpgv@2.4.4-2ubuntu17 + docker-image|quay.io/argoproj/argocd@v2.13.4 and gnupg2/gpgv@2.4.4-2ubuntu17
                                        @@ -3062,7 +2870,7 @@

                                        Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › gnupg2/gpgv@2.4.4-2ubuntu17 @@ -3071,7 +2879,7 @@

                                          Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › apt@2.7.14build2 › @@ -3082,7 +2890,7 @@

                                          Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › gnupg2/dirmngr@2.4.4-2ubuntu17 › @@ -3093,7 +2901,7 @@

                                          Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › gnupg2/gpg-agent@2.4.4-2ubuntu17 › @@ -3104,7 +2912,7 @@

                                          Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › gnupg2/gpg@2.4.4-2ubuntu17 › @@ -3115,7 +2923,7 @@

                                          Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › gnupg2/dirmngr@2.4.4-2ubuntu17 @@ -3124,7 +2932,7 @@

                                          Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › gnupg2/gpg@2.4.4-2ubuntu17 @@ -3133,7 +2941,7 @@

                                          Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › gnupg2/gpg-agent@2.4.4-2ubuntu17 @@ -3182,7 +2990,7 @@

                                          Allocation of Resources Without Limits or Throttling

                                        • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argocd › Dockerfile
                                        • Package Manager: ubuntu:24.04 @@ -3195,7 +3003,7 @@

                                          Allocation of Resources Without Limits or Throttling

                                          Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 and glibc/libc-bin@2.39-0ubuntu8.3 + docker-image|quay.io/argoproj/argocd@v2.13.4 and glibc/libc-bin@2.39-0ubuntu8.3
                                        @@ -3208,7 +3016,7 @@

                                        Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › glibc/libc-bin@2.39-0ubuntu8.3 @@ -3217,7 +3025,7 @@

                                          Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › glibc/libc6@2.39-0ubuntu8.3 @@ -3263,7 +3071,7 @@

                                          Insufficient Documentation of Error Handling Techniques<
                                          • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                                          • Package Manager: golang @@ -3332,7 +3140,7 @@

                                            Insufficient Documentation of Error Handling Techniques<
                                            • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                                            • Package Manager: golang @@ -3401,7 +3209,7 @@

                                              Improper Input Validation

                                              • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argocd › Dockerfile
                                              • Package Manager: ubuntu:24.04 @@ -3415,7 +3223,7 @@

                                                Improper Input Validation

                                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.13.4, git@1:2.43.0-1ubuntu7.2 and others
                                              @@ -3427,31 +3235,31 @@

                                              Detailed paths

                                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › - git/git-man@1:2.43.0-1ubuntu7.1 + git/git-man@1:2.43.0-1ubuntu7.2
                                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2
                                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › git-lfs@3.4.1-1ubuntu0.2 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 @@ -3494,7 +3302,7 @@

                                                Improper Input Validation

                                                • - Manifest file: quay.io/argoproj/argocd:v2.12.9/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.4/argoproj/argocd › Dockerfile
                                                • Package Manager: ubuntu:24.04 @@ -3507,7 +3315,7 @@

                                                  Improper Input Validation

                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 and coreutils@9.4-3ubuntu6 + docker-image|quay.io/argoproj/argocd@v2.13.4 and coreutils@9.4-3ubuntu6
                                                @@ -3520,7 +3328,7 @@

                                                Detailed paths

                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.9 + docker-image|quay.io/argoproj/argocd@v2.13.4 › coreutils@9.4-3ubuntu6 diff --git a/docs/snyk/v2.12.9/redis_7.0.15-alpine.html b/docs/snyk/v2.13.4/redis_7.0.15-alpine.html similarity index 99% rename from docs/snyk/v2.12.9/redis_7.0.15-alpine.html rename to docs/snyk/v2.13.4/redis_7.0.15-alpine.html index 2f7d24c98f687..fc33911fa5724 100644 --- a/docs/snyk/v2.12.9/redis_7.0.15-alpine.html +++ b/docs/snyk/v2.13.4/redis_7.0.15-alpine.html @@ -456,7 +456,7 @@

                                                  Snyk test report

                                                  -

                                                  January 12th 2025, 12:29:03 am (UTC+00:00)

                                                  +

                                                  February 2nd 2025, 12:24:54 am (UTC+00:00)

                                                  Scanned the following paths: diff --git a/docs/snyk/v2.14.0-rc5/argocd-iac-install.html b/docs/snyk/v2.14.0-rc7/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.14.0-rc5/argocd-iac-install.html rename to docs/snyk/v2.14.0-rc7/argocd-iac-install.html index fce147d2fd2db..a3b06bbf15778 100644 --- a/docs/snyk/v2.14.0-rc5/argocd-iac-install.html +++ b/docs/snyk/v2.14.0-rc7/argocd-iac-install.html @@ -456,7 +456,7 @@

                                                  Snyk test report

                                                  -

                                                  January 12th 2025, 12:25:13 am (UTC+00:00)

                                                  +

                                                  February 2nd 2025, 12:23:50 am (UTC+00:00)

                                                  Scanned the following path: diff --git a/docs/snyk/v2.14.0-rc5/argocd-iac-namespace-install.html b/docs/snyk/v2.14.0-rc7/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.14.0-rc5/argocd-iac-namespace-install.html rename to docs/snyk/v2.14.0-rc7/argocd-iac-namespace-install.html index 4b8c027c6ab7b..71b191a4ecad8 100644 --- a/docs/snyk/v2.14.0-rc5/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.14.0-rc7/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

                                                  Snyk test report

                                                  -

                                                  January 12th 2025, 12:25:23 am (UTC+00:00)

                                                  +

                                                  February 2nd 2025, 12:24:01 am (UTC+00:00)

                                                  Scanned the following path: diff --git a/docs/snyk/v2.14.0-rc5/argocd-test.html b/docs/snyk/v2.14.0-rc7/argocd-test.html similarity index 85% rename from docs/snyk/v2.14.0-rc5/argocd-test.html rename to docs/snyk/v2.14.0-rc7/argocd-test.html index b94f4e0dd3d5d..73f28613d61aa 100644 --- a/docs/snyk/v2.14.0-rc5/argocd-test.html +++ b/docs/snyk/v2.14.0-rc7/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

                                                  Snyk test report

                                                  -

                                                  January 12th 2025, 12:22:46 am (UTC+00:00)

                                                  +

                                                  February 2nd 2025, 12:21:34 am (UTC+00:00)

                                                  Scanned the following paths: @@ -468,8 +468,8 @@

                                                  Snyk test report

                                                  -
                                                  10 known vulnerabilities
                                                  -
                                                  126 vulnerable dependency paths
                                                  +
                                                  9 known vulnerabilities
                                                  +
                                                  113 vulnerable dependency paths
                                                  2159 dependencies
                                                  @@ -478,397 +478,6 @@

                                                  Snyk test report

                                                  -
                                                  -

                                                  Denial of Service (DoS)

                                                  -
                                                  - -
                                                  - high severity -
                                                  - -
                                                  - -
                                                    -
                                                  • - Manifest file: /argo-cd/argoproj/argo-cd/v2 › go.mod -
                                                    • -
                                                  • - Package Manager: golang -
                                                    • -
                                                  • - Vulnerable module: - - golang.org/x/net/html -
                                                    • - -
                                                  • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/client-go/tools/portforward@0.31.0 and others -
                                                    • -
                                                  - -
                                                  - - -

                                                  Detailed paths

                                                  - -
                                                    -
                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/portforward@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.2 - › - golang.org/x/net/html@0.32.0 - - - -
                                                    • -
                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.2 - › - golang.org/x/net/html@0.32.0 - - - -
                                                    • -
                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.2 - › - golang.org/x/net/html@0.32.0 - - - -
                                                    • -
                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.2 - › - golang.org/x/net/html@0.32.0 - - - -
                                                    • -
                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/diff@#54992bf42431 - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.2 - › - golang.org/x/net/html@0.32.0 - - - -
                                                    • -
                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync@#54992bf42431 - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.2 - › - golang.org/x/net/html@0.32.0 - - - -
                                                    • -
                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#54992bf42431 - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.2 - › - golang.org/x/net/html@0.32.0 - - - -
                                                    • -
                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/cache@#54992bf42431 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#54992bf42431 - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.2 - › - golang.org/x/net/html@0.32.0 - - - -
                                                    • -
                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/health@#54992bf42431 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#54992bf42431 - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.2 - › - golang.org/x/net/html@0.32.0 - - - -
                                                    • -
                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#54992bf42431 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#54992bf42431 - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.2 - › - golang.org/x/net/html@0.32.0 - - - -
                                                    • -
                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/hook@#54992bf42431 - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#54992bf42431 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#54992bf42431 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#54992bf42431 - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.2 - › - golang.org/x/net/html@0.32.0 - - - -
                                                    • -
                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#54992bf42431 - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#54992bf42431 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#54992bf42431 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#54992bf42431 - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.2 - › - golang.org/x/net/html@0.32.0 - - - -
                                                    • -
                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - › - github.com/argoproj/gitops-engine/pkg/sync/ignore@#54992bf42431 - › - github.com/argoproj/gitops-engine/pkg/sync/hook@#54992bf42431 - › - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#54992bf42431 - › - github.com/argoproj/gitops-engine/pkg/sync/common@#54992bf42431 - › - github.com/argoproj/gitops-engine/pkg/utils/kube@#54992bf42431 - › - k8s.io/kubectl/pkg/cmd/util@0.31.0 - › - k8s.io/kubectl/pkg/util/templates@0.31.0 - › - k8s.io/kubectl/pkg/util/term@0.31.0 - › - k8s.io/client-go/tools/remotecommand@0.31.0 - › - k8s.io/client-go/transport/spdy@0.31.0 - › - k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 - › - k8s.io/apimachinery/pkg/util/proxy@0.31.2 - › - golang.org/x/net/html@0.32.0 - - - -
                                                    • -
                                                  - -
                                                  - -
                                                  - -

                                                  Overview

                                                  -

                                                  golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

                                                  -

                                                  Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions parseDoctype, htmlIntegrationPoint, inBodyIM and inTableIM due to inefficient usage of the method strings.ToLower combining with the == operator to convert strings to lowercase and then comparing them.

                                                  -

                                                  An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.

                                                  -

                                                  Details

                                                  -

                                                  Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

                                                  -

                                                  Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

                                                  -

                                                  One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

                                                  -

                                                  When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

                                                  -

                                                  Two common types of DoS vulnerabilities:

                                                  -
                                                    -

                                                  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

                                                    -
                                                    • -

                                                  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

                                                    -
                                                    • -
                                                  -

                                                  Remediation

                                                  -

                                                  Upgrade golang.org/x/net/html to version 0.33.0 or higher.

                                                  -

                                                  References

                                                  - - -
                                                  - -
                                                  -

                                                  More about this vulnerability

                                                  -
                                                  - -

                                                  Allocation of Resources Without Limits or Throttling

                                                  diff --git a/docs/snyk/v2.14.0-rc5/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v2.14.0-rc7/ghcr.io_dexidp_dex_v2.41.1.html similarity index 99% rename from docs/snyk/v2.14.0-rc5/ghcr.io_dexidp_dex_v2.41.1.html rename to docs/snyk/v2.14.0-rc7/ghcr.io_dexidp_dex_v2.41.1.html index 04817ec13d075..1faba4457f7a9 100644 --- a/docs/snyk/v2.14.0-rc5/ghcr.io_dexidp_dex_v2.41.1.html +++ b/docs/snyk/v2.14.0-rc7/ghcr.io_dexidp_dex_v2.41.1.html @@ -456,7 +456,7 @@

                                                  Snyk test report

                                                  -

                                                  January 12th 2025, 12:22:59 am (UTC+00:00)

                                                  +

                                                  February 2nd 2025, 12:21:41 am (UTC+00:00)

                                                  Scanned the following paths: diff --git a/docs/snyk/v2.13.3/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.14.0-rc7/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html similarity index 99% rename from docs/snyk/v2.13.3/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html rename to docs/snyk/v2.14.0-rc7/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html index 8e9f9ad8c2092..599039961a9f2 100644 --- a/docs/snyk/v2.13.3/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html +++ b/docs/snyk/v2.14.0-rc7/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html @@ -456,7 +456,7 @@

                                                  Snyk test report

                                                  -

                                                  January 12th 2025, 12:25:50 am (UTC+00:00)

                                                  +

                                                  February 2nd 2025, 12:21:46 am (UTC+00:00)

                                                  Scanned the following path: diff --git a/docs/snyk/v2.13.3/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.14.0-rc7/public.ecr.aws_docker_library_redis_7.0.15-alpine.html similarity index 99% rename from docs/snyk/v2.13.3/public.ecr.aws_docker_library_redis_7.0.15-alpine.html rename to docs/snyk/v2.14.0-rc7/public.ecr.aws_docker_library_redis_7.0.15-alpine.html index def15d361b7e9..4fde3efaef96a 100644 --- a/docs/snyk/v2.13.3/public.ecr.aws_docker_library_redis_7.0.15-alpine.html +++ b/docs/snyk/v2.14.0-rc7/public.ecr.aws_docker_library_redis_7.0.15-alpine.html @@ -456,7 +456,7 @@

                                                  Snyk test report

                                                  -

                                                  January 12th 2025, 12:25:54 am (UTC+00:00)

                                                  +

                                                  February 2nd 2025, 12:21:50 am (UTC+00:00)

                                                  Scanned the following paths: diff --git a/docs/snyk/v2.14.0-rc5/quay.io_argoproj_argocd_v2.14.0-rc5.html b/docs/snyk/v2.14.0-rc7/quay.io_argoproj_argocd_v2.14.0-rc7.html similarity index 92% rename from docs/snyk/v2.14.0-rc5/quay.io_argoproj_argocd_v2.14.0-rc5.html rename to docs/snyk/v2.14.0-rc7/quay.io_argoproj_argocd_v2.14.0-rc7.html index a6492dc57c7b1..fb8457e54add8 100644 --- a/docs/snyk/v2.14.0-rc5/quay.io_argoproj_argocd_v2.14.0-rc5.html +++ b/docs/snyk/v2.14.0-rc7/quay.io_argoproj_argocd_v2.14.0-rc7.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,22 +456,22 @@

                                                  Snyk test report

                                                  -

                                                  January 12th 2025, 12:23:35 am (UTC+00:00)

                                                  +

                                                  February 2nd 2025, 12:22:11 am (UTC+00:00)

                                                  Scanned the following paths:
                                                    -
                                                  • quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argocd/Dockerfile (deb)
                                                    • -
                                                  • quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
                                                    • -
                                                  • quay.io/argoproj/argocd:v2.14.0-rc5//usr/local/bin/kustomize (gomodules)
                                                    • -
                                                  • quay.io/argoproj/argocd:v2.14.0-rc5/helm/v3//usr/local/bin/helm (gomodules)
                                                    • -
                                                  • quay.io/argoproj/argocd:v2.14.0-rc5/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
                                                    • +
                                                  • quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argocd/Dockerfile (deb)
                                                    • +
                                                  • quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
                                                    • +
                                                  • quay.io/argoproj/argocd:v2.14.0-rc7//usr/local/bin/kustomize (gomodules)
                                                    • +
                                                  • quay.io/argoproj/argocd:v2.14.0-rc7/helm/v3//usr/local/bin/helm (gomodules)
                                                    • +
                                                  • quay.io/argoproj/argocd:v2.14.0-rc7/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
                                                  -
                                                  24 known vulnerabilities
                                                  -
                                                  108 vulnerable dependency paths
                                                  +
                                                  26 known vulnerabilities
                                                  +
                                                  109 vulnerable dependency paths
                                                  2381 dependencies
                                                  @@ -492,7 +492,7 @@

                                                  Denial of Service (DoS)

                                                  • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/helm/v3 › /usr/local/bin/helm
                                                  • Package Manager: golang @@ -505,7 +505,7 @@

                                                    Denial of Service (DoS)

                                                  • Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/html@v0.32.0 + helm.sh/helm/v3@* and golang.org/x/net/html@v0.26.0
                                                  @@ -516,15 +516,6 @@

                                                  Denial of Service (DoS)

                                                  Detailed paths

                                                    -
                                                  • - Introduced through: - github.com/argoproj/argo-cd/v2@* - › - golang.org/x/net/html@v0.32.0 - - - -
                                                  • Introduced through: helm.sh/helm/v3@* @@ -584,7 +575,7 @@

                                                    Allocation of Resources Without Limits or Throttling

                                                  • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                                                  • Package Manager: golang @@ -654,7 +645,7 @@

                                                    CVE-2024-56433

                                                    • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argocd › Dockerfile
                                                    • Package Manager: ubuntu:24.04 @@ -667,7 +658,7 @@

                                                      CVE-2024-56433

                                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                                    @@ -680,7 +671,7 @@

                                                    Detailed paths

                                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 @@ -689,7 +680,7 @@

                                                      Detailed paths

                                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › openssh/openssh-client@1:9.6p1-3ubuntu13.5 › @@ -700,7 +691,7 @@

                                                      Detailed paths

                                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › apt@2.7.14build2 › @@ -713,7 +704,7 @@

                                                      Detailed paths

                                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 @@ -759,7 +750,7 @@

                                                      Insecure Storage of Sensitive Information

                                                      • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argocd › Dockerfile
                                                      • Package Manager: ubuntu:24.04 @@ -772,7 +763,7 @@

                                                        Insecure Storage of Sensitive Information

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 and pam/libpam0g@1.5.3-5ubuntu5.1 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 and pam/libpam0g@1.5.3-5ubuntu5.1
                                                      @@ -785,7 +776,7 @@

                                                      Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › pam/libpam0g@1.5.3-5ubuntu5.1 @@ -794,7 +785,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -805,9 +796,9 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - util-linux@2.39.3-9ubuntu6.1 + util-linux@2.39.3-9ubuntu6.2 › pam/libpam0g@1.5.3-5ubuntu5.1 @@ -816,7 +807,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › apt@2.7.14build2 › @@ -831,7 +822,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › apt@2.7.14build2 › @@ -848,7 +839,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › apt@2.7.14build2 › @@ -867,7 +858,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › pam/libpam-modules-bin@1.5.3-5ubuntu5.1 @@ -876,7 +867,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › apt@2.7.14build2 › @@ -893,7 +884,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › pam/libpam-modules@1.5.3-5ubuntu5.1 @@ -902,7 +893,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › pam/libpam-runtime@1.5.3-5ubuntu5.1 › @@ -913,7 +904,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -924,7 +915,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › apt@2.7.14build2 › @@ -939,7 +930,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › pam/libpam-runtime@1.5.3-5ubuntu5.1 @@ -948,7 +939,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -998,7 +989,7 @@

                                                        Improper Authentication

                                                        • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argocd › Dockerfile
                                                        • Package Manager: ubuntu:24.04 @@ -1011,7 +1002,7 @@

                                                          Improper Authentication

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 and pam/libpam0g@1.5.3-5ubuntu5.1 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 and pam/libpam0g@1.5.3-5ubuntu5.1
                                                        @@ -1024,7 +1015,7 @@

                                                        Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › pam/libpam0g@1.5.3-5ubuntu5.1 @@ -1033,7 +1024,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -1044,9 +1035,9 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - util-linux@2.39.3-9ubuntu6.1 + util-linux@2.39.3-9ubuntu6.2 › pam/libpam0g@1.5.3-5ubuntu5.1 @@ -1055,7 +1046,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › apt@2.7.14build2 › @@ -1070,7 +1061,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › apt@2.7.14build2 › @@ -1087,7 +1078,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › apt@2.7.14build2 › @@ -1106,7 +1097,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › pam/libpam-modules-bin@1.5.3-5ubuntu5.1 @@ -1115,7 +1106,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › apt@2.7.14build2 › @@ -1132,7 +1123,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › pam/libpam-modules@1.5.3-5ubuntu5.1 @@ -1141,7 +1132,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › pam/libpam-runtime@1.5.3-5ubuntu5.1 › @@ -1152,7 +1143,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -1163,7 +1154,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › apt@2.7.14build2 › @@ -1178,7 +1169,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › pam/libpam-runtime@1.5.3-5ubuntu5.1 @@ -1187,7 +1178,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › shadow/login@1:4.13+dfsg1-4ubuntu3.2 › @@ -1234,7 +1225,7 @@

                                                          CVE-2024-26462

                                                          • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argocd › Dockerfile
                                                          • Package Manager: ubuntu:24.04 @@ -1248,7 +1239,7 @@

                                                            CVE-2024-26462

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7, git@1:2.43.0-1ubuntu7.2 and others
                                                          @@ -1260,9 +1251,9 @@

                                                          Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1275,9 +1266,9 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1292,9 +1283,9 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1307,9 +1298,9 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1324,9 +1315,9 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1343,9 +1334,9 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1358,7 +1349,7 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › openssh/openssh-client@1:9.6p1-3ubuntu13.5 › @@ -1369,9 +1360,9 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1382,9 +1373,9 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -1397,7 +1388,7 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -1442,7 +1433,7 @@

                                                            LGPL-3.0 license

                                                            • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                                                            • Package Manager: golang @@ -1502,7 +1493,7 @@

                                                              MPL-2.0 license

                                                              • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                                                              • Package Manager: golang @@ -1562,7 +1553,7 @@

                                                                MPL-2.0 license

                                                                • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                                                                • Package Manager: golang @@ -1622,7 +1613,7 @@

                                                                  MPL-2.0 license

                                                                  • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                                                                  • Package Manager: golang @@ -1682,7 +1673,7 @@

                                                                    MPL-2.0 license

                                                                    • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/helm/v3 › /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/helm/v3 › /usr/local/bin/helm
                                                                    • Package Manager: golang @@ -1742,7 +1733,7 @@

                                                                      MPL-2.0 license

                                                                      • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                                                                      • Package Manager: golang @@ -1802,7 +1793,7 @@

                                                                        MPL-2.0 license

                                                                        • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                                                                        • Package Manager: golang @@ -1862,7 +1853,7 @@

                                                                          Arbitrary Argument Injection

                                                                          • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argo-cd/v2 › /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argo-cd/v2 › /usr/local/bin/argocd
                                                                          • Package Manager: golang @@ -1916,6 +1907,144 @@

                                                                            References

                                                                            More about this vulnerability

                                                  +
                                                  +
                                                  +

                                                  Generation of Error Message Containing Sensitive Information

                                                  +
                                                  + +
                                                  + medium severity +
                                                  + +
                                                  + +
                                                    +
                                                  • + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argo-cd/v2 › /usr/local/bin/argocd +
                                                    • +
                                                  • + Package Manager: golang +
                                                    • +
                                                  • + Vulnerable module: + + github.com/argoproj/gitops-engine/pkg/utils/kube +
                                                    • + +
                                                  • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250129155113-c19f8cfa4d27 + +
                                                    • +
                                                  + +
                                                  + + +

                                                  Detailed paths

                                                  + +
                                                    +
                                                  • + Introduced through: + github.com/argoproj/argo-cd/v2@* + › + github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250129155113-c19f8cfa4d27 + + + +
                                                    • +
                                                  + +
                                                  + +
                                                  + +

                                                  Overview

                                                  +

                                                  Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.

                                                  +

                                                  Remediation

                                                  +

                                                  A fix was pushed into the master branch but not yet published.

                                                  +

                                                  References

                                                  + + +
                                                  + +
                                                  +

                                                  More about this vulnerability

                                                  +
                                                  + +
                                                  +
                                                  +

                                                  Generation of Error Message Containing Sensitive Information

                                                  +
                                                  + +
                                                  + medium severity +
                                                  + +
                                                  + +
                                                    +
                                                  • + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argo-cd/v2 › /usr/local/bin/argocd +
                                                    • +
                                                  • + Package Manager: golang +
                                                    • +
                                                  • + Vulnerable module: + + github.com/argoproj/gitops-engine/pkg/diff +
                                                    • + +
                                                  • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250129155113-c19f8cfa4d27 + +
                                                    • +
                                                  + +
                                                  + + +

                                                  Detailed paths

                                                  + +
                                                    +
                                                  • + Introduced through: + github.com/argoproj/argo-cd/v2@* + › + github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250129155113-c19f8cfa4d27 + + + +
                                                    • +
                                                  + +
                                                  + +
                                                  + +

                                                  Overview

                                                  +

                                                  Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.

                                                  +

                                                  Remediation

                                                  +

                                                  A fix was pushed into the master branch but not yet published.

                                                  +

                                                  References

                                                  + + +
                                                  + +
                                                  +

                                                  More about this vulnerability

                                                  +
                                                  +

                                                  Release of Invalid Pointer or Reference

                                                  @@ -1929,7 +2058,7 @@

                                                  Release of Invalid Pointer or Reference

                                                  • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argocd › Dockerfile
                                                  • Package Manager: ubuntu:24.04 @@ -1942,7 +2071,7 @@

                                                    Release of Invalid Pointer or Reference

                                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 and patch@2.7.6-7build3 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 and patch@2.7.6-7build3
                                                  @@ -1955,7 +2084,7 @@

                                                  Detailed paths

                                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › patch@2.7.6-7build3 @@ -1999,7 +2128,7 @@

                                                    Double Free

                                                    • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argocd › Dockerfile
                                                    • Package Manager: ubuntu:24.04 @@ -2012,7 +2141,7 @@

                                                      Double Free

                                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 and patch@2.7.6-7build3 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 and patch@2.7.6-7build3
                                                    @@ -2025,7 +2154,7 @@

                                                    Detailed paths

                                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › patch@2.7.6-7build3 @@ -2074,7 +2203,7 @@

                                                      CVE-2024-41996

                                                      • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argocd › Dockerfile
                                                      • Package Manager: ubuntu:24.04 @@ -2087,7 +2216,7 @@

                                                        CVE-2024-41996

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 and openssl/libssl3t64@3.0.13-0ubuntu3.4 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 and openssl/libssl3t64@3.0.13-0ubuntu3.4
                                                      @@ -2100,7 +2229,7 @@

                                                      Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › openssl/libssl3t64@3.0.13-0ubuntu3.4 @@ -2109,7 +2238,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › coreutils@9.4-3ubuntu6 › @@ -2120,7 +2249,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1 › @@ -2131,7 +2260,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › libfido2/libfido2-1@1.14.0-1build3 › @@ -2142,7 +2271,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › openssh/openssh-client@1:9.6p1-3ubuntu13.5 › @@ -2153,7 +2282,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › ca-certificates@20240203 › @@ -2166,9 +2295,9 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2181,9 +2310,9 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2198,9 +2327,9 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2215,7 +2344,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › openssl@3.0.13-0ubuntu3.4 @@ -2224,7 +2353,7 @@

                                                        Detailed paths

                                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › ca-certificates@20240203 › @@ -2272,7 +2401,7 @@

                                                        Information Exposure

                                                        • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argocd › Dockerfile
                                                        • Package Manager: ubuntu:24.04 @@ -2285,7 +2414,7 @@

                                                          Information Exposure

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 and libgcrypt20@1.10.3-2build1 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 and libgcrypt20@1.10.3-2build1
                                                        @@ -2298,7 +2427,7 @@

                                                        Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › libgcrypt20@1.10.3-2build1 @@ -2307,7 +2436,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › gnupg2/dirmngr@2.4.4-2ubuntu17 › @@ -2318,7 +2447,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › gnupg2/gpg@2.4.4-2ubuntu17 › @@ -2329,7 +2458,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › gnupg2/gpg-agent@2.4.4-2ubuntu17 › @@ -2340,7 +2469,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › apt@2.7.14build2 › @@ -2353,7 +2482,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › apt@2.7.14build2 › @@ -2366,7 +2495,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › gnupg2/gpg@2.4.4-2ubuntu17 › @@ -2379,7 +2508,7 @@

                                                          Detailed paths

                                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › apt@2.7.14build2 › @@ -2389,7 +2518,7 @@

                                                          Detailed paths

                                                          › pam/libpam-modules@1.5.3-5ubuntu5.1 › - systemd/libsystemd0@255.4-1ubuntu8.4 + systemd/libsystemd0@255.4-1ubuntu8.5 › libgcrypt20@1.10.3-2build1 @@ -2436,7 +2565,7 @@

                                                          CVE-2024-26458

                                                          • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argocd › Dockerfile
                                                          • Package Manager: ubuntu:24.04 @@ -2450,7 +2579,7 @@

                                                            CVE-2024-26458

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7, git@1:2.43.0-1ubuntu7.2 and others
                                                          @@ -2462,9 +2591,9 @@

                                                          Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2477,9 +2606,9 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2494,9 +2623,9 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2509,9 +2638,9 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2526,9 +2655,9 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2545,9 +2674,9 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2560,7 +2689,7 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › openssh/openssh-client@1:9.6p1-3ubuntu13.5 › @@ -2571,9 +2700,9 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2584,9 +2713,9 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2599,7 +2728,7 @@

                                                            Detailed paths

                                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -2644,7 +2773,7 @@

                                                            CVE-2024-26461

                                                            • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argocd › Dockerfile
                                                            • Package Manager: ubuntu:24.04 @@ -2658,7 +2787,7 @@

                                                              CVE-2024-26461

                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7, git@1:2.43.0-1ubuntu7.2 and others
                                                            @@ -2670,9 +2799,9 @@

                                                            Detailed paths

                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2685,9 +2814,9 @@

                                                              Detailed paths

                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2702,9 +2831,9 @@

                                                              Detailed paths

                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2717,9 +2846,9 @@

                                                              Detailed paths

                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2734,9 +2863,9 @@

                                                              Detailed paths

                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2753,9 +2882,9 @@

                                                              Detailed paths

                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2768,7 +2897,7 @@

                                                              Detailed paths

                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › openssh/openssh-client@1:9.6p1-3ubuntu13.5 › @@ -2779,9 +2908,9 @@

                                                              Detailed paths

                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2792,9 +2921,9 @@

                                                              Detailed paths

                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 › @@ -2807,7 +2936,7 @@

                                                              Detailed paths

                                                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -2852,7 +2981,7 @@

                                                              Out-of-bounds Write

                                                              • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argocd › Dockerfile
                                                              • Package Manager: ubuntu:24.04 @@ -2865,7 +2994,7 @@

                                                                Out-of-bounds Write

                                                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 and gnupg2/gpgv@2.4.4-2ubuntu17 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 and gnupg2/gpgv@2.4.4-2ubuntu17
                                                              @@ -2878,7 +3007,7 @@

                                                              Detailed paths

                                                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › gnupg2/gpgv@2.4.4-2ubuntu17 @@ -2887,7 +3016,7 @@

                                                                Detailed paths

                                                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › apt@2.7.14build2 › @@ -2898,7 +3027,7 @@

                                                                Detailed paths

                                                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › gnupg2/dirmngr@2.4.4-2ubuntu17 › @@ -2909,7 +3038,7 @@

                                                                Detailed paths

                                                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › gnupg2/gpg-agent@2.4.4-2ubuntu17 › @@ -2920,7 +3049,7 @@

                                                                Detailed paths

                                                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › gnupg2/gpg@2.4.4-2ubuntu17 › @@ -2931,7 +3060,7 @@

                                                                Detailed paths

                                                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › gnupg2/dirmngr@2.4.4-2ubuntu17 @@ -2940,7 +3069,7 @@

                                                                Detailed paths

                                                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › gnupg2/gpg@2.4.4-2ubuntu17 @@ -2949,7 +3078,7 @@

                                                                Detailed paths

                                                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › gnupg2/gpg-agent@2.4.4-2ubuntu17 @@ -2998,7 +3127,7 @@

                                                                Allocation of Resources Without Limits or Throttling

                                                              • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argocd › Dockerfile
                                                              • Package Manager: ubuntu:24.04 @@ -3011,7 +3140,7 @@

                                                                Allocation of Resources Without Limits or Throttling

                                                                Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 and glibc/libc-bin@2.39-0ubuntu8.3 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 and glibc/libc-bin@2.39-0ubuntu8.3
                                                              @@ -3024,7 +3153,7 @@

                                                              Detailed paths

                                                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › glibc/libc-bin@2.39-0ubuntu8.3 @@ -3033,7 +3162,7 @@

                                                                Detailed paths

                                                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › glibc/libc6@2.39-0ubuntu8.3 @@ -3079,7 +3208,7 @@

                                                                Improper Input Validation

                                                                • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argocd › Dockerfile
                                                                • Package Manager: ubuntu:24.04 @@ -3093,7 +3222,7 @@

                                                                  Improper Input Validation

                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7, git@1:2.43.0-1ubuntu7.2 and others
                                                                @@ -3105,31 +3234,31 @@

                                                                Detailed paths

                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 › - git/git-man@1:2.43.0-1ubuntu7.1 + git/git-man@1:2.43.0-1ubuntu7.2
                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2
                                                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › git-lfs@3.4.1-1ubuntu0.2 › - git@1:2.43.0-1ubuntu7.1 + git@1:2.43.0-1ubuntu7.2 @@ -3172,7 +3301,7 @@

                                                                  Improper Input Validation

                                                                  • - Manifest file: quay.io/argoproj/argocd:v2.14.0-rc5/argoproj/argocd › Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc7/argoproj/argocd › Dockerfile
                                                                  • Package Manager: ubuntu:24.04 @@ -3185,7 +3314,7 @@

                                                                    Improper Input Validation

                                                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 and coreutils@9.4-3ubuntu6 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 and coreutils@9.4-3ubuntu6
                                                                  @@ -3198,7 +3327,7 @@

                                                                  Detailed paths

                                                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.14.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc7 › coreutils@9.4-3ubuntu6 diff --git a/docs/snyk/v2.14.0-rc5/redis_7.0.15-alpine.html b/docs/snyk/v2.14.0-rc7/redis_7.0.15-alpine.html similarity index 99% rename from docs/snyk/v2.14.0-rc5/redis_7.0.15-alpine.html rename to docs/snyk/v2.14.0-rc7/redis_7.0.15-alpine.html index d59ed2c450238..8ea4810ca7924 100644 --- a/docs/snyk/v2.14.0-rc5/redis_7.0.15-alpine.html +++ b/docs/snyk/v2.14.0-rc7/redis_7.0.15-alpine.html @@ -456,7 +456,7 @@

                                                                    Snyk test report

                                                                    -

                                                                    January 12th 2025, 12:23:40 am (UTC+00:00)

                                                                    +

                                                                    February 2nd 2025, 12:22:17 am (UTC+00:00)

                                                                    Scanned the following paths: diff --git a/docs/user-guide/auto_sync.md b/docs/user-guide/auto_sync.md index 66e20c9fc0bea..61d72551e0531 100644 --- a/docs/user-guide/auto_sync.md +++ b/docs/user-guide/auto_sync.md @@ -19,6 +19,12 @@ spec: automated: {} ``` +## Temporarily toggling auto-sync for applications managed by ApplicationSets + +For a standalone application, toggling auto-sync is performed by changing the application's `spec.syncPolicy.automated` field. For an ApplicationSet managed application, changing the application's `spec.syncPolicy.automated` field will, however, have no effect. +Read more details about how to perform the toggling for applications managed by ApplicationSets [here](../operator-manual/applicationset/Controlling-Resource-Modification.md). + + ## Automatic Pruning By default (and as a safety mechanism), automated sync will not delete resources when Argo CD detects diff --git a/docs/user-guide/build-environment.md b/docs/user-guide/build-environment.md index 52fc8b1d03a5a..7bd7b4ca461f6 100644 --- a/docs/user-guide/build-environment.md +++ b/docs/user-guide/build-environment.md @@ -6,6 +6,7 @@ |-------------------------------------|-------------------------------------------------------------------------| | `ARGOCD_APP_NAME` | The name of the application. | | `ARGOCD_APP_NAMESPACE` | The destination namespace of the application. | +| `ARGOCD_APP_PROJECT_NAME` | The name of the project the application belongs to. | | `ARGOCD_APP_REVISION` | The resolved revision, e.g. `f913b6cbf58aa5ae5ca1f8a2b149477aebcbd9d8`. | | `ARGOCD_APP_REVISION_SHORT` | The resolved short revision, e.g. `f913b6c`. | | `ARGOCD_APP_REVISION_SHORT_8` | The resolved short revision with length 8, e.g. `f913b6cb`. | diff --git a/docs/user-guide/commands/argocd_admin_repo_generate-spec.md b/docs/user-guide/commands/argocd_admin_repo_generate-spec.md index 5f1895d6055a8..8ffeedca3d708 100644 --- a/docs/user-guide/commands/argocd_admin_repo_generate-spec.md +++ b/docs/user-guide/commands/argocd_admin_repo_generate-spec.md @@ -59,6 +59,7 @@ argocd admin repo generate-spec REPOURL [flags] --tls-client-cert-key-path string path to the TLS client cert's key path (must be PEM format) --tls-client-cert-path string path to the TLS client cert (must be PEM format) --type string type of the repository, "git" or "helm" (default "git") + --use-azure-workload-identity whether to use azure workload identity for authentication --username string username to the repository ``` diff --git a/docs/user-guide/commands/argocd_proj_windows_add.md b/docs/user-guide/commands/argocd_proj_windows_add.md index c079fa1f69efa..6a237fd306fe2 100644 --- a/docs/user-guide/commands/argocd_proj_windows_add.md +++ b/docs/user-guide/commands/argocd_proj_windows_add.md @@ -43,6 +43,7 @@ argocd proj windows add PROJECT \ --namespaces strings Namespaces that the schedule will be applied to. Comma separated, wildcards supported (e.g. --namespaces default,\*-prod) --schedule string Sync window schedule in cron format. (e.g. --schedule "0 22 * * *") --time-zone string Time zone of the sync window (default "UTC") + --use-and-operator Use AND operator for matching applications, namespaces and clusters instead of the default OR operator ``` ### Options inherited from parent commands diff --git a/docs/user-guide/commands/argocd_repo_add.md b/docs/user-guide/commands/argocd_repo_add.md index 51fbddbb2a5f7..ecaab607b1caf 100644 --- a/docs/user-guide/commands/argocd_repo_add.md +++ b/docs/user-guide/commands/argocd_repo_add.md @@ -73,6 +73,7 @@ argocd repo add REPOURL [flags] --tls-client-cert-path string path to the TLS client cert (must be PEM format) --type string type of the repository, "git" or "helm" (default "git") --upsert Override an existing repository with the same name even if the spec differs + --use-azure-workload-identity whether to use azure workload identity for authentication --username string username to the repository ``` diff --git a/docs/user-guide/commands/argocd_repocreds_add.md b/docs/user-guide/commands/argocd_repocreds_add.md index d0632c703c82b..e894ff8c49418 100644 --- a/docs/user-guide/commands/argocd_repocreds_add.md +++ b/docs/user-guide/commands/argocd_repocreds_add.md @@ -49,6 +49,7 @@ argocd repocreds add REPOURL [flags] --tls-client-cert-path string path to the TLS client cert (must be PEM format) --type string type of the repository, "git" or "helm" (default "git") --upsert Override an existing repository with the same name even if the spec differs + --use-azure-workload-identity whether to use azure workload identity for authentication --username string username to the repository ``` diff --git a/docs/user-guide/private-repositories.md b/docs/user-guide/private-repositories.md index 074e5caad9e96..e54f53d3dc61b 100644 --- a/docs/user-guide/private-repositories.md +++ b/docs/user-guide/private-repositories.md @@ -161,6 +161,75 @@ Using the UI: 3. Click `Connect` to test the connection and have the repository added + +### Azure Container Registry/Azure Repos using Azure Workload Identity + +Before using this feature, you must perform the following steps to enable workload identity configuration in Argo CD: + +- **Label the Pods:** Add the `azure.workload.identity/use: "true"` label to the repo-server pods. +- **Create Federated Identity Credential:** Generate an Azure federated identity credential for the repo-server service account. Refer to the [Federated Identity Credential](https://azure.github.io/azure-workload-identity/docs/topics/federated-identity-credential.html) documentation for detailed instructions. +- **Add Annotation to Service Account:** Add `azure.workload.identity/client-id: "$CLIENT_ID"` annotation to the repo-server service account, using the `CLIENT_ID` from the workload identity. +- Setup the permissions for Azure Container Registry/Azure Repos for the workload identity. + +Using CLI for Helm OCI with Azure workload identity: + +``` +argocd repo add contoso.azurecr.io/charts --type helm --enable-oci --use-azure-workload-identity +``` + +Using CLI for Azure Repos with Azure workload identity: + +``` +argocd repo add https://contoso@dev.azure.com/my-projectcollection/my-project/_git/my-repo --use-azure-workload-identity +``` + +Using the UI: + +- Navigate to `Settings/Repositories` + + ![connect repo overview](../assets/repo-add-overview.png) +- Click on `+ Connect Repo` +- On the connection page: + - Choose Connection Method as `VIA HTTPS` + - Select the type as `git` or `helm` + - Enter the Repository URL + - Enter name, if the repo type is helm + - Select `Enable OCI`, if repo type is helm + - Select `Use Azure Workload Identity` + + ![connect repo](../assets/repo-add-azure-workload-identity.png) +- Click `Connect` + +Using secret definition: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: helm-private-repo + namespace: argocd + labels: + argocd.argoproj.io/secret-type: repository +stringData: + type: helm + url: contoso.azurecr.io/charts + name: contosocharts + enableOCI: "true" + useAzureWorkloadIdentity: "true" +--- +apiVersion: v1 +kind: Secret +metadata: + name: git-private-repo + namespace: argocd + labels: + argocd.argoproj.io/secret-type: repository +stringData: + type: git + url: https://contoso@dev.azure.com/my-projectcollection/my-project/_git/my-repo + useAzureWorkloadIdentity: "true" +``` + ## Credential templates You can also set up credentials to serve as templates for connecting repositories, without having to repeat credential configuration. For example, if you setup credential templates for the URL prefix `https://github.com/argoproj`, these credentials will be used for all repositories with this URL as prefix (e.g. `https://github.com/argoproj/argocd-example-apps`) that do not have their own credentials configured. diff --git a/docs/user-guide/source-hydrator.md b/docs/user-guide/source-hydrator.md index d5685f21d0e44..c69d0bac5c79f 100644 --- a/docs/user-guide/source-hydrator.md +++ b/docs/user-guide/source-hydrator.md @@ -149,6 +149,12 @@ branch to the `syncSource` branch. ## Limitations +### Signature Verification + +The source hydrator **does not currently support signature verification of the DRY sources it hydrates/commits**. It +also does not sign the commits it pushes to git, so if signature verification is enabled, the commits will fail +verification when Argo CD attempts to sync the hydrated manifests. + ### Project-Scoped Push Secrets If all the Applications for a given destination repo/branch are under the same project, then the hydrator will use any diff --git a/docs/user-guide/status-badge.md b/docs/user-guide/status-badge.md index a933a751d2550..cfc4f9eda6d77 100644 --- a/docs/user-guide/status-badge.md +++ b/docs/user-guide/status-badge.md @@ -6,17 +6,22 @@ The feature can be enabled using `statusbadge.enabled` key of `argocd-cm` Config ![healthy and synced](../assets/status-badge-healthy-synced.png) To show this badge, use the following URL format `${argoCdBaseUrl}/api/badge?name=${appName}`, e.g. http://localhost:8080/api/badge?name=guestbook. + +To override the `${argoCdBaseUrl}` value, you can use the `statusbadge.url` key of `argocd-cm` ConfigMap. + The URLs for status image are available on application details page: 1. Navigate to application details page and click on 'Details' button. 2. Scroll down to 'Status Badge' section. 3. Select required template such as URL, Markdown etc. -for the status image URL in markdown, html, etc are available . + for the status image URL in markdown, html, etc are available . 4. Copy the text and paste it into your README or website. ## Additional query parameters options + ### showAppName -Display the application name in the status badge. + +Display the application name in the status badge. Available values: `true/false` @@ -25,6 +30,7 @@ Default value: `false` Example: `&showAppName=true` ### revision + Display revision targeted by the application. It will also extend the badge width to 192px. @@ -34,8 +40,10 @@ Available values: `true/false` Default value: `false` Example: `&revision=true` + ### keepFullRevision -By default, displayed revision is truncated to 7 characters. + +By default, displayed revision is truncated to 7 characters. This parameter allows to display it fully if it exceeds that length. @@ -46,7 +54,9 @@ Available values: `true/false` Default value: `false` Example: `&keepFullRevision=true` + ### width + Change width of the badge. Completely replace current calculated width. @@ -55,4 +65,4 @@ Available values: `integer` Default value: `nil` -Example: `&width=500` \ No newline at end of file +Example: `&width=500` diff --git a/docs/user-guide/sync_windows.md b/docs/user-guide/sync_windows.md index a786d158ffd23..e39ad150f405f 100644 --- a/docs/user-guide/sync_windows.md +++ b/docs/user-guide/sync_windows.md @@ -2,7 +2,9 @@ Sync windows are configurable windows of time where syncs will either be blocked or allowed. These are defined by a kind, which can be either `allow` or `deny`, a `schedule` in cron format and a duration along with one or -more of either `applications`, `namespaces` and `clusters`. Wildcards are supported. +more of either `applications`, `namespaces` and `clusters`. If more than one option is specified, by default, the enabled options will +be OR-ed. If you want to AND the options, you can tick the `Use AND operator` option. +Wildcards are supported. ## Relationship between Sync Windows and Applications @@ -26,9 +28,9 @@ then the Application is affected by the Sync Window. ## Effect of Sync Windows -These windows affect the running -of both manual and automated syncs but allow an override for manual syncs which is useful if you are only interested -in preventing automated syncs or if you need to temporarily override a window to perform a sync. +These windows affect the running of both manual and automated syncs but allow an override +for manual syncs which is useful if you are only interested in preventing automated syncs or if you need to temporarily +override a window to perform a sync. The windows work in the following way. If there are no windows matching an application then all syncs are allowed. If there are any `allow` windows matching an application then syncs will only be allowed when there is an active `allow` window. If there diff --git a/go.mod b/go.mod index 9d7cff28a34f2..874012cd760c4 100644 --- a/go.mod +++ b/go.mod @@ -5,17 +5,19 @@ go 1.22.0 require ( code.gitea.io/sdk/gitea v0.20.0 dario.cat/mergo v1.0.1 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1 github.com/Azure/kubelogin v0.1.6 github.com/Masterminds/semver/v3 v3.3.1 github.com/Masterminds/sprig/v3 v3.3.0 github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d github.com/alicebob/miniredis/v2 v2.34.0 github.com/antonmedv/expr v1.15.1 - github.com/argoproj/gitops-engine v0.7.1-0.20241216155226-54992bf42431 + github.com/argoproj/gitops-engine v0.7.1-0.20250129155113-7e21b91e9d0f github.com/argoproj/notifications-engine v0.4.1-0.20241007194503-2fef5c9049fd github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 - github.com/aws/aws-sdk-go v1.55.5 - github.com/bmatcuk/doublestar/v4 v4.7.1 + github.com/aws/aws-sdk-go v1.55.6 + github.com/bmatcuk/doublestar/v4 v4.8.1 github.com/bombsimon/logrusr/v4 v4.1.0 github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 github.com/casbin/casbin/v2 v2.103.0 @@ -23,14 +25,14 @@ require ( github.com/cespare/xxhash/v2 v2.3.0 github.com/chainguard-dev/git-urls v1.0.2 github.com/coreos/go-oidc/v3 v3.12.0 - github.com/cyphar/filepath-securejoin v0.3.6 + github.com/cyphar/filepath-securejoin v0.4.1 github.com/dustin/go-humanize v1.0.1 - github.com/evanphx/json-patch v5.9.0+incompatible + github.com/evanphx/json-patch v5.9.11+incompatible github.com/expr-lang/expr v1.16.9 github.com/felixge/httpsnoop v1.0.4 github.com/fsnotify/fsnotify v1.8.0 github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e - github.com/go-git/go-git/v5 v5.13.1 + github.com/go-git/go-git/v5 v5.13.2 github.com/go-jose/go-jose/v3 v3.0.3 github.com/go-logr/logr v1.4.2 github.com/go-openapi/loads v0.22.0 @@ -74,7 +76,7 @@ require ( github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c github.com/soheilhy/cmux v0.1.5 github.com/spf13/cobra v1.8.1 - github.com/spf13/pflag v1.0.5 + github.com/spf13/pflag v1.0.6 github.com/stretchr/testify v1.10.0 github.com/valyala/fasttemplate v1.2.2 github.com/yuin/gopher-lua v1.1.1 @@ -90,9 +92,9 @@ require ( golang.org/x/sync v0.10.0 golang.org/x/term v0.28.0 golang.org/x/time v0.9.0 - google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 - google.golang.org/grpc v1.69.2 - google.golang.org/protobuf v1.36.2 + google.golang.org/genproto/googleapis/api v0.0.0-20241202173237-19429a94021a + google.golang.org/grpc v1.70.0 + google.golang.org/protobuf v1.36.4 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.31.0 @@ -114,10 +116,8 @@ require ( require ( github.com/42wim/httpsig v1.2.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 // indirect github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect github.com/aws/aws-sdk-go-v2/config v1.25.12 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect @@ -158,7 +158,7 @@ require ( golang.org/x/tools v0.27.0 // indirect google.golang.org/api v0.171.0 // indirect google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241202173237-19429a94021a // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/retry.v1 v1.0.3 // indirect k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect @@ -178,7 +178,7 @@ require ( github.com/Masterminds/goutils v1.1.1 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/PagerDuty/go-pagerduty v1.7.0 // indirect - github.com/ProtonMail/go-crypto v1.1.3 // indirect + github.com/ProtonMail/go-crypto v1.1.5 // indirect github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 // indirect github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect @@ -200,7 +200,7 @@ require ( github.com/ghodss/yaml v1.0.0 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect - github.com/go-git/go-billy/v5 v5.6.1 // indirect + github.com/go-git/go-billy/v5 v5.6.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/analysis v0.23.0 // indirect github.com/go-openapi/errors v0.22.0 // indirect @@ -211,7 +211,7 @@ require ( github.com/go-openapi/swag v0.23.0 // indirect github.com/go-openapi/validate v0.24.0 // indirect github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1 // indirect - github.com/golang/glog v1.2.2 // indirect + github.com/golang/glog v1.2.4 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/google/go-github/v41 v41.0.0 // indirect github.com/google/go-querystring v1.1.0 // indirect @@ -251,7 +251,7 @@ require ( github.com/opencontainers/image-spec v1.1.0 // indirect github.com/opsgenie/opsgenie-go-sdk-v2 v1.0.5 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect - github.com/pjbgf/sha1cd v0.3.0 // indirect + github.com/pjbgf/sha1cd v0.3.2 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_model v0.6.1 diff --git a/go.sum b/go.sum index dac1d1736f672..e4a7b59fd05e5 100644 --- a/go.sum +++ b/go.sum @@ -10,12 +10,12 @@ dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/42wim/httpsig v1.2.1 h1:oLBxptMe9U4ZmSGtkosT8Dlfg31P3VQnAGq6psXv82Y= github.com/42wim/httpsig v1.2.1/go.mod h1:P/UYo7ytNBFwc+dg35IubuAUIs8zj5zzFIgUCEl55WY= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI= -github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw= -github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 h1:g0EZJwz7xkXQiZAI5xi9f3WWFYBlX1CPTrR+NDToRkQ= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0/go.mod h1:XCW7KnZet0Opnr7HccfUw1PLc4CjHqpcaxW8DHklNkQ= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1 h1:1mvYtZfWQAnwNah/C+Z+Jb9rQH95LPE2vlmMuWAHJk8= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1/go.mod h1:75I/mXtme1JyWFtz8GocPHVFyH421IBoZErnO16dd0k= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.1 h1:Bk5uOhSAenHyR5P61D/NzeQCv+4fEVV8mOkJ82NqpWw= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.1/go.mod h1:QZ4pw3or1WPmRBxf0cHd1tknzrT54WPBOQoGutCPvSU= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= @@ -40,8 +40,8 @@ github.com/Azure/kubelogin v0.1.6 h1:2TK38wwjODYVWlHuI7wijwGmsigpDkXWmy9eqXBmMnw github.com/Azure/kubelogin v0.1.6/go.mod h1:NxlvRs9CambNudRXrk63zpPgG7PHzqZwsn0v82cuFRE= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 h1:kYRSnvJju5gYVyhkij+RTJ/VR6QIUaCfWeaFm2ycsjQ= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Jeffail/gabs v1.4.0 h1://5fYRRTq1edjfIrQGvdkcd22pkYUrHZ5YC/H2GJVAo= @@ -63,8 +63,8 @@ github.com/OvyFlash/telegram-bot-api/v5 v5.0.0-20240108230938-63e5c59035bf h1:a7 github.com/OvyFlash/telegram-bot-api/v5 v5.0.0-20240108230938-63e5c59035bf/go.mod h1:A2S0CWkNylc2phvKXWBBdD3K0iGnDBGbzRpISP2zBl8= github.com/PagerDuty/go-pagerduty v1.7.0 h1:S1NcMKECxT5hJwV4VT+QzeSsSiv4oWl1s2821dUqG/8= github.com/PagerDuty/go-pagerduty v1.7.0/go.mod h1:PuFyJKRz1liIAH4h5KVXVD18Obpp1ZXRdxHvmGXooro= -github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk= -github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= +github.com/ProtonMail/go-crypto v1.1.5 h1:eoAQfK2dwL+tFSFpr7TbOaPNUbPiJj4fLYwwGE1FQO4= +github.com/ProtonMail/go-crypto v1.1.5/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 h1:prBTRx78AQnXzivNT9Crhu564W/zPPr3ibSlpT9xKcE= github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60/go.mod h1:rjP7sIipbZcagro/6TCk6X0ZeFT2eyudH5+fve/cbBA= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= @@ -90,8 +90,8 @@ github.com/antonmedv/expr v1.15.1/go.mod h1:0E/6TxnOlRNp81GMzX9QfDPAmHo2Phg00y4J github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE= -github.com/argoproj/gitops-engine v0.7.1-0.20241216155226-54992bf42431 h1:ku0Gzp1dHr7yn83B/xmMrmbB5sJbe32LXaYSDSBd6/c= -github.com/argoproj/gitops-engine v0.7.1-0.20241216155226-54992bf42431/go.mod h1:WsnykM8idYRUnneeT31cM/Fq/ZsjkefCbjiD8ioCJkU= +github.com/argoproj/gitops-engine v0.7.1-0.20250129155113-7e21b91e9d0f h1:6amQW2gmWyBr/3xz/YzpgrQ+91xKxtpaWiLBkgjjV8o= +github.com/argoproj/gitops-engine v0.7.1-0.20250129155113-7e21b91e9d0f/go.mod h1:WsnykM8idYRUnneeT31cM/Fq/ZsjkefCbjiD8ioCJkU= github.com/argoproj/notifications-engine v0.4.1-0.20241007194503-2fef5c9049fd h1:lOVVoK89j9Nd4+JYJiKAaMNYC1402C0jICROOfUPWn0= github.com/argoproj/notifications-engine v0.4.1-0.20241007194503-2fef5c9049fd/go.mod h1:N0A4sEws2soZjEpY4hgZpQS8mRIEw6otzwfkgc3g9uQ= github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 h1:qsHwwOJ21K2Ao0xPju1sNuqphyMnMYkyB3ZLoLtxWpo= @@ -108,8 +108,8 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:W github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= -github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.55.6 h1:cSg4pvZ3m8dgYcgqB97MrcdjUmZ1BeMYKUxMMB89IPk= +github.com/aws/aws-sdk-go v1.55.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU= github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4= @@ -149,8 +149,8 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= -github.com/bmatcuk/doublestar/v4 v4.7.1 h1:fdDeAqgT47acgwd9bd9HxJRDmc9UAmPpc+2m0CXv75Q= -github.com/bmatcuk/doublestar/v4 v4.7.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= +github.com/bmatcuk/doublestar/v4 v4.8.1 h1:54Bopc5c2cAvhLRAzqOGCYHYyhcDHsFF4wWIR5wKP38= +github.com/bmatcuk/doublestar/v4 v4.8.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= github.com/bombsimon/logrusr/v4 v4.1.0 h1:uZNPbwusB0eUXlO8hIUwStE6Lr5bLN6IgYgG+75kuh4= github.com/bombsimon/logrusr/v4 v4.1.0/go.mod h1:pjfHC5e59CvjTBIU3V3sGhFWFAnsnhOR03TRc6im0l8= github.com/bradleyfalzon/ghinstallation/v2 v2.13.0 h1:5FhjW93/YLQJDmPdeyMPw7IjAPzqsr+0jHPfrPz0sZI= @@ -210,8 +210,8 @@ github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7Do github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM= -github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= +github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= +github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -235,8 +235,8 @@ github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5m github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= -github.com/elazarl/goproxy v1.2.3 h1:xwIyKHbaP5yfT6O9KIeYJR5549MXRQkoQMRXGztz8YQ= -github.com/elazarl/goproxy v1.2.3/go.mod h1:YfEbZtqP4AetfO6d40vWchF3znWX7C7Vd6ZMfdL8z64= +github.com/elazarl/goproxy v1.4.0 h1:4GyuSbFa+s26+3rmYNSuUVsx+HgPrV1bk1jXI0l9wjM= +github.com/elazarl/goproxy v1.4.0/go.mod h1:X/5W/t+gzDyLfHW4DrMdpjqYjpXsURlBt9lpBDxZZZQ= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= @@ -247,8 +247,8 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= -github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v5.9.11+incompatible h1:ixHHqfcGvxhWkniF1tWxBHA0yb4Z+d1UQi45df52xW8= +github.com/evanphx/json-patch v5.9.11+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM= @@ -293,12 +293,12 @@ github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI= github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.6.1 h1:u+dcrgaguSSkbjzHwelEjc0Yj300NUevrrPphk/SoRA= -github.com/go-git/go-billy/v5 v5.6.1/go.mod h1:0AsLr1z2+Uksi4NlElmMblP5rPcDZNRCD8ujZCRR2BE= +github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM= +github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -github.com/go-git/go-git/v5 v5.13.1 h1:DAQ9APonnlvSWpvolXWIuV6Q6zXy2wHbN4cVlNR5Q+M= -github.com/go-git/go-git/v5 v5.13.1/go.mod h1:qryJB4cSBoq3FRoBRf5A77joojuBcmPJ0qu3XXXVixc= +github.com/go-git/go-git/v5 v5.13.2 h1:7O7xvsK7K+rZPKW6AQR1YyNhfywkv7B8/FsP3ki6Zv0= +github.com/go-git/go-git/v5 v5.13.2/go.mod h1:hWdW5P4YZRjmpGHwRH2v3zkWcNl6HeXaXQEMGb3NJ9A= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= @@ -396,8 +396,8 @@ github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.2.2 h1:1+mZ9upx1Dh6FmUTFR1naJ77miKiXgALjWOZ3NVFPmY= -github.com/golang/glog v1.2.2/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= +github.com/golang/glog v1.2.4 h1:CNNw5U8lSiiBk7druxtSHHTsRWcxKoac6kZKm2peBBc= +github.com/golang/glog v1.2.4/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -796,8 +796,8 @@ github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+v github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= -github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= +github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4= +github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -908,8 +908,9 @@ github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o= +github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf/go.mod h1:RJID2RhlZKId02nZ62WenDCkgHFerpIOmW0iT7GKmXM= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= @@ -991,8 +992,8 @@ go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5W go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM= go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM= -go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc= -go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= +go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU= +go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ= go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= @@ -1352,10 +1353,10 @@ google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEY google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y= google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s= -google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= -google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 h1:XVhgTWWV3kGQlwJHR3upFWZeTsei6Oks1apkZSeonIE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= +google.golang.org/genproto/googleapis/api v0.0.0-20241202173237-19429a94021a h1:OAiGFfOiA0v9MRYsSidp3ubZaBnteRUyn3xB2ZQ5G/E= +google.golang.org/genproto/googleapis/api v0.0.0-20241202173237-19429a94021a/go.mod h1:jehYqy3+AhJU9ve55aNOaSml7wUXjF9x6z2LcCfpAhY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241202173237-19429a94021a h1:hgh8P4EuoxpsuKMXX/To36nOFD7vixReXgn8lPGnt+o= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241202173237-19429a94021a/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= @@ -1371,8 +1372,8 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= -google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ= +google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= @@ -1381,8 +1382,8 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= -google.golang.org/protobuf v1.36.2 h1:R8FeyR1/eLmkutZOM5CWghmo5itiG9z0ktFlTVLuTmU= -google.golang.org/protobuf v1.36.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM= +google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk= diff --git a/hack/gen-resources/util/sizedwaitgroup.go b/hack/gen-resources/util/sizedwaitgroup.go index 6c6d4fb1c5fff..4ddb5192d27bc 100644 --- a/hack/gen-resources/util/sizedwaitgroup.go +++ b/hack/gen-resources/util/sizedwaitgroup.go @@ -87,7 +87,6 @@ func (s *SizedWaitGroup) AddWithContext(ctx context.Context) error { case <-ctx.Done(): return ctx.Err() case s.current <- struct{}{}: - break } s.wg.Add(1) return nil diff --git a/hack/installers/checksums/add-kubectl-checksums.sh b/hack/installers/checksums/add-kubectl-checksums.sh new file mode 100755 index 0000000000000..2b9ba0df2f6ab --- /dev/null +++ b/hack/installers/checksums/add-kubectl-checksums.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env sh + +# Usage: ./add-kubectl-checksums.sh v1.32.1 # use the desired version + +set -e +for arch in amd64 arm64 ppc64le s390x; do + wget "https://dl.k8s.io/release/$1/bin/linux/$arch/kubectl.sha256" -O "kubectl-$1-linux-$arch.tar.gz.sha256" + +done + +for arch in amd64 arm64; do + wget "https://dl.k8s.io/release/$1/bin/darwin/$arch/kubectl.sha256" -O "kubectl-$1-darwin-$arch.tar.gz.sha256" +done \ No newline at end of file diff --git a/hack/installers/checksums/helm-v3.17.0-darwin-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.17.0-darwin-amd64.tar.gz.sha256 new file mode 100644 index 0000000000000..1ab86a9b4ef78 --- /dev/null +++ b/hack/installers/checksums/helm-v3.17.0-darwin-amd64.tar.gz.sha256 @@ -0,0 +1 @@ +0d5fd51cf51eb4b9712d52ecd8f2a3cd865680595cca57db38ee01802bd466ea helm-v3.17.0-darwin-amd64.tar.gz diff --git a/hack/installers/checksums/helm-v3.17.0-darwin-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.17.0-darwin-arm64.tar.gz.sha256 new file mode 100644 index 0000000000000..e0050b01b0bbb --- /dev/null +++ b/hack/installers/checksums/helm-v3.17.0-darwin-arm64.tar.gz.sha256 @@ -0,0 +1 @@ +5db292c69ba756ddbf139abb623b02860feef15c7f1a4ea69b77715b9165a261 helm-v3.17.0-darwin-arm64.tar.gz diff --git a/hack/installers/checksums/helm-v3.17.0-linux-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.17.0-linux-amd64.tar.gz.sha256 new file mode 100644 index 0000000000000..3d74e11729822 --- /dev/null +++ b/hack/installers/checksums/helm-v3.17.0-linux-amd64.tar.gz.sha256 @@ -0,0 +1 @@ +fb5d12662fde6eeff36ac4ccacbf3abed96b0ee2de07afdde4edb14e613aee24 helm-v3.17.0-linux-amd64.tar.gz diff --git a/hack/installers/checksums/helm-v3.17.0-linux-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.17.0-linux-arm64.tar.gz.sha256 new file mode 100644 index 0000000000000..b022aac1a6daa --- /dev/null +++ b/hack/installers/checksums/helm-v3.17.0-linux-arm64.tar.gz.sha256 @@ -0,0 +1 @@ +c4d4be8e80082b7eaa411e3e231d62cf05d01cddfef59b0d01006a7901e11ee4 helm-v3.17.0-linux-arm64.tar.gz diff --git a/hack/installers/checksums/helm-v3.17.0-linux-ppc64le.tar.gz.sha256 b/hack/installers/checksums/helm-v3.17.0-linux-ppc64le.tar.gz.sha256 new file mode 100644 index 0000000000000..bc81cf2223c63 --- /dev/null +++ b/hack/installers/checksums/helm-v3.17.0-linux-ppc64le.tar.gz.sha256 @@ -0,0 +1 @@ +32833acf72b240e9ca78a3eac630a0ba420e073b02df3030c369a287b8bdc769 helm-v3.17.0-linux-ppc64le.tar.gz diff --git a/hack/installers/checksums/helm-v3.17.0-linux-s390x.tar.gz.sha256 b/hack/installers/checksums/helm-v3.17.0-linux-s390x.tar.gz.sha256 new file mode 100644 index 0000000000000..dd91867df4822 --- /dev/null +++ b/hack/installers/checksums/helm-v3.17.0-linux-s390x.tar.gz.sha256 @@ -0,0 +1 @@ +4b002d673ef35d78843c45cc169faf1040eec75937f19fccce41d2074f459653 helm-v3.17.0-linux-s390x.tar.gz diff --git a/hack/installers/checksums/kubectl-v1.32.1-linux-amd64.tar.gz.sha256 b/hack/installers/checksums/kubectl-v1.32.1-linux-amd64.tar.gz.sha256 new file mode 100644 index 0000000000000..0c10516ad4ea3 --- /dev/null +++ b/hack/installers/checksums/kubectl-v1.32.1-linux-amd64.tar.gz.sha256 @@ -0,0 +1 @@ +e16c80f1a9f94db31063477eb9e61a2e24c1a4eee09ba776b029048f5369db0c \ No newline at end of file diff --git a/hack/installers/checksums/kubectl-v1.32.1-linux-arm64.tar.gz.sha256 b/hack/installers/checksums/kubectl-v1.32.1-linux-arm64.tar.gz.sha256 new file mode 100644 index 0000000000000..1c957e3d558dc --- /dev/null +++ b/hack/installers/checksums/kubectl-v1.32.1-linux-arm64.tar.gz.sha256 @@ -0,0 +1 @@ +98206fd83a4fd17f013f8c61c33d0ae8ec3a7c53ec59ef3d6a0a9400862dc5b2 \ No newline at end of file diff --git a/hack/installers/checksums/kubectl-v1.32.1-linux-ppc64le.tar.gz.sha256 b/hack/installers/checksums/kubectl-v1.32.1-linux-ppc64le.tar.gz.sha256 new file mode 100644 index 0000000000000..01798c978196e --- /dev/null +++ b/hack/installers/checksums/kubectl-v1.32.1-linux-ppc64le.tar.gz.sha256 @@ -0,0 +1 @@ +46d98d3463e065dff035d76f6c2b604c990d79634cc574d43b0c21f0367bbf0c \ No newline at end of file diff --git a/hack/installers/checksums/kubectl-v1.32.1-linux-s390x.tar.gz.sha256 b/hack/installers/checksums/kubectl-v1.32.1-linux-s390x.tar.gz.sha256 new file mode 100644 index 0000000000000..8e3078d9fa50b --- /dev/null +++ b/hack/installers/checksums/kubectl-v1.32.1-linux-s390x.tar.gz.sha256 @@ -0,0 +1 @@ +081c80142fd450d93dd4a82330d182dd045dcb2fb0c220e65ef7158f13df12d8 \ No newline at end of file diff --git a/hack/installers/install-gotestsum.sh b/hack/installers/install-gotestsum.sh index 27b497696ccdc..a6902992aff18 100755 --- a/hack/installers/install-gotestsum.sh +++ b/hack/installers/install-gotestsum.sh @@ -4,10 +4,10 @@ set -eux -o pipefail # Code from: https://github.com/argoproj/argo-rollouts/blob/f650a1fd0ba7beb2125e1598410515edd572776f/hack/installers/install-dev-tools.sh PROJECT_ROOT=$(cd $(dirname ${BASH_SOURCE})/../..; pwd) -DIST_PATH="${PROJECT_ROOT}/dist" -PATH="${DIST_PATH}:${PATH}" - -mkdir -p ${DIST_PATH} +INSTALL_PATH="${BIN:-$INSTALL_PATH}" +INSTALL_PATH="${INSTALL_PATH:-$PROJECT_ROOT/dist}" +PATH="${INSTALL_PATH}:${PATH}" +[ -d $INSTALL_PATH ] || mkdir -p $INSTALL_PATH gotestsum_version=1.11.0 @@ -21,6 +21,6 @@ url=https://github.com/gotestyourself/gotestsum/releases/download/v${gotestsum_v mkdir -p /tmp/gotestsum-${gotestsum_version} tar -xvzf ${temp_path} -C /tmp/gotestsum-${gotestsum_version} -cp /tmp/gotestsum-${gotestsum_version}/gotestsum ${DIST_PATH}/gotestsum -chmod +x ${DIST_PATH}/gotestsum +sudo cp /tmp/gotestsum-${gotestsum_version}/gotestsum ${INSTALL_PATH}/gotestsum +sudo chmod +x ${INSTALL_PATH}/gotestsum gotestsum --version diff --git a/hack/installers/install-kubectl-linux.sh b/hack/installers/install-kubectl-linux.sh index abf60757b66c1..2c72adcced577 100755 --- a/hack/installers/install-kubectl-linux.sh +++ b/hack/installers/install-kubectl-linux.sh @@ -3,7 +3,7 @@ set -eux -o pipefail . $(dirname $0)/../tool-versions.sh -export TARGET_FILE=kubectl_${ARCHITECTURE}_${kubectl_version} +export TARGET_FILE=kubectl-v${kubectl_version}-${INSTALL_OS}-${ARCHITECTURE}.tar.gz # NOTE: keep the version synced with https://storage.googleapis.com/kubernetes-release/release/stable.txt [ -e $DOWNLOADS/${TARGET_FILE} ] || curl -sLf --retry 3 -o ${DOWNLOADS}/${TARGET_FILE} https://storage.googleapis.com/kubernetes-release/release/v${kubectl_version}/bin/linux/$ARCHITECTURE/kubectl diff --git a/hack/test.sh b/hack/test.sh index c13718063b862..1b9b92c0c4ea4 100755 --- a/hack/test.sh +++ b/hack/test.sh @@ -15,4 +15,4 @@ fi mkdir -p $TEST_RESULTS -GODEBUG="tarinsecurepath=0,zipinsecurepath=0" ${DIST_DIR}/gotestsum --rerun-fails-report=rerunreport.txt --junitfile=$TEST_RESULTS/junit.xml --format=testname --rerun-fails="$RERUN_FAILS" --packages="$PACKAGES" -- -cover $TEST_FLAGS $* +GODEBUG="tarinsecurepath=0,zipinsecurepath=0" gotestsum --rerun-fails-report=rerunreport.txt --junitfile=$TEST_RESULTS/junit.xml --format=testname --rerun-fails="$RERUN_FAILS" --packages="$PACKAGES" -- -cover $TEST_FLAGS $* diff --git a/hack/tool-versions.sh b/hack/tool-versions.sh index 5ff690de480ad..ec5d936d1ab4a 100644 --- a/hack/tool-versions.sh +++ b/hack/tool-versions.sh @@ -11,7 +11,7 @@ # Use ./hack/installers/checksums/add-helm-checksums.sh and # add-kustomize-checksums.sh to help download checksums. ############################################################################### -helm3_version=3.16.3 +helm3_version=3.17.0 kubectl_version=1.17.8 kubectx_version=0.6.3 kustomize5_version=5.4.3 diff --git a/kustomize b/kustomize deleted file mode 100755 index 1577ba57c1d6c..0000000000000 Binary files a/kustomize and /dev/null differ diff --git a/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml b/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml index 9f941ce611224..ea40f9c9a4c40 100644 --- a/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml +++ b/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml @@ -85,6 +85,12 @@ spec: name: argocd-cmd-params-cm key: controller.log.level optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml index 31516a0b93a35..a595b75f84b5e 100644 --- a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml +++ b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml @@ -88,6 +88,12 @@ spec: name: argocd-cmd-params-cm key: controller.log.level optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION valueFrom: configMapKeyRef: @@ -190,6 +196,12 @@ spec: name: argocd-cmd-params-cm key: otlp.headers optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.attrs + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: diff --git a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml index f4df48823a5ff..8c7d7650573fb 100644 --- a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml +++ b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml @@ -85,6 +85,12 @@ spec: key: applicationsetcontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN valueFrom: configMapKeyRef: diff --git a/manifests/base/commit-server/argocd-commit-server-deployment.yaml b/manifests/base/commit-server/argocd-commit-server-deployment.yaml index 2eba92802080c..a09717970d206 100644 --- a/manifests/base/commit-server/argocd-commit-server-deployment.yaml +++ b/manifests/base/commit-server/argocd-commit-server-deployment.yaml @@ -48,6 +48,12 @@ spec: name: argocd-cmd-params-cm key: commitserver.log.level optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true ports: - containerPort: 8086 - containerPort: 8087 diff --git a/manifests/base/dex/argocd-dex-server-deployment.yaml b/manifests/base/dex/argocd-dex-server-deployment.yaml index 87d7d0a2fbbd8..0ef89cd75dbe5 100644 --- a/manifests/base/dex/argocd-dex-server-deployment.yaml +++ b/manifests/base/dex/argocd-dex-server-deployment.yaml @@ -53,6 +53,12 @@ spec: key: dexserver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: diff --git a/manifests/base/notification/argocd-notifications-controller-deployment.yaml b/manifests/base/notification/argocd-notifications-controller-deployment.yaml index c3a533e5a4350..ca75e9484191c 100644 --- a/manifests/base/notification/argocd-notifications-controller-deployment.yaml +++ b/manifests/base/notification/argocd-notifications-controller-deployment.yaml @@ -48,6 +48,12 @@ spec: key: notificationscontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: diff --git a/manifests/base/repo-server/argocd-repo-server-deployment.yaml b/manifests/base/repo-server/argocd-repo-server-deployment.yaml index 02a11fabe9715..1b582f91ee4cb 100644 --- a/manifests/base/repo-server/argocd-repo-server-deployment.yaml +++ b/manifests/base/repo-server/argocd-repo-server-deployment.yaml @@ -47,6 +47,12 @@ spec: name: argocd-cmd-params-cm key: reposerver.log.level optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: @@ -137,6 +143,12 @@ spec: name: argocd-cmd-params-cm key: otlp.headers optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.attrs + optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: diff --git a/manifests/base/server/argocd-server-deployment.yaml b/manifests/base/server/argocd-server-deployment.yaml index 5b0d688e80ad6..71a3ddd631e4b 100644 --- a/manifests/base/server/argocd-server-deployment.yaml +++ b/manifests/base/server/argocd-server-deployment.yaml @@ -232,6 +232,12 @@ spec: name: argocd-cmd-params-cm key: otlp.headers optional: true + - name: ARGOCD_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.attrs + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: diff --git a/manifests/core-install-with-hydrator.yaml b/manifests/core-install-with-hydrator.yaml index e8d6d55fdc755..5d997f77f9538 100644 --- a/manifests/core-install-with-hydrator.yaml +++ b/manifests/core-install-with-hydrator.yaml @@ -23478,6 +23478,10 @@ spec: description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps properties: + andOperator: + description: UseAndOperator use AND operator for matching applications, + namespaces and clusters instead of the default OR operator + type: boolean applications: description: Applications contains a list of applications that the window will apply to @@ -24075,6 +24079,12 @@ spec: key: applicationsetcontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN valueFrom: configMapKeyRef: @@ -24285,6 +24295,12 @@ spec: key: commitserver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: @@ -24516,6 +24532,12 @@ spec: key: reposerver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: @@ -24606,6 +24628,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: @@ -24902,6 +24930,12 @@ spec: key: controller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION valueFrom: configMapKeyRef: @@ -25004,6 +25038,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index f8b54c0ba2c7b..6eb6204cf304b 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -23478,6 +23478,10 @@ spec: description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps properties: + andOperator: + description: UseAndOperator use AND operator for matching applications, + namespaces and clusters instead of the default OR operator + type: boolean applications: description: Applications contains a list of applications that the window will apply to @@ -24043,6 +24047,12 @@ spec: key: applicationsetcontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN valueFrom: configMapKeyRef: @@ -24334,6 +24344,12 @@ spec: key: reposerver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: @@ -24424,6 +24440,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: @@ -24720,6 +24742,12 @@ spec: key: controller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION valueFrom: configMapKeyRef: @@ -24822,6 +24850,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: diff --git a/manifests/crds/appproject-crd.yaml b/manifests/crds/appproject-crd.yaml index a72a8de146939..e3eea79bd6747 100644 --- a/manifests/crds/appproject-crd.yaml +++ b/manifests/crds/appproject-crd.yaml @@ -278,6 +278,10 @@ spec: description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps properties: + andOperator: + description: UseAndOperator use AND operator for matching applications, + namespaces and clusters instead of the default OR operator + type: boolean applications: description: Applications contains a list of applications that the window will apply to diff --git a/manifests/ha/install-with-hydrator.yaml b/manifests/ha/install-with-hydrator.yaml index 74fd524530c89..517ed7764d781 100644 --- a/manifests/ha/install-with-hydrator.yaml +++ b/manifests/ha/install-with-hydrator.yaml @@ -23478,6 +23478,10 @@ spec: description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps properties: + andOperator: + description: UseAndOperator use AND operator for matching applications, + namespaces and clusters instead of the default OR operator + type: boolean applications: description: Applications contains a list of applications that the window will apply to @@ -25416,6 +25420,12 @@ spec: key: applicationsetcontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN valueFrom: configMapKeyRef: @@ -25626,6 +25636,12 @@ spec: key: commitserver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: @@ -25758,6 +25774,12 @@ spec: key: dexserver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: @@ -25865,6 +25887,12 @@ spec: key: notificationscontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -26111,6 +26139,12 @@ spec: key: reposerver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: @@ -26201,6 +26235,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: @@ -26639,6 +26679,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -26895,6 +26941,12 @@ spec: key: controller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION valueFrom: configMapKeyRef: @@ -26997,6 +27049,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index f4607abee3c18..559c5ece280ba 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -23478,6 +23478,10 @@ spec: description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps properties: + andOperator: + description: UseAndOperator use AND operator for matching applications, + namespaces and clusters instead of the default OR operator + type: boolean applications: description: Applications contains a list of applications that the window will apply to @@ -25386,6 +25390,12 @@ spec: key: applicationsetcontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN valueFrom: configMapKeyRef: @@ -25578,6 +25588,12 @@ spec: key: dexserver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: @@ -25685,6 +25701,12 @@ spec: key: notificationscontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -25931,6 +25953,12 @@ spec: key: reposerver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: @@ -26021,6 +26049,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: @@ -26459,6 +26493,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -26715,6 +26755,12 @@ spec: key: controller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION valueFrom: configMapKeyRef: @@ -26817,6 +26863,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: diff --git a/manifests/ha/namespace-install-with-hydrator.yaml b/manifests/ha/namespace-install-with-hydrator.yaml index 376c70570e003..bfad4c6c63960 100644 --- a/manifests/ha/namespace-install-with-hydrator.yaml +++ b/manifests/ha/namespace-install-with-hydrator.yaml @@ -1646,6 +1646,12 @@ spec: key: applicationsetcontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN valueFrom: configMapKeyRef: @@ -1856,6 +1862,12 @@ spec: key: commitserver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: @@ -1988,6 +2000,12 @@ spec: key: dexserver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: @@ -2095,6 +2113,12 @@ spec: key: notificationscontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -2341,6 +2365,12 @@ spec: key: reposerver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: @@ -2431,6 +2461,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: @@ -2869,6 +2905,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -3125,6 +3167,12 @@ spec: key: controller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION valueFrom: configMapKeyRef: @@ -3227,6 +3275,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index 0b00d7952c5eb..31489e9c0ac8d 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -1616,6 +1616,12 @@ spec: key: applicationsetcontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN valueFrom: configMapKeyRef: @@ -1808,6 +1814,12 @@ spec: key: dexserver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: @@ -1915,6 +1927,12 @@ spec: key: notificationscontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -2161,6 +2179,12 @@ spec: key: reposerver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: @@ -2251,6 +2275,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: @@ -2689,6 +2719,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -2945,6 +2981,12 @@ spec: key: controller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION valueFrom: configMapKeyRef: @@ -3047,6 +3089,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: diff --git a/manifests/install-with-hydrator.yaml b/manifests/install-with-hydrator.yaml index a0cc0c1e7ddf1..de434be44161c 100644 --- a/manifests/install-with-hydrator.yaml +++ b/manifests/install-with-hydrator.yaml @@ -23478,6 +23478,10 @@ spec: description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps properties: + andOperator: + description: UseAndOperator use AND operator for matching applications, + namespaces and clusters instead of the default OR operator + type: boolean applications: description: Applications contains a list of applications that the window will apply to @@ -24535,6 +24539,12 @@ spec: key: applicationsetcontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN valueFrom: configMapKeyRef: @@ -24745,6 +24755,12 @@ spec: key: commitserver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: @@ -24877,6 +24893,12 @@ spec: key: dexserver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: @@ -24984,6 +25006,12 @@ spec: key: notificationscontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -25185,6 +25213,12 @@ spec: key: reposerver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: @@ -25275,6 +25309,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: @@ -25711,6 +25751,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -25967,6 +26013,12 @@ spec: key: controller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION valueFrom: configMapKeyRef: @@ -26069,6 +26121,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: diff --git a/manifests/install.yaml b/manifests/install.yaml index 50fa36d553361..1e578ca82bb50 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -23478,6 +23478,10 @@ spec: description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps properties: + andOperator: + description: UseAndOperator use AND operator for matching applications, + namespaces and clusters instead of the default OR operator + type: boolean applications: description: Applications contains a list of applications that the window will apply to @@ -24503,6 +24507,12 @@ spec: key: applicationsetcontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN valueFrom: configMapKeyRef: @@ -24695,6 +24705,12 @@ spec: key: dexserver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: @@ -24802,6 +24818,12 @@ spec: key: notificationscontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -25003,6 +25025,12 @@ spec: key: reposerver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: @@ -25093,6 +25121,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: @@ -25529,6 +25563,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -25785,6 +25825,12 @@ spec: key: controller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION valueFrom: configMapKeyRef: @@ -25887,6 +25933,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: diff --git a/manifests/namespace-install-with-hydrator.yaml b/manifests/namespace-install-with-hydrator.yaml index 1f18a82a063c5..ddb9ba6e4756a 100644 --- a/manifests/namespace-install-with-hydrator.yaml +++ b/manifests/namespace-install-with-hydrator.yaml @@ -765,6 +765,12 @@ spec: key: applicationsetcontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN valueFrom: configMapKeyRef: @@ -975,6 +981,12 @@ spec: key: commitserver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: @@ -1107,6 +1119,12 @@ spec: key: dexserver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: @@ -1214,6 +1232,12 @@ spec: key: notificationscontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -1415,6 +1439,12 @@ spec: key: reposerver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: @@ -1505,6 +1535,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: @@ -1941,6 +1977,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -2197,6 +2239,12 @@ spec: key: controller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION valueFrom: configMapKeyRef: @@ -2299,6 +2347,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index 21127bcbf911a..f72a792a901f1 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -733,6 +733,12 @@ spec: key: applicationsetcontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN valueFrom: configMapKeyRef: @@ -925,6 +931,12 @@ spec: key: dexserver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: @@ -1032,6 +1044,12 @@ spec: key: notificationscontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -1233,6 +1251,12 @@ spec: key: reposerver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: @@ -1323,6 +1347,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: @@ -1759,6 +1789,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -2015,6 +2051,12 @@ spec: key: controller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + key: log.format.timestamp + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION valueFrom: configMapKeyRef: @@ -2117,6 +2159,12 @@ spec: key: otlp.headers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + key: otlp.attrs + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: diff --git a/pkg/apiclient/apiclient.go b/pkg/apiclient/apiclient.go index 2487e938edc7d..0890360c25cf6 100644 --- a/pkg/apiclient/apiclient.go +++ b/pkg/apiclient/apiclient.go @@ -319,18 +319,20 @@ func (c *client) OIDCConfig(ctx context.Context, set *settingspkg.Settings) (*oa var clientID string var issuerURL string var scopes []string - if set.OIDCConfig != nil && set.OIDCConfig.Issuer != "" { + switch { + case set.OIDCConfig != nil && set.OIDCConfig.Issuer != "": if set.OIDCConfig.CLIClientID != "" { clientID = set.OIDCConfig.CLIClientID } else { clientID = set.OIDCConfig.ClientID } issuerURL = set.OIDCConfig.Issuer - scopes = set.OIDCConfig.Scopes - } else if set.DexConfig != nil && len(set.DexConfig.Connectors) > 0 { + scopes = oidcutil.GetScopesOrDefault(set.OIDCConfig.Scopes) + case set.DexConfig != nil && len(set.DexConfig.Connectors) > 0: clientID = common.ArgoCDCLIClientAppID + scopes = append(oidcutil.GetScopesOrDefault(nil), common.DexFederatedScope) issuerURL = fmt.Sprintf("%s%s", set.URL, common.DexAPIEndpoint) - } else { + default: return nil, nil, fmt.Errorf("%s is not configured with SSO", c.ServerAddr) } provider, err := oidc.NewProvider(ctx, issuerURL) @@ -341,7 +343,6 @@ func (c *client) OIDCConfig(ctx context.Context, set *settingspkg.Settings) (*oa if err != nil { return nil, nil, fmt.Errorf("Failed to parse provider config: %w", err) } - scopes = oidcutil.GetScopesOrDefault(scopes) if oidcutil.OfflineAccess(oidcConf.ScopesSupported) { scopes = append(scopes, oidc.ScopeOfflineAccess) } diff --git a/pkg/apiclient/application/forwarder_overwrite.go b/pkg/apiclient/application/forwarder_overwrite.go index fd13fdbf3a4c1..55a8fe7d596e2 100644 --- a/pkg/apiclient/application/forwarder_overwrite.go +++ b/pkg/apiclient/application/forwarder_overwrite.go @@ -12,7 +12,7 @@ import ( "github.com/argoproj/pkg/grpc/http" "github.com/grpc-ecosystem/grpc-gateway/runtime" - // nolint:staticcheck + //nolint:staticcheck "github.com/golang/protobuf/proto" "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" diff --git a/pkg/apiclient/repository/repository.pb.go b/pkg/apiclient/repository/repository.pb.go index 869a66cd27ea4..aa8efcf85804c 100644 --- a/pkg/apiclient/repository/repository.pb.go +++ b/pkg/apiclient/repository/repository.pb.go @@ -395,10 +395,12 @@ type RepoAccessQuery struct { // Google Cloud Platform service account key GcpServiceAccountKey string `protobuf:"bytes,18,opt,name=gcpServiceAccountKey,proto3" json:"gcpServiceAccountKey,omitempty"` // Whether to force HTTP basic auth - ForceHttpBasicAuth bool `protobuf:"varint,19,opt,name=forceHttpBasicAuth,proto3" json:"forceHttpBasicAuth,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + ForceHttpBasicAuth bool `protobuf:"varint,19,opt,name=forceHttpBasicAuth,proto3" json:"forceHttpBasicAuth,omitempty"` + // Whether to use azure workload identity for authentication + UseAzureWorkloadIdentity bool `protobuf:"varint,20,opt,name=useAzureWorkloadIdentity,proto3" json:"useAzureWorkloadIdentity,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *RepoAccessQuery) Reset() { *m = RepoAccessQuery{} } @@ -560,6 +562,13 @@ func (m *RepoAccessQuery) GetForceHttpBasicAuth() bool { return false } +func (m *RepoAccessQuery) GetUseAzureWorkloadIdentity() bool { + if m != nil { + return m.UseAzureWorkloadIdentity + } + return false +} + type RepoResponse struct { XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` @@ -730,89 +739,91 @@ func init() { } var fileDescriptor_8d38260443475705 = []byte{ - // 1306 bytes of a gzipped FileDescriptorProto + // 1335 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x98, 0x5d, 0x6f, 0x1b, 0x45, - 0x17, 0xc7, 0xb5, 0x49, 0xe3, 0x26, 0x27, 0x4d, 0xeb, 0x4e, 0x9a, 0x3e, 0xfb, 0xb8, 0x69, 0x1a, + 0x17, 0xc7, 0xb5, 0x49, 0xe3, 0x26, 0x27, 0x4d, 0xeb, 0x4e, 0x92, 0x3e, 0xfb, 0xb8, 0x69, 0x1a, 0xb6, 0xa5, 0x4a, 0xa3, 0x76, 0xdd, 0xb8, 0x20, 0xaa, 0x22, 0x90, 0xdc, 0xa4, 0x6a, 0x23, 0x22, - 0x5a, 0xb6, 0x2a, 0x48, 0x08, 0x84, 0xa6, 0xeb, 0x13, 0x7b, 0xdb, 0xf5, 0xee, 0x74, 0x66, 0xec, - 0xd6, 0xaa, 0x7a, 0xc3, 0x05, 0x42, 0x82, 0x1b, 0x84, 0x40, 0x5c, 0xf1, 0x22, 0x21, 0x21, 0xc1, - 0x3d, 0x9f, 0x81, 0x4b, 0x24, 0xbe, 0x00, 0xaa, 0xf8, 0x10, 0x5c, 0xa2, 0x99, 0x59, 0xef, 0xae, - 0x1d, 0xbf, 0xa4, 0x6a, 0x92, 0xbb, 0x99, 0x73, 0x66, 0xcf, 0xf9, 0xcd, 0x7f, 0xce, 0xbc, 0xd8, - 0xe0, 0x08, 0xe4, 0x6d, 0xe4, 0x65, 0x8e, 0x2c, 0x16, 0x81, 0x8c, 0x79, 0x27, 0xd7, 0x74, 0x19, - 0x8f, 0x65, 0x4c, 0x20, 0xb3, 0x94, 0x16, 0xeb, 0x71, 0x5c, 0x0f, 0xb1, 0x4c, 0x59, 0x50, 0xa6, - 0x51, 0x14, 0x4b, 0x2a, 0x83, 0x38, 0x12, 0x66, 0x64, 0x69, 0xab, 0x1e, 0xc8, 0x46, 0xeb, 0xbe, - 0xeb, 0xc7, 0xcd, 0x32, 0xe5, 0xf5, 0x98, 0xf1, 0xf8, 0x81, 0x6e, 0x5c, 0xf2, 0x6b, 0xe5, 0xf6, - 0x95, 0x32, 0x7b, 0x58, 0x57, 0x5f, 0x8a, 0x32, 0x65, 0x2c, 0x0c, 0x7c, 0xfd, 0x6d, 0xb9, 0xbd, - 0x46, 0x43, 0xd6, 0xa0, 0x6b, 0xe5, 0x3a, 0x46, 0xc8, 0xa9, 0xc4, 0x5a, 0x12, 0xed, 0xc6, 0x98, - 0x68, 0x1a, 0x6b, 0x2c, 0xbe, 0xd3, 0x81, 0x39, 0x0f, 0x59, 0x5c, 0x65, 0x4c, 0xbc, 0xd7, 0x42, - 0xde, 0x21, 0x04, 0x0e, 0xa9, 0x41, 0xb6, 0xb5, 0x6c, 0xad, 0xcc, 0x78, 0xba, 0x4d, 0x4a, 0x30, - 0xcd, 0xb1, 0x1d, 0x88, 0x20, 0x8e, 0xec, 0x09, 0x6d, 0x4f, 0xfb, 0xc4, 0x86, 0xc3, 0x94, 0xb1, - 0x77, 0x69, 0x13, 0xed, 0x49, 0xed, 0xea, 0x76, 0xc9, 0x12, 0x00, 0x65, 0xec, 0x0e, 0x8f, 0x1f, - 0xa0, 0x2f, 0xed, 0x43, 0xda, 0x99, 0xb3, 0x38, 0x6b, 0x70, 0xb8, 0xca, 0xd8, 0x66, 0xb4, 0x1d, - 0xab, 0xa4, 0xb2, 0xc3, 0xb0, 0x9b, 0x54, 0xb5, 0x95, 0x8d, 0x51, 0xd9, 0x48, 0x12, 0xea, 0xb6, - 0xf3, 0xaf, 0x05, 0xf3, 0x09, 0xee, 0x06, 0x4a, 0x1a, 0x84, 0x09, 0x74, 0x1d, 0x0a, 0x22, 0x6e, - 0x71, 0xdf, 0x44, 0x98, 0xad, 0xdc, 0x76, 0x33, 0x75, 0xdc, 0xae, 0x3a, 0xba, 0xf1, 0x89, 0x5f, - 0x73, 0xdb, 0x57, 0x5c, 0xf6, 0xb0, 0xee, 0x2a, 0xad, 0xdd, 0x9c, 0xd6, 0x6e, 0x57, 0x6b, 0xb7, - 0x9a, 0x19, 0xef, 0xea, 0xb0, 0x5e, 0x12, 0x3e, 0x3f, 0xdb, 0x89, 0x51, 0xb3, 0x9d, 0xec, 0x9f, - 0x2d, 0x59, 0x86, 0x59, 0x13, 0x63, 0x33, 0xaa, 0xe1, 0x13, 0x2d, 0xc7, 0x94, 0x97, 0x37, 0x91, - 0x45, 0x98, 0x69, 0x23, 0x57, 0xa2, 0x6e, 0xd6, 0xec, 0x29, 0xed, 0xcf, 0x0c, 0xce, 0x5b, 0x50, - 0xec, 0x2e, 0x94, 0x87, 0x82, 0xc5, 0x91, 0x40, 0x72, 0x01, 0xa6, 0x02, 0x89, 0x4d, 0x61, 0x5b, - 0xcb, 0x93, 0x2b, 0xb3, 0x95, 0x79, 0x37, 0xb7, 0xbc, 0x89, 0xb4, 0x9e, 0x19, 0xe1, 0xf8, 0x30, - 0xa3, 0x3e, 0x1f, 0xbe, 0xc6, 0x0e, 0x1c, 0xd9, 0x8e, 0xd5, 0x54, 0x71, 0x9b, 0xa3, 0x30, 0xb2, - 0x4f, 0x7b, 0x3d, 0xb6, 0x71, 0x73, 0x74, 0x7e, 0x9a, 0x82, 0x63, 0x1a, 0xd2, 0xf7, 0x51, 0x8c, - 0xae, 0xa7, 0x96, 0x40, 0x1e, 0x65, 0x32, 0xa6, 0x7d, 0xe5, 0x63, 0x54, 0x88, 0xc7, 0x31, 0xaf, - 0x25, 0x19, 0xd2, 0x3e, 0x39, 0x07, 0x73, 0x42, 0x34, 0xee, 0xf0, 0xa0, 0x4d, 0x25, 0xbe, 0x83, - 0x9d, 0xa4, 0xa8, 0x7a, 0x8d, 0x2a, 0x42, 0x10, 0x09, 0xf4, 0x5b, 0x1c, 0xb5, 0x8c, 0xd3, 0x5e, - 0xda, 0x27, 0x17, 0xe1, 0xb8, 0x0c, 0xc5, 0x7a, 0x18, 0x60, 0x24, 0xd7, 0x91, 0xcb, 0x0d, 0x2a, - 0xa9, 0x5d, 0xd0, 0x51, 0x76, 0x3a, 0xc8, 0x2a, 0x14, 0x7b, 0x8c, 0x2a, 0xe5, 0x61, 0x3d, 0x78, - 0x87, 0x3d, 0x2d, 0xe1, 0x99, 0xde, 0x12, 0xd6, 0x73, 0x04, 0x63, 0xd3, 0xf3, 0x5b, 0x84, 0x19, - 0x8c, 0xe8, 0xfd, 0x10, 0x6f, 0xfb, 0x81, 0x3d, 0xab, 0xf1, 0x32, 0x03, 0xb9, 0x0c, 0xf3, 0xa6, - 0x72, 0xab, 0x4a, 0xd5, 0x74, 0x9e, 0x47, 0x74, 0x80, 0x41, 0x2e, 0x55, 0x57, 0xa9, 0x79, 0x73, - 0xc3, 0x9e, 0x5b, 0xb6, 0x56, 0x26, 0xbd, 0xbc, 0x89, 0x5c, 0x85, 0xff, 0x65, 0xdd, 0x48, 0x48, - 0x1a, 0x86, 0xba, 0xb4, 0x37, 0x37, 0xec, 0xa3, 0x7a, 0xf4, 0x30, 0x37, 0x79, 0x1b, 0x4a, 0xa9, - 0xeb, 0x46, 0x24, 0x91, 0x33, 0x1e, 0x08, 0xbc, 0x4e, 0x05, 0xde, 0xe3, 0xa1, 0x7d, 0x4c, 0x43, - 0x8d, 0x18, 0x41, 0x4e, 0xc0, 0x14, 0xe3, 0xf1, 0x93, 0x8e, 0x5d, 0xd4, 0x43, 0x4d, 0x47, 0xed, - 0x21, 0x96, 0x94, 0xd0, 0x71, 0xb3, 0x87, 0x92, 0x2e, 0xa9, 0xc0, 0x89, 0xba, 0xcf, 0xee, 0x22, - 0x6f, 0x07, 0x3e, 0x56, 0x7d, 0x3f, 0x6e, 0x45, 0x5a, 0x73, 0xa2, 0x87, 0x0d, 0xf4, 0x11, 0x17, - 0x88, 0xae, 0xd1, 0x5b, 0x52, 0xb2, 0xeb, 0x54, 0x04, 0x7e, 0xb5, 0x25, 0x1b, 0xf6, 0xbc, 0x16, - 0x76, 0x80, 0xc7, 0x39, 0x0a, 0x47, 0x54, 0x89, 0x76, 0xf7, 0x90, 0xf3, 0x8b, 0x05, 0xc7, 0x95, - 0x61, 0x9d, 0x23, 0x95, 0xe8, 0xe1, 0xa3, 0x16, 0x0a, 0x49, 0x3e, 0xca, 0x55, 0xed, 0x6c, 0xe5, - 0xd6, 0xcb, 0x1d, 0x27, 0x5e, 0xba, 0x2b, 0x93, 0xfa, 0x3f, 0x09, 0x85, 0x16, 0x13, 0xc8, 0x65, - 0xb2, 0xcb, 0x92, 0x9e, 0xaa, 0x0d, 0x9f, 0x63, 0x4d, 0xdc, 0x8e, 0xc2, 0x8e, 0x2e, 0xfe, 0x69, - 0x2f, 0x33, 0x38, 0x8f, 0x0c, 0xe8, 0x3d, 0x56, 0x3b, 0x28, 0xd0, 0xca, 0xf7, 0x27, 0x4d, 0x4e, - 0x63, 0x4c, 0xc4, 0x27, 0x5f, 0x5a, 0x70, 0x68, 0x2b, 0x10, 0x92, 0x2c, 0xe4, 0x0f, 0x9c, 0xf4, - 0x78, 0x29, 0x6d, 0xed, 0x15, 0x85, 0x4a, 0xe2, 0x9c, 0xf9, 0xf4, 0xaf, 0x7f, 0xbe, 0x9e, 0x38, - 0x49, 0x4e, 0xe8, 0x6b, 0xb5, 0xbd, 0x96, 0xdd, 0x61, 0x01, 0x8a, 0xcf, 0x27, 0x2c, 0xf2, 0x85, - 0x05, 0x93, 0x37, 0x71, 0x28, 0xcd, 0x9e, 0x69, 0xe2, 0x9c, 0xd5, 0x24, 0xa7, 0xc9, 0xa9, 0x41, - 0x24, 0xe5, 0xa7, 0xaa, 0xf7, 0x8c, 0x7c, 0x6b, 0xc1, 0xf4, 0x4d, 0x94, 0x1f, 0xf0, 0x40, 0xe2, - 0xfe, 0x23, 0x5d, 0xd0, 0x48, 0x67, 0xc9, 0x2b, 0x5d, 0xa4, 0xc7, 0x2a, 0xef, 0xa5, 0x41, 0x60, - 0xdf, 0x58, 0x50, 0x54, 0x82, 0x7a, 0x39, 0xdf, 0xc1, 0xac, 0xe0, 0xe2, 0xa8, 0x15, 0x24, 0x3f, - 0x5a, 0xb0, 0xa0, 0x86, 0x69, 0xc5, 0x0e, 0x1e, 0xce, 0xd1, 0x70, 0x8b, 0xa4, 0x34, 0x5c, 0x41, - 0xf2, 0x31, 0x4c, 0x1b, 0xe5, 0xb6, 0x87, 0x42, 0x15, 0x7b, 0xcd, 0xdb, 0xc2, 0x59, 0xd1, 0x81, - 0x1d, 0xb2, 0x3c, 0xa2, 0x5a, 0xca, 0x5c, 0x85, 0x6c, 0x9a, 0xf0, 0xea, 0x6a, 0x27, 0xff, 0xef, - 0x0f, 0x9f, 0xbe, 0xcc, 0x4a, 0x8b, 0x83, 0x5c, 0xe9, 0x39, 0xb6, 0xab, 0x74, 0x54, 0xa5, 0xf8, - 0xca, 0x82, 0xb9, 0x9b, 0x28, 0xb3, 0x37, 0x14, 0x39, 0x33, 0x20, 0x72, 0xfe, 0x7d, 0x55, 0x72, - 0x86, 0x0f, 0x48, 0x01, 0xde, 0xd4, 0x00, 0xaf, 0x3b, 0x97, 0x07, 0x03, 0x98, 0x97, 0x8e, 0x8e, - 0x73, 0xcf, 0xdb, 0xd2, 0x28, 0x35, 0x13, 0xe1, 0x9a, 0xb5, 0x4a, 0xda, 0x1a, 0xe9, 0x16, 0x86, - 0xcd, 0xf5, 0x06, 0xe5, 0x72, 0xa8, 0xcc, 0x4b, 0x79, 0x73, 0x36, 0x3c, 0x85, 0x70, 0x35, 0xc4, - 0x0a, 0x39, 0x3f, 0x4a, 0x85, 0x06, 0x86, 0x4d, 0xdf, 0xa4, 0xf9, 0xce, 0x82, 0x82, 0x39, 0xf9, - 0xc9, 0xe9, 0xfe, 0x8c, 0x3d, 0x37, 0xc2, 0x1e, 0xee, 0xd9, 0x57, 0x4d, 0xc5, 0x39, 0x03, 0xb7, - 0xc3, 0x35, 0x7d, 0xf0, 0xaa, 0x63, 0xed, 0x07, 0x0b, 0x8a, 0x5d, 0x84, 0xee, 0xb7, 0x07, 0x07, - 0xe9, 0x8c, 0x87, 0x24, 0xbf, 0x5a, 0xb0, 0x60, 0xf2, 0xf7, 0xee, 0xdd, 0x03, 0xc4, 0x4c, 0xaa, - 0xde, 0x19, 0xb1, 0x7b, 0x13, 0xd8, 0x9f, 0x2d, 0x28, 0x98, 0xab, 0x73, 0x27, 0x5d, 0xcf, 0x95, - 0xba, 0x87, 0x74, 0x6b, 0xa6, 0x1a, 0x4b, 0x23, 0xf6, 0xa4, 0x46, 0x79, 0x96, 0xad, 0xfa, 0x6f, - 0x16, 0x14, 0xbb, 0x38, 0xc3, 0xe5, 0xdc, 0x2f, 0x60, 0xf7, 0xc5, 0x80, 0xc9, 0xef, 0x16, 0x2c, - 0x18, 0x96, 0xb1, 0x15, 0xb0, 0x5f, 0xc8, 0xaf, 0x69, 0x64, 0xb7, 0x74, 0x7e, 0xdc, 0x0d, 0xd8, - 0x03, 0x4e, 0xa1, 0xb0, 0x81, 0x21, 0x0e, 0xbf, 0xa2, 0xed, 0x7e, 0x73, 0x7a, 0xc4, 0x9c, 0x37, - 0xaf, 0x80, 0xd5, 0x51, 0xaf, 0x00, 0xb5, 0x92, 0x0d, 0x28, 0x9a, 0x14, 0x39, 0x55, 0x5e, 0x38, - 0xd9, 0xd9, 0x5d, 0x24, 0x23, 0x02, 0x16, 0x4c, 0xa6, 0xfe, 0x45, 0x78, 0xe1, 0x74, 0xc9, 0x73, - 0x62, 0x75, 0x17, 0xcf, 0x89, 0xa7, 0x70, 0xf4, 0x7d, 0x1a, 0x06, 0x6a, 0x51, 0xcd, 0xcf, 0x3d, - 0x72, 0x6a, 0xc7, 0x25, 0x91, 0xfd, 0x0c, 0x1c, 0x91, 0xb3, 0xa2, 0x73, 0x5e, 0x74, 0xce, 0x8d, - 0x3a, 0xb2, 0xdb, 0x49, 0xaa, 0x64, 0xf9, 0x3e, 0xb3, 0x60, 0xbe, 0x9b, 0x5d, 0x4f, 0xfa, 0xe5, - 0x10, 0xae, 0x6a, 0x84, 0x8a, 0xb3, 0x3a, 0x76, 0xda, 0x7d, 0x20, 0xd7, 0x6f, 0xfc, 0xf1, 0x7c, - 0xc9, 0xfa, 0xf3, 0xf9, 0x92, 0xf5, 0xf7, 0xf3, 0x25, 0xeb, 0xc3, 0x37, 0x76, 0xf7, 0x0f, 0x8f, - 0xaf, 0x7f, 0x38, 0xe6, 0xfe, 0x8b, 0xb9, 0x5f, 0xd0, 0x7f, 0xc6, 0x5c, 0xf9, 0x2f, 0x00, 0x00, - 0xff, 0xff, 0xa9, 0x8e, 0x20, 0x05, 0x71, 0x12, 0x00, 0x00, + 0x5a, 0xb6, 0x2a, 0x95, 0x10, 0x08, 0x4d, 0xd7, 0x27, 0xf6, 0xb6, 0x9b, 0xdd, 0xe9, 0xcc, 0xd8, + 0xad, 0xa9, 0x7a, 0xc3, 0x05, 0x42, 0x82, 0x1b, 0x84, 0x40, 0x5c, 0x01, 0x17, 0x48, 0x48, 0x70, + 0xcf, 0x67, 0xe0, 0x12, 0x89, 0x6b, 0x24, 0x54, 0xf1, 0x21, 0xb8, 0x44, 0x33, 0xb3, 0xde, 0x5d, + 0x3b, 0x7e, 0x49, 0xd5, 0x24, 0x77, 0x33, 0xe7, 0xcc, 0x9e, 0xf3, 0x9b, 0xff, 0x9c, 0x79, 0xb1, + 0xc1, 0x11, 0xc8, 0x5b, 0xc8, 0xcb, 0x1c, 0x59, 0x2c, 0x02, 0x19, 0xf3, 0x76, 0xae, 0xe9, 0x32, + 0x1e, 0xcb, 0x98, 0x40, 0x66, 0x29, 0x2d, 0xd4, 0xe3, 0xb8, 0x1e, 0x62, 0x99, 0xb2, 0xa0, 0x4c, + 0xa3, 0x28, 0x96, 0x54, 0x06, 0x71, 0x24, 0xcc, 0xc8, 0xd2, 0x66, 0x3d, 0x90, 0x8d, 0xe6, 0x7d, + 0xd7, 0x8f, 0xb7, 0xcb, 0x94, 0xd7, 0x63, 0xc6, 0xe3, 0x07, 0xba, 0x71, 0xd1, 0xaf, 0x95, 0x5b, + 0x97, 0xcb, 0xec, 0x61, 0x5d, 0x7d, 0x29, 0xca, 0x94, 0xb1, 0x30, 0xf0, 0xf5, 0xb7, 0xe5, 0xd6, + 0x2a, 0x0d, 0x59, 0x83, 0xae, 0x96, 0xeb, 0x18, 0x21, 0xa7, 0x12, 0x6b, 0x49, 0xb4, 0xeb, 0x23, + 0xa2, 0x69, 0xac, 0x91, 0xf8, 0x4e, 0x1b, 0x66, 0x3c, 0x64, 0x71, 0x95, 0x31, 0xf1, 0x5e, 0x13, + 0x79, 0x9b, 0x10, 0x38, 0xa4, 0x06, 0xd9, 0xd6, 0x92, 0xb5, 0x3c, 0xe5, 0xe9, 0x36, 0x29, 0xc1, + 0x24, 0xc7, 0x56, 0x20, 0x82, 0x38, 0xb2, 0xc7, 0xb4, 0x3d, 0xed, 0x13, 0x1b, 0x0e, 0x53, 0xc6, + 0xde, 0xa5, 0xdb, 0x68, 0x8f, 0x6b, 0x57, 0xa7, 0x4b, 0x16, 0x01, 0x28, 0x63, 0xb7, 0x79, 0xfc, + 0x00, 0x7d, 0x69, 0x1f, 0xd2, 0xce, 0x9c, 0xc5, 0x59, 0x85, 0xc3, 0x55, 0xc6, 0x36, 0xa2, 0xad, + 0x58, 0x25, 0x95, 0x6d, 0x86, 0x9d, 0xa4, 0xaa, 0xad, 0x6c, 0x8c, 0xca, 0x46, 0x92, 0x50, 0xb7, + 0x9d, 0x7f, 0x2d, 0x98, 0x4d, 0x70, 0xd7, 0x51, 0xd2, 0x20, 0x4c, 0xa0, 0xeb, 0x50, 0x10, 0x71, + 0x93, 0xfb, 0x26, 0xc2, 0x74, 0xe5, 0x96, 0x9b, 0xa9, 0xe3, 0x76, 0xd4, 0xd1, 0x8d, 0x8f, 0xfd, + 0x9a, 0xdb, 0xba, 0xec, 0xb2, 0x87, 0x75, 0x57, 0x69, 0xed, 0xe6, 0xb4, 0x76, 0x3b, 0x5a, 0xbb, + 0xd5, 0xcc, 0x78, 0x47, 0x87, 0xf5, 0x92, 0xf0, 0xf9, 0xd9, 0x8e, 0x0d, 0x9b, 0xed, 0x78, 0xef, + 0x6c, 0xc9, 0x12, 0x4c, 0x9b, 0x18, 0x1b, 0x51, 0x0d, 0x9f, 0x68, 0x39, 0x26, 0xbc, 0xbc, 0x89, + 0x2c, 0xc0, 0x54, 0x0b, 0xb9, 0x12, 0x75, 0xa3, 0x66, 0x4f, 0x68, 0x7f, 0x66, 0x70, 0xde, 0x82, + 0x62, 0x67, 0xa1, 0x3c, 0x14, 0x2c, 0x8e, 0x04, 0x92, 0xf3, 0x30, 0x11, 0x48, 0xdc, 0x16, 0xb6, + 0xb5, 0x34, 0xbe, 0x3c, 0x5d, 0x99, 0x75, 0x73, 0xcb, 0x9b, 0x48, 0xeb, 0x99, 0x11, 0x8e, 0x0f, + 0x53, 0xea, 0xf3, 0xc1, 0x6b, 0xec, 0xc0, 0x91, 0xad, 0x58, 0x4d, 0x15, 0xb7, 0x38, 0x0a, 0x23, + 0xfb, 0xa4, 0xd7, 0x65, 0x1b, 0x35, 0x47, 0xe7, 0xaf, 0x09, 0x38, 0xa6, 0x21, 0x7d, 0x1f, 0xc5, + 0xf0, 0x7a, 0x6a, 0x0a, 0xe4, 0x51, 0x26, 0x63, 0xda, 0x57, 0x3e, 0x46, 0x85, 0x78, 0x1c, 0xf3, + 0x5a, 0x92, 0x21, 0xed, 0x93, 0xb3, 0x30, 0x23, 0x44, 0xe3, 0x36, 0x0f, 0x5a, 0x54, 0xe2, 0x3b, + 0xd8, 0x4e, 0x8a, 0xaa, 0xdb, 0xa8, 0x22, 0x04, 0x91, 0x40, 0xbf, 0xc9, 0x51, 0xcb, 0x38, 0xe9, + 0xa5, 0x7d, 0x72, 0x01, 0x8e, 0xcb, 0x50, 0xac, 0x85, 0x01, 0x46, 0x72, 0x0d, 0xb9, 0x5c, 0xa7, + 0x92, 0xda, 0x05, 0x1d, 0x65, 0xa7, 0x83, 0xac, 0x40, 0xb1, 0xcb, 0xa8, 0x52, 0x1e, 0xd6, 0x83, + 0x77, 0xd8, 0xd3, 0x12, 0x9e, 0xea, 0x2e, 0x61, 0x3d, 0x47, 0x30, 0x36, 0x3d, 0xbf, 0x05, 0x98, + 0xc2, 0x88, 0xde, 0x0f, 0xf1, 0x96, 0x1f, 0xd8, 0xd3, 0x1a, 0x2f, 0x33, 0x90, 0x4b, 0x30, 0x6b, + 0x2a, 0xb7, 0xaa, 0x54, 0x4d, 0xe7, 0x79, 0x44, 0x07, 0xe8, 0xe7, 0x52, 0x75, 0x95, 0x9a, 0x37, + 0xd6, 0xed, 0x99, 0x25, 0x6b, 0x79, 0xdc, 0xcb, 0x9b, 0xc8, 0x15, 0xf8, 0x5f, 0xd6, 0x8d, 0x84, + 0xa4, 0x61, 0xa8, 0x4b, 0x7b, 0x63, 0xdd, 0x3e, 0xaa, 0x47, 0x0f, 0x72, 0x93, 0xb7, 0xa1, 0x94, + 0xba, 0xae, 0x47, 0x12, 0x39, 0xe3, 0x81, 0xc0, 0x6b, 0x54, 0xe0, 0x5d, 0x1e, 0xda, 0xc7, 0x34, + 0xd4, 0x90, 0x11, 0x64, 0x0e, 0x26, 0x18, 0x8f, 0x9f, 0xb4, 0xed, 0xa2, 0x1e, 0x6a, 0x3a, 0x6a, + 0x0f, 0xb1, 0xa4, 0x84, 0x8e, 0x9b, 0x3d, 0x94, 0x74, 0x49, 0x05, 0xe6, 0xea, 0x3e, 0xbb, 0x83, + 0xbc, 0x15, 0xf8, 0x58, 0xf5, 0xfd, 0xb8, 0x19, 0x69, 0xcd, 0x89, 0x1e, 0xd6, 0xd7, 0x47, 0x5c, + 0x20, 0xba, 0x46, 0x6f, 0x4a, 0xc9, 0xae, 0x51, 0x11, 0xf8, 0xd5, 0xa6, 0x6c, 0xd8, 0xb3, 0x5a, + 0xd8, 0x3e, 0x1e, 0x72, 0x15, 0xec, 0xa6, 0xc0, 0xea, 0x27, 0x4d, 0x8e, 0xf7, 0x62, 0xfe, 0x30, + 0x8c, 0x69, 0x6d, 0xa3, 0x86, 0x91, 0x0c, 0x64, 0xdb, 0x9e, 0xd3, 0x5f, 0x0d, 0xf4, 0x3b, 0x47, + 0xe1, 0x88, 0x2a, 0xef, 0xce, 0xfe, 0x73, 0x7e, 0xb6, 0xe0, 0xb8, 0x32, 0xac, 0x71, 0xa4, 0x12, + 0x3d, 0x7c, 0xd4, 0x44, 0x21, 0xc9, 0x87, 0xb9, 0x8a, 0x9f, 0xae, 0xdc, 0x7c, 0xb9, 0xa3, 0xc8, + 0x4b, 0x77, 0x74, 0xb2, 0x77, 0x4e, 0x40, 0xa1, 0xc9, 0x04, 0x72, 0x99, 0xec, 0xd0, 0xa4, 0xa7, + 0xea, 0xca, 0xe7, 0x58, 0x13, 0xb7, 0xa2, 0xb0, 0xad, 0x37, 0xce, 0xa4, 0x97, 0x19, 0x9c, 0x47, + 0x06, 0xf4, 0x2e, 0xab, 0x1d, 0x14, 0x68, 0xe5, 0xfb, 0x13, 0x26, 0xa7, 0x31, 0x26, 0x0b, 0x47, + 0xbe, 0xb4, 0xe0, 0xd0, 0x66, 0x20, 0x24, 0x99, 0xcf, 0x1f, 0x56, 0xe9, 0xd1, 0x54, 0xda, 0xdc, + 0x2b, 0x0a, 0x95, 0xc4, 0x39, 0xfd, 0xe9, 0x9f, 0xff, 0x7c, 0x3d, 0x76, 0x82, 0xcc, 0xe9, 0x2b, + 0xb9, 0xb5, 0x9a, 0xdd, 0x7f, 0x01, 0x8a, 0xcf, 0xc7, 0x2c, 0xf2, 0x85, 0x05, 0xe3, 0x37, 0x70, + 0x20, 0xcd, 0x9e, 0x69, 0xe2, 0x9c, 0xd1, 0x24, 0xa7, 0xc8, 0xc9, 0x7e, 0x24, 0xe5, 0xa7, 0xaa, + 0xf7, 0x8c, 0x7c, 0x6b, 0xc1, 0xe4, 0x0d, 0x94, 0xf7, 0x78, 0x20, 0x71, 0xff, 0x91, 0xce, 0x6b, + 0xa4, 0x33, 0xe4, 0x95, 0x0e, 0xd2, 0x63, 0x95, 0xf7, 0x62, 0x3f, 0xb0, 0x6f, 0x2c, 0x28, 0x2a, + 0x41, 0xbd, 0x9c, 0xef, 0x60, 0x56, 0x70, 0x61, 0xd8, 0x0a, 0x92, 0x1f, 0x2d, 0x98, 0x57, 0xc3, + 0xb4, 0x62, 0x07, 0x0f, 0xe7, 0x68, 0xb8, 0x05, 0x52, 0x1a, 0xac, 0x20, 0xf9, 0x08, 0x26, 0x8d, + 0x72, 0x5b, 0x03, 0xa1, 0x8a, 0xdd, 0xe6, 0x2d, 0xe1, 0x2c, 0xeb, 0xc0, 0x0e, 0x59, 0x1a, 0x52, + 0x2d, 0x65, 0xae, 0x42, 0x6e, 0x9b, 0xf0, 0xea, 0x59, 0x40, 0xfe, 0xdf, 0x1b, 0x3e, 0x7d, 0xd5, + 0x95, 0x16, 0xfa, 0xb9, 0xd2, 0x73, 0x6c, 0x57, 0xe9, 0xa8, 0x4a, 0xf1, 0x95, 0x05, 0x33, 0x37, + 0x50, 0x66, 0xef, 0x2f, 0x72, 0xba, 0x4f, 0xe4, 0xfc, 0xdb, 0xac, 0xe4, 0x0c, 0x1e, 0x90, 0x02, + 0xbc, 0xa9, 0x01, 0x5e, 0x77, 0x2e, 0xf5, 0x07, 0x30, 0xaf, 0x24, 0x1d, 0xe7, 0xae, 0xb7, 0xa9, + 0x51, 0x6a, 0x26, 0xc2, 0x55, 0x6b, 0x85, 0xb4, 0x34, 0xd2, 0x4d, 0x0c, 0xb7, 0xd7, 0x1a, 0x94, + 0xcb, 0x81, 0x32, 0x2f, 0xe6, 0xcd, 0xd9, 0xf0, 0x14, 0xc2, 0xd5, 0x10, 0xcb, 0xe4, 0xdc, 0x30, + 0x15, 0x1a, 0x18, 0x6e, 0xfb, 0x26, 0xcd, 0x77, 0x16, 0x14, 0xcc, 0xc9, 0x4f, 0x4e, 0xf5, 0x66, + 0xec, 0xba, 0x11, 0xf6, 0x70, 0xcf, 0xbe, 0x6a, 0x2a, 0xce, 0xe9, 0xbb, 0x1d, 0xae, 0xea, 0x83, + 0x57, 0x1d, 0x6b, 0x3f, 0x58, 0x50, 0xec, 0x20, 0x74, 0xbe, 0x3d, 0x38, 0x48, 0x67, 0x34, 0x24, + 0xf9, 0xc5, 0x82, 0x79, 0x93, 0xbf, 0x7b, 0xef, 0x1e, 0x20, 0x66, 0x52, 0xf5, 0xce, 0x90, 0xdd, + 0x9b, 0xc0, 0xfe, 0x64, 0x41, 0xc1, 0x5c, 0x9d, 0x3b, 0xe9, 0xba, 0xae, 0xd4, 0x3d, 0xa4, 0x5b, + 0x35, 0xd5, 0x58, 0x1a, 0xb2, 0x27, 0x35, 0xca, 0xb3, 0x6c, 0xd5, 0x7f, 0xb5, 0xa0, 0xd8, 0xc1, + 0x19, 0x2c, 0xe7, 0x7e, 0x01, 0xbb, 0x2f, 0x06, 0x4c, 0x7e, 0xb3, 0x60, 0xde, 0xb0, 0x8c, 0xac, + 0x80, 0xfd, 0x42, 0x7e, 0x4d, 0x23, 0xbb, 0xa5, 0x73, 0xa3, 0x6e, 0xc0, 0x2e, 0x70, 0x0a, 0x85, + 0x75, 0x0c, 0x71, 0xf0, 0x15, 0x6d, 0xf7, 0x9a, 0xd3, 0x23, 0xe6, 0x9c, 0x79, 0x05, 0xac, 0x0c, + 0x7b, 0x05, 0xa8, 0x95, 0x6c, 0x40, 0xd1, 0xa4, 0xc8, 0xa9, 0xf2, 0xc2, 0xc9, 0xce, 0xec, 0x22, + 0x19, 0x11, 0x30, 0x6f, 0x32, 0xf5, 0x2e, 0xc2, 0x0b, 0xa7, 0x4b, 0x9e, 0x13, 0x2b, 0xbb, 0x78, + 0x4e, 0x3c, 0x85, 0xa3, 0xef, 0xd3, 0x30, 0x50, 0x8b, 0x6a, 0x7e, 0x2a, 0x92, 0x93, 0x3b, 0x2e, + 0x89, 0xec, 0x27, 0xe4, 0x90, 0x9c, 0x15, 0x9d, 0xf3, 0x82, 0x73, 0x76, 0xd8, 0x91, 0xdd, 0x4a, + 0x52, 0x25, 0xcb, 0xf7, 0x99, 0x05, 0xb3, 0x9d, 0xec, 0x7a, 0xd2, 0x2f, 0x87, 0x70, 0x45, 0x23, + 0x54, 0x9c, 0x95, 0x91, 0xd3, 0xee, 0x01, 0xb9, 0x76, 0xfd, 0xf7, 0xe7, 0x8b, 0xd6, 0x1f, 0xcf, + 0x17, 0xad, 0xbf, 0x9f, 0x2f, 0x5a, 0x1f, 0xbc, 0xb1, 0xbb, 0x7f, 0x87, 0x7c, 0xfd, 0xa3, 0x33, + 0xf7, 0x3f, 0xce, 0xfd, 0x82, 0xfe, 0x23, 0xe7, 0xf2, 0x7f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x1e, + 0x28, 0xd2, 0x55, 0xad, 0x12, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -1896,6 +1907,18 @@ func (m *RepoAccessQuery) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.UseAzureWorkloadIdentity { + i-- + if m.UseAzureWorkloadIdentity { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xa0 + } if m.ForceHttpBasicAuth { i-- if m.ForceHttpBasicAuth { @@ -2366,6 +2389,9 @@ func (m *RepoAccessQuery) Size() (n int) { if m.ForceHttpBasicAuth { n += 3 } + if m.UseAzureWorkloadIdentity { + n += 3 + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -3674,6 +3700,26 @@ func (m *RepoAccessQuery) Unmarshal(dAtA []byte) error { } } m.ForceHttpBasicAuth = bool(v != 0) + case 20: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field UseAzureWorkloadIdentity", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.UseAzureWorkloadIdentity = bool(v != 0) default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) diff --git a/pkg/apis/application/v1alpha1/app_project_types.go b/pkg/apis/application/v1alpha1/app_project_types.go index 41f5198eb3d25..cb63dd52b1c45 100644 --- a/pkg/apis/application/v1alpha1/app_project_types.go +++ b/pkg/apis/application/v1alpha1/app_project_types.go @@ -493,11 +493,12 @@ func (proj AppProject) isDestinationMatched(dst ApplicationDestination) bool { dstNamespaceMatched := globMatch(item.Namespace, dst.Namespace, true) matched := (dstServerMatched || dstNameMatched) && dstNamespaceMatched - if matched { + switch { + case matched: anyDestinationMatched = true - } else if (!dstNameMatched && isDenyPattern(item.Name)) || (!dstServerMatched && isDenyPattern(item.Server)) && dstNamespaceMatched { + case (!dstNameMatched && isDenyPattern(item.Name)) || (!dstServerMatched && isDenyPattern(item.Server)) && dstNamespaceMatched: return false - } else if !dstNamespaceMatched && isDenyPattern(item.Namespace) && dstServerMatched { + case !dstNamespaceMatched && isDenyPattern(item.Namespace) && dstServerMatched: return false } } diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go index ac80c11c7fa21..bd543e08ba6e0 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types.go +++ b/pkg/apis/application/v1alpha1/applicationset_types.go @@ -449,15 +449,16 @@ type SCMProviderGenerator struct { } func (g *SCMProviderGenerator) CustomApiUrl() string { - if g.Github != nil { + switch { + case g.Github != nil: return g.Github.API - } else if g.Gitlab != nil { + case g.Gitlab != nil: return g.Gitlab.API - } else if g.Gitea != nil { + case g.Gitea != nil: return g.Gitea.API - } else if g.BitbucketServer != nil { + case g.BitbucketServer != nil: return g.BitbucketServer.API - } else if g.AzureDevOps != nil { + case g.AzureDevOps != nil: return g.AzureDevOps.API } return "" diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index 226c6a97ef429..95d5e7436cdec 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -4796,749 +4796,752 @@ func init() { } var fileDescriptor_c078c3c476799f44 = []byte{ - // 11860 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x6b, 0x70, 0x24, 0xc9, - 0x71, 0x18, 0xcc, 0x9e, 0xc1, 0x00, 0x33, 0x89, 0xd7, 0x6e, 0xed, 0xee, 0x1d, 0x6e, 0xef, 0x81, - 0x55, 0x1f, 0x75, 0x3c, 0x7d, 0xbc, 0x03, 0x74, 0x2f, 0xea, 0x3e, 0x1d, 0x1f, 0xc2, 0x63, 0x17, - 0x8b, 0x5d, 0x60, 0x81, 0xab, 0xc1, 0xee, 0x92, 0x47, 0x1d, 0x8f, 0x8d, 0x99, 0xc2, 0xa0, 0x17, - 0x3d, 0xdd, 0x73, 0xdd, 0x3d, 0x58, 0xcc, 0x89, 0xa4, 0x48, 0x91, 0x94, 0x28, 0xf1, 0x69, 0xd2, - 0x61, 0x9d, 0x6c, 0x91, 0xa6, 0x44, 0xda, 0x61, 0x87, 0x83, 0x21, 0xda, 0xfa, 0x61, 0x39, 0x24, - 0x85, 0xc2, 0x92, 0x43, 0x41, 0x5b, 0x76, 0x48, 0x66, 0x30, 0x44, 0xda, 0x92, 0x60, 0x72, 0x2d, - 0x87, 0x14, 0xfe, 0xa1, 0x08, 0xcb, 0xfe, 0xe1, 0x58, 0x2b, 0x1c, 0x8e, 0x7a, 0x57, 0xf7, 0xf4, - 0x00, 0x83, 0x45, 0x03, 0xbb, 0xa4, 0xee, 0xdf, 0x4c, 0x65, 0x76, 0x66, 0x75, 0x75, 0x55, 0x66, - 0x56, 0x56, 0x66, 0x16, 0x2c, 0x35, 0xdc, 0x78, 0xb3, 0xbd, 0x3e, 0x55, 0x0b, 0x9a, 0xd3, 0x4e, - 0xd8, 0x08, 0x5a, 0x61, 0x70, 0x83, 0xfd, 0x78, 0xb2, 0x56, 0x9f, 0xde, 0x7e, 0x66, 0xba, 0xb5, - 0xd5, 0x98, 0x76, 0x5a, 0x6e, 0x34, 0xed, 0xb4, 0x5a, 0x9e, 0x5b, 0x73, 0x62, 0x37, 0xf0, 0xa7, - 0xb7, 0x9f, 0x72, 0xbc, 0xd6, 0xa6, 0xf3, 0xd4, 0x74, 0x83, 0xf8, 0x24, 0x74, 0x62, 0x52, 0x9f, - 0x6a, 0x85, 0x41, 0x1c, 0xa0, 0xb7, 0x6b, 0x6a, 0x53, 0x92, 0x1a, 0xfb, 0xf1, 0x4a, 0xad, 0x3e, - 0xb5, 0xfd, 0xcc, 0x54, 0x6b, 0xab, 0x31, 0x45, 0xa9, 0x4d, 0x19, 0xd4, 0xa6, 0x24, 0xb5, 0xb3, - 0x4f, 0x1a, 0x7d, 0x69, 0x04, 0x8d, 0x60, 0x9a, 0x11, 0x5d, 0x6f, 0x6f, 0xb0, 0x7f, 0xec, 0x0f, - 0xfb, 0xc5, 0x99, 0x9d, 0xb5, 0xb7, 0x9e, 0x8f, 0xa6, 0xdc, 0x80, 0x76, 0x6f, 0xba, 0x16, 0x84, - 0x64, 0x7a, 0xbb, 0xab, 0x43, 0x67, 0x2f, 0x6a, 0x1c, 0xb2, 0x13, 0x13, 0x3f, 0x72, 0x03, 0x3f, - 0x7a, 0x92, 0x76, 0x81, 0x84, 0xdb, 0x24, 0x34, 0x5f, 0xcf, 0x40, 0xc8, 0xa2, 0xf4, 0xac, 0xa6, - 0xd4, 0x74, 0x6a, 0x9b, 0xae, 0x4f, 0xc2, 0x8e, 0x7e, 0xbc, 0x49, 0x62, 0x27, 0xeb, 0xa9, 0xe9, - 0x5e, 0x4f, 0x85, 0x6d, 0x3f, 0x76, 0x9b, 0xa4, 0xeb, 0x81, 0xb7, 0xed, 0xf7, 0x40, 0x54, 0xdb, - 0x24, 0x4d, 0xa7, 0xeb, 0xb9, 0x67, 0x7a, 0x3d, 0xd7, 0x8e, 0x5d, 0x6f, 0xda, 0xf5, 0xe3, 0x28, - 0x0e, 0xd3, 0x0f, 0xd9, 0xbf, 0x6c, 0xc1, 0xe8, 0xcc, 0xf5, 0xea, 0x4c, 0x3b, 0xde, 0x9c, 0x0b, - 0xfc, 0x0d, 0xb7, 0x81, 0x9e, 0x83, 0xe1, 0x9a, 0xd7, 0x8e, 0x62, 0x12, 0x5e, 0x71, 0x9a, 0x64, - 0xc2, 0x3a, 0x67, 0x3d, 0x5e, 0x99, 0x3d, 0xf5, 0x8d, 0xdd, 0xc9, 0x37, 0xdd, 0xda, 0x9d, 0x1c, - 0x9e, 0xd3, 0x20, 0x6c, 0xe2, 0xa1, 0x1f, 0x81, 0xa1, 0x30, 0xf0, 0xc8, 0x0c, 0xbe, 0x32, 0x51, - 0x60, 0x8f, 0x8c, 0x8b, 0x47, 0x86, 0x30, 0x6f, 0xc6, 0x12, 0x4e, 0x51, 0x5b, 0x61, 0xb0, 0xe1, - 0x7a, 0x64, 0xa2, 0x98, 0x44, 0x5d, 0xe5, 0xcd, 0x58, 0xc2, 0xed, 0x3f, 0x2e, 0x00, 0xcc, 0xb4, - 0x5a, 0xab, 0x61, 0x70, 0x83, 0xd4, 0x62, 0xf4, 0x7e, 0x28, 0xd3, 0x61, 0xae, 0x3b, 0xb1, 0xc3, - 0x3a, 0x36, 0xfc, 0xf4, 0x8f, 0x4e, 0xf1, 0xb7, 0x9e, 0x32, 0xdf, 0x5a, 0x4f, 0x32, 0x8a, 0x3d, - 0xb5, 0xfd, 0xd4, 0xd4, 0xca, 0x3a, 0x7d, 0x7e, 0x99, 0xc4, 0xce, 0x2c, 0x12, 0xcc, 0x40, 0xb7, - 0x61, 0x45, 0x15, 0xf9, 0x30, 0x10, 0xb5, 0x48, 0x8d, 0xbd, 0xc3, 0xf0, 0xd3, 0x4b, 0x53, 0x87, - 0x99, 0xcd, 0x53, 0xba, 0xe7, 0xd5, 0x16, 0xa9, 0xcd, 0x8e, 0x08, 0xce, 0x03, 0xf4, 0x1f, 0x66, - 0x7c, 0xd0, 0x36, 0x0c, 0x46, 0xb1, 0x13, 0xb7, 0x23, 0x36, 0x14, 0xc3, 0x4f, 0x5f, 0xc9, 0x8d, - 0x23, 0xa3, 0x3a, 0x3b, 0x26, 0x78, 0x0e, 0xf2, 0xff, 0x58, 0x70, 0xb3, 0xff, 0xcc, 0x82, 0x31, - 0x8d, 0xbc, 0xe4, 0x46, 0x31, 0xfa, 0xc9, 0xae, 0xc1, 0x9d, 0xea, 0x6f, 0x70, 0xe9, 0xd3, 0x6c, - 0x68, 0x4f, 0x08, 0x66, 0x65, 0xd9, 0x62, 0x0c, 0x6c, 0x13, 0x4a, 0x6e, 0x4c, 0x9a, 0xd1, 0x44, - 0xe1, 0x5c, 0xf1, 0xf1, 0xe1, 0xa7, 0x2f, 0xe6, 0xf5, 0x9e, 0xb3, 0xa3, 0x82, 0x69, 0x69, 0x91, - 0x92, 0xc7, 0x9c, 0x8b, 0xfd, 0xd7, 0xa3, 0xe6, 0xfb, 0xd1, 0x01, 0x47, 0x4f, 0xc1, 0x70, 0x14, - 0xb4, 0xc3, 0x1a, 0xc1, 0xa4, 0x15, 0x44, 0x13, 0xd6, 0xb9, 0x22, 0x9d, 0x7a, 0x74, 0x52, 0x57, - 0x75, 0x33, 0x36, 0x71, 0xd0, 0x67, 0x2c, 0x18, 0xa9, 0x93, 0x28, 0x76, 0x7d, 0xc6, 0x5f, 0x76, - 0x7e, 0xed, 0xd0, 0x9d, 0x97, 0x8d, 0xf3, 0x9a, 0xf8, 0xec, 0x69, 0xf1, 0x22, 0x23, 0x46, 0x63, - 0x84, 0x13, 0xfc, 0xe9, 0xe2, 0xac, 0x93, 0xa8, 0x16, 0xba, 0x2d, 0xfa, 0x5f, 0x2c, 0x1f, 0xb5, - 0x38, 0xe7, 0x35, 0x08, 0x9b, 0x78, 0xc8, 0x87, 0x12, 0x5d, 0x7c, 0xd1, 0xc4, 0x00, 0xeb, 0xff, - 0xe2, 0xe1, 0xfa, 0x2f, 0x06, 0x95, 0xae, 0x6b, 0x3d, 0xfa, 0xf4, 0x5f, 0x84, 0x39, 0x1b, 0xf4, - 0x69, 0x0b, 0x26, 0x84, 0x70, 0xc0, 0x84, 0x0f, 0xe8, 0xf5, 0x4d, 0x37, 0x26, 0x9e, 0x1b, 0xc5, - 0x13, 0x25, 0xd6, 0x87, 0xe9, 0xfe, 0xe6, 0xd6, 0x42, 0x18, 0xb4, 0x5b, 0x97, 0x5d, 0xbf, 0x3e, - 0x7b, 0x4e, 0x70, 0x9a, 0x98, 0xeb, 0x41, 0x18, 0xf7, 0x64, 0x89, 0xbe, 0x60, 0xc1, 0x59, 0xdf, - 0x69, 0x92, 0xa8, 0xe5, 0xd0, 0x4f, 0xcb, 0xc1, 0xb3, 0x9e, 0x53, 0xdb, 0x62, 0x3d, 0x1a, 0xbc, - 0xb3, 0x1e, 0xd9, 0xa2, 0x47, 0x67, 0xaf, 0xf4, 0x24, 0x8d, 0xf7, 0x60, 0x8b, 0xbe, 0x62, 0xc1, - 0xc9, 0x20, 0x6c, 0x6d, 0x3a, 0x3e, 0xa9, 0x4b, 0x68, 0x34, 0x31, 0xc4, 0x96, 0xde, 0xfb, 0x0e, - 0xf7, 0x89, 0x56, 0xd2, 0x64, 0x97, 0x03, 0xdf, 0x8d, 0x83, 0xb0, 0x4a, 0xe2, 0xd8, 0xf5, 0x1b, - 0xd1, 0xec, 0x99, 0x5b, 0xbb, 0x93, 0x27, 0xbb, 0xb0, 0x70, 0x77, 0x7f, 0xd0, 0x4f, 0xc1, 0x70, - 0xd4, 0xf1, 0x6b, 0xd7, 0x5d, 0xbf, 0x1e, 0xdc, 0x8c, 0x26, 0xca, 0x79, 0x2c, 0xdf, 0xaa, 0x22, - 0x28, 0x16, 0xa0, 0x66, 0x80, 0x4d, 0x6e, 0xd9, 0x1f, 0x4e, 0x4f, 0xa5, 0x4a, 0xde, 0x1f, 0x4e, - 0x4f, 0xa6, 0x3d, 0xd8, 0xa2, 0x9f, 0xb3, 0x60, 0x34, 0x72, 0x1b, 0xbe, 0x13, 0xb7, 0x43, 0x72, - 0x99, 0x74, 0xa2, 0x09, 0x60, 0x1d, 0xb9, 0x74, 0xc8, 0x51, 0x31, 0x48, 0xce, 0x9e, 0x11, 0x7d, - 0x1c, 0x35, 0x5b, 0x23, 0x9c, 0xe4, 0x9b, 0xb5, 0xd0, 0xf4, 0xb4, 0x1e, 0xce, 0x77, 0xa1, 0xe9, - 0x49, 0xdd, 0x93, 0x25, 0xfa, 0x09, 0x38, 0xc1, 0x9b, 0xd4, 0xc8, 0x46, 0x13, 0x23, 0x4c, 0xd0, - 0x9e, 0xbe, 0xb5, 0x3b, 0x79, 0xa2, 0x9a, 0x82, 0xe1, 0x2e, 0x6c, 0xf4, 0x2a, 0x4c, 0xb6, 0x48, - 0xd8, 0x74, 0xe3, 0x15, 0xdf, 0xeb, 0x48, 0xf1, 0x5d, 0x0b, 0x5a, 0xa4, 0x2e, 0xba, 0x13, 0x4d, - 0x8c, 0x9e, 0xb3, 0x1e, 0x2f, 0xcf, 0xbe, 0x45, 0x74, 0x73, 0x72, 0x75, 0x6f, 0x74, 0xbc, 0x1f, - 0x3d, 0xf4, 0xfb, 0x16, 0x9c, 0x35, 0xa4, 0x6c, 0x95, 0x84, 0xdb, 0x6e, 0x8d, 0xcc, 0xd4, 0x6a, - 0x41, 0xdb, 0x8f, 0xa3, 0x89, 0x31, 0x36, 0x8c, 0xeb, 0x47, 0x21, 0xf3, 0x93, 0xac, 0xf4, 0xbc, - 0xec, 0x89, 0x12, 0xe1, 0x3d, 0x7a, 0x6a, 0xff, 0xdb, 0x02, 0x9c, 0x48, 0x5b, 0x00, 0xe8, 0x1f, - 0x5b, 0x30, 0x7e, 0xe3, 0x66, 0xbc, 0x16, 0x6c, 0x11, 0x3f, 0x9a, 0xed, 0x50, 0x39, 0xcd, 0x74, - 0xdf, 0xf0, 0xd3, 0xb5, 0x7c, 0x6d, 0x8d, 0xa9, 0x4b, 0x49, 0x2e, 0xe7, 0xfd, 0x38, 0xec, 0xcc, - 0xde, 0x2f, 0xde, 0x69, 0xfc, 0xd2, 0xf5, 0x35, 0x13, 0x8a, 0xd3, 0x9d, 0x3a, 0xfb, 0x49, 0x0b, - 0x4e, 0x67, 0x91, 0x40, 0x27, 0xa0, 0xb8, 0x45, 0x3a, 0xdc, 0x12, 0xc5, 0xf4, 0x27, 0x7a, 0x19, - 0x4a, 0xdb, 0x8e, 0xd7, 0x26, 0xc2, 0x4c, 0x5b, 0x38, 0xdc, 0x8b, 0xa8, 0x9e, 0x61, 0x4e, 0xf5, - 0xc7, 0x0b, 0xcf, 0x5b, 0xf6, 0x1f, 0x16, 0x61, 0xd8, 0xf8, 0x68, 0xc7, 0x60, 0x7a, 0x06, 0x09, - 0xd3, 0x73, 0x39, 0xb7, 0xf9, 0xd6, 0xd3, 0xf6, 0xbc, 0x99, 0xb2, 0x3d, 0x57, 0xf2, 0x63, 0xb9, - 0xa7, 0xf1, 0x89, 0x62, 0xa8, 0x04, 0x2d, 0xba, 0x0d, 0xa1, 0x36, 0xcc, 0x40, 0x1e, 0x9f, 0x70, - 0x45, 0x92, 0x9b, 0x1d, 0xbd, 0xb5, 0x3b, 0x59, 0x51, 0x7f, 0xb1, 0x66, 0x64, 0x7f, 0xdb, 0x82, - 0xd3, 0x46, 0x1f, 0xe7, 0x02, 0xbf, 0xee, 0xb2, 0x4f, 0x7b, 0x0e, 0x06, 0xe2, 0x4e, 0x4b, 0x6e, - 0x75, 0xd4, 0x48, 0xad, 0x75, 0x5a, 0x04, 0x33, 0x08, 0xdd, 0xb1, 0x34, 0x49, 0x14, 0x39, 0x0d, - 0x92, 0xde, 0xdc, 0x2c, 0xf3, 0x66, 0x2c, 0xe1, 0x28, 0x04, 0xe4, 0x39, 0x51, 0xbc, 0x16, 0x3a, - 0x7e, 0xc4, 0xc8, 0xaf, 0xb9, 0x4d, 0x22, 0x06, 0xf8, 0xff, 0xeb, 0x6f, 0xc6, 0xd0, 0x27, 0x66, - 0xef, 0xbb, 0xb5, 0x3b, 0x89, 0x96, 0xba, 0x28, 0xe1, 0x0c, 0xea, 0xf6, 0x17, 0x2c, 0xb8, 0x2f, - 0x5b, 0xc0, 0xa0, 0xc7, 0x60, 0x90, 0xef, 0x73, 0xc5, 0xdb, 0xe9, 0x4f, 0xc2, 0x5a, 0xb1, 0x80, - 0xa2, 0x69, 0xa8, 0x28, 0x85, 0x27, 0xde, 0xf1, 0xa4, 0x40, 0xad, 0x68, 0x2d, 0xa9, 0x71, 0xe8, - 0xa0, 0xd1, 0x3f, 0xc2, 0x04, 0x55, 0x83, 0xc6, 0x36, 0x86, 0x0c, 0x62, 0x7f, 0xcb, 0x82, 0x37, - 0xf7, 0x23, 0xf6, 0x8e, 0xae, 0x8f, 0x55, 0x38, 0x53, 0x27, 0x1b, 0x4e, 0xdb, 0x8b, 0x93, 0x1c, - 0x45, 0xa7, 0x1f, 0x16, 0x0f, 0x9f, 0x99, 0xcf, 0x42, 0xc2, 0xd9, 0xcf, 0xda, 0xff, 0xc5, 0x82, - 0x71, 0xe3, 0xb5, 0x8e, 0x61, 0xeb, 0xe4, 0x27, 0xb7, 0x4e, 0x8b, 0xb9, 0x2d, 0xd3, 0x1e, 0x7b, - 0xa7, 0x4f, 0x5b, 0x70, 0xd6, 0xc0, 0x5a, 0x76, 0xe2, 0xda, 0xe6, 0xf9, 0x9d, 0x56, 0x48, 0xa2, - 0x88, 0x4e, 0xa9, 0x87, 0x0d, 0x71, 0x3c, 0x3b, 0x2c, 0x28, 0x14, 0x2f, 0x93, 0x0e, 0x97, 0xcd, - 0x4f, 0x40, 0x99, 0xaf, 0xb9, 0x20, 0x14, 0x1f, 0x49, 0xbd, 0xdb, 0x8a, 0x68, 0xc7, 0x0a, 0x03, - 0xd9, 0x30, 0xc8, 0x64, 0x2e, 0x95, 0x41, 0xd4, 0x4c, 0x00, 0xfa, 0xdd, 0xaf, 0xb1, 0x16, 0x2c, - 0x20, 0x76, 0x94, 0xe8, 0xce, 0x6a, 0x48, 0xd8, 0x7c, 0xa8, 0x5f, 0x70, 0x89, 0x57, 0x8f, 0xe8, - 0xb6, 0xce, 0xf1, 0xfd, 0x20, 0x16, 0x3b, 0x34, 0x63, 0x5b, 0x37, 0xa3, 0x9b, 0xb1, 0x89, 0x43, - 0x99, 0x7a, 0xce, 0x3a, 0xf1, 0xf8, 0x88, 0x0a, 0xa6, 0x4b, 0xac, 0x05, 0x0b, 0x88, 0x7d, 0xab, - 0xc0, 0x36, 0x90, 0x4a, 0xa2, 0x91, 0xe3, 0xf0, 0x3e, 0x84, 0x09, 0x15, 0xb0, 0x9a, 0x9f, 0x3c, - 0x26, 0xbd, 0x3d, 0x10, 0xaf, 0xa5, 0xb4, 0x00, 0xce, 0x95, 0xeb, 0xde, 0x5e, 0x88, 0x0f, 0x17, - 0x61, 0x32, 0xf9, 0x40, 0x97, 0x12, 0xa1, 0x5b, 0x5e, 0x83, 0x51, 0xda, 0x1f, 0x65, 0xe0, 0x63, - 0x13, 0xaf, 0x87, 0x1c, 0x2e, 0x1c, 0xa5, 0x1c, 0x36, 0xd5, 0x44, 0x71, 0x1f, 0x35, 0xf1, 0x98, - 0x1a, 0xf5, 0x81, 0x94, 0xcc, 0x4b, 0xaa, 0xca, 0x73, 0x30, 0x10, 0xc5, 0xa4, 0x35, 0x51, 0x4a, - 0x8a, 0xd9, 0x6a, 0x4c, 0x5a, 0x98, 0x41, 0xd0, 0x3b, 0x60, 0x3c, 0x76, 0xc2, 0x06, 0x89, 0x43, - 0xb2, 0xed, 0x32, 0xdf, 0x25, 0xdb, 0xcf, 0x56, 0x66, 0x4f, 0x51, 0xab, 0x6b, 0x8d, 0x81, 0xb0, - 0x04, 0xe1, 0x34, 0xae, 0xfd, 0xdf, 0x0b, 0x70, 0x7f, 0xf2, 0x13, 0x68, 0xc5, 0xf8, 0xae, 0x84, - 0x62, 0x7c, 0xab, 0xa9, 0x18, 0x6f, 0xef, 0x4e, 0x3e, 0xd8, 0xe3, 0xb1, 0xef, 0x1b, 0xbd, 0x89, - 0x16, 0x52, 0x1f, 0x61, 0x3a, 0xf9, 0x11, 0x6e, 0xef, 0x4e, 0x3e, 0xdc, 0xe3, 0x1d, 0x53, 0x5f, - 0xe9, 0x31, 0x18, 0x0c, 0x89, 0x13, 0x05, 0xbe, 0xf8, 0x4e, 0xea, 0x6b, 0x62, 0xd6, 0x8a, 0x05, - 0xd4, 0xfe, 0x66, 0x25, 0x3d, 0xd8, 0x0b, 0xdc, 0x1f, 0x1b, 0x84, 0xc8, 0x85, 0x01, 0xb6, 0x6b, - 0xe3, 0x92, 0xe5, 0xf2, 0xe1, 0x56, 0x21, 0xd5, 0x22, 0x8a, 0xf4, 0x6c, 0x99, 0x7e, 0x35, 0xda, - 0x84, 0x19, 0x0b, 0xb4, 0x03, 0xe5, 0x9a, 0xdc, 0x4c, 0x15, 0xf2, 0x70, 0x3b, 0x8a, 0xad, 0x94, - 0xe6, 0x38, 0x42, 0xc5, 0xbd, 0xda, 0x81, 0x29, 0x6e, 0x88, 0x40, 0xb1, 0xe1, 0xc6, 0xe2, 0xb3, - 0x1e, 0x72, 0xbb, 0xbc, 0xe0, 0x1a, 0xaf, 0x38, 0x44, 0x75, 0xd0, 0x82, 0x1b, 0x63, 0x4a, 0x1f, - 0x7d, 0xdc, 0x82, 0xe1, 0xa8, 0xd6, 0x5c, 0x0d, 0x83, 0x6d, 0xb7, 0x4e, 0x42, 0x61, 0x63, 0x1e, - 0x52, 0xb2, 0x55, 0xe7, 0x96, 0x25, 0x41, 0xcd, 0x97, 0xbb, 0x2f, 0x34, 0x04, 0x9b, 0x7c, 0xe9, - 0xde, 0xeb, 0x7e, 0xf1, 0xee, 0xf3, 0xa4, 0xc6, 0x56, 0x9c, 0xdc, 0x33, 0xb3, 0x99, 0x72, 0x68, - 0x9b, 0x7b, 0xbe, 0x5d, 0xdb, 0xa2, 0xeb, 0x4d, 0x77, 0xe8, 0xc1, 0x5b, 0xbb, 0x93, 0xf7, 0xcf, - 0x65, 0xf3, 0xc4, 0xbd, 0x3a, 0xc3, 0x06, 0xac, 0xd5, 0xf6, 0x3c, 0x4c, 0x5e, 0x6d, 0x13, 0xe6, - 0x11, 0xcb, 0x61, 0xc0, 0x56, 0x35, 0xc1, 0xd4, 0x80, 0x19, 0x10, 0x6c, 0xf2, 0x45, 0xaf, 0xc2, - 0x60, 0xd3, 0x89, 0x43, 0x77, 0x47, 0xb8, 0xc1, 0x0e, 0xb9, 0x0b, 0x5a, 0x66, 0xb4, 0x34, 0x73, - 0xa6, 0xe8, 0x79, 0x23, 0x16, 0x8c, 0x50, 0x13, 0x4a, 0x4d, 0x12, 0x36, 0xc8, 0x44, 0x39, 0x0f, - 0x97, 0xff, 0x32, 0x25, 0xa5, 0x19, 0x56, 0xa8, 0x71, 0xc5, 0xda, 0x30, 0xe7, 0x82, 0x5e, 0x86, - 0x72, 0x44, 0x3c, 0x52, 0xa3, 0xe6, 0x51, 0x85, 0x71, 0x7c, 0xa6, 0x4f, 0x53, 0x91, 0xda, 0x25, - 0x55, 0xf1, 0x28, 0x5f, 0x60, 0xf2, 0x1f, 0x56, 0x24, 0xe9, 0x00, 0xb6, 0xbc, 0x76, 0xc3, 0xf5, - 0x27, 0x20, 0x8f, 0x01, 0x5c, 0x65, 0xb4, 0x52, 0x03, 0xc8, 0x1b, 0xb1, 0x60, 0x64, 0xff, 0x37, - 0x0b, 0x50, 0x52, 0xa8, 0x1d, 0x83, 0x4d, 0xfc, 0x6a, 0xd2, 0x26, 0x5e, 0xca, 0xd3, 0x68, 0xe9, - 0x61, 0x16, 0xff, 0x66, 0x05, 0x52, 0xea, 0xe0, 0x0a, 0x89, 0x62, 0x52, 0x7f, 0x43, 0x84, 0xbf, - 0x21, 0xc2, 0xdf, 0x10, 0xe1, 0x4a, 0x84, 0xaf, 0xa7, 0x44, 0xf8, 0x3b, 0x8d, 0x55, 0xaf, 0xcf, - 0xd7, 0x5f, 0x51, 0x07, 0xf0, 0x66, 0x0f, 0x0c, 0x04, 0x2a, 0x09, 0x2e, 0x55, 0x57, 0xae, 0x64, - 0xca, 0xec, 0x57, 0x92, 0x32, 0xfb, 0xb0, 0x2c, 0xfe, 0x36, 0x48, 0xe9, 0xdf, 0xb7, 0xe0, 0x2d, - 0x49, 0xe9, 0x25, 0x67, 0xce, 0x62, 0xc3, 0x0f, 0x42, 0x32, 0xef, 0x6e, 0x6c, 0x90, 0x90, 0xf8, - 0x35, 0x12, 0x29, 0xdf, 0x8e, 0xd5, 0xcb, 0xb7, 0x83, 0x9e, 0x85, 0x91, 0x1b, 0x51, 0xe0, 0xaf, - 0x06, 0xae, 0x2f, 0x44, 0x10, 0xdd, 0x71, 0x9c, 0xb8, 0xb5, 0x3b, 0x39, 0x42, 0x47, 0x54, 0xb6, - 0xe3, 0x04, 0x16, 0x9a, 0x83, 0x93, 0x37, 0x5e, 0x5d, 0x75, 0x62, 0xc3, 0x9b, 0x20, 0xf7, 0xfd, - 0xec, 0x3c, 0xea, 0xd2, 0x8b, 0x29, 0x20, 0xee, 0xc6, 0xb7, 0xff, 0x41, 0x01, 0x1e, 0x48, 0xbd, - 0x48, 0xe0, 0x79, 0x41, 0x3b, 0xa6, 0x7b, 0x22, 0xf4, 0x25, 0x0b, 0x4e, 0x34, 0x93, 0x0e, 0x8b, - 0x48, 0xb8, 0xbb, 0xdf, 0x9d, 0x9b, 0x8e, 0x48, 0x79, 0x44, 0x66, 0x27, 0xc4, 0x08, 0x9d, 0x48, - 0x01, 0x22, 0xdc, 0xd5, 0x17, 0xf4, 0x32, 0x54, 0x9a, 0xce, 0xce, 0xd5, 0x56, 0xdd, 0x89, 0xe5, - 0x76, 0xb4, 0xb7, 0x17, 0xa1, 0x1d, 0xbb, 0xde, 0x14, 0x8f, 0xdc, 0x98, 0x5a, 0xf4, 0xe3, 0x95, - 0xb0, 0x1a, 0x87, 0xae, 0xdf, 0xe0, 0x4e, 0xce, 0x65, 0x49, 0x06, 0x6b, 0x8a, 0xf6, 0x17, 0xad, - 0xb4, 0x92, 0x52, 0xa3, 0x13, 0x3a, 0x31, 0x69, 0x74, 0xd0, 0x07, 0xa0, 0x44, 0xf7, 0x8d, 0x72, - 0x54, 0xae, 0xe7, 0xa9, 0x39, 0x8d, 0x2f, 0xa1, 0x95, 0x28, 0xfd, 0x17, 0x61, 0xce, 0xd4, 0xfe, - 0x52, 0x25, 0x6d, 0x2c, 0xb0, 0xb3, 0xf9, 0xa7, 0x01, 0x1a, 0xc1, 0x1a, 0x69, 0xb6, 0x3c, 0x3a, - 0x2c, 0x16, 0x3b, 0xe0, 0x51, 0xae, 0x92, 0x05, 0x05, 0xc1, 0x06, 0x16, 0xfa, 0x79, 0x0b, 0xa0, - 0x21, 0xe7, 0xbc, 0x34, 0x04, 0xae, 0xe6, 0xf9, 0x3a, 0x7a, 0x45, 0xe9, 0xbe, 0x28, 0x86, 0xd8, - 0x60, 0x8e, 0x7e, 0xc6, 0x82, 0x72, 0x2c, 0xbb, 0xcf, 0x55, 0xe3, 0x5a, 0x9e, 0x3d, 0x91, 0x2f, - 0xad, 0x6d, 0x22, 0x35, 0x24, 0x8a, 0x2f, 0xfa, 0x59, 0x0b, 0x20, 0xea, 0xf8, 0xb5, 0xd5, 0xc0, - 0x73, 0x6b, 0x1d, 0xa1, 0x31, 0xaf, 0xe5, 0xea, 0xce, 0x51, 0xd4, 0x67, 0xc7, 0xe8, 0x68, 0xe8, - 0xff, 0xd8, 0xe0, 0x8c, 0x3e, 0x04, 0xe5, 0x48, 0x4c, 0x37, 0xa1, 0x23, 0xd7, 0xf2, 0x75, 0x2a, - 0x71, 0xda, 0x42, 0xbc, 0x8a, 0x7f, 0x58, 0xf1, 0x44, 0xbf, 0x68, 0xc1, 0x78, 0x2b, 0xe9, 0x26, - 0x14, 0xea, 0x30, 0x3f, 0x19, 0x90, 0x72, 0x43, 0x72, 0x6f, 0x4b, 0xaa, 0x11, 0xa7, 0x7b, 0x41, - 0x25, 0xa0, 0x9e, 0xc1, 0x2b, 0x2d, 0xee, 0xb2, 0x1c, 0xd2, 0x12, 0x70, 0x21, 0x0d, 0xc4, 0xdd, - 0xf8, 0x68, 0x15, 0x4e, 0xd3, 0xde, 0x75, 0xb8, 0xf9, 0x29, 0xd5, 0x4b, 0xc4, 0x94, 0x61, 0x79, - 0xf6, 0x21, 0x31, 0x43, 0xd8, 0x59, 0x47, 0x1a, 0x07, 0x67, 0x3e, 0x89, 0xfe, 0xd0, 0x82, 0x87, - 0x5c, 0xa6, 0x06, 0x4c, 0x87, 0xbd, 0xd6, 0x08, 0xe2, 0xa0, 0x9d, 0xe4, 0x2a, 0x2b, 0x7a, 0xa9, - 0x9f, 0xd9, 0x37, 0x8b, 0x37, 0x78, 0x68, 0x71, 0x8f, 0x2e, 0xe1, 0x3d, 0x3b, 0x8c, 0x7e, 0x0c, - 0x46, 0xe5, 0xba, 0x58, 0xa5, 0x22, 0x98, 0x29, 0xda, 0xca, 0xec, 0xc9, 0x5b, 0xbb, 0x93, 0xa3, - 0x6b, 0x26, 0x00, 0x27, 0xf1, 0xec, 0x7f, 0x57, 0x4c, 0x9c, 0x12, 0x29, 0x1f, 0x26, 0x13, 0x37, - 0x35, 0xe9, 0xff, 0x91, 0xd2, 0x33, 0x57, 0x71, 0xa3, 0xbc, 0x4b, 0x5a, 0xdc, 0xa8, 0xa6, 0x08, - 0x1b, 0xcc, 0xa9, 0x51, 0x7a, 0xd2, 0x49, 0x7b, 0x4a, 0x85, 0x04, 0x7c, 0x39, 0xcf, 0x2e, 0x75, - 0x9f, 0xe9, 0x3d, 0x20, 0xba, 0x76, 0xb2, 0x0b, 0x84, 0xbb, 0xbb, 0x84, 0x3e, 0x08, 0x95, 0x50, - 0x45, 0xb6, 0x14, 0xf3, 0xd8, 0xaa, 0xc9, 0x69, 0x23, 0xba, 0xa3, 0x0e, 0x80, 0x74, 0x0c, 0x8b, - 0xe6, 0x68, 0xff, 0x41, 0xf2, 0x60, 0xcc, 0x90, 0x1d, 0x7d, 0x1c, 0xfa, 0x7d, 0xc6, 0x82, 0xe1, - 0x30, 0xf0, 0x3c, 0xd7, 0x6f, 0x50, 0x39, 0x27, 0x94, 0xf5, 0x7b, 0x8f, 0x44, 0x5f, 0x0a, 0x81, - 0xc6, 0x2c, 0x6b, 0xac, 0x79, 0x62, 0xb3, 0x03, 0xf6, 0x9f, 0x59, 0x30, 0xd1, 0x4b, 0x1e, 0x23, - 0x02, 0x0f, 0x4a, 0x61, 0xa3, 0x86, 0x62, 0xc5, 0x9f, 0x27, 0x1e, 0x51, 0x6e, 0xf3, 0xf2, 0xec, - 0xa3, 0xe2, 0x35, 0x1f, 0x5c, 0xed, 0x8d, 0x8a, 0xf7, 0xa2, 0x83, 0x5e, 0x82, 0x13, 0xc6, 0x7b, - 0x45, 0x6a, 0x60, 0x2a, 0xb3, 0x53, 0xd4, 0x00, 0x9a, 0x49, 0xc1, 0x6e, 0xef, 0x4e, 0xde, 0x97, - 0x6e, 0x13, 0x0a, 0xa3, 0x8b, 0x8e, 0xfd, 0xd5, 0x42, 0xfa, 0x6b, 0x29, 0x5d, 0xff, 0xba, 0xd5, - 0xe5, 0x4d, 0x78, 0xf7, 0x51, 0xe8, 0x57, 0xe6, 0x77, 0x50, 0x61, 0x18, 0xbd, 0x71, 0xee, 0xe2, - 0xb1, 0xbd, 0xfd, 0xef, 0x07, 0x60, 0x8f, 0x9e, 0xf5, 0x61, 0xbc, 0x1f, 0xf8, 0x1c, 0xf5, 0x53, - 0x96, 0x3a, 0x30, 0xe3, 0x6b, 0xb8, 0x7e, 0x54, 0x63, 0xcf, 0xf7, 0x4f, 0x11, 0x0f, 0x1d, 0x51, - 0x5e, 0xf4, 0xe4, 0xd1, 0x1c, 0xfa, 0xb2, 0x95, 0x3c, 0xf2, 0xe3, 0x41, 0x8d, 0xee, 0x91, 0xf5, - 0xc9, 0x38, 0x47, 0xe4, 0x1d, 0xd3, 0xa7, 0x4f, 0xbd, 0x4e, 0x18, 0xa7, 0x00, 0x36, 0x5c, 0xdf, - 0xf1, 0xdc, 0xd7, 0xe8, 0xee, 0xa8, 0xc4, 0x14, 0x3c, 0xb3, 0x98, 0x2e, 0xa8, 0x56, 0x6c, 0x60, - 0x9c, 0xfd, 0xff, 0x61, 0xd8, 0x78, 0xf3, 0x8c, 0x88, 0x97, 0xd3, 0x66, 0xc4, 0x4b, 0xc5, 0x08, - 0x54, 0x39, 0xfb, 0x4e, 0x38, 0x91, 0xee, 0xe0, 0x41, 0x9e, 0xb7, 0xff, 0xf7, 0x50, 0xfa, 0x0c, - 0x6e, 0x8d, 0x84, 0x4d, 0xda, 0xb5, 0x37, 0x1c, 0x5b, 0x6f, 0x38, 0xb6, 0xde, 0x70, 0x6c, 0x99, - 0x67, 0x13, 0xc2, 0x69, 0x33, 0x74, 0x4c, 0x4e, 0x9b, 0x84, 0x1b, 0xaa, 0x9c, 0xbb, 0x1b, 0xca, - 0xfe, 0x78, 0x97, 0xe7, 0x7e, 0x2d, 0x24, 0x04, 0x05, 0x50, 0xf2, 0x83, 0x3a, 0x91, 0x36, 0xee, - 0xa5, 0x7c, 0x0c, 0xb6, 0x2b, 0x41, 0xdd, 0x08, 0x17, 0xa7, 0xff, 0x22, 0xcc, 0xf9, 0xd8, 0x1f, - 0x1b, 0x84, 0x84, 0x39, 0xc9, 0xbf, 0xfb, 0x8f, 0xc0, 0x50, 0x48, 0x5a, 0xc1, 0x55, 0xbc, 0x24, - 0x74, 0x99, 0xce, 0x28, 0xe1, 0xcd, 0x58, 0xc2, 0xa9, 0xce, 0x6b, 0x39, 0xf1, 0xa6, 0x50, 0x66, - 0x4a, 0xe7, 0xad, 0x3a, 0xf1, 0x26, 0x66, 0x10, 0xf4, 0x4e, 0x18, 0x8b, 0x13, 0x47, 0xe1, 0xe2, - 0xc8, 0xf7, 0x3e, 0x81, 0x3b, 0x96, 0x3c, 0x28, 0xc7, 0x29, 0x6c, 0xf4, 0x2a, 0x0c, 0x6c, 0x12, - 0xaf, 0x29, 0x3e, 0x7d, 0x35, 0x3f, 0x5d, 0xc3, 0xde, 0xf5, 0x22, 0xf1, 0x9a, 0x5c, 0x12, 0xd2, - 0x5f, 0x98, 0xb1, 0xa2, 0xf3, 0xbe, 0xb2, 0xd5, 0x8e, 0xe2, 0xa0, 0xe9, 0xbe, 0x26, 0x3d, 0x9d, - 0xef, 0xce, 0x99, 0xf1, 0x65, 0x49, 0x9f, 0xbb, 0x94, 0xd4, 0x5f, 0xac, 0x39, 0xb3, 0x7e, 0xd4, - 0xdd, 0x90, 0x4d, 0x99, 0x8e, 0x70, 0x58, 0xe6, 0xdd, 0x8f, 0x79, 0x49, 0x9f, 0xf7, 0x43, 0xfd, - 0xc5, 0x9a, 0x33, 0xea, 0xa8, 0xf5, 0x37, 0xcc, 0xfa, 0x70, 0x35, 0xe7, 0x3e, 0xf0, 0xb5, 0x97, - 0xb9, 0x0e, 0x1f, 0x85, 0x52, 0x6d, 0xd3, 0x09, 0xe3, 0x89, 0x11, 0x36, 0x69, 0xd4, 0x2c, 0x9e, - 0xa3, 0x8d, 0x98, 0xc3, 0xd0, 0xc3, 0x50, 0x0c, 0xc9, 0x06, 0x8b, 0x4e, 0x36, 0xe2, 0xa2, 0x30, - 0xd9, 0xc0, 0xb4, 0x5d, 0xd9, 0x65, 0x63, 0x3d, 0x03, 0xe6, 0x7e, 0xa5, 0x90, 0x34, 0xec, 0x92, - 0x23, 0xc3, 0xd7, 0x43, 0xad, 0x1d, 0x46, 0xd2, 0x41, 0x66, 0xac, 0x07, 0xd6, 0x8c, 0x25, 0x1c, - 0x7d, 0xc4, 0x82, 0xa1, 0x1b, 0x51, 0xe0, 0xfb, 0x24, 0x16, 0x4a, 0xf4, 0x5a, 0xce, 0x83, 0x75, - 0x89, 0x53, 0xd7, 0x7d, 0x10, 0x0d, 0x58, 0xf2, 0xa5, 0xdd, 0x25, 0x3b, 0x35, 0xaf, 0x5d, 0xef, - 0x0a, 0x86, 0x39, 0xcf, 0x9b, 0xb1, 0x84, 0x53, 0x54, 0xd7, 0xe7, 0xa8, 0x03, 0x49, 0xd4, 0x45, - 0x5f, 0xa0, 0x0a, 0xb8, 0xfd, 0xeb, 0x65, 0x38, 0x93, 0xb9, 0x7c, 0xa8, 0xc9, 0xc5, 0x8c, 0x9a, - 0x0b, 0xae, 0x47, 0x64, 0x18, 0x18, 0x33, 0xb9, 0xae, 0xa9, 0x56, 0x6c, 0x60, 0xa0, 0x9f, 0x06, - 0x68, 0x39, 0xa1, 0xd3, 0x24, 0xca, 0x81, 0x7d, 0x68, 0xcb, 0x86, 0xf6, 0x63, 0x55, 0xd2, 0xd4, - 0x9b, 0x78, 0xd5, 0x14, 0x61, 0x83, 0x25, 0x7a, 0x0e, 0x86, 0x43, 0xe2, 0x11, 0x27, 0x62, 0xe1, - 0xef, 0xe9, 0x5c, 0x1e, 0xac, 0x41, 0xd8, 0xc4, 0x43, 0x8f, 0xa9, 0x88, 0xb9, 0x54, 0xe4, 0x50, - 0x32, 0x6a, 0x0e, 0x7d, 0xd6, 0x82, 0xb1, 0x0d, 0xd7, 0x23, 0x9a, 0xbb, 0xc8, 0xbc, 0x59, 0x39, - 0xfc, 0x4b, 0x5e, 0x30, 0xe9, 0x6a, 0x19, 0x9a, 0x68, 0x8e, 0x70, 0x8a, 0x3d, 0xfd, 0xcc, 0xdb, - 0x24, 0x64, 0xc2, 0x77, 0x30, 0xf9, 0x99, 0xaf, 0xf1, 0x66, 0x2c, 0xe1, 0x68, 0x06, 0xc6, 0x5b, - 0x4e, 0x14, 0xcd, 0x85, 0xa4, 0x4e, 0xfc, 0xd8, 0x75, 0x3c, 0x9e, 0x17, 0x53, 0xd6, 0xe1, 0xe4, - 0xab, 0x49, 0x30, 0x4e, 0xe3, 0xa3, 0xf7, 0xc0, 0xfd, 0xdc, 0x43, 0xb4, 0xec, 0x46, 0x91, 0xeb, - 0x37, 0xf4, 0x34, 0x10, 0x8e, 0xb2, 0x49, 0x41, 0xea, 0xfe, 0xc5, 0x6c, 0x34, 0xdc, 0xeb, 0x79, - 0xf4, 0x04, 0x94, 0xa3, 0x2d, 0xb7, 0x35, 0x17, 0xd6, 0x23, 0x76, 0x3a, 0x54, 0xd6, 0x6e, 0xd9, - 0xaa, 0x68, 0xc7, 0x0a, 0x03, 0xd5, 0x60, 0x84, 0x7f, 0x12, 0x1e, 0xf2, 0x27, 0x24, 0xe8, 0x93, - 0x3d, 0x15, 0xb9, 0x48, 0xf3, 0x9c, 0xc2, 0xce, 0xcd, 0xf3, 0xf2, 0xac, 0x8a, 0x1f, 0xad, 0x5c, - 0x33, 0xc8, 0xe0, 0x04, 0xd1, 0xe4, 0x9e, 0x6e, 0xb8, 0x8f, 0x3d, 0xdd, 0x73, 0x30, 0xbc, 0xd5, - 0x5e, 0x27, 0x62, 0xe4, 0x85, 0x60, 0x53, 0xb3, 0xef, 0xb2, 0x06, 0x61, 0x13, 0x8f, 0x45, 0x5b, - 0xb6, 0x5c, 0xf1, 0x2f, 0x9a, 0x18, 0x35, 0xa2, 0x2d, 0x57, 0x17, 0x65, 0x33, 0x36, 0x71, 0x68, - 0xd7, 0xe8, 0x58, 0xac, 0x91, 0x88, 0x25, 0x53, 0xd0, 0xe1, 0x52, 0x5d, 0xab, 0x4a, 0x00, 0xd6, - 0x38, 0x68, 0x15, 0x4e, 0xd3, 0x3f, 0x55, 0x96, 0xe6, 0x7a, 0xcd, 0xf1, 0xdc, 0x3a, 0x0f, 0xfd, - 0x1b, 0x4f, 0xfa, 0x37, 0xab, 0x19, 0x38, 0x38, 0xf3, 0x49, 0xfb, 0x97, 0x0a, 0x49, 0xcf, 0x89, - 0x29, 0xc2, 0x50, 0x44, 0x05, 0x55, 0x7c, 0xcd, 0x09, 0xa5, 0xc1, 0x73, 0xc8, 0xe4, 0x26, 0x41, - 0xf7, 0x9a, 0x13, 0x9a, 0x22, 0x8f, 0x31, 0xc0, 0x92, 0x13, 0xba, 0x01, 0x03, 0xb1, 0xe7, 0xe4, - 0x94, 0x0d, 0x69, 0x70, 0xd4, 0x8e, 0xac, 0xa5, 0x99, 0x08, 0x33, 0x1e, 0xe8, 0x21, 0xba, 0x7b, - 0x5b, 0x97, 0x27, 0x6d, 0x62, 0xc3, 0xb5, 0x1e, 0x61, 0xd6, 0x6a, 0xff, 0xf9, 0x70, 0x86, 0xd6, - 0x51, 0x86, 0x00, 0x7a, 0x1a, 0x80, 0x4e, 0x9a, 0xd5, 0x90, 0x6c, 0xb8, 0x3b, 0xc2, 0x10, 0x53, - 0x92, 0xed, 0x8a, 0x82, 0x60, 0x03, 0x4b, 0x3e, 0x53, 0x6d, 0x6f, 0xd0, 0x67, 0x0a, 0xdd, 0xcf, - 0x70, 0x08, 0x36, 0xb0, 0xd0, 0xb3, 0x30, 0xe8, 0x36, 0x9d, 0x86, 0x0a, 0x04, 0x7e, 0x88, 0x8a, - 0xb4, 0x45, 0xd6, 0x72, 0x7b, 0x77, 0x72, 0x4c, 0x75, 0x88, 0x35, 0x61, 0x81, 0x8b, 0xbe, 0x6a, - 0xc1, 0x48, 0x2d, 0x68, 0x36, 0x03, 0x9f, 0x6f, 0x9f, 0x85, 0x2f, 0xe0, 0xc6, 0x51, 0x99, 0x49, - 0x53, 0x73, 0x06, 0x33, 0xee, 0x0c, 0x50, 0x69, 0x9b, 0x26, 0x08, 0x27, 0x7a, 0x65, 0x4a, 0xbe, - 0xd2, 0x3e, 0x92, 0xef, 0x37, 0x2c, 0x38, 0xc9, 0x9f, 0x35, 0x76, 0xf5, 0x22, 0x43, 0x31, 0x38, - 0xe2, 0xd7, 0xea, 0x72, 0x74, 0x28, 0x67, 0x6f, 0x17, 0x1c, 0x77, 0x77, 0x12, 0x2d, 0xc0, 0xc9, - 0x8d, 0x20, 0xac, 0x11, 0x73, 0x20, 0x84, 0xd8, 0x56, 0x84, 0x2e, 0xa4, 0x11, 0x70, 0xf7, 0x33, - 0xe8, 0x1a, 0xdc, 0x67, 0x34, 0x9a, 0xe3, 0xc0, 0x25, 0xf7, 0x23, 0x82, 0xda, 0x7d, 0x17, 0x32, - 0xb1, 0x70, 0x8f, 0xa7, 0x93, 0x42, 0xb2, 0xd2, 0x87, 0x90, 0x7c, 0x05, 0x1e, 0xa8, 0x75, 0x8f, - 0xcc, 0x76, 0xd4, 0x5e, 0x8f, 0xb8, 0x1c, 0x2f, 0xcf, 0xfe, 0x90, 0x20, 0xf0, 0xc0, 0x5c, 0x2f, - 0x44, 0xdc, 0x9b, 0x06, 0xfa, 0x00, 0x94, 0x43, 0xc2, 0xbe, 0x4a, 0x24, 0xd2, 0xf5, 0x0e, 0xe9, - 0xed, 0xd0, 0x16, 0x3c, 0x27, 0xab, 0x35, 0x93, 0x68, 0x88, 0xb0, 0xe2, 0x88, 0x6e, 0xc2, 0x50, - 0xcb, 0x89, 0x6b, 0x9b, 0x22, 0x49, 0xef, 0xd0, 0xbe, 0x79, 0xc5, 0x9c, 0x1d, 0xa5, 0x18, 0x69, - 0xfd, 0x9c, 0x09, 0x96, 0xdc, 0xa8, 0xad, 0x56, 0x0b, 0x9a, 0xad, 0xc0, 0x27, 0x7e, 0x2c, 0x95, - 0xc8, 0x18, 0x3f, 0xef, 0x90, 0xad, 0xd8, 0xc0, 0xa0, 0x1a, 0x81, 0xf9, 0xfe, 0xae, 0xbb, 0xf1, - 0x66, 0xd0, 0x8e, 0xe5, 0x56, 0x56, 0x68, 0x13, 0xa5, 0x11, 0x96, 0x32, 0x70, 0x70, 0xe6, 0x93, - 0x69, 0xf5, 0x37, 0x7e, 0x67, 0xea, 0xef, 0xc4, 0xfe, 0xea, 0xef, 0xec, 0xbb, 0xe0, 0x64, 0x97, - 0xd0, 0x38, 0x90, 0x83, 0x6f, 0x1e, 0xee, 0xcb, 0x5e, 0x9e, 0x07, 0x72, 0xf3, 0xfd, 0x7a, 0x2a, - 0xce, 0xdb, 0xd8, 0xf2, 0xf4, 0xe1, 0x32, 0x76, 0xa0, 0x48, 0xfc, 0x6d, 0xa1, 0xad, 0x2e, 0x1c, - 0x6e, 0x96, 0x9c, 0xf7, 0xb7, 0xb9, 0x74, 0x61, 0x7e, 0xb1, 0xf3, 0xfe, 0x36, 0xa6, 0xb4, 0xd1, - 0xe7, 0xad, 0x84, 0x41, 0xce, 0x1d, 0xcd, 0xef, 0x3b, 0x92, 0x3d, 0x5e, 0xdf, 0x36, 0xba, 0xfd, - 0x1f, 0x0a, 0x70, 0x6e, 0x3f, 0x22, 0x7d, 0x0c, 0xdf, 0xa3, 0x30, 0x18, 0xb1, 0xc8, 0x0d, 0x21, - 0xfe, 0x87, 0xe9, 0xaa, 0xe0, 0xb1, 0x1c, 0xaf, 0x60, 0x01, 0x42, 0x1e, 0x14, 0x9b, 0x4e, 0x4b, - 0xf8, 0x1f, 0x17, 0x0f, 0x9b, 0x0f, 0x47, 0xff, 0x3b, 0xde, 0xb2, 0xd3, 0xe2, 0xd3, 0xd3, 0x68, - 0xc0, 0x94, 0x0d, 0x8a, 0xa1, 0xe4, 0x84, 0xa1, 0x23, 0xc3, 0x04, 0x2e, 0xe7, 0xc3, 0x6f, 0x86, - 0x92, 0xe4, 0xa7, 0xac, 0x89, 0x26, 0xcc, 0x99, 0xd9, 0xbf, 0x58, 0x4e, 0x24, 0x4f, 0xb1, 0xd8, - 0x8f, 0x08, 0x06, 0x85, 0xdb, 0xd1, 0xca, 0x3b, 0x0d, 0x91, 0x67, 0x27, 0xb3, 0x1d, 0xbd, 0xa8, - 0xf1, 0x20, 0x58, 0xa1, 0x4f, 0x5a, 0xac, 0x92, 0x82, 0xcc, 0x48, 0x13, 0xbb, 0xe4, 0xa3, 0x29, - 0xec, 0x60, 0xd6, 0x67, 0x90, 0x8d, 0xd8, 0xe4, 0x2e, 0x2a, 0xa2, 0xb0, 0xdd, 0x41, 0x77, 0x45, - 0x14, 0x66, 0xed, 0x4b, 0x38, 0xda, 0xc9, 0x88, 0xf1, 0xc8, 0x21, 0x1b, 0xbf, 0x8f, 0xa8, 0x8e, - 0x2f, 0x5b, 0x70, 0xd2, 0x4d, 0x1f, 0xd6, 0x8b, 0x3d, 0xe5, 0xf5, 0x7c, 0x7c, 0x84, 0xdd, 0xb1, - 0x00, 0xca, 0x70, 0xe8, 0x02, 0xe1, 0xee, 0xce, 0xa0, 0x3a, 0x0c, 0xb8, 0xfe, 0x46, 0x20, 0xcc, - 0xa5, 0xd9, 0xc3, 0x75, 0x6a, 0xd1, 0xdf, 0x08, 0xf4, 0x6a, 0xa6, 0xff, 0x30, 0xa3, 0x8e, 0x96, - 0xe0, 0xb4, 0xcc, 0x9f, 0xb9, 0xe8, 0x46, 0x71, 0x10, 0x76, 0x96, 0xdc, 0xa6, 0x1b, 0x33, 0x53, - 0xa7, 0x38, 0x3b, 0x41, 0x35, 0x11, 0xce, 0x80, 0xe3, 0xcc, 0xa7, 0xd0, 0x6b, 0x30, 0x24, 0x0f, - 0xc8, 0xcb, 0x79, 0xec, 0xcf, 0xbb, 0xe7, 0xbf, 0x9a, 0x4c, 0x55, 0x71, 0x42, 0x2e, 0x19, 0xa2, - 0x4f, 0x58, 0x30, 0xc6, 0x7f, 0x5f, 0xec, 0xd4, 0x79, 0xca, 0x5e, 0x25, 0x8f, 0x28, 0xf8, 0x6a, - 0x82, 0xe6, 0x2c, 0xba, 0xb5, 0x3b, 0x39, 0x96, 0x6c, 0xc3, 0x29, 0xbe, 0xf6, 0x57, 0x47, 0xa0, - 0x3b, 0xa4, 0x20, 0x19, 0x3f, 0x60, 0x1d, 0x77, 0xfc, 0x00, 0xdd, 0xa5, 0x45, 0xfa, 0xe8, 0x3f, - 0x87, 0x65, 0x26, 0xb8, 0xea, 0x63, 0xdd, 0x8e, 0x5f, 0xc3, 0x8c, 0x07, 0x0a, 0x61, 0x70, 0x93, - 0x38, 0x5e, 0xbc, 0x99, 0xcf, 0x09, 0xd4, 0x45, 0x46, 0x2b, 0x9d, 0x7f, 0xc7, 0x5b, 0xb1, 0xe0, - 0x84, 0x76, 0x60, 0x68, 0x93, 0xcf, 0x45, 0xb1, 0x71, 0x5a, 0x3e, 0xec, 0xe0, 0x26, 0x26, 0xb8, - 0x9e, 0x79, 0xa2, 0x01, 0x4b, 0x76, 0x2c, 0x56, 0xcd, 0x88, 0xa6, 0xe1, 0x52, 0x24, 0xbf, 0xd4, - 0xc3, 0xfe, 0x43, 0x69, 0xde, 0x0f, 0x23, 0x21, 0xa9, 0x05, 0x7e, 0xcd, 0xf5, 0x48, 0x7d, 0x46, - 0x9e, 0x2e, 0x1d, 0x24, 0xe3, 0x8c, 0xb9, 0x66, 0xb0, 0x41, 0x03, 0x27, 0x28, 0xb2, 0x45, 0xa6, - 0xb2, 0xd0, 0xe9, 0x07, 0x21, 0xe2, 0x14, 0x61, 0x29, 0xa7, 0x9c, 0x77, 0x46, 0x93, 0x2f, 0xb2, - 0x64, 0x1b, 0x4e, 0xf1, 0x45, 0x2f, 0x01, 0x04, 0xeb, 0x3c, 0x20, 0x6d, 0x26, 0x16, 0x47, 0x0a, - 0x07, 0x79, 0xd5, 0x31, 0x9e, 0xb9, 0x2a, 0x29, 0x60, 0x83, 0x1a, 0xba, 0x0c, 0xc0, 0x97, 0xcd, - 0x5a, 0xa7, 0x25, 0x77, 0x57, 0x32, 0x65, 0x10, 0xaa, 0x0a, 0x72, 0x7b, 0x77, 0xb2, 0xdb, 0x81, - 0xcb, 0xa2, 0x6e, 0x8c, 0xc7, 0xd1, 0x4f, 0xc1, 0x50, 0xd4, 0x6e, 0x36, 0x1d, 0x75, 0xe0, 0x90, - 0x63, 0x2e, 0x2c, 0xa7, 0x6b, 0x48, 0x45, 0xde, 0x80, 0x25, 0x47, 0x74, 0x83, 0xca, 0x77, 0x21, - 0x9e, 0xf8, 0x2a, 0xe2, 0xe6, 0x09, 0x77, 0xab, 0xbd, 0x4d, 0xee, 0x36, 0x70, 0x06, 0xce, 0xed, - 0xdd, 0xc9, 0xfb, 0x92, 0xed, 0x4b, 0x81, 0xc8, 0x4e, 0xcd, 0xa4, 0x89, 0x2e, 0xc9, 0xa2, 0x54, - 0xf4, 0xb5, 0x65, 0xad, 0x94, 0xc7, 0x75, 0x51, 0x2a, 0xd6, 0xdc, 0x7b, 0xcc, 0xcc, 0x87, 0xd1, - 0x32, 0x9c, 0xaa, 0x05, 0x7e, 0x1c, 0x06, 0x9e, 0xc7, 0x8b, 0xb2, 0xf1, 0x8d, 0x2e, 0x3f, 0x90, - 0x78, 0x50, 0x74, 0xfb, 0xd4, 0x5c, 0x37, 0x0a, 0xce, 0x7a, 0x8e, 0x1a, 0xe4, 0x69, 0xe5, 0x30, - 0x96, 0xcb, 0x59, 0x75, 0x82, 0xa6, 0x90, 0x50, 0xca, 0x87, 0xbc, 0x8f, 0x9a, 0xf0, 0x93, 0x27, - 0x96, 0xe2, 0x8b, 0x3d, 0x0b, 0x23, 0x64, 0x27, 0x26, 0xa1, 0xef, 0x78, 0x57, 0xf1, 0x92, 0xf4, - 0xfe, 0xb3, 0x85, 0x79, 0xde, 0x68, 0xc7, 0x09, 0x2c, 0x64, 0x2b, 0x97, 0x93, 0x91, 0x06, 0xce, - 0x5d, 0x4e, 0xd2, 0xc1, 0x64, 0x7f, 0xbd, 0x98, 0x30, 0x58, 0xef, 0xca, 0xf9, 0x28, 0xab, 0x37, - 0x24, 0x0b, 0x33, 0x31, 0x80, 0xd8, 0x88, 0xe5, 0xc9, 0x59, 0xd5, 0x1b, 0x5a, 0x31, 0x19, 0xe1, - 0x24, 0x5f, 0xb4, 0x05, 0xa5, 0xcd, 0x20, 0x8a, 0xe5, 0xf6, 0xec, 0x90, 0x3b, 0xc1, 0x8b, 0x41, - 0x14, 0x33, 0x2b, 0x4b, 0xbd, 0x36, 0x6d, 0x89, 0x30, 0xe7, 0x41, 0xf7, 0xe8, 0xd1, 0xa6, 0x13, - 0xd6, 0xa3, 0x39, 0x56, 0xb4, 0x61, 0x80, 0x99, 0x57, 0xca, 0x98, 0xae, 0x6a, 0x10, 0x36, 0xf1, - 0xec, 0xbf, 0xb0, 0x12, 0x47, 0x44, 0xd7, 0x59, 0x04, 0xfe, 0x36, 0xf1, 0xa9, 0x88, 0x32, 0x63, - 0xfe, 0x7e, 0x2c, 0x95, 0xcf, 0xfc, 0x96, 0x5e, 0xf5, 0x13, 0x6f, 0x52, 0x0a, 0x53, 0x8c, 0x84, - 0x11, 0x1e, 0xf8, 0x61, 0x2b, 0x99, 0x98, 0x5e, 0xc8, 0x63, 0xdf, 0x66, 0x16, 0x67, 0xd8, 0x37, - 0xc7, 0xdd, 0xfe, 0xbc, 0x05, 0x43, 0xb3, 0x4e, 0x6d, 0x2b, 0xd8, 0xd8, 0x40, 0x4f, 0x40, 0xb9, - 0xde, 0x0e, 0xcd, 0x1c, 0x79, 0xe5, 0xf9, 0x99, 0x17, 0xed, 0x58, 0x61, 0xd0, 0xa9, 0xbf, 0xe1, - 0xd4, 0x64, 0x89, 0x86, 0x22, 0x9f, 0xfa, 0x17, 0x58, 0x0b, 0x16, 0x10, 0x3a, 0xfc, 0x4d, 0x67, - 0x47, 0x3e, 0x9c, 0x3e, 0x9f, 0x5a, 0xd6, 0x20, 0x6c, 0xe2, 0xd9, 0xff, 0xc6, 0x82, 0x89, 0x59, - 0x27, 0x72, 0x6b, 0x33, 0xed, 0x78, 0x73, 0xd6, 0x8d, 0xd7, 0xdb, 0xb5, 0x2d, 0x12, 0xf3, 0x52, - 0x1e, 0xb4, 0x97, 0xed, 0x88, 0xae, 0x40, 0xb5, 0x5d, 0x56, 0xbd, 0xbc, 0x2a, 0xda, 0xb1, 0xc2, - 0x40, 0xaf, 0xc1, 0x70, 0xcb, 0x89, 0xa2, 0x9b, 0x41, 0x58, 0xc7, 0x64, 0x23, 0x9f, 0x62, 0x3f, - 0x55, 0x52, 0x0b, 0x49, 0x8c, 0xc9, 0x86, 0x88, 0xf6, 0xd0, 0xf4, 0xb1, 0xc9, 0xcc, 0xfe, 0x79, - 0x0b, 0x4e, 0xcf, 0x12, 0x27, 0x24, 0x21, 0xab, 0x0d, 0xa4, 0x5e, 0x04, 0xbd, 0x0a, 0xe5, 0x98, - 0xb6, 0xd0, 0x1e, 0x59, 0xf9, 0xf6, 0x88, 0xc5, 0x69, 0xac, 0x09, 0xe2, 0x58, 0xb1, 0xb1, 0x3f, - 0x63, 0xc1, 0x03, 0x59, 0x7d, 0x99, 0xf3, 0x82, 0x76, 0xfd, 0x6e, 0x74, 0xe8, 0xef, 0x5b, 0x30, - 0xc2, 0xce, 0xbe, 0xe7, 0x49, 0xec, 0xb8, 0x5e, 0x57, 0x5d, 0x42, 0xab, 0xcf, 0xba, 0x84, 0xe7, - 0x60, 0x60, 0x33, 0x68, 0x92, 0x74, 0xdc, 0xc6, 0xc5, 0xa0, 0x49, 0x30, 0x83, 0xa0, 0xa7, 0xe8, - 0x24, 0x74, 0xfd, 0xd8, 0xa1, 0xcb, 0x51, 0x9e, 0x0d, 0x8c, 0xf3, 0x09, 0xa8, 0x9a, 0xb1, 0x89, - 0x63, 0xff, 0xeb, 0x0a, 0x0c, 0x89, 0x20, 0xa3, 0xbe, 0x4b, 0xcb, 0x48, 0x17, 0x4e, 0xa1, 0xa7, - 0x0b, 0x27, 0x82, 0xc1, 0x1a, 0x2b, 0x90, 0x2a, 0xcc, 0xf3, 0xcb, 0xb9, 0x44, 0xa5, 0xf1, 0x9a, - 0xab, 0xba, 0x5b, 0xfc, 0x3f, 0x16, 0xac, 0xd0, 0xe7, 0x2c, 0x18, 0xaf, 0x05, 0xbe, 0x4f, 0x6a, - 0xda, 0x76, 0x1c, 0xc8, 0x23, 0xf8, 0x68, 0x2e, 0x49, 0x54, 0x1f, 0xab, 0xa6, 0x00, 0x38, 0xcd, - 0x1e, 0xbd, 0x00, 0xa3, 0x7c, 0xcc, 0xae, 0x25, 0x0e, 0x34, 0x74, 0xb9, 0x3a, 0x13, 0x88, 0x93, - 0xb8, 0x68, 0x8a, 0x1f, 0x0c, 0x89, 0xc2, 0x70, 0x83, 0xda, 0xef, 0x6b, 0x94, 0x84, 0x33, 0x30, - 0x50, 0x08, 0x28, 0x24, 0x1b, 0x21, 0x89, 0x36, 0x45, 0x10, 0x16, 0xb3, 0x5b, 0x87, 0xee, 0xac, - 0x28, 0x04, 0xee, 0xa2, 0x84, 0x33, 0xa8, 0xa3, 0x2d, 0xe1, 0x43, 0x28, 0xe7, 0x21, 0xcf, 0xc5, - 0x67, 0xee, 0xe9, 0x4a, 0x98, 0x84, 0x12, 0x53, 0x5d, 0xcc, 0x5e, 0x2e, 0xf2, 0x44, 0x44, 0xa6, - 0xd8, 0x30, 0x6f, 0x47, 0xf3, 0x70, 0x22, 0x55, 0x6c, 0x2f, 0x12, 0x07, 0x0f, 0x2a, 0xe9, 0x2c, - 0x55, 0xa6, 0x2f, 0xc2, 0x5d, 0x4f, 0x98, 0xfe, 0xa5, 0xe1, 0x7d, 0xfc, 0x4b, 0x1d, 0x15, 0xea, - 0xcb, 0x8f, 0x04, 0x5e, 0xcc, 0x65, 0x00, 0xfa, 0x8a, 0xeb, 0xfd, 0x74, 0x2a, 0xae, 0x77, 0x94, - 0x75, 0xe0, 0x5a, 0x3e, 0x1d, 0x38, 0x78, 0x10, 0xef, 0xdd, 0x0c, 0xca, 0xfd, 0x5f, 0x16, 0xc8, - 0xef, 0x3a, 0xe7, 0xd4, 0x36, 0x09, 0x9d, 0x32, 0xe8, 0x9d, 0x30, 0xa6, 0x5c, 0x13, 0xdc, 0x24, - 0xb2, 0xd8, 0xac, 0x51, 0xb6, 0x33, 0x4e, 0x40, 0x71, 0x0a, 0x1b, 0x4d, 0x43, 0x85, 0x8e, 0x13, - 0x7f, 0x94, 0xeb, 0x7d, 0xe5, 0xfe, 0x98, 0x59, 0x5d, 0x14, 0x4f, 0x69, 0x1c, 0x14, 0xc0, 0x49, - 0xcf, 0x89, 0x62, 0xd6, 0x83, 0x6a, 0xc7, 0xaf, 0xdd, 0x61, 0x49, 0x16, 0x96, 0xd9, 0xb4, 0x94, - 0x26, 0x84, 0xbb, 0x69, 0xdb, 0xff, 0xb1, 0x04, 0xa3, 0x09, 0xc9, 0x78, 0x40, 0x83, 0xe1, 0x09, - 0x28, 0x4b, 0x1d, 0x9e, 0xae, 0x3d, 0xa5, 0x14, 0xbd, 0xc2, 0xa0, 0x4a, 0x6b, 0x5d, 0x6b, 0xd5, - 0xb4, 0x81, 0x63, 0x28, 0x5c, 0x6c, 0xe2, 0x31, 0xa1, 0x1c, 0x7b, 0xd1, 0x9c, 0xe7, 0x12, 0x3f, - 0xe6, 0xdd, 0xcc, 0x47, 0x28, 0xaf, 0x2d, 0x55, 0x4d, 0xa2, 0x5a, 0x28, 0xa7, 0x00, 0x38, 0xcd, - 0x1e, 0x7d, 0xcc, 0x82, 0x51, 0xe7, 0x66, 0xa4, 0xab, 0x78, 0x8b, 0x08, 0xde, 0x43, 0x2a, 0xa9, - 0x44, 0x61, 0x70, 0xee, 0xd5, 0x4f, 0x34, 0xe1, 0x24, 0x53, 0xf4, 0xba, 0x05, 0x88, 0xec, 0x90, - 0x9a, 0x8c, 0x31, 0x16, 0x7d, 0x19, 0xcc, 0x63, 0x07, 0x7f, 0xbe, 0x8b, 0x2e, 0x97, 0xea, 0xdd, - 0xed, 0x38, 0xa3, 0x0f, 0xe8, 0x12, 0xa0, 0xba, 0x1b, 0x39, 0xeb, 0x1e, 0x99, 0x0b, 0x9a, 0x32, - 0x1b, 0x57, 0x1c, 0x4e, 0x9f, 0x15, 0xe3, 0x8c, 0xe6, 0xbb, 0x30, 0x70, 0xc6, 0x53, 0x6c, 0x96, - 0x85, 0xc1, 0x4e, 0xe7, 0x6a, 0xe8, 0x31, 0x2d, 0x61, 0xce, 0x32, 0xd1, 0x8e, 0x15, 0x86, 0xfd, - 0x97, 0x45, 0xb5, 0x94, 0x75, 0x40, 0xbd, 0x63, 0x04, 0xf6, 0x5a, 0x77, 0x1e, 0xd8, 0xab, 0xc3, - 0x8e, 0xba, 0x73, 0xcc, 0x13, 0x29, 0xa9, 0x85, 0xbb, 0x94, 0x92, 0xfa, 0x33, 0x56, 0xa2, 0xbe, - 0xdb, 0xf0, 0xd3, 0x2f, 0xe5, 0x1b, 0xcc, 0x3f, 0xc5, 0x43, 0xa2, 0x52, 0x7a, 0x25, 0x15, 0x09, - 0xf7, 0x04, 0x94, 0x37, 0x3c, 0x87, 0x55, 0x25, 0x61, 0x0b, 0xd5, 0x08, 0xd7, 0xba, 0x20, 0xda, - 0xb1, 0xc2, 0xa0, 0x52, 0xdf, 0x20, 0x7a, 0x20, 0xa9, 0xfd, 0x9f, 0x8b, 0x30, 0x6c, 0x68, 0xfc, - 0x4c, 0xf3, 0xcd, 0xba, 0xc7, 0xcc, 0xb7, 0xc2, 0x01, 0xcc, 0xb7, 0x9f, 0x86, 0x4a, 0x4d, 0x6a, - 0xa3, 0x7c, 0xea, 0xd5, 0xa7, 0x75, 0x9c, 0x56, 0x48, 0xaa, 0x09, 0x6b, 0x9e, 0x68, 0x21, 0x91, - 0xf6, 0x98, 0xf0, 0x0b, 0x64, 0xe5, 0x25, 0x0a, 0x8d, 0xd6, 0xfd, 0x4c, 0xfa, 0x1c, 0xbf, 0xb4, - 0xff, 0x39, 0xbe, 0xfd, 0x6d, 0x4b, 0x7d, 0xdc, 0x63, 0xa8, 0x6f, 0x73, 0x23, 0x59, 0xdf, 0xe6, - 0x7c, 0x2e, 0xc3, 0xdc, 0xa3, 0xb0, 0xcd, 0x15, 0x18, 0x9a, 0x0b, 0x9a, 0x4d, 0xc7, 0xaf, 0xa3, - 0x1f, 0x86, 0xa1, 0x1a, 0xff, 0x29, 0x7c, 0x68, 0xec, 0xa4, 0x5a, 0x40, 0xb1, 0x84, 0xa1, 0x87, - 0x60, 0xc0, 0x09, 0x1b, 0xd2, 0x6f, 0xc6, 0x22, 0xca, 0x66, 0xc2, 0x46, 0x84, 0x59, 0xab, 0xfd, - 0x2f, 0x06, 0x80, 0x05, 0x72, 0x38, 0x21, 0xa9, 0xaf, 0x05, 0xac, 0xcc, 0xec, 0x91, 0x9e, 0xef, - 0xea, 0x4d, 0xdd, 0xbd, 0x7c, 0xc6, 0x6b, 0x9c, 0xf3, 0x15, 0x8f, 0xfb, 0x9c, 0x2f, 0xfb, 0xe8, - 0x76, 0xe0, 0x1e, 0x3a, 0xba, 0xb5, 0x3f, 0x65, 0x01, 0x52, 0xd1, 0x3f, 0x3a, 0xb6, 0x62, 0x1a, - 0x2a, 0x2a, 0x0e, 0x48, 0x18, 0x80, 0x5a, 0x44, 0x48, 0x00, 0xd6, 0x38, 0x7d, 0xec, 0xe4, 0x1f, - 0x95, 0xf2, 0xbb, 0x98, 0x0c, 0xe6, 0x67, 0x52, 0x5f, 0x88, 0x73, 0xfb, 0x77, 0x0b, 0x70, 0x1f, - 0x37, 0x1d, 0x96, 0x1d, 0xdf, 0x69, 0x90, 0x26, 0xed, 0x55, 0xbf, 0xd1, 0x32, 0x35, 0xba, 0x85, - 0x74, 0x65, 0xe8, 0xfd, 0x61, 0xd7, 0x2e, 0x5f, 0x73, 0x7c, 0x95, 0x2d, 0xfa, 0x6e, 0x8c, 0x19, - 0x71, 0x14, 0x41, 0x59, 0x5e, 0xe6, 0x22, 0x64, 0x71, 0x4e, 0x8c, 0x94, 0x58, 0x12, 0x5a, 0x96, - 0x60, 0xc5, 0x88, 0xaa, 0x52, 0x2f, 0xa8, 0x6d, 0x61, 0xd2, 0x0a, 0xd2, 0xaa, 0x74, 0x49, 0xb4, - 0x63, 0x85, 0x61, 0x37, 0x61, 0x5c, 0x8e, 0x61, 0xeb, 0x32, 0xe9, 0x60, 0xb2, 0x41, 0xf5, 0x4f, - 0x4d, 0x36, 0x19, 0xf7, 0xcb, 0x28, 0xfd, 0x33, 0x67, 0x02, 0x71, 0x12, 0x57, 0x56, 0x9e, 0x2d, - 0x64, 0x57, 0x9e, 0xb5, 0x7f, 0xd7, 0x82, 0xb4, 0x02, 0x34, 0xea, 0x6c, 0x5a, 0x7b, 0xd6, 0xd9, - 0x3c, 0x40, 0xa5, 0xca, 0x9f, 0x84, 0x61, 0x27, 0xa6, 0x16, 0x0e, 0xf7, 0x46, 0x14, 0xef, 0xec, - 0x14, 0x6d, 0x39, 0xa8, 0xbb, 0x1b, 0x2e, 0xf3, 0x42, 0x98, 0xe4, 0xec, 0xd7, 0x2d, 0xa8, 0xcc, - 0x87, 0x9d, 0x83, 0xe7, 0x40, 0x75, 0x67, 0x38, 0x15, 0x0e, 0x94, 0xe1, 0x24, 0x73, 0xa8, 0x8a, - 0xbd, 0x72, 0xa8, 0xec, 0xbf, 0x1e, 0x80, 0x93, 0x5d, 0x49, 0x7d, 0xe8, 0x79, 0x18, 0x51, 0x5f, - 0x49, 0xba, 0x20, 0x2b, 0x66, 0x54, 0xac, 0x86, 0xe1, 0x04, 0x66, 0x1f, 0x4b, 0x75, 0x11, 0x4e, - 0x85, 0xe4, 0xd5, 0x36, 0x69, 0x93, 0x99, 0x8d, 0x98, 0x84, 0x55, 0x52, 0x0b, 0xfc, 0x3a, 0x2f, - 0x54, 0x5b, 0x9c, 0xbd, 0xff, 0xd6, 0xee, 0xe4, 0x29, 0xdc, 0x0d, 0xc6, 0x59, 0xcf, 0xa0, 0x16, - 0x8c, 0x7a, 0xa6, 0xed, 0x2c, 0xb6, 0x6c, 0x77, 0x64, 0x76, 0xab, 0xd9, 0x9a, 0x68, 0xc6, 0x49, - 0x06, 0x49, 0x03, 0xbc, 0x74, 0x97, 0x0c, 0xf0, 0x8f, 0x6a, 0x03, 0x9c, 0x07, 0xc5, 0xbc, 0x37, - 0xe7, 0xa4, 0xce, 0x7e, 0x2c, 0xf0, 0xc3, 0xd8, 0xd4, 0x2f, 0x42, 0x59, 0x06, 0x0c, 0xf6, 0x15, - 0x68, 0x67, 0xd2, 0xe9, 0x21, 0xdb, 0x1f, 0x83, 0x37, 0x9f, 0x0f, 0x43, 0x63, 0x30, 0xaf, 0x04, - 0xf1, 0x8c, 0xe7, 0x05, 0x37, 0xa9, 0xb9, 0x72, 0x35, 0x22, 0xc2, 0x27, 0x66, 0xdf, 0x2e, 0x40, - 0xc6, 0xf6, 0x92, 0xae, 0x49, 0x6d, 0x23, 0x25, 0xd6, 0xe4, 0xc1, 0xec, 0x24, 0xb4, 0xc3, 0x83, - 0x2a, 0xb9, 0x35, 0xf0, 0x9e, 0xbc, 0xb7, 0xc7, 0x3a, 0xce, 0x52, 0x49, 0x4a, 0x15, 0x6b, 0xf9, - 0x34, 0x80, 0x36, 0x6d, 0x45, 0x1e, 0x91, 0x0a, 0x94, 0xd0, 0x16, 0x30, 0x36, 0xb0, 0xd0, 0x73, - 0x30, 0xec, 0xfa, 0x51, 0xec, 0x78, 0xde, 0x45, 0xd7, 0x8f, 0x85, 0xdb, 0x57, 0x99, 0x3d, 0x8b, - 0x1a, 0x84, 0x4d, 0xbc, 0xb3, 0x6f, 0x33, 0xbe, 0xdf, 0x41, 0xbe, 0xfb, 0x26, 0x3c, 0xb0, 0xe0, - 0xc6, 0x2a, 0xfb, 0x4d, 0xcd, 0x37, 0x6a, 0xb9, 0x2a, 0x59, 0x65, 0xf5, 0xcc, 0xf7, 0x34, 0xb2, - 0xcf, 0x0a, 0xc9, 0x64, 0xb9, 0x74, 0xf6, 0x99, 0xfd, 0x3c, 0x9c, 0x5e, 0x70, 0xe3, 0x0b, 0xae, - 0x47, 0x0e, 0xc8, 0xc4, 0xfe, 0x9d, 0x41, 0x18, 0x31, 0x33, 0xbd, 0x0f, 0x22, 0xae, 0x3f, 0x43, - 0x8d, 0x53, 0xf1, 0x76, 0xae, 0x3a, 0xd1, 0xbd, 0x7e, 0xe8, 0xb4, 0xf3, 0xec, 0x11, 0x33, 0xec, - 0x53, 0xcd, 0x13, 0x9b, 0x1d, 0x40, 0x37, 0xa1, 0xb4, 0xc1, 0xb2, 0xa3, 0x8a, 0x79, 0xc4, 0xe2, - 0x64, 0x8d, 0xa8, 0x5e, 0x8e, 0x3c, 0xbf, 0x8a, 0xf3, 0xa3, 0x36, 0x45, 0x98, 0x4c, 0xca, 0x35, - 0x62, 0xd6, 0x85, 0xb2, 0x52, 0x18, 0xbd, 0x54, 0x42, 0xe9, 0x0e, 0x54, 0x42, 0x42, 0x40, 0x0f, - 0xde, 0x25, 0x01, 0xcd, 0x32, 0xdd, 0xe2, 0x4d, 0x66, 0xf1, 0x8a, 0x24, 0x9b, 0x21, 0x36, 0x08, - 0x46, 0xa6, 0x5b, 0x02, 0x8c, 0xd3, 0xf8, 0xe8, 0x43, 0x4a, 0xc4, 0x97, 0xf3, 0xf0, 0x98, 0x9b, - 0x33, 0xfa, 0xa8, 0xa5, 0xfb, 0xa7, 0x0a, 0x30, 0xb6, 0xe0, 0xb7, 0x57, 0x17, 0x56, 0xdb, 0xeb, - 0x9e, 0x5b, 0xbb, 0x4c, 0x3a, 0x54, 0x84, 0x6f, 0x91, 0xce, 0xe2, 0xbc, 0x58, 0x41, 0x6a, 0xce, - 0x5c, 0xa6, 0x8d, 0x98, 0xc3, 0xa8, 0x30, 0xda, 0x70, 0xfd, 0x06, 0x09, 0x5b, 0xa1, 0x2b, 0x9c, - 0xd9, 0x86, 0x30, 0xba, 0xa0, 0x41, 0xd8, 0xc4, 0xa3, 0xb4, 0x83, 0x9b, 0x3e, 0x09, 0xd3, 0xa6, - 0xff, 0x0a, 0x6d, 0xc4, 0x1c, 0x46, 0x91, 0xe2, 0xb0, 0x2d, 0x7c, 0x45, 0x06, 0xd2, 0x1a, 0x6d, - 0xc4, 0x1c, 0x46, 0x57, 0x7a, 0xd4, 0x5e, 0x67, 0xa1, 0x4e, 0xa9, 0x8c, 0x9e, 0x2a, 0x6f, 0xc6, - 0x12, 0x4e, 0x51, 0xb7, 0x48, 0x67, 0xde, 0x89, 0x9d, 0x74, 0xda, 0xe3, 0x65, 0xde, 0x8c, 0x25, - 0x9c, 0x95, 0xd2, 0x4d, 0x0e, 0xc7, 0xf7, 0x5d, 0x29, 0xdd, 0x64, 0xf7, 0x7b, 0x78, 0x1c, 0xfe, - 0x5e, 0x01, 0x46, 0xcc, 0x00, 0x45, 0xd4, 0x48, 0x99, 0xe9, 0x2b, 0x5d, 0x95, 0xd8, 0xdf, 0x91, - 0x75, 0x4b, 0x69, 0xc3, 0x8d, 0x83, 0x56, 0xf4, 0x24, 0xf1, 0x1b, 0xae, 0x4f, 0x58, 0xac, 0x06, - 0x0f, 0x6c, 0x4c, 0x44, 0x3f, 0xce, 0x05, 0x75, 0x72, 0x27, 0x76, 0xfe, 0xdd, 0xb8, 0xc9, 0xe5, - 0x3a, 0x9c, 0xec, 0xca, 0xaf, 0xed, 0xc3, 0xec, 0xd9, 0xb7, 0xfe, 0x81, 0x8d, 0x61, 0x98, 0x12, - 0x96, 0x25, 0xe4, 0xe6, 0xe0, 0x24, 0x5f, 0xbc, 0x94, 0x13, 0x4b, 0x97, 0x54, 0x39, 0xd3, 0xec, - 0xb4, 0xe6, 0x5a, 0x1a, 0x88, 0xbb, 0xf1, 0xed, 0x4f, 0x5b, 0x30, 0x9a, 0x48, 0x79, 0xce, 0xc9, - 0x40, 0x63, 0xab, 0x3b, 0x60, 0x31, 0xba, 0x2c, 0x67, 0xa2, 0xc8, 0x14, 0xb8, 0x5e, 0xdd, 0x1a, - 0x84, 0x4d, 0x3c, 0xfb, 0xf3, 0x05, 0x28, 0xcb, 0x90, 0xa2, 0x3e, 0xba, 0xf2, 0x49, 0x0b, 0x46, - 0xd5, 0x09, 0x19, 0x73, 0x69, 0x16, 0xf2, 0xc8, 0xc0, 0xa2, 0x3d, 0x50, 0x4e, 0x11, 0x7f, 0x23, - 0xd0, 0xbb, 0x05, 0x6c, 0x32, 0xc3, 0x49, 0xde, 0xe8, 0x1a, 0x40, 0xd4, 0x89, 0x62, 0xd2, 0x34, - 0x9c, 0xab, 0xb6, 0x31, 0xcb, 0xa6, 0x6a, 0x41, 0x48, 0xe8, 0x9c, 0xba, 0x12, 0xd4, 0x49, 0x55, - 0x61, 0x6a, 0xb3, 0x4d, 0xb7, 0x61, 0x83, 0x92, 0xfd, 0x6b, 0x05, 0x38, 0x91, 0xee, 0x12, 0x7a, - 0x2f, 0x8c, 0x48, 0xee, 0xc6, 0x26, 0x5c, 0x06, 0x44, 0x8d, 0x60, 0x03, 0x76, 0x7b, 0x77, 0x72, - 0xb2, 0xfb, 0x96, 0xdd, 0x29, 0x13, 0x05, 0x27, 0x88, 0xf1, 0x63, 0x4a, 0x71, 0x9e, 0x3e, 0xdb, - 0x99, 0x69, 0xb5, 0xc4, 0x59, 0xa3, 0x71, 0x4c, 0x69, 0x42, 0x71, 0x0a, 0x1b, 0xad, 0xc2, 0x69, - 0xa3, 0xe5, 0x0a, 0x71, 0x1b, 0x9b, 0xeb, 0x41, 0x28, 0x77, 0x7d, 0x0f, 0xe9, 0xf0, 0xcb, 0x6e, - 0x1c, 0x9c, 0xf9, 0x24, 0xb5, 0x30, 0x6a, 0x4e, 0xcb, 0xa9, 0xb9, 0x71, 0x47, 0x78, 0x8b, 0x95, - 0x3c, 0x9c, 0x13, 0xed, 0x58, 0x61, 0xd8, 0xbf, 0x3a, 0x00, 0x27, 0x78, 0xbc, 0x21, 0x51, 0xe1, - 0xb4, 0xe8, 0xbd, 0x50, 0x89, 0x62, 0x27, 0xe4, 0x5b, 0x7e, 0xeb, 0xc0, 0x32, 0x40, 0x27, 0x3c, - 0x4b, 0x22, 0x58, 0xd3, 0x43, 0x2f, 0xb1, 0x6a, 0x51, 0x6e, 0xb4, 0xc9, 0xa8, 0x17, 0xee, 0xcc, - 0xa1, 0x70, 0x41, 0x51, 0xc0, 0x06, 0x35, 0xf4, 0x76, 0x28, 0xb5, 0x36, 0x9d, 0x48, 0x7a, 0xbb, - 0x1e, 0x93, 0x0b, 0x6e, 0x95, 0x36, 0xde, 0xde, 0x9d, 0x3c, 0x93, 0x7e, 0x55, 0x06, 0xc0, 0xfc, - 0x21, 0x53, 0x5c, 0x0e, 0xec, 0x7f, 0xa3, 0x49, 0x3d, 0xec, 0x54, 0x2f, 0xce, 0xa4, 0xef, 0xc0, - 0x98, 0x67, 0xad, 0x58, 0x40, 0xe9, 0xe2, 0xde, 0xe4, 0x2c, 0xeb, 0x14, 0x79, 0x30, 0xa9, 0xba, - 0x2f, 0x6a, 0x10, 0x36, 0xf1, 0xd0, 0xa7, 0xba, 0xa3, 0x51, 0x87, 0x8e, 0x20, 0x55, 0xa1, 0xdf, - 0x38, 0xd4, 0xf3, 0x50, 0x11, 0x5d, 0x5d, 0x0b, 0xd0, 0xf3, 0x30, 0xc2, 0x9d, 0x29, 0xb3, 0xa1, - 0xe3, 0xd7, 0x36, 0xd3, 0x2e, 0x90, 0x35, 0x03, 0x86, 0x13, 0x98, 0xf6, 0x32, 0x0c, 0xf4, 0x29, - 0xad, 0xfa, 0xda, 0xd9, 0xbe, 0x08, 0x65, 0x4a, 0x4e, 0x6e, 0x5f, 0xf2, 0x20, 0x19, 0x40, 0x59, - 0xde, 0x8f, 0x87, 0x6c, 0x28, 0xba, 0x8e, 0x8c, 0x3a, 0x50, 0x4b, 0x68, 0x31, 0x8a, 0xda, 0x6c, - 0xda, 0x51, 0x20, 0x7a, 0x14, 0x8a, 0x64, 0xa7, 0x95, 0x0e, 0x2f, 0x38, 0xbf, 0xd3, 0x72, 0x43, - 0x12, 0x51, 0x24, 0xb2, 0xd3, 0x42, 0x67, 0xa1, 0xe0, 0xd6, 0xc5, 0x8c, 0x04, 0x81, 0x53, 0x58, - 0x9c, 0xc7, 0x05, 0xb7, 0x6e, 0xef, 0x40, 0x45, 0x5d, 0xc8, 0x87, 0xb6, 0xa4, 0x6d, 0x62, 0xe5, - 0x11, 0x6f, 0x2a, 0xe9, 0xf6, 0xb0, 0x4a, 0xda, 0x00, 0x3a, 0x93, 0x3e, 0x2f, 0x5d, 0x76, 0x0e, - 0x06, 0x6a, 0x81, 0xa8, 0x81, 0x52, 0xd6, 0x64, 0x98, 0x51, 0xc2, 0x20, 0xf6, 0x75, 0x18, 0xbb, - 0xec, 0x07, 0x37, 0xd9, 0xbd, 0x39, 0xac, 0x4c, 0x2c, 0x25, 0xbc, 0x41, 0x7f, 0xa4, 0x4d, 0x60, - 0x06, 0xc5, 0x1c, 0xa6, 0x0a, 0x58, 0x16, 0x7a, 0x15, 0xb0, 0xb4, 0x3f, 0x6c, 0xc1, 0x88, 0x4a, - 0xc9, 0x5d, 0xd8, 0xde, 0xa2, 0x74, 0x1b, 0x61, 0xd0, 0x6e, 0xa5, 0xe9, 0xb2, 0xbb, 0x3f, 0x31, - 0x87, 0x99, 0xb9, 0xea, 0x85, 0x7d, 0x72, 0xd5, 0xcf, 0xc1, 0xc0, 0x96, 0xeb, 0xd7, 0xd3, 0x2e, - 0xc3, 0xcb, 0xae, 0x5f, 0xc7, 0x0c, 0x42, 0xbb, 0x70, 0x42, 0x75, 0x41, 0x1a, 0x1f, 0xcf, 0xc3, - 0xc8, 0x7a, 0xdb, 0xf5, 0xea, 0xb2, 0xfe, 0x6d, 0x6a, 0xb9, 0xcc, 0x1a, 0x30, 0x9c, 0xc0, 0x44, - 0x4f, 0x03, 0xac, 0xbb, 0xbe, 0x13, 0x76, 0x56, 0xb5, 0xb5, 0xa3, 0x14, 0xe0, 0xac, 0x82, 0x60, - 0x03, 0xcb, 0xfe, 0x6c, 0x11, 0xc6, 0x92, 0x89, 0xc9, 0x7d, 0xb8, 0x0f, 0x1e, 0x85, 0x12, 0xcb, - 0x55, 0x4e, 0x7f, 0x5a, 0x5e, 0x32, 0x96, 0xc3, 0x50, 0x04, 0x83, 0x7c, 0x31, 0xe7, 0x73, 0x7f, - 0xa2, 0xea, 0xa4, 0xf2, 0x33, 0xb2, 0xa8, 0x5c, 0xe1, 0xb6, 0x15, 0xac, 0xd0, 0xc7, 0x2c, 0x18, - 0x0a, 0x5a, 0x66, 0xe1, 0xc3, 0xf7, 0xe4, 0x99, 0xb4, 0x2d, 0x32, 0x39, 0xc5, 0x8e, 0x4f, 0x7d, - 0x7a, 0xf9, 0x39, 0x24, 0xeb, 0xb3, 0x3f, 0x0e, 0x23, 0x26, 0xe6, 0x7e, 0x9b, 0xbe, 0xb2, 0xb9, - 0xe9, 0xfb, 0xa4, 0x39, 0x29, 0x44, 0x5a, 0x7a, 0x1f, 0xcb, 0xed, 0x2a, 0x94, 0x6a, 0x2a, 0x74, - 0xe9, 0x8e, 0xaa, 0xa6, 0xab, 0xb2, 0x4d, 0xec, 0x58, 0x98, 0x53, 0xb3, 0xbf, 0x6d, 0x19, 0xf3, - 0x03, 0x93, 0x68, 0xb1, 0x8e, 0x42, 0x28, 0x36, 0xb6, 0xb7, 0x84, 0x9a, 0xbf, 0x94, 0xd3, 0xf0, - 0x2e, 0x6c, 0x6f, 0xe9, 0x39, 0x6e, 0xb6, 0x62, 0xca, 0xac, 0x0f, 0x67, 0x78, 0xa2, 0x7a, 0x41, - 0x71, 0xff, 0xea, 0x05, 0xf6, 0xeb, 0x05, 0x38, 0xd9, 0x35, 0xa9, 0xd0, 0x6b, 0x50, 0x0a, 0xe9, - 0x5b, 0x8a, 0xd7, 0x5b, 0xca, 0xad, 0xde, 0x40, 0xb4, 0x58, 0xd7, 0xea, 0x33, 0xd9, 0x8e, 0x39, - 0x4b, 0x74, 0x09, 0x90, 0x0e, 0xb0, 0x53, 0x9e, 0x78, 0xfe, 0xca, 0x2a, 0x0a, 0x67, 0xa6, 0x0b, - 0x03, 0x67, 0x3c, 0x85, 0x5e, 0x48, 0x3b, 0xf4, 0x8b, 0xc9, 0x93, 0xa4, 0xbd, 0x7c, 0xf3, 0xf6, - 0x6f, 0x15, 0x60, 0x34, 0x51, 0x87, 0x12, 0x79, 0x50, 0x26, 0x1e, 0x3b, 0xe6, 0x93, 0xca, 0xe6, - 0xb0, 0xb7, 0x4a, 0x28, 0x05, 0x79, 0x5e, 0xd0, 0xc5, 0x8a, 0xc3, 0xbd, 0x11, 0x9c, 0xf3, 0x3c, - 0x8c, 0xc8, 0x0e, 0xbd, 0xc7, 0x69, 0x7a, 0x62, 0x00, 0xd5, 0x1c, 0x3d, 0x6f, 0xc0, 0x70, 0x02, - 0xd3, 0xfe, 0xbd, 0x22, 0x4c, 0xf0, 0x73, 0xd1, 0xba, 0x9a, 0x79, 0xcb, 0xd2, 0x9f, 0xf0, 0x0b, - 0xba, 0x5a, 0xac, 0x95, 0xc7, 0xd5, 0xc9, 0xbd, 0x18, 0xf5, 0x15, 0x53, 0xfa, 0xa5, 0x54, 0x4c, - 0x29, 0xdf, 0xe2, 0x35, 0x8e, 0xa8, 0x47, 0xdf, 0x5f, 0x41, 0xa6, 0xff, 0xa4, 0x00, 0xe3, 0xa9, - 0x1b, 0xb2, 0xd0, 0x67, 0x93, 0x97, 0x2a, 0x58, 0x79, 0x9c, 0x19, 0xed, 0x79, 0x69, 0xd2, 0xc1, - 0xae, 0x56, 0xb8, 0x4b, 0x4b, 0xc5, 0xfe, 0x56, 0x01, 0xc6, 0x92, 0x57, 0x7b, 0xdd, 0x83, 0x23, - 0xf5, 0x56, 0xa8, 0xb0, 0xdb, 0x6b, 0xd8, 0x8d, 0xf4, 0xfc, 0xc8, 0x89, 0x5f, 0x14, 0x22, 0x1b, - 0xb1, 0x86, 0xdf, 0x13, 0x37, 0x56, 0xd8, 0xff, 0xcc, 0x82, 0x33, 0xfc, 0x2d, 0xd3, 0xf3, 0xf0, - 0xef, 0x64, 0x8d, 0xee, 0xcb, 0xf9, 0x76, 0x30, 0x55, 0xe5, 0x78, 0xbf, 0xf1, 0x65, 0x17, 0x48, - 0x8b, 0xde, 0x26, 0xa7, 0xc2, 0x3d, 0xd8, 0xd9, 0x03, 0x4d, 0x06, 0xfb, 0x5b, 0x45, 0xd0, 0x77, - 0x66, 0x23, 0x57, 0x64, 0xbd, 0xe7, 0x52, 0xed, 0xb9, 0xda, 0xf1, 0x6b, 0xfa, 0x76, 0xee, 0x72, - 0x2a, 0xe9, 0xfd, 0xe7, 0x2c, 0x18, 0x76, 0x7d, 0x37, 0x76, 0x1d, 0xe6, 0xb2, 0xc9, 0xe7, 0xe2, - 0x5b, 0xc5, 0x6e, 0x91, 0x53, 0x0e, 0x42, 0xf3, 0x9c, 0x52, 0x31, 0xc3, 0x26, 0x67, 0xf4, 0x7e, - 0x91, 0xf6, 0x51, 0xcc, 0xad, 0x74, 0x44, 0x39, 0x95, 0xeb, 0xd1, 0xa2, 0x86, 0x57, 0x1c, 0xe6, - 0x54, 0x71, 0x05, 0x53, 0x52, 0xea, 0xe2, 0x00, 0x65, 0xda, 0xb2, 0x66, 0xcc, 0x19, 0xd9, 0x11, - 0xa0, 0xee, 0xb1, 0x38, 0x60, 0x48, 0xfd, 0x34, 0x54, 0x9c, 0x76, 0x1c, 0x34, 0xe9, 0x30, 0x89, - 0xa3, 0x54, 0x9d, 0x34, 0x20, 0x01, 0x58, 0xe3, 0xd8, 0x9f, 0x2d, 0x41, 0x2a, 0x0d, 0x1d, 0xed, - 0x98, 0xf7, 0xbd, 0x5b, 0xf9, 0xde, 0xf7, 0xae, 0x3a, 0x93, 0x75, 0xe7, 0x3b, 0x6a, 0x48, 0xef, - 0x17, 0xb7, 0x31, 0x5f, 0x4c, 0x7b, 0xbf, 0x7e, 0xa2, 0xbf, 0x53, 0x05, 0x3a, 0x57, 0xa7, 0x79, - 0x15, 0xaf, 0xa9, 0x7d, 0x1d, 0x65, 0xfb, 0x5d, 0xfd, 0xfb, 0x11, 0x71, 0x4d, 0x0f, 0x26, 0x51, - 0xdb, 0x8b, 0xc5, 0x6c, 0x78, 0x31, 0xc7, 0x55, 0xc6, 0x09, 0xeb, 0x5a, 0x2e, 0xfc, 0x3f, 0x36, - 0x98, 0x26, 0xdd, 0x99, 0x83, 0x47, 0xea, 0xce, 0x1c, 0xca, 0xd5, 0x9d, 0xf9, 0x34, 0x00, 0x9b, - 0xdb, 0x3c, 0xf4, 0xb7, 0xcc, 0xbc, 0x4c, 0x4a, 0x14, 0x62, 0x05, 0xc1, 0x06, 0x96, 0xfd, 0xa3, - 0x90, 0x2c, 0x46, 0x84, 0x26, 0x65, 0xed, 0x23, 0x7e, 0xe2, 0xc1, 0xb2, 0xae, 0x12, 0x65, 0x8a, - 0x7e, 0xc3, 0x02, 0xb3, 0x62, 0x12, 0x7a, 0x95, 0x97, 0x66, 0xb2, 0xf2, 0x38, 0x19, 0x37, 0xe8, - 0x4e, 0x2d, 0x3b, 0xad, 0x54, 0x88, 0x86, 0xac, 0xcf, 0x74, 0xf6, 0x6d, 0x50, 0x96, 0xd0, 0x03, - 0x19, 0x75, 0x1f, 0x82, 0x53, 0x32, 0x83, 0x5b, 0xfa, 0xe8, 0xc5, 0xa9, 0xea, 0xfe, 0xae, 0x1f, - 0xe9, 0xcf, 0x29, 0xf4, 0xf2, 0xe7, 0xf4, 0x71, 0xeb, 0xff, 0x6f, 0x5a, 0x70, 0x2e, 0xdd, 0x81, - 0x68, 0x39, 0xf0, 0xdd, 0x38, 0x08, 0xab, 0x24, 0x8e, 0x5d, 0xbf, 0xc1, 0x2a, 0x52, 0xde, 0x74, - 0x42, 0x79, 0x2b, 0x09, 0x13, 0x94, 0xd7, 0x9d, 0xd0, 0xc7, 0xac, 0x15, 0x75, 0x60, 0x90, 0xc7, - 0x87, 0x0a, 0x6b, 0xfd, 0x90, 0x6b, 0x23, 0x63, 0x38, 0xf4, 0x76, 0x81, 0xc7, 0xa6, 0x62, 0xc1, - 0xd0, 0xfe, 0xae, 0x05, 0x68, 0x65, 0x9b, 0x84, 0xa1, 0x5b, 0x37, 0x22, 0x5a, 0xd9, 0x75, 0x77, - 0xc6, 0xb5, 0x76, 0x66, 0x7d, 0x81, 0xd4, 0x75, 0x77, 0xc6, 0xbf, 0xec, 0xeb, 0xee, 0x0a, 0x07, - 0xbb, 0xee, 0x0e, 0xad, 0xc0, 0x99, 0x26, 0xdf, 0x6e, 0xf0, 0x2b, 0xa4, 0xf8, 0xde, 0x43, 0xa5, - 0xc2, 0x3e, 0x70, 0x6b, 0x77, 0xf2, 0xcc, 0x72, 0x16, 0x02, 0xce, 0x7e, 0xce, 0x7e, 0x1b, 0x20, - 0x1e, 0xc8, 0x3a, 0x97, 0x15, 0x8b, 0xd7, 0xd3, 0xfd, 0x62, 0x7f, 0xb1, 0x04, 0xe3, 0xa9, 0x9a, - 0xf5, 0x74, 0xab, 0xd7, 0x1d, 0xfc, 0x77, 0x68, 0xfd, 0xdd, 0xdd, 0xbd, 0xbe, 0xc2, 0x09, 0x7d, - 0x28, 0xb9, 0x7e, 0xab, 0x1d, 0xe7, 0x93, 0x89, 0xcf, 0x3b, 0xb1, 0x48, 0x09, 0x1a, 0xee, 0x62, - 0xfa, 0x17, 0x73, 0x36, 0x79, 0x06, 0x27, 0x26, 0x8c, 0xf1, 0x81, 0xbb, 0xe4, 0x0e, 0xf8, 0x88, - 0x0e, 0x15, 0x2c, 0xe5, 0xe1, 0x58, 0x4c, 0x4d, 0x96, 0xa3, 0x0e, 0x25, 0xf9, 0x7a, 0x01, 0x86, - 0x8d, 0x8f, 0x86, 0x7e, 0x25, 0x59, 0x4f, 0xd0, 0xca, 0xef, 0x95, 0x18, 0xfd, 0x29, 0x5d, 0x31, - 0x90, 0xbf, 0xd2, 0x63, 0xdd, 0xa5, 0x04, 0x6f, 0xef, 0x4e, 0x9e, 0x48, 0x15, 0x0b, 0x4c, 0x94, - 0x17, 0x3c, 0xfb, 0x41, 0x18, 0x4f, 0x91, 0xc9, 0x78, 0xe5, 0x35, 0xf3, 0x95, 0x0f, 0xed, 0x96, - 0x32, 0x87, 0xec, 0x6b, 0x74, 0xc8, 0x44, 0x02, 0x70, 0xe0, 0x91, 0x3e, 0x7c, 0xb0, 0xa9, 0x3c, - 0xff, 0x42, 0x9f, 0x79, 0xfe, 0x8f, 0x43, 0xb9, 0x15, 0x78, 0x6e, 0xcd, 0x55, 0xe5, 0x7d, 0x59, - 0x65, 0x81, 0x55, 0xd1, 0x86, 0x15, 0x14, 0xdd, 0x84, 0xca, 0x8d, 0x9b, 0x31, 0x3f, 0xfd, 0x11, - 0xfe, 0xed, 0xbc, 0x0e, 0x7d, 0x94, 0xd1, 0xa2, 0x8e, 0x97, 0xb0, 0xe6, 0x85, 0x6c, 0x18, 0x64, - 0x4a, 0x50, 0x26, 0x03, 0x31, 0xdf, 0x3b, 0xd3, 0x8e, 0x11, 0x16, 0x10, 0xfb, 0x2b, 0x15, 0x38, - 0x9d, 0x75, 0x71, 0x08, 0xfa, 0x00, 0x0c, 0xf2, 0x3e, 0xe6, 0x73, 0x37, 0x55, 0x16, 0x8f, 0x05, - 0x46, 0x50, 0x74, 0x8b, 0xfd, 0xc6, 0x82, 0xa7, 0xe0, 0xee, 0x39, 0xeb, 0x62, 0x86, 0x1c, 0x0d, - 0xf7, 0x25, 0x47, 0x73, 0x5f, 0x72, 0x38, 0x77, 0xcf, 0x59, 0x47, 0x3b, 0x50, 0x6a, 0xb8, 0x31, - 0x71, 0x84, 0x13, 0xe1, 0xfa, 0x91, 0x30, 0x27, 0x0e, 0xb7, 0xd2, 0xd8, 0x4f, 0xcc, 0x19, 0xa2, - 0x2f, 0x5b, 0x30, 0xbe, 0x9e, 0x2c, 0x30, 0x22, 0x84, 0xa7, 0x73, 0x04, 0x97, 0xc3, 0x24, 0x19, - 0xf1, 0xfb, 0x1e, 0x53, 0x8d, 0x38, 0xdd, 0x1d, 0xf4, 0x51, 0x0b, 0x86, 0x36, 0x5c, 0xcf, 0xa8, - 0xbe, 0x7f, 0x04, 0x1f, 0xe7, 0x02, 0x63, 0xa0, 0x77, 0x1c, 0xfc, 0x7f, 0x84, 0x25, 0xe7, 0x5e, - 0x9a, 0x6a, 0xf0, 0xb0, 0x9a, 0x6a, 0xe8, 0x2e, 0x69, 0xaa, 0x4f, 0x58, 0x50, 0x51, 0x23, 0x2d, - 0x0a, 0x35, 0xbc, 0xf7, 0x08, 0x3f, 0x39, 0xf7, 0x9c, 0xa8, 0xbf, 0x58, 0x33, 0x47, 0x9f, 0xb3, - 0x60, 0xd8, 0x79, 0xad, 0x1d, 0x92, 0x3a, 0xd9, 0x0e, 0x5a, 0x91, 0x28, 0x9f, 0xf8, 0x72, 0xfe, - 0x9d, 0x99, 0xa1, 0x4c, 0xe6, 0xc9, 0xf6, 0x4a, 0x2b, 0x12, 0x89, 0x8a, 0xba, 0x01, 0x9b, 0x5d, - 0xb0, 0x77, 0x0b, 0x30, 0xb9, 0x0f, 0x05, 0xf4, 0x3c, 0x8c, 0x04, 0x61, 0xc3, 0xf1, 0xdd, 0xd7, - 0xcc, 0x8a, 0x41, 0xca, 0xca, 0x5a, 0x31, 0x60, 0x38, 0x81, 0x69, 0x96, 0x92, 0x28, 0xec, 0x53, - 0x4a, 0xe2, 0x1c, 0x0c, 0x84, 0xa4, 0x15, 0xa4, 0x37, 0x0b, 0x2c, 0x49, 0x88, 0x41, 0xd0, 0xc3, - 0x50, 0x74, 0x5a, 0xae, 0x08, 0x2d, 0x51, 0x7b, 0xa0, 0x99, 0xd5, 0x45, 0x4c, 0xdb, 0x13, 0x95, - 0x6d, 0x4a, 0xc7, 0x52, 0xd9, 0x86, 0xaa, 0x01, 0x71, 0x76, 0x31, 0xa8, 0xd5, 0x40, 0xf2, 0x4c, - 0xc1, 0x7e, 0xbd, 0x08, 0x0f, 0xef, 0x39, 0x5f, 0x74, 0x9c, 0xa9, 0xb5, 0x47, 0x9c, 0xa9, 0x1c, - 0x9e, 0xc2, 0x7e, 0xc3, 0x53, 0xec, 0x31, 0x3c, 0x1f, 0xa5, 0xcb, 0x40, 0x56, 0x5a, 0xca, 0xe7, - 0xba, 0xdf, 0x5e, 0x85, 0x9b, 0xc4, 0x0a, 0x90, 0x50, 0xac, 0xf9, 0xd2, 0x3d, 0x40, 0xa2, 0x8c, - 0x42, 0x29, 0x0f, 0x35, 0xd0, 0xb3, 0xda, 0x11, 0x9f, 0xfb, 0xbd, 0x6a, 0x33, 0xd8, 0xbf, 0x3d, - 0x00, 0x8f, 0xf6, 0x21, 0xbd, 0xcd, 0x59, 0x6c, 0xf5, 0x39, 0x8b, 0xbf, 0xcf, 0x3f, 0xd3, 0xc7, - 0x33, 0x3f, 0x13, 0xce, 0xff, 0x33, 0xed, 0xfd, 0x85, 0xd0, 0x13, 0x50, 0x76, 0xfd, 0x88, 0xd4, - 0xda, 0x21, 0x8f, 0xb9, 0x37, 0x32, 0x08, 0x17, 0x45, 0x3b, 0x56, 0x18, 0x74, 0x4f, 0x57, 0x73, - 0xe8, 0xf2, 0x1f, 0xca, 0x29, 0x6d, 0xde, 0x4c, 0x46, 0xe4, 0x26, 0xc5, 0xdc, 0x0c, 0x95, 0x00, - 0x9c, 0x8d, 0xfd, 0x77, 0x2d, 0x38, 0xdb, 0x5b, 0xc5, 0xa2, 0xa7, 0x60, 0x78, 0x9d, 0x05, 0x6e, - 0xb1, 0x8b, 0xde, 0xe5, 0xd4, 0x61, 0xef, 0xab, 0x9b, 0xb1, 0x89, 0x83, 0xe6, 0xe0, 0xa4, 0x19, - 0xf1, 0xb5, 0x6c, 0x44, 0x95, 0x30, 0x27, 0xc0, 0x5a, 0x1a, 0x88, 0xbb, 0xf1, 0xed, 0xef, 0x15, - 0xb3, 0xbb, 0xc5, 0x4d, 0xb1, 0x83, 0xcc, 0x66, 0x31, 0x57, 0x0b, 0x7d, 0x48, 0xdc, 0xe2, 0x71, - 0x4b, 0xdc, 0x81, 0x5e, 0x12, 0x17, 0xcd, 0xc3, 0x09, 0xe3, 0x26, 0x3e, 0x5e, 0x48, 0x81, 0x47, - 0x19, 0xaa, 0x2a, 0x48, 0xab, 0x29, 0x38, 0xee, 0x7a, 0xe2, 0x1e, 0x9f, 0x7a, 0xbf, 0x5a, 0x80, - 0x07, 0x7a, 0x5a, 0xbf, 0xc7, 0xa4, 0x51, 0xcc, 0xcf, 0x3f, 0x70, 0x3c, 0x9f, 0xdf, 0xfc, 0x28, - 0xa5, 0xfd, 0x3e, 0x8a, 0xfd, 0xc7, 0x85, 0x9e, 0x0b, 0x81, 0xee, 0x84, 0x7e, 0x60, 0x47, 0xe9, - 0x05, 0x18, 0x75, 0x5a, 0x2d, 0x8e, 0xc7, 0x22, 0xb6, 0x53, 0x55, 0xd7, 0x66, 0x4c, 0x20, 0x4e, - 0xe2, 0xf6, 0x65, 0xd3, 0xfc, 0xa9, 0x05, 0x15, 0x4c, 0x36, 0xb8, 0x34, 0x42, 0x37, 0xc4, 0x10, - 0x59, 0x79, 0xd4, 0xbd, 0xa6, 0x03, 0x1b, 0xb9, 0xac, 0x1e, 0x74, 0xd6, 0x60, 0x1f, 0x36, 0x6f, - 0x59, 0xdd, 0xcd, 0x57, 0xec, 0x7d, 0x37, 0x9f, 0xfd, 0x9d, 0x21, 0xfa, 0x7a, 0xad, 0x60, 0x2e, - 0x24, 0xf5, 0x88, 0x7e, 0xdf, 0x76, 0xe8, 0x89, 0x49, 0xa2, 0xbe, 0xef, 0x55, 0xbc, 0x84, 0x69, - 0x7b, 0xe2, 0x80, 0xac, 0x70, 0xa0, 0x9a, 0x53, 0xc5, 0x7d, 0x6b, 0x4e, 0xbd, 0x00, 0xa3, 0x51, - 0xb4, 0xb9, 0x1a, 0xba, 0xdb, 0x4e, 0x4c, 0x2e, 0x93, 0x8e, 0xb0, 0x7d, 0x75, 0xfd, 0x95, 0xea, - 0x45, 0x0d, 0xc4, 0x49, 0x5c, 0xb4, 0x00, 0x27, 0x75, 0xe5, 0x27, 0x12, 0xc6, 0x2c, 0xa7, 0x88, - 0xcf, 0x04, 0x55, 0x6c, 0x41, 0xd7, 0x8a, 0x12, 0x08, 0xb8, 0xfb, 0x19, 0x2a, 0x4f, 0x13, 0x8d, - 0xb4, 0x23, 0x83, 0x49, 0x79, 0x9a, 0xa0, 0x43, 0xfb, 0xd2, 0xf5, 0x04, 0x5a, 0x86, 0x53, 0x7c, - 0x62, 0xcc, 0xb4, 0x5a, 0xc6, 0x1b, 0x0d, 0x25, 0xeb, 0x0d, 0x2f, 0x74, 0xa3, 0xe0, 0xac, 0xe7, - 0xd0, 0x73, 0x30, 0xac, 0x9a, 0x17, 0xe7, 0xc5, 0xd9, 0x8e, 0xf2, 0x2d, 0x29, 0x32, 0x8b, 0x75, - 0x6c, 0xe2, 0xa1, 0xf7, 0xc0, 0xfd, 0xfa, 0x2f, 0x4f, 0x3c, 0xe5, 0x07, 0x9e, 0xf3, 0xa2, 0xa8, - 0x9e, 0xba, 0xe7, 0x6d, 0x21, 0x13, 0xad, 0x8e, 0x7b, 0x3d, 0x8f, 0xd6, 0xe1, 0xac, 0x02, 0x9d, - 0xf7, 0x63, 0x96, 0x45, 0x16, 0x91, 0x59, 0x27, 0x22, 0x57, 0x43, 0x8f, 0x95, 0xe1, 0xab, 0xe8, - 0xcb, 0xc2, 0x17, 0xdc, 0xf8, 0x62, 0x16, 0x26, 0x5e, 0xc2, 0x7b, 0x50, 0x41, 0xd3, 0x50, 0x21, - 0xbe, 0xb3, 0xee, 0x91, 0x95, 0xb9, 0x45, 0x56, 0x9c, 0xcf, 0x38, 0x5f, 0x3d, 0x2f, 0x01, 0x58, - 0xe3, 0xa8, 0xb8, 0xdf, 0x91, 0x9e, 0x17, 0xd7, 0xaf, 0xc2, 0xe9, 0x46, 0xad, 0x45, 0x2d, 0x42, - 0xb7, 0x46, 0x66, 0x6a, 0x2c, 0xcc, 0x91, 0x7e, 0x18, 0x5e, 0x08, 0x5a, 0x25, 0x50, 0x2c, 0xcc, - 0xad, 0x76, 0xe1, 0xe0, 0xcc, 0x27, 0x59, 0x38, 0x6c, 0x18, 0xec, 0x74, 0x26, 0x4e, 0xa5, 0xc2, - 0x61, 0x69, 0x23, 0xe6, 0x30, 0x74, 0x09, 0x10, 0xcb, 0xc6, 0xb9, 0x18, 0xc7, 0x2d, 0x65, 0x82, - 0x4e, 0x9c, 0x4e, 0x96, 0xd8, 0xba, 0xd0, 0x85, 0x81, 0x33, 0x9e, 0xa2, 0x16, 0x8d, 0x1f, 0x30, - 0xea, 0x13, 0xf7, 0x27, 0x2d, 0x9a, 0x2b, 0xbc, 0x19, 0x4b, 0xb8, 0xfd, 0x27, 0x16, 0x8c, 0xaa, - 0xa5, 0x7d, 0x0c, 0xe9, 0x72, 0x5e, 0x32, 0x5d, 0x6e, 0xe1, 0xf0, 0xc2, 0x91, 0xf5, 0xbc, 0x47, - 0x4c, 0xfa, 0xd7, 0x87, 0x01, 0xb4, 0x00, 0x55, 0xba, 0xcb, 0xea, 0xa9, 0xbb, 0xee, 0x59, 0xe1, - 0x95, 0x55, 0x0c, 0xab, 0x74, 0x77, 0x8b, 0x61, 0x55, 0xe1, 0x8c, 0xb4, 0x2c, 0xf8, 0x61, 0xdf, - 0xc5, 0x20, 0x52, 0xb2, 0xb0, 0x3c, 0xfb, 0xb0, 0x20, 0x74, 0x66, 0x31, 0x0b, 0x09, 0x67, 0x3f, - 0x9b, 0x30, 0x68, 0x86, 0xf6, 0xb5, 0x32, 0xd5, 0xf2, 0x5f, 0xda, 0x90, 0xb7, 0x9b, 0xa5, 0x96, - 0xff, 0xd2, 0x85, 0x2a, 0xd6, 0x38, 0xd9, 0x3a, 0xa0, 0x92, 0x93, 0x0e, 0x80, 0x03, 0xeb, 0x00, - 0x29, 0x8d, 0x86, 0x7b, 0x4a, 0x23, 0x79, 0xa8, 0x30, 0xd2, 0xf3, 0x50, 0xe1, 0x9d, 0x30, 0xe6, - 0xfa, 0x9b, 0x24, 0x74, 0x63, 0x52, 0x67, 0x6b, 0x81, 0x49, 0xaa, 0xb2, 0xb6, 0x00, 0x16, 0x13, - 0x50, 0x9c, 0xc2, 0x4e, 0x8a, 0xd0, 0xb1, 0x3e, 0x44, 0x68, 0x0f, 0xc5, 0x35, 0x9e, 0x8f, 0xe2, - 0x3a, 0x71, 0x78, 0xc5, 0x75, 0xf2, 0x48, 0x15, 0x17, 0xca, 0x45, 0x71, 0xf5, 0xa5, 0x13, 0x8c, - 0x9d, 0xe9, 0xe9, 0x7d, 0x76, 0xa6, 0xbd, 0xb4, 0xd6, 0x99, 0x3b, 0xd6, 0x5a, 0xd9, 0x0a, 0xe9, - 0xbe, 0xa3, 0x56, 0x48, 0x9f, 0x28, 0xc0, 0x19, 0x2d, 0xb2, 0xe9, 0x42, 0x71, 0x37, 0xa8, 0xd0, - 0x62, 0x77, 0x69, 0xf2, 0x33, 0x3a, 0x23, 0xe9, 0x52, 0xe7, 0x6f, 0x2a, 0x08, 0x36, 0xb0, 0x58, - 0xee, 0x22, 0x09, 0x59, 0xe1, 0xf9, 0xb4, 0x3c, 0x9f, 0x13, 0xed, 0x58, 0x61, 0xd0, 0xa9, 0x48, - 0x7f, 0x8b, 0x1c, 0xf4, 0x74, 0x49, 0xd3, 0x39, 0x0d, 0xc2, 0x26, 0x1e, 0x7a, 0x9c, 0x33, 0x61, - 0xb2, 0x84, 0xca, 0xf4, 0x11, 0xbe, 0x11, 0x51, 0xe2, 0x43, 0x41, 0x65, 0x77, 0x58, 0x92, 0x6a, - 0xa9, 0xbb, 0x3b, 0x2c, 0xdc, 0x4d, 0x61, 0xd8, 0xff, 0xd3, 0x82, 0x07, 0x32, 0x87, 0xe2, 0x18, - 0xf4, 0xf4, 0x4e, 0x52, 0x4f, 0x57, 0xf3, 0xda, 0xc4, 0x18, 0x6f, 0xd1, 0x43, 0x67, 0xff, 0x27, - 0x0b, 0xc6, 0x34, 0xfe, 0x31, 0xbc, 0xaa, 0x9b, 0x7c, 0xd5, 0xfc, 0xf6, 0x6b, 0x95, 0xae, 0x77, - 0xfb, 0xbd, 0x02, 0xa8, 0x32, 0xc3, 0x33, 0x35, 0x59, 0xc4, 0x7d, 0x9f, 0x53, 0xe3, 0x0e, 0x0c, - 0xb2, 0x43, 0xef, 0x28, 0x9f, 0x80, 0x9e, 0x24, 0x7f, 0x76, 0x80, 0xae, 0x03, 0x0a, 0xd8, 0xdf, - 0x08, 0x0b, 0x86, 0xec, 0x5a, 0x04, 0x5e, 0xc1, 0xb5, 0x2e, 0x52, 0xf0, 0xf4, 0xb5, 0x08, 0xa2, - 0x1d, 0x2b, 0x0c, 0xaa, 0x49, 0xdc, 0x5a, 0xe0, 0xcf, 0x79, 0x4e, 0x24, 0xaf, 0xd7, 0x56, 0x9a, - 0x64, 0x51, 0x02, 0xb0, 0xc6, 0x61, 0xe7, 0xe1, 0x6e, 0xd4, 0xf2, 0x9c, 0x8e, 0xb1, 0x2b, 0x37, - 0x6a, 0xad, 0x28, 0x10, 0x36, 0xf1, 0xec, 0x26, 0x4c, 0x24, 0x5f, 0x62, 0x9e, 0x6c, 0xb0, 0x60, - 0xd4, 0xbe, 0x86, 0x73, 0x1a, 0x2a, 0x0e, 0x7b, 0x6a, 0xa9, 0xed, 0x08, 0x99, 0xa0, 0x43, 0x32, - 0x25, 0x00, 0x6b, 0x1c, 0xfb, 0x9f, 0x5a, 0x70, 0x2a, 0x63, 0xd0, 0x72, 0x4c, 0x71, 0x8c, 0xb5, - 0xb4, 0xc9, 0xb2, 0x01, 0x7e, 0x04, 0x86, 0xea, 0x64, 0xc3, 0x91, 0xe1, 0x8e, 0x86, 0xf4, 0x9c, - 0xe7, 0xcd, 0x58, 0xc2, 0xed, 0xdf, 0x2a, 0xc0, 0x78, 0xb2, 0xaf, 0x11, 0x4b, 0x1b, 0xe2, 0xc3, - 0xe4, 0x46, 0xb5, 0x60, 0x9b, 0x84, 0x1d, 0xfa, 0xe6, 0x56, 0x2a, 0x6d, 0xa8, 0x0b, 0x03, 0x67, - 0x3c, 0xc5, 0x8a, 0x8c, 0xd7, 0xd5, 0x68, 0xcb, 0x19, 0x79, 0x2d, 0xcf, 0x19, 0xa9, 0x3f, 0xa6, - 0x19, 0x1a, 0xa1, 0x58, 0x62, 0x93, 0x3f, 0xb5, 0x45, 0x58, 0x1c, 0xf6, 0x6c, 0xdb, 0xf5, 0x62, - 0xd7, 0x17, 0xaf, 0x2c, 0xe6, 0xaa, 0xb2, 0x45, 0x96, 0xbb, 0x51, 0x70, 0xd6, 0x73, 0xf6, 0x77, - 0x07, 0x40, 0xa5, 0xef, 0xb3, 0xd0, 0xb5, 0x9c, 0x02, 0xff, 0x0e, 0x9a, 0x7c, 0xa6, 0xe6, 0xd6, - 0xc0, 0x5e, 0xb1, 0x24, 0xdc, 0x95, 0x63, 0xfa, 0x73, 0xd5, 0x80, 0xad, 0x69, 0x10, 0x36, 0xf1, - 0x68, 0x4f, 0x3c, 0x77, 0x9b, 0xf0, 0x87, 0x06, 0x93, 0x3d, 0x59, 0x92, 0x00, 0xac, 0x71, 0x68, - 0x4f, 0xea, 0xee, 0xc6, 0x86, 0xf0, 0x4b, 0xa8, 0x9e, 0xd0, 0xd1, 0xc1, 0x0c, 0xc2, 0xaf, 0xa1, - 0x08, 0xb6, 0x84, 0xfd, 0x6d, 0x5c, 0x43, 0x11, 0x6c, 0x61, 0x06, 0xa1, 0x5f, 0xc9, 0x0f, 0xc2, - 0xa6, 0xe3, 0xb9, 0xaf, 0x91, 0xba, 0xe2, 0x22, 0xec, 0x6e, 0xf5, 0x95, 0xae, 0x74, 0xa3, 0xe0, - 0xac, 0xe7, 0xe8, 0x84, 0x6e, 0x85, 0xa4, 0xee, 0xd6, 0x62, 0x93, 0x1a, 0x24, 0x27, 0xf4, 0x6a, - 0x17, 0x06, 0xce, 0x78, 0x0a, 0xcd, 0xc0, 0xb8, 0x2c, 0xbf, 0x20, 0x0b, 0x7a, 0x0d, 0x27, 0x0b, - 0x08, 0xe1, 0x24, 0x18, 0xa7, 0xf1, 0xa9, 0x90, 0x6c, 0x8a, 0x72, 0x84, 0xcc, 0x4c, 0x37, 0x84, - 0xa4, 0x2c, 0x53, 0x88, 0x15, 0x86, 0xfd, 0x91, 0x22, 0x55, 0xea, 0x3d, 0xaa, 0x7e, 0x1e, 0x5b, - 0xa0, 0x69, 0x72, 0x46, 0x0e, 0xf4, 0x31, 0x23, 0x9f, 0x85, 0x91, 0x1b, 0x51, 0xe0, 0xab, 0x20, - 0xce, 0x52, 0xcf, 0x20, 0x4e, 0x03, 0x2b, 0x3b, 0x88, 0x73, 0x30, 0xaf, 0x20, 0xce, 0xa1, 0x3b, - 0x0c, 0xe2, 0xfc, 0x83, 0x12, 0xa8, 0x7b, 0xc6, 0xae, 0x90, 0xf8, 0x66, 0x10, 0x6e, 0xb9, 0x7e, - 0x83, 0x95, 0x12, 0xf8, 0xb2, 0x25, 0xab, 0x11, 0x2c, 0x99, 0x49, 0x78, 0x1b, 0x39, 0xdd, 0x15, - 0x95, 0x60, 0x36, 0xb5, 0x66, 0x30, 0x4a, 0x5d, 0x87, 0x6e, 0x82, 0x70, 0xa2, 0x47, 0xe8, 0x83, - 0x00, 0xd2, 0x89, 0xbb, 0x21, 0x25, 0xf0, 0x62, 0x3e, 0xfd, 0xc3, 0x64, 0x43, 0x9b, 0xd4, 0x6b, - 0x8a, 0x09, 0x36, 0x18, 0xa2, 0x4f, 0xe8, 0x04, 0x45, 0x9e, 0xed, 0xf1, 0xfe, 0x23, 0x19, 0x9b, - 0x7e, 0xd2, 0x13, 0x31, 0x0c, 0xb9, 0x7e, 0x83, 0xce, 0x13, 0x11, 0xec, 0xf6, 0x96, 0xac, 0x92, - 0x2f, 0x4b, 0x81, 0x53, 0x9f, 0x75, 0x3c, 0xc7, 0xaf, 0x91, 0x70, 0x91, 0xa3, 0x6b, 0x0d, 0x2a, - 0x1a, 0xb0, 0x24, 0xd4, 0x75, 0x19, 0x5a, 0xa9, 0x9f, 0xcb, 0xd0, 0xce, 0xbe, 0x0b, 0x4e, 0x76, - 0x7d, 0xcc, 0x03, 0x65, 0x23, 0xde, 0x79, 0x22, 0xa3, 0xfd, 0xdb, 0x83, 0x5a, 0x69, 0x5d, 0x09, - 0xea, 0xfc, 0x6e, 0xad, 0x50, 0x7f, 0x51, 0x61, 0x32, 0xe7, 0x38, 0x45, 0x94, 0x9a, 0x31, 0x1a, - 0xb1, 0xc9, 0x92, 0xce, 0xd1, 0x96, 0x13, 0x12, 0xff, 0xa8, 0xe7, 0xe8, 0xaa, 0x62, 0x82, 0x0d, - 0x86, 0x68, 0x33, 0x91, 0x8e, 0x74, 0xe1, 0xf0, 0xe9, 0x48, 0xac, 0x00, 0x5f, 0xd6, 0x15, 0x34, - 0x9f, 0xb3, 0x60, 0xcc, 0x4f, 0xcc, 0xdc, 0x7c, 0x22, 0x90, 0xb3, 0x57, 0x05, 0xbf, 0xa6, 0x32, - 0xd9, 0x86, 0x53, 0xfc, 0xb3, 0x54, 0x5a, 0xe9, 0x80, 0x2a, 0x4d, 0xdf, 0xed, 0x37, 0xd8, 0xeb, - 0x6e, 0x3f, 0xe4, 0xab, 0x1b, 0x57, 0x87, 0x72, 0xbf, 0x71, 0x15, 0x32, 0x6e, 0x5b, 0xbd, 0x0e, - 0x95, 0x5a, 0x48, 0x9c, 0xf8, 0x0e, 0x2f, 0xdf, 0x64, 0xb1, 0x1d, 0x73, 0x92, 0x00, 0xd6, 0xb4, - 0xec, 0xff, 0x33, 0x00, 0x27, 0xe4, 0x88, 0xc8, 0xec, 0x05, 0xaa, 0x1f, 0x39, 0x5f, 0x6d, 0x2b, - 0x2b, 0xfd, 0x78, 0x51, 0x02, 0xb0, 0xc6, 0xa1, 0xf6, 0x58, 0x3b, 0x22, 0x2b, 0x2d, 0xe2, 0x2f, - 0xb9, 0xeb, 0x91, 0x38, 0x8c, 0x55, 0x0b, 0xe5, 0xaa, 0x06, 0x61, 0x13, 0x8f, 0xda, 0xf6, 0x8e, - 0x61, 0xb4, 0x1a, 0xb6, 0xbd, 0x34, 0x54, 0x25, 0x1c, 0xfd, 0x52, 0x66, 0x19, 0xf2, 0x7c, 0x72, - 0xfe, 0xba, 0x92, 0x36, 0x0e, 0x78, 0x75, 0xf4, 0x3f, 0xb2, 0xe0, 0x0c, 0x6f, 0x95, 0x23, 0x79, - 0xb5, 0x55, 0x77, 0x62, 0x12, 0xe5, 0x73, 0x7d, 0x49, 0x46, 0xff, 0xb4, 0x7b, 0x39, 0x8b, 0x2d, - 0xce, 0xee, 0x0d, 0xfa, 0xac, 0x05, 0xe3, 0x5b, 0x89, 0x72, 0x31, 0x52, 0x75, 0x1c, 0xb6, 0x92, - 0x43, 0x82, 0xa8, 0x5e, 0x6a, 0xc9, 0xf6, 0x08, 0xa7, 0xb9, 0xdb, 0xff, 0xc3, 0x02, 0x53, 0x8c, - 0x1e, 0x7f, 0x95, 0x99, 0x83, 0x9b, 0x82, 0xd2, 0xba, 0x2c, 0xf5, 0xb4, 0x2e, 0x1f, 0x86, 0x62, - 0xdb, 0xad, 0x8b, 0xfd, 0x85, 0x3e, 0x22, 0x5e, 0x9c, 0xc7, 0xb4, 0xdd, 0xfe, 0x57, 0x25, 0xed, - 0x06, 0x11, 0x29, 0x75, 0x3f, 0x10, 0xaf, 0xbd, 0xa1, 0xea, 0x30, 0xf2, 0x37, 0xbf, 0xd2, 0x55, - 0x87, 0xf1, 0xed, 0x07, 0xcf, 0x98, 0xe4, 0x03, 0xd4, 0xab, 0x0c, 0xe3, 0xd0, 0x3e, 0xe9, 0x92, - 0x37, 0xa0, 0x4c, 0xb7, 0x60, 0xcc, 0x9f, 0x59, 0x4e, 0x74, 0xaa, 0x7c, 0x51, 0xb4, 0xdf, 0xde, - 0x9d, 0xfc, 0xf1, 0x83, 0x77, 0x4b, 0x3e, 0x8d, 0x15, 0x7d, 0x14, 0x41, 0x85, 0xfe, 0x66, 0x99, - 0x9d, 0x62, 0x73, 0x77, 0x55, 0xc9, 0x4c, 0x09, 0xc8, 0x25, 0x6d, 0x54, 0xf3, 0x41, 0x3e, 0x54, - 0xd8, 0x2d, 0xfb, 0x8c, 0x29, 0xdf, 0x03, 0xae, 0xaa, 0xfc, 0x4a, 0x09, 0xb8, 0xbd, 0x3b, 0xf9, - 0xc2, 0xc1, 0x99, 0xaa, 0xc7, 0xb1, 0x66, 0x61, 0xff, 0xcd, 0x80, 0x9e, 0xbb, 0xa2, 0xfc, 0xe6, - 0x0f, 0xc4, 0xdc, 0x7d, 0x3e, 0x35, 0x77, 0xcf, 0x75, 0xcd, 0xdd, 0x31, 0x7d, 0x05, 0x7b, 0x62, - 0x36, 0x1e, 0xb7, 0x21, 0xb0, 0xbf, 0xbf, 0x81, 0x59, 0x40, 0xaf, 0xb6, 0xdd, 0x90, 0x44, 0xab, - 0x61, 0xdb, 0x77, 0xfd, 0x06, 0x9b, 0x8e, 0x65, 0xd3, 0x02, 0x4a, 0x80, 0x71, 0x1a, 0x9f, 0x6e, - 0xea, 0xe9, 0x37, 0xbf, 0xee, 0x6c, 0xf3, 0x59, 0x65, 0x54, 0x6c, 0xab, 0x8a, 0x76, 0xac, 0x30, - 0xd0, 0x26, 0x3c, 0x24, 0x09, 0xcc, 0x13, 0x8f, 0x88, 0x3b, 0xd4, 0x37, 0xdc, 0xb0, 0xc9, 0x03, - 0xc4, 0x79, 0x64, 0xc2, 0x9b, 0x05, 0x85, 0x87, 0xf0, 0x1e, 0xb8, 0x78, 0x4f, 0x4a, 0xf6, 0xd7, - 0xd8, 0x79, 0xbd, 0x91, 0xbc, 0x4e, 0x67, 0x9f, 0xe7, 0x36, 0x5d, 0x59, 0x58, 0x4e, 0xcd, 0xbe, - 0x25, 0xda, 0x88, 0x39, 0x0c, 0xdd, 0x84, 0xa1, 0x75, 0x7e, 0xd5, 0x6d, 0x3e, 0xd7, 0x6a, 0x88, - 0x7b, 0x73, 0x59, 0x75, 0x56, 0x79, 0x89, 0xee, 0x6d, 0xfd, 0x13, 0x4b, 0x6e, 0xf6, 0x37, 0x4b, - 0x30, 0x9e, 0xba, 0xd7, 0x3e, 0x51, 0xb2, 0xba, 0xb0, 0x6f, 0xc9, 0xea, 0xf7, 0x01, 0xd4, 0x49, - 0xcb, 0x0b, 0x3a, 0xcc, 0xf0, 0x1b, 0x38, 0xb0, 0xe1, 0xa7, 0xf6, 0x0a, 0xf3, 0x8a, 0x0a, 0x36, - 0x28, 0x8a, 0x6a, 0x7a, 0xbc, 0x02, 0x76, 0xaa, 0x9a, 0x9e, 0x71, 0xf9, 0xce, 0xe0, 0xf1, 0x5e, - 0xbe, 0xe3, 0xc2, 0x38, 0xef, 0xa2, 0x4a, 0x11, 0xbf, 0x83, 0x4c, 0x70, 0x96, 0x64, 0x33, 0x9f, - 0x24, 0x83, 0xd3, 0x74, 0xcd, 0x9b, 0x75, 0xca, 0xc7, 0x7d, 0xb3, 0xce, 0x5b, 0xa1, 0x22, 0xbf, - 0x73, 0x34, 0x51, 0xd1, 0x65, 0x36, 0xe4, 0x34, 0x88, 0xb0, 0x86, 0x77, 0x55, 0xbb, 0x80, 0xbb, - 0x55, 0xed, 0xc2, 0xfe, 0x4c, 0x81, 0xee, 0x18, 0x78, 0xbf, 0x54, 0xe1, 0xa6, 0xc7, 0x60, 0xd0, - 0x69, 0xc7, 0x9b, 0x41, 0xd7, 0x65, 0xb9, 0x33, 0xac, 0x15, 0x0b, 0x28, 0x5a, 0x82, 0x81, 0xba, - 0x2e, 0xc6, 0x73, 0x90, 0xef, 0xa9, 0x9d, 0xaf, 0x4e, 0x4c, 0x30, 0xa3, 0x82, 0x1e, 0x82, 0x81, - 0xd8, 0x69, 0xc8, 0xbc, 0x40, 0x96, 0x0b, 0xbe, 0xe6, 0x34, 0x22, 0xcc, 0x5a, 0x0f, 0x52, 0x80, - 0xf4, 0x05, 0x18, 0x8d, 0xdc, 0x86, 0xef, 0xc4, 0xed, 0x90, 0x18, 0xe7, 0x93, 0x3a, 0x3a, 0xc5, - 0x04, 0xe2, 0x24, 0xae, 0xfd, 0x3b, 0x23, 0x70, 0xba, 0x3a, 0xb7, 0x2c, 0xaf, 0x50, 0x38, 0xb2, - 0xd4, 0xbe, 0x2c, 0x1e, 0xc7, 0x97, 0xda, 0xd7, 0x83, 0xbb, 0x67, 0xa4, 0xf6, 0x79, 0x46, 0x6a, - 0x5f, 0x32, 0xcf, 0xaa, 0x98, 0x47, 0x9e, 0x55, 0x56, 0x0f, 0xfa, 0xc9, 0xb3, 0x3a, 0xb2, 0x5c, - 0xbf, 0x3d, 0x3b, 0x74, 0xa0, 0x5c, 0x3f, 0x95, 0x08, 0x99, 0x4b, 0x06, 0x4c, 0x8f, 0x4f, 0x95, - 0x99, 0x08, 0xa9, 0x92, 0xd0, 0x78, 0x76, 0x97, 0x10, 0xf5, 0x2f, 0xe7, 0xdf, 0x81, 0x3e, 0x92, - 0xd0, 0x44, 0x82, 0x99, 0x99, 0xf8, 0x38, 0x94, 0x47, 0xe2, 0x63, 0x56, 0x77, 0xf6, 0x4d, 0x7c, - 0x7c, 0x01, 0x46, 0x6b, 0x5e, 0xe0, 0x93, 0xd5, 0x30, 0x88, 0x83, 0x5a, 0x20, 0xaf, 0xeb, 0xd4, - 0xb7, 0x4d, 0x99, 0x40, 0x9c, 0xc4, 0xed, 0x95, 0x35, 0x59, 0x39, 0x6c, 0xd6, 0x24, 0xdc, 0xa5, - 0xac, 0xc9, 0x9f, 0xd5, 0xf9, 0xfd, 0xc3, 0xec, 0x8b, 0xbc, 0x2f, 0xff, 0x2f, 0xd2, 0xd7, 0x7d, - 0x9c, 0xaf, 0xf3, 0xdb, 0x6a, 0xa9, 0x09, 0x3e, 0x17, 0x34, 0xa9, 0xe1, 0x37, 0xc2, 0x86, 0xe4, - 0x95, 0x23, 0x98, 0xb0, 0xd7, 0xab, 0x9a, 0x8d, 0xba, 0xc1, 0x56, 0x37, 0xe1, 0x64, 0x47, 0x0e, - 0x53, 0x7f, 0xe0, 0x8b, 0x05, 0xf8, 0xa1, 0x7d, 0xbb, 0x80, 0x6e, 0x02, 0xc4, 0x4e, 0x43, 0x4c, - 0x54, 0x71, 0x34, 0x73, 0xc8, 0x10, 0xd2, 0x35, 0x49, 0x8f, 0x17, 0xce, 0x51, 0x7f, 0xd9, 0xa1, - 0x87, 0xfc, 0xcd, 0x22, 0x47, 0x03, 0xaf, 0xab, 0xbe, 0x28, 0x0e, 0x3c, 0x82, 0x19, 0x84, 0xaa, - 0xff, 0x90, 0x34, 0xa8, 0x49, 0x5b, 0x4c, 0xaa, 0x7f, 0xcc, 0x5a, 0xb1, 0x80, 0xa2, 0xe7, 0x60, - 0xd8, 0xf1, 0x3c, 0x9e, 0x9e, 0x44, 0x22, 0x71, 0x0d, 0x9c, 0x2e, 0x74, 0xa8, 0x41, 0xd8, 0xc4, - 0xb3, 0xff, 0xaa, 0x00, 0x93, 0xfb, 0xc8, 0x94, 0xae, 0xb4, 0xd4, 0x52, 0xdf, 0x69, 0xa9, 0x22, - 0x65, 0x63, 0xb0, 0x47, 0xca, 0xc6, 0x73, 0x30, 0x1c, 0x13, 0xa7, 0x29, 0x82, 0xce, 0x84, 0xcf, - 0x41, 0x9f, 0x35, 0x6b, 0x10, 0x36, 0xf1, 0xa8, 0x14, 0x1b, 0x73, 0x6a, 0x35, 0x12, 0x45, 0x32, - 0x27, 0x43, 0xf8, 0x6d, 0x73, 0x4b, 0xf8, 0x60, 0xee, 0xf0, 0x99, 0x04, 0x0b, 0x9c, 0x62, 0x99, - 0x1e, 0xf0, 0x4a, 0x9f, 0x03, 0xfe, 0x95, 0x02, 0x3c, 0xbc, 0xa7, 0x76, 0xeb, 0x3b, 0x5d, 0xa6, - 0x1d, 0x91, 0x30, 0x3d, 0x71, 0xae, 0x46, 0x24, 0xc4, 0x0c, 0xc2, 0x47, 0xa9, 0xd5, 0x52, 0x01, - 0xc3, 0xf9, 0xe7, 0x8e, 0xf1, 0x51, 0x4a, 0xb0, 0xc0, 0x29, 0x96, 0x77, 0x3a, 0x2d, 0xbf, 0x39, - 0x00, 0x8f, 0xf6, 0x61, 0x03, 0xe4, 0x98, 0x63, 0x97, 0xcc, 0x07, 0x2d, 0xde, 0xa5, 0x7c, 0xd0, - 0x3b, 0x1b, 0xae, 0x37, 0xd2, 0x48, 0xfb, 0xca, 0xe5, 0xfb, 0x5a, 0x01, 0xce, 0xf6, 0x36, 0x58, - 0xd0, 0x3b, 0x60, 0x3c, 0x54, 0x41, 0x76, 0x66, 0x2a, 0xe9, 0x29, 0xee, 0xd9, 0x49, 0x80, 0x70, - 0x1a, 0x17, 0x4d, 0x01, 0xb4, 0x9c, 0x78, 0x33, 0x3a, 0xbf, 0xe3, 0x46, 0xb1, 0x28, 0x28, 0x35, - 0xc6, 0xcf, 0x12, 0x65, 0x2b, 0x36, 0x30, 0x28, 0x3b, 0xf6, 0x6f, 0x3e, 0xb8, 0x12, 0xc4, 0xfc, - 0x21, 0xbe, 0xd9, 0x3a, 0x25, 0xaf, 0x97, 0x32, 0x40, 0x38, 0x8d, 0x4b, 0xd9, 0xb1, 0xd3, 0x6a, - 0xde, 0x51, 0xbe, 0x0b, 0x63, 0xec, 0x96, 0x54, 0x2b, 0x36, 0x30, 0xd2, 0x49, 0xb2, 0xa5, 0xfd, - 0x93, 0x64, 0xed, 0x7f, 0x59, 0x80, 0x07, 0x7a, 0x1a, 0xbc, 0xfd, 0x89, 0xa9, 0x7b, 0x2f, 0xb1, - 0xf5, 0x0e, 0x57, 0xd8, 0xc1, 0x12, 0x22, 0xff, 0xb4, 0xc7, 0x4c, 0x13, 0x09, 0x91, 0x77, 0x5e, - 0xe7, 0xe1, 0xde, 0x1b, 0xcf, 0xae, 0x1c, 0xc8, 0x81, 0x03, 0xe4, 0x40, 0xa6, 0x3e, 0x46, 0xa9, - 0x4f, 0xed, 0xf0, 0xe7, 0x03, 0x3d, 0x87, 0x97, 0x6e, 0x90, 0xfb, 0xf2, 0x9b, 0xcf, 0xc3, 0x09, - 0xd7, 0x67, 0x57, 0x0d, 0x56, 0xdb, 0xeb, 0xa2, 0xc6, 0x10, 0x2f, 0xa4, 0xa9, 0x12, 0x2d, 0x16, - 0x53, 0x70, 0xdc, 0xf5, 0xc4, 0x3d, 0x98, 0x93, 0x7a, 0x67, 0x43, 0x7a, 0x40, 0xc9, 0xbd, 0x02, - 0x67, 0xe4, 0x50, 0x6c, 0x3a, 0x21, 0xa9, 0x0b, 0x65, 0x1b, 0x89, 0xd4, 0x9a, 0x07, 0x78, 0x7a, - 0x4e, 0x06, 0x02, 0xce, 0x7e, 0x8e, 0xdd, 0xee, 0x16, 0xb4, 0xdc, 0x9a, 0xd8, 0x0a, 0xea, 0xdb, - 0xdd, 0x68, 0x23, 0xe6, 0x30, 0xad, 0x2f, 0x2a, 0xc7, 0xa3, 0x2f, 0xde, 0x07, 0x15, 0x35, 0xde, - 0x3c, 0x4b, 0x40, 0x4d, 0xf2, 0xae, 0x2c, 0x01, 0x35, 0xc3, 0x0d, 0xac, 0xfd, 0x6e, 0x46, 0x7e, - 0x06, 0x46, 0x94, 0xf7, 0xab, 0xdf, 0x3b, 0xf6, 0xec, 0xff, 0x5b, 0x80, 0xd4, 0x2d, 0x38, 0x68, - 0x07, 0x2a, 0x75, 0x79, 0x37, 0x71, 0x3e, 0x85, 0x5c, 0xd5, 0x55, 0xc7, 0xfa, 0xf8, 0x47, 0x35, - 0x61, 0xcd, 0x0c, 0x7d, 0x80, 0xd7, 0x4c, 0x15, 0xac, 0x0b, 0x79, 0xe4, 0x25, 0x57, 0x15, 0x3d, - 0xf3, 0x12, 0x2d, 0xd9, 0x86, 0x0d, 0x7e, 0x28, 0x86, 0xca, 0xa6, 0xbc, 0xed, 0x27, 0x1f, 0x71, - 0xa7, 0x2e, 0x0f, 0xe2, 0x26, 0x9a, 0xfa, 0x8b, 0x35, 0x23, 0xfb, 0x4f, 0x0a, 0x70, 0x3a, 0xf9, - 0x01, 0xc4, 0x71, 0xdd, 0xaf, 0x59, 0x70, 0xbf, 0xe7, 0x44, 0x71, 0xb5, 0xcd, 0x36, 0x0a, 0x1b, - 0x6d, 0x6f, 0x25, 0x55, 0x5e, 0xf7, 0xb0, 0xce, 0x16, 0x45, 0x38, 0x7d, 0x3b, 0xd4, 0xec, 0x83, - 0xb7, 0x76, 0x27, 0xef, 0x5f, 0xca, 0x66, 0x8e, 0x7b, 0xf5, 0x0a, 0x7d, 0xce, 0x82, 0x13, 0xb5, - 0x76, 0x18, 0x12, 0x3f, 0xd6, 0x5d, 0xe5, 0x5f, 0xf1, 0x4a, 0x2e, 0x03, 0xa9, 0x3b, 0x78, 0x9a, - 0x0a, 0xd4, 0xb9, 0x14, 0x2f, 0xdc, 0xc5, 0xdd, 0xfe, 0x05, 0xaa, 0x39, 0x7b, 0xbe, 0xe7, 0xdf, - 0xb2, 0xeb, 0xac, 0xfe, 0x62, 0x10, 0x46, 0x13, 0x35, 0x84, 0x13, 0x47, 0x5c, 0xd6, 0xbe, 0x47, - 0x5c, 0x2c, 0x19, 0xac, 0xed, 0xcb, 0xcb, 0x76, 0x8d, 0x64, 0xb0, 0xb6, 0x4f, 0x30, 0x87, 0x89, - 0x21, 0xc5, 0x6d, 0x5f, 0x44, 0xb7, 0x9b, 0x43, 0x8a, 0xdb, 0x3e, 0x16, 0x50, 0xf4, 0x61, 0x0b, - 0x46, 0xd8, 0xe2, 0x13, 0x07, 0x84, 0x42, 0xa1, 0x5d, 0xca, 0x61, 0xb9, 0xcb, 0x7a, 0xd9, 0x2c, - 0x1a, 0xd2, 0x6c, 0xc1, 0x09, 0x8e, 0xe8, 0x63, 0x16, 0x54, 0xd4, 0xfd, 0x7c, 0xe2, 0xe6, 0xec, - 0x6a, 0xbe, 0x25, 0x9a, 0x53, 0x52, 0x4f, 0xd5, 0xca, 0xc5, 0x9a, 0x31, 0x8a, 0xd4, 0xe9, 0xdd, - 0xd0, 0xd1, 0x9c, 0xde, 0x41, 0xc6, 0xc9, 0xdd, 0x5b, 0xa1, 0xd2, 0x74, 0x7c, 0x77, 0x83, 0x44, - 0x31, 0x3f, 0x50, 0x93, 0x95, 0xe3, 0x65, 0x23, 0xd6, 0x70, 0x6a, 0xec, 0x47, 0xec, 0xc5, 0x62, - 0xe3, 0x04, 0x8c, 0x19, 0xfb, 0x55, 0xdd, 0x8c, 0x4d, 0x1c, 0xf3, 0xb8, 0x0e, 0xee, 0xea, 0x71, - 0xdd, 0xf0, 0x3e, 0xc7, 0x75, 0x55, 0x38, 0xe3, 0xb4, 0xe3, 0xe0, 0x22, 0x71, 0xbc, 0x19, 0x7e, - 0x43, 0x7f, 0xc4, 0xcb, 0x4e, 0x8f, 0x30, 0x17, 0xb0, 0x8a, 0xdf, 0xaa, 0x12, 0x6f, 0xa3, 0x0b, - 0x09, 0x67, 0x3f, 0x6b, 0xff, 0x73, 0x0b, 0xce, 0x64, 0x4e, 0x85, 0x7b, 0x37, 0x72, 0xde, 0xfe, - 0x42, 0x09, 0x4e, 0x65, 0x54, 0x18, 0x47, 0x1d, 0x73, 0x91, 0x58, 0x79, 0x04, 0xa1, 0x25, 0x63, - 0xaa, 0xe4, 0xb7, 0xc9, 0x58, 0x19, 0x07, 0x3b, 0x81, 0xd7, 0xa7, 0xe0, 0xc5, 0xe3, 0x3d, 0x05, - 0x37, 0xe6, 0xfa, 0xc0, 0x5d, 0x9d, 0xeb, 0xa5, 0x7d, 0xe6, 0xfa, 0xd7, 0x2d, 0x98, 0x68, 0xf6, - 0xb8, 0xd6, 0x46, 0x9c, 0x27, 0x5d, 0x3b, 0x9a, 0x4b, 0x73, 0x66, 0x1f, 0xba, 0xb5, 0x3b, 0xd9, - 0xf3, 0x36, 0x21, 0xdc, 0xb3, 0x57, 0xf6, 0x77, 0x8b, 0xc0, 0xec, 0x35, 0x56, 0x45, 0xb6, 0x83, - 0x3e, 0x64, 0x5e, 0x54, 0x60, 0xe5, 0x55, 0x54, 0x9f, 0x13, 0x57, 0x17, 0x1d, 0xf0, 0x11, 0xcc, - 0xba, 0xf7, 0x20, 0x2d, 0x09, 0x0b, 0x7d, 0x48, 0x42, 0x4f, 0xde, 0x08, 0x51, 0xcc, 0xff, 0x46, - 0x88, 0x4a, 0xfa, 0x36, 0x88, 0xbd, 0x3f, 0xf1, 0xc0, 0x3d, 0xf9, 0x89, 0x7f, 0xd9, 0xe2, 0x82, - 0x27, 0xf5, 0x15, 0xb4, 0xb9, 0x61, 0xed, 0x61, 0x6e, 0x3c, 0x01, 0xe5, 0x48, 0x48, 0x66, 0x61, - 0x96, 0xe8, 0x00, 0x28, 0xd1, 0x8e, 0x15, 0x06, 0xdd, 0x75, 0x39, 0x9e, 0x17, 0xdc, 0x3c, 0xdf, - 0x6c, 0xc5, 0x1d, 0x61, 0xa0, 0xa8, 0x6d, 0xc1, 0x8c, 0x82, 0x60, 0x03, 0xcb, 0xde, 0x04, 0x63, - 0xc3, 0x70, 0xe7, 0xb7, 0x80, 0xf6, 0x71, 0x7d, 0xf3, 0x3f, 0x2c, 0x08, 0x56, 0x7c, 0x03, 0xf0, - 0x7c, 0xea, 0xba, 0xec, 0xfe, 0x43, 0xdd, 0x3e, 0x00, 0x50, 0x0b, 0x9a, 0x2d, 0xba, 0x25, 0x5e, - 0x0b, 0xf2, 0xd9, 0x47, 0xcd, 0x29, 0x7a, 0x7a, 0xc0, 0x74, 0x1b, 0x36, 0xf8, 0x25, 0xa4, 0x76, - 0x71, 0x5f, 0xa9, 0x9d, 0x10, 0x60, 0x03, 0x7b, 0x0b, 0x30, 0xfb, 0xaf, 0x2c, 0x48, 0x18, 0x74, - 0xa8, 0x05, 0x25, 0xda, 0xdd, 0x8e, 0x90, 0x05, 0x2b, 0xf9, 0x59, 0x8f, 0x54, 0x08, 0x8b, 0x05, - 0xc6, 0x7e, 0x62, 0xce, 0x08, 0x79, 0x22, 0xac, 0x2f, 0x97, 0x7d, 0x8d, 0xc9, 0xf0, 0x62, 0x10, - 0x6c, 0xf1, 0xc8, 0x18, 0x1d, 0x22, 0x68, 0x3f, 0x0f, 0x27, 0xbb, 0x3a, 0xc5, 0x6e, 0x0e, 0x0d, - 0xe4, 0xe6, 0xdc, 0x58, 0x18, 0xac, 0xca, 0x01, 0xe6, 0x30, 0xfb, 0x6b, 0x16, 0x9c, 0x48, 0x93, - 0x47, 0xaf, 0x5b, 0x70, 0x32, 0x4a, 0xd3, 0x3b, 0xaa, 0xb1, 0x53, 0xa1, 0xf9, 0x5d, 0x20, 0xdc, - 0xdd, 0x09, 0xfb, 0x6f, 0xc4, 0xe4, 0xbf, 0xee, 0xfa, 0xf5, 0xe0, 0xa6, 0x32, 0x81, 0xac, 0x9e, - 0x26, 0x10, 0x5d, 0xf9, 0xb5, 0x4d, 0x52, 0x6f, 0x7b, 0x5d, 0x35, 0x13, 0xaa, 0xa2, 0x1d, 0x2b, - 0x0c, 0x96, 0x22, 0xde, 0x16, 0x5b, 0xd2, 0xd4, 0xa4, 0x9c, 0x17, 0xed, 0x58, 0x61, 0xa0, 0x67, - 0x61, 0xc4, 0x78, 0x49, 0x39, 0x2f, 0xd9, 0x7e, 0xc2, 0x50, 0xce, 0x11, 0x4e, 0x60, 0xa1, 0x29, - 0x00, 0x65, 0x4e, 0x49, 0x65, 0xcc, 0x7c, 0xe8, 0x4a, 0xe6, 0x45, 0xd8, 0xc0, 0x60, 0x05, 0x19, - 0xbc, 0x76, 0xc4, 0x0e, 0x89, 0x07, 0x75, 0xc1, 0xf4, 0x39, 0xd1, 0x86, 0x15, 0x94, 0xca, 0xad, - 0xa6, 0xe3, 0xb7, 0x1d, 0x8f, 0x8e, 0x90, 0xf0, 0x8a, 0xa9, 0x65, 0xb8, 0xac, 0x20, 0xd8, 0xc0, - 0xa2, 0x6f, 0x1c, 0xbb, 0x4d, 0xf2, 0x52, 0xe0, 0xcb, 0x90, 0x6a, 0x1d, 0x37, 0x20, 0xda, 0xb1, - 0xc2, 0xb0, 0xff, 0xd2, 0x82, 0x71, 0x5d, 0x09, 0x86, 0xf9, 0xb2, 0x12, 0x4e, 0x3c, 0x6b, 0x5f, - 0x27, 0x5e, 0xb2, 0xee, 0x45, 0xa1, 0xaf, 0xba, 0x17, 0x66, 0x49, 0x8a, 0xe2, 0x9e, 0x25, 0x29, - 0x7e, 0x18, 0x86, 0xb6, 0x48, 0xc7, 0xa8, 0x5d, 0x31, 0x4c, 0xcd, 0xa1, 0xcb, 0xbc, 0x09, 0x4b, - 0x18, 0xb2, 0x61, 0xb0, 0xe6, 0xa8, 0x8a, 0x69, 0x23, 0x7c, 0xeb, 0x33, 0x37, 0xc3, 0x90, 0x04, - 0xc4, 0x5e, 0x81, 0x8a, 0x3a, 0x3e, 0x97, 0x3e, 0x35, 0x2b, 0xdb, 0xa7, 0xd6, 0x57, 0x6a, 0xfc, - 0xec, 0xfa, 0x37, 0xbe, 0xf7, 0xc8, 0x9b, 0xfe, 0xe8, 0x7b, 0x8f, 0xbc, 0xe9, 0x3b, 0xdf, 0x7b, - 0xe4, 0x4d, 0x1f, 0xbe, 0xf5, 0x88, 0xf5, 0x8d, 0x5b, 0x8f, 0x58, 0x7f, 0x74, 0xeb, 0x11, 0xeb, - 0x3b, 0xb7, 0x1e, 0xb1, 0xbe, 0x7b, 0xeb, 0x11, 0xeb, 0x73, 0xff, 0xf5, 0x91, 0x37, 0xbd, 0x94, - 0x19, 0x53, 0x4f, 0x7f, 0x3c, 0x59, 0xab, 0x4f, 0x6f, 0x3f, 0xc3, 0xc2, 0xba, 0xe9, 0xf2, 0x9a, - 0x36, 0xe6, 0xd4, 0xb4, 0x5c, 0x5e, 0xff, 0x2f, 0x00, 0x00, 0xff, 0xff, 0xce, 0x35, 0x8a, 0x55, - 0xc0, 0xf5, 0x00, 0x00, + // 11918 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x6c, 0x24, 0xc9, + 0x75, 0x98, 0x7a, 0x86, 0x43, 0xce, 0x3c, 0x7e, 0xed, 0xd6, 0xee, 0xde, 0xf1, 0xf6, 0x3e, 0xb8, + 0xee, 0x93, 0x4f, 0xe7, 0xe8, 0x8e, 0xf4, 0x7d, 0xc9, 0x1b, 0x9d, 0x3e, 0xcc, 0x8f, 0xfd, 0xe0, + 0x2e, 0xb9, 0xe4, 0xd5, 0x70, 0x77, 0xa5, 0x93, 0x4e, 0xa7, 0xe6, 0x4c, 0x71, 0xd8, 0xcb, 0x9e, + 0xee, 0xb9, 0xee, 0x1e, 0x2e, 0xe7, 0x2c, 0xc9, 0x92, 0x25, 0xd9, 0xb2, 0x25, 0x9d, 0x14, 0x29, + 0x88, 0xcf, 0x89, 0xa5, 0xc8, 0x96, 0x12, 0x24, 0x08, 0x04, 0x2b, 0x31, 0xe0, 0x38, 0xb0, 0x0d, + 0x23, 0x76, 0x60, 0x28, 0x71, 0x02, 0x3b, 0x82, 0x60, 0x39, 0xb1, 0xcd, 0x48, 0x1b, 0x07, 0x36, + 0xf2, 0xc3, 0x40, 0x9c, 0xfc, 0x08, 0x36, 0x41, 0x10, 0xd4, 0x77, 0x75, 0x4f, 0x0f, 0x39, 0x5c, + 0x36, 0xb9, 0x2b, 0xf9, 0xfe, 0xcd, 0xd4, 0x7b, 0xfd, 0x5e, 0x75, 0x75, 0xd5, 0x7b, 0xaf, 0x5e, + 0xbd, 0xf7, 0x0a, 0x16, 0x1b, 0x6e, 0xbc, 0xd1, 0x5e, 0x9b, 0xaa, 0x05, 0xcd, 0x69, 0x27, 0x6c, + 0x04, 0xad, 0x30, 0xb8, 0xc1, 0x7e, 0x3c, 0x59, 0xab, 0x4f, 0x6f, 0x3d, 0x33, 0xdd, 0xda, 0x6c, + 0x4c, 0x3b, 0x2d, 0x37, 0x9a, 0x76, 0x5a, 0x2d, 0xcf, 0xad, 0x39, 0xb1, 0x1b, 0xf8, 0xd3, 0x5b, + 0x4f, 0x39, 0x5e, 0x6b, 0xc3, 0x79, 0x6a, 0xba, 0x41, 0x7c, 0x12, 0x3a, 0x31, 0xa9, 0x4f, 0xb5, + 0xc2, 0x20, 0x0e, 0xd0, 0x3b, 0x34, 0xb5, 0x29, 0x49, 0x8d, 0xfd, 0x78, 0xb9, 0x56, 0x9f, 0xda, + 0x7a, 0x66, 0xaa, 0xb5, 0xd9, 0x98, 0xa2, 0xd4, 0xa6, 0x0c, 0x6a, 0x53, 0x92, 0xda, 0xe9, 0x27, + 0x8d, 0xbe, 0x34, 0x82, 0x46, 0x30, 0xcd, 0x88, 0xae, 0xb5, 0xd7, 0xd9, 0x3f, 0xf6, 0x87, 0xfd, + 0xe2, 0xcc, 0x4e, 0xdb, 0x9b, 0x67, 0xa3, 0x29, 0x37, 0xa0, 0xdd, 0x9b, 0xae, 0x05, 0x21, 0x99, + 0xde, 0xea, 0xea, 0xd0, 0xe9, 0x8b, 0x1a, 0x87, 0x6c, 0xc7, 0xc4, 0x8f, 0xdc, 0xc0, 0x8f, 0x9e, + 0xa4, 0x5d, 0x20, 0xe1, 0x16, 0x09, 0xcd, 0xd7, 0x33, 0x10, 0xb2, 0x28, 0x3d, 0xab, 0x29, 0x35, + 0x9d, 0xda, 0x86, 0xeb, 0x93, 0xb0, 0xa3, 0x1f, 0x6f, 0x92, 0xd8, 0xc9, 0x7a, 0x6a, 0xba, 0xd7, + 0x53, 0x61, 0xdb, 0x8f, 0xdd, 0x26, 0xe9, 0x7a, 0xe0, 0x6d, 0x7b, 0x3d, 0x10, 0xd5, 0x36, 0x48, + 0xd3, 0xe9, 0x7a, 0xee, 0x99, 0x5e, 0xcf, 0xb5, 0x63, 0xd7, 0x9b, 0x76, 0xfd, 0x38, 0x8a, 0xc3, + 0xf4, 0x43, 0xf6, 0x2f, 0x5a, 0x30, 0x3a, 0x73, 0xbd, 0x3a, 0xd3, 0x8e, 0x37, 0xe6, 0x02, 0x7f, + 0xdd, 0x6d, 0xa0, 0xe7, 0x60, 0xb8, 0xe6, 0xb5, 0xa3, 0x98, 0x84, 0x57, 0x9c, 0x26, 0x99, 0xb0, + 0xce, 0x58, 0x8f, 0x57, 0x66, 0x4f, 0x7c, 0x73, 0x67, 0xf2, 0x4d, 0xb7, 0x76, 0x26, 0x87, 0xe7, + 0x34, 0x08, 0x9b, 0x78, 0xe8, 0x47, 0x60, 0x28, 0x0c, 0x3c, 0x32, 0x83, 0xaf, 0x4c, 0x14, 0xd8, + 0x23, 0xe3, 0xe2, 0x91, 0x21, 0xcc, 0x9b, 0xb1, 0x84, 0x53, 0xd4, 0x56, 0x18, 0xac, 0xbb, 0x1e, + 0x99, 0x28, 0x26, 0x51, 0x57, 0x78, 0x33, 0x96, 0x70, 0xfb, 0x8f, 0x0a, 0x00, 0x33, 0xad, 0xd6, + 0x4a, 0x18, 0xdc, 0x20, 0xb5, 0x18, 0x7d, 0x10, 0xca, 0x74, 0x98, 0xeb, 0x4e, 0xec, 0xb0, 0x8e, + 0x0d, 0x3f, 0xfd, 0xa3, 0x53, 0xfc, 0xad, 0xa7, 0xcc, 0xb7, 0xd6, 0x93, 0x8c, 0x62, 0x4f, 0x6d, + 0x3d, 0x35, 0xb5, 0xbc, 0x46, 0x9f, 0x5f, 0x22, 0xb1, 0x33, 0x8b, 0x04, 0x33, 0xd0, 0x6d, 0x58, + 0x51, 0x45, 0x3e, 0x0c, 0x44, 0x2d, 0x52, 0x63, 0xef, 0x30, 0xfc, 0xf4, 0xe2, 0xd4, 0x41, 0x66, + 0xf3, 0x94, 0xee, 0x79, 0xb5, 0x45, 0x6a, 0xb3, 0x23, 0x82, 0xf3, 0x00, 0xfd, 0x87, 0x19, 0x1f, + 0xb4, 0x05, 0x83, 0x51, 0xec, 0xc4, 0xed, 0x88, 0x0d, 0xc5, 0xf0, 0xd3, 0x57, 0x72, 0xe3, 0xc8, + 0xa8, 0xce, 0x8e, 0x09, 0x9e, 0x83, 0xfc, 0x3f, 0x16, 0xdc, 0xec, 0x3f, 0xb3, 0x60, 0x4c, 0x23, + 0x2f, 0xba, 0x51, 0x8c, 0xde, 0xdf, 0x35, 0xb8, 0x53, 0xfd, 0x0d, 0x2e, 0x7d, 0x9a, 0x0d, 0xed, + 0x31, 0xc1, 0xac, 0x2c, 0x5b, 0x8c, 0x81, 0x6d, 0x42, 0xc9, 0x8d, 0x49, 0x33, 0x9a, 0x28, 0x9c, + 0x29, 0x3e, 0x3e, 0xfc, 0xf4, 0xc5, 0xbc, 0xde, 0x73, 0x76, 0x54, 0x30, 0x2d, 0x2d, 0x50, 0xf2, + 0x98, 0x73, 0xb1, 0xff, 0x7a, 0xd4, 0x7c, 0x3f, 0x3a, 0xe0, 0xe8, 0x29, 0x18, 0x8e, 0x82, 0x76, + 0x58, 0x23, 0x98, 0xb4, 0x82, 0x68, 0xc2, 0x3a, 0x53, 0xa4, 0x53, 0x8f, 0x4e, 0xea, 0xaa, 0x6e, + 0xc6, 0x26, 0x0e, 0x7a, 0xcd, 0x82, 0x91, 0x3a, 0x89, 0x62, 0xd7, 0x67, 0xfc, 0x65, 0xe7, 0x57, + 0x0f, 0xdc, 0x79, 0xd9, 0x38, 0xaf, 0x89, 0xcf, 0x9e, 0x14, 0x2f, 0x32, 0x62, 0x34, 0x46, 0x38, + 0xc1, 0x9f, 0x2e, 0xce, 0x3a, 0x89, 0x6a, 0xa1, 0xdb, 0xa2, 0xff, 0xc5, 0xf2, 0x51, 0x8b, 0x73, + 0x5e, 0x83, 0xb0, 0x89, 0x87, 0x7c, 0x28, 0xd1, 0xc5, 0x17, 0x4d, 0x0c, 0xb0, 0xfe, 0x2f, 0x1c, + 0xac, 0xff, 0x62, 0x50, 0xe9, 0xba, 0xd6, 0xa3, 0x4f, 0xff, 0x45, 0x98, 0xb3, 0x41, 0x9f, 0xb5, + 0x60, 0x42, 0x08, 0x07, 0x4c, 0xf8, 0x80, 0x5e, 0xdf, 0x70, 0x63, 0xe2, 0xb9, 0x51, 0x3c, 0x51, + 0x62, 0x7d, 0x98, 0xee, 0x6f, 0x6e, 0x5d, 0x08, 0x83, 0x76, 0xeb, 0xb2, 0xeb, 0xd7, 0x67, 0xcf, + 0x08, 0x4e, 0x13, 0x73, 0x3d, 0x08, 0xe3, 0x9e, 0x2c, 0xd1, 0x17, 0x2d, 0x38, 0xed, 0x3b, 0x4d, + 0x12, 0xb5, 0x1c, 0xfa, 0x69, 0x39, 0x78, 0xd6, 0x73, 0x6a, 0x9b, 0xac, 0x47, 0x83, 0x77, 0xd6, + 0x23, 0x5b, 0xf4, 0xe8, 0xf4, 0x95, 0x9e, 0xa4, 0xf1, 0x2e, 0x6c, 0xd1, 0x57, 0x2d, 0x38, 0x1e, + 0x84, 0xad, 0x0d, 0xc7, 0x27, 0x75, 0x09, 0x8d, 0x26, 0x86, 0xd8, 0xd2, 0xfb, 0xc0, 0xc1, 0x3e, + 0xd1, 0x72, 0x9a, 0xec, 0x52, 0xe0, 0xbb, 0x71, 0x10, 0x56, 0x49, 0x1c, 0xbb, 0x7e, 0x23, 0x9a, + 0x3d, 0x75, 0x6b, 0x67, 0xf2, 0x78, 0x17, 0x16, 0xee, 0xee, 0x0f, 0xfa, 0x09, 0x18, 0x8e, 0x3a, + 0x7e, 0xed, 0xba, 0xeb, 0xd7, 0x83, 0x9b, 0xd1, 0x44, 0x39, 0x8f, 0xe5, 0x5b, 0x55, 0x04, 0xc5, + 0x02, 0xd4, 0x0c, 0xb0, 0xc9, 0x2d, 0xfb, 0xc3, 0xe9, 0xa9, 0x54, 0xc9, 0xfb, 0xc3, 0xe9, 0xc9, + 0xb4, 0x0b, 0x5b, 0xf4, 0x33, 0x16, 0x8c, 0x46, 0x6e, 0xc3, 0x77, 0xe2, 0x76, 0x48, 0x2e, 0x93, + 0x4e, 0x34, 0x01, 0xac, 0x23, 0x97, 0x0e, 0x38, 0x2a, 0x06, 0xc9, 0xd9, 0x53, 0xa2, 0x8f, 0xa3, + 0x66, 0x6b, 0x84, 0x93, 0x7c, 0xb3, 0x16, 0x9a, 0x9e, 0xd6, 0xc3, 0xf9, 0x2e, 0x34, 0x3d, 0xa9, + 0x7b, 0xb2, 0x44, 0x3f, 0x0e, 0xc7, 0x78, 0x93, 0x1a, 0xd9, 0x68, 0x62, 0x84, 0x09, 0xda, 0x93, + 0xb7, 0x76, 0x26, 0x8f, 0x55, 0x53, 0x30, 0xdc, 0x85, 0x8d, 0x5e, 0x81, 0xc9, 0x16, 0x09, 0x9b, + 0x6e, 0xbc, 0xec, 0x7b, 0x1d, 0x29, 0xbe, 0x6b, 0x41, 0x8b, 0xd4, 0x45, 0x77, 0xa2, 0x89, 0xd1, + 0x33, 0xd6, 0xe3, 0xe5, 0xd9, 0xb7, 0x88, 0x6e, 0x4e, 0xae, 0xec, 0x8e, 0x8e, 0xf7, 0xa2, 0x87, + 0x7e, 0xcf, 0x82, 0xd3, 0x86, 0x94, 0xad, 0x92, 0x70, 0xcb, 0xad, 0x91, 0x99, 0x5a, 0x2d, 0x68, + 0xfb, 0x71, 0x34, 0x31, 0xc6, 0x86, 0x71, 0xed, 0x30, 0x64, 0x7e, 0x92, 0x95, 0x9e, 0x97, 0x3d, + 0x51, 0x22, 0xbc, 0x4b, 0x4f, 0xed, 0x7f, 0x5b, 0x80, 0x63, 0x69, 0x0b, 0x00, 0xfd, 0x63, 0x0b, + 0xc6, 0x6f, 0xdc, 0x8c, 0x57, 0x83, 0x4d, 0xe2, 0x47, 0xb3, 0x1d, 0x2a, 0xa7, 0x99, 0xee, 0x1b, + 0x7e, 0xba, 0x96, 0xaf, 0xad, 0x31, 0x75, 0x29, 0xc9, 0xe5, 0x9c, 0x1f, 0x87, 0x9d, 0xd9, 0xfb, + 0xc5, 0x3b, 0x8d, 0x5f, 0xba, 0xbe, 0x6a, 0x42, 0x71, 0xba, 0x53, 0xa7, 0x3f, 0x6d, 0xc1, 0xc9, + 0x2c, 0x12, 0xe8, 0x18, 0x14, 0x37, 0x49, 0x87, 0x5b, 0xa2, 0x98, 0xfe, 0x44, 0x2f, 0x41, 0x69, + 0xcb, 0xf1, 0xda, 0x44, 0x98, 0x69, 0x17, 0x0e, 0xf6, 0x22, 0xaa, 0x67, 0x98, 0x53, 0x7d, 0x7b, + 0xe1, 0xac, 0x65, 0xff, 0x41, 0x11, 0x86, 0x8d, 0x8f, 0x76, 0x04, 0xa6, 0x67, 0x90, 0x30, 0x3d, + 0x97, 0x72, 0x9b, 0x6f, 0x3d, 0x6d, 0xcf, 0x9b, 0x29, 0xdb, 0x73, 0x39, 0x3f, 0x96, 0xbb, 0x1a, + 0x9f, 0x28, 0x86, 0x4a, 0xd0, 0xa2, 0xdb, 0x10, 0x6a, 0xc3, 0x0c, 0xe4, 0xf1, 0x09, 0x97, 0x25, + 0xb9, 0xd9, 0xd1, 0x5b, 0x3b, 0x93, 0x15, 0xf5, 0x17, 0x6b, 0x46, 0xf6, 0x77, 0x2c, 0x38, 0x69, + 0xf4, 0x71, 0x2e, 0xf0, 0xeb, 0x2e, 0xfb, 0xb4, 0x67, 0x60, 0x20, 0xee, 0xb4, 0xe4, 0x56, 0x47, + 0x8d, 0xd4, 0x6a, 0xa7, 0x45, 0x30, 0x83, 0xd0, 0x1d, 0x4b, 0x93, 0x44, 0x91, 0xd3, 0x20, 0xe9, + 0xcd, 0xcd, 0x12, 0x6f, 0xc6, 0x12, 0x8e, 0x42, 0x40, 0x9e, 0x13, 0xc5, 0xab, 0xa1, 0xe3, 0x47, + 0x8c, 0xfc, 0xaa, 0xdb, 0x24, 0x62, 0x80, 0xff, 0x56, 0x7f, 0x33, 0x86, 0x3e, 0x31, 0x7b, 0xdf, + 0xad, 0x9d, 0x49, 0xb4, 0xd8, 0x45, 0x09, 0x67, 0x50, 0xb7, 0xbf, 0x68, 0xc1, 0x7d, 0xd9, 0x02, + 0x06, 0x3d, 0x06, 0x83, 0x7c, 0x9f, 0x2b, 0xde, 0x4e, 0x7f, 0x12, 0xd6, 0x8a, 0x05, 0x14, 0x4d, + 0x43, 0x45, 0x29, 0x3c, 0xf1, 0x8e, 0xc7, 0x05, 0x6a, 0x45, 0x6b, 0x49, 0x8d, 0x43, 0x07, 0x8d, + 0xfe, 0x11, 0x26, 0xa8, 0x1a, 0x34, 0xb6, 0x31, 0x64, 0x10, 0xfb, 0xdb, 0x16, 0xbc, 0xb9, 0x1f, + 0xb1, 0x77, 0x78, 0x7d, 0xac, 0xc2, 0xa9, 0x3a, 0x59, 0x77, 0xda, 0x5e, 0x9c, 0xe4, 0x28, 0x3a, + 0xfd, 0xb0, 0x78, 0xf8, 0xd4, 0x7c, 0x16, 0x12, 0xce, 0x7e, 0xd6, 0xfe, 0x2f, 0x16, 0x8c, 0x1b, + 0xaf, 0x75, 0x04, 0x5b, 0x27, 0x3f, 0xb9, 0x75, 0x5a, 0xc8, 0x6d, 0x99, 0xf6, 0xd8, 0x3b, 0x7d, + 0xd6, 0x82, 0xd3, 0x06, 0xd6, 0x92, 0x13, 0xd7, 0x36, 0xce, 0x6d, 0xb7, 0x42, 0x12, 0x45, 0x74, + 0x4a, 0x3d, 0x6c, 0x88, 0xe3, 0xd9, 0x61, 0x41, 0xa1, 0x78, 0x99, 0x74, 0xb8, 0x6c, 0x7e, 0x02, + 0xca, 0x7c, 0xcd, 0x05, 0xa1, 0xf8, 0x48, 0xea, 0xdd, 0x96, 0x45, 0x3b, 0x56, 0x18, 0xc8, 0x86, + 0x41, 0x26, 0x73, 0xa9, 0x0c, 0xa2, 0x66, 0x02, 0xd0, 0xef, 0x7e, 0x8d, 0xb5, 0x60, 0x01, 0xb1, + 0xa3, 0x44, 0x77, 0x56, 0x42, 0xc2, 0xe6, 0x43, 0xfd, 0xbc, 0x4b, 0xbc, 0x7a, 0x44, 0xb7, 0x75, + 0x8e, 0xef, 0x07, 0xb1, 0xd8, 0xa1, 0x19, 0xdb, 0xba, 0x19, 0xdd, 0x8c, 0x4d, 0x1c, 0xca, 0xd4, + 0x73, 0xd6, 0x88, 0xc7, 0x47, 0x54, 0x30, 0x5d, 0x64, 0x2d, 0x58, 0x40, 0xec, 0x5b, 0x05, 0xb6, + 0x81, 0x54, 0x12, 0x8d, 0x1c, 0x85, 0xf7, 0x21, 0x4c, 0xa8, 0x80, 0x95, 0xfc, 0xe4, 0x31, 0xe9, + 0xed, 0x81, 0x78, 0x35, 0xa5, 0x05, 0x70, 0xae, 0x5c, 0x77, 0xf7, 0x42, 0x7c, 0xb4, 0x08, 0x93, + 0xc9, 0x07, 0xba, 0x94, 0x08, 0xdd, 0xf2, 0x1a, 0x8c, 0xd2, 0xfe, 0x28, 0x03, 0x1f, 0x9b, 0x78, + 0x3d, 0xe4, 0x70, 0xe1, 0x30, 0xe5, 0xb0, 0xa9, 0x26, 0x8a, 0x7b, 0xa8, 0x89, 0xc7, 0xd4, 0xa8, + 0x0f, 0xa4, 0x64, 0x5e, 0x52, 0x55, 0x9e, 0x81, 0x81, 0x28, 0x26, 0xad, 0x89, 0x52, 0x52, 0xcc, + 0x56, 0x63, 0xd2, 0xc2, 0x0c, 0x82, 0xde, 0x09, 0xe3, 0xb1, 0x13, 0x36, 0x48, 0x1c, 0x92, 0x2d, + 0x97, 0xf9, 0x2e, 0xd9, 0x7e, 0xb6, 0x32, 0x7b, 0x82, 0x5a, 0x5d, 0xab, 0x0c, 0x84, 0x25, 0x08, + 0xa7, 0x71, 0xed, 0xff, 0x5e, 0x80, 0xfb, 0x93, 0x9f, 0x40, 0x2b, 0xc6, 0x77, 0x27, 0x14, 0xe3, + 0x5b, 0x4d, 0xc5, 0x78, 0x7b, 0x67, 0xf2, 0xc1, 0x1e, 0x8f, 0x7d, 0xdf, 0xe8, 0x4d, 0x74, 0x21, + 0xf5, 0x11, 0xa6, 0x93, 0x1f, 0xe1, 0xf6, 0xce, 0xe4, 0xc3, 0x3d, 0xde, 0x31, 0xf5, 0x95, 0x1e, + 0x83, 0xc1, 0x90, 0x38, 0x51, 0xe0, 0x8b, 0xef, 0xa4, 0xbe, 0x26, 0x66, 0xad, 0x58, 0x40, 0xed, + 0x6f, 0x55, 0xd2, 0x83, 0x7d, 0x81, 0xfb, 0x63, 0x83, 0x10, 0xb9, 0x30, 0xc0, 0x76, 0x6d, 0x5c, + 0xb2, 0x5c, 0x3e, 0xd8, 0x2a, 0xa4, 0x5a, 0x44, 0x91, 0x9e, 0x2d, 0xd3, 0xaf, 0x46, 0x9b, 0x30, + 0x63, 0x81, 0xb6, 0xa1, 0x5c, 0x93, 0x9b, 0xa9, 0x42, 0x1e, 0x6e, 0x47, 0xb1, 0x95, 0xd2, 0x1c, + 0x47, 0xa8, 0xb8, 0x57, 0x3b, 0x30, 0xc5, 0x0d, 0x11, 0x28, 0x36, 0xdc, 0x58, 0x7c, 0xd6, 0x03, + 0x6e, 0x97, 0x2f, 0xb8, 0xc6, 0x2b, 0x0e, 0x51, 0x1d, 0x74, 0xc1, 0x8d, 0x31, 0xa5, 0x8f, 0x3e, + 0x69, 0xc1, 0x70, 0x54, 0x6b, 0xae, 0x84, 0xc1, 0x96, 0x5b, 0x27, 0xa1, 0xb0, 0x31, 0x0f, 0x28, + 0xd9, 0xaa, 0x73, 0x4b, 0x92, 0xa0, 0xe6, 0xcb, 0xdd, 0x17, 0x1a, 0x82, 0x4d, 0xbe, 0x74, 0xef, + 0x75, 0xbf, 0x78, 0xf7, 0x79, 0x52, 0x63, 0x2b, 0x4e, 0xee, 0x99, 0xd9, 0x4c, 0x39, 0xb0, 0xcd, + 0x3d, 0xdf, 0xae, 0x6d, 0xd2, 0xf5, 0xa6, 0x3b, 0xf4, 0xe0, 0xad, 0x9d, 0xc9, 0xfb, 0xe7, 0xb2, + 0x79, 0xe2, 0x5e, 0x9d, 0x61, 0x03, 0xd6, 0x6a, 0x7b, 0x1e, 0x26, 0xaf, 0xb4, 0x09, 0xf3, 0x88, + 0xe5, 0x30, 0x60, 0x2b, 0x9a, 0x60, 0x6a, 0xc0, 0x0c, 0x08, 0x36, 0xf9, 0xa2, 0x57, 0x60, 0xb0, + 0xe9, 0xc4, 0xa1, 0xbb, 0x2d, 0xdc, 0x60, 0x07, 0xdc, 0x05, 0x2d, 0x31, 0x5a, 0x9a, 0x39, 0x53, + 0xf4, 0xbc, 0x11, 0x0b, 0x46, 0xa8, 0x09, 0xa5, 0x26, 0x09, 0x1b, 0x64, 0xa2, 0x9c, 0x87, 0xcb, + 0x7f, 0x89, 0x92, 0xd2, 0x0c, 0x2b, 0xd4, 0xb8, 0x62, 0x6d, 0x98, 0x73, 0x41, 0x2f, 0x41, 0x39, + 0x22, 0x1e, 0xa9, 0x51, 0xf3, 0xa8, 0xc2, 0x38, 0x3e, 0xd3, 0xa7, 0xa9, 0x48, 0xed, 0x92, 0xaa, + 0x78, 0x94, 0x2f, 0x30, 0xf9, 0x0f, 0x2b, 0x92, 0x74, 0x00, 0x5b, 0x5e, 0xbb, 0xe1, 0xfa, 0x13, + 0x90, 0xc7, 0x00, 0xae, 0x30, 0x5a, 0xa9, 0x01, 0xe4, 0x8d, 0x58, 0x30, 0xb2, 0xff, 0x9b, 0x05, + 0x28, 0x29, 0xd4, 0x8e, 0xc0, 0x26, 0x7e, 0x25, 0x69, 0x13, 0x2f, 0xe6, 0x69, 0xb4, 0xf4, 0x30, + 0x8b, 0x7f, 0xa3, 0x02, 0x29, 0x75, 0x70, 0x85, 0x44, 0x31, 0xa9, 0xbf, 0x21, 0xc2, 0xdf, 0x10, + 0xe1, 0x6f, 0x88, 0x70, 0x25, 0xc2, 0xd7, 0x52, 0x22, 0xfc, 0x5d, 0xc6, 0xaa, 0xd7, 0xe7, 0xeb, + 0x2f, 0xab, 0x03, 0x78, 0xb3, 0x07, 0x06, 0x02, 0x95, 0x04, 0x97, 0xaa, 0xcb, 0x57, 0x32, 0x65, + 0xf6, 0xcb, 0x49, 0x99, 0x7d, 0x50, 0x16, 0x7f, 0x13, 0xa4, 0xf4, 0xef, 0x59, 0xf0, 0x96, 0xa4, + 0xf4, 0x92, 0x33, 0x67, 0xa1, 0xe1, 0x07, 0x21, 0x99, 0x77, 0xd7, 0xd7, 0x49, 0x48, 0xfc, 0x1a, + 0x89, 0x94, 0x6f, 0xc7, 0xea, 0xe5, 0xdb, 0x41, 0xcf, 0xc2, 0xc8, 0x8d, 0x28, 0xf0, 0x57, 0x02, + 0xd7, 0x17, 0x22, 0x88, 0xee, 0x38, 0x8e, 0xdd, 0xda, 0x99, 0x1c, 0xa1, 0x23, 0x2a, 0xdb, 0x71, + 0x02, 0x0b, 0xcd, 0xc1, 0xf1, 0x1b, 0xaf, 0xac, 0x38, 0xb1, 0xe1, 0x4d, 0x90, 0xfb, 0x7e, 0x76, + 0x1e, 0x75, 0xe9, 0x85, 0x14, 0x10, 0x77, 0xe3, 0xdb, 0xff, 0xa0, 0x00, 0x0f, 0xa4, 0x5e, 0x24, + 0xf0, 0xbc, 0xa0, 0x1d, 0xd3, 0x3d, 0x11, 0xfa, 0xb2, 0x05, 0xc7, 0x9a, 0x49, 0x87, 0x45, 0x24, + 0xdc, 0xdd, 0xef, 0xc9, 0x4d, 0x47, 0xa4, 0x3c, 0x22, 0xb3, 0x13, 0x62, 0x84, 0x8e, 0xa5, 0x00, + 0x11, 0xee, 0xea, 0x0b, 0x7a, 0x09, 0x2a, 0x4d, 0x67, 0xfb, 0x6a, 0xab, 0xee, 0xc4, 0x72, 0x3b, + 0xda, 0xdb, 0x8b, 0xd0, 0x8e, 0x5d, 0x6f, 0x8a, 0x47, 0x6e, 0x4c, 0x2d, 0xf8, 0xf1, 0x72, 0x58, + 0x8d, 0x43, 0xd7, 0x6f, 0x70, 0x27, 0xe7, 0x92, 0x24, 0x83, 0x35, 0x45, 0xfb, 0x4b, 0x56, 0x5a, + 0x49, 0xa9, 0xd1, 0x09, 0x9d, 0x98, 0x34, 0x3a, 0xe8, 0x43, 0x50, 0xa2, 0xfb, 0x46, 0x39, 0x2a, + 0xd7, 0xf3, 0xd4, 0x9c, 0xc6, 0x97, 0xd0, 0x4a, 0x94, 0xfe, 0x8b, 0x30, 0x67, 0x6a, 0x7f, 0xb9, + 0x92, 0x36, 0x16, 0xd8, 0xd9, 0xfc, 0xd3, 0x00, 0x8d, 0x60, 0x95, 0x34, 0x5b, 0x1e, 0x1d, 0x16, + 0x8b, 0x1d, 0xf0, 0x28, 0x57, 0xc9, 0x05, 0x05, 0xc1, 0x06, 0x16, 0xfa, 0x59, 0x0b, 0xa0, 0x21, + 0xe7, 0xbc, 0x34, 0x04, 0xae, 0xe6, 0xf9, 0x3a, 0x7a, 0x45, 0xe9, 0xbe, 0x28, 0x86, 0xd8, 0x60, + 0x8e, 0x7e, 0xca, 0x82, 0x72, 0x2c, 0xbb, 0xcf, 0x55, 0xe3, 0x6a, 0x9e, 0x3d, 0x91, 0x2f, 0xad, + 0x6d, 0x22, 0x35, 0x24, 0x8a, 0x2f, 0xfa, 0x69, 0x0b, 0x20, 0xea, 0xf8, 0xb5, 0x95, 0xc0, 0x73, + 0x6b, 0x1d, 0xa1, 0x31, 0xaf, 0xe5, 0xea, 0xce, 0x51, 0xd4, 0x67, 0xc7, 0xe8, 0x68, 0xe8, 0xff, + 0xd8, 0xe0, 0x8c, 0x3e, 0x02, 0xe5, 0x48, 0x4c, 0x37, 0xa1, 0x23, 0x57, 0xf3, 0x75, 0x2a, 0x71, + 0xda, 0x42, 0xbc, 0x8a, 0x7f, 0x58, 0xf1, 0x44, 0x3f, 0x6f, 0xc1, 0x78, 0x2b, 0xe9, 0x26, 0x14, + 0xea, 0x30, 0x3f, 0x19, 0x90, 0x72, 0x43, 0x72, 0x6f, 0x4b, 0xaa, 0x11, 0xa7, 0x7b, 0x41, 0x25, + 0xa0, 0x9e, 0xc1, 0xcb, 0x2d, 0xee, 0xb2, 0x1c, 0xd2, 0x12, 0xf0, 0x42, 0x1a, 0x88, 0xbb, 0xf1, + 0xd1, 0x0a, 0x9c, 0xa4, 0xbd, 0xeb, 0x70, 0xf3, 0x53, 0xaa, 0x97, 0x88, 0x29, 0xc3, 0xf2, 0xec, + 0x43, 0x62, 0x86, 0xb0, 0xb3, 0x8e, 0x34, 0x0e, 0xce, 0x7c, 0x12, 0xfd, 0x81, 0x05, 0x0f, 0xb9, + 0x4c, 0x0d, 0x98, 0x0e, 0x7b, 0xad, 0x11, 0xc4, 0x41, 0x3b, 0xc9, 0x55, 0x56, 0xf4, 0x52, 0x3f, + 0xb3, 0x6f, 0x16, 0x6f, 0xf0, 0xd0, 0xc2, 0x2e, 0x5d, 0xc2, 0xbb, 0x76, 0x18, 0xfd, 0x18, 0x8c, + 0xca, 0x75, 0xb1, 0x42, 0x45, 0x30, 0x53, 0xb4, 0x95, 0xd9, 0xe3, 0xb7, 0x76, 0x26, 0x47, 0x57, + 0x4d, 0x00, 0x4e, 0xe2, 0xd9, 0xff, 0xae, 0x98, 0x38, 0x25, 0x52, 0x3e, 0x4c, 0x26, 0x6e, 0x6a, + 0xd2, 0xff, 0x23, 0xa5, 0x67, 0xae, 0xe2, 0x46, 0x79, 0x97, 0xb4, 0xb8, 0x51, 0x4d, 0x11, 0x36, + 0x98, 0x53, 0xa3, 0xf4, 0xb8, 0x93, 0xf6, 0x94, 0x0a, 0x09, 0xf8, 0x52, 0x9e, 0x5d, 0xea, 0x3e, + 0xd3, 0x7b, 0x40, 0x74, 0xed, 0x78, 0x17, 0x08, 0x77, 0x77, 0x09, 0x7d, 0x18, 0x2a, 0xa1, 0x8a, + 0x6c, 0x29, 0xe6, 0xb1, 0x55, 0x93, 0xd3, 0x46, 0x74, 0x47, 0x1d, 0x00, 0xe9, 0x18, 0x16, 0xcd, + 0xd1, 0xfe, 0xfd, 0xe4, 0xc1, 0x98, 0x21, 0x3b, 0xfa, 0x38, 0xf4, 0x7b, 0xcd, 0x82, 0xe1, 0x30, + 0xf0, 0x3c, 0xd7, 0x6f, 0x50, 0x39, 0x27, 0x94, 0xf5, 0xfb, 0x0e, 0x45, 0x5f, 0x0a, 0x81, 0xc6, + 0x2c, 0x6b, 0xac, 0x79, 0x62, 0xb3, 0x03, 0xf6, 0x9f, 0x59, 0x30, 0xd1, 0x4b, 0x1e, 0x23, 0x02, + 0x0f, 0x4a, 0x61, 0xa3, 0x86, 0x62, 0xd9, 0x9f, 0x27, 0x1e, 0x51, 0x6e, 0xf3, 0xf2, 0xec, 0xa3, + 0xe2, 0x35, 0x1f, 0x5c, 0xe9, 0x8d, 0x8a, 0x77, 0xa3, 0x83, 0x5e, 0x84, 0x63, 0xc6, 0x7b, 0x45, + 0x6a, 0x60, 0x2a, 0xb3, 0x53, 0xd4, 0x00, 0x9a, 0x49, 0xc1, 0x6e, 0xef, 0x4c, 0xde, 0x97, 0x6e, + 0x13, 0x0a, 0xa3, 0x8b, 0x8e, 0xfd, 0xb5, 0x42, 0xfa, 0x6b, 0x29, 0x5d, 0xff, 0xba, 0xd5, 0xe5, + 0x4d, 0x78, 0xcf, 0x61, 0xe8, 0x57, 0xe6, 0x77, 0x50, 0x61, 0x18, 0xbd, 0x71, 0xee, 0xe2, 0xb1, + 0xbd, 0xfd, 0xef, 0x07, 0x60, 0x97, 0x9e, 0xf5, 0x61, 0xbc, 0xef, 0xfb, 0x1c, 0xf5, 0x33, 0x96, + 0x3a, 0x30, 0xe3, 0x6b, 0xb8, 0x7e, 0x58, 0x63, 0xcf, 0xf7, 0x4f, 0x11, 0x0f, 0x1d, 0x51, 0x5e, + 0xf4, 0xe4, 0xd1, 0x1c, 0xfa, 0x8a, 0x95, 0x3c, 0xf2, 0xe3, 0x41, 0x8d, 0xee, 0xa1, 0xf5, 0xc9, + 0x38, 0x47, 0xe4, 0x1d, 0xd3, 0xa7, 0x4f, 0xbd, 0x4e, 0x18, 0xa7, 0x00, 0xd6, 0x5d, 0xdf, 0xf1, + 0xdc, 0x57, 0xe9, 0xee, 0xa8, 0xc4, 0x14, 0x3c, 0xb3, 0x98, 0xce, 0xab, 0x56, 0x6c, 0x60, 0x9c, + 0xfe, 0xdb, 0x30, 0x6c, 0xbc, 0x79, 0x46, 0xc4, 0xcb, 0x49, 0x33, 0xe2, 0xa5, 0x62, 0x04, 0xaa, + 0x9c, 0x7e, 0x17, 0x1c, 0x4b, 0x77, 0x70, 0x3f, 0xcf, 0xdb, 0xff, 0x7b, 0x28, 0x7d, 0x06, 0xb7, + 0x4a, 0xc2, 0x26, 0xed, 0xda, 0x1b, 0x8e, 0xad, 0x37, 0x1c, 0x5b, 0x6f, 0x38, 0xb6, 0xcc, 0xb3, + 0x09, 0xe1, 0xb4, 0x19, 0x3a, 0x22, 0xa7, 0x4d, 0xc2, 0x0d, 0x55, 0xce, 0xdd, 0x0d, 0x65, 0x7f, + 0xb2, 0xcb, 0x73, 0xbf, 0x1a, 0x12, 0x82, 0x02, 0x28, 0xf9, 0x41, 0x9d, 0x48, 0x1b, 0xf7, 0x52, + 0x3e, 0x06, 0xdb, 0x95, 0xa0, 0x6e, 0x84, 0x8b, 0xd3, 0x7f, 0x11, 0xe6, 0x7c, 0xec, 0x4f, 0x0c, + 0x42, 0xc2, 0x9c, 0xe4, 0xdf, 0xfd, 0x47, 0x60, 0x28, 0x24, 0xad, 0xe0, 0x2a, 0x5e, 0x14, 0xba, + 0x4c, 0x67, 0x94, 0xf0, 0x66, 0x2c, 0xe1, 0x54, 0xe7, 0xb5, 0x9c, 0x78, 0x43, 0x28, 0x33, 0xa5, + 0xf3, 0x56, 0x9c, 0x78, 0x03, 0x33, 0x08, 0x7a, 0x17, 0x8c, 0xc5, 0x89, 0xa3, 0x70, 0x71, 0xe4, + 0x7b, 0x9f, 0xc0, 0x1d, 0x4b, 0x1e, 0x94, 0xe3, 0x14, 0x36, 0x7a, 0x05, 0x06, 0x36, 0x88, 0xd7, + 0x14, 0x9f, 0xbe, 0x9a, 0x9f, 0xae, 0x61, 0xef, 0x7a, 0x91, 0x78, 0x4d, 0x2e, 0x09, 0xe9, 0x2f, + 0xcc, 0x58, 0xd1, 0x79, 0x5f, 0xd9, 0x6c, 0x47, 0x71, 0xd0, 0x74, 0x5f, 0x95, 0x9e, 0xce, 0xf7, + 0xe4, 0xcc, 0xf8, 0xb2, 0xa4, 0xcf, 0x5d, 0x4a, 0xea, 0x2f, 0xd6, 0x9c, 0x59, 0x3f, 0xea, 0x6e, + 0xc8, 0xa6, 0x4c, 0x47, 0x38, 0x2c, 0xf3, 0xee, 0xc7, 0xbc, 0xa4, 0xcf, 0xfb, 0xa1, 0xfe, 0x62, + 0xcd, 0x19, 0x75, 0xd4, 0xfa, 0x1b, 0x66, 0x7d, 0xb8, 0x9a, 0x73, 0x1f, 0xf8, 0xda, 0xcb, 0x5c, + 0x87, 0x8f, 0x42, 0xa9, 0xb6, 0xe1, 0x84, 0xf1, 0xc4, 0x08, 0x9b, 0x34, 0x6a, 0x16, 0xcf, 0xd1, + 0x46, 0xcc, 0x61, 0xe8, 0x61, 0x28, 0x86, 0x64, 0x9d, 0x45, 0x27, 0x1b, 0x71, 0x51, 0x98, 0xac, + 0x63, 0xda, 0xae, 0xec, 0xb2, 0xb1, 0x9e, 0x01, 0x73, 0xbf, 0x54, 0x48, 0x1a, 0x76, 0xc9, 0x91, + 0xe1, 0xeb, 0xa1, 0xd6, 0x0e, 0x23, 0xe9, 0x20, 0x33, 0xd6, 0x03, 0x6b, 0xc6, 0x12, 0x8e, 0x3e, + 0x66, 0xc1, 0xd0, 0x8d, 0x28, 0xf0, 0x7d, 0x12, 0x0b, 0x25, 0x7a, 0x2d, 0xe7, 0xc1, 0xba, 0xc4, + 0xa9, 0xeb, 0x3e, 0x88, 0x06, 0x2c, 0xf9, 0xd2, 0xee, 0x92, 0xed, 0x9a, 0xd7, 0xae, 0x77, 0x05, + 0xc3, 0x9c, 0xe3, 0xcd, 0x58, 0xc2, 0x29, 0xaa, 0xeb, 0x73, 0xd4, 0x81, 0x24, 0xea, 0x82, 0x2f, + 0x50, 0x05, 0xdc, 0xfe, 0xd5, 0x32, 0x9c, 0xca, 0x5c, 0x3e, 0xd4, 0xe4, 0x62, 0x46, 0xcd, 0x79, + 0xd7, 0x23, 0x32, 0x0c, 0x8c, 0x99, 0x5c, 0xd7, 0x54, 0x2b, 0x36, 0x30, 0xd0, 0x4f, 0x02, 0xb4, + 0x9c, 0xd0, 0x69, 0x12, 0xe5, 0xc0, 0x3e, 0xb0, 0x65, 0x43, 0xfb, 0xb1, 0x22, 0x69, 0xea, 0x4d, + 0xbc, 0x6a, 0x8a, 0xb0, 0xc1, 0x12, 0x3d, 0x07, 0xc3, 0x21, 0xf1, 0x88, 0x13, 0xb1, 0xf0, 0xf7, + 0x74, 0x2e, 0x0f, 0xd6, 0x20, 0x6c, 0xe2, 0xa1, 0xc7, 0x54, 0xc4, 0x5c, 0x2a, 0x72, 0x28, 0x19, + 0x35, 0x87, 0x3e, 0x67, 0xc1, 0xd8, 0xba, 0xeb, 0x11, 0xcd, 0x5d, 0x64, 0xde, 0x2c, 0x1f, 0xfc, + 0x25, 0xcf, 0x9b, 0x74, 0xb5, 0x0c, 0x4d, 0x34, 0x47, 0x38, 0xc5, 0x9e, 0x7e, 0xe6, 0x2d, 0x12, + 0x32, 0xe1, 0x3b, 0x98, 0xfc, 0xcc, 0xd7, 0x78, 0x33, 0x96, 0x70, 0x34, 0x03, 0xe3, 0x2d, 0x27, + 0x8a, 0xe6, 0x42, 0x52, 0x27, 0x7e, 0xec, 0x3a, 0x1e, 0xcf, 0x8b, 0x29, 0xeb, 0x70, 0xf2, 0x95, + 0x24, 0x18, 0xa7, 0xf1, 0xd1, 0x7b, 0xe1, 0x7e, 0xee, 0x21, 0x5a, 0x72, 0xa3, 0xc8, 0xf5, 0x1b, + 0x7a, 0x1a, 0x08, 0x47, 0xd9, 0xa4, 0x20, 0x75, 0xff, 0x42, 0x36, 0x1a, 0xee, 0xf5, 0x3c, 0x7a, + 0x02, 0xca, 0xd1, 0xa6, 0xdb, 0x9a, 0x0b, 0xeb, 0x11, 0x3b, 0x1d, 0x2a, 0x6b, 0xb7, 0x6c, 0x55, + 0xb4, 0x63, 0x85, 0x81, 0x6a, 0x30, 0xc2, 0x3f, 0x09, 0x0f, 0xf9, 0x13, 0x12, 0xf4, 0xc9, 0x9e, + 0x8a, 0x5c, 0xa4, 0x79, 0x4e, 0x61, 0xe7, 0xe6, 0x39, 0x79, 0x56, 0xc5, 0x8f, 0x56, 0xae, 0x19, + 0x64, 0x70, 0x82, 0x68, 0x72, 0x4f, 0x37, 0xdc, 0xc7, 0x9e, 0xee, 0x39, 0x18, 0xde, 0x6c, 0xaf, + 0x11, 0x31, 0xf2, 0x42, 0xb0, 0xa9, 0xd9, 0x77, 0x59, 0x83, 0xb0, 0x89, 0xc7, 0xa2, 0x2d, 0x5b, + 0xae, 0xf8, 0x17, 0x4d, 0x8c, 0x1a, 0xd1, 0x96, 0x2b, 0x0b, 0xb2, 0x19, 0x9b, 0x38, 0xb4, 0x6b, + 0x74, 0x2c, 0x56, 0x49, 0xc4, 0x92, 0x29, 0xe8, 0x70, 0xa9, 0xae, 0x55, 0x25, 0x00, 0x6b, 0x1c, + 0xb4, 0x02, 0x27, 0xe9, 0x9f, 0x2a, 0x4b, 0x73, 0xbd, 0xe6, 0x78, 0x6e, 0x9d, 0x87, 0xfe, 0x8d, + 0x27, 0xfd, 0x9b, 0xd5, 0x0c, 0x1c, 0x9c, 0xf9, 0xa4, 0xfd, 0x0b, 0x85, 0xa4, 0xe7, 0xc4, 0x14, + 0x61, 0x28, 0xa2, 0x82, 0x2a, 0xbe, 0xe6, 0x84, 0xd2, 0xe0, 0x39, 0x60, 0x72, 0x93, 0xa0, 0x7b, + 0xcd, 0x09, 0x4d, 0x91, 0xc7, 0x18, 0x60, 0xc9, 0x09, 0xdd, 0x80, 0x81, 0xd8, 0x73, 0x72, 0xca, + 0x86, 0x34, 0x38, 0x6a, 0x47, 0xd6, 0xe2, 0x4c, 0x84, 0x19, 0x0f, 0xf4, 0x10, 0xdd, 0xbd, 0xad, + 0xc9, 0x93, 0x36, 0xb1, 0xe1, 0x5a, 0x8b, 0x30, 0x6b, 0xb5, 0xff, 0x7c, 0x38, 0x43, 0xeb, 0x28, + 0x43, 0x00, 0x3d, 0x0d, 0x40, 0x27, 0xcd, 0x4a, 0x48, 0xd6, 0xdd, 0x6d, 0x61, 0x88, 0x29, 0xc9, + 0x76, 0x45, 0x41, 0xb0, 0x81, 0x25, 0x9f, 0xa9, 0xb6, 0xd7, 0xe9, 0x33, 0x85, 0xee, 0x67, 0x38, + 0x04, 0x1b, 0x58, 0xe8, 0x59, 0x18, 0x74, 0x9b, 0x4e, 0x43, 0x05, 0x02, 0x3f, 0x44, 0x45, 0xda, + 0x02, 0x6b, 0xb9, 0xbd, 0x33, 0x39, 0xa6, 0x3a, 0xc4, 0x9a, 0xb0, 0xc0, 0x45, 0x5f, 0xb3, 0x60, + 0xa4, 0x16, 0x34, 0x9b, 0x81, 0xcf, 0xb7, 0xcf, 0xc2, 0x17, 0x70, 0xe3, 0xb0, 0xcc, 0xa4, 0xa9, + 0x39, 0x83, 0x19, 0x77, 0x06, 0xa8, 0xb4, 0x4d, 0x13, 0x84, 0x13, 0xbd, 0x32, 0x25, 0x5f, 0x69, + 0x0f, 0xc9, 0xf7, 0xeb, 0x16, 0x1c, 0xe7, 0xcf, 0x1a, 0xbb, 0x7a, 0x91, 0xa1, 0x18, 0x1c, 0xf2, + 0x6b, 0x75, 0x39, 0x3a, 0x94, 0xb3, 0xb7, 0x0b, 0x8e, 0xbb, 0x3b, 0x89, 0x2e, 0xc0, 0xf1, 0xf5, + 0x20, 0xac, 0x11, 0x73, 0x20, 0x84, 0xd8, 0x56, 0x84, 0xce, 0xa7, 0x11, 0x70, 0xf7, 0x33, 0xe8, + 0x1a, 0xdc, 0x67, 0x34, 0x9a, 0xe3, 0xc0, 0x25, 0xf7, 0x23, 0x82, 0xda, 0x7d, 0xe7, 0x33, 0xb1, + 0x70, 0x8f, 0xa7, 0x93, 0x42, 0xb2, 0xd2, 0x87, 0x90, 0x7c, 0x19, 0x1e, 0xa8, 0x75, 0x8f, 0xcc, + 0x56, 0xd4, 0x5e, 0x8b, 0xb8, 0x1c, 0x2f, 0xcf, 0xfe, 0x90, 0x20, 0xf0, 0xc0, 0x5c, 0x2f, 0x44, + 0xdc, 0x9b, 0x06, 0xfa, 0x10, 0x94, 0x43, 0xc2, 0xbe, 0x4a, 0x24, 0xd2, 0xf5, 0x0e, 0xe8, 0xed, + 0xd0, 0x16, 0x3c, 0x27, 0xab, 0x35, 0x93, 0x68, 0x88, 0xb0, 0xe2, 0x88, 0x6e, 0xc2, 0x50, 0xcb, + 0x89, 0x6b, 0x1b, 0x22, 0x49, 0xef, 0xc0, 0xbe, 0x79, 0xc5, 0x9c, 0x1d, 0xa5, 0x18, 0x69, 0xfd, + 0x9c, 0x09, 0x96, 0xdc, 0xa8, 0xad, 0x56, 0x0b, 0x9a, 0xad, 0xc0, 0x27, 0x7e, 0x2c, 0x95, 0xc8, + 0x18, 0x3f, 0xef, 0x90, 0xad, 0xd8, 0xc0, 0xa0, 0x1a, 0x81, 0xf9, 0xfe, 0xae, 0xbb, 0xf1, 0x46, + 0xd0, 0x8e, 0xe5, 0x56, 0x56, 0x68, 0x13, 0xa5, 0x11, 0x16, 0x33, 0x70, 0x70, 0xe6, 0x93, 0x69, + 0xf5, 0x37, 0x7e, 0x67, 0xea, 0xef, 0xd8, 0xde, 0xea, 0xef, 0xf4, 0xbb, 0xe1, 0x78, 0x97, 0xd0, + 0xd8, 0x97, 0x83, 0x6f, 0x1e, 0xee, 0xcb, 0x5e, 0x9e, 0xfb, 0x72, 0xf3, 0xfd, 0x6a, 0x2a, 0xce, + 0xdb, 0xd8, 0xf2, 0xf4, 0xe1, 0x32, 0x76, 0xa0, 0x48, 0xfc, 0x2d, 0xa1, 0xad, 0xce, 0x1f, 0x6c, + 0x96, 0x9c, 0xf3, 0xb7, 0xb8, 0x74, 0x61, 0x7e, 0xb1, 0x73, 0xfe, 0x16, 0xa6, 0xb4, 0xd1, 0x17, + 0xac, 0x84, 0x41, 0xce, 0x1d, 0xcd, 0x1f, 0x38, 0x94, 0x3d, 0x5e, 0xdf, 0x36, 0xba, 0xfd, 0x1f, + 0x0a, 0x70, 0x66, 0x2f, 0x22, 0x7d, 0x0c, 0xdf, 0xa3, 0x30, 0x18, 0xb1, 0xc8, 0x0d, 0x21, 0xfe, + 0x87, 0xe9, 0xaa, 0xe0, 0xb1, 0x1c, 0x2f, 0x63, 0x01, 0x42, 0x1e, 0x14, 0x9b, 0x4e, 0x4b, 0xf8, + 0x1f, 0x17, 0x0e, 0x9a, 0x0f, 0x47, 0xff, 0x3b, 0xde, 0x92, 0xd3, 0xe2, 0xd3, 0xd3, 0x68, 0xc0, + 0x94, 0x0d, 0x8a, 0xa1, 0xe4, 0x84, 0xa1, 0x23, 0xc3, 0x04, 0x2e, 0xe7, 0xc3, 0x6f, 0x86, 0x92, + 0xe4, 0xa7, 0xac, 0x89, 0x26, 0xcc, 0x99, 0xd9, 0x3f, 0x5f, 0x4e, 0x24, 0x4f, 0xb1, 0xd8, 0x8f, + 0x08, 0x06, 0x85, 0xdb, 0xd1, 0xca, 0x3b, 0x0d, 0x91, 0x67, 0x27, 0xb3, 0x1d, 0xbd, 0xa8, 0xf1, + 0x20, 0x58, 0xa1, 0x4f, 0x5b, 0xac, 0x92, 0x82, 0xcc, 0x48, 0x13, 0xbb, 0xe4, 0xc3, 0x29, 0xec, + 0x60, 0xd6, 0x67, 0x90, 0x8d, 0xd8, 0xe4, 0x2e, 0x2a, 0xa2, 0xb0, 0xdd, 0x41, 0x77, 0x45, 0x14, + 0x66, 0xed, 0x4b, 0x38, 0xda, 0xce, 0x88, 0xf1, 0xc8, 0x21, 0x1b, 0xbf, 0x8f, 0xa8, 0x8e, 0xaf, + 0x58, 0x70, 0xdc, 0x4d, 0x1f, 0xd6, 0x8b, 0x3d, 0xe5, 0xf5, 0x7c, 0x7c, 0x84, 0xdd, 0xb1, 0x00, + 0xca, 0x70, 0xe8, 0x02, 0xe1, 0xee, 0xce, 0xa0, 0x3a, 0x0c, 0xb8, 0xfe, 0x7a, 0x20, 0xcc, 0xa5, + 0xd9, 0x83, 0x75, 0x6a, 0xc1, 0x5f, 0x0f, 0xf4, 0x6a, 0xa6, 0xff, 0x30, 0xa3, 0x8e, 0x16, 0xe1, + 0xa4, 0xcc, 0x9f, 0xb9, 0xe8, 0x46, 0x71, 0x10, 0x76, 0x16, 0xdd, 0xa6, 0x1b, 0x33, 0x53, 0xa7, + 0x38, 0x3b, 0x41, 0x35, 0x11, 0xce, 0x80, 0xe3, 0xcc, 0xa7, 0xd0, 0xab, 0x30, 0x24, 0x0f, 0xc8, + 0xcb, 0x79, 0xec, 0xcf, 0xbb, 0xe7, 0xbf, 0x9a, 0x4c, 0x55, 0x71, 0x42, 0x2e, 0x19, 0xa2, 0x4f, + 0x59, 0x30, 0xc6, 0x7f, 0x5f, 0xec, 0xd4, 0x79, 0xca, 0x5e, 0x25, 0x8f, 0x28, 0xf8, 0x6a, 0x82, + 0xe6, 0x2c, 0xba, 0xb5, 0x33, 0x39, 0x96, 0x6c, 0xc3, 0x29, 0xbe, 0xf6, 0xd7, 0x46, 0xa0, 0x3b, + 0xa4, 0x20, 0x19, 0x3f, 0x60, 0x1d, 0x75, 0xfc, 0x00, 0xdd, 0xa5, 0x45, 0xfa, 0xe8, 0x3f, 0x87, + 0x65, 0x26, 0xb8, 0xea, 0x63, 0xdd, 0x8e, 0x5f, 0xc3, 0x8c, 0x07, 0x0a, 0x61, 0x70, 0x83, 0x38, + 0x5e, 0xbc, 0x91, 0xcf, 0x09, 0xd4, 0x45, 0x46, 0x2b, 0x9d, 0x7f, 0xc7, 0x5b, 0xb1, 0xe0, 0x84, + 0xb6, 0x61, 0x68, 0x83, 0xcf, 0x45, 0xb1, 0x71, 0x5a, 0x3a, 0xe8, 0xe0, 0x26, 0x26, 0xb8, 0x9e, + 0x79, 0xa2, 0x01, 0x4b, 0x76, 0x2c, 0x56, 0xcd, 0x88, 0xa6, 0xe1, 0x52, 0x24, 0xbf, 0xd4, 0xc3, + 0xfe, 0x43, 0x69, 0x3e, 0x08, 0x23, 0x21, 0xa9, 0x05, 0x7e, 0xcd, 0xf5, 0x48, 0x7d, 0x46, 0x9e, + 0x2e, 0xed, 0x27, 0xe3, 0x8c, 0xb9, 0x66, 0xb0, 0x41, 0x03, 0x27, 0x28, 0xb2, 0x45, 0xa6, 0xb2, + 0xd0, 0xe9, 0x07, 0x21, 0xe2, 0x14, 0x61, 0x31, 0xa7, 0x9c, 0x77, 0x46, 0x93, 0x2f, 0xb2, 0x64, + 0x1b, 0x4e, 0xf1, 0x45, 0x2f, 0x02, 0x04, 0x6b, 0x3c, 0x20, 0x6d, 0x26, 0x16, 0x47, 0x0a, 0xfb, + 0x79, 0xd5, 0x31, 0x9e, 0xb9, 0x2a, 0x29, 0x60, 0x83, 0x1a, 0xba, 0x0c, 0xc0, 0x97, 0xcd, 0x6a, + 0xa7, 0x25, 0x77, 0x57, 0x32, 0x65, 0x10, 0xaa, 0x0a, 0x72, 0x7b, 0x67, 0xb2, 0xdb, 0x81, 0xcb, + 0xa2, 0x6e, 0x8c, 0xc7, 0xd1, 0x4f, 0xc0, 0x50, 0xd4, 0x6e, 0x36, 0x1d, 0x75, 0xe0, 0x90, 0x63, + 0x2e, 0x2c, 0xa7, 0x6b, 0x48, 0x45, 0xde, 0x80, 0x25, 0x47, 0x74, 0x83, 0xca, 0x77, 0x21, 0x9e, + 0xf8, 0x2a, 0xe2, 0xe6, 0x09, 0x77, 0xab, 0xbd, 0x4d, 0xee, 0x36, 0x70, 0x06, 0xce, 0xed, 0x9d, + 0xc9, 0xfb, 0x92, 0xed, 0x8b, 0x81, 0xc8, 0x4e, 0xcd, 0xa4, 0x89, 0x2e, 0xc9, 0xa2, 0x54, 0xf4, + 0xb5, 0x65, 0xad, 0x94, 0xc7, 0x75, 0x51, 0x2a, 0xd6, 0xdc, 0x7b, 0xcc, 0xcc, 0x87, 0xd1, 0x12, + 0x9c, 0xa8, 0x05, 0x7e, 0x1c, 0x06, 0x9e, 0xc7, 0x8b, 0xb2, 0xf1, 0x8d, 0x2e, 0x3f, 0x90, 0x78, + 0x50, 0x74, 0xfb, 0xc4, 0x5c, 0x37, 0x0a, 0xce, 0x7a, 0x8e, 0x1a, 0xe4, 0x69, 0xe5, 0x30, 0x96, + 0xcb, 0x59, 0x75, 0x82, 0xa6, 0x90, 0x50, 0xca, 0x87, 0xbc, 0x87, 0x9a, 0xf0, 0x93, 0x27, 0x96, + 0xe2, 0x8b, 0x3d, 0x0b, 0x23, 0x64, 0x3b, 0x26, 0xa1, 0xef, 0x78, 0x57, 0xf1, 0xa2, 0xf4, 0xfe, + 0xb3, 0x85, 0x79, 0xce, 0x68, 0xc7, 0x09, 0x2c, 0x64, 0x2b, 0x97, 0x93, 0x91, 0x06, 0xce, 0x5d, + 0x4e, 0xd2, 0xc1, 0x64, 0x7f, 0xa3, 0x98, 0x30, 0x58, 0xef, 0xca, 0xf9, 0x28, 0xab, 0x37, 0x24, + 0x0b, 0x33, 0x31, 0x80, 0xd8, 0x88, 0xe5, 0xc9, 0x59, 0xd5, 0x1b, 0x5a, 0x36, 0x19, 0xe1, 0x24, + 0x5f, 0xb4, 0x09, 0xa5, 0x8d, 0x20, 0x8a, 0xe5, 0xf6, 0xec, 0x80, 0x3b, 0xc1, 0x8b, 0x41, 0x14, + 0x33, 0x2b, 0x4b, 0xbd, 0x36, 0x6d, 0x89, 0x30, 0xe7, 0x41, 0xf7, 0xe8, 0xd1, 0x86, 0x13, 0xd6, + 0xa3, 0x39, 0x56, 0xb4, 0x61, 0x80, 0x99, 0x57, 0xca, 0x98, 0xae, 0x6a, 0x10, 0x36, 0xf1, 0xec, + 0xbf, 0xb0, 0x12, 0x47, 0x44, 0xd7, 0x59, 0x04, 0xfe, 0x16, 0xf1, 0xa9, 0x88, 0x32, 0x63, 0xfe, + 0x7e, 0x2c, 0x95, 0xcf, 0xfc, 0x96, 0x5e, 0xf5, 0x13, 0x6f, 0x52, 0x0a, 0x53, 0x8c, 0x84, 0x11, + 0x1e, 0xf8, 0x51, 0x2b, 0x99, 0x98, 0x5e, 0xc8, 0x63, 0xdf, 0x66, 0x16, 0x67, 0xd8, 0x33, 0xc7, + 0xdd, 0xfe, 0x82, 0x05, 0x43, 0xb3, 0x4e, 0x6d, 0x33, 0x58, 0x5f, 0x47, 0x4f, 0x40, 0xb9, 0xde, + 0x0e, 0xcd, 0x1c, 0x79, 0xe5, 0xf9, 0x99, 0x17, 0xed, 0x58, 0x61, 0xd0, 0xa9, 0xbf, 0xee, 0xd4, + 0x64, 0x89, 0x86, 0x22, 0x9f, 0xfa, 0xe7, 0x59, 0x0b, 0x16, 0x10, 0x3a, 0xfc, 0x4d, 0x67, 0x5b, + 0x3e, 0x9c, 0x3e, 0x9f, 0x5a, 0xd2, 0x20, 0x6c, 0xe2, 0xd9, 0xff, 0xc6, 0x82, 0x89, 0x59, 0x27, + 0x72, 0x6b, 0x33, 0xed, 0x78, 0x63, 0xd6, 0x8d, 0xd7, 0xda, 0xb5, 0x4d, 0x12, 0xf3, 0x52, 0x1e, + 0xb4, 0x97, 0xed, 0x88, 0xae, 0x40, 0xb5, 0x5d, 0x56, 0xbd, 0xbc, 0x2a, 0xda, 0xb1, 0xc2, 0x40, + 0xaf, 0xc2, 0x70, 0xcb, 0x89, 0xa2, 0x9b, 0x41, 0x58, 0xc7, 0x64, 0x3d, 0x9f, 0x62, 0x3f, 0x55, + 0x52, 0x0b, 0x49, 0x8c, 0xc9, 0xba, 0x88, 0xf6, 0xd0, 0xf4, 0xb1, 0xc9, 0xcc, 0xfe, 0x59, 0x0b, + 0x4e, 0xce, 0x12, 0x27, 0x24, 0x21, 0xab, 0x0d, 0xa4, 0x5e, 0x04, 0xbd, 0x02, 0xe5, 0x98, 0xb6, + 0xd0, 0x1e, 0x59, 0xf9, 0xf6, 0x88, 0xc5, 0x69, 0xac, 0x0a, 0xe2, 0x58, 0xb1, 0xb1, 0x5f, 0xb3, + 0xe0, 0x81, 0xac, 0xbe, 0xcc, 0x79, 0x41, 0xbb, 0x7e, 0x37, 0x3a, 0xf4, 0xf7, 0x2d, 0x18, 0x61, + 0x67, 0xdf, 0xf3, 0x24, 0x76, 0x5c, 0xaf, 0xab, 0x2e, 0xa1, 0xd5, 0x67, 0x5d, 0xc2, 0x33, 0x30, + 0xb0, 0x11, 0x34, 0x49, 0x3a, 0x6e, 0xe3, 0x62, 0xd0, 0x24, 0x98, 0x41, 0xd0, 0x53, 0x74, 0x12, + 0xba, 0x7e, 0xec, 0xd0, 0xe5, 0x28, 0xcf, 0x06, 0xc6, 0xf9, 0x04, 0x54, 0xcd, 0xd8, 0xc4, 0xb1, + 0xff, 0x75, 0x05, 0x86, 0x44, 0x90, 0x51, 0xdf, 0xa5, 0x65, 0xa4, 0x0b, 0xa7, 0xd0, 0xd3, 0x85, + 0x13, 0xc1, 0x60, 0x8d, 0x15, 0x48, 0x15, 0xe6, 0xf9, 0xe5, 0x5c, 0xa2, 0xd2, 0x78, 0xcd, 0x55, + 0xdd, 0x2d, 0xfe, 0x1f, 0x0b, 0x56, 0xe8, 0xf3, 0x16, 0x8c, 0xd7, 0x02, 0xdf, 0x27, 0x35, 0x6d, + 0x3b, 0x0e, 0xe4, 0x11, 0x7c, 0x34, 0x97, 0x24, 0xaa, 0x8f, 0x55, 0x53, 0x00, 0x9c, 0x66, 0x8f, + 0x9e, 0x87, 0x51, 0x3e, 0x66, 0xd7, 0x12, 0x07, 0x1a, 0xba, 0x5c, 0x9d, 0x09, 0xc4, 0x49, 0x5c, + 0x34, 0xc5, 0x0f, 0x86, 0x44, 0x61, 0xb8, 0x41, 0xed, 0xf7, 0x35, 0x4a, 0xc2, 0x19, 0x18, 0x28, + 0x04, 0x14, 0x92, 0xf5, 0x90, 0x44, 0x1b, 0x22, 0x08, 0x8b, 0xd9, 0xad, 0x43, 0x77, 0x56, 0x14, + 0x02, 0x77, 0x51, 0xc2, 0x19, 0xd4, 0xd1, 0xa6, 0xf0, 0x21, 0x94, 0xf3, 0x90, 0xe7, 0xe2, 0x33, + 0xf7, 0x74, 0x25, 0x4c, 0x42, 0x89, 0xa9, 0x2e, 0x66, 0x2f, 0x17, 0x79, 0x22, 0x22, 0x53, 0x6c, + 0x98, 0xb7, 0xa3, 0x79, 0x38, 0x96, 0x2a, 0xb6, 0x17, 0x89, 0x83, 0x07, 0x95, 0x74, 0x96, 0x2a, + 0xd3, 0x17, 0xe1, 0xae, 0x27, 0x4c, 0xff, 0xd2, 0xf0, 0x1e, 0xfe, 0xa5, 0x8e, 0x0a, 0xf5, 0xe5, + 0x47, 0x02, 0x2f, 0xe4, 0x32, 0x00, 0x7d, 0xc5, 0xf5, 0x7e, 0x36, 0x15, 0xd7, 0x3b, 0xca, 0x3a, + 0x70, 0x2d, 0x9f, 0x0e, 0xec, 0x3f, 0x88, 0xf7, 0x6e, 0x06, 0xe5, 0xfe, 0x2f, 0x0b, 0xe4, 0x77, + 0x9d, 0x73, 0x6a, 0x1b, 0x84, 0x4e, 0x19, 0xf4, 0x2e, 0x18, 0x53, 0xae, 0x09, 0x6e, 0x12, 0x59, + 0x6c, 0xd6, 0x28, 0xdb, 0x19, 0x27, 0xa0, 0x38, 0x85, 0x8d, 0xa6, 0xa1, 0x42, 0xc7, 0x89, 0x3f, + 0xca, 0xf5, 0xbe, 0x72, 0x7f, 0xcc, 0xac, 0x2c, 0x88, 0xa7, 0x34, 0x0e, 0x0a, 0xe0, 0xb8, 0xe7, + 0x44, 0x31, 0xeb, 0x41, 0xb5, 0xe3, 0xd7, 0xee, 0xb0, 0x24, 0x0b, 0xcb, 0x6c, 0x5a, 0x4c, 0x13, + 0xc2, 0xdd, 0xb4, 0xed, 0xff, 0x58, 0x82, 0xd1, 0x84, 0x64, 0xdc, 0xa7, 0xc1, 0xf0, 0x04, 0x94, + 0xa5, 0x0e, 0x4f, 0xd7, 0x9e, 0x52, 0x8a, 0x5e, 0x61, 0x50, 0xa5, 0xb5, 0xa6, 0xb5, 0x6a, 0xda, + 0xc0, 0x31, 0x14, 0x2e, 0x36, 0xf1, 0x98, 0x50, 0x8e, 0xbd, 0x68, 0xce, 0x73, 0x89, 0x1f, 0xf3, + 0x6e, 0xe6, 0x23, 0x94, 0x57, 0x17, 0xab, 0x26, 0x51, 0x2d, 0x94, 0x53, 0x00, 0x9c, 0x66, 0x8f, + 0x3e, 0x61, 0xc1, 0xa8, 0x73, 0x33, 0xd2, 0x55, 0xbc, 0x45, 0x04, 0xef, 0x01, 0x95, 0x54, 0xa2, + 0x30, 0x38, 0xf7, 0xea, 0x27, 0x9a, 0x70, 0x92, 0x29, 0x7a, 0xdd, 0x02, 0x44, 0xb6, 0x49, 0x4d, + 0xc6, 0x18, 0x8b, 0xbe, 0x0c, 0xe6, 0xb1, 0x83, 0x3f, 0xd7, 0x45, 0x97, 0x4b, 0xf5, 0xee, 0x76, + 0x9c, 0xd1, 0x07, 0x74, 0x09, 0x50, 0xdd, 0x8d, 0x9c, 0x35, 0x8f, 0xcc, 0x05, 0x4d, 0x99, 0x8d, + 0x2b, 0x0e, 0xa7, 0x4f, 0x8b, 0x71, 0x46, 0xf3, 0x5d, 0x18, 0x38, 0xe3, 0x29, 0x36, 0xcb, 0xc2, + 0x60, 0xbb, 0x73, 0x35, 0xf4, 0x98, 0x96, 0x30, 0x67, 0x99, 0x68, 0xc7, 0x0a, 0xc3, 0xfe, 0xcb, + 0xa2, 0x5a, 0xca, 0x3a, 0xa0, 0xde, 0x31, 0x02, 0x7b, 0xad, 0x3b, 0x0f, 0xec, 0xd5, 0x61, 0x47, + 0xdd, 0x39, 0xe6, 0x89, 0x94, 0xd4, 0xc2, 0x5d, 0x4a, 0x49, 0xfd, 0x29, 0x2b, 0x51, 0xdf, 0x6d, + 0xf8, 0xe9, 0x17, 0xf3, 0x0d, 0xe6, 0x9f, 0xe2, 0x21, 0x51, 0x29, 0xbd, 0x92, 0x8a, 0x84, 0x7b, + 0x02, 0xca, 0xeb, 0x9e, 0xc3, 0xaa, 0x92, 0xb0, 0x85, 0x6a, 0x84, 0x6b, 0x9d, 0x17, 0xed, 0x58, + 0x61, 0x50, 0xa9, 0x6f, 0x10, 0xdd, 0x97, 0xd4, 0xfe, 0xcf, 0x45, 0x18, 0x36, 0x34, 0x7e, 0xa6, + 0xf9, 0x66, 0xdd, 0x63, 0xe6, 0x5b, 0x61, 0x1f, 0xe6, 0xdb, 0x4f, 0x42, 0xa5, 0x26, 0xb5, 0x51, + 0x3e, 0xf5, 0xea, 0xd3, 0x3a, 0x4e, 0x2b, 0x24, 0xd5, 0x84, 0x35, 0x4f, 0x74, 0x21, 0x91, 0xf6, + 0x98, 0xf0, 0x0b, 0x64, 0xe5, 0x25, 0x0a, 0x8d, 0xd6, 0xfd, 0x4c, 0xfa, 0x1c, 0xbf, 0xb4, 0xf7, + 0x39, 0xbe, 0xfd, 0x1d, 0x4b, 0x7d, 0xdc, 0x23, 0xa8, 0x6f, 0x73, 0x23, 0x59, 0xdf, 0xe6, 0x5c, + 0x2e, 0xc3, 0xdc, 0xa3, 0xb0, 0xcd, 0x15, 0x18, 0x9a, 0x0b, 0x9a, 0x4d, 0xc7, 0xaf, 0xa3, 0x1f, + 0x86, 0xa1, 0x1a, 0xff, 0x29, 0x7c, 0x68, 0xec, 0xa4, 0x5a, 0x40, 0xb1, 0x84, 0xa1, 0x87, 0x60, + 0xc0, 0x09, 0x1b, 0xd2, 0x6f, 0xc6, 0x22, 0xca, 0x66, 0xc2, 0x46, 0x84, 0x59, 0xab, 0xfd, 0x2f, + 0x06, 0x80, 0x05, 0x72, 0x38, 0x21, 0xa9, 0xaf, 0x06, 0xac, 0xcc, 0xec, 0xa1, 0x9e, 0xef, 0xea, + 0x4d, 0xdd, 0xbd, 0x7c, 0xc6, 0x6b, 0x9c, 0xf3, 0x15, 0x8f, 0xfa, 0x9c, 0x2f, 0xfb, 0xe8, 0x76, + 0xe0, 0x1e, 0x3a, 0xba, 0xb5, 0x3f, 0x63, 0x01, 0x52, 0xd1, 0x3f, 0x3a, 0xb6, 0x62, 0x1a, 0x2a, + 0x2a, 0x0e, 0x48, 0x18, 0x80, 0x5a, 0x44, 0x48, 0x00, 0xd6, 0x38, 0x7d, 0xec, 0xe4, 0x1f, 0x95, + 0xf2, 0xbb, 0x98, 0x0c, 0xe6, 0x67, 0x52, 0x5f, 0x88, 0x73, 0xfb, 0x77, 0x0a, 0x70, 0x1f, 0x37, + 0x1d, 0x96, 0x1c, 0xdf, 0x69, 0x90, 0x26, 0xed, 0x55, 0xbf, 0xd1, 0x32, 0x35, 0xba, 0x85, 0x74, + 0x65, 0xe8, 0xfd, 0x41, 0xd7, 0x2e, 0x5f, 0x73, 0x7c, 0x95, 0x2d, 0xf8, 0x6e, 0x8c, 0x19, 0x71, + 0x14, 0x41, 0x59, 0x5e, 0xe6, 0x22, 0x64, 0x71, 0x4e, 0x8c, 0x94, 0x58, 0x12, 0x5a, 0x96, 0x60, + 0xc5, 0x88, 0xaa, 0x52, 0x2f, 0xa8, 0x6d, 0x62, 0xd2, 0x0a, 0xd2, 0xaa, 0x74, 0x51, 0xb4, 0x63, + 0x85, 0x61, 0x37, 0x61, 0x5c, 0x8e, 0x61, 0xeb, 0x32, 0xe9, 0x60, 0xb2, 0x4e, 0xf5, 0x4f, 0x4d, + 0x36, 0x19, 0xf7, 0xcb, 0x28, 0xfd, 0x33, 0x67, 0x02, 0x71, 0x12, 0x57, 0x56, 0x9e, 0x2d, 0x64, + 0x57, 0x9e, 0xb5, 0x7f, 0xc7, 0x82, 0xb4, 0x02, 0x34, 0xea, 0x6c, 0x5a, 0xbb, 0xd6, 0xd9, 0xdc, + 0x47, 0xa5, 0xca, 0xf7, 0xc3, 0xb0, 0x13, 0x53, 0x0b, 0x87, 0x7b, 0x23, 0x8a, 0x77, 0x76, 0x8a, + 0xb6, 0x14, 0xd4, 0xdd, 0x75, 0x97, 0x79, 0x21, 0x4c, 0x72, 0xf6, 0xeb, 0x16, 0x54, 0xe6, 0xc3, + 0xce, 0xfe, 0x73, 0xa0, 0xba, 0x33, 0x9c, 0x0a, 0xfb, 0xca, 0x70, 0x92, 0x39, 0x54, 0xc5, 0x5e, + 0x39, 0x54, 0xf6, 0x5f, 0x0f, 0xc0, 0xf1, 0xae, 0xa4, 0x3e, 0x74, 0x16, 0x46, 0xd4, 0x57, 0x92, + 0x2e, 0xc8, 0x8a, 0x19, 0x15, 0xab, 0x61, 0x38, 0x81, 0xd9, 0xc7, 0x52, 0x5d, 0x80, 0x13, 0x21, + 0x79, 0xa5, 0x4d, 0xda, 0x64, 0x66, 0x3d, 0x26, 0x61, 0x95, 0xd4, 0x02, 0xbf, 0xce, 0x0b, 0xd5, + 0x16, 0x67, 0xef, 0xbf, 0xb5, 0x33, 0x79, 0x02, 0x77, 0x83, 0x71, 0xd6, 0x33, 0xa8, 0x05, 0xa3, + 0x9e, 0x69, 0x3b, 0x8b, 0x2d, 0xdb, 0x1d, 0x99, 0xdd, 0x6a, 0xb6, 0x26, 0x9a, 0x71, 0x92, 0x41, + 0xd2, 0x00, 0x2f, 0xdd, 0x25, 0x03, 0xfc, 0xe3, 0xda, 0x00, 0xe7, 0x41, 0x31, 0xef, 0xcb, 0x39, + 0xa9, 0xb3, 0x1f, 0x0b, 0xfc, 0x20, 0x36, 0xf5, 0x0b, 0x50, 0x96, 0x01, 0x83, 0x7d, 0x05, 0xda, + 0x99, 0x74, 0x7a, 0xc8, 0xf6, 0xc7, 0xe0, 0xcd, 0xe7, 0xc2, 0xd0, 0x18, 0xcc, 0x2b, 0x41, 0x3c, + 0xe3, 0x79, 0xc1, 0x4d, 0x6a, 0xae, 0x5c, 0x8d, 0x88, 0xf0, 0x89, 0xd9, 0xb7, 0x0b, 0x90, 0xb1, + 0xbd, 0xa4, 0x6b, 0x52, 0xdb, 0x48, 0x89, 0x35, 0xb9, 0x3f, 0x3b, 0x09, 0x6d, 0xf3, 0xa0, 0x4a, + 0x6e, 0x0d, 0xbc, 0x37, 0xef, 0xed, 0xb1, 0x8e, 0xb3, 0x54, 0x92, 0x52, 0xc5, 0x5a, 0x3e, 0x0d, + 0xa0, 0x4d, 0x5b, 0x91, 0x47, 0xa4, 0x02, 0x25, 0xb4, 0x05, 0x8c, 0x0d, 0x2c, 0xf4, 0x1c, 0x0c, + 0xbb, 0x7e, 0x14, 0x3b, 0x9e, 0x77, 0xd1, 0xf5, 0x63, 0xe1, 0xf6, 0x55, 0x66, 0xcf, 0x82, 0x06, + 0x61, 0x13, 0xef, 0xf4, 0xdb, 0x8c, 0xef, 0xb7, 0x9f, 0xef, 0xbe, 0x01, 0x0f, 0x5c, 0x70, 0x63, + 0x95, 0xfd, 0xa6, 0xe6, 0x1b, 0xb5, 0x5c, 0x95, 0xac, 0xb2, 0x7a, 0xe6, 0x7b, 0x1a, 0xd9, 0x67, + 0x85, 0x64, 0xb2, 0x5c, 0x3a, 0xfb, 0xcc, 0x3e, 0x0b, 0x27, 0x2f, 0xb8, 0xf1, 0x79, 0xd7, 0x23, + 0xfb, 0x64, 0x62, 0xff, 0xf6, 0x20, 0x8c, 0x98, 0x99, 0xde, 0xfb, 0x11, 0xd7, 0xaf, 0x51, 0xe3, + 0x54, 0xbc, 0x9d, 0xab, 0x4e, 0x74, 0xaf, 0x1f, 0x38, 0xed, 0x3c, 0x7b, 0xc4, 0x0c, 0xfb, 0x54, + 0xf3, 0xc4, 0x66, 0x07, 0xd0, 0x4d, 0x28, 0xad, 0xb3, 0xec, 0xa8, 0x62, 0x1e, 0xb1, 0x38, 0x59, + 0x23, 0xaa, 0x97, 0x23, 0xcf, 0xaf, 0xe2, 0xfc, 0xa8, 0x4d, 0x11, 0x26, 0x93, 0x72, 0x8d, 0x98, + 0x75, 0xa1, 0xac, 0x14, 0x46, 0x2f, 0x95, 0x50, 0xba, 0x03, 0x95, 0x90, 0x10, 0xd0, 0x83, 0x77, + 0x49, 0x40, 0xb3, 0x4c, 0xb7, 0x78, 0x83, 0x59, 0xbc, 0x22, 0xc9, 0x66, 0x88, 0x0d, 0x82, 0x91, + 0xe9, 0x96, 0x00, 0xe3, 0x34, 0x3e, 0xfa, 0x88, 0x12, 0xf1, 0xe5, 0x3c, 0x3c, 0xe6, 0xe6, 0x8c, + 0x3e, 0x6c, 0xe9, 0xfe, 0x99, 0x02, 0x8c, 0x5d, 0xf0, 0xdb, 0x2b, 0x17, 0x56, 0xda, 0x6b, 0x9e, + 0x5b, 0xbb, 0x4c, 0x3a, 0x54, 0x84, 0x6f, 0x92, 0xce, 0xc2, 0xbc, 0x58, 0x41, 0x6a, 0xce, 0x5c, + 0xa6, 0x8d, 0x98, 0xc3, 0xa8, 0x30, 0x5a, 0x77, 0xfd, 0x06, 0x09, 0x5b, 0xa1, 0x2b, 0x9c, 0xd9, + 0x86, 0x30, 0x3a, 0xaf, 0x41, 0xd8, 0xc4, 0xa3, 0xb4, 0x83, 0x9b, 0x3e, 0x09, 0xd3, 0xa6, 0xff, + 0x32, 0x6d, 0xc4, 0x1c, 0x46, 0x91, 0xe2, 0xb0, 0x2d, 0x7c, 0x45, 0x06, 0xd2, 0x2a, 0x6d, 0xc4, + 0x1c, 0x46, 0x57, 0x7a, 0xd4, 0x5e, 0x63, 0xa1, 0x4e, 0xa9, 0x8c, 0x9e, 0x2a, 0x6f, 0xc6, 0x12, + 0x4e, 0x51, 0x37, 0x49, 0x67, 0xde, 0x89, 0x9d, 0x74, 0xda, 0xe3, 0x65, 0xde, 0x8c, 0x25, 0x9c, + 0x95, 0xd2, 0x4d, 0x0e, 0xc7, 0xf7, 0x5d, 0x29, 0xdd, 0x64, 0xf7, 0x7b, 0x78, 0x1c, 0xfe, 0x5e, + 0x01, 0x46, 0xcc, 0x00, 0x45, 0xd4, 0x48, 0x99, 0xe9, 0xcb, 0x5d, 0x95, 0xd8, 0xdf, 0x99, 0x75, + 0x4b, 0x69, 0xc3, 0x8d, 0x83, 0x56, 0xf4, 0x24, 0xf1, 0x1b, 0xae, 0x4f, 0x58, 0xac, 0x06, 0x0f, + 0x6c, 0x4c, 0x44, 0x3f, 0xce, 0x05, 0x75, 0x72, 0x27, 0x76, 0xfe, 0xdd, 0xb8, 0xc9, 0xe5, 0x3a, + 0x1c, 0xef, 0xca, 0xaf, 0xed, 0xc3, 0xec, 0xd9, 0xb3, 0xfe, 0x81, 0x8d, 0x61, 0x98, 0x12, 0x96, + 0x25, 0xe4, 0xe6, 0xe0, 0x38, 0x5f, 0xbc, 0x94, 0x13, 0x4b, 0x97, 0x54, 0x39, 0xd3, 0xec, 0xb4, + 0xe6, 0x5a, 0x1a, 0x88, 0xbb, 0xf1, 0xed, 0xcf, 0x5a, 0x30, 0x9a, 0x48, 0x79, 0xce, 0xc9, 0x40, + 0x63, 0xab, 0x3b, 0x60, 0x31, 0xba, 0x2c, 0x67, 0xa2, 0xc8, 0x14, 0xb8, 0x5e, 0xdd, 0x1a, 0x84, + 0x4d, 0x3c, 0xfb, 0x0b, 0x05, 0x28, 0xcb, 0x90, 0xa2, 0x3e, 0xba, 0xf2, 0x69, 0x0b, 0x46, 0xd5, + 0x09, 0x19, 0x73, 0x69, 0x16, 0xf2, 0xc8, 0xc0, 0xa2, 0x3d, 0x50, 0x4e, 0x11, 0x7f, 0x3d, 0xd0, + 0xbb, 0x05, 0x6c, 0x32, 0xc3, 0x49, 0xde, 0xe8, 0x1a, 0x40, 0xd4, 0x89, 0x62, 0xd2, 0x34, 0x9c, + 0xab, 0xb6, 0x31, 0xcb, 0xa6, 0x6a, 0x41, 0x48, 0xe8, 0x9c, 0xba, 0x12, 0xd4, 0x49, 0x55, 0x61, + 0x6a, 0xb3, 0x4d, 0xb7, 0x61, 0x83, 0x92, 0xfd, 0x2b, 0x05, 0x38, 0x96, 0xee, 0x12, 0x7a, 0x1f, + 0x8c, 0x48, 0xee, 0xc6, 0x26, 0x5c, 0x06, 0x44, 0x8d, 0x60, 0x03, 0x76, 0x7b, 0x67, 0x72, 0xb2, + 0xfb, 0x96, 0xdd, 0x29, 0x13, 0x05, 0x27, 0x88, 0xf1, 0x63, 0x4a, 0x71, 0x9e, 0x3e, 0xdb, 0x99, + 0x69, 0xb5, 0xc4, 0x59, 0xa3, 0x71, 0x4c, 0x69, 0x42, 0x71, 0x0a, 0x1b, 0xad, 0xc0, 0x49, 0xa3, + 0xe5, 0x0a, 0x71, 0x1b, 0x1b, 0x6b, 0x41, 0x28, 0x77, 0x7d, 0x0f, 0xe9, 0xf0, 0xcb, 0x6e, 0x1c, + 0x9c, 0xf9, 0x24, 0xb5, 0x30, 0x6a, 0x4e, 0xcb, 0xa9, 0xb9, 0x71, 0x47, 0x78, 0x8b, 0x95, 0x3c, + 0x9c, 0x13, 0xed, 0x58, 0x61, 0xd8, 0xbf, 0x3c, 0x00, 0xc7, 0x78, 0xbc, 0x21, 0x51, 0xe1, 0xb4, + 0xe8, 0x7d, 0x50, 0x89, 0x62, 0x27, 0xe4, 0x5b, 0x7e, 0x6b, 0xdf, 0x32, 0x40, 0x27, 0x3c, 0x4b, + 0x22, 0x58, 0xd3, 0x43, 0x2f, 0xb2, 0x6a, 0x51, 0x6e, 0xb4, 0xc1, 0xa8, 0x17, 0xee, 0xcc, 0xa1, + 0x70, 0x5e, 0x51, 0xc0, 0x06, 0x35, 0xf4, 0x0e, 0x28, 0xb5, 0x36, 0x9c, 0x48, 0x7a, 0xbb, 0x1e, + 0x93, 0x0b, 0x6e, 0x85, 0x36, 0xde, 0xde, 0x99, 0x3c, 0x95, 0x7e, 0x55, 0x06, 0xc0, 0xfc, 0x21, + 0x53, 0x5c, 0x0e, 0xec, 0x7d, 0xa3, 0x49, 0x3d, 0xec, 0x54, 0x2f, 0xce, 0xa4, 0xef, 0xc0, 0x98, + 0x67, 0xad, 0x58, 0x40, 0xe9, 0xe2, 0xde, 0xe0, 0x2c, 0xeb, 0x14, 0x79, 0x30, 0xa9, 0xba, 0x2f, + 0x6a, 0x10, 0x36, 0xf1, 0xd0, 0x67, 0xba, 0xa3, 0x51, 0x87, 0x0e, 0x21, 0x55, 0xa1, 0xdf, 0x38, + 0xd4, 0x73, 0x50, 0x11, 0x5d, 0x5d, 0x0d, 0xd0, 0x59, 0x18, 0xe1, 0xce, 0x94, 0xd9, 0xd0, 0xf1, + 0x6b, 0x1b, 0x69, 0x17, 0xc8, 0xaa, 0x01, 0xc3, 0x09, 0x4c, 0x7b, 0x09, 0x06, 0xfa, 0x94, 0x56, + 0x7d, 0xed, 0x6c, 0x5f, 0x80, 0x32, 0x25, 0x27, 0xb7, 0x2f, 0x79, 0x90, 0x0c, 0xa0, 0x2c, 0xef, + 0xc7, 0x43, 0x36, 0x14, 0x5d, 0x47, 0x46, 0x1d, 0xa8, 0x25, 0xb4, 0x10, 0x45, 0x6d, 0x36, 0xed, + 0x28, 0x10, 0x3d, 0x0a, 0x45, 0xb2, 0xdd, 0x4a, 0x87, 0x17, 0x9c, 0xdb, 0x6e, 0xb9, 0x21, 0x89, + 0x28, 0x12, 0xd9, 0x6e, 0xa1, 0xd3, 0x50, 0x70, 0xeb, 0x62, 0x46, 0x82, 0xc0, 0x29, 0x2c, 0xcc, + 0xe3, 0x82, 0x5b, 0xb7, 0xb7, 0xa1, 0xa2, 0x2e, 0xe4, 0x43, 0x9b, 0xd2, 0x36, 0xb1, 0xf2, 0x88, + 0x37, 0x95, 0x74, 0x7b, 0x58, 0x25, 0x6d, 0x00, 0x9d, 0x49, 0x9f, 0x97, 0x2e, 0x3b, 0x03, 0x03, + 0xb5, 0x40, 0xd4, 0x40, 0x29, 0x6b, 0x32, 0xcc, 0x28, 0x61, 0x10, 0xfb, 0x3a, 0x8c, 0x5d, 0xf6, + 0x83, 0x9b, 0xec, 0xde, 0x1c, 0x56, 0x26, 0x96, 0x12, 0x5e, 0xa7, 0x3f, 0xd2, 0x26, 0x30, 0x83, + 0x62, 0x0e, 0x53, 0x05, 0x2c, 0x0b, 0xbd, 0x0a, 0x58, 0xda, 0x1f, 0xb5, 0x60, 0x44, 0xa5, 0xe4, + 0x5e, 0xd8, 0xda, 0xa4, 0x74, 0x1b, 0x61, 0xd0, 0x6e, 0xa5, 0xe9, 0xb2, 0xbb, 0x3f, 0x31, 0x87, + 0x99, 0xb9, 0xea, 0x85, 0x3d, 0x72, 0xd5, 0xcf, 0xc0, 0xc0, 0xa6, 0xeb, 0xd7, 0xd3, 0x2e, 0xc3, + 0xcb, 0xae, 0x5f, 0xc7, 0x0c, 0x42, 0xbb, 0x70, 0x4c, 0x75, 0x41, 0x1a, 0x1f, 0x67, 0x61, 0x64, + 0xad, 0xed, 0x7a, 0x75, 0x59, 0xff, 0x36, 0xb5, 0x5c, 0x66, 0x0d, 0x18, 0x4e, 0x60, 0xa2, 0xa7, + 0x01, 0xd6, 0x5c, 0xdf, 0x09, 0x3b, 0x2b, 0xda, 0xda, 0x51, 0x0a, 0x70, 0x56, 0x41, 0xb0, 0x81, + 0x65, 0x7f, 0xae, 0x08, 0x63, 0xc9, 0xc4, 0xe4, 0x3e, 0xdc, 0x07, 0x8f, 0x42, 0x89, 0xe5, 0x2a, + 0xa7, 0x3f, 0x2d, 0x2f, 0x19, 0xcb, 0x61, 0x28, 0x82, 0x41, 0xbe, 0x98, 0xf3, 0xb9, 0x3f, 0x51, + 0x75, 0x52, 0xf9, 0x19, 0x59, 0x54, 0xae, 0x70, 0xdb, 0x0a, 0x56, 0xe8, 0x13, 0x16, 0x0c, 0x05, + 0x2d, 0xb3, 0xf0, 0xe1, 0x7b, 0xf3, 0x4c, 0xda, 0x16, 0x99, 0x9c, 0x62, 0xc7, 0xa7, 0x3e, 0xbd, + 0xfc, 0x1c, 0x92, 0xf5, 0xe9, 0xb7, 0xc3, 0x88, 0x89, 0xb9, 0xd7, 0xa6, 0xaf, 0x6c, 0x6e, 0xfa, + 0x3e, 0x6d, 0x4e, 0x0a, 0x91, 0x96, 0xde, 0xc7, 0x72, 0xbb, 0x0a, 0xa5, 0x9a, 0x0a, 0x5d, 0xba, + 0xa3, 0xaa, 0xe9, 0xaa, 0x6c, 0x13, 0x3b, 0x16, 0xe6, 0xd4, 0xec, 0xef, 0x58, 0xc6, 0xfc, 0xc0, + 0x24, 0x5a, 0xa8, 0xa3, 0x10, 0x8a, 0x8d, 0xad, 0x4d, 0xa1, 0xe6, 0x2f, 0xe5, 0x34, 0xbc, 0x17, + 0xb6, 0x36, 0xf5, 0x1c, 0x37, 0x5b, 0x31, 0x65, 0xd6, 0x87, 0x33, 0x3c, 0x51, 0xbd, 0xa0, 0xb8, + 0x77, 0xf5, 0x02, 0xfb, 0xf5, 0x02, 0x1c, 0xef, 0x9a, 0x54, 0xe8, 0x55, 0x28, 0x85, 0xf4, 0x2d, + 0xc5, 0xeb, 0x2d, 0xe6, 0x56, 0x6f, 0x20, 0x5a, 0xa8, 0x6b, 0xf5, 0x99, 0x6c, 0xc7, 0x9c, 0x25, + 0xba, 0x04, 0x48, 0x07, 0xd8, 0x29, 0x4f, 0x3c, 0x7f, 0x65, 0x15, 0x85, 0x33, 0xd3, 0x85, 0x81, + 0x33, 0x9e, 0x42, 0xcf, 0xa7, 0x1d, 0xfa, 0xc5, 0xe4, 0x49, 0xd2, 0x6e, 0xbe, 0x79, 0xfb, 0x37, + 0x0b, 0x30, 0x9a, 0xa8, 0x43, 0x89, 0x3c, 0x28, 0x13, 0x8f, 0x1d, 0xf3, 0x49, 0x65, 0x73, 0xd0, + 0x5b, 0x25, 0x94, 0x82, 0x3c, 0x27, 0xe8, 0x62, 0xc5, 0xe1, 0xde, 0x08, 0xce, 0x39, 0x0b, 0x23, + 0xb2, 0x43, 0xef, 0x75, 0x9a, 0x9e, 0x18, 0x40, 0x35, 0x47, 0xcf, 0x19, 0x30, 0x9c, 0xc0, 0xb4, + 0x7f, 0xb7, 0x08, 0x13, 0xfc, 0x5c, 0xb4, 0xae, 0x66, 0xde, 0x92, 0xf4, 0x27, 0xfc, 0x9c, 0xae, + 0x16, 0x6b, 0xe5, 0x71, 0x75, 0x72, 0x2f, 0x46, 0x7d, 0xc5, 0x94, 0x7e, 0x39, 0x15, 0x53, 0xca, + 0xb7, 0x78, 0x8d, 0x43, 0xea, 0xd1, 0xf7, 0x57, 0x90, 0xe9, 0x3f, 0x29, 0xc0, 0x78, 0xea, 0x86, + 0x2c, 0xf4, 0xb9, 0xe4, 0xa5, 0x0a, 0x56, 0x1e, 0x67, 0x46, 0xbb, 0x5e, 0x9a, 0xb4, 0xbf, 0xab, + 0x15, 0xee, 0xd2, 0x52, 0xb1, 0xbf, 0x5d, 0x80, 0xb1, 0xe4, 0xd5, 0x5e, 0xf7, 0xe0, 0x48, 0xbd, + 0x15, 0x2a, 0xec, 0xf6, 0x1a, 0x76, 0x23, 0x3d, 0x3f, 0x72, 0xe2, 0x17, 0x85, 0xc8, 0x46, 0xac, + 0xe1, 0xf7, 0xc4, 0x8d, 0x15, 0xf6, 0x3f, 0xb3, 0xe0, 0x14, 0x7f, 0xcb, 0xf4, 0x3c, 0xfc, 0x3b, + 0x59, 0xa3, 0xfb, 0x52, 0xbe, 0x1d, 0x4c, 0x55, 0x39, 0xde, 0x6b, 0x7c, 0xd9, 0x05, 0xd2, 0xa2, + 0xb7, 0xc9, 0xa9, 0x70, 0x0f, 0x76, 0x76, 0x5f, 0x93, 0xc1, 0xfe, 0x76, 0x11, 0xf4, 0x9d, 0xd9, + 0xc8, 0x15, 0x59, 0xef, 0xb9, 0x54, 0x7b, 0xae, 0x76, 0xfc, 0x9a, 0xbe, 0x9d, 0xbb, 0x9c, 0x4a, + 0x7a, 0xff, 0x19, 0x0b, 0x86, 0x5d, 0xdf, 0x8d, 0x5d, 0x87, 0xb9, 0x6c, 0xf2, 0xb9, 0xf8, 0x56, + 0xb1, 0x5b, 0xe0, 0x94, 0x83, 0xd0, 0x3c, 0xa7, 0x54, 0xcc, 0xb0, 0xc9, 0x19, 0x7d, 0x50, 0xa4, + 0x7d, 0x14, 0x73, 0x2b, 0x1d, 0x51, 0x4e, 0xe5, 0x7a, 0xb4, 0xa8, 0xe1, 0x15, 0x87, 0x39, 0x55, + 0x5c, 0xc1, 0x94, 0x94, 0xba, 0x38, 0x40, 0x99, 0xb6, 0xac, 0x19, 0x73, 0x46, 0x76, 0x04, 0xa8, + 0x7b, 0x2c, 0xf6, 0x19, 0x52, 0x3f, 0x0d, 0x15, 0xa7, 0x1d, 0x07, 0x4d, 0x3a, 0x4c, 0xe2, 0x28, + 0x55, 0x27, 0x0d, 0x48, 0x00, 0xd6, 0x38, 0xf6, 0xe7, 0x4a, 0x90, 0x4a, 0x43, 0x47, 0xdb, 0xe6, + 0x7d, 0xef, 0x56, 0xbe, 0xf7, 0xbd, 0xab, 0xce, 0x64, 0xdd, 0xf9, 0x8e, 0x1a, 0xd2, 0xfb, 0xc5, + 0x6d, 0xcc, 0x17, 0xd2, 0xde, 0xaf, 0x1f, 0xef, 0xef, 0x54, 0x81, 0xce, 0xd5, 0x69, 0x5e, 0xc5, + 0x6b, 0x6a, 0x4f, 0x47, 0xd9, 0x5e, 0x57, 0xff, 0x7e, 0x4c, 0x5c, 0xd3, 0x83, 0x49, 0xd4, 0xf6, + 0x62, 0x31, 0x1b, 0x5e, 0xc8, 0x71, 0x95, 0x71, 0xc2, 0xba, 0x96, 0x0b, 0xff, 0x8f, 0x0d, 0xa6, + 0x49, 0x77, 0xe6, 0xe0, 0xa1, 0xba, 0x33, 0x87, 0x72, 0x75, 0x67, 0x3e, 0x0d, 0xc0, 0xe6, 0x36, + 0x0f, 0xfd, 0x2d, 0x33, 0x2f, 0x93, 0x12, 0x85, 0x58, 0x41, 0xb0, 0x81, 0x65, 0xff, 0x28, 0x24, + 0x8b, 0x11, 0xa1, 0x49, 0x59, 0xfb, 0x88, 0x9f, 0x78, 0xb0, 0xac, 0xab, 0x44, 0x99, 0xa2, 0x5f, + 0xb7, 0xc0, 0xac, 0x98, 0x84, 0x5e, 0xe1, 0xa5, 0x99, 0xac, 0x3c, 0x4e, 0xc6, 0x0d, 0xba, 0x53, + 0x4b, 0x4e, 0x2b, 0x15, 0xa2, 0x21, 0xeb, 0x33, 0x9d, 0x7e, 0x1b, 0x94, 0x25, 0x74, 0x5f, 0x46, + 0xdd, 0x47, 0xe0, 0x84, 0xcc, 0xe0, 0x96, 0x3e, 0x7a, 0x71, 0xaa, 0xba, 0xb7, 0xeb, 0x47, 0xfa, + 0x73, 0x0a, 0xbd, 0xfc, 0x39, 0x7d, 0xdc, 0xfa, 0xff, 0x1b, 0x16, 0x9c, 0x49, 0x77, 0x20, 0x5a, + 0x0a, 0x7c, 0x37, 0x0e, 0xc2, 0x2a, 0x89, 0x63, 0xd7, 0x6f, 0xb0, 0x8a, 0x94, 0x37, 0x9d, 0x50, + 0xde, 0x4a, 0xc2, 0x04, 0xe5, 0x75, 0x27, 0xf4, 0x31, 0x6b, 0x45, 0x1d, 0x18, 0xe4, 0xf1, 0xa1, + 0xc2, 0x5a, 0x3f, 0xe0, 0xda, 0xc8, 0x18, 0x0e, 0xbd, 0x5d, 0xe0, 0xb1, 0xa9, 0x58, 0x30, 0xb4, + 0xbf, 0x6b, 0x01, 0x5a, 0xde, 0x22, 0x61, 0xe8, 0xd6, 0x8d, 0x88, 0x56, 0x76, 0xdd, 0x9d, 0x71, + 0xad, 0x9d, 0x59, 0x5f, 0x20, 0x75, 0xdd, 0x9d, 0xf1, 0x2f, 0xfb, 0xba, 0xbb, 0xc2, 0xfe, 0xae, + 0xbb, 0x43, 0xcb, 0x70, 0xaa, 0xc9, 0xb7, 0x1b, 0xfc, 0x0a, 0x29, 0xbe, 0xf7, 0x50, 0xa9, 0xb0, + 0x0f, 0xdc, 0xda, 0x99, 0x3c, 0xb5, 0x94, 0x85, 0x80, 0xb3, 0x9f, 0xb3, 0xdf, 0x06, 0x88, 0x07, + 0xb2, 0xce, 0x65, 0xc5, 0xe2, 0xf5, 0x74, 0xbf, 0xd8, 0x5f, 0x2a, 0xc1, 0x78, 0xaa, 0x66, 0x3d, + 0xdd, 0xea, 0x75, 0x07, 0xff, 0x1d, 0x58, 0x7f, 0x77, 0x77, 0xaf, 0xaf, 0x70, 0x42, 0x1f, 0x4a, + 0xae, 0xdf, 0x6a, 0xc7, 0xf9, 0x64, 0xe2, 0xf3, 0x4e, 0x2c, 0x50, 0x82, 0x86, 0xbb, 0x98, 0xfe, + 0xc5, 0x9c, 0x4d, 0x9e, 0xc1, 0x89, 0x09, 0x63, 0x7c, 0xe0, 0x2e, 0xb9, 0x03, 0x3e, 0xa6, 0x43, + 0x05, 0x4b, 0x79, 0x38, 0x16, 0x53, 0x93, 0xe5, 0xb0, 0x43, 0x49, 0xbe, 0x51, 0x80, 0x61, 0xe3, + 0xa3, 0xa1, 0x5f, 0x4a, 0xd6, 0x13, 0xb4, 0xf2, 0x7b, 0x25, 0x46, 0x7f, 0x4a, 0x57, 0x0c, 0xe4, + 0xaf, 0xf4, 0x58, 0x77, 0x29, 0xc1, 0xdb, 0x3b, 0x93, 0xc7, 0x52, 0xc5, 0x02, 0x13, 0xe5, 0x05, + 0x4f, 0x7f, 0x18, 0xc6, 0x53, 0x64, 0x32, 0x5e, 0x79, 0xd5, 0x7c, 0xe5, 0x03, 0xbb, 0xa5, 0xcc, + 0x21, 0xfb, 0x3a, 0x1d, 0x32, 0x91, 0x00, 0x1c, 0x78, 0xa4, 0x0f, 0x1f, 0x6c, 0x2a, 0xcf, 0xbf, + 0xd0, 0x67, 0x9e, 0xff, 0xe3, 0x50, 0x6e, 0x05, 0x9e, 0x5b, 0x73, 0x55, 0x79, 0x5f, 0x56, 0x59, + 0x60, 0x45, 0xb4, 0x61, 0x05, 0x45, 0x37, 0xa1, 0x72, 0xe3, 0x66, 0xcc, 0x4f, 0x7f, 0x84, 0x7f, + 0x3b, 0xaf, 0x43, 0x1f, 0x65, 0xb4, 0xa8, 0xe3, 0x25, 0xac, 0x79, 0x21, 0x1b, 0x06, 0x99, 0x12, + 0x94, 0xc9, 0x40, 0xcc, 0xf7, 0xce, 0xb4, 0x63, 0x84, 0x05, 0xc4, 0xfe, 0x6a, 0x05, 0x4e, 0x66, + 0x5d, 0x1c, 0x82, 0x3e, 0x04, 0x83, 0xbc, 0x8f, 0xf9, 0xdc, 0x4d, 0x95, 0xc5, 0xe3, 0x02, 0x23, + 0x28, 0xba, 0xc5, 0x7e, 0x63, 0xc1, 0x53, 0x70, 0xf7, 0x9c, 0x35, 0x31, 0x43, 0x0e, 0x87, 0xfb, + 0xa2, 0xa3, 0xb9, 0x2f, 0x3a, 0x9c, 0xbb, 0xe7, 0xac, 0xa1, 0x6d, 0x28, 0x35, 0xdc, 0x98, 0x38, + 0xc2, 0x89, 0x70, 0xfd, 0x50, 0x98, 0x13, 0x87, 0x5b, 0x69, 0xec, 0x27, 0xe6, 0x0c, 0xd1, 0x57, + 0x2c, 0x18, 0x5f, 0x4b, 0x16, 0x18, 0x11, 0xc2, 0xd3, 0x39, 0x84, 0xcb, 0x61, 0x92, 0x8c, 0xf8, + 0x7d, 0x8f, 0xa9, 0x46, 0x9c, 0xee, 0x0e, 0xfa, 0xb8, 0x05, 0x43, 0xeb, 0xae, 0x67, 0x54, 0xdf, + 0x3f, 0x84, 0x8f, 0x73, 0x9e, 0x31, 0xd0, 0x3b, 0x0e, 0xfe, 0x3f, 0xc2, 0x92, 0x73, 0x2f, 0x4d, + 0x35, 0x78, 0x50, 0x4d, 0x35, 0x74, 0x97, 0x34, 0xd5, 0xa7, 0x2c, 0xa8, 0xa8, 0x91, 0x16, 0x85, + 0x1a, 0xde, 0x77, 0x88, 0x9f, 0x9c, 0x7b, 0x4e, 0xd4, 0x5f, 0xac, 0x99, 0xa3, 0xcf, 0x5b, 0x30, + 0xec, 0xbc, 0xda, 0x0e, 0x49, 0x9d, 0x6c, 0x05, 0xad, 0x48, 0x94, 0x4f, 0x7c, 0x29, 0xff, 0xce, + 0xcc, 0x50, 0x26, 0xf3, 0x64, 0x6b, 0xb9, 0x15, 0x89, 0x44, 0x45, 0xdd, 0x80, 0xcd, 0x2e, 0xd8, + 0x3b, 0x05, 0x98, 0xdc, 0x83, 0x02, 0x3a, 0x0b, 0x23, 0x41, 0xd8, 0x70, 0x7c, 0xf7, 0x55, 0xb3, + 0x62, 0x90, 0xb2, 0xb2, 0x96, 0x0d, 0x18, 0x4e, 0x60, 0x9a, 0xa5, 0x24, 0x0a, 0x7b, 0x94, 0x92, + 0x38, 0x03, 0x03, 0x21, 0x69, 0x05, 0xe9, 0xcd, 0x02, 0x4b, 0x12, 0x62, 0x10, 0xf4, 0x30, 0x14, + 0x9d, 0x96, 0x2b, 0x42, 0x4b, 0xd4, 0x1e, 0x68, 0x66, 0x65, 0x01, 0xd3, 0xf6, 0x44, 0x65, 0x9b, + 0xd2, 0x91, 0x54, 0xb6, 0xa1, 0x6a, 0x40, 0x9c, 0x5d, 0x0c, 0x6a, 0x35, 0x90, 0x3c, 0x53, 0xb0, + 0x5f, 0x2f, 0xc2, 0xc3, 0xbb, 0xce, 0x17, 0x1d, 0x67, 0x6a, 0xed, 0x12, 0x67, 0x2a, 0x87, 0xa7, + 0xb0, 0xd7, 0xf0, 0x14, 0x7b, 0x0c, 0xcf, 0xc7, 0xe9, 0x32, 0x90, 0x95, 0x96, 0xf2, 0xb9, 0xee, + 0xb7, 0x57, 0xe1, 0x26, 0xb1, 0x02, 0x24, 0x14, 0x6b, 0xbe, 0x74, 0x0f, 0x90, 0x28, 0xa3, 0x50, + 0xca, 0x43, 0x0d, 0xf4, 0xac, 0x76, 0xc4, 0xe7, 0x7e, 0xaf, 0xda, 0x0c, 0xf6, 0x6f, 0x0d, 0xc0, + 0xa3, 0x7d, 0x48, 0x6f, 0x73, 0x16, 0x5b, 0x7d, 0xce, 0xe2, 0xef, 0xf3, 0xcf, 0xf4, 0xc9, 0xcc, + 0xcf, 0x84, 0xf3, 0xff, 0x4c, 0xbb, 0x7f, 0x21, 0xf4, 0x04, 0x94, 0x5d, 0x3f, 0x22, 0xb5, 0x76, + 0xc8, 0x63, 0xee, 0x8d, 0x0c, 0xc2, 0x05, 0xd1, 0x8e, 0x15, 0x06, 0xdd, 0xd3, 0xd5, 0x1c, 0xba, + 0xfc, 0x87, 0x72, 0x4a, 0x9b, 0x37, 0x93, 0x11, 0xb9, 0x49, 0x31, 0x37, 0x43, 0x25, 0x00, 0x67, + 0x63, 0xff, 0x5d, 0x0b, 0x4e, 0xf7, 0x56, 0xb1, 0xe8, 0x29, 0x18, 0x5e, 0x63, 0x81, 0x5b, 0xec, + 0xa2, 0x77, 0x39, 0x75, 0xd8, 0xfb, 0xea, 0x66, 0x6c, 0xe2, 0xa0, 0x39, 0x38, 0x6e, 0x46, 0x7c, + 0x2d, 0x19, 0x51, 0x25, 0xcc, 0x09, 0xb0, 0x9a, 0x06, 0xe2, 0x6e, 0x7c, 0xfb, 0x7b, 0xc5, 0xec, + 0x6e, 0x71, 0x53, 0x6c, 0x3f, 0xb3, 0x59, 0xcc, 0xd5, 0x42, 0x1f, 0x12, 0xb7, 0x78, 0xd4, 0x12, + 0x77, 0xa0, 0x97, 0xc4, 0x45, 0xf3, 0x70, 0xcc, 0xb8, 0x89, 0x8f, 0x17, 0x52, 0xe0, 0x51, 0x86, + 0xaa, 0x0a, 0xd2, 0x4a, 0x0a, 0x8e, 0xbb, 0x9e, 0xb8, 0xc7, 0xa7, 0xde, 0x2f, 0x17, 0xe0, 0x81, + 0x9e, 0xd6, 0xef, 0x11, 0x69, 0x14, 0xf3, 0xf3, 0x0f, 0x1c, 0xcd, 0xe7, 0x37, 0x3f, 0x4a, 0x69, + 0xaf, 0x8f, 0x62, 0xff, 0x51, 0xa1, 0xe7, 0x42, 0xa0, 0x3b, 0xa1, 0x1f, 0xd8, 0x51, 0x7a, 0x1e, + 0x46, 0x9d, 0x56, 0x8b, 0xe3, 0xb1, 0x88, 0xed, 0x54, 0xd5, 0xb5, 0x19, 0x13, 0x88, 0x93, 0xb8, + 0x7d, 0xd9, 0x34, 0x7f, 0x6a, 0x41, 0x05, 0x93, 0x75, 0x2e, 0x8d, 0xd0, 0x0d, 0x31, 0x44, 0x56, + 0x1e, 0x75, 0xaf, 0xe9, 0xc0, 0x46, 0x2e, 0xab, 0x07, 0x9d, 0x35, 0xd8, 0x07, 0xcd, 0x5b, 0x56, + 0x77, 0xf3, 0x15, 0x7b, 0xdf, 0xcd, 0x67, 0xff, 0x5a, 0x99, 0xbe, 0x5e, 0x2b, 0x98, 0x0b, 0x49, + 0x3d, 0xa2, 0xdf, 0xb7, 0x1d, 0x7a, 0x62, 0x92, 0xa8, 0xef, 0x7b, 0x15, 0x2f, 0x62, 0xda, 0x9e, + 0x38, 0x20, 0x2b, 0xec, 0xab, 0xe6, 0x54, 0x71, 0xcf, 0x9a, 0x53, 0xcf, 0xc3, 0x68, 0x14, 0x6d, + 0xac, 0x84, 0xee, 0x96, 0x13, 0x93, 0xcb, 0xa4, 0x23, 0x6c, 0x5f, 0x5d, 0x7f, 0xa5, 0x7a, 0x51, + 0x03, 0x71, 0x12, 0x17, 0x5d, 0x80, 0xe3, 0xba, 0xf2, 0x13, 0x09, 0x63, 0x96, 0x53, 0xc4, 0x67, + 0x82, 0x2a, 0xb6, 0xa0, 0x6b, 0x45, 0x09, 0x04, 0xdc, 0xfd, 0x0c, 0x95, 0xa7, 0x89, 0x46, 0xda, + 0x91, 0xc1, 0xa4, 0x3c, 0x4d, 0xd0, 0xa1, 0x7d, 0xe9, 0x7a, 0x02, 0x2d, 0xc1, 0x09, 0x3e, 0x31, + 0x66, 0x5a, 0x2d, 0xe3, 0x8d, 0x86, 0x92, 0xf5, 0x86, 0x2f, 0x74, 0xa3, 0xe0, 0xac, 0xe7, 0xd0, + 0x73, 0x30, 0xac, 0x9a, 0x17, 0xe6, 0xc5, 0xd9, 0x8e, 0xf2, 0x2d, 0x29, 0x32, 0x0b, 0x75, 0x6c, + 0xe2, 0xa1, 0xf7, 0xc2, 0xfd, 0xfa, 0x2f, 0x4f, 0x3c, 0xe5, 0x07, 0x9e, 0xf3, 0xa2, 0xa8, 0x9e, + 0xba, 0xe7, 0xed, 0x42, 0x26, 0x5a, 0x1d, 0xf7, 0x7a, 0x1e, 0xad, 0xc1, 0x69, 0x05, 0x3a, 0xe7, + 0xc7, 0x2c, 0x8b, 0x2c, 0x22, 0xb3, 0x4e, 0x44, 0xae, 0x86, 0x1e, 0x2b, 0xc3, 0x57, 0xd1, 0x97, + 0x85, 0x5f, 0x70, 0xe3, 0x8b, 0x59, 0x98, 0x78, 0x11, 0xef, 0x42, 0x05, 0x4d, 0x43, 0x85, 0xf8, + 0xce, 0x9a, 0x47, 0x96, 0xe7, 0x16, 0x58, 0x71, 0x3e, 0xe3, 0x7c, 0xf5, 0x9c, 0x04, 0x60, 0x8d, + 0xa3, 0xe2, 0x7e, 0x47, 0x7a, 0x5e, 0x5c, 0xbf, 0x02, 0x27, 0x1b, 0xb5, 0x16, 0xb5, 0x08, 0xdd, + 0x1a, 0x99, 0xa9, 0xb1, 0x30, 0x47, 0xfa, 0x61, 0x78, 0x21, 0x68, 0x95, 0x40, 0x71, 0x61, 0x6e, + 0xa5, 0x0b, 0x07, 0x67, 0x3e, 0xc9, 0xc2, 0x61, 0xc3, 0x60, 0xbb, 0x33, 0x71, 0x22, 0x15, 0x0e, + 0x4b, 0x1b, 0x31, 0x87, 0xa1, 0x4b, 0x80, 0x58, 0x36, 0xce, 0xc5, 0x38, 0x6e, 0x29, 0x13, 0x74, + 0xe2, 0x64, 0xb2, 0xc4, 0xd6, 0xf9, 0x2e, 0x0c, 0x9c, 0xf1, 0x14, 0xb5, 0x68, 0xfc, 0x80, 0x51, + 0x9f, 0xb8, 0x3f, 0x69, 0xd1, 0x5c, 0xe1, 0xcd, 0x58, 0xc2, 0xd1, 0xfb, 0x61, 0xa2, 0x1d, 0x11, + 0xb6, 0xb9, 0xbd, 0x1e, 0x84, 0x9b, 0x5e, 0xe0, 0xd4, 0x17, 0xd8, 0x25, 0x80, 0x71, 0x67, 0x62, + 0x82, 0x31, 0x3f, 0x23, 0x9e, 0x9d, 0xb8, 0xda, 0x03, 0x0f, 0xf7, 0xa4, 0x60, 0xff, 0x89, 0x05, + 0xa3, 0x4a, 0x70, 0x1c, 0x41, 0x32, 0x9e, 0x97, 0x4c, 0xc6, 0xbb, 0x70, 0x70, 0xd1, 0xcb, 0x7a, + 0xde, 0x23, 0xe2, 0xfd, 0xb5, 0x11, 0x00, 0x2d, 0x9e, 0x95, 0x66, 0xb4, 0x7a, 0x6a, 0xc6, 0x7b, + 0x56, 0x34, 0x66, 0x95, 0xda, 0x2a, 0xdd, 0xdd, 0x52, 0x5b, 0x55, 0x38, 0x25, 0xed, 0x16, 0x7e, + 0x94, 0x78, 0x31, 0x88, 0x94, 0xa4, 0x2d, 0xcf, 0x3e, 0x2c, 0x08, 0x9d, 0x5a, 0xc8, 0x42, 0xc2, + 0xd9, 0xcf, 0x26, 0xcc, 0xa5, 0xa1, 0x3d, 0x6d, 0x58, 0x25, 0x5c, 0x16, 0xd7, 0xe5, 0xdd, 0x69, + 0x29, 0xe1, 0xb2, 0x78, 0xbe, 0x8a, 0x35, 0x4e, 0xb6, 0x86, 0xa9, 0xe4, 0xa4, 0x61, 0x60, 0xdf, + 0x1a, 0x46, 0xca, 0xba, 0xe1, 0x9e, 0xb2, 0x4e, 0x1e, 0x59, 0x8c, 0xf4, 0x3c, 0xb2, 0x78, 0x17, + 0x8c, 0xb9, 0xfe, 0x06, 0x09, 0xdd, 0x98, 0xd4, 0xd9, 0x5a, 0x60, 0x72, 0xb0, 0xac, 0xed, 0x8b, + 0x85, 0x04, 0x14, 0xa7, 0xb0, 0x93, 0x02, 0x7a, 0xac, 0x0f, 0x01, 0xdd, 0x43, 0x2d, 0x8e, 0xe7, + 0xa3, 0x16, 0x8f, 0x1d, 0x5c, 0x2d, 0x1e, 0x3f, 0x54, 0xb5, 0x88, 0x72, 0x51, 0x8b, 0x7d, 0x69, + 0x1c, 0x63, 0xdf, 0x7b, 0x72, 0x8f, 0x7d, 0x6f, 0x2f, 0x9d, 0x78, 0xea, 0x8e, 0x75, 0x62, 0xb6, + 0xba, 0xbb, 0xef, 0xfb, 0x5b, 0xdd, 0x7d, 0xaa, 0x00, 0xa7, 0xb4, 0x42, 0xa0, 0xcb, 0xd0, 0x5d, + 0xa7, 0x22, 0x91, 0xdd, 0x03, 0xca, 0xcf, 0x17, 0x8d, 0x84, 0x51, 0x9d, 0x7b, 0xaa, 0x20, 0xd8, + 0xc0, 0x62, 0x79, 0x97, 0x24, 0x64, 0x45, 0xf3, 0xd3, 0xda, 0x62, 0x4e, 0xb4, 0x63, 0x85, 0x41, + 0x27, 0x3a, 0xfd, 0x2d, 0xf2, 0xe7, 0xd3, 0xe5, 0x58, 0xe7, 0x34, 0x08, 0x9b, 0x78, 0xe8, 0x71, + 0xce, 0x84, 0x49, 0x2a, 0xaa, 0x31, 0x46, 0xf8, 0x26, 0x4a, 0x09, 0x27, 0x05, 0x95, 0xdd, 0x61, + 0x09, 0xb6, 0xa5, 0xee, 0xee, 0xb0, 0x50, 0x3d, 0x85, 0x61, 0xff, 0x4f, 0x0b, 0x1e, 0xc8, 0x1c, + 0x8a, 0x23, 0xb0, 0x02, 0xb6, 0x93, 0x56, 0x40, 0x35, 0xaf, 0x0d, 0x98, 0xf1, 0x16, 0x3d, 0x2c, + 0x82, 0xff, 0x64, 0xc1, 0x98, 0xc6, 0x3f, 0x82, 0x57, 0x75, 0x93, 0xaf, 0x9a, 0xdf, 0x5e, 0xb3, + 0xd2, 0xf5, 0x6e, 0xbf, 0x5b, 0x00, 0x55, 0x22, 0x79, 0xa6, 0x26, 0x0b, 0xd0, 0xef, 0x71, 0xe2, + 0xdd, 0x81, 0x41, 0x76, 0x60, 0x1f, 0xe5, 0x13, 0x8c, 0x94, 0xe4, 0xcf, 0x0e, 0xff, 0x75, 0x30, + 0x04, 0xfb, 0x1b, 0x61, 0xc1, 0x90, 0x5d, 0xe9, 0xc0, 0xab, 0xcf, 0xd6, 0x45, 0xfa, 0xa0, 0xbe, + 0xd2, 0x41, 0xb4, 0x63, 0x85, 0x41, 0xf5, 0x94, 0x5b, 0x0b, 0xfc, 0x39, 0xcf, 0x89, 0xe4, 0xd5, + 0xe0, 0x4a, 0x4f, 0x2d, 0x48, 0x00, 0xd6, 0x38, 0xec, 0x2c, 0xdf, 0x8d, 0x5a, 0x9e, 0xd3, 0x31, + 0x3c, 0x0a, 0x46, 0x9d, 0x18, 0x05, 0xc2, 0x26, 0x9e, 0xdd, 0x84, 0x89, 0xe4, 0x4b, 0xcc, 0x93, + 0x75, 0x16, 0x48, 0xdb, 0xd7, 0x70, 0x4e, 0x43, 0xc5, 0x61, 0x4f, 0x2d, 0xb6, 0x1d, 0x21, 0x13, + 0x74, 0x38, 0xa9, 0x04, 0x60, 0x8d, 0x63, 0xff, 0x53, 0x0b, 0x4e, 0x64, 0x0c, 0x5a, 0x8e, 0xe9, + 0x99, 0xb1, 0x96, 0x36, 0x59, 0x16, 0xc6, 0x8f, 0xc0, 0x50, 0x9d, 0xac, 0x3b, 0x32, 0x54, 0xd3, + 0x90, 0xcd, 0xf3, 0xbc, 0x19, 0x4b, 0xb8, 0xfd, 0x9b, 0x05, 0x18, 0x4f, 0xf6, 0x35, 0x62, 0x29, + 0x4f, 0x7c, 0x98, 0xdc, 0xa8, 0x16, 0x6c, 0x91, 0xb0, 0x43, 0xdf, 0xdc, 0x4a, 0xa5, 0x3c, 0x75, + 0x61, 0xe0, 0x8c, 0xa7, 0x58, 0x81, 0xf4, 0xba, 0x1a, 0x6d, 0x39, 0x23, 0xaf, 0xe5, 0x39, 0x23, + 0xf5, 0xc7, 0x34, 0xc3, 0x3a, 0x14, 0x4b, 0x6c, 0xf2, 0xa7, 0x96, 0x0e, 0x8b, 0x21, 0x9f, 0x6d, + 0xbb, 0x5e, 0xec, 0xfa, 0xe2, 0x95, 0xc5, 0x5c, 0x55, 0x96, 0xce, 0x52, 0x37, 0x0a, 0xce, 0x7a, + 0xce, 0xfe, 0xee, 0x00, 0xa8, 0xd2, 0x03, 0x2c, 0xec, 0x2e, 0xa7, 0xa0, 0xc5, 0xfd, 0x26, 0xce, + 0xa9, 0xb9, 0x35, 0xb0, 0x5b, 0x1c, 0x0c, 0x77, 0x43, 0x99, 0xbe, 0x68, 0x35, 0x60, 0xab, 0x1a, + 0x84, 0x4d, 0x3c, 0xda, 0x13, 0xcf, 0xdd, 0x22, 0xfc, 0xa1, 0xc1, 0x64, 0x4f, 0x16, 0x25, 0x00, + 0x6b, 0x1c, 0xda, 0x93, 0xba, 0xbb, 0xbe, 0x2e, 0x7c, 0x2a, 0xaa, 0x27, 0x74, 0x74, 0x30, 0x83, + 0xf0, 0x2b, 0x34, 0x82, 0x4d, 0x61, 0xdd, 0x1b, 0x57, 0x68, 0x04, 0x9b, 0x98, 0x41, 0xe8, 0x57, + 0xf2, 0x83, 0xb0, 0xe9, 0x78, 0xee, 0xab, 0xa4, 0xae, 0xb8, 0x08, 0xab, 0x5e, 0x7d, 0xa5, 0x2b, + 0xdd, 0x28, 0x38, 0xeb, 0x39, 0x3a, 0xa1, 0x5b, 0x21, 0xa9, 0xbb, 0xb5, 0xd8, 0xa4, 0x06, 0xc9, + 0x09, 0xbd, 0xd2, 0x85, 0x81, 0x33, 0x9e, 0x42, 0x33, 0x30, 0x2e, 0x4b, 0x47, 0xc8, 0x62, 0x64, + 0xc3, 0xc9, 0xe2, 0x47, 0x38, 0x09, 0xc6, 0x69, 0x7c, 0x2a, 0x24, 0x9b, 0xa2, 0x94, 0x22, 0xdb, + 0x04, 0x18, 0x42, 0x52, 0x96, 0x58, 0xc4, 0x0a, 0xc3, 0xfe, 0x58, 0x91, 0x2a, 0xf5, 0x1e, 0x15, + 0x4b, 0x8f, 0x2c, 0x48, 0x36, 0x39, 0x23, 0x07, 0xfa, 0x98, 0x91, 0xcf, 0xc2, 0xc8, 0x8d, 0x28, + 0xf0, 0x55, 0x00, 0x6a, 0xa9, 0x67, 0x00, 0xaa, 0x81, 0x95, 0x1d, 0x80, 0x3a, 0x98, 0x57, 0x00, + 0xea, 0xd0, 0x1d, 0x06, 0xa0, 0xfe, 0x7e, 0x09, 0xd4, 0x1d, 0x69, 0x57, 0x48, 0x7c, 0x33, 0x08, + 0x37, 0x5d, 0xbf, 0xc1, 0xca, 0x20, 0x7c, 0xc5, 0x92, 0x95, 0x14, 0x16, 0xcd, 0x04, 0xc2, 0xf5, + 0x9c, 0xee, 0xb9, 0x4a, 0x30, 0x9b, 0x5a, 0x35, 0x18, 0xa5, 0xae, 0x72, 0x37, 0x41, 0x38, 0xd1, + 0x23, 0xf4, 0x61, 0x00, 0xe9, 0x80, 0x5e, 0x97, 0x12, 0x78, 0x21, 0x9f, 0xfe, 0x61, 0xb2, 0xae, + 0x4d, 0xea, 0x55, 0xc5, 0x04, 0x1b, 0x0c, 0xd1, 0xa7, 0x74, 0x72, 0x25, 0xcf, 0x54, 0xf9, 0xe0, + 0xa1, 0x8c, 0x4d, 0x3f, 0xa9, 0x95, 0x18, 0x86, 0x5c, 0xbf, 0x41, 0xe7, 0x89, 0x08, 0xd4, 0x7b, + 0x4b, 0x56, 0xb9, 0x9a, 0xc5, 0xc0, 0xa9, 0xcf, 0x3a, 0x9e, 0xe3, 0xd7, 0x48, 0xb8, 0xc0, 0xd1, + 0xb5, 0x06, 0x15, 0x0d, 0x58, 0x12, 0xea, 0xba, 0xc8, 0xad, 0xd4, 0xcf, 0x45, 0x6e, 0xa7, 0xdf, + 0x0d, 0xc7, 0xbb, 0x3e, 0xe6, 0xbe, 0x32, 0x29, 0xef, 0x3c, 0x09, 0xd3, 0xfe, 0xad, 0x41, 0xad, + 0xb4, 0xae, 0x04, 0x75, 0x7e, 0x2f, 0x58, 0xa8, 0xbf, 0xa8, 0x30, 0x99, 0x73, 0x9c, 0x22, 0x4a, + 0xcd, 0x18, 0x8d, 0xd8, 0x64, 0x49, 0xe7, 0x68, 0xcb, 0x09, 0x89, 0x7f, 0xd8, 0x73, 0x74, 0x45, + 0x31, 0xc1, 0x06, 0x43, 0xb4, 0x91, 0x48, 0xa5, 0x3a, 0x7f, 0xf0, 0x54, 0x2a, 0x56, 0x3c, 0x30, + 0xeb, 0xfa, 0x9c, 0xcf, 0x5b, 0x30, 0xe6, 0x27, 0x66, 0x6e, 0x3e, 0xd1, 0xd3, 0xd9, 0xab, 0x82, + 0x5f, 0xb1, 0x99, 0x6c, 0xc3, 0x29, 0xfe, 0x59, 0x2a, 0xad, 0xb4, 0x4f, 0x95, 0xa6, 0xef, 0x25, + 0x1c, 0xec, 0x75, 0x2f, 0x21, 0xf2, 0xd5, 0x6d, 0xb1, 0x43, 0xb9, 0xdf, 0x16, 0x0b, 0x19, 0x37, + 0xc5, 0x5e, 0x87, 0x4a, 0x2d, 0x24, 0x4e, 0x7c, 0x87, 0x17, 0x87, 0xb2, 0xb8, 0x94, 0x39, 0x49, + 0x00, 0x6b, 0x5a, 0xf6, 0xff, 0x19, 0x80, 0x63, 0x72, 0x44, 0x64, 0xe6, 0x05, 0xd5, 0x8f, 0x9c, + 0xaf, 0xb6, 0x95, 0x95, 0x7e, 0xbc, 0x28, 0x01, 0x58, 0xe3, 0x50, 0x7b, 0xac, 0x1d, 0x91, 0xe5, + 0x16, 0xf1, 0x17, 0xdd, 0xb5, 0x48, 0x1c, 0x24, 0xab, 0x85, 0x72, 0x55, 0x83, 0xb0, 0x89, 0x47, + 0x6d, 0x7b, 0xc7, 0x30, 0x5a, 0x0d, 0xdb, 0x5e, 0x1a, 0xaa, 0x12, 0x8e, 0x7e, 0x21, 0xb3, 0x84, + 0x7a, 0x3e, 0xf9, 0x8a, 0x5d, 0x09, 0x27, 0xfb, 0xbc, 0xf6, 0xfa, 0x1f, 0x59, 0x70, 0x8a, 0xb7, + 0xca, 0x91, 0xbc, 0xda, 0xaa, 0x3b, 0x31, 0x89, 0xf2, 0xb9, 0x7a, 0x25, 0xa3, 0x7f, 0xda, 0x79, + 0x9d, 0xc5, 0x16, 0x67, 0xf7, 0x06, 0x7d, 0xce, 0x82, 0xf1, 0xcd, 0x44, 0xa9, 0x1b, 0xa9, 0x3a, + 0x0e, 0x5a, 0x85, 0x22, 0x41, 0x54, 0x2f, 0xb5, 0x64, 0x7b, 0x84, 0xd3, 0xdc, 0xed, 0xff, 0x61, + 0x81, 0x29, 0x46, 0x8f, 0xbe, 0x42, 0xce, 0xfe, 0x4d, 0x41, 0x69, 0x5d, 0x96, 0x7a, 0x5a, 0x97, + 0x0f, 0x43, 0xb1, 0xed, 0xd6, 0xc5, 0xfe, 0x42, 0x1f, 0x6f, 0x2f, 0xcc, 0x63, 0xda, 0x6e, 0xff, + 0xab, 0x92, 0x76, 0x83, 0x88, 0x74, 0xc0, 0x1f, 0x88, 0xd7, 0x5e, 0x57, 0x35, 0x24, 0xf9, 0x9b, + 0x5f, 0xe9, 0xaa, 0x21, 0xf9, 0x8e, 0xfd, 0x67, 0x7b, 0xf2, 0x01, 0xea, 0x55, 0x42, 0x72, 0x68, + 0x8f, 0x54, 0xcf, 0x1b, 0x50, 0xa6, 0x5b, 0x30, 0xe6, 0xcf, 0x2c, 0x27, 0x3a, 0x55, 0xbe, 0x28, + 0xda, 0x6f, 0xef, 0x4c, 0xbe, 0x7d, 0xff, 0xdd, 0x92, 0x4f, 0x63, 0x45, 0x1f, 0x45, 0x50, 0xa1, + 0xbf, 0x59, 0x56, 0xaa, 0xd8, 0xdc, 0x5d, 0x55, 0x32, 0x53, 0x02, 0x72, 0x49, 0x79, 0xd5, 0x7c, + 0x90, 0x0f, 0x15, 0x8a, 0xc8, 0x99, 0xf2, 0x3d, 0xe0, 0x8a, 0xca, 0x0d, 0x95, 0x80, 0xdb, 0x3b, + 0x93, 0xcf, 0xef, 0x9f, 0xa9, 0x7a, 0x1c, 0x6b, 0x16, 0xf6, 0xff, 0x1d, 0xd0, 0x73, 0x57, 0x94, + 0x0e, 0xfd, 0x81, 0x98, 0xbb, 0x67, 0x53, 0x73, 0xf7, 0x4c, 0xd7, 0xdc, 0x1d, 0xd3, 0xd7, 0xc7, + 0x27, 0x66, 0xe3, 0x51, 0x1b, 0x02, 0x7b, 0xfb, 0x1b, 0x98, 0x05, 0xf4, 0x4a, 0xdb, 0x0d, 0x49, + 0xb4, 0x12, 0xb6, 0x7d, 0xd7, 0x6f, 0xb0, 0xe9, 0x58, 0x36, 0x2d, 0xa0, 0x04, 0x18, 0xa7, 0xf1, + 0xe9, 0xa6, 0x9e, 0x7e, 0xf3, 0xeb, 0xce, 0x16, 0x9f, 0x55, 0x46, 0xb5, 0xb9, 0xaa, 0x68, 0xc7, + 0x0a, 0x03, 0x6d, 0xc0, 0x43, 0x92, 0xc0, 0x3c, 0xf1, 0x88, 0xb8, 0xff, 0x7d, 0xdd, 0x0d, 0x9b, + 0x3c, 0xb8, 0x9d, 0x47, 0x55, 0xbc, 0x59, 0x50, 0x78, 0x08, 0xef, 0x82, 0x8b, 0x77, 0xa5, 0x64, + 0x7f, 0x9d, 0x45, 0x03, 0x18, 0x89, 0xf7, 0x74, 0xf6, 0x79, 0x6e, 0xd3, 0x95, 0x45, 0xf1, 0xd4, + 0xec, 0x5b, 0xa4, 0x8d, 0x98, 0xc3, 0xd0, 0x4d, 0x18, 0x5a, 0xe3, 0xd7, 0xf4, 0xe6, 0x73, 0x25, + 0x88, 0xb8, 0xf3, 0x97, 0x55, 0x96, 0x95, 0x17, 0x00, 0xdf, 0xd6, 0x3f, 0xb1, 0xe4, 0x66, 0x7f, + 0xab, 0x04, 0xe3, 0xa9, 0x3b, 0xf9, 0x13, 0xe5, 0xb6, 0x0b, 0x7b, 0x96, 0xdb, 0xfe, 0x00, 0x40, + 0x9d, 0xb4, 0xbc, 0xa0, 0xc3, 0x0c, 0xbf, 0x81, 0x7d, 0x1b, 0x7e, 0x6a, 0xaf, 0x30, 0xaf, 0xa8, + 0x60, 0x83, 0xa2, 0xa8, 0x04, 0xc8, 0xab, 0x77, 0xa7, 0x2a, 0x01, 0x1a, 0x17, 0x07, 0x0d, 0x1e, + 0xed, 0xc5, 0x41, 0x2e, 0x8c, 0xf3, 0x2e, 0xaa, 0xf4, 0xf6, 0x3b, 0xc8, 0x62, 0x67, 0x09, 0x42, + 0xf3, 0x49, 0x32, 0x38, 0x4d, 0xd7, 0xbc, 0x15, 0xa8, 0x7c, 0xd4, 0xb7, 0x02, 0xbd, 0x15, 0x2a, + 0xf2, 0x3b, 0x47, 0x13, 0x15, 0x5d, 0x22, 0x44, 0x4e, 0x83, 0x08, 0x6b, 0x78, 0x57, 0xa5, 0x0e, + 0xb8, 0x5b, 0x95, 0x3a, 0xec, 0xd7, 0x0a, 0x74, 0xc7, 0xc0, 0xfb, 0xa5, 0x8a, 0x4e, 0x3d, 0x06, + 0x83, 0x4e, 0x3b, 0xde, 0x08, 0xba, 0x2e, 0xfa, 0x9d, 0x61, 0xad, 0x58, 0x40, 0xd1, 0x22, 0x0c, + 0xd4, 0x75, 0x21, 0xa1, 0xfd, 0x7c, 0x4f, 0xed, 0x7c, 0x75, 0x62, 0x82, 0x19, 0x15, 0xf4, 0x10, + 0x0c, 0xc4, 0x4e, 0x43, 0xe6, 0x34, 0xb2, 0x3c, 0xf6, 0x55, 0xa7, 0x11, 0x61, 0xd6, 0xba, 0x9f, + 0xe2, 0xa9, 0xcf, 0xc3, 0x68, 0xe4, 0x36, 0x7c, 0x27, 0x6e, 0x87, 0xc4, 0x38, 0x9f, 0xd4, 0xb1, + 0x2f, 0x26, 0x10, 0x27, 0x71, 0xed, 0xdf, 0x1e, 0x81, 0x93, 0xd5, 0xb9, 0x25, 0x79, 0xfd, 0xc3, + 0xa1, 0xa5, 0x25, 0x66, 0xf1, 0x38, 0xba, 0xb4, 0xc4, 0x1e, 0xdc, 0x3d, 0x23, 0x2d, 0xd1, 0x33, + 0xd2, 0x12, 0x93, 0x39, 0x62, 0xc5, 0x3c, 0x72, 0xc4, 0xb2, 0x7a, 0xd0, 0x4f, 0x8e, 0xd8, 0xa1, + 0xe5, 0x29, 0xee, 0xda, 0xa1, 0x7d, 0xe5, 0x29, 0xaa, 0x24, 0xce, 0x5c, 0xb2, 0x77, 0x7a, 0x7c, + 0xaa, 0xcc, 0x24, 0x4e, 0x95, 0x40, 0xc7, 0x33, 0xd3, 0x84, 0xa8, 0x7f, 0x29, 0xff, 0x0e, 0xf4, + 0x91, 0x40, 0x27, 0x92, 0xe3, 0xcc, 0xa4, 0xcd, 0xa1, 0x3c, 0x92, 0x36, 0xb3, 0xba, 0xb3, 0x67, + 0xd2, 0xe6, 0xf3, 0x30, 0x5a, 0xf3, 0x02, 0x9f, 0xac, 0x84, 0x41, 0x1c, 0xd4, 0x02, 0x79, 0xd5, + 0xa8, 0xbe, 0x29, 0xcb, 0x04, 0xe2, 0x24, 0x6e, 0xaf, 0x8c, 0xcf, 0xca, 0x41, 0x33, 0x3e, 0xe1, + 0x2e, 0x65, 0x7c, 0xfe, 0xb4, 0xae, 0x4d, 0x30, 0xcc, 0xbe, 0xc8, 0x07, 0xf2, 0xff, 0x22, 0x7d, + 0xdd, 0x25, 0xfa, 0x3a, 0xbf, 0x69, 0x97, 0x9a, 0xe0, 0x73, 0x41, 0x93, 0x1a, 0x7e, 0x23, 0x6c, + 0x48, 0x5e, 0x3e, 0x84, 0x09, 0x7b, 0xbd, 0xaa, 0xd9, 0xa8, 0xdb, 0x77, 0x75, 0x13, 0x4e, 0x76, + 0xe4, 0x20, 0xb5, 0x13, 0xbe, 0x54, 0x80, 0x1f, 0xda, 0xb3, 0x0b, 0xe8, 0x26, 0x40, 0xec, 0x34, + 0xc4, 0x44, 0x15, 0x47, 0x33, 0x07, 0x0c, 0x50, 0x5d, 0x95, 0xf4, 0x78, 0xd1, 0x1f, 0xf5, 0x97, + 0x1d, 0x7a, 0xc8, 0xdf, 0x2c, 0x2e, 0x35, 0xf0, 0xba, 0x6a, 0xa3, 0xe2, 0xc0, 0x23, 0x98, 0x41, + 0xa8, 0xfa, 0x0f, 0x49, 0x83, 0x9a, 0xb4, 0xc5, 0xa4, 0xfa, 0xc7, 0xac, 0x15, 0x0b, 0x28, 0x7a, + 0x0e, 0x86, 0x1d, 0xcf, 0xe3, 0xa9, 0x55, 0x24, 0x12, 0x57, 0xd8, 0xe9, 0x22, 0x8d, 0x1a, 0x84, + 0x4d, 0x3c, 0xfb, 0xaf, 0x0a, 0x30, 0xb9, 0x87, 0x4c, 0xe9, 0x4a, 0xa9, 0x2d, 0xf5, 0x9d, 0x52, + 0x2b, 0xd2, 0x4d, 0x06, 0x7b, 0xa4, 0x9b, 0x3c, 0x07, 0xc3, 0x31, 0x71, 0x9a, 0x22, 0xa4, 0x4d, + 0xf8, 0x1c, 0xf4, 0x59, 0xb3, 0x06, 0x61, 0x13, 0x8f, 0x4a, 0xb1, 0x31, 0xa7, 0x56, 0x23, 0x51, + 0x24, 0xf3, 0x49, 0x84, 0xdf, 0x36, 0xb7, 0x64, 0x15, 0xe6, 0x0e, 0x9f, 0x49, 0xb0, 0xc0, 0x29, + 0x96, 0xe9, 0x01, 0xaf, 0xf4, 0x39, 0xe0, 0x5f, 0x2d, 0xc0, 0xc3, 0xbb, 0x6a, 0xb7, 0xbe, 0x53, + 0x7d, 0xda, 0x11, 0x09, 0xd3, 0x13, 0xe7, 0x6a, 0x44, 0x42, 0xcc, 0x20, 0x7c, 0x94, 0x5a, 0x2d, + 0x15, 0x8e, 0x9c, 0x7f, 0xde, 0x1b, 0x1f, 0xa5, 0x04, 0x0b, 0x9c, 0x62, 0x79, 0xa7, 0xd3, 0xf2, + 0x5b, 0x03, 0xf0, 0x68, 0x1f, 0x36, 0x40, 0x8e, 0xf9, 0x81, 0xc9, 0x5c, 0xd6, 0xe2, 0x5d, 0xca, + 0x65, 0xbd, 0xb3, 0xe1, 0x7a, 0x23, 0x05, 0xb6, 0xaf, 0x3c, 0xc4, 0xaf, 0x17, 0xe0, 0x74, 0x6f, + 0x83, 0x05, 0xbd, 0x13, 0xc6, 0x43, 0x15, 0x64, 0x67, 0xa6, 0xc1, 0x9e, 0xe0, 0x9e, 0x9d, 0x04, + 0x08, 0xa7, 0x71, 0xd1, 0x14, 0x40, 0xcb, 0x89, 0x37, 0xa2, 0x73, 0xdb, 0x6e, 0x14, 0x8b, 0x62, + 0x58, 0x63, 0xfc, 0x2c, 0x51, 0xb6, 0x62, 0x03, 0x83, 0xb2, 0x63, 0xff, 0xe6, 0x83, 0x2b, 0x41, + 0xcc, 0x1f, 0xe2, 0x9b, 0xad, 0x13, 0xf2, 0x6a, 0x2c, 0x03, 0x84, 0xd3, 0xb8, 0x94, 0x1d, 0x3b, + 0xad, 0xe6, 0x1d, 0xe5, 0xbb, 0x30, 0xc6, 0x6e, 0x51, 0xb5, 0x62, 0x03, 0x23, 0x9d, 0xe0, 0x5b, + 0xda, 0x3b, 0xc1, 0xd7, 0xfe, 0x97, 0x05, 0x78, 0xa0, 0xa7, 0xc1, 0xdb, 0x9f, 0x98, 0xba, 0xf7, + 0x92, 0x72, 0xef, 0x70, 0x85, 0xed, 0x2f, 0x99, 0xf3, 0x4f, 0x7b, 0xcc, 0x34, 0x91, 0xcc, 0x79, + 0xe7, 0x35, 0x2a, 0xee, 0xbd, 0xf1, 0xec, 0xca, 0xdf, 0x1c, 0xd8, 0x47, 0xfe, 0x66, 0xea, 0x63, + 0x94, 0xfa, 0xd4, 0x0e, 0x7f, 0x3e, 0xd0, 0x73, 0x78, 0xe9, 0x06, 0xb9, 0x2f, 0xbf, 0xf9, 0x3c, + 0x1c, 0x73, 0x7d, 0x76, 0x4d, 0x62, 0xb5, 0xbd, 0x26, 0xea, 0x23, 0xf1, 0x22, 0xa0, 0x2a, 0x8d, + 0x63, 0x21, 0x05, 0xc7, 0x5d, 0x4f, 0xdc, 0x83, 0xf9, 0xb4, 0x77, 0x36, 0xa4, 0xfb, 0x94, 0xdc, + 0xcb, 0x70, 0x4a, 0x0e, 0xc5, 0x86, 0x13, 0x92, 0xba, 0x50, 0xb6, 0x91, 0x48, 0xdc, 0x79, 0x80, + 0x27, 0xff, 0x64, 0x20, 0xe0, 0xec, 0xe7, 0xd8, 0xcd, 0x74, 0x41, 0xcb, 0xad, 0x89, 0xad, 0xa0, + 0xbe, 0x99, 0x8e, 0x36, 0x62, 0x0e, 0xd3, 0xfa, 0xa2, 0x72, 0x34, 0xfa, 0xe2, 0x03, 0x50, 0x51, + 0xe3, 0xcd, 0xb3, 0x04, 0xd4, 0x24, 0xef, 0xca, 0x12, 0x50, 0x33, 0xdc, 0xc0, 0xda, 0xeb, 0x56, + 0xe7, 0x67, 0x60, 0x44, 0x79, 0xbf, 0xfa, 0xbd, 0x1f, 0xd0, 0xfe, 0x7f, 0x05, 0x48, 0xdd, 0xe0, + 0x83, 0xb6, 0xa1, 0x52, 0x97, 0xf7, 0x2a, 0xe7, 0x53, 0x84, 0x56, 0x5d, 0xd3, 0xac, 0x8f, 0x7f, + 0x54, 0x13, 0xd6, 0xcc, 0xd0, 0x87, 0x78, 0xbd, 0x57, 0xc1, 0xba, 0x90, 0x47, 0x4e, 0x75, 0x55, + 0xd1, 0x33, 0x2f, 0x00, 0x93, 0x6d, 0xd8, 0xe0, 0x87, 0x62, 0xa8, 0x6c, 0xc8, 0x9b, 0x8a, 0xf2, + 0x11, 0x77, 0xea, 0xe2, 0x23, 0x6e, 0xa2, 0xa9, 0xbf, 0x58, 0x33, 0xb2, 0xff, 0xa4, 0x00, 0x27, + 0x93, 0x1f, 0x40, 0x1c, 0xd7, 0xfd, 0x8a, 0x05, 0xf7, 0x7b, 0x4e, 0x14, 0x57, 0xdb, 0x6c, 0xa3, + 0xb0, 0xde, 0xf6, 0x96, 0x53, 0xa5, 0x81, 0x0f, 0xea, 0x6c, 0x51, 0x84, 0xd3, 0x37, 0x5b, 0xcd, + 0x3e, 0x78, 0x6b, 0x67, 0xf2, 0xfe, 0xc5, 0x6c, 0xe6, 0xb8, 0x57, 0xaf, 0xd0, 0xe7, 0x2d, 0x38, + 0x56, 0x6b, 0x87, 0x21, 0xf1, 0x63, 0xdd, 0x55, 0xfe, 0x15, 0xaf, 0xe4, 0x32, 0x90, 0xba, 0x83, + 0x27, 0xa9, 0x40, 0x9d, 0x4b, 0xf1, 0xc2, 0x5d, 0xdc, 0xed, 0x9f, 0xa3, 0x9a, 0xb3, 0xe7, 0x7b, + 0xfe, 0x0d, 0xbb, 0x8a, 0xeb, 0x2f, 0x06, 0x61, 0x34, 0x51, 0xff, 0x38, 0x71, 0xc4, 0x65, 0xed, + 0x79, 0xc4, 0xc5, 0x52, 0xcd, 0xda, 0xbe, 0xbc, 0x28, 0xd8, 0x48, 0x35, 0x6b, 0xfb, 0x04, 0x73, + 0x98, 0x18, 0x52, 0xdc, 0xf6, 0x45, 0x74, 0xbb, 0x39, 0xa4, 0xb8, 0xed, 0x63, 0x01, 0x45, 0x1f, + 0xb5, 0x60, 0x84, 0x2d, 0x3e, 0x71, 0x40, 0x28, 0x14, 0xda, 0xa5, 0x1c, 0x96, 0xbb, 0xac, 0xf5, + 0xcd, 0xa2, 0x21, 0xcd, 0x16, 0x9c, 0xe0, 0x88, 0x3e, 0x61, 0x41, 0x45, 0xdd, 0x2d, 0x28, 0x6e, + 0xfd, 0xae, 0xe6, 0x5b, 0x5e, 0x3a, 0x25, 0xf5, 0x54, 0x9d, 0x5f, 0xac, 0x19, 0xa3, 0x48, 0x9d, + 0xde, 0x0d, 0x1d, 0xce, 0xe9, 0x1d, 0x64, 0x9c, 0xdc, 0xbd, 0x15, 0x2a, 0x4d, 0xc7, 0x77, 0xd7, + 0x49, 0x14, 0xf3, 0x03, 0x35, 0x59, 0xf5, 0x5e, 0x36, 0x62, 0x0d, 0xa7, 0xc6, 0x7e, 0xc4, 0x5e, + 0x2c, 0x36, 0x4e, 0xc0, 0x98, 0xb1, 0x5f, 0xd5, 0xcd, 0xd8, 0xc4, 0x31, 0x8f, 0xeb, 0xe0, 0xae, + 0x1e, 0xd7, 0x0d, 0xef, 0x71, 0x5c, 0x57, 0x85, 0x53, 0x4e, 0x3b, 0x0e, 0x2e, 0x12, 0xc7, 0x9b, + 0x89, 0x63, 0xd2, 0x6c, 0xc5, 0x11, 0x2f, 0x99, 0x3d, 0xc2, 0x5c, 0xc0, 0x2a, 0x7e, 0xab, 0x4a, + 0xbc, 0xf5, 0x2e, 0x24, 0x9c, 0xfd, 0xac, 0xfd, 0xcf, 0x2d, 0x38, 0x95, 0x39, 0x15, 0xee, 0xdd, + 0xc8, 0x79, 0xfb, 0x8b, 0x25, 0x38, 0x91, 0x51, 0x1d, 0x1d, 0x75, 0xcc, 0x45, 0x62, 0xe5, 0x11, + 0x84, 0x96, 0x8c, 0xa9, 0x92, 0xdf, 0x26, 0x63, 0x65, 0xec, 0xef, 0x04, 0x5e, 0x9f, 0x82, 0x17, + 0x8f, 0xf6, 0x14, 0xdc, 0x98, 0xeb, 0x03, 0x77, 0x75, 0xae, 0x97, 0xf6, 0x98, 0xeb, 0xdf, 0xb0, + 0x60, 0xa2, 0xd9, 0xe3, 0x4a, 0x1e, 0x71, 0x9e, 0x74, 0xed, 0x70, 0x2e, 0xfc, 0x99, 0x7d, 0xe8, + 0xd6, 0xce, 0x64, 0xcf, 0x9b, 0x90, 0x70, 0xcf, 0x5e, 0xd9, 0xdf, 0x2d, 0x02, 0xb3, 0xd7, 0x58, + 0x05, 0xdc, 0x0e, 0xfa, 0x88, 0x79, 0xc9, 0x82, 0x95, 0xd7, 0x85, 0x00, 0x9c, 0xb8, 0xba, 0xa4, + 0x81, 0x8f, 0x60, 0xd6, 0x9d, 0x0d, 0x69, 0x49, 0x58, 0xe8, 0x43, 0x12, 0x7a, 0xf2, 0x36, 0x8b, + 0x62, 0xfe, 0xb7, 0x59, 0x54, 0xd2, 0x37, 0x59, 0xec, 0xfe, 0x89, 0x07, 0xee, 0xc9, 0x4f, 0xfc, + 0x8b, 0x16, 0x17, 0x3c, 0xa9, 0xaf, 0xa0, 0xcd, 0x0d, 0x6b, 0x17, 0x73, 0xe3, 0x09, 0x28, 0x47, + 0x42, 0x32, 0x0b, 0xb3, 0x44, 0x07, 0x40, 0x89, 0x76, 0xac, 0x30, 0xe8, 0xae, 0xcb, 0xf1, 0xbc, + 0xe0, 0xe6, 0xb9, 0x66, 0x2b, 0xee, 0x08, 0x03, 0x45, 0x6d, 0x0b, 0x66, 0x14, 0x04, 0x1b, 0x58, + 0xf6, 0x06, 0x18, 0x1b, 0x86, 0x3b, 0xbf, 0xc1, 0xb4, 0x8f, 0xab, 0xa7, 0xff, 0x61, 0x41, 0xb0, + 0xe2, 0x1b, 0x80, 0xb3, 0xa9, 0xab, 0xbe, 0xfb, 0x0f, 0x75, 0xfb, 0x10, 0x40, 0x2d, 0x68, 0xb6, + 0xe8, 0x96, 0x78, 0x35, 0xc8, 0x67, 0x1f, 0x35, 0xa7, 0xe8, 0xe9, 0x01, 0xd3, 0x6d, 0xd8, 0xe0, + 0x97, 0x90, 0xda, 0xc5, 0x3d, 0xa5, 0x76, 0x42, 0x80, 0x0d, 0xec, 0x2e, 0xc0, 0xec, 0xbf, 0xb2, + 0x20, 0x61, 0xd0, 0xa1, 0x16, 0x94, 0x68, 0x77, 0x3b, 0x42, 0x16, 0x2c, 0xe7, 0x67, 0x3d, 0x52, + 0x21, 0x2c, 0x16, 0x18, 0xfb, 0x89, 0x39, 0x23, 0xe4, 0x89, 0xb0, 0xbe, 0x5c, 0xf6, 0x35, 0x26, + 0xc3, 0x8b, 0x41, 0xb0, 0xc9, 0x23, 0x63, 0x74, 0x88, 0xa0, 0x7d, 0x16, 0x8e, 0x77, 0x75, 0x8a, + 0xdd, 0x7a, 0x1a, 0xc8, 0xcd, 0xb9, 0xb1, 0x30, 0x58, 0x0d, 0x05, 0xcc, 0x61, 0xf6, 0xd7, 0x2d, + 0x38, 0x96, 0x26, 0x8f, 0x5e, 0xb7, 0xe0, 0x78, 0x94, 0xa6, 0x77, 0x58, 0x63, 0xa7, 0x42, 0xf3, + 0xbb, 0x40, 0xb8, 0xbb, 0x13, 0xf6, 0xaf, 0x09, 0x41, 0x7f, 0xdd, 0xf5, 0xeb, 0xc1, 0x4d, 0x65, + 0x02, 0x59, 0x3d, 0x4d, 0x20, 0xba, 0xf2, 0x6b, 0x1b, 0xa4, 0xde, 0xf6, 0xba, 0x6a, 0x26, 0x54, + 0x45, 0x3b, 0x56, 0x18, 0x2c, 0x45, 0xbc, 0x2d, 0xb6, 0xa4, 0xa9, 0x49, 0x39, 0x2f, 0xda, 0xb1, + 0xc2, 0x40, 0xcf, 0xc2, 0x88, 0xf1, 0x92, 0x72, 0x5e, 0xb2, 0xfd, 0x84, 0xa1, 0x9c, 0x23, 0x9c, + 0xc0, 0x42, 0x53, 0x00, 0xca, 0x9c, 0x92, 0xca, 0x98, 0xf9, 0xd0, 0x95, 0xcc, 0x8b, 0xb0, 0x81, + 0xc1, 0x0a, 0x32, 0x78, 0xed, 0x88, 0x1d, 0x12, 0x0f, 0xea, 0x62, 0xef, 0x73, 0xa2, 0x0d, 0x2b, + 0x28, 0x95, 0x5b, 0x4d, 0xc7, 0x6f, 0x3b, 0x1e, 0x1d, 0x21, 0xe1, 0x15, 0x53, 0xcb, 0x70, 0x49, + 0x41, 0xb0, 0x81, 0x45, 0xdf, 0x38, 0x76, 0x9b, 0xe4, 0xc5, 0xc0, 0x97, 0x21, 0xd5, 0x3a, 0x6e, + 0x40, 0xb4, 0x63, 0x85, 0x81, 0xce, 0xc2, 0xb0, 0xe3, 0xd7, 0xb9, 0xed, 0x17, 0x84, 0xe2, 0xf8, + 0x51, 0x6d, 0x2c, 0xaf, 0x46, 0x64, 0x46, 0x43, 0xb1, 0x89, 0x6a, 0xff, 0xa5, 0x05, 0xe3, 0xba, + 0x42, 0x0d, 0xf3, 0x82, 0x25, 0xdc, 0x7f, 0xd6, 0x9e, 0xee, 0xbf, 0x64, 0xc5, 0x8c, 0x42, 0x5f, + 0x15, 0x33, 0xcc, 0x62, 0x16, 0xc5, 0x5d, 0x8b, 0x59, 0xfc, 0x30, 0x0c, 0x6d, 0x92, 0x8e, 0x51, + 0xf5, 0x62, 0x98, 0x1a, 0x52, 0x97, 0x79, 0x13, 0x96, 0x30, 0x64, 0xc3, 0x60, 0xcd, 0x51, 0x75, + 0xe2, 0x46, 0xf8, 0xa6, 0x69, 0x6e, 0x86, 0x21, 0x09, 0x88, 0xbd, 0x0c, 0x15, 0x75, 0xf0, 0x2e, + 0xbd, 0x71, 0x56, 0xb6, 0x37, 0xae, 0xaf, 0xa4, 0xfa, 0xd9, 0xb5, 0x6f, 0x7e, 0xef, 0x91, 0x37, + 0xfd, 0xe1, 0xf7, 0x1e, 0x79, 0xd3, 0x1f, 0x7f, 0xef, 0x91, 0x37, 0x7d, 0xf4, 0xd6, 0x23, 0xd6, + 0x37, 0x6f, 0x3d, 0x62, 0xfd, 0xe1, 0xad, 0x47, 0xac, 0x3f, 0xbe, 0xf5, 0x88, 0xf5, 0xdd, 0x5b, + 0x8f, 0x58, 0x9f, 0xff, 0xaf, 0x8f, 0xbc, 0xe9, 0xc5, 0xcc, 0x68, 0x7c, 0xfa, 0xe3, 0xc9, 0x5a, + 0x7d, 0x7a, 0xeb, 0x19, 0x16, 0x10, 0x4e, 0x17, 0xe6, 0xb4, 0x31, 0x1b, 0xa7, 0xe5, 0xc2, 0xfc, + 0xff, 0x01, 0x00, 0x00, 0xff, 0xff, 0xf6, 0x8b, 0xab, 0x8e, 0xb6, 0xf6, 0x00, 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -12372,6 +12375,16 @@ func (m *RepoCreds) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + i-- + if m.UseAzureWorkloadIdentity { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xc0 i -= len(m.NoProxy) copy(dAtA[i:], m.NoProxy) i = encodeVarintGenerated(dAtA, i, uint64(len(m.NoProxy))) @@ -12530,6 +12543,16 @@ func (m *Repository) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + i-- + if m.UseAzureWorkloadIdentity { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xc0 i -= len(m.NoProxy) copy(dAtA[i:], m.NoProxy) i = encodeVarintGenerated(dAtA, i, uint64(len(m.NoProxy))) @@ -15361,6 +15384,14 @@ func (m *SyncWindow) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + i-- + if m.UseAndOperator { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x48 i -= len(m.TimeZone) copy(dAtA[i:], m.TimeZone) i = encodeVarintGenerated(dAtA, i, uint64(len(m.TimeZone))) @@ -18112,6 +18143,7 @@ func (m *RepoCreds) Size() (n int) { n += 3 l = len(m.NoProxy) n += 2 + l + sovGenerated(uint64(l)) + n += 3 return n } @@ -18176,6 +18208,7 @@ func (m *Repository) Size() (n int) { n += 3 l = len(m.NoProxy) n += 2 + l + sovGenerated(uint64(l)) + n += 3 return n } @@ -19195,6 +19228,7 @@ func (m *SyncWindow) Size() (n int) { n += 2 l = len(m.TimeZone) n += 1 + l + sovGenerated(uint64(l)) + n += 2 return n } @@ -21191,6 +21225,7 @@ func (this *RepoCreds) String() string { `Proxy:` + fmt.Sprintf("%v", this.Proxy) + `,`, `ForceHttpBasicAuth:` + fmt.Sprintf("%v", this.ForceHttpBasicAuth) + `,`, `NoProxy:` + fmt.Sprintf("%v", this.NoProxy) + `,`, + `UseAzureWorkloadIdentity:` + fmt.Sprintf("%v", this.UseAzureWorkloadIdentity) + `,`, `}`, }, "") return s @@ -21239,6 +21274,7 @@ func (this *Repository) String() string { `GCPServiceAccountKey:` + fmt.Sprintf("%v", this.GCPServiceAccountKey) + `,`, `ForceHttpBasicAuth:` + fmt.Sprintf("%v", this.ForceHttpBasicAuth) + `,`, `NoProxy:` + fmt.Sprintf("%v", this.NoProxy) + `,`, + `UseAzureWorkloadIdentity:` + fmt.Sprintf("%v", this.UseAzureWorkloadIdentity) + `,`, `}`, }, "") return s @@ -21952,6 +21988,7 @@ func (this *SyncWindow) String() string { `Clusters:` + fmt.Sprintf("%v", this.Clusters) + `,`, `ManualSync:` + fmt.Sprintf("%v", this.ManualSync) + `,`, `TimeZone:` + fmt.Sprintf("%v", this.TimeZone) + `,`, + `UseAndOperator:` + fmt.Sprintf("%v", this.UseAndOperator) + `,`, `}`, }, "") return s @@ -44337,6 +44374,26 @@ func (m *RepoCreds) Unmarshal(dAtA []byte) error { } m.NoProxy = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 24: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field UseAzureWorkloadIdentity", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.UseAzureWorkloadIdentity = bool(v != 0) default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -45143,6 +45200,26 @@ func (m *Repository) Unmarshal(dAtA []byte) error { } m.NoProxy = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 24: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field UseAzureWorkloadIdentity", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.UseAzureWorkloadIdentity = bool(v != 0) default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -54288,6 +54365,26 @@ func (m *SyncWindow) Unmarshal(dAtA []byte) error { } m.TimeZone = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 9: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field UseAndOperator", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.UseAndOperator = bool(v != 0) default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index f0a0742ddb778..47404f8b871bb 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -1694,6 +1694,9 @@ message RepoCreds { // NoProxy specifies a list of targets where the proxy isn't used, applies only in cases where the proxy is applied optional string noProxy = 23; + + // UseAzureWorkloadIdentity specifies whether to use Azure Workload Identity for authentication + optional bool useAzureWorkloadIdentity = 24; } // RepositoryList is a collection of Repositories. @@ -1774,6 +1777,9 @@ message Repository { // NoProxy specifies a list of targets where the proxy isn't used, applies only in cases where the proxy is applied optional string noProxy = 23; + + // UseAzureWorkloadIdentity specifies whether to use Azure Workload Identity for authentication + optional bool useAzureWorkloadIdentity = 24; } // A RepositoryCertificate is either SSH known hosts entry or TLS certificate @@ -2505,6 +2511,9 @@ message SyncWindow { // TimeZone of the sync that will be applied to the schedule optional string timeZone = 8; + + // UseAndOperator use AND operator for matching applications, namespaces and clusters instead of the default OR operator + optional bool andOperator = 9; } // TLSClientConfig contains settings to enable transport layer security diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index 691546802a74a..ac8014f7b61fd 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -8454,6 +8454,13 @@ func schema_pkg_apis_application_v1alpha1_SyncWindow(ref common.ReferenceCallbac Format: "", }, }, + "andOperator": { + SchemaProps: spec.SchemaProps{ + Description: "UseAndOperator use AND operator for matching applications, namespaces and clusters instead of the default OR operator", + Type: []string{"boolean"}, + Format: "", + }, + }, }, }, }, diff --git a/pkg/apis/application/v1alpha1/repository_types.go b/pkg/apis/application/v1alpha1/repository_types.go index a88da7762521e..ca35d1e7a5cac 100644 --- a/pkg/apis/application/v1alpha1/repository_types.go +++ b/pkg/apis/application/v1alpha1/repository_types.go @@ -9,6 +9,7 @@ import ( "github.com/argoproj/argo-cd/v3/util/cert" "github.com/argoproj/argo-cd/v3/util/git" "github.com/argoproj/argo-cd/v3/util/helm" + "github.com/argoproj/argo-cd/v3/util/workloadidentity" log "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -48,6 +49,8 @@ type RepoCreds struct { ForceHttpBasicAuth bool `json:"forceHttpBasicAuth,omitempty" protobuf:"bytes,20,opt,name=forceHttpBasicAuth"` // NoProxy specifies a list of targets where the proxy isn't used, applies only in cases where the proxy is applied NoProxy string `json:"noProxy,omitempty" protobuf:"bytes,23,opt,name=noProxy"` + // UseAzureWorkloadIdentity specifies whether to use Azure Workload Identity for authentication + UseAzureWorkloadIdentity bool `json:"useAzureWorkloadIdentity,omitempty" protobuf:"bytes,24,opt,name=useAzureWorkloadIdentity"` } // Repository is a repository holding application configurations @@ -99,6 +102,8 @@ type Repository struct { ForceHttpBasicAuth bool `json:"forceHttpBasicAuth,omitempty" protobuf:"bytes,22,opt,name=forceHttpBasicAuth"` // NoProxy specifies a list of targets where the proxy isn't used, applies only in cases where the proxy is applied NoProxy string `json:"noProxy,omitempty" protobuf:"bytes,23,opt,name=noProxy"` + // UseAzureWorkloadIdentity specifies whether to use Azure Workload Identity for authentication + UseAzureWorkloadIdentity bool `json:"useAzureWorkloadIdentity,omitempty" protobuf:"bytes,24,opt,name=useAzureWorkloadIdentity"` } // IsInsecure returns true if the repository has been configured to skip server verification @@ -113,7 +118,7 @@ func (repo *Repository) IsLFSEnabled() bool { // HasCredentials returns true when the repository has been configured with any credentials func (repo *Repository) HasCredentials() bool { - return repo.Username != "" || repo.Password != "" || repo.SSHPrivateKey != "" || repo.TLSClientCertData != "" || repo.GithubAppPrivateKey != "" + return repo.Username != "" || repo.Password != "" || repo.SSHPrivateKey != "" || repo.TLSClientCertData != "" || repo.GithubAppPrivateKey != "" || repo.UseAzureWorkloadIdentity } // CopyCredentialsFromRepo copies all credential information from source repository to receiving repository @@ -150,6 +155,7 @@ func (repo *Repository) CopyCredentialsFromRepo(source *Repository) { repo.GCPServiceAccountKey = source.GCPServiceAccountKey } repo.ForceHttpBasicAuth = source.ForceHttpBasicAuth + repo.UseAzureWorkloadIdentity = source.UseAzureWorkloadIdentity } } @@ -193,6 +199,7 @@ func (repo *Repository) CopyCredentialsFrom(source *RepoCreds) { repo.NoProxy = source.NoProxy } repo.ForceHttpBasicAuth = source.ForceHttpBasicAuth + repo.UseAzureWorkloadIdentity = source.UseAzureWorkloadIdentity } } @@ -213,12 +220,26 @@ func (repo *Repository) GetGitCreds(store git.CredsStore) git.Creds { if repo.GCPServiceAccountKey != "" { return git.NewGoogleCloudCreds(repo.GCPServiceAccountKey, store) } + if repo.UseAzureWorkloadIdentity { + return git.NewAzureWorkloadIdentityCreds(store, workloadidentity.NewWorkloadIdentityTokenProvider()) + } return git.NopCreds{} } // GetHelmCreds returns the credentials from a repository configuration used to authenticate at a Helm repository func (repo *Repository) GetHelmCreds() helm.Creds { - return helm.Creds{ + if repo.UseAzureWorkloadIdentity { + return helm.NewAzureWorkloadIdentityCreds( + repo.Repo, + getCAPath(repo.Repo), + []byte(repo.TLSClientCertData), + []byte(repo.TLSClientCertKey), + repo.Insecure, + workloadidentity.NewWorkloadIdentityTokenProvider(), + ) + } + + return helm.HelmCreds{ Username: repo.Username, Password: repo.Password, CAPath: getCAPath(repo.Repo), @@ -302,6 +323,7 @@ func (repo *Repository) Sanitized() *Repository { GithubAppId: repo.GithubAppId, GithubAppInstallationId: repo.GithubAppInstallationId, GitHubAppEnterpriseBaseURL: repo.GitHubAppEnterpriseBaseURL, + UseAzureWorkloadIdentity: repo.UseAzureWorkloadIdentity, } } diff --git a/pkg/apis/application/v1alpha1/repository_types_test.go b/pkg/apis/application/v1alpha1/repository_types_test.go new file mode 100644 index 0000000000000..3a53f2b09917f --- /dev/null +++ b/pkg/apis/application/v1alpha1/repository_types_test.go @@ -0,0 +1,41 @@ +package v1alpha1 + +import ( + "testing" + + "github.com/argoproj/argo-cd/v3/util/git" + "github.com/argoproj/argo-cd/v3/util/helm" +) + +func TestGetGitCredsShouldReturnAzureWorkloadIdentityCredsIfSpecified(t *testing.T) { + repository := Repository{UseAzureWorkloadIdentity: true} + + creds := repository.GetGitCreds(git.NoopCredsStore{}) + + _, ok := creds.(git.AzureWorkloadIdentityCreds) + if !ok { + t.Fatalf("expected AzureWorkloadIdentityCreds but got %T", creds) + } +} + +func TestGetHelmCredsShouldReturnAzureWorkloadIdentityCredsIfSpecified(t *testing.T) { + repository := Repository{UseAzureWorkloadIdentity: true} + + creds := repository.GetHelmCreds() + + _, ok := creds.(helm.AzureWorkloadIdentityCreds) + if !ok { + t.Fatalf("expected AzureWorkloadIdentityCreds but got %T", creds) + } +} + +func TestGetHelmCredsShouldReturnHelmCredsIfAzureWorkloadIdentityNotSpecified(t *testing.T) { + repository := Repository{} + + creds := repository.GetHelmCreds() + + _, ok := creds.(helm.HelmCreds) + if !ok { + t.Fatalf("expected HelmCreds but got %T", creds) + } +} diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index c4f9de0f80062..4595ffd1ba5b8 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -1270,8 +1270,7 @@ type SyncOperationResource struct { Kind string `json:"kind" protobuf:"bytes,2,opt,name=kind"` Name string `json:"name" protobuf:"bytes,3,opt,name=name"` Namespace string `json:"namespace,omitempty" protobuf:"bytes,4,opt,name=namespace"` - // nolint:govet - Exclude bool `json:"-"` + Exclude bool `json:"-"` } // RevisionHistories is a array of history, oldest first and newest last @@ -1507,11 +1506,12 @@ type SyncStrategy struct { // Force returns true if the sync strategy specifies to perform a forced sync func (m *SyncStrategy) Force() bool { - if m == nil { + switch { + case m == nil: return false - } else if m.Apply != nil { + case m.Apply != nil: return m.Apply.Force - } else if m.Hook != nil { + case m.Hook != nil: return m.Hook.Force } return false @@ -2546,6 +2546,8 @@ type SyncWindow struct { ManualSync bool `json:"manualSync,omitempty" protobuf:"bytes,7,opt,name=manualSync"` // TimeZone of the sync that will be applied to the schedule TimeZone string `json:"timeZone,omitempty" protobuf:"bytes,8,opt,name=timeZone"` + // UseAndOperator use AND operator for matching applications, namespaces and clusters instead of the default OR operator + UseAndOperator bool `json:"andOperator,omitempty" protobuf:"bytes,9,opt,name=andOperator"` } // HasWindows returns true if SyncWindows has one or more SyncWindow @@ -2642,17 +2644,18 @@ func (w *SyncWindow) scheduleOffsetByTimeZone() time.Duration { } // AddWindow adds a sync window with the given parameters to the AppProject -func (spec *AppProjectSpec) AddWindow(knd string, sch string, dur string, app []string, ns []string, cl []string, ms bool, timeZone string) error { +func (spec *AppProjectSpec) AddWindow(knd string, sch string, dur string, app []string, ns []string, cl []string, ms bool, timeZone string, andOperator bool) error { if len(knd) == 0 || len(sch) == 0 || len(dur) == 0 { return errors.New("cannot create window: require kind, schedule, duration and one or more of applications, namespaces and clusters") } window := &SyncWindow{ - Kind: knd, - Schedule: sch, - Duration: dur, - ManualSync: ms, - TimeZone: timeZone, + Kind: knd, + Schedule: sch, + Duration: dur, + ManualSync: ms, + TimeZone: timeZone, + UseAndOperator: andOperator, } if len(app) > 0 { @@ -2692,37 +2695,73 @@ func (spec *AppProjectSpec) DeleteWindow(id int) error { } // Matches returns a list of sync windows that are defined for a given application +// It will use the AND operator if the UseAndOperator is set to true otherwise will default to the OR operator func (w *SyncWindows) Matches(app *Application) *SyncWindows { if w.HasWindows() { var matchingWindows SyncWindows - for _, w := range *w { - if len(w.Applications) > 0 { - for _, a := range w.Applications { + var matched, isSet bool + + for _, window := range *w { + matched = false + isSet = false + + // First check if any applications are configured for the window + if len(window.Applications) > 0 { + isSet = true + for _, a := range window.Applications { if globMatch(a, app.Name, false) { - matchingWindows = append(matchingWindows, w) + matched = true break } } } - if len(w.Clusters) > 0 { - for _, c := range w.Clusters { + + // If using the AND operator and window applications were set but did not match, break out of the loop earlier + if window.UseAndOperator && !matched && isSet { + continue + } else if !window.UseAndOperator && matched { + matchingWindows = append(matchingWindows, window) + continue + } + + // Second check if any clusters are configured for the window + if len(window.Clusters) > 0 { + // check next for cluster matching + matched = false + isSet = true + for _, c := range window.Clusters { dst := app.Spec.Destination dstNameMatched := dst.Name != "" && globMatch(c, dst.Name, false) dstServerMatched := dst.Server != "" && globMatch(c, dst.Server, false) if dstNameMatched || dstServerMatched { - matchingWindows = append(matchingWindows, w) + matched = true break } } } - if len(w.Namespaces) > 0 { - for _, n := range w.Namespaces { + + // If using the AND operator and window clusters were set but did not match, break out of the loop earlier + if isSet && window.UseAndOperator && !matched { + continue + } else if !window.UseAndOperator && matched { + matchingWindows = append(matchingWindows, window) + continue + } + + // Last check if any namespaces are configured for the window + if len(window.Namespaces) > 0 { + matched = false + // If the window clusters matched or if the window clusters were not set check next for namespace matching + for _, n := range window.Namespaces { if globMatch(n, app.Spec.Destination.Namespace, false) { - matchingWindows = append(matchingWindows, w) + matched = true break } } } + if matched { + matchingWindows = append(matchingWindows, window) + } } if len(matchingWindows) > 0 { return &matchingWindows @@ -3315,7 +3354,9 @@ func ParseProxyUrl(proxyUrl string) (*url.URL, error) { func (c *Cluster) RawRestConfig() (*rest.Config, error) { var config *rest.Config var err error - if c.Server == KubernetesInternalAPIServerAddr && env.ParseBoolFromEnv(EnvVarFakeInClusterConfig, false) { + + switch { + case c.Server == KubernetesInternalAPIServerAddr && env.ParseBoolFromEnv(EnvVarFakeInClusterConfig, false): conf, exists := os.LookupEnv("KUBECONFIG") if exists { config, err = clientcmd.BuildConfigFromFlags("", conf) @@ -3327,9 +3368,9 @@ func (c *Cluster) RawRestConfig() (*rest.Config, error) { } config, err = clientcmd.BuildConfigFromFlags("", filepath.Join(homeDir, ".kube", "config")) } - } else if c.Server == KubernetesInternalAPIServerAddr && c.Config.Username == "" && c.Config.Password == "" && c.Config.BearerToken == "" { + case c.Server == KubernetesInternalAPIServerAddr && c.Config.Username == "" && c.Config.Password == "" && c.Config.BearerToken == "": config, err = rest.InClusterConfig() - } else if c.Server == KubernetesInternalAPIServerAddr { + case c.Server == KubernetesInternalAPIServerAddr: config, err = rest.InClusterConfig() if err == nil { config.Username = c.Config.Username @@ -3337,7 +3378,7 @@ func (c *Cluster) RawRestConfig() (*rest.Config, error) { config.BearerToken = c.Config.BearerToken config.BearerTokenFile = "" } - } else { + default: tlsClientConfig := rest.TLSClientConfig{ Insecure: c.Config.TLSClientConfig.Insecure, ServerName: c.Config.TLSClientConfig.ServerName, @@ -3345,7 +3386,8 @@ func (c *Cluster) RawRestConfig() (*rest.Config, error) { KeyData: c.Config.TLSClientConfig.KeyData, CAData: c.Config.TLSClientConfig.CAData, } - if c.Config.AWSAuthConfig != nil { + switch { + case c.Config.AWSAuthConfig != nil: args := []string{"aws", "--cluster-name", c.Config.AWSAuthConfig.ClusterName} if c.Config.AWSAuthConfig.RoleARN != "" { args = append(args, "--role-arn", c.Config.AWSAuthConfig.RoleARN) @@ -3363,7 +3405,7 @@ func (c *Cluster) RawRestConfig() (*rest.Config, error) { InteractiveMode: api.NeverExecInteractiveMode, }, } - } else if c.Config.ExecProviderConfig != nil { + case c.Config.ExecProviderConfig != nil: var env []api.ExecEnvVar if c.Config.ExecProviderConfig.Env != nil { for key, value := range c.Config.ExecProviderConfig.Env { @@ -3385,7 +3427,7 @@ func (c *Cluster) RawRestConfig() (*rest.Config, error) { InteractiveMode: api.NeverExecInteractiveMode, }, } - } else { + default: config = &rest.Config{ Host: c.Server, Username: c.Config.Username, diff --git a/pkg/apis/application/v1alpha1/types_test.go b/pkg/apis/application/v1alpha1/types_test.go index cb2d4a97f2445..77bc033a520cb 100644 --- a/pkg/apis/application/v1alpha1/types_test.go +++ b/pkg/apis/application/v1alpha1/types_test.go @@ -2188,23 +2188,24 @@ func TestAppProjectSpec_AddWindow(t *testing.T) { c []string m bool t string + o bool want string }{ - {"MissingKind", proj, "", "* * * * *", "11", []string{"app1"}, []string{}, []string{}, false, "error", ""}, - {"MissingSchedule", proj, "allow", "", "", []string{"app1"}, []string{}, []string{}, false, "error", ""}, - {"MissingDuration", proj, "allow", "* * * * *", "", []string{"app1"}, []string{}, []string{}, false, "error", ""}, - {"BadSchedule", proj, "allow", "* * *", "1h", []string{"app1"}, []string{}, []string{}, false, "error", ""}, - {"BadDuration", proj, "deny", "* * * * *", "33mm", []string{"app1"}, []string{}, []string{}, false, "error", ""}, - {"WorkingApplication", proj, "allow", "1 * * * *", "1h", []string{"app1"}, []string{}, []string{}, false, "noError", ""}, - {"WorkingNamespace", proj, "deny", "3 * * * *", "1h", []string{}, []string{}, []string{"cluster"}, false, "noError", ""}, + {"MissingKind", proj, "", "* * * * *", "11", []string{"app1"}, []string{}, []string{}, false, "error", false, ""}, + {"MissingSchedule", proj, "allow", "", "", []string{"app1"}, []string{}, []string{}, false, "error", false, ""}, + {"MissingDuration", proj, "allow", "* * * * *", "", []string{"app1"}, []string{}, []string{}, false, "error", false, ""}, + {"BadSchedule", proj, "allow", "* * *", "1h", []string{"app1"}, []string{}, []string{}, false, "error", false, ""}, + {"BadDuration", proj, "deny", "* * * * *", "33mm", []string{"app1"}, []string{}, []string{}, false, "error", false, ""}, + {"WorkingApplication", proj, "allow", "1 * * * *", "1h", []string{"app1"}, []string{}, []string{}, false, "noError", false, ""}, + {"WorkingNamespace", proj, "deny", "3 * * * *", "1h", []string{}, []string{}, []string{"cluster"}, false, "noError", false, ""}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { switch tt.want { case "error": - require.Error(t, tt.p.Spec.AddWindow(tt.k, tt.s, tt.d, tt.a, tt.n, tt.c, tt.m, tt.t)) + require.Error(t, tt.p.Spec.AddWindow(tt.k, tt.s, tt.d, tt.a, tt.n, tt.c, tt.m, tt.t, tt.o)) case "noError": - require.NoError(t, tt.p.Spec.AddWindow(tt.k, tt.s, tt.d, tt.a, tt.n, tt.c, tt.m, tt.t)) + require.NoError(t, tt.p.Spec.AddWindow(tt.k, tt.s, tt.d, tt.a, tt.n, tt.c, tt.m, tt.t, tt.o)) require.NoError(t, tt.p.Spec.DeleteWindow(0)) } }) @@ -2232,33 +2233,202 @@ func TestSyncWindows_Matches(t *testing.T) { app := newTestApp() t.Run("MatchNamespace", func(t *testing.T) { proj.Spec.SyncWindows[0].Namespaces = []string{"default"} + proj.Spec.SyncWindows[0].Clusters = nil + proj.Spec.SyncWindows[0].Applications = nil windows := proj.Spec.SyncWindows.Matches(app) assert.Len(t, *windows, 1) proj.Spec.SyncWindows[0].Namespaces = nil }) t.Run("MatchCluster", func(t *testing.T) { proj.Spec.SyncWindows[0].Clusters = []string{"cluster1"} + proj.Spec.SyncWindows[0].Namespaces = nil + proj.Spec.SyncWindows[0].Applications = nil windows := proj.Spec.SyncWindows.Matches(app) assert.Len(t, *windows, 1) proj.Spec.SyncWindows[0].Clusters = nil }) t.Run("MatchClusterName", func(t *testing.T) { proj.Spec.SyncWindows[0].Clusters = []string{"clusterName"} + proj.Spec.SyncWindows[0].Namespaces = nil + proj.Spec.SyncWindows[0].Applications = nil windows := proj.Spec.SyncWindows.Matches(app) assert.Len(t, *windows, 1) proj.Spec.SyncWindows[0].Clusters = nil }) t.Run("MatchAppName", func(t *testing.T) { proj.Spec.SyncWindows[0].Applications = []string{"test-app"} + proj.Spec.SyncWindows[0].Namespaces = nil + proj.Spec.SyncWindows[0].Clusters = nil + windows := proj.Spec.SyncWindows.Matches(app) + assert.Len(t, *windows, 1) + proj.Spec.SyncWindows[0].Applications = nil + }) + t.Run("MatchAppNameAndNamespace", func(t *testing.T) { + proj.Spec.SyncWindows[0].Applications = []string{"test-app"} + proj.Spec.SyncWindows[0].Namespaces = []string{"default"} + proj.Spec.SyncWindows[0].Clusters = nil + windows := proj.Spec.SyncWindows.Matches(app) + assert.Len(t, *windows, 1) + proj.Spec.SyncWindows[0].Applications = nil + proj.Spec.SyncWindows[0].Namespaces = nil + }) + t.Run("MatchAppNameAndClusterName", func(t *testing.T) { + proj.Spec.SyncWindows[0].Applications = []string{"test-app"} + proj.Spec.SyncWindows[0].Clusters = []string{"clusterName"} + proj.Spec.SyncWindows[0].Namespaces = nil + windows := proj.Spec.SyncWindows.Matches(app) + assert.Len(t, *windows, 1) + proj.Spec.SyncWindows[0].Applications = nil + proj.Spec.SyncWindows[0].Clusters = nil + }) + t.Run("MatchNamespaceAndClusterName", func(t *testing.T) { + proj.Spec.SyncWindows[0].Namespaces = []string{"default"} + proj.Spec.SyncWindows[0].Clusters = []string{"clusterName"} + proj.Spec.SyncWindows[0].Applications = nil + windows := proj.Spec.SyncWindows.Matches(app) + assert.Len(t, *windows, 1) + proj.Spec.SyncWindows[0].Namespaces = nil + proj.Spec.SyncWindows[0].Clusters = nil + }) + t.Run("MatchAppNameAndNamespaceAndClusterName", func(t *testing.T) { + proj.Spec.SyncWindows[0].Applications = []string{"test-app"} + proj.Spec.SyncWindows[0].Namespaces = []string{"default"} + proj.Spec.SyncWindows[0].Clusters = []string{"clusterName"} windows := proj.Spec.SyncWindows.Matches(app) assert.Len(t, *windows, 1) proj.Spec.SyncWindows[0].Applications = nil + proj.Spec.SyncWindows[0].Namespaces = nil + proj.Spec.SyncWindows[0].Clusters = nil }) t.Run("MatchWildcardAppName", func(t *testing.T) { proj.Spec.SyncWindows[0].Applications = []string{"test-*"} + proj.Spec.SyncWindows[0].Clusters = nil + proj.Spec.SyncWindows[0].Namespaces = nil + windows := proj.Spec.SyncWindows.Matches(app) + assert.Len(t, *windows, 1) + proj.Spec.SyncWindows[0].Applications = nil + }) + t.Run("MatchWildcardAppNameAndNamespace", func(t *testing.T) { + proj.Spec.SyncWindows[0].Applications = []string{"test-*"} + proj.Spec.SyncWindows[0].Namespaces = []string{"default"} + proj.Spec.SyncWindows[0].Clusters = nil + windows := proj.Spec.SyncWindows.Matches(app) + assert.Len(t, *windows, 1) + proj.Spec.SyncWindows[0].Applications = nil + proj.Spec.SyncWindows[0].Namespaces = nil + }) + t.Run("MatchWildcardAppNameAndWildcardClusterName", func(t *testing.T) { + proj.Spec.SyncWindows[0].Applications = []string{"test-*"} + proj.Spec.SyncWindows[0].Clusters = []string{"clusterN*"} + proj.Spec.SyncWindows[0].Namespaces = nil windows := proj.Spec.SyncWindows.Matches(app) assert.Len(t, *windows, 1) proj.Spec.SyncWindows[0].Applications = nil + proj.Spec.SyncWindows[0].Clusters = nil + }) + t.Run("NoMatch", func(t *testing.T) { + windows := proj.Spec.SyncWindows.Matches(app) + assert.Nil(t, windows) + }) +} + +func TestSyncWindows_Matches_AND_Operator(t *testing.T) { + proj := newTestProjectWithSyncWindowsAndOperator() + app := newTestApp() + t.Run("MatchNamespace", func(t *testing.T) { + proj.Spec.SyncWindows[0].Namespaces = []string{"default"} + proj.Spec.SyncWindows[0].Clusters = nil + proj.Spec.SyncWindows[0].Applications = nil + windows := proj.Spec.SyncWindows.Matches(app) + assert.Len(t, *windows, 1) + proj.Spec.SyncWindows[0].Namespaces = nil + }) + t.Run("MatchCluster", func(t *testing.T) { + proj.Spec.SyncWindows[0].Clusters = []string{"cluster1"} + proj.Spec.SyncWindows[0].Namespaces = nil + proj.Spec.SyncWindows[0].Applications = nil + windows := proj.Spec.SyncWindows.Matches(app) + assert.Len(t, *windows, 1) + proj.Spec.SyncWindows[0].Clusters = nil + }) + t.Run("MatchClusterName", func(t *testing.T) { + proj.Spec.SyncWindows[0].Clusters = []string{"clusterName"} + proj.Spec.SyncWindows[0].Namespaces = nil + proj.Spec.SyncWindows[0].Applications = nil + windows := proj.Spec.SyncWindows.Matches(app) + assert.Len(t, *windows, 1) + proj.Spec.SyncWindows[0].Clusters = nil + }) + t.Run("MatchAppName", func(t *testing.T) { + proj.Spec.SyncWindows[0].Applications = []string{"test-app"} + proj.Spec.SyncWindows[0].Namespaces = nil + proj.Spec.SyncWindows[0].Clusters = nil + windows := proj.Spec.SyncWindows.Matches(app) + assert.Len(t, *windows, 1) + proj.Spec.SyncWindows[0].Applications = nil + }) + t.Run("MatchAppNameAndNamespace", func(t *testing.T) { + proj.Spec.SyncWindows[0].Applications = []string{"test-app"} + proj.Spec.SyncWindows[0].Namespaces = []string{"default"} + proj.Spec.SyncWindows[0].Clusters = nil + windows := proj.Spec.SyncWindows.Matches(app) + assert.Len(t, *windows, 1) + proj.Spec.SyncWindows[0].Applications = nil + proj.Spec.SyncWindows[0].Namespaces = nil + }) + t.Run("MatchAppNameAndClusterName", func(t *testing.T) { + proj.Spec.SyncWindows[0].Applications = []string{"test-app"} + proj.Spec.SyncWindows[0].Clusters = []string{"clusterName"} + proj.Spec.SyncWindows[0].Namespaces = nil + windows := proj.Spec.SyncWindows.Matches(app) + assert.Len(t, *windows, 1) + proj.Spec.SyncWindows[0].Applications = nil + proj.Spec.SyncWindows[0].Clusters = nil + }) + t.Run("MatchNamespaceAndClusterName", func(t *testing.T) { + proj.Spec.SyncWindows[0].Namespaces = []string{"default"} + proj.Spec.SyncWindows[0].Clusters = []string{"clusterName"} + proj.Spec.SyncWindows[0].Applications = nil + windows := proj.Spec.SyncWindows.Matches(app) + assert.Len(t, *windows, 1) + proj.Spec.SyncWindows[0].Namespaces = nil + proj.Spec.SyncWindows[0].Clusters = nil + }) + t.Run("MatchAppNameAndNamespaceAndClusterName", func(t *testing.T) { + proj.Spec.SyncWindows[0].Applications = []string{"test-app"} + proj.Spec.SyncWindows[0].Namespaces = []string{"default"} + proj.Spec.SyncWindows[0].Clusters = []string{"clusterName"} + windows := proj.Spec.SyncWindows.Matches(app) + assert.Len(t, *windows, 1) + proj.Spec.SyncWindows[0].Applications = nil + proj.Spec.SyncWindows[0].Namespaces = nil + proj.Spec.SyncWindows[0].Clusters = nil + }) + t.Run("MatchWildcardAppName", func(t *testing.T) { + proj.Spec.SyncWindows[0].Applications = []string{"test-*"} + proj.Spec.SyncWindows[0].Clusters = nil + proj.Spec.SyncWindows[0].Namespaces = nil + windows := proj.Spec.SyncWindows.Matches(app) + assert.Len(t, *windows, 1) + proj.Spec.SyncWindows[0].Applications = nil + }) + t.Run("MatchWildcardAppNameAndNamespace", func(t *testing.T) { + proj.Spec.SyncWindows[0].Applications = []string{"test-*"} + proj.Spec.SyncWindows[0].Namespaces = []string{"default"} + proj.Spec.SyncWindows[0].Clusters = nil + windows := proj.Spec.SyncWindows.Matches(app) + assert.Len(t, *windows, 1) + proj.Spec.SyncWindows[0].Applications = nil + proj.Spec.SyncWindows[0].Namespaces = nil + }) + t.Run("MatchWildcardAppNameAndWildcardClusterName", func(t *testing.T) { + proj.Spec.SyncWindows[0].Applications = []string{"test-*"} + proj.Spec.SyncWindows[0].Clusters = []string{"clusterN*"} + proj.Spec.SyncWindows[0].Namespaces = nil + windows := proj.Spec.SyncWindows.Matches(app) + assert.Len(t, *windows, 1) + proj.Spec.SyncWindows[0].Applications = nil + proj.Spec.SyncWindows[0].Clusters = nil }) t.Run("NoMatch", func(t *testing.T) { windows := proj.Spec.SyncWindows.Matches(app) @@ -2878,35 +3048,41 @@ func (b *projectBuilder) build() *AppProject { } func (b *projectBuilder) withActiveAllowWindow(allowManual bool) *projectBuilder { - window := newSyncWindow("allow", "* * * * *", allowManual) + window := newSyncWindow("allow", "* * * * *", allowManual, false) + b.proj.Spec.SyncWindows = append(b.proj.Spec.SyncWindows, window) + return b +} + +func (b *projectBuilder) withActiveAllowWindowAndOperator(allowManual bool, andOperator bool) *projectBuilder { + window := newSyncWindow("allow", "* * * * *", allowManual, andOperator) b.proj.Spec.SyncWindows = append(b.proj.Spec.SyncWindows, window) return b } func (b *projectBuilder) withInactiveAllowWindow(allowManual bool) *projectBuilder { - window := newSyncWindow("allow", inactiveCronSchedule(), allowManual) + window := newSyncWindow("allow", inactiveCronSchedule(), allowManual, false) b.proj.Spec.SyncWindows = append(b.proj.Spec.SyncWindows, window) return b } func (b *projectBuilder) withActiveDenyWindow(allowManual bool) *projectBuilder { - window := newSyncWindow("deny", "* * * * *", allowManual) + window := newSyncWindow("deny", "* * * * *", allowManual, false) b.proj.Spec.SyncWindows = append(b.proj.Spec.SyncWindows, window) return b } func (b *projectBuilder) withInactiveDenyWindow(allowManual bool) *projectBuilder { - window := newSyncWindow("deny", inactiveCronSchedule(), allowManual) + window := newSyncWindow("deny", inactiveCronSchedule(), allowManual, false) b.proj.Spec.SyncWindows = append(b.proj.Spec.SyncWindows, window) return b } func (b *projectBuilder) withInvalidWindows() *projectBuilder { b.proj.Spec.SyncWindows = append(b.proj.Spec.SyncWindows, - newSyncWindow("allow", "* 10 * * 7", false), - newSyncWindow("deny", "* 10 * * 7", false), - newSyncWindow("allow", "* 10 * * 7", true), - newSyncWindow("deny", "* 10 * * 7", true), + newSyncWindow("allow", "* 10 * * 7", false, false), + newSyncWindow("deny", "* 10 * * 7", false, false), + newSyncWindow("allow", "* 10 * * 7", true, false), + newSyncWindow("deny", "* 10 * * 7", true, false), ) return b } @@ -2916,14 +3092,15 @@ func inactiveCronSchedule() string { return fmt.Sprintf("0 %d * * *", hourPlus10) } -func newSyncWindow(kind, schedule string, allowManual bool) *SyncWindow { +func newSyncWindow(kind, schedule string, allowManual bool, andOperator bool) *SyncWindow { return &SyncWindow{ - Kind: kind, - Schedule: schedule, - Duration: "1h", - Applications: []string{"app1"}, - Namespaces: []string{"public"}, - ManualSync: allowManual, + Kind: kind, + Schedule: schedule, + Duration: "1h", + Applications: []string{"app1"}, + Namespaces: []string{"public"}, + ManualSync: allowManual, + UseAndOperator: andOperator, } } @@ -2931,6 +3108,10 @@ func newTestProjectWithSyncWindows() *AppProject { return newProjectBuilder().withActiveAllowWindow(false).build() } +func newTestProjectWithSyncWindowsAndOperator() *AppProject { + return newProjectBuilder().withActiveAllowWindowAndOperator(false, true).build() +} + func newTestApp() *Application { a := &Application{ ObjectMeta: metav1.ObjectMeta{Name: "test-app"}, @@ -3928,7 +4109,6 @@ func TestOptionalArrayEquality(t *testing.T) { err := json.Unmarshal([]byte(presentButEmpty), ¶m) require.NoError(t, err) jsonPresentButEmpty := param.OptionalArray - // nolint:testifylint require.Equal(t, &OptionalArray{Array: []string{}}, jsonPresentButEmpty) // We won't simulate the protobuf unmarshalling of an empty array parameter. By experimentation, this is how it's @@ -3972,7 +4152,6 @@ func TestOptionalMapEquality(t *testing.T) { err := json.Unmarshal([]byte(presentButEmpty), ¶m) require.NoError(t, err) jsonPresentButEmpty := param.OptionalMap - // nolint:testifylint require.Equal(t, &OptionalMap{Map: map[string]string{}}, jsonPresentButEmpty) // We won't simulate the protobuf unmarshalling of an empty map parameter. By experimentation, this is how it's diff --git a/reposerver/apiclient/clientset.go b/reposerver/apiclient/clientset.go index f0891ea0fd068..9d6394989ea37 100644 --- a/reposerver/apiclient/clientset.go +++ b/reposerver/apiclient/clientset.go @@ -82,7 +82,7 @@ func NewConnection(address string, timeoutSeconds int, tlsConfig *TLSConfigurati opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials())) } - // nolint:staticcheck + //nolint:staticcheck conn, err := grpc.Dial(address, opts...) if err != nil { log.Errorf("Unable to connect to repository service with address %s", address) diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index 61672dce97ca1..3edb6bc11b009 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -993,6 +993,7 @@ func getHelmRepos(appPath string, repositories []*v1alpha1.Repository, helmRepoC repo.SSHPrivateKey = repositoryCredential.SSHPrivateKey repo.TLSClientCertData = repositoryCredential.TLSClientCertData repo.TLSClientCertKey = repositoryCredential.TLSClientCertKey + repo.UseAzureWorkloadIdentity = repositoryCredential.UseAzureWorkloadIdentity } else if repo.EnableOCI { // finally if repo is OCI and no credentials found, use the first OCI credential matching by hostname // see https://github.com/argoproj/argo-cd/issues/14636 @@ -1002,6 +1003,7 @@ func getHelmRepos(appPath string, repositories []*v1alpha1.Repository, helmRepoC if _, err := url.Parse("oci://" + dep.Repo); err == nil && cred.EnableOCI && strings.HasPrefix(dep.Repo, cred.Repo) { repo.Username = cred.Username repo.Password = cred.Password + repo.UseAzureWorkloadIdentity = cred.UseAzureWorkloadIdentity break } } @@ -1481,7 +1483,8 @@ func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string, } var targets []*unstructured.Unstructured - if obj.IsList() { + switch { + case obj.IsList(): err = obj.EachListItem(func(object runtime.Object) error { unstructuredObj, ok := object.(*unstructured.Unstructured) if ok { @@ -1493,9 +1496,9 @@ func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string, if err != nil { return nil, err } - } else if isNullList(obj) { + case isNullList(obj): // noop - } else { + default: targets = []*unstructured.Unstructured{obj} } @@ -1527,6 +1530,7 @@ func newEnv(q *apiclient.ManifestRequest, revision string) *v1alpha1.Env { return &v1alpha1.Env{ &v1alpha1.EnvEntry{Name: "ARGOCD_APP_NAME", Value: q.AppName}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_NAMESPACE", Value: q.Namespace}, + &v1alpha1.EnvEntry{Name: "ARGOCD_APP_PROJECT_NAME", Value: q.ProjectName}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_REVISION", Value: revision}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_REVISION_SHORT", Value: shortRevision}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_REVISION_SHORT_8", Value: shortRevision8}, @@ -1570,11 +1574,12 @@ func mergeSourceParameters(source *v1alpha1.ApplicationSource, path, appName str for _, filename := range overrides { info, err := os.Stat(filename) - if os.IsNotExist(err) { + switch { + case os.IsNotExist(err): continue - } else if info != nil && info.IsDir() { + case info != nil && info.IsDir(): continue - } else if err != nil { + case err != nil: // filename should be part of error message here return err } @@ -2493,7 +2498,6 @@ func directoryPermissionInitializer(rootPath string) goio.Closer { // checkoutRevision is a convenience function to initialize a repo, fetch, and checkout a revision // Returns the 40 character commit SHA after the checkout has been performed -// nolint:unparam func (s *Service) checkoutRevision(gitClient git.Client, revision string, submoduleEnabled bool) (goio.Closer, error) { closer := s.gitRepoInitializer(gitClient.Root()) err := checkoutRevision(gitClient, revision, submoduleEnabled) diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index 4876975d48898..3c347a464489f 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -859,30 +859,22 @@ func TestManifestGenErrorCacheByNumRequests(t *testing.T) { require.False(t, isCachedError) require.NotNil(t, cachedManifestResponse) - // nolint:staticcheck assert.Nil(t, cachedManifestResponse.ManifestResponse) - // nolint:staticcheck assert.NotEqual(t, 0, cachedManifestResponse.FirstFailureTimestamp) // Internal cache consec failures value should increase with invocations, cached response should stay the same, - // nolint:staticcheck assert.Equal(t, cachedManifestResponse.NumberOfConsecutiveFailures, adjustedInvocation+1) - // nolint:staticcheck assert.Equal(t, 0, cachedManifestResponse.NumberOfCachedResponsesReturned) } else { // GenerateManifest SHOULD return cached errors for the next X responses, where X is the // PauseGenerationOnFailureForRequests constant assert.True(t, isCachedError) require.NotNil(t, cachedManifestResponse) - // nolint:staticcheck assert.Nil(t, cachedManifestResponse.ManifestResponse) - // nolint:staticcheck assert.NotEqual(t, 0, cachedManifestResponse.FirstFailureTimestamp) // Internal cache values should update correctly based on number of return cache entries, consecutive failures should stay the same - // nolint:staticcheck assert.Equal(t, cachedManifestResponse.NumberOfConsecutiveFailures, service.initConstants.PauseGenerationAfterFailedGenerationAttempts) - // nolint:staticcheck assert.Equal(t, cachedManifestResponse.NumberOfCachedResponsesReturned, (adjustedInvocation - service.initConstants.PauseGenerationAfterFailedGenerationAttempts + 1)) } } @@ -1811,6 +1803,7 @@ func Test_newEnv(t *testing.T) { assert.Equal(t, &v1alpha1.Env{ &v1alpha1.EnvEntry{Name: "ARGOCD_APP_NAME", Value: "my-app-name"}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_NAMESPACE", Value: "my-namespace"}, + &v1alpha1.EnvEntry{Name: "ARGOCD_APP_PROJECT_NAME", Value: "my-project-name"}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_REVISION", Value: "my-revision"}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_REVISION_SHORT", Value: "my-revi"}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_REVISION_SHORT_8", Value: "my-revis"}, @@ -1818,9 +1811,10 @@ func Test_newEnv(t *testing.T) { &v1alpha1.EnvEntry{Name: "ARGOCD_APP_SOURCE_PATH", Value: "my-path"}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_SOURCE_TARGET_REVISION", Value: "my-target-revision"}, }, newEnv(&apiclient.ManifestRequest{ - AppName: "my-app-name", - Namespace: "my-namespace", - Repo: &v1alpha1.Repository{Repo: "https://github.com/my-org/my-repo"}, + AppName: "my-app-name", + Namespace: "my-namespace", + ProjectName: "my-project-name", + Repo: &v1alpha1.Repository{Repo: "https://github.com/my-org/my-repo"}, ApplicationSource: &v1alpha1.ApplicationSource{ Path: "my-path", TargetRevision: "my-target-revision", @@ -3161,7 +3155,7 @@ func TestGetHelmRepos_OCIDependenciesWithHelmRepo(t *testing.T) { require.NoError(t, err) assert.Len(t, helmRepos, 1) - assert.Equal(t, "test", helmRepos[0].Username) + assert.Equal(t, "test", helmRepos[0].GetUsername()) assert.True(t, helmRepos[0].EnableOci) assert.Equal(t, "example.com/myrepo", helmRepos[0].Repo) } @@ -3174,7 +3168,7 @@ func TestGetHelmRepos_OCIDependenciesWithRepo(t *testing.T) { require.NoError(t, err) assert.Len(t, helmRepos, 1) - assert.Equal(t, "test", helmRepos[0].Username) + assert.Equal(t, "test", helmRepos[0].GetUsername()) assert.True(t, helmRepos[0].EnableOci) assert.Equal(t, "example.com/myrepo", helmRepos[0].Repo) } @@ -3191,7 +3185,7 @@ func TestGetHelmRepo_NamedRepos(t *testing.T) { require.NoError(t, err) assert.Len(t, helmRepos, 1) - assert.Equal(t, "test", helmRepos[0].Username) + assert.Equal(t, "test", helmRepos[0].GetUsername()) assert.Equal(t, "https://example.com", helmRepos[0].Repo) } @@ -3207,7 +3201,7 @@ func TestGetHelmRepo_NamedReposAlias(t *testing.T) { require.NoError(t, err) assert.Len(t, helmRepos, 1) - assert.Equal(t, "test-alias", helmRepos[0].Username) + assert.Equal(t, "test-alias", helmRepos[0].GetUsername()) assert.Equal(t, "https://example.com", helmRepos[0].Repo) } diff --git a/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/health.lua b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/health.lua new file mode 100644 index 0000000000000..23d944fc460e1 --- /dev/null +++ b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/health.lua @@ -0,0 +1,82 @@ +local hs = {} + +-- Check if CRD is terminating +if obj.metadata.deletionTimestamp ~= nil then + hs.status = "Progressing" + hs.message = "CRD is terminating" + return hs +end + +if obj.status.conditions == nil then + hs.status = "Progressing" + hs.message = "Status conditions not found" + return hs +end + +if #obj.status.conditions == 0 then + hs.status = "Progressing" + hs.message = "Status conditions not found" + return hs +end + +local isEstablished +local isTerminating +local namesNotAccepted +local hasViolations +local conditionMsg = "" + +for _, condition in pairs(obj.status.conditions) do + + -- Check if CRD is terminating + if condition.type == "Terminating" and condition.status == "True" then + isTerminating = true + conditionMsg = condition.message + end + + -- Check if K8s has accepted names for this CRD + if condition.type == "NamesAccepted" and condition.status == "False" then + namesNotAccepted = true + conditionMsg = condition.message + end + + -- Checking if CRD is established + if condition.type == "Established" and condition.status == "True" then + isEstablished = true + conditionMsg = condition.message + end + + -- Checking if CRD has violations + if condition.type == "NonStructuralSchema" and condition.status == "True" then + hasViolations = true + conditionMsg = condition.message + end + +end + +if isTerminating then + hs.status = "Progressing" + hs.message = "CRD is terminating: " .. conditionMsg + return hs +end + +if namesNotAccepted then + hs.status = "Degraded" + hs.message = "CRD names have not been accepted: " .. conditionMsg + return hs +end + +if not isEstablished then + hs.status = "Degraded" + hs.message = "CRD is not established" + return hs +end + +if hasViolations then + hs.status = "Degraded" + hs.message = "Schema violations found: " .. conditionMsg + return hs +end + +hs.status = "Healthy" +hs.message = "CRD is healthy" +return hs \ No newline at end of file diff --git a/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/health_test.yaml b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/health_test.yaml new file mode 100644 index 0000000000000..fd984be0264dc --- /dev/null +++ b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/health_test.yaml @@ -0,0 +1,29 @@ +tests: +- healthStatus: + status: Healthy + message: "CRD is healthy" + inputPath: testdata/crd-v1-healthy.yaml +- healthStatus: + status: Degraded + message: "CRD names have not been accepted: the initial names have not been accepted" + inputPath: testdata/crd-v1-names-not-accepted-degraded.yaml +- healthStatus: + status: Degraded + message: "Schema violations found: spec.preserveUnknownFields: Invalid value: true: must be false" + inputPath: testdata/crd-v1-non-structual-degraded.yaml +- healthStatus: + status: Degraded + message: "CRD is not established" + inputPath: testdata/crd-v1-not-established-degraded.yaml +- healthStatus: + status: Progressing + message: "CRD is terminating: user has deleted the CRD" + inputPath: testdata/crd-v1-terminating-condition-progressing.yaml +- healthStatus: + status: Progressing + message: "CRD is terminating" + inputPath: testdata/crd-v1-terminating-timestamp-progressing.yaml +- healthStatus: + status: Progressing + message: "Status conditions not found" + inputPath: testdata/crd-v1-no-conditions-progressing.yaml \ No newline at end of file diff --git a/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-healthy.yaml b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-healthy.yaml new file mode 100644 index 0000000000000..09e00f70bc113 --- /dev/null +++ b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-healthy.yaml @@ -0,0 +1,56 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: examples.example.io +spec: + conversion: + strategy: None + group: example.io + names: + kind: Example + listKind: ExampleList + plural: examples + shortNames: + - ex + singular: example + preserveUnknownFields: true + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: >- + CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in + happens-before order across separate operations. Clients may not set + this value. It is represented in RFC3339 form and is in UTC. + + + Populated by the system. Read-only. Null for lists. More info: + https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: Example + listKind: ExampleList + plural: examples + shortNames: + - ex + singular: example + conditions: + - lastTransitionTime: '2024-05-19T23:35:28Z' + message: no conflicts found + reason: NoConflicts + status: 'True' + type: NamesAccepted + - lastTransitionTime: '2024-05-19T23:35:28Z' + message: the initial names have been accepted + reason: InitialNamesAccepted + status: 'True' + type: Established + storedVersions: + - v1alpha1 \ No newline at end of file diff --git a/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-names-not-accepted-degraded.yaml b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-names-not-accepted-degraded.yaml new file mode 100644 index 0000000000000..196344b5852b4 --- /dev/null +++ b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-names-not-accepted-degraded.yaml @@ -0,0 +1,56 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: examples.example.io +spec: + conversion: + strategy: None + group: example.io + names: + kind: Example + listKind: ExampleList + plural: examples + shortNames: + - ex + singular: example + preserveUnknownFields: true + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: >- + CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in + happens-before order across separate operations. Clients may not set + this value. It is represented in RFC3339 form and is in UTC. + + + Populated by the system. Read-only. Null for lists. More info: + https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: Example + listKind: ExampleList + plural: examples + shortNames: + - ex + singular: example + conditions: + - lastTransitionTime: '2024-05-19T23:35:28Z' + message: the initial names have not been accepted + reason: NoConflicts + status: 'False' + type: NamesAccepted + - lastTransitionTime: '2024-05-19T23:35:28Z' + message: the initial names have been accepted + reason: InitialNamesAccepted + status: 'False' + type: Established + storedVersions: + - v1alpha1 \ No newline at end of file diff --git a/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-no-conditions-progressing.yaml b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-no-conditions-progressing.yaml new file mode 100644 index 0000000000000..f12ce016bd3e3 --- /dev/null +++ b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-no-conditions-progressing.yaml @@ -0,0 +1,46 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: examples.example.io +spec: + conversion: + strategy: None + group: example.io + names: + kind: Example + listKind: ExampleList + plural: examples + shortNames: + - ex + singular: example + preserveUnknownFields: true + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: >- + CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in + happens-before order across separate operations. Clients may not set + this value. It is represented in RFC3339 form and is in UTC. + + + Populated by the system. Read-only. Null for lists. More info: + https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: Example + listKind: ExampleList + plural: examples + shortNames: + - ex + singular: example + conditions: [] + storedVersions: + - v1alpha1 \ No newline at end of file diff --git a/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-non-structual-degraded.yaml b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-non-structual-degraded.yaml new file mode 100644 index 0000000000000..3c7a07f3e3a0b --- /dev/null +++ b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-non-structual-degraded.yaml @@ -0,0 +1,61 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: examples.example.io +spec: + conversion: + strategy: None + group: example.io + names: + kind: Example + listKind: ExampleList + plural: examples + shortNames: + - ex + singular: example + preserveUnknownFields: true + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: >- + CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in + happens-before order across separate operations. Clients may not set + this value. It is represented in RFC3339 form and is in UTC. + + + Populated by the system. Read-only. Null for lists. More info: + https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: Example + listKind: ExampleList + plural: examples + shortNames: + - ex + singular: example + conditions: + - lastTransitionTime: '2024-05-19T23:35:28Z' + message: no conflicts found + reason: NoConflicts + status: 'True' + type: NamesAccepted + - lastTransitionTime: '2024-05-19T23:35:28Z' + message: the initial names have been accepted + reason: InitialNamesAccepted + status: 'True' + type: Established + - lastTransitionTime: '2024-10-26T19:44:57Z' + message: 'spec.preserveUnknownFields: Invalid value: true: must be false' + reason: Violations + status: 'True' + type: NonStructuralSchema + storedVersions: + - v1alpha1 \ No newline at end of file diff --git a/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-not-established-degraded.yaml b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-not-established-degraded.yaml new file mode 100644 index 0000000000000..54495d16ab479 --- /dev/null +++ b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-not-established-degraded.yaml @@ -0,0 +1,56 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: examples.example.io +spec: + conversion: + strategy: None + group: example.io + names: + kind: Example + listKind: ExampleList + plural: examples + shortNames: + - ex + singular: example + preserveUnknownFields: true + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: >- + CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in + happens-before order across separate operations. Clients may not set + this value. It is represented in RFC3339 form and is in UTC. + + + Populated by the system. Read-only. Null for lists. More info: + https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: Example + listKind: ExampleList + plural: examples + shortNames: + - ex + singular: example + conditions: + - lastTransitionTime: '2024-05-19T23:35:28Z' + message: no conflicts found + reason: NoConflicts + status: 'True' + type: NamesAccepted + - lastTransitionTime: '2024-05-19T23:35:28Z' + message: the initial names have not been accepted + reason: InitialNamesAccepted + status: 'False' + type: Established + storedVersions: + - v1alpha1 \ No newline at end of file diff --git a/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-terminating-condition-progressing.yaml b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-terminating-condition-progressing.yaml new file mode 100644 index 0000000000000..d55e8e0c0348b --- /dev/null +++ b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-terminating-condition-progressing.yaml @@ -0,0 +1,56 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: examples.example.io +spec: + conversion: + strategy: None + group: example.io + names: + kind: Example + listKind: ExampleList + plural: examples + shortNames: + - ex + singular: example + preserveUnknownFields: true + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: >- + CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in + happens-before order across separate operations. Clients may not set + this value. It is represented in RFC3339 form and is in UTC. + + + Populated by the system. Read-only. Null for lists. More info: + https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: Example + listKind: ExampleList + plural: examples + shortNames: + - ex + singular: example + conditions: + - lastTransitionTime: '2024-05-19T23:35:28Z' + message: no conflicts found + reason: NoConflicts + status: 'True' + type: NamesAccepted + - lastTransitionTime: '2024-05-19T23:35:28Z' + message: user has deleted the CRD + reason: terminating + status: 'True' + type: Terminating + storedVersions: + - v1alpha1 \ No newline at end of file diff --git a/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-terminating-timestamp-progressing.yaml b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-terminating-timestamp-progressing.yaml new file mode 100644 index 0000000000000..73d19e4832d42 --- /dev/null +++ b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-terminating-timestamp-progressing.yaml @@ -0,0 +1,57 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: examples.example.io + deletionTimestamp: '2024-12-28T13:51:19Z' +spec: + conversion: + strategy: None + group: example.io + names: + kind: Example + listKind: ExampleList + plural: examples + shortNames: + - ex + singular: example + preserveUnknownFields: true + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: >- + CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in + happens-before order across separate operations. Clients may not set + this value. It is represented in RFC3339 form and is in UTC. + + + Populated by the system. Read-only. Null for lists. More info: + https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: Example + listKind: ExampleList + plural: examples + shortNames: + - ex + singular: example + conditions: + - lastTransitionTime: '2024-05-19T23:35:28Z' + message: no conflicts found + reason: NoConflicts + status: 'True' + type: NamesAccepted + - lastTransitionTime: '2024-05-19T23:35:28Z' + message: the initial names have been accepted + reason: InitialNamesAccepted + status: 'True' + type: Established + storedVersions: + - v1alpha1 \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/health.lua b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/health.lua index 934c59d5859cb..fed0b5ccb5349 100644 --- a/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/health.lua +++ b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/health.lua @@ -1,60 +1,104 @@ -local hs = {} -local healthyCondition = {} +-- return true if degraded, along with the reason +function isDegraded(obj) + if obj.status == nil then + return false, "" + end + -- check phase=Failed, healthy condition failed, progressive upgrade failed + if obj.status.phase == "Failed" then + return true, obj.status.message + end --- check for certain cases of "Progressing" + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ChildResourcesHealthy" and condition.status == "False" and condition.reason == "ISBSvcFailed" then + return true, condition.message + elseif condition.type == "ProgressiveUpgradeSucceeded" and condition.status == "False" then + return true, "Progressive upgrade failed" + end + end + end -if obj.status == nil then -- if there's no Status at all, we haven't been reconciled - hs.status = "Progressing" - hs.message = "Not yet reconciled" - return hs + return false, "" end -if obj.metadata.generation ~= obj.status.observedGeneration then - hs.status = "Progressing" - hs.message = "Not yet reconciled" - return hs -end +function isProgressing(obj) + -- if there's no Status at all, we haven't been reconciled + if obj.status == nil then + return true, "Not yet reconciled" + end -if obj.status.phase == "Pending" then - hs.status = "Progressing" - hs.message = "Phase=Pending" - return hs -end + if obj.metadata.generation ~= obj.status.observedGeneration then + return true, "Not yet reconciled" + end -if obj.status.upgradeInProgress ~= nil and obj.status.upgradeInProgress ~= "" then - hs.status = "Progressing" - hs.message = "Update in progress" - return hs -end + -- if we are in the middle of an upgrade + if obj.status.upgradeInProgress ~= nil and obj.status.upgradeInProgress ~= "" or obj.status.phase == "Pending" then + -- first check if Progressive Upgrade Failed; in that case, we won't return true (because "Degraded" will take precedence) + progressiveUpgradeFailed = false + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ProgressiveUpgradeSucceeded" and condition.status == "False" then + progressiveUpgradeFailed = true + end + end + end --- now check the Conditions + if progressiveUpgradeFailed == false then + return true, "Update in progress" + end + end -if obj.status.conditions ~= nil then - for i, condition in ipairs(obj.status.conditions) do - if condition.type == "ChildResourcesHealthy" then - healthyCondition = condition + -- if the child is Progressing + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ChildResourcesHealthy" and condition.status == "False" and condition.reason == "Progressing" then + return true, "Child Progressing" + end end end + + return false, "" end -if (healthyCondition ~= {} and healthyCondition.status == "False" and healthyCondition.reason == "ISBSvcFailed") or obj.status.phase == "Failed" then - hs.status = "Degraded" - if obj.status.phase == "Failed" then - hs.message = obj.status.message - else - hs.message = healthyCondition.message +-- return true if healthy, along with the reason +function isHealthy(obj) + if obj.status == nil then + return false, "" end - return hs -elseif healthyCondition ~= {} and healthyCondition.status == "False" and healthyCondition.reason == "Progressing" then + + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ChildResourcesHealthy" and condition.status == "True" then + return true, "Healthy" + end + end + end +end + +local hs = {} + + +progressing, reason = isProgressing(obj) +if progressing then hs.status = "Progressing" - hs.message = healthyCondition.message + hs.message = reason + return hs +end + +degraded, reason = isDegraded(obj) +if degraded then + hs.status = "Degraded" + hs.message = reason return hs -elseif healthyCondition ~= {} and healthyCondition.status == "True" and obj.status.phase == "Deployed" then +end + +healthy, reason = isHealthy(obj) +if healthy then hs.status = "Healthy" - hs.message = healthyCondition.message + hs.message = reason return hs end hs.status = "Unknown" -hs.message = "Unknown ISBService status" -return hs \ No newline at end of file +hs.message = "Unknown status" +return hs diff --git a/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/health_test.yaml b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/health_test.yaml index c728c3d300a68..41b98ed84758f 100644 --- a/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/health_test.yaml +++ b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/health_test.yaml @@ -5,7 +5,7 @@ tests: inputPath: testdata/ISBServiceRollout/progressing-observedgen.yaml - healthStatus: status: Healthy - message: "Successful" + message: "Healthy" inputPath: testdata/ISBServiceRollout/healthy.yaml - healthStatus: status: Degraded @@ -17,9 +17,13 @@ tests: inputPath: testdata/ISBServiceRollout/progressing-nostatus.yaml - healthStatus: status: Progressing - message: "Progressing" + message: "Child Progressing" inputPath: testdata/ISBServiceRollout/progressing-reason.yaml - healthStatus: status: Progressing - message: "Phase=Pending" - inputPath: testdata/ISBServiceRollout/pending-upgrade-in-progress.yaml \ No newline at end of file + message: "Update in progress" + inputPath: testdata/ISBServiceRollout/pending-upgrade-in-progress.yaml +- healthStatus: + status: Degraded + message: "Progressive upgrade failed" + inputPath: testdata/ISBServiceRollout/progressive-failed.yaml \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/ISBServiceRollout/progressive-failed.yaml b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/ISBServiceRollout/progressive-failed.yaml new file mode 100644 index 0000000000000..7e05163c171d7 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/ISBServiceRollout/testdata/ISBServiceRollout/progressive-failed.yaml @@ -0,0 +1,60 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: ISBServiceRollout +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"ISBServiceRollout","metadata":{"annotations":{},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-isbsvc","namespace":"example-namespace"},"spec":{"interStepBufferService":{"spec":{"jetstream":{"persistence":{"volumeSize":"1Gi"},"version":"2.10.3"}}}}} + creationTimestamp: "2025-01-26T05:38:04Z" + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 4 + labels: + argocd.argoproj.io/instance: demo-app + name: my-isbsvc + namespace: example-namespace + resourceVersion: "664511" + uid: c45f8283-f799-45a3-8058-ac462756e654 +spec: + interStepBufferService: + metadata: {} + spec: + jetstream: + persistence: + volumeSize: 1Gi + version: 2.10.3 +status: + conditions: + - lastTransitionTime: "2025-01-26T05:38:04Z" + message: Successful + observedGeneration: 4 + reason: Successful + status: "True" + type: ChildResourceDeployed + - lastTransitionTime: "2025-01-26T05:39:04Z" + message: Successful + observedGeneration: 4 + reason: Successful + status: "True" + type: ChildResourcesHealthy + - lastTransitionTime: "2025-01-26T05:38:04Z" + message: no need for pause + observedGeneration: 4 + reason: NoPause + status: "False" + type: PausingPipelines + - lastTransitionTime: "2025-01-26T05:48:44Z" + message: New Child Object example-namespace/my-isbsvc-2 Failed + observedGeneration: 4 + reason: Failed + status: "False" + type: ProgressiveUpgradeSucceeded + message: Deployed + nameCount: 3 + observedGeneration: 4 + pauseRequestStatus: {} + phase: Deployed + progressiveStatus: + upgradingChildStatus: + assessmentResult: Success + name: my-isbsvc-2 + nextAssessmentTime: "2025-01-26T05:48:05Z" \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/health.lua b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/health.lua index e91efc6ac68ab..dfd3e93ea0084 100644 --- a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/health.lua +++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/health.lua @@ -1,74 +1,128 @@ -local hs = {} -local healthyCondition = {} -local monoVertexPaused = {} - --- check for certain cases of "Progressing" +-- return true if paused, along with the reason +function isPaused(obj) + if obj.status == nil then + return false, "" + end -if obj.status == nil then -- if there's no Status at all, we haven't been reconciled - hs.status = "Progressing" - hs.message = "Not yet reconciled" - return hs + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "MonoVertexPausingOrPaused" and condition.status == "True" then + return true, condition.message + end + end + end end -if obj.metadata.generation ~= obj.status.observedGeneration then - hs.status = "Progressing" - hs.message = "Not yet reconciled" - return hs -end -if obj.status.phase == "Pending" then - hs.status = "Progressing" - hs.message = "Phase=Pending" - return hs -end -if obj.status.upgradeInProgress ~= nil and obj.status.upgradeInProgress ~= "" then - hs.status = "Progressing" - hs.message = "Update in progress" - return hs +-- return true if degraded, along with the reason +function isDegraded(obj) + if obj.status == nil then + return false, "" + end + -- check phase=Failed, healthy condition failed, progressive upgrade failed + if obj.status.phase == "Failed" then + return true, obj.status.message + end + + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ChildResourcesHealthy" and condition.status == "False" and condition.reason == "MonoVertexFailed" then + return true, condition.message + elseif condition.type == "ProgressiveUpgradeSucceeded" and condition.status == "False" then + return true, "Progressive upgrade failed" + end + end + end + + return false, "" end +function isProgressing(obj) + -- if there's no Status at all, we haven't been reconciled + if obj.status == nil then + return true, "Not yet reconciled" + end + + if obj.metadata.generation ~= obj.status.observedGeneration then + return true, "Not yet reconciled" + end --- now check the Conditions + -- if we are in the middle of an upgrade + if obj.status.upgradeInProgress ~= nil and obj.status.upgradeInProgress ~= "" or obj.status.phase == "Pending" then + -- first check if Progressive Upgrade Failed; in that case, we won't return true (because "Degraded" will take precedence) + progressiveUpgradeFailed = false + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ProgressiveUpgradeSucceeded" and condition.status == "False" then + progressiveUpgradeFailed = true + end + end + end -if obj.status.conditions ~= nil then - for i, condition in ipairs(obj.status.conditions) do - if condition.type == "ChildResourcesHealthy" then - healthyCondition = condition + if progressiveUpgradeFailed == false then + return true, "Update in progress" end - if condition.type == "MonoVertexPausingOrPaused" then - monoVertexPaused = condition + end + + -- if the child is Progressing + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ChildResourcesHealthy" and condition.status == "False" and condition.reason == "Progressing" then + return true, "Child Progressing" + end end end + + return false, "" end +-- return true if healthy, along with the reason +function isHealthy(obj) + if obj.status == nil then + return false, "" + end -if (healthyCondition ~= {} and healthyCondition.status == "False" and healthyCondition.reason == "MonoVertexFailed") or obj.status.phase == "Failed" then - hs.status = "Degraded" - if obj.status.phase == "Failed" then - hs.message = obj.status.message - else - hs.message = healthyCondition.message + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ChildResourcesHealthy" and condition.status == "True" then + return true, "Healthy" + end + end end - return hs -elseif healthyCondition ~= {} and healthyCondition.status == "False" and healthyCondition.reason == "Progressing" then +end + +local hs = {} + + +progressing, reason = isProgressing(obj) +if progressing then hs.status = "Progressing" - hs.message = healthyCondition.message + hs.message = reason + return hs +end + +degraded, reason = isDegraded(obj) +if degraded then + hs.status = "Degraded" + hs.message = reason return hs -elseif (monoVertexPaused ~= {} and monoVertexPaused.status == "True") then +end + +paused, reason = isPaused(obj) +if paused then hs.status = "Suspended" - hs.message = monoVertexPaused.message + hs.message = reason return hs -elseif healthyCondition ~= {} and healthyCondition.status == "True" and obj.status.phase == "Deployed" then +end + +healthy, reason = isHealthy(obj) +if healthy then hs.status = "Healthy" - hs.message = healthyCondition.message + hs.message = reason return hs end - - - - hs.status = "Unknown" hs.message = "Unknown MonoVertex status" return hs \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/health_test.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/health_test.yaml index b86d285232d9a..21ab3e20a0f8c 100644 --- a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/health_test.yaml +++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/health_test.yaml @@ -5,7 +5,7 @@ tests: inputPath: testdata/MonoVertexRollout/progressing-observedgen.yaml - healthStatus: status: Healthy - message: "Successful" + message: "Healthy" inputPath: testdata/MonoVertexRollout/healthy.yaml - healthStatus: status: Suspended @@ -17,9 +17,13 @@ tests: inputPath: testdata/MonoVertexRollout/degraded.yaml - healthStatus: status: Progressing - message: "Progressing" + message: "Child Progressing" inputPath: testdata/MonoVertexRollout/progressing-reason.yaml - healthStatus: status: Progressing - message: "Phase=Pending" - inputPath: testdata/MonoVertexRollout/pending-upgrade-in-progress.yaml \ No newline at end of file + message: "Update in progress" + inputPath: testdata/MonoVertexRollout/pending-upgrade-in-progress.yaml +- healthStatus: + status: Degraded + message: "Progressive upgrade failed" + inputPath: testdata/MonoVertexRollout/progressive-failed.yaml \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/testdata/MonoVertexRollout/progressive-failed.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/testdata/MonoVertexRollout/progressive-failed.yaml new file mode 100644 index 0000000000000..b1b919d5ef974 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/testdata/MonoVertexRollout/progressive-failed.yaml @@ -0,0 +1,63 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: MonoVertexRollout +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"MonoVertexRollout","metadata":{"annotations":{},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-monovertex","namespace":"example-namespace"},"spec":{"monoVertex":{"spec":{"sink":{"udsink":{"container":{"image":"quay.io/numaio/numaflow-go/sink-log:stable"}}},"source":{"udsource":{"container":{"image":"quay.io/numaio/numaflow-go/bad-image:stable"}}}}}}} + creationTimestamp: "2025-01-26T05:38:04Z" + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 3 + labels: + argocd.argoproj.io/instance: demo-app + name: my-monovertex + namespace: example-namespace + resourceVersion: "669046" + uid: ffc093d1-0019-4b14-bcb2-bdbaa30b2834 +spec: + monoVertex: + metadata: {} + spec: + sink: + udsink: + container: + image: quay.io/numaio/numaflow-go/sink-log:stable + source: + udsource: + container: + image: quay.io/numaio/numaflow-go/bad-image:stable +status: + conditions: + - lastTransitionTime: "2025-01-26T05:38:04Z" + message: Successful + observedGeneration: 3 + reason: Successful + status: "True" + type: ChildResourceDeployed + - lastTransitionTime: "2025-01-26T06:36:41Z" + message: Successful + observedGeneration: 3 + reason: Successful + status: "True" + type: ChildResourcesHealthy + - lastTransitionTime: "2025-01-26T05:38:04Z" + message: MonoVertex unpaused + observedGeneration: 3 + reason: Unpaused + status: "False" + type: MonoVertexPausingOrPaused + - lastTransitionTime: "2025-01-26T06:34:50Z" + message: New Child Object example-namespace/my-monovertex-1 Failed + observedGeneration: 3 + reason: Failed + status: "False" + type: ProgressiveUpgradeSucceeded + message: Deployed + nameCount: 2 + observedGeneration: 3 + phase: Deployed + progressiveStatus: + upgradingChildStatus: + assessmentResult: Failure + name: my-monovertex-1 + nextAssessmentTime: "2025-01-26T06:34:21Z" \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/health.lua b/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/health.lua index 4975882d7dea6..da63058e5ae60 100644 --- a/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/health.lua +++ b/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/health.lua @@ -1,61 +1,90 @@ -local hs = {} -local healthyCondition = {} +-- return true if degraded, along with the reason +function isDegraded(obj) + if obj.status == nil then + return false, "" + end + -- check phase=Failed, healthy condition failed + if obj.status.phase == "Failed" then + return true, obj.status.message + end --- check for certain cases of "Progressing" + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ChildResourcesHealthy" and condition.status == "False" and condition.reason ~= "Progressing" then + return true, condition.message + end + end + end -if obj.status == nil then -- if there's no Status at all, we haven't been reconciled - hs.status = "Progressing" - hs.message = "Not yet reconciled" - return hs + return false, "" end -if obj.metadata.generation ~= obj.status.observedGeneration then - hs.status = "Progressing" - hs.message = "Not yet reconciled" - return hs -end +function isProgressing(obj) + -- if there's no Status at all, we haven't been reconciled + if obj.status == nil then + return true, "Not yet reconciled" + end -if obj.status.phase == "Pending" then - hs.status = "Progressing" - hs.message = "Phase=Pending" - return hs -end + if obj.metadata.generation ~= obj.status.observedGeneration then + return true, "Not yet reconciled" + end -if obj.status.upgradeInProgress ~= nil and obj.status.upgradeInProgress ~= "" then - hs.status = "Progressing" - hs.message = "Update in progress" - return hs + -- if we are in the middle of an upgrade + if obj.status.upgradeInProgress ~= nil and obj.status.upgradeInProgress ~= "" or obj.status.phase == "Pending" then + return true, "Update in progress" + end + + -- if the child is Progressing + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ChildResourcesHealthy" and condition.status == "False" and condition.reason == "Progressing" then + return true, "Child Progressing" + end + end + end + + return false, "" end - -- now check the Conditions +-- return true if healthy, along with the reason +function isHealthy(obj) + if obj.status == nil then + return false, "" + end -if obj.status.conditions ~= nil then - for i, condition in ipairs(obj.status.conditions) do - if condition.type == "ChildResourcesHealthy" then - healthyCondition = condition + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ChildResourcesHealthy" and condition.status == "True" then + return true, "Healthy" + end end end end +local hs = {} -if (healthyCondition ~= {} and healthyCondition.status == "False" and healthyCondition.reason == "Degraded") or obj.status.phase == "Failed" then - hs.status = "Degraded" - if obj.status.phase == "Failed" then - hs.message = obj.status.message - else - hs.message = healthyCondition.message - end - return hs -elseif healthyCondition ~= {} and healthyCondition.status == "False" and healthyCondition.reason == "Progressing" then + +progressing, reason = isProgressing(obj) +if progressing then hs.status = "Progressing" - hs.message = healthyCondition.message + hs.message = reason return hs -elseif healthyCondition ~= {} and healthyCondition.status == "True" and obj.status.phase == "Deployed" then +end + +degraded, reason = isDegraded(obj) +if degraded then + hs.status = "Degraded" + hs.message = reason + return hs +end + +healthy, reason = isHealthy(obj) +if healthy then hs.status = "Healthy" - hs.message = healthyCondition.message + hs.message = reason return hs end hs.status = "Unknown" -hs.message = "Unknown NumaflowController status" +hs.message = "Unknown status" return hs \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/health_test.yaml b/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/health_test.yaml index ef2778da7dc2b..6a75a58fe7a65 100644 --- a/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/health_test.yaml +++ b/resource_customizations/numaplane.numaproj.io/NumaflowControllerRollout/health_test.yaml @@ -5,7 +5,7 @@ tests: inputPath: testdata/NumaflowControllerRollout/progressing-observedgen.yaml - healthStatus: status: Healthy - message: "Successful" + message: "Healthy" inputPath: testdata/NumaflowControllerRollout/healthy.yaml - healthStatus: status: Degraded @@ -13,9 +13,9 @@ tests: inputPath: testdata/NumaflowControllerRollout/degraded.yaml - healthStatus: status: Progressing - message: "Progressing" + message: "Child Progressing" inputPath: testdata/NumaflowControllerRollout/progressing-reason.yaml - healthStatus: status: Progressing - message: "Phase=Pending" + message: "Update in progress" inputPath: testdata/NumaflowControllerRollout/pending.yaml \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/health.lua b/resource_customizations/numaplane.numaproj.io/PipelineRollout/health.lua index 2fa58a94b0bfe..281f0c2e701e5 100644 --- a/resource_customizations/numaplane.numaproj.io/PipelineRollout/health.lua +++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/health.lua @@ -1,66 +1,124 @@ -local hs = {} -local healthyCondition = {} -local pipelinePaused = {} - --- check for certain cases of "Progressing" +-- return true if paused, along with the reason +function isPaused(obj) + if obj.status == nil then + return false, "" + end -if obj.status == nil then -- if there's no Status at all, we haven't been reconciled - hs.status = "Progressing" - hs.message = "Not yet reconciled" - return hs -end - -if obj.metadata.generation ~= obj.status.observedGeneration then - hs.status = "Progressing" - hs.message = "Not yet reconciled" - return hs + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "PipelinePausingOrPaused" and condition.status == "True" then + return true, condition.message + end + end + end end -if obj.status.phase == "Pending" then - hs.status = "Progressing" - hs.message = "Phase=Pending" - return hs -end -if obj.status.upgradeInProgress ~= nil and obj.status.upgradeInProgress ~= "" then - hs.status = "Progressing" - hs.message = "Update in progress" - return hs +-- return true if degraded, along with the reason +function isDegraded(obj) + if obj.status == nil then + return false, "" + end + -- check phase=Failed, healthy condition failed, progressive upgrade failed + if obj.status.phase == "Failed" then + return true, obj.status.message + end + + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ChildResourcesHealthy" and condition.status == "False" and condition.reason == "PipelineFailed" then + return true, condition.message + elseif condition.type == "ProgressiveUpgradeSucceeded" and condition.status == "False" then + return true, "Progressive upgrade failed" + end + end + end + + return false, "" end --- now check the Conditions +function isProgressing(obj) + -- if there's no Status at all, we haven't been reconciled + if obj.status == nil then + return true, "Not yet reconciled" + end + + if obj.metadata.generation ~= obj.status.observedGeneration then + return true, "Not yet reconciled" + end + + -- if we are in the middle of an upgrade + if obj.status.upgradeInProgress ~= nil and obj.status.upgradeInProgress ~= "" or obj.status.phase == "Pending" then + -- first check if Progressive Upgrade Failed; in that case, we won't return true (because "Degraded" will take precedence) + progressiveUpgradeFailed = false + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ProgressiveUpgradeSucceeded" and condition.status == "False" then + progressiveUpgradeFailed = true + end + end + end -if obj.status.conditions ~= nil then - for i, condition in ipairs(obj.status.conditions) do - if condition.type == "ChildResourcesHealthy" then - healthyCondition = condition + if progressiveUpgradeFailed == false then + return true, "Update in progress" end - if condition.type == "PipelinePausingOrPaused" then - pipelinePaused = condition + end + + -- if the child is Progressing + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ChildResourcesHealthy" and condition.status == "False" and condition.reason == "Progressing" then + return true, "Child Progressing" + end end end + + return false, "" end +-- return true if healthy, along with the reason +function isHealthy(obj) + if obj.status == nil then + return false, "" + end -if (healthyCondition ~= {} and healthyCondition.status == "False" and healthyCondition.reason == "PipelineFailed") or obj.status.phase == "Failed" then - hs.status = "Degraded" - if obj.status.phase == "Failed" then - hs.message = obj.status.message - else - hs.message = healthyCondition.message + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "ChildResourcesHealthy" and condition.status == "True" then + return true, "Healthy" + end + end end - return hs -elseif healthyCondition ~= {} and healthyCondition.status == "False" and healthyCondition.reason == "Progressing" then +end + +local hs = {} + + +progressing, reason = isProgressing(obj) +if progressing then hs.status = "Progressing" - hs.message = healthyCondition.message + hs.message = reason + return hs +end + +degraded, reason = isDegraded(obj) +if degraded then + hs.status = "Degraded" + hs.message = reason return hs -elseif (pipelinePaused ~= {} and pipelinePaused.status == "True") then +end + +paused, reason = isPaused(obj) +if paused then hs.status = "Suspended" - hs.message = pipelinePaused.message + hs.message = reason return hs -elseif (healthyCondition ~= {} and healthyCondition.status == "True") and obj.status.phase == "Deployed" then +end + +healthy, reason = isHealthy(obj) +if healthy then hs.status = "Healthy" - hs.message = healthyCondition.message + hs.message = reason return hs end diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/health_test.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/health_test.yaml index 3ff01e4435656..98b43f26a5d86 100644 --- a/resource_customizations/numaplane.numaproj.io/PipelineRollout/health_test.yaml +++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/health_test.yaml @@ -5,7 +5,7 @@ tests: inputPath: testdata/PipelineRollout/progressing-observedGen.yaml - healthStatus: status: Healthy - message: "Successful" + message: "Healthy" inputPath: testdata/PipelineRollout/healthy.yaml - healthStatus: status: Suspended @@ -17,9 +17,13 @@ tests: inputPath: testdata/PipelineRollout/degraded.yaml - healthStatus: status: Progressing - message: "Progressing" + message: "Child Progressing" inputPath: testdata/PipelineRollout/progressing-reason.yaml - healthStatus: status: Progressing - message: "Phase=Pending" - inputPath: testdata/PipelineRollout/pending-upgrade-in-progress.yaml \ No newline at end of file + message: "Update in progress" + inputPath: testdata/PipelineRollout/pending-upgrade-in-progress.yaml +- healthStatus: + status: Degraded + message: "Progressive upgrade failed" + inputPath: testdata/PipelineRollout/progressive-failed.yaml \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/PipelineRollout/pending-upgrade-in-progress.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/PipelineRollout/pending-upgrade-in-progress.yaml index 2731f79aeb9de..48bfd8694fa15 100644 --- a/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/PipelineRollout/pending-upgrade-in-progress.yaml +++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/PipelineRollout/pending-upgrade-in-progress.yaml @@ -56,5 +56,6 @@ status: reason: Successful status: 'True' type: ChildResourcesHealthy + observedGeneration: 1 phase: Pending \ No newline at end of file diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/PipelineRollout/progressive-failed.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/PipelineRollout/progressive-failed.yaml new file mode 100644 index 0000000000000..30058c8bc69d0 --- /dev/null +++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/testdata/PipelineRollout/progressive-failed.yaml @@ -0,0 +1,114 @@ +apiVersion: numaplane.numaproj.io/v1alpha1 +kind: PipelineRollout +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"PipelineRollout","metadata":{"annotations":{},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-pipeline-slow","namespace":"example-namespace"},"spec":{"pipeline":{"spec":{"edges":[{"from":"in","to":"cat"},{"from":"cat","to":"cat-2"},{"from":"cat-2","to":"out"}],"interStepBufferServiceName":"my-isbsvc","lifecycle":{"pauseGracePeriodSeconds":120},"limits":{"readBatchSize":1},"vertices":[{"containerTemplate":{"env":[{"name":"NUMAFLOW_DEBUG","value":"true"}]},"name":"in","scale":{"max":1,"min":1},"source":{"generator":{"duration":"1s","rpu":1}}},{"containerTemplate":{"env":[{"name":"NUMAFLOW_DEBUG","value":"true"}]},"limits":{"readBatchSize":1},"name":"cat","scale":{"max":1,"min":1},"udf":{"container":{"env":[{"name":"SLEEP_SECONDS","value":"1"}],"image":"quay.io/numaio/numaflow-go/map-slow-cat:stable"}}},{"containerTemplate":{"env":[{"name":"NUMAFLOW_DEBUG","value":"true"}],"max":1},"name":"cat-2","scale":{"min":1},"udf":{"builtin":{"name":"cat"}}},{"name":"out","scale":{"max":1,"min":1},"sink":{"log":{}}}]}}}} + creationTimestamp: "2025-01-26T05:38:04Z" + finalizers: + - numaplane.numaproj.io/numaplane-controller + generation: 2 + labels: + argocd.argoproj.io/instance: demo-app + name: my-pipeline-slow + namespace: example-namespace + resourceVersion: "665712" + uid: 9c38589e-1ab5-43e3-a4a1-81a6d48dfddf +spec: + pipeline: + metadata: {} + spec: + edges: + - from: in + to: cat + - from: cat + to: cat-2 + - from: cat-2 + to: out + interStepBufferServiceName: my-isbsvc + lifecycle: + pauseGracePeriodSeconds: 120 + limits: + readBatchSize: 1 + vertices: + - containerTemplate: + env: + - name: NUMAFLOW_DEBUG + value: "true" + name: in + scale: + max: 1 + min: 1 + source: + generator: + duration: 1s + rpu: 1 + - containerTemplate: + env: + - name: NUMAFLOW_DEBUG + value: "true" + limits: + readBatchSize: 1 + name: cat + scale: + max: 1 + min: 1 + udf: + container: + env: + - name: SLEEP_SECONDS + value: "1" + image: quay.io/numaio/numaflow-go/map-slow-cat:stable + - containerTemplate: + env: + - name: NUMAFLOW_DEBUG + value: "true" + max: 1 + name: cat-2 + scale: + min: 1 + udf: + builtin: + name: cat + - name: out + scale: + max: 1 + min: 1 + sink: + log: {} +status: + conditions: + - lastTransitionTime: "2025-01-26T05:38:04Z" + message: Successful + observedGeneration: 2 + reason: Successful + status: "True" + type: ChildResourceDeployed + - lastTransitionTime: "2025-01-26T05:54:42Z" + message: Successful + observedGeneration: 2 + reason: Successful + status: "True" + type: ChildResourcesHealthy + - lastTransitionTime: "2025-01-26T05:38:04Z" + message: Pipeline unpaused + observedGeneration: 2 + reason: Unpaused + status: "False" + type: PipelinePausingOrPaused + - lastTransitionTime: "2025-01-26T05:48:41Z" + message: New Child Object example-namespace/my-pipeline-slow-2 Running + observedGeneration: 2 + reason: "Progressive failed" + status: "False" + type: ProgressiveUpgradeSucceeded + message: Deployed + nameCount: 3 + observedGeneration: 2 + pauseStatus: {} + phase: Deployed + progressiveStatus: + upgradingChildStatus: + assessmentResult: Failure + name: my-pipeline-slow-2 + nextAssessmentTime: "2025-01-26T05:48:05Z" \ No newline at end of file diff --git a/resource_customizations/operators.coreos.com/Subscription/health.lua b/resource_customizations/operators.coreos.com/Subscription/health.lua index ca5f917f0715a..95cbedd3783c4 100644 --- a/resource_customizations/operators.coreos.com/Subscription/health.lua +++ b/resource_customizations/operators.coreos.com/Subscription/health.lua @@ -14,13 +14,30 @@ if obj.status ~= nil then numDegraded = numDegraded + 1 end end + + -- Available states: undef/nil, UpgradeAvailable, UpgradePending, UpgradeFailed, AtLatestKnown + -- Source: https://github.com/openshift/operator-framework-olm/blob/5e2c73b7663d0122c9dc3e59ea39e515a31e2719/staging/api/pkg/operators/v1alpha1/subscription_types.go#L17-L23 + if obj.status.state == nil then + numPending = numPending + 1 + msg = msg .. ".status.state not yet known\n" + elseif obj.status.state == "" or obj.status.state == "UpgradeAvailable" or obj.status.state == "UpgradePending" then + numPending = numPending + 1 + msg = msg .. ".status.state is '" .. obj.status.state .. "'\n" + elseif obj.status.state == "UpgradeFailed" then + numDegraded = numDegraded + 1 + msg = msg .. ".status.state is '" .. obj.status.state .. "'\n" + else + -- Last possiblity of .status.state: AtLatestKnown + msg = msg .. ".status.state is '" .. obj.status.state .. "'\n" + end + if numDegraded == 0 and numPending == 0 then health_status.status = "Healthy" health_status.message = msg return health_status elseif numPending > 0 and numDegraded == 0 then health_status.status = "Progressing" - health_status.message = "An install plan for a subscription is pending installation" + health_status.message = msg return health_status else health_status.status = "Degraded" @@ -31,4 +48,4 @@ if obj.status ~= nil then end health_status.status = "Progressing" health_status.message = "An install plan for a subscription is pending installation" -return health_status \ No newline at end of file +return health_status diff --git a/resource_customizations/operators.coreos.com/Subscription/health_test.yaml b/resource_customizations/operators.coreos.com/Subscription/health_test.yaml index 11f8390c2cae7..2133b032f0cd4 100644 --- a/resource_customizations/operators.coreos.com/Subscription/health_test.yaml +++ b/resource_customizations/operators.coreos.com/Subscription/health_test.yaml @@ -1,25 +1,29 @@ tests: - healthStatus: status: Progressing - message: "An install plan for a subscription is pending installation" + message: "1: CatalogSourcesUnhealthy | False\n.status.state not yet known\n" + inputPath: testdata/first_update_with_status.yaml +- healthStatus: + status: Progressing + message: "1: CatalogSourcesUnhealthy | False\n2: InstallPlanPending | True\n.status.state is 'UpgradePending'\n" inputPath: testdata/install_plan_pending.yaml - healthStatus: status: Degraded - message: "1: CatalogSourcesUnhealthy | True\n" + message: "1: CatalogSourcesUnhealthy | True\n.status.state not yet known\n" inputPath: testdata/catalog_sources_unhealthy.yaml - healthStatus: status: Healthy - message: "1: CatalogSourcesUnhealthy | False\n2: InstallPlanMissing | True\n" + message: "1: CatalogSourcesUnhealthy | False\n2: InstallPlanMissing | True\n.status.state is 'AtLatestKnown'\n" inputPath: testdata/install_plan_missing.yaml - healthStatus: status: Degraded - message: "1: CatalogSourcesUnhealthy | False\n2: InstallPlanFailed | True\n" + message: "1: CatalogSourcesUnhealthy | False\n2: InstallPlanFailed | True\n.status.state is 'AtLatestKnown'\n" inputPath: testdata/install_plan_failed.yaml - healthStatus: status: Degraded - message: "1: CatalogSourcesUnhealthy | True\n2: ResolutionFailed | True\n" + message: "1: CatalogSourcesUnhealthy | True\n2: ResolutionFailed | True\n.status.state not yet known\n" inputPath: testdata/resolution_failed.yaml - healthStatus: status: Healthy - message: "1: CatalogSourcesUnhealthy | False\n" - inputPath: testdata/healthy.yaml \ No newline at end of file + message: "1: CatalogSourcesUnhealthy | False\n.status.state is 'AtLatestKnown'\n" + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/operators.coreos.com/Subscription/testdata/first_update_with_status.yaml b/resource_customizations/operators.coreos.com/Subscription/testdata/first_update_with_status.yaml new file mode 100644 index 0000000000000..2ce1fe679aca5 --- /dev/null +++ b/resource_customizations/operators.coreos.com/Subscription/testdata/first_update_with_status.yaml @@ -0,0 +1,54 @@ +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + creationTimestamp: "2024-10-14T08:37:15Z" + generation: 1 + labels: + operators.coreos.com/cincinnati-operator.openshift-update-service: "" + name: update-service-subscription + namespace: openshift-update-service + resourceVersion: "1728269681" + uid: ce5194f6-b60e-4206-bcb9-019ed845797e +spec: + channel: v1 + installPlanApproval: Manual + name: cincinnati-operator + source: redhat-operators + sourceNamespace: openshift-marketplace +status: + catalogHealth: + - catalogSourceRef: + apiVersion: operators.coreos.com/v1alpha1 + kind: CatalogSource + name: certified-operators + namespace: openshift-marketplace + resourceVersion: "1728260000" + uid: 5ccf7092-9df5-4898-b5c5-0368937614f1 + healthy: true + lastUpdated: "2024-10-14T08:37:15Z" + - catalogSourceRef: + apiVersion: operators.coreos.com/v1alpha1 + kind: CatalogSource + name: redhat-marketplace + namespace: openshift-marketplace + resourceVersion: "1728258210" + uid: 83648c37-b64e-440c-86c1-8c8146fc59f0 + healthy: true + lastUpdated: "2024-10-14T08:37:15Z" + - catalogSourceRef: + apiVersion: operators.coreos.com/v1alpha1 + kind: CatalogSource + name: redhat-operators + namespace: openshift-marketplace + resourceVersion: "1728263805" + uid: 99cc0db9-35c4-4f2a-87ab-7e37f0b05cc0 + healthy: true + lastUpdated: "2024-10-14T08:37:15Z" + conditions: + - lastTransitionTime: "2024-10-14T08:37:15Z" + message: all available catalogsources are healthy + reason: CatalogSourcesAdded + status: "False" + type: CatalogSourcesUnhealthy + lastUpdated: "2024-10-14T08:37:15Z" diff --git a/resource_customizations/policy.open-cluster-management.io/Policy/health.lua b/resource_customizations/policy.open-cluster-management.io/Policy/health.lua index b969c367e121e..3ecf863bfeddd 100644 --- a/resource_customizations/policy.open-cluster-management.io/Policy/health.lua +++ b/resource_customizations/policy.open-cluster-management.io/Policy/health.lua @@ -1,9 +1,24 @@ hs = {} -if obj.status == nil or obj.status.compliant == nil then +if obj.status == nil then hs.status = "Progressing" hs.message = "Waiting for the status to be reported" return hs end + +-- A policy will not have a compliant field but will have a placement key set if +-- it is not being applied to any clusters +if obj.status.compliant == nil and #obj.status.placement > 0 and obj.status.status == nil then + hs.status = "Healthy" + hs.message = "No clusters match this policy" + return hs +end + +if obj.status.compliant == nil then + hs.status = "Progressing" + hs.message = "Waiting for the status to be reported" + return hs +end + if obj.status.compliant == "Compliant" then hs.status = "Healthy" else diff --git a/resource_customizations/policy.open-cluster-management.io/Policy/health_test.yaml b/resource_customizations/policy.open-cluster-management.io/Policy/health_test.yaml index ede9cc5c8a2c0..b2caab5155a15 100644 --- a/resource_customizations/policy.open-cluster-management.io/Policy/health_test.yaml +++ b/resource_customizations/policy.open-cluster-management.io/Policy/health_test.yaml @@ -15,3 +15,11 @@ tests: status: Healthy message: All templates are compliant inputPath: testdata/healthy_replicated.yaml + - healthStatus: + status: Progressing + message: Waiting for the status to be reported + inputPath: testdata/progressing_no_status.yaml + - healthStatus: + status: Healthy + message: No clusters match this policy + inputPath: testdata/healthy_with_placement_empty_compliant.yaml diff --git a/resource_customizations/policy.open-cluster-management.io/Policy/testdata/healthy_with_placement_empty_compliant.yaml b/resource_customizations/policy.open-cluster-management.io/Policy/testdata/healthy_with_placement_empty_compliant.yaml new file mode 100644 index 0000000000000..118f28354aade --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/Policy/testdata/healthy_with_placement_empty_compliant.yaml @@ -0,0 +1,55 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: Policy +metadata: + annotations: + argocd.argoproj.io/compare-options: IgnoreExtraneous + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + labels: + argocd.argoproj.io/instance: acm + name: acm-hub-ca-policy + namespace: open-cluster-management +spec: + disabled: false + policy-templates: + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: acm-hub-ca-config-policy + spec: + namespaceSelector: + include: + - default + object-templates: + - complianceType: mustonlyhave + objectDefinition: + apiVersion: v1 + data: + hub-kube-root-ca.crt: '{{hub fromConfigMap "" "kube-root-ca.crt" "ca.crt" + | base64enc hub}}' + hub-openshift-service-ca.crt: '{{hub fromConfigMap "" "openshift-service-ca.crt" + "service-ca.crt" | base64enc hub}}' + kind: Secret + metadata: + name: hub-ca + namespace: golang-external-secrets + type: Opaque + - complianceType: mustonlyhave + objectDefinition: + apiVersion: v1 + data: + hub-kube-root-ca.crt: | + {{hub fromConfigMap "" "kube-root-ca.crt" "ca.crt" | autoindent hub}} + hub-openshift-service-ca.crt: | + {{hub fromConfigMap "" "openshift-service-ca.crt" "service-ca.crt" | autoindent hub}} + kind: ConfigMap + metadata: + name: trusted-hub-bundle + namespace: imperative + remediationAction: enforce + severity: medium + remediationAction: enforce +status: + placement: + - placementBinding: acm-hub-ca-policy-placement-binding + placementRule: acm-hub-ca-policy-placement diff --git a/resource_customizations/policy.open-cluster-management.io/Policy/testdata/progressing_no_status.yaml b/resource_customizations/policy.open-cluster-management.io/Policy/testdata/progressing_no_status.yaml new file mode 100644 index 0000000000000..1b5d985ab2972 --- /dev/null +++ b/resource_customizations/policy.open-cluster-management.io/Policy/testdata/progressing_no_status.yaml @@ -0,0 +1,51 @@ +apiVersion: policy.open-cluster-management.io/v1 +kind: Policy +metadata: + annotations: + argocd.argoproj.io/compare-options: IgnoreExtraneous + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + labels: + argocd.argoproj.io/instance: acm + name: acm-hub-ca-policy + namespace: open-cluster-management +spec: + disabled: false + policy-templates: + - objectDefinition: + apiVersion: policy.open-cluster-management.io/v1 + kind: ConfigurationPolicy + metadata: + name: acm-hub-ca-config-policy + spec: + namespaceSelector: + include: + - default + object-templates: + - complianceType: mustonlyhave + objectDefinition: + apiVersion: v1 + data: + hub-kube-root-ca.crt: '{{hub fromConfigMap "" "kube-root-ca.crt" "ca.crt" + | base64enc hub}}' + hub-openshift-service-ca.crt: '{{hub fromConfigMap "" "openshift-service-ca.crt" + "service-ca.crt" | base64enc hub}}' + kind: Secret + metadata: + name: hub-ca + namespace: golang-external-secrets + type: Opaque + - complianceType: mustonlyhave + objectDefinition: + apiVersion: v1 + data: + hub-kube-root-ca.crt: | + {{hub fromConfigMap "" "kube-root-ca.crt" "ca.crt" | autoindent hub}} + hub-openshift-service-ca.crt: | + {{hub fromConfigMap "" "openshift-service-ca.crt" "service-ca.crt" | autoindent hub}} + kind: ConfigMap + metadata: + name: trusted-hub-bundle + namespace: imperative + remediationAction: enforce + severity: medium + remediationAction: enforce diff --git a/server/account/account.go b/server/account/account.go index 06dceffc4ba3e..8b1b840a37ddd 100644 --- a/server/account/account.go +++ b/server/account/account.go @@ -37,15 +37,16 @@ func NewServer(sessionMgr *session.SessionManager, settingsMgr *settings.Setting // UpdatePassword updates the password of the currently authenticated account or the account specified in the request. func (s *Server) UpdatePassword(ctx context.Context, q *account.UpdatePasswordRequest) (*account.UpdatePasswordResponse, error) { - issuer := session.Iss(ctx) - username := session.Sub(ctx) - updatedUsername := username + username := session.GetUserIdentifier(ctx) + updatedUsername := username if q.Name != "" { updatedUsername = q.Name } + // check for permission is user is trying to change someone else's password // assuming user is trying to update someone else if username is different or issuer is not Argo CD + issuer := session.Iss(ctx) if updatedUsername != username || issuer != session.SessionManagerClaimsIssuer { if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceAccounts, rbacpolicy.ActionUpdate, q.Name); err != nil { return nil, fmt.Errorf("permission denied: %w", err) @@ -168,8 +169,10 @@ func toApiAccount(name string, a settings.Account) *account.Account { } func (s *Server) ensureHasAccountPermission(ctx context.Context, action string, account string) error { + id := session.GetUserIdentifier(ctx) + // account has always has access to itself - if session.Sub(ctx) == account && session.Iss(ctx) == session.SessionManagerClaimsIssuer { + if id == account && session.Iss(ctx) == session.SessionManagerClaimsIssuer { return nil } if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceAccounts, action, account); err != nil { diff --git a/server/account/account_test.go b/server/account/account_test.go index 6cba740c2a5ad..a228e638f7410 100644 --- a/server/account/account_test.go +++ b/server/account/account_test.go @@ -82,12 +82,12 @@ func getAdminAccount(mgr *settings.SettingsManager) (*settings.Account, error) { } func adminContext(ctx context.Context) context.Context { - // nolint:staticcheck + //nolint:staticcheck return context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "admin", Issuer: sessionutil.SessionManagerClaimsIssuer}) } func ssoAdminContext(ctx context.Context, iat time.Time) context.Context { - // nolint:staticcheck + //nolint:staticcheck return context.WithValue(ctx, "claims", &jwt.RegisteredClaims{ Subject: "admin", Issuer: "https://myargocdhost.com/api/dex", @@ -96,7 +96,7 @@ func ssoAdminContext(ctx context.Context, iat time.Time) context.Context { } func projTokenContext(ctx context.Context) context.Context { - // nolint:staticcheck + //nolint:staticcheck return context.WithValue(ctx, "claims", &jwt.RegisteredClaims{ Subject: "proj:demo:deployer", Issuer: sessionutil.SessionManagerClaimsIssuer, diff --git a/server/application/application.go b/server/application/application.go index 36977c1e88053..c6568187edf1a 100644 --- a/server/application/application.go +++ b/server/application/application.go @@ -1343,9 +1343,16 @@ func (s *Server) getAppResources(ctx context.Context, a *v1alpha1.Application) ( } func (s *Server) getAppLiveResource(ctx context.Context, action string, q *application.ApplicationResourceRequest) (*v1alpha1.ResourceNode, *rest.Config, *v1alpha1.Application, error) { + fineGrainedInheritanceDisabled, err := s.settingsMgr.ApplicationFineGrainedRBACInheritanceDisabled() + if err != nil { + return nil, nil, nil, err + } + + if fineGrainedInheritanceDisabled && (action == rbacpolicy.ActionDelete || action == rbacpolicy.ActionUpdate) { + action = fmt.Sprintf("%s/%s/%s/%s/%s", action, q.GetGroup(), q.GetKind(), q.GetNamespace(), q.GetResourceName()) + } a, _, err := s.getApplicationEnforceRBACInformer(ctx, action, q.GetProject(), q.GetAppNamespace(), q.GetName()) - if err != nil && errors.Is(err, argocommon.PermissionDeniedAPIError) && (action == rbacpolicy.ActionDelete || action == rbacpolicy.ActionUpdate) { - // If users dont have permission on the whole applications, maybe they have fine-grained access to the specific resources + if !fineGrainedInheritanceDisabled && err != nil && errors.Is(err, argocommon.PermissionDeniedAPIError) && (action == rbacpolicy.ActionDelete || action == rbacpolicy.ActionUpdate) { action = fmt.Sprintf("%s/%s/%s/%s/%s", action, q.GetGroup(), q.GetKind(), q.GetNamespace(), q.GetResourceName()) a, _, err = s.getApplicationEnforceRBACInformer(ctx, action, q.GetProject(), q.GetAppNamespace(), q.GetName()) } @@ -1466,14 +1473,15 @@ func (s *Server) DeleteResource(ctx context.Context, q *application.ApplicationR return nil, err } var deleteOption metav1.DeleteOptions - if q.GetOrphan() { + switch { + case q.GetOrphan(): propagationPolicy := metav1.DeletePropagationOrphan deleteOption = metav1.DeleteOptions{PropagationPolicy: &propagationPolicy} - } else if q.GetForce() { + case q.GetForce(): propagationPolicy := metav1.DeletePropagationBackground zeroGracePeriod := int64(0) deleteOption = metav1.DeleteOptions{PropagationPolicy: &propagationPolicy, GracePeriodSeconds: &zeroGracePeriod} - } else { + default: propagationPolicy := metav1.DeletePropagationForeground deleteOption = metav1.DeleteOptions{PropagationPolicy: &propagationPolicy} } diff --git a/server/application/application_test.go b/server/application/application_test.go index 33615fa8a87d6..2faf6c1fe2026 100644 --- a/server/application/application_test.go +++ b/server/application/application_test.go @@ -782,20 +782,16 @@ func TestNoAppEnumeration(t *testing.T) { appServer := newTestAppServerWithEnforcerConfigure(t, f, map[string]string{}, testApp, testHelmApp, testAppMulti, testDeployment) noRoleCtx := context.Background() - // nolint:staticcheck + //nolint:staticcheck adminCtx := context.WithValue(noRoleCtx, "claims", &jwt.MapClaims{"groups": []string{"admin"}}) t.Run("Get", func(t *testing.T) { - // nolint:staticcheck _, err := appServer.Get(adminCtx, &application.ApplicationQuery{Name: ptr.To("test")}) require.NoError(t, err) - // nolint:staticcheck _, err = appServer.Get(noRoleCtx, &application.ApplicationQuery{Name: ptr.To("test")}) require.EqualError(t, err, common.PermissionDeniedAPIError.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - // nolint:staticcheck _, err = appServer.Get(adminCtx, &application.ApplicationQuery{Name: ptr.To("doest-not-exist")}) require.EqualError(t, err, common.PermissionDeniedAPIError.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - // nolint:staticcheck _, err = appServer.Get(adminCtx, &application.ApplicationQuery{Name: ptr.To("doest-not-exist"), Project: []string{"test"}}) assert.EqualError(t, err, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", "when the request specifies a project, we can return the standard k8s error message") }) @@ -1301,7 +1297,7 @@ func TestCoupleAppsListApps(t *testing.T) { for i := 0; i < 50; i++ { groups = append(groups, fmt.Sprintf("group-%d", i)) } - // nolint:staticcheck + //nolint:staticcheck ctx = context.WithValue(ctx, "claims", &jwt.MapClaims{"groups": groups}) for projectId := 0; projectId < 100; projectId++ { projectName := fmt.Sprintf("proj-%d", projectId) @@ -1629,12 +1625,16 @@ func TestDeleteApp(t *testing.T) { func TestDeleteResourcesRBAC(t *testing.T) { ctx := context.Background() - // nolint:staticcheck + //nolint:staticcheck ctx = context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "test-user"}) testApp := newTestApp() appServer := newTestAppServer(t, testApp) appServer.enf.SetDefaultRole("") + argoCM := map[string]string{"server.rbac.disableApplicationFineGrainedRBACInheritance": "false"} + appServerWithRBACInheritance := newTestAppServerWithEnforcerConfigure(t, func(_ *rbac.Enforcer) {}, argoCM, testApp) + appServerWithRBACInheritance.enf.SetDefaultRole("") + req := application.ApplicationResourceDeleteRequest{ Name: &testApp.Name, AppNamespace: &testApp.Namespace, @@ -1651,6 +1651,14 @@ func TestDeleteResourcesRBAC(t *testing.T) { p, test-user, applications, delete, default/test-app, allow `) _, err := appServer.DeleteResource(ctx, &req) + assert.Equal(t, codes.PermissionDenied.String(), status.Code(err).String()) + }) + + t.Run("delete with application permission with inheritance", func(t *testing.T) { + _ = appServerWithRBACInheritance.enf.SetBuiltinPolicy(` +p, test-user, applications, delete, default/test-app, allow +`) + _, err := appServerWithRBACInheritance.DeleteResource(ctx, &req) assert.EqualError(t, err, expectedErrorWhenDeleteAllowed) }) @@ -1660,6 +1668,15 @@ p, test-user, applications, delete, default/test-app, allow p, test-user, applications, delete/*, default/test-app, deny `) _, err := appServer.DeleteResource(ctx, &req) + assert.Equal(t, codes.PermissionDenied.String(), status.Code(err).String()) + }) + + t.Run("delete with application permission but deny subresource with inheritance", func(t *testing.T) { + _ = appServerWithRBACInheritance.enf.SetBuiltinPolicy(` +p, test-user, applications, delete, default/test-app, allow +p, test-user, applications, delete/*, default/test-app, deny +`) + _, err := appServerWithRBACInheritance.DeleteResource(ctx, &req) assert.EqualError(t, err, expectedErrorWhenDeleteAllowed) }) @@ -1680,6 +1697,15 @@ p, test-user, applications, delete/*, default/test-app, allow assert.EqualError(t, err, expectedErrorWhenDeleteAllowed) }) + t.Run("delete with subresource but deny applications with inheritance", func(t *testing.T) { + _ = appServerWithRBACInheritance.enf.SetBuiltinPolicy(` +p, test-user, applications, delete, default/test-app, deny +p, test-user, applications, delete/*, default/test-app, allow +`) + _, err := appServerWithRBACInheritance.DeleteResource(ctx, &req) + assert.EqualError(t, err, expectedErrorWhenDeleteAllowed) + }) + t.Run("delete with specific subresource denied", func(t *testing.T) { _ = appServer.enf.SetBuiltinPolicy(` p, test-user, applications, delete/*, default/test-app, allow @@ -1692,12 +1718,16 @@ p, test-user, applications, delete/fake.io/PodTest/*, default/test-app, deny func TestPatchResourcesRBAC(t *testing.T) { ctx := context.Background() - // nolint:staticcheck + //nolint:staticcheck ctx = context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "test-user"}) testApp := newTestApp() appServer := newTestAppServer(t, testApp) appServer.enf.SetDefaultRole("") + argoCM := map[string]string{"server.rbac.disableApplicationFineGrainedRBACInheritance": "false"} + appServerWithRBACInheritance := newTestAppServerWithEnforcerConfigure(t, func(_ *rbac.Enforcer) {}, argoCM, testApp) + appServerWithRBACInheritance.enf.SetDefaultRole("") + req := application.ApplicationResourcePatchRequest{ Name: &testApp.Name, AppNamespace: &testApp.Namespace, @@ -1714,6 +1744,14 @@ func TestPatchResourcesRBAC(t *testing.T) { p, test-user, applications, update, default/test-app, allow `) _, err := appServer.PatchResource(ctx, &req) + assert.Equal(t, codes.PermissionDenied.String(), status.Code(err).String()) + }) + + t.Run("patch with application permission with inheritance", func(t *testing.T) { + _ = appServerWithRBACInheritance.enf.SetBuiltinPolicy(` +p, test-user, applications, update, default/test-app, allow +`) + _, err := appServerWithRBACInheritance.PatchResource(ctx, &req) assert.EqualError(t, err, expectedErrorWhenUpdateAllowed) }) @@ -1723,6 +1761,15 @@ p, test-user, applications, update, default/test-app, allow p, test-user, applications, update/*, default/test-app, deny `) _, err := appServer.PatchResource(ctx, &req) + assert.Equal(t, codes.PermissionDenied.String(), status.Code(err).String()) + }) + + t.Run("patch with application permission but deny subresource with inheritance", func(t *testing.T) { + _ = appServerWithRBACInheritance.enf.SetBuiltinPolicy(` +p, test-user, applications, update, default/test-app, allow +p, test-user, applications, update/*, default/test-app, deny +`) + _, err := appServerWithRBACInheritance.PatchResource(ctx, &req) assert.EqualError(t, err, expectedErrorWhenUpdateAllowed) }) @@ -1743,6 +1790,15 @@ p, test-user, applications, update/*, default/test-app, allow assert.EqualError(t, err, expectedErrorWhenUpdateAllowed) }) + t.Run("patch with subresource but deny applications with inheritance", func(t *testing.T) { + _ = appServerWithRBACInheritance.enf.SetBuiltinPolicy(` +p, test-user, applications, update, default/test-app, deny +p, test-user, applications, update/*, default/test-app, allow +`) + _, err := appServerWithRBACInheritance.PatchResource(ctx, &req) + assert.EqualError(t, err, expectedErrorWhenUpdateAllowed) + }) + t.Run("patch with specific subresource denied", func(t *testing.T) { _ = appServer.enf.SetBuiltinPolicy(` p, test-user, applications, update/*, default/test-app, allow @@ -1870,7 +1926,7 @@ func TestRollbackApp(t *testing.T) { func TestUpdateAppProject(t *testing.T) { testApp := newTestApp() ctx := context.Background() - // nolint:staticcheck + //nolint:staticcheck ctx = context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "admin"}) appServer := newTestAppServer(t, testApp) appServer.enf.SetDefaultRole("") @@ -1934,7 +1990,7 @@ p, admin, applications, update, my-proj/test-app, allow func TestAppJsonPatch(t *testing.T) { testApp := newTestAppWithAnnotations() ctx := context.Background() - // nolint:staticcheck + //nolint:staticcheck ctx = context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "admin"}) appServer := newTestAppServer(t, testApp) appServer.enf.SetDefaultRole("") @@ -1959,7 +2015,7 @@ func TestAppJsonPatch(t *testing.T) { func TestAppMergePatch(t *testing.T) { testApp := newTestApp() ctx := context.Background() - // nolint:staticcheck + //nolint:staticcheck ctx = context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "admin"}) appServer := newTestAppServer(t, testApp) appServer.enf.SetDefaultRole("") @@ -2250,7 +2306,7 @@ func createAppServerWithMaxLodLogs(t *testing.T, podNumber int, maxPodLogsToRend runtimeObjects[podNumber] = testApp noRoleCtx := context.Background() - // nolint:staticcheck + //nolint:staticcheck adminCtx := context.WithValue(noRoleCtx, "claims", &jwt.MapClaims{"groups": []string{"admin"}}) if len(maxPodLogsToRender) > 0 { diff --git a/server/application/terminal.go b/server/application/terminal.go index 41c9c1909b4d0..ab108aeb0b07d 100644 --- a/server/application/terminal.go +++ b/server/application/terminal.go @@ -11,10 +11,12 @@ import ( corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/httpstream" "k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes/scheme" "k8s.io/client-go/rest" "k8s.io/client-go/tools/remotecommand" + cmdutil "k8s.io/kubectl/pkg/cmd/util" appv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" applisters "github.com/argoproj/argo-cd/v3/pkg/client/listers/application/v1alpha1" @@ -318,6 +320,19 @@ func startProcess(k8sClient kubernetes.Interface, cfg *rest.Config, namespace, p return err } + // Fallback executor is default, unless feature flag is explicitly disabled. + // Reuse environment variable for kubectl to disable the feature flag, default is enabled. + if !cmdutil.RemoteCommandWebsockets.IsDisabled() { + // WebSocketExecutor must be "GET" method as described in RFC 6455 Sec. 4.1 (page 17). + websocketExec, err := remotecommand.NewWebSocketExecutor(cfg, "GET", req.URL().String()) + if err != nil { + return err + } + exec, err = remotecommand.NewFallbackExecutor(websocketExec, exec, httpstream.IsUpgradeFailure) + if err != nil { + return err + } + } return exec.StreamWithContext(context.Background(), remotecommand.StreamOptions{ Stdin: ptyHandler, Stdout: ptyHandler, diff --git a/server/application/websocket_test.go b/server/application/websocket_test.go index d26bdcf0ae518..faa879f97d9a4 100644 --- a/server/application/websocket_test.go +++ b/server/application/websocket_test.go @@ -136,7 +136,7 @@ func TestValidateWithAdminPermissions(t *testing.T) { ts := newTestTerminalSession(w, r) ts.terminalOpts = &TerminalOptions{Enf: enf} ts.appRBACName = "test" - // nolint:staticcheck + //nolint:staticcheck ts.ctx = context.WithValue(context.Background(), "claims", &jwt.MapClaims{"groups": []string{"admin"}}) _, err := ts.validatePermissions([]byte{}) require.NoError(t, err) @@ -156,7 +156,7 @@ func TestValidateWithoutPermissions(t *testing.T) { ts := newTestTerminalSession(w, r) ts.terminalOpts = &TerminalOptions{Enf: enf} ts.appRBACName = "test" - // nolint:staticcheck + //nolint:staticcheck ts.ctx = context.WithValue(context.Background(), "claims", &jwt.MapClaims{"groups": []string{"test"}}) _, err := ts.validatePermissions([]byte{}) require.Error(t, err) diff --git a/server/cluster/cluster.go b/server/cluster/cluster.go index 477aa35b6f13d..de6fff988c53f 100644 --- a/server/cluster/cluster.go +++ b/server/cluster/cluster.go @@ -168,11 +168,12 @@ func (s *Server) Create(ctx context.Context, q *cluster.ClusterCreateRequest) (* return nil, status.Errorf(codes.Internal, "unable to check existing cluster details: %v", getErr) } - if existing.Equals(c) { + switch { + case existing.Equals(c): clust = existing - } else if q.Upsert { + case q.Upsert: return s.Update(ctx, &cluster.ClusterUpdateRequest{Cluster: c}) - } else { + default: return nil, status.Error(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("cluster", existing, c)) } } @@ -227,15 +228,16 @@ func (s *Server) getCluster(ctx context.Context, q *cluster.ClusterQuery) (*appv if q.Id != nil { q.Server = "" q.Name = "" - if q.Id.Type == "name" { + switch q.Id.Type { + case "name": q.Name = q.Id.Value - } else if q.Id.Type == "name_escaped" { + case "name_escaped": nameUnescaped, err := url.QueryUnescape(q.Id.Value) if err != nil { return nil, fmt.Errorf("failed to unescape cluster name: %w", err) } q.Name = nameUnescaped - } else { + default: q.Server = q.Id.Value } } @@ -378,10 +380,7 @@ func enforceAndDelete(ctx context.Context, s *Server, server, project string) er log.WithField("cluster", server).Warnf("encountered permissions issue while processing request: %v", err) return common.PermissionDeniedAPIError } - if err := s.db.DeleteCluster(ctx, server); err != nil { - return err - } - return nil + return s.db.DeleteCluster(ctx, server) } // RotateAuth rotates the bearer token used for a cluster @@ -487,9 +486,9 @@ func (s *Server) toAPIResponse(clust *appv1.Cluster) *appv1.Cluster { clust.Config.ExecProviderConfig.Args = nil } // populate deprecated fields for backward compatibility - // nolint:staticcheck + //nolint:staticcheck clust.ServerVersion = clust.Info.ServerVersion - // nolint:staticcheck + //nolint:staticcheck clust.ConnectionState = clust.Info.ConnectionState return clust } diff --git a/server/project/project_test.go b/server/project/project_test.go index 33fe1658fcef3..099561256ecc9 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -362,7 +362,7 @@ func TestProjectServer(t *testing.T) { enforcer = newEnforcer(kubeclientset) _ = enforcer.SetBuiltinPolicy(`p, *, *, *, *, deny`) enforcer.SetClaimsEnforcerFunc(nil) - // nolint:staticcheck + //nolint:staticcheck ctx = context.WithValue(context.Background(), "claims", &jwt.MapClaims{"groups": []string{"my-group"}}) policyEnf := rbacpolicy.NewRBACPolicyEnforcer(enforcer, nil) policyEnf.SetScopes([]string{"groups"}) @@ -731,7 +731,7 @@ p, role:admin, projects, update, *, allow`) enforcer = newEnforcer(kubeclientset) _ = enforcer.SetBuiltinPolicy(`p, *, *, *, *, deny`) enforcer.SetClaimsEnforcerFunc(nil) - // nolint:staticcheck + //nolint:staticcheck ctx := context.WithValue(context.Background(), "claims", &jwt.MapClaims{"groups": []string{"my-group"}}) sessionMgr := session.NewSessionManager(settingsMgr, test.NewFakeProjLister(), "", nil, session.NewUserStateStorage(nil)) diff --git a/server/rbacpolicy/rbacpolicy.go b/server/rbacpolicy/rbacpolicy.go index 0462d511237d8..379e88380a279 100644 --- a/server/rbacpolicy/rbacpolicy.go +++ b/server/rbacpolicy/rbacpolicy.go @@ -8,6 +8,7 @@ import ( "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" applister "github.com/argoproj/argo-cd/v3/pkg/client/listers/application/v1alpha1" + claimsutil "github.com/argoproj/argo-cd/v3/util/claims" jwtutil "github.com/argoproj/argo-cd/v3/util/jwt" "github.com/argoproj/argo-cd/v3/util/rbac" ) @@ -115,8 +116,12 @@ func (p *RBACPolicyEnforcer) EnforceClaims(claims jwt.Claims, rvals ...any) bool if err != nil { return false } + argoClaims, err := claimsutil.MapClaimsToArgoClaims(mapClaims) + if err != nil { + return false + } - subject := jwtutil.StringField(mapClaims, "sub") + subject := argoClaims.GetUserIdentifier() // Check if the request is for an application resource. We have special enforcement which takes // into consideration the project's token and group bindings var runtimePolicy string diff --git a/server/rbacpolicy/rbacpolicy_test.go b/server/rbacpolicy/rbacpolicy_test.go index 55bce5c86fda0..4022b1f760d25 100644 --- a/server/rbacpolicy/rbacpolicy_test.go +++ b/server/rbacpolicy/rbacpolicy_test.go @@ -68,6 +68,11 @@ func TestEnforceAllPolicies(t *testing.T) { assert.True(t, enf.Enforce(claims, "logs", "get", "my-proj/my-app")) assert.True(t, enf.Enforce(claims, "exec", "create", "my-proj/my-app")) + claims = jwt.MapClaims{"sub": "qwertyuiop", "federated_claims": map[string]any{"user_id": "bob"}} + assert.True(t, enf.Enforce(claims, "applications", "create", "my-proj/my-app")) + assert.True(t, enf.Enforce(claims, "logs", "get", "my-proj/my-app")) + assert.True(t, enf.Enforce(claims, "exec", "create", "my-proj/my-app")) + claims = jwt.MapClaims{"sub": "proj:my-proj:my-role", "iat": 1234} assert.True(t, enf.Enforce(claims, "applications", "create", "my-proj/my-app")) assert.True(t, enf.Enforce(claims, "logs", "get", "my-proj/my-app")) diff --git a/server/repocreds/repocreds.go b/server/repocreds/repocreds.go index 0b3b6b6eed058..d50819c61e36b 100644 --- a/server/repocreds/repocreds.go +++ b/server/repocreds/repocreds.go @@ -112,11 +112,12 @@ func (s *Server) CreateRepositoryCredentials(ctx context.Context, q *repocredspk return nil, status.Errorf(codes.Internal, "unable to check existing repository credentials details: %v", getErr) } - if reflect.DeepEqual(existing, r) { + switch { + case reflect.DeepEqual(existing, r): err = nil - } else if q.Upsert { + case q.Upsert: return s.UpdateRepositoryCredentials(ctx, &repocredspkg.RepoCredsUpdateRequest{Creds: r}) - } else { + default: return nil, status.Error(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("repository credentials", existing, r)) } } @@ -146,11 +147,12 @@ func (s *Server) CreateWriteRepositoryCredentials(ctx context.Context, q *repocr return nil, status.Errorf(codes.Internal, "unable to check existing repository credentials details: %v", getErr) } - if reflect.DeepEqual(existing, r) { + switch { + case reflect.DeepEqual(existing, r): err = nil - } else if q.Upsert { + case q.Upsert: return s.UpdateWriteRepositoryCredentials(ctx, &repocredspkg.RepoCredsUpdateRequest{Creds: r}) - } else { + default: return nil, status.Error(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("repository credentials", existing, r)) } } diff --git a/server/repository/repository.go b/server/repository/repository.go index 7d66f5a57476e..19acf8b06b848 100644 --- a/server/repository/repository.go +++ b/server/repository/repository.go @@ -458,12 +458,13 @@ func (s *Server) CreateRepository(ctx context.Context, q *repositorypkg.RepoCrea existing.Type = text.FirstNonEmpty(existing.Type, "git") // repository ConnectionState may differ, so make consistent before testing existing.ConnectionState = r.ConnectionState - if reflect.DeepEqual(existing, r) { + switch { + case reflect.DeepEqual(existing, r): repo, err = existing, nil - } else if q.Upsert { + case q.Upsert: r.Project = q.Repo.Project return s.db.UpdateRepository(ctx, r) - } else { + default: return nil, status.Error(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("repository", existing, r)) } } @@ -503,11 +504,12 @@ func (s *Server) CreateWriteRepository(ctx context.Context, q *repositorypkg.Rep if getErr != nil { return nil, status.Errorf(codes.Internal, "unable to check existing repository details: %v", getErr) } - if reflect.DeepEqual(existing, q.Repo) { + switch { + case reflect.DeepEqual(existing, q.Repo): repo, err = existing, nil - } else if q.Upsert { + case q.Upsert: return s.db.UpdateWriteRepository(ctx, q.Repo) - } else { + default: return nil, status.Error(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("write repository", existing, q.Repo)) } } diff --git a/server/repository/repository.proto b/server/repository/repository.proto index a8911c08401ef..84d8c19c512c8 100644 --- a/server/repository/repository.proto +++ b/server/repository/repository.proto @@ -89,6 +89,8 @@ message RepoAccessQuery { string gcpServiceAccountKey = 18; // Whether to force HTTP basic auth bool forceHttpBasicAuth = 19; + // Whether to use azure workload identity for authentication + bool useAzureWorkloadIdentity = 20; } message RepoResponse {} diff --git a/server/server.go b/server/server.go index 823e60fae4b6c..fb99c305ad2dc 100644 --- a/server/server.go +++ b/server/server.go @@ -26,7 +26,7 @@ import ( "syscall" "time" - // nolint:staticcheck + //nolint:staticcheck golang_proto "github.com/golang/protobuf/proto" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/labels" @@ -106,8 +106,10 @@ import ( "github.com/argoproj/argo-cd/v3/ui" "github.com/argoproj/argo-cd/v3/util/assets" cacheutil "github.com/argoproj/argo-cd/v3/util/cache" + claimsutil "github.com/argoproj/argo-cd/v3/util/claims" "github.com/argoproj/argo-cd/v3/util/db" dexutil "github.com/argoproj/argo-cd/v3/util/dex" + "github.com/argoproj/argo-cd/v3/util/env" errorsutil "github.com/argoproj/argo-cd/v3/util/errors" grpc_util "github.com/argoproj/argo-cd/v3/util/grpc" @@ -521,7 +523,7 @@ func (server *ArgoCDServer) Listen() (*Listeners, error) { } else { dOpts = append(dOpts, grpc.WithTransportCredentials(insecure.NewCredentials())) } - // nolint:staticcheck + //nolint:staticcheck conn, err := grpc.Dial(fmt.Sprintf("localhost:%d", server.ListenPort), dOpts...) if err != nil { io.Close(mainLn) @@ -1477,7 +1479,7 @@ func (server *ArgoCDServer) Authenticate(ctx context.Context) (context.Context, claims, newToken, claimsErr := server.getClaims(ctx) if claims != nil { // Add claims to the context to inspect for RBAC - // nolint:staticcheck + //nolint:staticcheck ctx = context.WithValue(ctx, "claims", claims) if newToken != "" { // Session tokens that are expiring soon should be regenerated if user stays active. @@ -1489,7 +1491,7 @@ func (server *ArgoCDServer) Authenticate(ctx context.Context) (context.Context, } } if claimsErr != nil { - // nolint:staticcheck + //nolint:staticcheck ctx = context.WithValue(ctx, util_session.AuthErrorCtxKey, claimsErr) } @@ -1501,7 +1503,7 @@ func (server *ArgoCDServer) Authenticate(ctx context.Context) (context.Context, if !argoCDSettings.AnonymousUserEnabled { return ctx, claimsErr } - // nolint:staticcheck + //nolint:staticcheck ctx = context.WithValue(ctx, "claims", "") } @@ -1522,19 +1524,19 @@ func (server *ArgoCDServer) getClaims(ctx context.Context) (jwt.Claims, string, return claims, "", status.Errorf(codes.Unauthenticated, "invalid session: %v", err) } - // Some SSO implementations (Okta) require a call to - // the OIDC user info path to get attributes like groups - // we assume that everywhere in argocd jwt.MapClaims is used as type for interface jwt.Claims - // otherwise this would cause a panic - var groupClaims jwt.MapClaims - if groupClaims, ok = claims.(jwt.MapClaims); !ok { - if tmpClaims, ok := claims.(*jwt.MapClaims); ok { - groupClaims = *tmpClaims - } + mapClaims, err := jwtutil.MapClaims(claims) + if err != nil { + return claims, "", status.Errorf(codes.Internal, "invalid claims") + } + argoClaims, err := claimsutil.MapClaimsToArgoClaims(mapClaims) + if err != nil { + return claims, "", status.Errorf(codes.Internal, "invalid argo claims") } - iss := jwtutil.StringField(groupClaims, "iss") + + // Some SSO implementations (Okta) require a call to the OIDC user info path to get attributes like groups + iss := jwtutil.StringField(mapClaims, "iss") if iss != util_session.SessionManagerClaimsIssuer && server.settings.UserInfoGroupsEnabled() && server.settings.UserInfoPath() != "" { - userInfo, unauthorized, err := server.ssoClientApp.GetUserInfo(groupClaims, server.settings.IssuerURL(), server.settings.UserInfoPath()) + userInfo, unauthorized, err := server.ssoClientApp.GetUserInfo(mapClaims, server.settings.IssuerURL(), server.settings.UserInfoPath()) if unauthorized { log.Errorf("error while quering userinfo endpoint: %v", err) return claims, "", status.Errorf(codes.Unauthenticated, "invalid session") @@ -1543,13 +1545,17 @@ func (server *ArgoCDServer) getClaims(ctx context.Context) (jwt.Claims, string, log.Errorf("error fetching user info endpoint: %v", err) return claims, "", status.Errorf(codes.Internal, "invalid userinfo response") } - if groupClaims["sub"] != userInfo["sub"] { + userInfoClaims, err := claimsutil.MapClaimsToArgoClaims(userInfo) + if err != nil { + return claims, "", status.Errorf(codes.Internal, "invalid userinfo claims") + } + if argoClaims.Subject != userInfoClaims.Subject { return claims, "", status.Error(codes.Unknown, "subject of claims from user info endpoint didn't match subject of idToken, see https://openid.net/specs/openid-connect-core-1_0.html#UserInfo") } - groupClaims["groups"] = userInfo["groups"] + mapClaims["groups"] = userInfo["groups"] } - return groupClaims, newToken, nil + return mapClaims, newToken, nil } // getToken extracts the token from gRPC metadata or cookie headers diff --git a/server/server_test.go b/server/server_test.go index 92877a1878327..a8c7d227c3303 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -815,7 +815,7 @@ func TestAuthenticate_3rd_party_JWTs(t *testing.T) { anonymousEnabled: false, claims: jwt.RegisteredClaims{Audience: jwt.ClaimStrings{common.ArgoCDClientAppID}, Subject: "admin", ExpiresAt: jwt.NewNumericDate(time.Now())}, expectedErrorContains: common.TokenVerificationError, - expectedClaims: jwt.RegisteredClaims{Issuer: "sso"}, + expectedClaims: jwt.MapClaims{"iss": "sso"}, }, { test: "anonymous enabled, expired token, admin claim", @@ -870,7 +870,7 @@ func TestAuthenticate_3rd_party_JWTs(t *testing.T) { claims: jwt.RegisteredClaims{Audience: jwt.ClaimStrings{common.ArgoCDClientAppID}, Subject: "admin", ExpiresAt: jwt.NewNumericDate(time.Now())}, useDex: true, expectedErrorContains: common.TokenVerificationError, - expectedClaims: jwt.RegisteredClaims{Issuer: "sso"}, + expectedClaims: jwt.MapClaims{"iss": "sso"}, }, { test: "external OIDC: anonymous enabled, expired token, admin claim", @@ -897,7 +897,7 @@ func TestAuthenticate_3rd_party_JWTs(t *testing.T) { t.Parallel() // Must be declared here to avoid race. - ctx := context.Background() //nolint:ineffassign,staticcheck + ctx := context.Background() //nolint:staticcheck argocd, oidcURL := getTestServer(t, testDataCopy.anonymousEnabled, true, testDataCopy.useDex, settings_util.OIDCConfig{}) diff --git a/server/version/version.go b/server/version/version.go index a35d0c2665c26..0ec94f03c9bb9 100644 --- a/server/version/version.go +++ b/server/version/version.go @@ -39,7 +39,7 @@ func (s *Server) Version(ctx context.Context, _ *empty.Empty) (*version.VersionM } if s.kustomizeVersion == "" { - kustomizeVersion, err := kustomize.Version(true) + kustomizeVersion, err := kustomize.Version() if err == nil { s.kustomizeVersion = kustomizeVersion } else { @@ -47,7 +47,7 @@ func (s *Server) Version(ctx context.Context, _ *empty.Empty) (*version.VersionM } } if s.helmVersion == "" { - helmVersion, err := helm.Version(true) + helmVersion, err := helm.Version() if err == nil { s.helmVersion = helmVersion } else { diff --git a/test/container/Dockerfile b/test/container/Dockerfile index 10ef98bf2feb5..b99f448d8ffc2 100644 --- a/test/container/Dockerfile +++ b/test/container/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/library/redis:7.4.2@sha256:cd13b924409d740ea8abe6677a7d1accf696898408d330a3d7c8234fa7545775 as redis +FROM docker.io/library/redis:7.4.2@sha256:ca65ea36ae16e709b0f1c7534bc7e5b5ac2e5bb3c97236e4fec00e3625eb678d AS redis # There are libraries we will want to copy from here in the final stage of the # build, but the COPY directive does not have a way to determine system @@ -6,15 +6,15 @@ FROM docker.io/library/redis:7.4.2@sha256:cd13b924409d740ea8abe6677a7d1accf69689 RUN ln -s /usr/lib/$(uname -m)-linux-gnu /usr/lib/linux-gnu # Please make sure to also check the contained yarn version and update the references below when upgrading this image's version -FROM docker.io/library/node:22.9.0@sha256:69e667a79aa41ec0db50bc452a60e705ca16f35285eaf037ebe627a65a5cdf52 as node +FROM docker.io/library/node:22.9.0@sha256:69e667a79aa41ec0db50bc452a60e705ca16f35285eaf037ebe627a65a5cdf52 AS node -FROM docker.io/library/golang:1.23.4@sha256:70031844b8c225351d0bb63e2c383f80db85d92ba894e3da7e13bcf80efa9a37 as golang +FROM docker.io/library/golang:1.23.5@sha256:51a6466e8dbf3e00e422eb0f7a97ac450b2d57b33617bbe8d2ee0bddcd9d0d37 AS golang -FROM docker.io/library/registry:2.8@sha256:543dade69668e02e5768d7ea2b0aa4fae6aa7384c9a5a8dbecc2be5136079ddb as registry +FROM docker.io/library/registry:2.8@sha256:543dade69668e02e5768d7ea2b0aa4fae6aa7384c9a5a8dbecc2be5136079ddb AS registry -FROM docker.io/bitnami/kubectl:1.32@sha256:493d1b871556d48d6b25d471f192c2427571cd6f78523eebcaf4d263353c7487 as kubectl +FROM docker.io/bitnami/kubectl:1.32@sha256:493d1b871556d48d6b25d471f192c2427571cd6f78523eebcaf4d263353c7487 AS kubectl -FROM docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 +FROM docker.io/library/ubuntu:24.04@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install --fix-missing -y \ @@ -41,9 +41,9 @@ COPY --from=golang /usr/local/go /usr/local/go COPY --from=kubectl /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/kubectl -ENV PATH /dist:/go/bin:/usr/local/go/bin:/go/src/github.com/argoproj/argo-cd/dist:$PATH -ENV GOROOT /usr/local/go -ENV GOPATH /go +ENV PATH=/dist:/go/bin:/usr/local/go/bin:/go/src/github.com/argoproj/argo-cd/dist:$PATH +ENV GOROOT=/usr/local/go +ENV GOPATH=/go # Install build and test dependencies COPY hack/install.sh hack/tool-versions.sh go.* ./ @@ -54,6 +54,7 @@ RUN ./install.sh helm && \ ./install.sh codegen-tools && \ ./install.sh codegen-go-tools && \ ./install.sh lint-tools && \ + ./install.sh gotestsum && \ go install github.com/mattn/goreman@latest && \ go install github.com/kisielk/godepgraph@latest && \ go install github.com/jstemmer/go-junit-report@latest && \ @@ -94,7 +95,7 @@ ARG UID # Prepare user configuration & build environments RUN userdel -r ubuntu && \ - useradd -l -u ${UID} -d /home/user -s /bin/bash user && \ + useradd -l -u ${UID} -d /home/user -s /bin/bash user && \ echo "user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/user && \ mkdir -p /home/user/.kube && \ mkdir -p /home/user/.cache && \ diff --git a/test/e2e/app_management_test.go b/test/e2e/app_management_test.go index 978fb4376b434..c6b753d916fad 100644 --- a/test/e2e/app_management_test.go +++ b/test/e2e/app_management_test.go @@ -32,6 +32,7 @@ import ( "github.com/argoproj/argo-cd/v3/test/e2e/fixture" accountFixture "github.com/argoproj/argo-cd/v3/test/e2e/fixture/account" . "github.com/argoproj/argo-cd/v3/test/e2e/fixture/app" + clusterFixture "github.com/argoproj/argo-cd/v3/test/e2e/fixture/cluster" projectFixture "github.com/argoproj/argo-cd/v3/test/e2e/fixture/project" repoFixture "github.com/argoproj/argo-cd/v3/test/e2e/fixture/repos" "github.com/argoproj/argo-cd/v3/test/e2e/testdata" @@ -701,6 +702,58 @@ func TestComparisonFailsIfClusterNotAdded(t *testing.T) { Expect(DoesNotExist()) } +func TestComparisonFailsIfDestinationClusterIsInvalid(t *testing.T) { + clusterActions := clusterFixture.Given(t). + Name("temp-cluster"). + Server(KubernetesInternalAPIServerAddr). + When(). + Create() + + GivenWithSameState(t). + Path(guestbookPath). + DestName("temp-cluster"). + When(). + CreateApp(). + Refresh(RefreshTypeNormal). + Sync(). + Then(). + Expect(Success("")). + Expect(HealthIs(health.HealthStatusHealthy)). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + When(). + And(func() { + clusterActions.DeleteByName() + }). + Refresh(RefreshTypeNormal). + Then(). + Expect(Success("")). + Expect(HealthIs(health.HealthStatusUnknown)). + Expect(SyncStatusIs(SyncStatusCodeUnknown)). + Expect(Condition(ApplicationConditionInvalidSpecError, "there are no clusters with this name")) +} + +func TestComparisonFailsIfInClusterDisabled(t *testing.T) { + Given(t). + Path(guestbookPath). + DestServer(KubernetesInternalAPIServerAddr). + When(). + CreateApp(). + Refresh(RefreshTypeNormal). + Sync(). + Then(). + Expect(Success("")). + Expect(HealthIs(health.HealthStatusHealthy)). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + When(). + SetParamInSettingConfigMap("cluster.inClusterEnabled", "false"). + Refresh(RefreshTypeNormal). + Then(). + Expect(Success("")). + Expect(HealthIs(health.HealthStatusUnknown)). + Expect(SyncStatusIs(SyncStatusCodeUnknown)). + Expect(Condition(ApplicationConditionInvalidSpecError, fmt.Sprintf("cluster %q is disabled", KubernetesInternalAPIServerAddr))) +} + func TestCannotSetInvalidPath(t *testing.T) { Given(t). Path(guestbookPath). @@ -1115,15 +1168,15 @@ definitions: end return _copy(object) end - + job = {} job.apiVersion = "batch/v1" job.kind = "Job" - + job.metadata = {} job.metadata.name = obj.metadata.name .. "-123" job.metadata.namespace = obj.metadata.namespace - + ownerRef = {} ownerRef.apiVersion = obj.apiVersion ownerRef.kind = obj.kind @@ -1131,18 +1184,18 @@ definitions: ownerRef.uid = obj.metadata.uid job.metadata.ownerReferences = {} job.metadata.ownerReferences[1] = ownerRef - + job.spec = {} job.spec.suspend = false job.spec.template = {} job.spec.template.spec = deepCopy(obj.spec.jobTemplate.spec.template.spec) - + impactedResource = {} impactedResource.operation = "create" impactedResource.resource = job result = {} result[1] = impactedResource - + return result` func TestNewStyleResourceActionPermitted(t *testing.T) { @@ -1219,15 +1272,15 @@ definitions: end return _copy(object) end - + job = {} job.apiVersion = "batch/v1" job.kind = "Job" - + job.metadata = {} job.metadata.name = obj.metadata.name .. "-123" job.metadata.namespace = obj.metadata.namespace - + ownerRef = {} ownerRef.apiVersion = obj.apiVersion ownerRef.kind = obj.kind @@ -1235,12 +1288,12 @@ definitions: ownerRef.uid = obj.metadata.uid job.metadata.ownerReferences = {} job.metadata.ownerReferences[1] = ownerRef - + job.spec = {} job.spec.suspend = false job.spec.template = {} job.spec.template.spec = deepCopy(obj.spec.jobTemplate.spec.template.spec) - + impactedResource1 = {} impactedResource1.operation = "create" impactedResource1.resource = job @@ -1253,7 +1306,7 @@ definitions: impactedResource2.resource = obj result[2] = impactedResource2 - + return result` func TestNewStyleResourceActionMixedOk(t *testing.T) { @@ -2158,6 +2211,19 @@ func TestCreateAppWithNoNameSpaceWhenRequired2(t *testing.T) { }) } +func TestCreateAppWithInClusterDisabled(t *testing.T) { + Given(t). + Path(guestbookPath). + DestServer(KubernetesInternalAPIServerAddr). + When(). + SetParamInSettingConfigMap("cluster.inClusterEnabled", "false"). + IgnoreErrors(). + CreateApp(). + Then(). + // RPC error messages are quoted: time="2024-12-18T04:13:58Z" level=fatal msg="" + Expect(Error("", fmt.Sprintf(`cluster \"%s\" is disabled`, KubernetesInternalAPIServerAddr))) +} + func TestListResource(t *testing.T) { fixture.SkipOnEnv(t, "OPENSHIFT") Given(t). diff --git a/test/e2e/applicationset_test.go b/test/e2e/applicationset_test.go index b71bce6861c89..2991072fee578 100644 --- a/test/e2e/applicationset_test.go +++ b/test/e2e/applicationset_test.go @@ -1159,7 +1159,6 @@ func TestSimpleGitDirectoryGenerator(t *testing.T) { expectedApps := []v1alpha1.Application{ generateExpectedApp("kustomize-guestbook"), generateExpectedApp("helm-guestbook"), - generateExpectedApp("ksonnet-guestbook"), } var expectedAppsNewNamespace []v1alpha1.Application @@ -1269,7 +1268,6 @@ func TestSimpleGitDirectoryGeneratorGoTemplate(t *testing.T) { expectedApps := []v1alpha1.Application{ generateExpectedApp("kustomize-guestbook"), generateExpectedApp("helm-guestbook"), - generateExpectedApp("ksonnet-guestbook"), } var expectedAppsNewNamespace []v1alpha1.Application diff --git a/test/e2e/fixture/app/expectation.go b/test/e2e/fixture/app/expectation.go index 22a5aaa475218..6f37e25c3fc44 100644 --- a/test/e2e/fixture/app/expectation.go +++ b/test/e2e/fixture/app/expectation.go @@ -370,7 +370,7 @@ func Error(message, err string, matchers ...func(string, string) bool) Expectati return failed, fmt.Sprintf("output does not contain '%s'", message) } if !match(c.actions.lastError.Error(), err) { - return failed, fmt.Sprintf("error does not contain '%s'", message) + return failed, fmt.Sprintf("error does not contain '%s'", err) } return succeeded, fmt.Sprintf("error '%s'", message) } diff --git a/test/e2e/fixture/fixture.go b/test/e2e/fixture/fixture.go index de3150116ac5f..f30651dd75691 100644 --- a/test/e2e/fixture/fixture.go +++ b/test/e2e/fixture/fixture.go @@ -886,7 +886,7 @@ func EnsureCleanState(t *testing.T, opts ...TestOption) { } prevGnuPGHome := os.Getenv("GNUPGHOME") os.Setenv("GNUPGHOME", TmpDir+"/gpg") - // nolint:errcheck + //nolint:errcheck Run("", "pkill", "-9", "gpg-agent") _, err = Run("", "gpg", "--import", "../fixture/gpg/signingkey.asc") if err != nil { diff --git a/test/e2e/mask_secret_values_test.go b/test/e2e/mask_secret_values_test.go index 987c6b3a2c160..2be5677adce26 100644 --- a/test/e2e/mask_secret_values_test.go +++ b/test/e2e/mask_secret_values_test.go @@ -7,6 +7,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/argoproj/gitops-engine/pkg/health" + "github.com/argoproj/gitops-engine/pkg/sync/common" . "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" . "github.com/argoproj/argo-cd/v3/test/e2e/fixture" @@ -56,3 +57,55 @@ data: assert.False(t, sensitiveData.MatchString(diff)) }) } + +// Secret values shouldn't be exposed in error messages and the diff view +// when invalid secret is synced. +func TestMaskValuesInInvalidSecret(t *testing.T) { + sensitiveData := regexp.MustCompile(`SECRETVAL|U0VDUkVUVkFM|12345`) + + Given(t). + Path("empty-dir"). + When(). + // valid secret + AddFile("secrets.yaml", `apiVersion: v1 +kind: Secret +metadata: + name: secret + annotations: + app: test +stringData: + username: SECRETVAL +data: + password: U0VDUkVUVkFM +`). + CreateApp(). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + Expect(HealthIs(health.HealthStatusHealthy)). + // secret data shouldn't be exposed in manifests output + And(func(app *Application) { + mnfs, _ := RunCli("app", "manifests", app.Name) + assert.False(t, sensitiveData.MatchString(mnfs)) + }). + When(). + // invalidate secret + PatchFile("secrets.yaml", `[{"op": "replace", "path": "/data/password", "value": 12345}]`). + Refresh(RefreshTypeHard). + IgnoreErrors(). + Sync(). + Then(). + Expect(SyncStatusIs(SyncStatusCodeOutOfSync)). + Expect(OperationPhaseIs(common.OperationFailed)). + // secret data shouldn't be exposed in manifests, diff & error output for invalid secret + And(func(app *Application) { + mnfs, _ := RunCli("app", "manifests", app.Name) + assert.False(t, sensitiveData.MatchString(mnfs)) + + diff, _ := RunCli("app", "diff", app.Name) + assert.False(t, sensitiveData.MatchString(diff)) + + msg := app.Status.OperationState.Message + assert.False(t, sensitiveData.MatchString(msg)) + }) +} diff --git a/test/e2e/matrix_e2e_test.go b/test/e2e/matrix_e2e_test.go index 2156bc9222937..534c74938b253 100644 --- a/test/e2e/matrix_e2e_test.go +++ b/test/e2e/matrix_e2e_test.go @@ -44,11 +44,9 @@ func TestListMatrixGenerator(t *testing.T) { expectedApps := []v1alpha1.Application{ generateExpectedApp("cluster1", "kustomize-guestbook"), generateExpectedApp("cluster1", "helm-guestbook"), - generateExpectedApp("cluster1", "ksonnet-guestbook"), generateExpectedApp("cluster2", "kustomize-guestbook"), generateExpectedApp("cluster2", "helm-guestbook"), - generateExpectedApp("cluster2", "ksonnet-guestbook"), } var expectedAppsNewNamespace []v1alpha1.Application @@ -169,11 +167,9 @@ func TestClusterMatrixGenerator(t *testing.T) { expectedApps := []v1alpha1.Application{ generateExpectedApp("cluster1", "kustomize-guestbook"), generateExpectedApp("cluster1", "helm-guestbook"), - generateExpectedApp("cluster1", "ksonnet-guestbook"), generateExpectedApp("cluster2", "kustomize-guestbook"), generateExpectedApp("cluster2", "helm-guestbook"), - generateExpectedApp("cluster2", "ksonnet-guestbook"), } var expectedAppsNewNamespace []v1alpha1.Application @@ -297,12 +293,10 @@ func TestMatrixTerminalMatrixGeneratorSelector(t *testing.T) { excludedApps := []v1alpha1.Application{ generateExpectedApp("cluster1", "kustomize-guestbook"), generateExpectedApp("cluster1", "helm-guestbook"), - generateExpectedApp("cluster1", "ksonnet-guestbook"), } expectedApps := []v1alpha1.Application{ generateExpectedApp("cluster2", "kustomize-guestbook"), generateExpectedApp("cluster2", "helm-guestbook"), - generateExpectedApp("cluster2", "ksonnet-guestbook"), } Given(t). diff --git a/test/e2e/merge_e2e_test.go b/test/e2e/merge_e2e_test.go index 27ef2e5026fbf..e799c95fdd08a 100644 --- a/test/e2e/merge_e2e_test.go +++ b/test/e2e/merge_e2e_test.go @@ -166,11 +166,9 @@ func TestClusterMergeGenerator(t *testing.T) { expectedApps := []v1alpha1.Application{ generateExpectedApp("cluster1", "kustomize-guestbook", "1"), generateExpectedApp("cluster1", "helm-guestbook", "0"), - generateExpectedApp("cluster1", "ksonnet-guestbook", "0"), generateExpectedApp("cluster2", "kustomize-guestbook", "0"), generateExpectedApp("cluster2", "helm-guestbook", "2"), - generateExpectedApp("cluster2", "ksonnet-guestbook", "0"), } var expectedAppsNewNamespace []v1alpha1.Application diff --git a/test/e2e/multiarch-container/Dockerfile b/test/e2e/multiarch-container/Dockerfile index d023155785114..cbbc19e699812 100644 --- a/test/e2e/multiarch-container/Dockerfile +++ b/test/e2e/multiarch-container/Dockerfile @@ -1,2 +1,2 @@ -FROM docker.io/library/busybox@sha256:2919d0172f7524b2d8df9e50066a682669e6d170ac0f6a49676d54358fe970b5 +FROM docker.io/library/busybox@sha256:a5d0ce49aa801d475da48f8cb163c354ab95cab073cd3c138bd458fc8257fbf1 CMD exec sh -c "trap : TERM INT; echo 'Hi' && tail -f /dev/null" diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile index 062550e78000e..9309f02bdc93f 100644 --- a/test/remote/Dockerfile +++ b/test/remote/Dockerfile @@ -1,6 +1,6 @@ -ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 +ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab -FROM docker.io/library/golang:1.23.4@sha256:81e1da9b9604cdee2bc226e90e15f9d51ae6a8cd2271dc341c42ca0926c3b83f AS go +FROM docker.io/library/golang:1.23.5@sha256:51a6466e8dbf3e00e422eb0f7a97ac450b2d57b33617bbe8d2ee0bddcd9d0d37 AS go RUN go install github.com/mattn/goreman@latest && \ go install github.com/kisielk/godepgraph@latest diff --git a/ui-test/package.json b/ui-test/package.json index 424425b0b091e..0c29d478e89a4 100644 --- a/ui-test/package.json +++ b/ui-test/package.json @@ -14,19 +14,19 @@ "dependencies": { "@types/selenium-webdriver": "^4.1.27", "assert": "^2.1.0", - "chromedriver": "^131.0.4", + "chromedriver": "^132.0.1", "selenium-webdriver": "^4.27.0" }, "devDependencies": { "@types/mocha": "^10.0.10", - "@types/node": "^22.10.5", + "@types/node": "^22.10.10", "dotenv": "^16.4.7", "mocha": "^11.0.1", "prettier": "^2.8.8", "tslint": "^6.1.3", "tslint-config-prettier": "^1.18.0", "tslint-plugin-prettier": "^2.0.1", - "typescript": "^5.7.2", + "typescript": "^5.7.3", "yarn": "^1.22.22" } } diff --git a/ui-test/yarn.lock b/ui-test/yarn.lock index e2d66b0771791..a7c02fee0a561 100644 --- a/ui-test/yarn.lock +++ b/ui-test/yarn.lock @@ -60,10 +60,10 @@ resolved "https://registry.yarnpkg.com/@types/mocha/-/mocha-10.0.10.tgz#91f62905e8d23cbd66225312f239454a23bebfa0" integrity sha512-xPyYSz1cMPnJQhl0CLMH68j3gprKZaTjG3s5Vi+fDgx+uhG9NOXwbVt52eFS8ECyXhyKcjDLCBEqBExKuiZb7Q== -"@types/node@*", "@types/node@^22.10.5": - version "22.10.5" - resolved "https://registry.yarnpkg.com/@types/node/-/node-22.10.5.tgz#95af89a3fb74a2bb41ef9927f206e6472026e48b" - integrity sha512-F8Q+SeGimwOo86fiovQh8qiXfFEh2/ocYv7tU5pJ3EXMSSxk1Joj5wefpFK2fHTf/N6HKGSxIDBT9f3gCxXPkQ== +"@types/node@*", "@types/node@^22.10.10": + version "22.10.10" + resolved "https://registry.yarnpkg.com/@types/node/-/node-22.10.10.tgz#85fe89f8bf459dc57dfef1689bd5b52ad1af07e6" + integrity sha512-X47y/mPNzxviAGY5TcYPtYL8JsY3kAq2n8fMmKoRCxq/c4v4pyGNCzM2R6+M5/umG4ZfHuT+sgqDYqWc9rJ6ww== dependencies: undici-types "~6.20.0" @@ -294,10 +294,10 @@ chokidar@^3.5.3: optionalDependencies: fsevents "~2.3.2" -chromedriver@^131.0.4: - version "131.0.4" - resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-131.0.4.tgz#55b161c3be229fb2f71be6e24ad174aa1e6f18a8" - integrity sha512-JgIkept8YrnqT05ldLaOzxxEJDUV1t3PFIIMO/gQz9AbnpZx7Pl1zq6tQTTz2HoY5T2JKZ5kyiEWwc48g4fJ5w== +chromedriver@^132.0.1: + version "132.0.1" + resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-132.0.1.tgz#55f288943ac68ad262b3267e7696538d4bda918a" + integrity sha512-M3XyeyOdYfEiw3plMeEvF/iMwluOH9+8K5mJwFmxllFBPfHvDGX1Oeys3GNzMyhqQ1lJbRX7B6bp+323LLd5lg== dependencies: "@testim/chrome-version" "^1.1.4" axios "^1.7.4" @@ -1636,10 +1636,10 @@ tsutils@^2.29.0: dependencies: tslib "^1.8.1" -typescript@^5.7.2: - version "5.7.2" - resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.7.2.tgz#3169cf8c4c8a828cde53ba9ecb3d2b1d5dd67be6" - integrity sha512-i5t66RHxDvVN40HfDd1PsEThGNnlMCMT3jMUuoh9/0TaqWevNontacunWyN02LA9/fIbEWlcHZcgTKb9QoaLfg== +typescript@^5.7.3: + version "5.7.3" + resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.7.3.tgz#919b44a7dbb8583a9b856d162be24a54bf80073e" + integrity sha512-84MVSjMEHP+FQRPy3pX9sTVV/INIex71s9TL2Gm5FG/WG1SqXeKyZ0k7/blY/4FdOzI12CBy1vGc4og/eus0fw== undici-types@~6.20.0: version "6.20.0" diff --git a/ui/src/app/app.tsx b/ui/src/app/app.tsx index 2d2e192590fa2..17851489dd610 100644 --- a/ui/src/app/app.tsx +++ b/ui/src/app/app.tsx @@ -235,7 +235,7 @@ export class App extends React.Component< } public getChildContext() { - return {history, apis: {popup: this.popupManager, notifications: this.notificationsManager, navigation: this.navigationManager}}; + return {history, apis: {popup: this.popupManager, notifications: this.notificationsManager, navigation: this.navigationManager, baseHref: base}}; } private async subscribeUnauthorized() { diff --git a/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx b/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx index 2a56246ad0c08..405348d504ffa 100644 --- a/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx +++ b/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx @@ -170,6 +170,16 @@ export const ApplicationCreatePanel = (props: { } } + const onCreateApp = (data: models.Application) => { + if (destinationComboValue === 'URL') { + delete data.spec.destination.name; + } else { + delete data.spec.destination.server; + } + + props.createApp(data); + }; + return ( debouncedOnAppChanged(state.values as any)} - onSubmit={props.createApp} + onSubmit={onCreateApp} getApi={props.getFormApi}> {api => { const generalPanel = () => ( @@ -304,7 +314,10 @@ export const ApplicationCreatePanel = (props: { qeId='application-create-field-repository-url' field='spec.source.repoURL' component={AutocompleteField} - componentProps={{items: repos}} + componentProps={{ + items: repos, + filterSuggestions: true + }} />
                                                                    @@ -396,7 +409,8 @@ export const ApplicationCreatePanel = (props: { field='spec.source.targetRevision' component={AutocompleteField} componentProps={{ - items: (selectedChart && selectedChart.versions) || [] + items: (selectedChart && selectedChart.versions) || [], + filterSuggestions: true }} /> @@ -419,7 +433,10 @@ export const ApplicationCreatePanel = (props: { label='Cluster URL' qeId='application-create-field-cluster-url' field='spec.destination.server' - componentProps={{items: clusters.map(cluster => cluster.server)}} + componentProps={{ + items: clusters.map(cluster => cluster.server), + filterSuggestions: true + }} component={AutocompleteField} />
                                                                    @@ -430,7 +447,10 @@ export const ApplicationCreatePanel = (props: { label='Cluster Name' qeId='application-create-field-cluster-name' field='spec.destination.name' - componentProps={{items: clusters.map(cluster => cluster.name)}} + componentProps={{ + items: clusters.map(cluster => cluster.name), + filterSuggestions: true + }} component={AutocompleteField} />
                                                  diff --git a/ui/src/app/applications/components/application-details/application-details-app-dropdown.tsx b/ui/src/app/applications/components/application-details/application-details-app-dropdown.tsx index 615ddf1a47511..df330abed2b1b 100644 --- a/ui/src/app/applications/components/application-details/application-details-app-dropdown.tsx +++ b/ui/src/app/applications/components/application-details/application-details-app-dropdown.tsx @@ -43,7 +43,7 @@ export const ApplicationsDetailsAppDropdown = (props: {appName: string}) => { }) .slice(0, 100) // take top 100 results after filtering to avoid performance issues .map(app => ( -
                                                • ctx.navigation.goto(getAppUrl(app))}> +
                                                • ctx.navigation.goto(`/${getAppUrl(app)}`)}> {app.metadata.name} {app.metadata.name === props.appName && ' (current)'}
                                                  • )) diff --git a/ui/src/app/applications/components/application-details/application-resource-filter.tsx b/ui/src/app/applications/components/application-details/application-resource-filter.tsx index 24e364d37237b..1d845c7e18948 100644 --- a/ui/src/app/applications/components/application-details/application-resource-filter.tsx +++ b/ui/src/app/applications/components/application-details/application-resource-filter.tsx @@ -114,7 +114,7 @@ export const Filters = (props: FiltersProps) => { case 'Health': return props.resourceNodes.filter(res => res.health?.status === HealthStatuses[label]).length; case 'Kind': - return props.resourceNodes.filter(res => res.kind === label).length; + return props.resourceNodes.reduce((count, res) => (res.group && label === 'Pod' ? res.group.length : res.kind === label ? count + 1 : count), 0); default: return 0; } diff --git a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx index c32e100927d82..9dfd5d19a27b2 100644 --- a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx +++ b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx @@ -926,7 +926,16 @@ export const ApplicationResourceTree = (props: ApplicationResourceTreeProps) => graphNodesFilter.nodes().forEach(nodeId => { const node: ResourceTreeNode = graphNodesFilter.node(nodeId) as any; const parentIds = graphNodesFilter.predecessors(nodeId); - if (node.root != null && !predicate(node) && appKey !== nodeId) { + + const shouldKeepNode = () => { + //case for podgroup in group node view + if (node.podGroup) { + return predicate(node) || node.podGroup.pods.some(pod => predicate({...node, kind: 'Pod', name: pod.name})); + } + return predicate(node); + }; + + if (node.root != null && !shouldKeepNode() && appKey !== nodeId) { const childIds = graphNodesFilter.successors(nodeId); graphNodesFilter.removeNode(nodeId); filtered++; @@ -939,8 +948,14 @@ export const ApplicationResourceTree = (props: ApplicationResourceTreeProps) => if (node.root != null) filteredNodes.push(node); } }); + if (filtered) { - graphNodesFilter.setNode(FILTERED_INDICATOR_NODE, {height: NODE_HEIGHT, width: NODE_WIDTH, count: filtered, type: NODE_TYPES.filteredIndicator}); + graphNodesFilter.setNode(FILTERED_INDICATOR_NODE, { + height: NODE_HEIGHT, + width: NODE_WIDTH, + count: filtered, + type: NODE_TYPES.filteredIndicator + }); graphNodesFilter.setEdge(filteredIndicatorParent, FILTERED_INDICATOR_NODE); } } diff --git a/ui/src/app/applications/components/utils.tsx b/ui/src/app/applications/components/utils.tsx index 1e6511bc1bf1a..ba690865ce4cc 100644 --- a/ui/src/app/applications/components/utils.tsx +++ b/ui/src/app/applications/components/utils.tsx @@ -831,8 +831,8 @@ export function hydrationStatusMessage(app: appModels.Application) { return ( from{' '} - - {drySource.targetRevision + ' (' + dryCommit.substr(0, 7) + ')'} + + {drySource.targetRevision}
                                                  to{' '} @@ -845,8 +845,9 @@ export function hydrationStatusMessage(app: appModels.Application) { return ( from{' '} - - {drySource.targetRevision + ' (' + dryCommit.substr(0, 7) + ')'} + + {drySource.targetRevision} + {dryCommit && ' (' + dryCommit.substr(0, 7) + ')'}
                                                  to{' '} @@ -1564,7 +1565,7 @@ export const userMsgsList: {[key: string]: string} = { export function getAppUrl(app: appModels.Application): string { if (typeof app.metadata.namespace === 'undefined') { - return `/applications/${app.metadata.name}`; + return `applications/${app.metadata.name}`; } - return `/applications/${app.metadata.namespace}/${app.metadata.name}`; + return `applications/${app.metadata.namespace}/${app.metadata.name}`; } diff --git a/ui/src/app/login/components/login.tsx b/ui/src/app/login/components/login.tsx index 0f1aa90f26052..6d3bb97fae05c 100644 --- a/ui/src/app/login/components/login.tsx +++ b/ui/src/app/login/components/login.tsx @@ -135,7 +135,12 @@ export class Login extends React.Component, State> { this.setState({loginInProgress: false}); if (returnURL) { const url = new URL(returnURL); - this.appContext.apis.navigation.goto(url.pathname + url.search); + let redirectURL = url.pathname + url.search; + // return url already contains baseHref, so we need to remove it + if (this.appContext.apis.baseHref != '/' && redirectURL.startsWith(this.appContext.apis.baseHref)) { + redirectURL = redirectURL.substring(this.appContext.apis.baseHref.length); + } + this.appContext.apis.navigation.goto(redirectURL); } else { this.appContext.apis.navigation.goto('/applications'); } diff --git a/ui/src/app/settings/components/project-details/project-details.tsx b/ui/src/app/settings/components/project-details/project-details.tsx index 96110c2ff9cee..2da3501439257 100644 --- a/ui/src/app/settings/components/project-details/project-details.tsx +++ b/ui/src/app/settings/components/project-details/project-details.tsx @@ -517,6 +517,10 @@ export class ProjectDetails extends React.Component +
                                                  + USE AND OPERATOR + {helpTip('Use AND operator while selecting the apps that match the configured selectors')} +

                            {(proj.spec.syncWindows || []).map((window, i) => ( @@ -534,6 +538,7 @@ export class ProjectDetails extends React.Component{(window.namespaces || ['-']).join(',')}
                            {(window.clusters || ['-']).join(',')}
                            {window.manualSync ? 'Enabled' : 'Disabled'}
                            +
                            {window.andOperator ? 'Enabled' : 'Disabled'}
                            ))} diff --git a/ui/src/app/settings/components/project-sync-windows-edit-panel/project-sync-windows-edit-panel.tsx b/ui/src/app/settings/components/project-sync-windows-edit-panel/project-sync-windows-edit-panel.tsx index 1a0fb520dc314..671b88ff8619b 100644 --- a/ui/src/app/settings/components/project-sync-windows-edit-panel/project-sync-windows-edit-panel.tsx +++ b/ui/src/app/settings/components/project-sync-windows-edit-panel/project-sync-windows-edit-panel.tsx @@ -67,6 +67,14 @@ export const ProjectSyncWindowsEditPanel = (props: ProjectSyncWindowsEditPanelPr
                            +
                            + +
                            diff --git a/ui/src/app/settings/components/repo-details/repo-details.tsx b/ui/src/app/settings/components/repo-details/repo-details.tsx index dc67d698350fd..bcff567ae6a07 100644 --- a/ui/src/app/settings/components/repo-details/repo-details.tsx +++ b/ui/src/app/settings/components/repo-details/repo-details.tsx @@ -85,7 +85,8 @@ export const RepoDetails = (props: {repo: models.Repository; save?: (params: New noProxy: repo.noProxy || '', project: repo.project || '', enableOCI: repo.enableOCI || false, - forceHttpBasicAuth: repo.forceHttpBasicAuth || false + forceHttpBasicAuth: repo.forceHttpBasicAuth || false, + useAzureWorkloadIdentity: repo.useAzureWorkloadIdentity || false }; return ( diff --git a/ui/src/app/settings/components/repos-list/repos-list.tsx b/ui/src/app/settings/components/repos-list/repos-list.tsx index 92f7c63f53ba9..1803669b2d85d 100644 --- a/ui/src/app/settings/components/repos-list/repos-list.tsx +++ b/ui/src/app/settings/components/repos-list/repos-list.tsx @@ -44,6 +44,7 @@ export interface NewHTTPSRepoParams { enableOCI: boolean; // write should be true if saving as a write credential. write: boolean; + useAzureWorkloadIdentity: boolean; } interface NewGitHubAppRepoParams { @@ -96,6 +97,7 @@ interface NewHTTPSRepoCredsParams { enableOCI: boolean; // write should be true if saving as a write credential. write: boolean; + useAzureWorkloadIdentity: boolean; } interface NewGitHubAppRepoCredsParams { @@ -709,6 +711,14 @@ export class ReposList extends React.Component<
                            +
                            + +
                            )} {this.state.method === ConnectionMethod.GITHUBAPP && ( @@ -916,7 +926,8 @@ export class ReposList extends React.Component< noProxy: params.noProxy, forceHttpBasicAuth: params.forceHttpBasicAuth, enableOCI: params.enableOCI, - write: params.write + write: params.write, + useAzureWorkloadIdentity: params.useAzureWorkloadIdentity }); } else { this.setState({connecting: true}); diff --git a/ui/src/app/shared/models.ts b/ui/src/app/shared/models.ts index eb65f370b011f..953585a1d17c2 100644 --- a/ui/src/app/shared/models.ts +++ b/ui/src/app/shared/models.ts @@ -607,6 +607,7 @@ export interface Repository { githubAppId?: string; forceHttpBasicAuth?: boolean; enableOCI: boolean; + useAzureWorkloadIdentity: boolean; } export interface RepositoryList extends ItemsList {} @@ -810,6 +811,7 @@ export interface SyncWindow { clusters: string[]; manualSync: boolean; timeZone: string; + andOperator: boolean; } export interface Project { diff --git a/ui/src/app/shared/services/repo-service.ts b/ui/src/app/shared/services/repo-service.ts index f28a0d156d4a3..0ab6814b46f29 100644 --- a/ui/src/app/shared/services/repo-service.ts +++ b/ui/src/app/shared/services/repo-service.ts @@ -16,6 +16,7 @@ export interface HTTPSQuery { project?: string; forceHttpBasicAuth?: boolean; enableOCI: boolean; + useAzureWorkloadIdentity: boolean; } export interface SSHQuery { @@ -103,7 +104,8 @@ export class RepositoriesService { noProxy: q.noProxy, project: q.project, forceHttpBasicAuth: q.forceHttpBasicAuth, - enableOCI: q.enableOCI + enableOCI: q.enableOCI, + useAzureWorkloadIdentity: q.useAzureWorkloadIdentity }) .then(res => res.body as models.Repository); } @@ -125,7 +127,8 @@ export class RepositoriesService { noProxy: q.noProxy, project: q.project, forceHttpBasicAuth: q.forceHttpBasicAuth, - enableOCI: q.enableOCI + enableOCI: q.enableOCI, + useAzureWorkloadIdentity: q.useAzureWorkloadIdentity }) .then(res => res.body as models.Repository); } @@ -147,7 +150,8 @@ export class RepositoriesService { noProxy: q.noProxy, project: q.project, forceHttpBasicAuth: q.forceHttpBasicAuth, - enableOCI: q.enableOCI + enableOCI: q.enableOCI, + useAzureWorkloadIdentity: q.useAzureWorkloadIdentity }) .then(res => res.body as models.Repository); } @@ -169,7 +173,8 @@ export class RepositoriesService { noProxy: q.noProxy, project: q.project, forceHttpBasicAuth: q.forceHttpBasicAuth, - enableOCI: q.enableOCI + enableOCI: q.enableOCI, + useAzureWorkloadIdentity: q.useAzureWorkloadIdentity }) .then(res => res.body as models.Repository); } diff --git a/ui/src/app/sidebar/sidebar.scss b/ui/src/app/sidebar/sidebar.scss index d41cbeed3f7cf..4e09261e068cc 100644 --- a/ui/src/app/sidebar/sidebar.scss +++ b/ui/src/app/sidebar/sidebar.scss @@ -40,10 +40,12 @@ $deselected-text: #818d94; margin-left: -7px; &__character { + cursor: pointer; width: 42px; } &__text-logo { + cursor: pointer; height: 2em; filter: invert(100%); } diff --git a/ui/src/app/sidebar/sidebar.tsx b/ui/src/app/sidebar/sidebar.tsx index 1aeb77c9112ee..2e82b3f509fc5 100644 --- a/ui/src/app/sidebar/sidebar.tsx +++ b/ui/src/app/sidebar/sidebar.tsx @@ -54,13 +54,19 @@ export const Sidebar = (props: SidebarProps) => {
                            {!props.pref.hideSidebar && (
                            - Argo + context.history.push('/')} + title={'Go to start page'} + src='assets/images/argologo.svg' + alt='Argo' + className='sidebar__logo__text-logo' + />
                            {loading ? 'Loading...' : error?.state ? 'Unknown' : version?.Version || 'Unknown'}
                            )} - Argo{' '} + context.history.push('/')} title={'Go to start page'} src='assets/images/logo.png' alt='Argo' className='sidebar__logo__character' />{' '}
                            {(props.navItems || []).map(item => ( diff --git a/ui/yarn.lock b/ui/yarn.lock index a4e410b1d30de..d21f8b147e2bd 100644 --- a/ui/yarn.lock +++ b/ui/yarn.lock @@ -2705,7 +2705,7 @@ arg@^4.1.0: "argo-ui@git+https://github.com/argoproj/argo-ui.git": version "1.0.0" - resolved "git+https://github.com/argoproj/argo-ui.git#d9a4285dc254bc473b9f26f5d72655296233f003" + resolved "git+https://github.com/argoproj/argo-ui.git#5cf36101733ce43eed57242a12389f2a7e40bd2b" dependencies: "@fortawesome/fontawesome-free" "^6.2.1" "@tippy.js/react" "^3.1.1" diff --git a/util/argo/argo.go b/util/argo/argo.go index ff28fa1379c11..37b5e40331ed3 100644 --- a/util/argo/argo.go +++ b/util/argo/argo.go @@ -334,7 +334,7 @@ func ValidateRepo( if err != nil { return nil, fmt.Errorf("error getting cluster REST config: %w", err) } - // nolint:staticcheck + //nolint:staticcheck destCluster.ServerVersion, err = kubectl.GetServerVersion(config) if err != nil { return nil, fmt.Errorf("error getting k8s server version: %w", err) @@ -437,7 +437,7 @@ func validateRepo(ctx context.Context, proj, sources, repoClient, - // nolint:staticcheck + //nolint:staticcheck cluster.ServerVersion, APIResourcesToStrings(apiGroups, true), permittedHelmCredentials, @@ -549,7 +549,8 @@ func validateSourceHydrator(hydrator *argoappv1.SourceHydrator) []argoappv1.Appl func ValidatePermissions(ctx context.Context, spec *argoappv1.ApplicationSpec, proj *argoappv1.AppProject, db db.ArgoDB) ([]argoappv1.ApplicationCondition, error) { conditions := make([]argoappv1.ApplicationCondition, 0) - if spec.SourceHydrator != nil { + switch { + case spec.SourceHydrator != nil: condition := validateSourceHydrator(spec.SourceHydrator) if len(condition) > 0 { conditions = append(conditions, condition...) @@ -561,7 +562,7 @@ func ValidatePermissions(ctx context.Context, spec *argoappv1.ApplicationSpec, p Message: fmt.Sprintf("application repo %s is not permitted in project '%s'", spec.GetSource().RepoURL, spec.Project), }) } - } else if spec.HasMultipleSources() { + case spec.HasMultipleSources(): for _, source := range spec.Sources { condition := validateSourcePermissions(source, spec.HasMultipleSources()) if len(condition) > 0 { @@ -576,7 +577,7 @@ func ValidatePermissions(ctx context.Context, spec *argoappv1.ApplicationSpec, p }) } } - } else { + default: conditions = validateSourcePermissions(spec.GetSource(), spec.HasMultipleSources()) if len(conditions) > 0 { return conditions, nil @@ -910,13 +911,14 @@ func NormalizeSource(source *argoappv1.ApplicationSource) *argoappv1.Application source.Helm = nil } if source.Directory != nil && source.Directory.IsZero() { - if source.Directory.Exclude != "" && source.Directory.Include != "" { + switch { + case source.Directory.Exclude != "" && source.Directory.Include != "": source.Directory = &argoappv1.ApplicationSourceDirectory{Exclude: source.Directory.Exclude, Include: source.Directory.Include} - } else if source.Directory.Exclude != "" { + case source.Directory.Exclude != "": source.Directory = &argoappv1.ApplicationSourceDirectory{Exclude: source.Directory.Exclude} - } else if source.Directory.Include != "" { + case source.Directory.Include != "": source.Directory = &argoappv1.ApplicationSourceDirectory{Include: source.Directory.Include} - } else { + default: source.Directory = nil } } diff --git a/util/argo/argo_test.go b/util/argo/argo_test.go index dad5c03654339..e578f3544cbd2 100644 --- a/util/argo/argo_test.go +++ b/util/argo/argo_test.go @@ -45,8 +45,8 @@ func TestRefreshApp(t *testing.T) { require.NoError(t, err) // For some reason, the fake Application interface doesn't reflect the patch status after Patch(), // so can't verify it was set in unit tests. - //_, ok := newApp.Annotations[common.AnnotationKeyRefresh] - //assert.True(t, ok) + // _, ok := newApp.Annotations[common.AnnotationKeyRefresh] + // assert.True(t, ok) } func TestGetAppProjectWithNoProjDefined(t *testing.T) { diff --git a/util/argo/diff/ignore_test.go b/util/argo/diff/ignore_test.go index ab224214611a0..457e9d174cd6e 100644 --- a/util/argo/diff/ignore_test.go +++ b/util/argo/diff/ignore_test.go @@ -51,7 +51,6 @@ func TestIgnoreDiffConfig_HasIgnoreDifference(t *testing.T) { assert.True(t, ok) assert.NotNil(t, actual) assert.Equal(t, expectedManagedFields, actual.ManagedFieldsManagers) - // nolint:testifylint assert.Equal(t, expectedJSONPointers, actual.JSONPointers) assert.Equal(t, expectedJQExpression, actual.JQPathExpressions) }) @@ -73,7 +72,6 @@ func TestIgnoreDiffConfig_HasIgnoreDifference(t *testing.T) { assert.True(t, ok) assert.NotNil(t, actual) assert.Equal(t, expectedManagedFields, actual.ManagedFieldsManagers) - // nolint:testifylint assert.Equal(t, expectedJSONPointers, actual.JSONPointers) assert.Equal(t, expectedJQExpression, actual.JQPathExpressions) }) diff --git a/util/argo/normalizers/knowntypes_normalizer_test.go b/util/argo/normalizers/knowntypes_normalizer_test.go index e36569d6cbd6f..351e8436f17c8 100644 --- a/util/argo/normalizers/knowntypes_normalizer_test.go +++ b/util/argo/normalizers/knowntypes_normalizer_test.go @@ -49,7 +49,6 @@ func mustUnmarshalYAML(yamlStr string) *unstructured.Unstructured { return un } -// nolint:unparam func nestedSliceMap(obj map[string]any, i int, path ...string) (map[string]any, error) { items, ok, err := unstructured.NestedSlice(obj, path...) if err != nil { diff --git a/util/argo/normalizers/util.go b/util/argo/normalizers/util.go index 289c8bcccdae9..91af12d6a428e 100644 --- a/util/argo/normalizers/util.go +++ b/util/argo/normalizers/util.go @@ -9,12 +9,13 @@ func getGroupKindForOverrideKey(key string) (string, string, error) { var group, kind string parts := strings.Split(key, "/") - if len(parts) == 2 { + switch len(parts) { + case 2: group = parts[0] kind = parts[1] - } else if len(parts) == 1 { + case 1: kind = parts[0] - } else { + default: return "", "", fmt.Errorf("override key must be / or , got: '%s' ", key) } return group, kind, nil diff --git a/util/cache/cache.go b/util/cache/cache.go index a1787cc1fb0cc..a4fb5ff153ccb 100644 --- a/util/cache/cache.go +++ b/util/cache/cache.go @@ -189,15 +189,16 @@ func AddCacheFlagsToCmd(cmd *cobra.Command, opts ...Options) func() (*Cache, err } tlsConfig.Certificates = []tls.Certificate{clientCert} } - if insecureRedis { + switch { + case insecureRedis: tlsConfig.InsecureSkipVerify = true - } else if redisCACertificate != "" { + case redisCACertificate != "": redisCA, err := certutil.ParseTLSCertificatesFromPath(redisCACertificate) if err != nil { return nil, err } tlsConfig.RootCAs = certutil.GetCertPoolFromPEMData(redisCA) - } else { + default: var err error tlsConfig.RootCAs, err = x509.SystemCertPool() if err != nil { diff --git a/util/claims/claims.go b/util/claims/claims.go new file mode 100644 index 0000000000000..2b77e53b5b9f8 --- /dev/null +++ b/util/claims/claims.go @@ -0,0 +1,56 @@ +package claims + +import ( + "encoding/json" + + "github.com/golang-jwt/jwt/v5" +) + +// ArgoClaims defines the claims structure based on Dex's documented claims +type ArgoClaims struct { + jwt.RegisteredClaims + Email string `json:"email,omitempty"` + EmailVerified bool `json:"email_verified,omitempty"` + Name string `json:"name,omitempty"` + Groups []string `json:"groups,omitempty"` + // As per Dex docs, federated_claims has a specific structure + FederatedClaims *FederatedClaims `json:"federated_claims,omitempty"` +} + +// FederatedClaims represents the structure documented by Dex +type FederatedClaims struct { + ConnectorID string `json:"connector_id"` + UserID string `json:"user_id"` +} + +// MapClaimsToArgoClaims converts a jwt.MapClaims to a ArgoClaims +func MapClaimsToArgoClaims(claims jwt.MapClaims) (*ArgoClaims, error) { + if claims == nil { + return &ArgoClaims{}, nil + } + + claimsBytes, err := json.Marshal(claims) + if err != nil { + return nil, err + } + + var argoClaims ArgoClaims + err = json.Unmarshal(claimsBytes, &argoClaims) + if err != nil { + return nil, err + } + return &argoClaims, nil +} + +// GetUserIdentifier returns a consistent user identifier, checking federated_claims.user_id when Dex is in use +func (c *ArgoClaims) GetUserIdentifier() string { + // Check federated claims first + if c.FederatedClaims != nil && c.FederatedClaims.UserID != "" { + return c.FederatedClaims.UserID + } + // Fallback to sub + if c.Subject != "" { + return c.Subject + } + return "" +} diff --git a/util/claims/claims_test.go b/util/claims/claims_test.go new file mode 100644 index 0000000000000..607ebfbdd97c3 --- /dev/null +++ b/util/claims/claims_test.go @@ -0,0 +1,159 @@ +package claims + +import ( + "reflect" + "testing" + "time" + + "github.com/golang-jwt/jwt/v5" + "github.com/stretchr/testify/assert" +) + +func TestGetUserIdentifier(t *testing.T) { + tests := []struct { + name string + claims *ArgoClaims + want string + }{ + { + name: "when both dex and sub defined - prefer dex user_id", + claims: &ArgoClaims{ + RegisteredClaims: jwt.RegisteredClaims{ + Subject: "ignored:login", + }, + FederatedClaims: &FederatedClaims{ + UserID: "dex-user", + }, + }, + want: "dex-user", + }, + { + name: "when both dex and sub defined but dex user_id empty - fallback to sub", + claims: &ArgoClaims{ + RegisteredClaims: jwt.RegisteredClaims{ + Subject: "test:apiKey", + }, + FederatedClaims: &FederatedClaims{ + UserID: "", + }, + }, + want: "test:apiKey", + }, + { + name: "when only sub is defined (no dex) - use sub", + claims: &ArgoClaims{ + RegisteredClaims: jwt.RegisteredClaims{ + Subject: "admin:login", + }, + }, + want: "admin:login", + }, + { + name: "when neither dex nor sub defined - return empty", + claims: &ArgoClaims{}, + want: "", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got := tt.claims.GetUserIdentifier() + assert.Equal(t, tt.want, got) + }) + } +} + +func TestMapClaimsToArgoClaims(t *testing.T) { + expectedExpiredAt := jwt.NewNumericDate(time.Now().Add(time.Hour)) + expectedIssuedAt := jwt.NewNumericDate(time.Now().Add(time.Hour * -2)) + expectedNotBefore := jwt.NewNumericDate(time.Now().Add(time.Hour * -3)) + + tests := []struct { + name string + claims jwt.MapClaims + want *ArgoClaims + wantErr bool + }{ + { + name: "nil claims", + claims: nil, + want: &ArgoClaims{}, + }, + { + name: "empty claims", + claims: jwt.MapClaims{}, + want: &ArgoClaims{}, + }, + { + name: "invalid claims", + claims: jwt.MapClaims{ + "email_verified": "not-a-bool", + }, + wantErr: true, + }, + { + name: "all registered known claims", + claims: jwt.MapClaims{ + "jti": "jti", + "iss": "iss", + "sub": "sub", + "aud": "aud", + "iat": expectedIssuedAt.Unix(), + "exp": expectedExpiredAt.Unix(), + "nbf": expectedNotBefore.Unix(), + }, + want: &ArgoClaims{ + RegisteredClaims: jwt.RegisteredClaims{ + ID: "jti", + Issuer: "iss", + Subject: "sub", + Audience: jwt.ClaimStrings{"aud"}, + ExpiresAt: expectedExpiredAt, + IssuedAt: expectedIssuedAt, + NotBefore: expectedNotBefore, + }, + }, + }, + { + name: "all argo claims", + claims: jwt.MapClaims{ + "email": "email@test.com", + "email_verified": true, + "name": "the-name", + "groups": []string{ + "my-org:my-team2", + "my-org:my-team1", + }, + "federated_claims": map[string]any{ + "connector_id": "my-connector", + "user_id": "user-id", + }, + }, + want: &ArgoClaims{ + Email: "email@test.com", + EmailVerified: true, + Name: "the-name", + Groups: []string{ + "my-org:my-team2", + "my-org:my-team1", + }, + FederatedClaims: &FederatedClaims{ + ConnectorID: "my-connector", + UserID: "user-id", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := MapClaimsToArgoClaims(tt.claims) + if (err != nil) != tt.wantErr { + t.Errorf("MapClaimsToArgoClaims() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("MapClaimsToArgoClaims() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/util/config/env.go b/util/config/env.go index f5576e649ee0a..4f2b8cf475fe6 100644 --- a/util/config/env.go +++ b/util/config/env.go @@ -30,15 +30,16 @@ func LoadFlags() error { var key string for _, opt := range opts { - if strings.HasPrefix(opt, "--") { + switch { + case strings.HasPrefix(opt, "--"): if key != "" { flags[key] = "true" } key = strings.TrimPrefix(opt, "--") - } else if key != "" { + case key != "": flags[key] = opt key = "" - } else { + default: return errors.New("ARGOCD_OPTS invalid at '" + opt + "'") } } diff --git a/util/db/certificate.go b/util/db/certificate.go index 455934791772d..aeb7c78c9b006 100644 --- a/util/db/certificate.go +++ b/util/db/certificate.go @@ -191,7 +191,8 @@ func (db *db) CreateRepoCertificate(ctx context.Context, certificates *appsv1.Re } } - if certificate.CertType == "ssh" { + switch { + case certificate.CertType == "ssh": // Whether we have a new certificate entry newEntry := true // Whether we have upserted an existing certificate entry @@ -241,7 +242,7 @@ func (db *db) CreateRepoCertificate(ctx context.Context, certificates *appsv1.Re created = append(created, certificate) saveSSHData = true } - } else if certificate.CertType == "https" { + case certificate.CertType == "https": var tlsCertificate *TLSCertificate newEntry := true upserted := false @@ -308,7 +309,7 @@ func (db *db) CreateRepoCertificate(ctx context.Context, certificates *appsv1.Re } saveTLSData = true } - } else { + default: // Invalid/unknown certificate type return nil, fmt.Errorf("Unknown certificate type: %s", certificate.CertType) } diff --git a/util/db/cluster.go b/util/db/cluster.go index a3beec519022b..a0259d98ac31d 100644 --- a/util/db/cluster.go +++ b/util/db/cluster.go @@ -37,12 +37,12 @@ func (db *db) getLocalCluster() *appv1.Cluster { initLocalCluster.Do(func() { info, err := db.kubeclientset.Discovery().ServerVersion() if err == nil { - // nolint:staticcheck + //nolint:staticcheck localCluster.ServerVersion = fmt.Sprintf("%s.%s", info.Major, info.Minor) - // nolint:staticcheck + //nolint:staticcheck localCluster.ConnectionState = appv1.ConnectionState{Status: appv1.ConnectionStatusSuccessful} } else { - // nolint:staticcheck + //nolint:staticcheck localCluster.ConnectionState = appv1.ConnectionState{ Status: appv1.ConnectionStatusFailed, Message: err.Error(), @@ -51,7 +51,7 @@ func (db *db) getLocalCluster() *appv1.Cluster { }) cluster := localCluster.DeepCopy() now := metav1.Now() - // nolint:staticcheck + //nolint:staticcheck cluster.ConnectionState.ModifiedAt = &now return cluster } @@ -142,11 +142,19 @@ func (db *db) WatchClusters(ctx context.Context, handleModEvent func(oldCluster *appv1.Cluster, newCluster *appv1.Cluster), handleDeleteEvent func(clusterServer string), ) error { - localCls, err := db.GetCluster(ctx, appv1.KubernetesInternalAPIServerAddr) + argoSettings, err := db.settingsMgr.GetSettings() if err != nil { return err } - handleAddEvent(localCls) + + localCls := db.getLocalCluster() + if argoSettings.InClusterEnabled { + localCls, err = db.GetCluster(ctx, appv1.KubernetesInternalAPIServerAddr) + if err != nil { + return fmt.Errorf("could not get local cluster: %w", err) + } + handleAddEvent(localCls) + } db.watchSecrets( ctx, @@ -159,9 +167,11 @@ func (db *db) WatchClusters(ctx context.Context, return } if cluster.Server == appv1.KubernetesInternalAPIServerAddr { - // change local cluster event to modified or deleted, since it cannot be re-added or deleted - handleModEvent(localCls, cluster) - localCls = cluster + if argoSettings.InClusterEnabled { + // change local cluster event to modified, since it cannot be added at runtime + handleModEvent(localCls, cluster) + localCls = cluster + } return } handleAddEvent(cluster) @@ -185,10 +195,11 @@ func (db *db) WatchClusters(ctx context.Context, }, func(secret *corev1.Secret) { - if string(secret.Data["server"]) == appv1.KubernetesInternalAPIServerAddr { - // change local cluster event to modified or deleted, since it cannot be re-added or deleted - handleModEvent(localCls, db.getLocalCluster()) - localCls = db.getLocalCluster() + if string(secret.Data["server"]) == appv1.KubernetesInternalAPIServerAddr && argoSettings.InClusterEnabled { + // change local cluster event to modified, since it cannot be deleted at runtime, unless disabled. + newLocalCls := db.getLocalCluster() + handleModEvent(localCls, newLocalCls) + localCls = newLocalCls } else { handleDeleteEvent(string(secret.Data["server"])) } @@ -214,6 +225,14 @@ func (db *db) getClusterSecret(server string) (*corev1.Secret, error) { // GetCluster returns a cluster from a query func (db *db) GetCluster(_ context.Context, server string) (*appv1.Cluster, error) { + argoSettings, err := db.settingsMgr.GetSettings() + if err != nil { + return nil, err + } + if server == appv1.KubernetesInternalAPIServerAddr && !argoSettings.InClusterEnabled { + return nil, status.Errorf(codes.NotFound, "cluster %q is disabled", server) + } + informer, err := db.settingsMgr.GetSecretsInformer() if err != nil { return nil, err @@ -222,6 +241,7 @@ func (db *db) GetCluster(_ context.Context, server string) (*appv1.Cluster, erro if err != nil { return nil, err } + if len(res) > 0 { return SecretToCluster(res[0].(*corev1.Secret)) } @@ -254,6 +274,10 @@ func (db *db) GetProjectClusters(_ context.Context, project string) ([]*appv1.Cl } func (db *db) GetClusterServersByName(_ context.Context, name string) ([]string, error) { + argoSettings, err := db.settingsMgr.GetSettings() + if err != nil { + return nil, err + } informer, err := db.settingsMgr.GetSecretsInformer() if err != nil { return nil, err @@ -265,7 +289,7 @@ func (db *db) GetClusterServersByName(_ context.Context, name string) ([]string, return nil, err } - if len(localClusterSecrets) == 0 && db.getLocalCluster().Name == name { + if len(localClusterSecrets) == 0 && db.getLocalCluster().Name == name && argoSettings.InClusterEnabled { return []string{appv1.KubernetesInternalAPIServerAddr}, nil } @@ -276,7 +300,11 @@ func (db *db) GetClusterServersByName(_ context.Context, name string) ([]string, var res []string for i := range secrets { s := secrets[i].(*corev1.Secret) - res = append(res, strings.TrimRight(string(s.Data["server"]), "/")) + server := strings.TrimRight(string(s.Data["server"]), "/") + if !argoSettings.InClusterEnabled && server == appv1.KubernetesInternalAPIServerAddr { + continue + } + res = append(res, server) } return res, nil } diff --git a/util/db/cluster_norace_test.go b/util/db/cluster_norace_test.go index 042175921e75e..14cccf3d39664 100644 --- a/util/db/cluster_norace_test.go +++ b/util/db/cluster_norace_test.go @@ -49,7 +49,7 @@ func TestWatchClusters_CreateRemoveCluster(t *testing.T) { kubeclientset := fake.NewClientset(emptyArgoCDConfigMap, argoCDSecret) settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) db := NewDB(fakeNamespace, settingsManager, kubeclientset) - runWatchTest(t, db, []func(old *v1alpha1.Cluster, new *v1alpha1.Cluster){ + completed := runWatchTest(t, db, []func(old *v1alpha1.Cluster, new *v1alpha1.Cluster){ func(old *v1alpha1.Cluster, new *v1alpha1.Cluster) { assert.Nil(t, old) assert.Equal(t, v1alpha1.KubernetesInternalAPIServerAddr, new.Server) @@ -72,6 +72,7 @@ func TestWatchClusters_CreateRemoveCluster(t *testing.T) { assert.Equal(t, "https://minikube", old.Server) }, }) + assert.True(t, completed, "Failed due to timeout") } func TestWatchClusters_LocalClusterModifications(t *testing.T) { @@ -104,7 +105,7 @@ func TestWatchClusters_LocalClusterModifications(t *testing.T) { kubeclientset := fake.NewClientset(emptyArgoCDConfigMap, argoCDSecret) settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) db := NewDB(fakeNamespace, settingsManager, kubeclientset) - runWatchTest(t, db, []func(old *v1alpha1.Cluster, new *v1alpha1.Cluster){ + completed := runWatchTest(t, db, []func(old *v1alpha1.Cluster, new *v1alpha1.Cluster){ func(old *v1alpha1.Cluster, new *v1alpha1.Cluster) { assert.Nil(t, old) assert.Equal(t, v1alpha1.KubernetesInternalAPIServerAddr, new.Server) @@ -127,4 +128,43 @@ func TestWatchClusters_LocalClusterModifications(t *testing.T) { assert.Equal(t, "in-cluster", new.Name) }, }) + assert.True(t, completed, "Failed due to timeout") +} + +func TestWatchClusters_LocalClusterModificationsWhenDisabled(t *testing.T) { + // !race: + // Intermittent failure when running TestWatchClusters_LocalClusterModifications with -race, likely due to race condition + // https://github.com/argoproj/argo-cd/issues/4755 + argoCDConfigMapWithInClusterServerAddressDisabled := &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: common.ArgoCDConfigMapName, + Namespace: fakeNamespace, + Labels: map[string]string{ + "app.kubernetes.io/part-of": "argocd", + }, + }, + Data: map[string]string{"cluster.inClusterEnabled": "false"}, + } + argoCDSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: common.ArgoCDSecretName, + Namespace: fakeNamespace, + Labels: map[string]string{ + "app.kubernetes.io/part-of": "argocd", + }, + }, + Data: map[string][]byte{ + "admin.password": nil, + "server.secretkey": nil, + }, + } + kubeclientset := fake.NewClientset(argoCDConfigMapWithInClusterServerAddressDisabled, argoCDSecret) + settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) + db := NewDB(fakeNamespace, settingsManager, kubeclientset) + completed := runWatchTest(t, db, []func(_ *v1alpha1.Cluster, _ *v1alpha1.Cluster){ + func(_ *v1alpha1.Cluster, _ *v1alpha1.Cluster) { + assert.Fail(t, "The in-cluster should not be added when disabled") + }, + }) + assert.False(t, completed, "Expecting the method to never complete because no cluster is ever added") } diff --git a/util/db/cluster_test.go b/util/db/cluster_test.go index 3b448bdeda42d..7243f3de47202 100644 --- a/util/db/cluster_test.go +++ b/util/db/cluster_test.go @@ -253,7 +253,7 @@ func TestRejectCreationForInClusterWhenDisabled(t *testing.T) { require.Error(t, err) } -func runWatchTest(t *testing.T, db ArgoDB, actions []func(old *v1alpha1.Cluster, new *v1alpha1.Cluster)) { +func runWatchTest(t *testing.T, db ArgoDB, actions []func(old *v1alpha1.Cluster, new *v1alpha1.Cluster)) (completed bool) { t.Helper() ctx, cancel := context.WithCancel(context.Background()) defer cancel() @@ -290,11 +290,144 @@ func runWatchTest(t *testing.T, db ArgoDB, actions []func(old *v1alpha1.Cluster, select { case <-allDone: + return true case <-time.After(timeout): - assert.Fail(t, "Failed due to timeout") + return false } } +func TestGetCluster(t *testing.T) { + emptyArgoCDConfigMap := &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: common.ArgoCDConfigMapName, + Namespace: fakeNamespace, + Labels: map[string]string{ + "app.kubernetes.io/part-of": "argocd", + }, + }, + Data: map[string]string{}, + } + argoCDConfigMapWithInClusterServerAddressDisabled := &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: common.ArgoCDConfigMapName, + Namespace: fakeNamespace, + Labels: map[string]string{ + "app.kubernetes.io/part-of": "argocd", + }, + }, + Data: map[string]string{"cluster.inClusterEnabled": "false"}, + } + argoCDSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: common.ArgoCDSecretName, + Namespace: fakeNamespace, + Labels: map[string]string{ + "app.kubernetes.io/part-of": "argocd", + }, + }, + Data: map[string][]byte{ + "admin.password": nil, + "server.secretkey": nil, + }, + } + secretForServerWithInClusterAddr := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "mycluster1", + Namespace: fakeNamespace, + Labels: map[string]string{ + common.LabelKeySecretType: common.LabelValueSecretTypeCluster, + }, + }, + Data: map[string][]byte{ + "server": []byte(v1alpha1.KubernetesInternalAPIServerAddr), + "name": []byte("in-cluster-renamed"), + }, + } + + secretForServerWithExternalClusterAddr := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "mycluster2", + Namespace: fakeNamespace, + Labels: map[string]string{ + common.LabelKeySecretType: common.LabelValueSecretTypeCluster, + }, + }, + Data: map[string][]byte{ + "server": []byte("http://mycluster2"), + "name": []byte("mycluster2"), + }, + } + + t.Run("Valid external cluster", func(t *testing.T) { + kubeclientset := fake.NewClientset(secretForServerWithExternalClusterAddr, emptyArgoCDConfigMap, argoCDSecret) + settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) + db := NewDB(fakeNamespace, settingsManager, kubeclientset) + + cluster, err := db.GetCluster(context.TODO(), string(secretForServerWithExternalClusterAddr.Data["server"])) + require.NoError(t, err) + assert.Equal(t, string(secretForServerWithExternalClusterAddr.Data["server"]), cluster.Server) + assert.Equal(t, string(secretForServerWithExternalClusterAddr.Data["name"]), cluster.Name) + }) + + t.Run("invalid cluster", func(t *testing.T) { + kubeclientset := fake.NewClientset(emptyArgoCDConfigMap, argoCDSecret) + settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) + db := NewDB(fakeNamespace, settingsManager, kubeclientset) + + _, err := db.GetCluster(context.TODO(), "https://mycluster-does-not-exist") + require.Error(t, err) + status, ok := status.FromError(err) + assert.True(t, ok) + assert.Equal(t, codes.NotFound, status.Code()) + }) + + t.Run("in-cluster not configured", func(t *testing.T) { + kubeclientset := fake.NewClientset(emptyArgoCDConfigMap, argoCDSecret) + settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) + db := NewDB(fakeNamespace, settingsManager, kubeclientset) + + cluster, err := db.GetCluster(context.TODO(), v1alpha1.KubernetesInternalAPIServerAddr) + require.NoError(t, err) + assert.Equal(t, v1alpha1.KubernetesInternalAPIServerAddr, cluster.Server) + assert.Equal(t, "in-cluster", cluster.Name) + }) + + t.Run("in-cluster disabled", func(t *testing.T) { + kubeclientset := fake.NewClientset(argoCDConfigMapWithInClusterServerAddressDisabled, argoCDSecret) + settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) + db := NewDB(fakeNamespace, settingsManager, kubeclientset) + + _, err := db.GetCluster(context.TODO(), v1alpha1.KubernetesInternalAPIServerAddr) + require.Error(t, err) + status, ok := status.FromError(err) + assert.True(t, ok) + assert.Equal(t, codes.NotFound, status.Code()) + }) + + t.Run("in-cluster configured", func(t *testing.T) { + kubeclientset := fake.NewClientset(secretForServerWithInClusterAddr, emptyArgoCDConfigMap, argoCDSecret) + settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) + db := NewDB(fakeNamespace, settingsManager, kubeclientset) + + cluster, err := db.GetCluster(context.TODO(), v1alpha1.KubernetesInternalAPIServerAddr) + require.NoError(t, err) + assert.Equal(t, v1alpha1.KubernetesInternalAPIServerAddr, cluster.Server) + assert.Equal(t, "in-cluster-renamed", cluster.Name) + }) + + t.Run("in-cluster configured and disabled", func(t *testing.T) { + kubeclientset := fake.NewClientset(secretForServerWithInClusterAddr, argoCDConfigMapWithInClusterServerAddressDisabled, argoCDSecret) + settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) + db := NewDB(fakeNamespace, settingsManager, kubeclientset) + + _, err := db.GetCluster(context.TODO(), v1alpha1.KubernetesInternalAPIServerAddr) + require.Error(t, err) + status, ok := status.FromError(err) + assert.True(t, ok) + assert.Equal(t, codes.NotFound, status.Code()) + }) +} + func TestListClusters(t *testing.T) { emptyArgoCDConfigMap := &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ @@ -421,6 +554,113 @@ func TestListClusters(t *testing.T) { }) } +func TestGetClusterServersByName(t *testing.T) { + emptyArgoCDConfigMap := &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: common.ArgoCDConfigMapName, + Namespace: fakeNamespace, + Labels: map[string]string{ + "app.kubernetes.io/part-of": "argocd", + }, + }, + Data: map[string]string{}, + } + argoCDSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: common.ArgoCDSecretName, + Namespace: fakeNamespace, + Labels: map[string]string{ + "app.kubernetes.io/part-of": "argocd", + }, + }, + Data: map[string][]byte{ + "admin.password": nil, + "server.secretkey": nil, + }, + } + argoCDConfigMapWithInClusterServerAddressDisabled := &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: common.ArgoCDConfigMapName, + Namespace: fakeNamespace, + Labels: map[string]string{ + "app.kubernetes.io/part-of": "argocd", + }, + }, + Data: map[string]string{"cluster.inClusterEnabled": "false"}, + } + argoCDSecretInClusterConfigured := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster-secret", + Namespace: fakeNamespace, + Labels: map[string]string{ + common.LabelKeySecretType: common.LabelValueSecretTypeCluster, + }, + Annotations: map[string]string{ + common.AnnotationKeyManagedBy: common.AnnotationValueManagedByArgoCD, + }, + }, + Data: map[string][]byte{ + "name": []byte("in-cluster-renamed"), + "server": []byte(v1alpha1.KubernetesInternalAPIServerAddr), + "config": []byte("{}"), + }, + } + + t.Run("returns the server name", func(t *testing.T) { + argoCDClusterSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster-secret", + Namespace: fakeNamespace, + Labels: map[string]string{ + common.LabelKeySecretType: common.LabelValueSecretTypeCluster, + }, + Annotations: map[string]string{ + common.AnnotationKeyManagedBy: common.AnnotationValueManagedByArgoCD, + }, + }, + Data: map[string][]byte{ + "name": []byte("my-cluster-name"), + "server": []byte("https://my-cluster-server"), + "config": []byte("{}"), + }, + } + + kubeclientset := fake.NewClientset(emptyArgoCDConfigMap, argoCDClusterSecret, argoCDSecret) + db := NewDB(fakeNamespace, settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace), kubeclientset) + servers, err := db.GetClusterServersByName(context.Background(), "my-cluster-name") + require.NoError(t, err) + assert.ElementsMatch(t, []string{"https://my-cluster-server"}, servers) + }) + t.Run("returns in-cluster", func(t *testing.T) { + kubeclientset := fake.NewClientset(emptyArgoCDConfigMap, argoCDSecret) + db := NewDB(fakeNamespace, settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace), kubeclientset) + servers, err := db.GetClusterServersByName(context.Background(), "in-cluster") + require.NoError(t, err) + assert.ElementsMatch(t, []string{v1alpha1.KubernetesInternalAPIServerAddr}, servers) + }) + t.Run("does not return in-cluster when disabled", func(t *testing.T) { + kubeclientset := fake.NewClientset(argoCDConfigMapWithInClusterServerAddressDisabled, argoCDSecret) + db := NewDB(fakeNamespace, settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace), kubeclientset) + servers, err := db.GetClusterServersByName(context.Background(), "in-cluster") + require.NoError(t, err) + assert.Empty(t, servers) + }) + t.Run("returns in-cluster when configured", func(t *testing.T) { + kubeclientset := fake.NewClientset(emptyArgoCDConfigMap, argoCDSecretInClusterConfigured, argoCDSecret) + db := NewDB(fakeNamespace, settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace), kubeclientset) + servers, err := db.GetClusterServersByName(context.Background(), "in-cluster-renamed") + require.NoError(t, err) + assert.ElementsMatch(t, []string{v1alpha1.KubernetesInternalAPIServerAddr}, servers) + }) + t.Run("does not return in-cluster when configured and disabled", func(t *testing.T) { + kubeclientset := fake.NewClientset(argoCDConfigMapWithInClusterServerAddressDisabled, argoCDSecretInClusterConfigured, argoCDSecret) + db := NewDB(fakeNamespace, settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace), kubeclientset) + servers, err := db.GetClusterServersByName(context.Background(), "in-cluster-renamed") + require.NoError(t, err) + assert.Empty(t, servers) + }) +} + // TestClusterRaceConditionClusterSecrets reproduces a race condition // on the cluster secrets. The test isn't asserting anything because // before the fix it would cause a panic from concurrent map iteration and map write diff --git a/util/db/db_test.go b/util/db/db_test.go index 04853aa871301..246a96f5554b1 100644 --- a/util/db/db_test.go +++ b/util/db/db_test.go @@ -502,42 +502,6 @@ func TestRepositorySecretsTrim(t *testing.T) { } } -func TestGetClusterSuccessful(t *testing.T) { - server := "my-cluster" - name := "my-name" - clientset := getClientset(nil, &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: testNamespace, - Labels: map[string]string{ - common.LabelKeySecretType: common.LabelValueSecretTypeCluster, - }, - }, - Data: map[string][]byte{ - "server": []byte(server), - "name": []byte(name), - "config": []byte("{}"), - }, - }) - - db := NewDB(testNamespace, settings.NewSettingsManager(context.Background(), clientset, testNamespace), clientset) - cluster, err := db.GetCluster(context.Background(), server) - require.NoError(t, err) - assert.Equal(t, server, cluster.Server) - assert.Equal(t, name, cluster.Name) -} - -func TestGetNonExistingCluster(t *testing.T) { - server := "https://mycluster" - clientset := getClientset(nil) - - db := NewDB(testNamespace, settings.NewSettingsManager(context.Background(), clientset, testNamespace), clientset) - _, err := db.GetCluster(context.Background(), server) - require.Error(t, err) - status, ok := status.FromError(err) - assert.True(t, ok) - assert.Equal(t, codes.NotFound, status.Code()) -} - func TestCreateClusterSuccessful(t *testing.T) { server := "https://mycluster" clientset := getClientset(nil) @@ -752,62 +716,6 @@ func TestHelmRepositorySecretsTrim(t *testing.T) { } } -func TestGetClusterServersByName(t *testing.T) { - clientset := getClientset(nil, &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: "my-cluster-secret", - Namespace: testNamespace, - Labels: map[string]string{ - common.LabelKeySecretType: common.LabelValueSecretTypeCluster, - }, - Annotations: map[string]string{ - common.AnnotationKeyManagedBy: common.AnnotationValueManagedByArgoCD, - }, - }, - Data: map[string][]byte{ - "name": []byte("my-cluster-name"), - "server": []byte("https://my-cluster-server"), - "config": []byte("{}"), - }, - }) - db := NewDB(testNamespace, settings.NewSettingsManager(context.Background(), clientset, testNamespace), clientset) - servers, err := db.GetClusterServersByName(context.Background(), "my-cluster-name") - require.NoError(t, err) - assert.ElementsMatch(t, []string{"https://my-cluster-server"}, servers) -} - -func TestGetClusterServersByName_InClusterNotConfigured(t *testing.T) { - clientset := getClientset(nil) - db := NewDB(testNamespace, settings.NewSettingsManager(context.Background(), clientset, testNamespace), clientset) - servers, err := db.GetClusterServersByName(context.Background(), "in-cluster") - require.NoError(t, err) - assert.ElementsMatch(t, []string{v1alpha1.KubernetesInternalAPIServerAddr}, servers) -} - -func TestGetClusterServersByName_InClusterConfigured(t *testing.T) { - clientset := getClientset(nil, &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: "my-cluster-secret", - Namespace: testNamespace, - Labels: map[string]string{ - common.LabelKeySecretType: common.LabelValueSecretTypeCluster, - }, - Annotations: map[string]string{ - common.AnnotationKeyManagedBy: common.AnnotationValueManagedByArgoCD, - }, - }, - Data: map[string][]byte{ - "name": []byte("in-cluster-renamed"), - "server": []byte(v1alpha1.KubernetesInternalAPIServerAddr), - "config": []byte("{}"), - }, - }) - db := NewDB(testNamespace, settings.NewSettingsManager(context.Background(), clientset, testNamespace), clientset) - servers, err := db.GetClusterServersByName(context.Background(), "in-cluster-renamed") - require.NoError(t, err) - assert.ElementsMatch(t, []string{v1alpha1.KubernetesInternalAPIServerAddr}, servers) -} - func TestGetApplicationControllerReplicas(t *testing.T) { clientset := getClientset(nil) expectedReplicas := int32(2) diff --git a/util/db/repository.go b/util/db/repository.go index 38c8af581829b..cba225299febb 100644 --- a/util/db/repository.go +++ b/util/db/repository.go @@ -111,9 +111,9 @@ func (db *db) GetWriteRepository(ctx context.Context, repoURL, project string) ( } // TODO: enrich with write credentials. - //if err := db.enrichCredsToRepo(ctx, repository); err != nil { - // return repository, fmt.Errorf("unable to enrich write repository %q info with credentials: %w", repoURL, err) - //} + // if err := db.enrichCredsToRepo(ctx, repository); err != nil { + // return repository, fmt.Errorf("unable to enrich write repository %q info with credentials: %w", repoURL, err) + // } return repository, err } @@ -367,9 +367,9 @@ func (db *db) GetWriteRepositoryCredentials(ctx context.Context, repoURL string) } // TODO: enrich with write credentials. - //if err := db.enrichCredsToRepo(ctx, repository); err != nil { - // return repository, fmt.Errorf("unable to enrich write repository %q info with credentials: %w", repoURL, err) - //} + // if err := db.enrichCredsToRepo(ctx, repository); err != nil { + // return repository, fmt.Errorf("unable to enrich write repository %q info with credentials: %w", repoURL, err) + // } creds, err := secretBackend.GetRepoCreds(ctx, repoURL) if err != nil { diff --git a/util/db/repository_secrets.go b/util/db/repository_secrets.go index cd5ca7093af9f..53a264e30b95e 100644 --- a/util/db/repository_secrets.go +++ b/util/db/repository_secrets.go @@ -360,6 +360,12 @@ func secretToRepository(secret *corev1.Secret) (*appsv1.Repository, error) { } repository.ForceHttpBasicAuth = forceBasicAuth + useAzureWorkloadIdentity, err := boolOrFalse(secret, "useAzureWorkloadIdentity") + if err != nil { + return repository, err + } + repository.UseAzureWorkloadIdentity = useAzureWorkloadIdentity + return repository, nil } @@ -389,6 +395,7 @@ func (s *secretsRepositoryBackend) repositoryToSecret(repository *appsv1.Reposit updateSecretString(secret, "noProxy", repository.NoProxy) updateSecretString(secret, "gcpServiceAccountKey", repository.GCPServiceAccountKey) updateSecretBool(secret, "forceHttpBasicAuth", repository.ForceHttpBasicAuth) + updateSecretBool(secret, "useAzureWorkloadIdentity", repository.UseAzureWorkloadIdentity) addSecretMetadata(secret, s.getSecretType()) } @@ -432,6 +439,12 @@ func (s *secretsRepositoryBackend) secretToRepoCred(secret *corev1.Secret) (*app } repository.ForceHttpBasicAuth = forceBasicAuth + useAzureWorkloadIdentity, err := boolOrFalse(secret, "useAzureWorkloadIdentity") + if err != nil { + return repository, err + } + repository.UseAzureWorkloadIdentity = useAzureWorkloadIdentity + return repository, nil } @@ -456,6 +469,7 @@ func repoCredsToSecret(repoCreds *appsv1.RepoCreds, secret *corev1.Secret) { updateSecretString(secret, "proxy", repoCreds.Proxy) updateSecretString(secret, "noProxy", repoCreds.NoProxy) updateSecretBool(secret, "forceHttpBasicAuth", repoCreds.ForceHttpBasicAuth) + updateSecretBool(secret, "useAzureWorkloadIdentity", repoCreds.UseAzureWorkloadIdentity) addSecretMetadata(secret, common.LabelValueSecretTypeRepoCreds) } diff --git a/util/db/repository_secrets_test.go b/util/db/repository_secrets_test.go index b01f7338f7696..0f656076648af 100644 --- a/util/db/repository_secrets_test.go +++ b/util/db/repository_secrets_test.go @@ -295,15 +295,16 @@ func TestSecretsRepositoryBackend_ListRepositories(t *testing.T) { assert.Len(t, repositories, 2) for _, repository := range repositories { - if repository.Name == "ArgoCD" { + switch { + case repository.Name == "ArgoCD": assert.Equal(t, "git@github.com:argoproj/argo-cd.git", repository.Repo) assert.Equal(t, "someUsername", repository.Username) assert.Equal(t, "somePassword", repository.Password) - } else if repository.Name == "UserManagedRepo" { + case repository.Name == "UserManagedRepo": assert.Equal(t, "git@github.com:argoproj/argoproj.git", repository.Repo) assert.Equal(t, "someOtherUsername", repository.Username) assert.Equal(t, "someOtherPassword", repository.Password) - } else { + default: assert.Fail(t, "unexpected repository found in list") } } diff --git a/util/env/env.go b/util/env/env.go index 686ef8089154c..ca660922f1e04 100644 --- a/util/env/env.go +++ b/util/env/env.go @@ -13,8 +13,6 @@ import ( // Helper function to parse a number from an environment variable. Returns a // default if env is not set, is not parseable to a number, exceeds max (if // max is greater than 0) or is less than min. -// -// nolint:unparam func ParseNumFromEnv(env string, defaultValue, min, max int) int { str := os.Getenv(env) if str == "" { @@ -43,8 +41,6 @@ func ParseNumFromEnv(env string, defaultValue, min, max int) int { // Helper function to parse a int64 from an environment variable. Returns a // default if env is not set, is not parseable to a number, exceeds max (if // max is greater than 0) or is less than min. -// -// nolint:unparam func ParseInt64FromEnv(env string, defaultValue, min, max int64) int64 { str := os.Getenv(env) if str == "" { @@ -70,8 +66,6 @@ func ParseInt64FromEnv(env string, defaultValue, min, max int64) int64 { // Helper function to parse a float32 from an environment variable. Returns a // default if env is not set, is not parseable to a number, exceeds max (if // max is greater than 0) or is less than min (and min is greater than 0). -// -// nolint:unparam func ParseFloatFromEnv(env string, defaultValue, min, max float32) float32 { str := os.Getenv(env) if str == "" { @@ -97,8 +91,6 @@ func ParseFloatFromEnv(env string, defaultValue, min, max float32) float32 { // Helper function to parse a float64 from an environment variable. Returns a // default if env is not set, is not parseable to a number, exceeds max (if // max is greater than 0) or is less than min (and min is greater than 0). -// -// nolint:unparam func ParseFloat64FromEnv(env string, defaultValue, min, max float64) float64 { str := os.Getenv(env) if str == "" { diff --git a/util/git/client.go b/util/git/client.go index 160a924893d07..f116312d04515 100644 --- a/util/git/client.go +++ b/util/git/client.go @@ -319,7 +319,16 @@ func newAuth(repoURL string, creds Creds) (transport.AuthMethod, error) { auth := githttp.BasicAuth{Username: username, Password: token} return &auth, nil + case AzureWorkloadIdentityCreds: + token, err := creds.GetAzureDevOpsAccessToken() + if err != nil { + return nil, fmt.Errorf("failed to get access token from creds: %w", err) + } + + auth := githttp.TokenAuth{Token: token} + return &auth, nil } + return nil, nil } @@ -463,10 +472,7 @@ func (m *nativeGitClient) Submodule() error { if err := m.runCredentialedCmd("submodule", "sync", "--recursive"); err != nil { return err } - if err := m.runCredentialedCmd("submodule", "update", "--init", "--recursive"); err != nil { - return err - } - return nil + return m.runCredentialedCmd("submodule", "update", "--init", "--recursive") } // Checkout checks out the specified revision @@ -949,7 +955,6 @@ func (m *nativeGitClient) runCmd(args ...string) (string, error) { } // runCredentialedCmd is a convenience function to run a git command with username/password credentials -// nolint:unparam func (m *nativeGitClient) runCredentialedCmd(args ...string) error { closer, environ, err := m.creds.Environ() if err != nil { diff --git a/util/git/client_test.go b/util/git/client_test.go index 497c32fc0a9d3..f66f0b942cb7d 100644 --- a/util/git/client_test.go +++ b/util/git/client_test.go @@ -9,8 +9,11 @@ import ( "testing" "time" + githttp "github.com/go-git/go-git/v5/plumbing/transport/http" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/argoproj/argo-cd/v3/util/workloadidentity/mocks" ) func runCmd(workingDir string, name string, args ...string) error { @@ -836,3 +839,17 @@ func Test_nativeGitClient_CommitAndPush(t *testing.T) { actualCommitHash := strings.TrimSpace(string(gitCurrentCommitHash)) require.Equal(t, expectedCommitHash, actualCommitHash) } + +func Test_newAuth_AzureWorkloadIdentity(t *testing.T) { + tokenprovider := new(mocks.TokenProvider) + tokenprovider.On("GetToken", azureDevopsEntraResourceId).Return("accessToken", nil) + + creds := AzureWorkloadIdentityCreds{store: NoopCredsStore{}, tokenProvider: tokenprovider} + + auth, err := newAuth("", creds) + require.NoError(t, err) + _, ok := auth.(*githttp.TokenAuth) + if !ok { + t.Fatalf("expected TokenAuth but got %T", auth) + } +} diff --git a/util/git/creds.go b/util/git/creds.go index e2a45df25c8f0..f29d7b30e3122 100644 --- a/util/git/creds.go +++ b/util/git/creds.go @@ -29,8 +29,10 @@ import ( log "github.com/sirupsen/logrus" "github.com/argoproj/argo-cd/v3/common" + argoutils "github.com/argoproj/argo-cd/v3/util" certutil "github.com/argoproj/argo-cd/v3/util/cert" argoioutils "github.com/argoproj/argo-cd/v3/util/io" + "github.com/argoproj/argo-cd/v3/util/workloadidentity" ) var ( @@ -38,12 +40,17 @@ var ( githubAppTokenCache *gocache.Cache // In memory cache for storing oauth2.TokenSource used to generate Google Cloud OAuth tokens googleCloudTokenSource *gocache.Cache + + // In memory cache for storing Azure tokens + azureTokenCache *gocache.Cache ) const ( // githubAccessTokenUsername is a username that is used to with the github access token githubAccessTokenUsername = "x-access-token" forceBasicAuthHeaderEnv = "ARGOCD_GIT_AUTH_HEADER" + // This is the resource id of the OAuth application of Azure Devops. + azureDevopsEntraResourceId = "499b84ac-1321-427f-aa17-267ca6975798/.default" ) func init() { @@ -57,6 +64,7 @@ func init() { githubAppTokenCache = gocache.New(githubAppCredsExp, 1*time.Minute) // oauth2.TokenSource handles fetching new Tokens once they are expired. The oauth2.TokenSource itself does not expire. googleCloudTokenSource = gocache.New(gocache.NoExpiration, 0) + azureTokenCache = gocache.New(gocache.NoExpiration, 0) } type NoopCredsStore struct{} @@ -671,3 +679,63 @@ func (c GoogleCloudCreds) getAccessToken() (string, error) { return token.AccessToken, nil } + +var _ Creds = AzureWorkloadIdentityCreds{} + +type AzureWorkloadIdentityCreds struct { + store CredsStore + tokenProvider workloadidentity.TokenProvider +} + +func NewAzureWorkloadIdentityCreds(store CredsStore, tokenProvider workloadidentity.TokenProvider) AzureWorkloadIdentityCreds { + return AzureWorkloadIdentityCreds{ + store: store, + tokenProvider: tokenProvider, + } +} + +// GetUserInfo returns the username and email address for the credentials, if they're available. +func (creds AzureWorkloadIdentityCreds) GetUserInfo(_ context.Context) (string, string, error) { + // Email not implemented for HTTPS creds. + return workloadidentity.EmptyGuid, "", nil +} + +func (creds AzureWorkloadIdentityCreds) Environ() (io.Closer, []string, error) { + token, err := creds.GetAzureDevOpsAccessToken() + if err != nil { + return NopCloser{}, nil, err + } + nonce := creds.store.Add("", token) + env := creds.store.Environ(nonce) + + return argoioutils.NewCloser(func() error { + creds.store.Remove(nonce) + return nil + }), env, nil +} + +func (creds AzureWorkloadIdentityCreds) getAccessToken(scope string) (string, error) { + // Compute hash of creds for lookup in cache + key, err := argoutils.GenerateCacheKey("%s", scope) + if err != nil { + return "", fmt.Errorf("failed to get get SHA256 hash for Azure credentials: %w", err) + } + + t, found := azureTokenCache.Get(key) + if found { + return t.(string), nil + } + + token, err := creds.tokenProvider.GetToken(scope) + if err != nil { + return "", fmt.Errorf("failed to get Azure access token: %w", err) + } + + azureTokenCache.Set(key, token, 2*time.Hour) + return token, nil +} + +func (creds AzureWorkloadIdentityCreds) GetAzureDevOpsAccessToken() (string, error) { + accessToken, err := creds.getAccessToken(azureDevopsEntraResourceId) // wellknown resourceid of Azure DevOps + return accessToken, err +} diff --git a/util/git/creds_test.go b/util/git/creds_test.go index 03d24ae13de9f..bb8f56377bcee 100644 --- a/util/git/creds_test.go +++ b/util/git/creds_test.go @@ -1,6 +1,7 @@ package git import ( + "context" "encoding/base64" "fmt" "os" @@ -19,6 +20,8 @@ import ( "github.com/argoproj/argo-cd/v3/util/cert" "github.com/argoproj/argo-cd/v3/util/io" + "github.com/argoproj/argo-cd/v3/util/workloadidentity" + "github.com/argoproj/argo-cd/v3/util/workloadidentity/mocks" ) type cred struct { @@ -388,3 +391,51 @@ func TestGoogleCloudCreds_Environ_cleanup(t *testing.T) { io.Close(closer) assert.Len(t, store.creds, credsLenBefore-1) } + +func TestAzureWorkloadIdentityCreds_Environ(t *testing.T) { + store := &memoryCredsStore{creds: make(map[string]cred)} + workloadIdentityMock := new(mocks.TokenProvider) + workloadIdentityMock.On("GetToken", azureDevopsEntraResourceId).Return("accessToken", nil) + creds := AzureWorkloadIdentityCreds{store, workloadIdentityMock} + _, _, err := creds.Environ() + require.NoError(t, err) + assert.Len(t, store.creds, 1) + + for _, value := range store.creds { + assert.Equal(t, "", value.username) + assert.Equal(t, "accessToken", value.password) + } +} + +func TestAzureWorkloadIdentityCreds_Environ_cleanup(t *testing.T) { + store := &memoryCredsStore{creds: make(map[string]cred)} + workloadIdentityMock := new(mocks.TokenProvider) + workloadIdentityMock.On("GetToken", azureDevopsEntraResourceId).Return("accessToken", nil) + creds := AzureWorkloadIdentityCreds{store, workloadIdentityMock} + closer, _, err := creds.Environ() + require.NoError(t, err) + credsLenBefore := len(store.creds) + io.Close(closer) + assert.Len(t, store.creds, credsLenBefore-1) +} + +func TestAzureWorkloadIdentityCreds_GetUserInfo(t *testing.T) { + store := &memoryCredsStore{creds: make(map[string]cred)} + workloadIdentityMock := new(mocks.TokenProvider) + workloadIdentityMock.On("GetToken", azureDevopsEntraResourceId).Return("accessToken", nil) + creds := AzureWorkloadIdentityCreds{store, workloadIdentityMock} + + user, email, err := creds.GetUserInfo(context.Background()) + require.NoError(t, err) + assert.Equal(t, workloadidentity.EmptyGuid, user) + assert.Equal(t, "", email) +} + +func TestGetHelmCredsShouldReturnHelmCredsIfAzureWorkloadIdentityNotSpecified(t *testing.T) { + var creds Creds = NewAzureWorkloadIdentityCreds(NoopCredsStore{}, new(mocks.TokenProvider)) + + _, ok := creds.(AzureWorkloadIdentityCreds) + if !ok { + t.Fatalf("expected HelmCreds but got %T", creds) + } +} diff --git a/util/glob/list.go b/util/glob/list.go index 86ebbd39d124f..9a62374c2e645 100644 --- a/util/glob/list.go +++ b/util/glob/list.go @@ -20,11 +20,12 @@ const ( func MatchStringInList(list []string, item string, patternMatch string) bool { for _, ll := range list { // If string is wrapped in "/", assume it is a regular expression. - if patternMatch == REGEXP && strings.HasPrefix(ll, "/") && strings.HasSuffix(ll, "/") && regex.Match(ll[1:len(ll)-1], item) { + switch { + case patternMatch == REGEXP && strings.HasPrefix(ll, "/") && strings.HasSuffix(ll, "/") && regex.Match(ll[1:len(ll)-1], item): return true - } else if (patternMatch == REGEXP || patternMatch == GLOB) && Match(ll, item) { + case (patternMatch == REGEXP || patternMatch == GLOB) && Match(ll, item): return true - } else if patternMatch == EXACT && item == ll { + case patternMatch == EXACT && item == ll: return true } } diff --git a/util/grpc/grpc.go b/util/grpc/grpc.go index 960d39cfe0794..3121be83c6120 100644 --- a/util/grpc/grpc.go +++ b/util/grpc/grpc.go @@ -86,15 +86,15 @@ func BlockingDial(ctx context.Context, network, address string, creds credential // channel to either get the channel or fail-fast. go func() { opts = append(opts, - // nolint:staticcheck + //nolint:staticcheck grpc.WithBlock(), - // nolint:staticcheck + //nolint:staticcheck grpc.FailOnNonTempDialError(true), grpc.WithContextDialer(dialer), grpc.WithTransportCredentials(insecure.NewCredentials()), // we are handling TLS, so tell grpc not to grpc.WithKeepaliveParams(keepalive.ClientParameters{Time: common.GetGRPCKeepAliveTime()}), ) - // nolint:staticcheck + //nolint:staticcheck conn, err := grpc.DialContext(ctx, address, opts...) var res any if err != nil { diff --git a/util/helm/client.go b/util/helm/client.go index e683b19500f8f..ea362a799eb74 100644 --- a/util/helm/client.go +++ b/util/helm/client.go @@ -40,15 +40,6 @@ var ( OCINotEnabledErr = errors.New("could not perform the action when oci is not enabled") ) -type Creds struct { - Username string - Password string - CAPath string - CertData []byte - KeyData []byte - InsecureSkipVerify bool -} - type indexCache interface { SetHelmIndex(repo string, indexData []byte) error GetHelmIndex(repo string, indexData *[]byte) error @@ -187,7 +178,11 @@ func (c *nativeHelmChart) ExtractChart(chart string, version string, project str defer func() { _ = os.RemoveAll(tempDest) }() if c.enableOci { - if c.creds.Password != "" && c.creds.Username != "" { + helmPassword, err := c.creds.GetPassword() + if err != nil { + return "", nil, fmt.Errorf("failed to get password for helm registry: %w", err) + } + if helmPassword != "" && c.creds.GetUsername() != "" { _, err = helmCmd.RegistryLogin(c.repoURL, c.creds) if err != nil { _ = os.RemoveAll(tempDir) @@ -293,7 +288,11 @@ func (c *nativeHelmChart) TestHelmOCI() (bool, error) { // Looks like there is no good way to test access to OCI repo if credentials are not provided // just assume it is accessible - if c.creds.Username != "" && c.creds.Password != "" { + helmPassword, err := c.creds.GetPassword() + if err != nil { + return false, fmt.Errorf("failed to get password for helm registry: %w", err) + } + if c.creds.GetUsername() != "" && helmPassword != "" { _, err = helmCmd.RegistryLogin(c.repoURL, c.creds) if err != nil { return false, fmt.Errorf("error logging into OCI registry: %w", err) @@ -317,9 +316,13 @@ func (c *nativeHelmChart) loadRepoIndex(maxIndexSize int64) ([]byte, error) { if err != nil { return nil, fmt.Errorf("error creating HTTP request: %w", err) } - if c.creds.Username != "" || c.creds.Password != "" { + helmPassword, err := c.creds.GetPassword() + if err != nil { + return nil, fmt.Errorf("failed to get password for helm registry: %w", err) + } + if c.creds.GetUsername() != "" || helmPassword != "" { // only basic supported - req.SetBasicAuth(c.creds.Username, c.creds.Password) + req.SetBasicAuth(c.creds.GetUsername(), helmPassword) } tlsConf, err := newTLSConfig(c.creds) @@ -346,12 +349,12 @@ func (c *nativeHelmChart) loadRepoIndex(maxIndexSize int64) ([]byte, error) { } func newTLSConfig(creds Creds) (*tls.Config, error) { - tlsConfig := &tls.Config{InsecureSkipVerify: creds.InsecureSkipVerify} + tlsConfig := &tls.Config{InsecureSkipVerify: creds.GetInsecureSkipVerify()} - if creds.CAPath != "" { - caData, err := os.ReadFile(creds.CAPath) + if creds.GetCAPath() != "" { + caData, err := os.ReadFile(creds.GetCAPath()) if err != nil { - return nil, fmt.Errorf("error reading CA file %s: %w", creds.CAPath, err) + return nil, fmt.Errorf("error reading CA file %s: %w", creds.GetCAPath(), err) } caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caData) @@ -359,14 +362,14 @@ func newTLSConfig(creds Creds) (*tls.Config, error) { } // If a client cert & key is provided then configure TLS config accordingly. - if len(creds.CertData) > 0 && len(creds.KeyData) > 0 { - cert, err := tls.X509KeyPair(creds.CertData, creds.KeyData) + if len(creds.GetCertData()) > 0 && len(creds.GetKeyData()) > 0 { + cert, err := tls.X509KeyPair(creds.GetCertData(), creds.GetKeyData()) if err != nil { return nil, fmt.Errorf("error creating X509 key pair: %w", err) } tlsConfig.Certificates = []tls.Certificate{cert} } - // nolint:staticcheck + //nolint:staticcheck tlsConfig.BuildNameToCertificate() return tlsConfig, nil @@ -447,13 +450,18 @@ func (c *nativeHelmChart) GetTags(chart string, noCache bool) (*TagsList, error) }} repoHost, _, _ := strings.Cut(tagsURL, "/") + + helmPassword, err := c.creds.GetPassword() + if err != nil { + return nil, fmt.Errorf("failed to get password for helm registry: %w", err) + } credential := auth.StaticCredential(repoHost, auth.Credential{ - Username: c.creds.Username, - Password: c.creds.Password, + Username: c.creds.GetUsername(), + Password: helmPassword, }) // Try to fallback to the environment config, but we shouldn't error if the file is not set - if c.creds.Username == "" && c.creds.Password == "" { + if c.creds.GetUsername() == "" && helmPassword == "" { store, _ := credentials.NewStoreFromDocker(credentials.StoreOptions{}) if store != nil { credential = credentials.Credential(store) diff --git a/util/helm/client_test.go b/util/helm/client_test.go index a08d9493560d9..f3d4944f12c23 100644 --- a/util/helm/client_test.go +++ b/util/helm/client_test.go @@ -18,6 +18,7 @@ import ( "gopkg.in/yaml.v2" "github.com/argoproj/argo-cd/v3/util/io" + "github.com/argoproj/argo-cd/v3/util/workloadidentity/mocks" ) type fakeIndexCache struct { @@ -36,18 +37,18 @@ func (f *fakeIndexCache) GetHelmIndex(_ string, indexData *[]byte) error { func TestIndex(t *testing.T) { t.Run("Invalid", func(t *testing.T) { - client := NewClient("", Creds{}, false, "", "") + client := NewClient("", HelmCreds{}, false, "", "") _, err := client.GetIndex(false, 10000) require.Error(t, err) }) t.Run("Stable", func(t *testing.T) { - client := NewClient("https://argoproj.github.io/argo-helm", Creds{}, false, "", "") + client := NewClient("https://argoproj.github.io/argo-helm", HelmCreds{}, false, "", "") index, err := client.GetIndex(false, 10000) require.NoError(t, err) assert.NotNil(t, index) }) t.Run("BasicAuth", func(t *testing.T) { - client := NewClient("https://argoproj.github.io/argo-helm", Creds{ + client := NewClient("https://argoproj.github.io/argo-helm", HelmCreds{ Username: "my-password", Password: "my-username", }, false, "", "") @@ -62,7 +63,7 @@ func TestIndex(t *testing.T) { err := yaml.NewEncoder(&data).Encode(fakeIndex) require.NoError(t, err) - client := NewClient("https://argoproj.github.io/argo-helm", Creds{}, false, "", "", WithIndexCache(&fakeIndexCache{data: data.Bytes()})) + client := NewClient("https://argoproj.github.io/argo-helm", HelmCreds{}, false, "", "", WithIndexCache(&fakeIndexCache{data: data.Bytes()})) index, err := client.GetIndex(false, 10000) require.NoError(t, err) @@ -70,7 +71,7 @@ func TestIndex(t *testing.T) { }) t.Run("Limited", func(t *testing.T) { - client := NewClient("https://argoproj.github.io/argo-helm", Creds{}, false, "", "") + client := NewClient("https://argoproj.github.io/argo-helm", HelmCreds{}, false, "", "") _, err := client.GetIndex(false, 100) assert.ErrorContains(t, err, "unexpected end of stream") @@ -78,7 +79,7 @@ func TestIndex(t *testing.T) { } func Test_nativeHelmChart_ExtractChart(t *testing.T) { - client := NewClient("https://argoproj.github.io/argo-helm", Creds{}, false, "", "") + client := NewClient("https://argoproj.github.io/argo-helm", HelmCreds{}, false, "", "") path, closer, err := client.ExtractChart("argo-cd", "0.7.1", "", false, math.MaxInt64, true) require.NoError(t, err) defer io.Close(closer) @@ -88,13 +89,13 @@ func Test_nativeHelmChart_ExtractChart(t *testing.T) { } func Test_nativeHelmChart_ExtractChartWithLimiter(t *testing.T) { - client := NewClient("https://argoproj.github.io/argo-helm", Creds{}, false, "", "") + client := NewClient("https://argoproj.github.io/argo-helm", HelmCreds{}, false, "", "") _, _, err := client.ExtractChart("argo-cd", "0.7.1", "", false, 100, false) require.Error(t, err, "error while iterating on tar reader: unexpected EOF") } func Test_nativeHelmChart_ExtractChart_insecure(t *testing.T) { - client := NewClient("https://argoproj.github.io/argo-helm", Creds{InsecureSkipVerify: true}, false, "", "") + client := NewClient("https://argoproj.github.io/argo-helm", HelmCreds{InsecureSkipVerify: true}, false, "", "") path, closer, err := client.ExtractChart("argo-cd", "0.7.1", "", false, math.MaxInt64, true) require.NoError(t, err) defer io.Close(closer) @@ -188,7 +189,7 @@ func TestGetTagsFromUrl(t *testing.T) { require.NoError(t, json.NewEncoder(w).Encode(responseTags)) })) - client := NewClient(server.URL, Creds{InsecureSkipVerify: true}, true, "", "") + client := NewClient(server.URL, HelmCreds{InsecureSkipVerify: true}, true, "", "") tags, err := client.GetTags("mychart", true) require.NoError(t, err) @@ -204,7 +205,7 @@ func TestGetTagsFromUrl(t *testing.T) { }) t.Run("should return an error not when oci is not enabled", func(t *testing.T) { - client := NewClient("example.com", Creds{}, false, "", "") + client := NewClient("example.com", HelmCreds{}, false, "", "") _, err := client.GetTags("my-chart", true) assert.ErrorIs(t, OCINotEnabledErr, err) @@ -271,7 +272,7 @@ func TestGetTagsFromURLPrivateRepoAuthentication(t *testing.T) { for _, testCase := range testCases { t.Run(testCase.name, func(t *testing.T) { - client := NewClient(testCase.repoURL, Creds{ + client := NewClient(testCase.repoURL, HelmCreds{ InsecureSkipVerify: true, Username: username, Password: password, @@ -291,6 +292,104 @@ func TestGetTagsFromURLPrivateRepoAuthentication(t *testing.T) { } } +func TestGetTagsFromURLPrivateRepoWithAzureWorkloadIdentityAuthentication(t *testing.T) { + expectedAuthorization := "Basic MDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwOmFjY2Vzc1Rva2Vu" // base64(00000000-0000-0000-0000-000000000000:accessToken) + mockUrl := "" + serverUrl := func() string { + return mockUrl + } + + workloadIdentityMock := new(mocks.TokenProvider) + workloadIdentityMock.On("GetToken", "https://management.core.windows.net/.default").Return("accessToken", nil) + + server := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + t.Logf("called %s", r.URL.Path) + + switch r.URL.Path { + case "/v2/": + w.Header().Set("Www-Authenticate", fmt.Sprintf(`Bearer realm="%s",service="%s"`, serverUrl(), serverUrl()[8:])) + w.WriteHeader(http.StatusUnauthorized) + + case "/oauth2/exchange": + response := `{"refresh_token":"accessToken"}` + w.WriteHeader(http.StatusOK) + _, err := w.Write([]byte(response)) + require.NoError(t, err) + default: + authorization := r.Header.Get("Authorization") + + if authorization == "" { + w.Header().Set("WWW-Authenticate", `Basic realm="helm repo to get tags"`) + w.WriteHeader(http.StatusUnauthorized) + return + } + + assert.Equal(t, expectedAuthorization, authorization) + + responseTags := TagsList{ + Tags: []string{ + "2.8.0", + "2.8.0-prerelease", + "2.8.0_build", + "2.8.0-prerelease_build", + "2.8.0-prerelease.1_build.1234", + }, + } + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusOK) + require.NoError(t, json.NewEncoder(w).Encode(responseTags)) + } + })) + mockUrl = server.URL + t.Cleanup(server.Close) + + serverURL, err := url.Parse(server.URL) + require.NoError(t, err) + + testCases := []struct { + name string + repoURL string + }{ + { + name: "should login correctly when the repo path is in the server root with http scheme", + repoURL: server.URL, + }, + { + name: "should login correctly when the repo path is not in the server root with http scheme", + repoURL: server.URL + "/my-repo", + }, + { + name: "should login correctly when the repo path is in the server root without http scheme", + repoURL: serverURL.Host, + }, + { + name: "should login correctly when the repo path is not in the server root without http scheme", + repoURL: serverURL.Host + "/my-repo", + }, + } + + for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + client := NewClient(testCase.repoURL, AzureWorkloadIdentityCreds{ + repoUrl: server.URL[8:], + InsecureSkipVerify: true, + tokenProvider: workloadIdentityMock, + }, true, "", "") + + tags, err := client.GetTags("mychart", true) + + require.NoError(t, err) + assert.ElementsMatch(t, tags.Tags, []string{ + "2.8.0", + "2.8.0-prerelease", + "2.8.0+build", + "2.8.0-prerelease+build", + "2.8.0-prerelease.1+build.1234", + }) + }) + } +} + func TestGetTagsFromURLEnvironmentAuthentication(t *testing.T) { bearerToken := "Zm9vOmJhcg==" expectedAuthorization := "Basic " + bearerToken @@ -356,7 +455,7 @@ func TestGetTagsFromURLEnvironmentAuthentication(t *testing.T) { for _, testCase := range testCases { t.Run(testCase.name, func(t *testing.T) { - client := NewClient(testCase.repoURL, Creds{ + client := NewClient(testCase.repoURL, HelmCreds{ InsecureSkipVerify: true, }, true, "", "") diff --git a/util/helm/cmd.go b/util/helm/cmd.go index 490651f8e3b72..81d25b17ac765 100644 --- a/util/helm/cmd.go +++ b/util/helm/cmd.go @@ -80,20 +80,24 @@ func (c *Cmd) RegistryLogin(repo string, creds Creds) (string, error) { args := []string{"registry", "login"} args = append(args, repo) - if creds.Username != "" { - args = append(args, "--username", creds.Username) + if creds.GetUsername() != "" { + args = append(args, "--username", creds.GetUsername()) } - if creds.Password != "" { - args = append(args, "--password", creds.Password) + helmPassword, err := creds.GetPassword() + if err != nil { + return "", fmt.Errorf("failed to get password for helm registry: %w", err) + } + if helmPassword != "" { + args = append(args, "--password", helmPassword) } - if creds.CAPath != "" { - args = append(args, "--ca-file", creds.CAPath) + if creds.GetCAPath() != "" { + args = append(args, "--ca-file", creds.GetCAPath()) } - if len(creds.CertData) > 0 { - filePath, closer, err := writeToTmp(creds.CertData) + if len(creds.GetCertData()) > 0 { + filePath, closer, err := writeToTmp(creds.GetCertData()) if err != nil { return "", fmt.Errorf("failed to write certificate data to temporary file: %w", err) } @@ -101,8 +105,8 @@ func (c *Cmd) RegistryLogin(repo string, creds Creds) (string, error) { args = append(args, "--cert-file", filePath) } - if len(creds.KeyData) > 0 { - filePath, closer, err := writeToTmp(creds.KeyData) + if len(creds.GetKeyData()) > 0 { + filePath, closer, err := writeToTmp(creds.GetKeyData()) if err != nil { return "", fmt.Errorf("failed to write key data to temporary file: %w", err) } @@ -110,7 +114,7 @@ func (c *Cmd) RegistryLogin(repo string, creds Creds) (string, error) { args = append(args, "--key-file", filePath) } - if creds.InsecureSkipVerify { + if creds.GetInsecureSkipVerify() { args = append(args, "--insecure") } out, _, err := c.run(args...) @@ -139,28 +143,32 @@ func (c *Cmd) RepoAdd(name string, url string, opts Creds, passCredentials bool) args := []string{"repo", "add"} - if opts.Username != "" { - args = append(args, "--username", opts.Username) + if opts.GetUsername() != "" { + args = append(args, "--username", opts.GetUsername()) } - if opts.Password != "" { - args = append(args, "--password", opts.Password) + helmPassword, err := opts.GetPassword() + if err != nil { + return "", fmt.Errorf("failed to get password for helm registry: %w", err) + } + if helmPassword != "" { + args = append(args, "--password", helmPassword) } - if opts.CAPath != "" { - args = append(args, "--ca-file", opts.CAPath) + if opts.GetCAPath() != "" { + args = append(args, "--ca-file", opts.GetCAPath()) } - if opts.InsecureSkipVerify { + if opts.GetInsecureSkipVerify() { args = append(args, "--insecure-skip-tls-verify") } - if len(opts.CertData) > 0 { + if len(opts.GetCertData()) > 0 { certFile, err := os.CreateTemp("", "helm") if err != nil { return "", fmt.Errorf("failed to create temporary certificate file: %w", err) } - _, err = certFile.Write(opts.CertData) + _, err = certFile.Write(opts.GetCertData()) if err != nil { return "", fmt.Errorf("failed to write certificate data: %w", err) } @@ -168,12 +176,12 @@ func (c *Cmd) RepoAdd(name string, url string, opts Creds, passCredentials bool) args = append(args, "--cert-file", certFile.Name()) } - if len(opts.KeyData) > 0 { + if len(opts.GetKeyData()) > 0 { keyFile, err := os.CreateTemp("", "helm") if err != nil { return "", fmt.Errorf("failed to create temporary key file: %w", err) } - _, err = keyFile.Write(opts.KeyData) + _, err = keyFile.Write(opts.GetKeyData()) if err != nil { return "", fmt.Errorf("failed to write key data: %w", err) } @@ -222,31 +230,36 @@ func (c *Cmd) Fetch(repo, chartName, version, destination string, creds Creds, p if version != "" { args = append(args, "--version", version) } - if creds.Username != "" { - args = append(args, "--username", creds.Username) + if creds.GetUsername() != "" { + args = append(args, "--username", creds.GetUsername()) + } + + helmPassword, err := creds.GetPassword() + if err != nil { + return "", fmt.Errorf("failed to get password for helm registry: %w", err) } - if creds.Password != "" { - args = append(args, "--password", creds.Password) + if helmPassword != "" { + args = append(args, "--password", helmPassword) } - if creds.InsecureSkipVerify { + if creds.GetInsecureSkipVerify() { args = append(args, "--insecure-skip-tls-verify") } args = append(args, "--repo", repo, chartName) - if creds.CAPath != "" { - args = append(args, "--ca-file", creds.CAPath) + if creds.GetCAPath() != "" { + args = append(args, "--ca-file", creds.GetCAPath()) } - if len(creds.CertData) > 0 { - filePath, closer, err := writeToTmp(creds.CertData) + if len(creds.GetCertData()) > 0 { + filePath, closer, err := writeToTmp(creds.GetCertData()) if err != nil { return "", fmt.Errorf("failed to write certificate data to temporary file: %w", err) } defer argoio.Close(closer) args = append(args, "--cert-file", filePath) } - if len(creds.KeyData) > 0 { - filePath, closer, err := writeToTmp(creds.KeyData) + if len(creds.GetKeyData()) > 0 { + filePath, closer, err := writeToTmp(creds.GetKeyData()) if err != nil { return "", fmt.Errorf("failed to write key data to temporary file: %w", err) } @@ -271,12 +284,12 @@ func (c *Cmd) PullOCI(repo string, chart string, version string, destination str "--destination", destination, } - if creds.CAPath != "" { - args = append(args, "--ca-file", creds.CAPath) + if creds.GetCAPath() != "" { + args = append(args, "--ca-file", creds.GetCAPath()) } - if len(creds.CertData) > 0 { - filePath, closer, err := writeToTmp(creds.CertData) + if len(creds.GetCertData()) > 0 { + filePath, closer, err := writeToTmp(creds.GetCertData()) if err != nil { return "", fmt.Errorf("failed to write certificate data to temporary file: %w", err) } @@ -284,8 +297,8 @@ func (c *Cmd) PullOCI(repo string, chart string, version string, destination str args = append(args, "--cert-file", filePath) } - if len(creds.KeyData) > 0 { - filePath, closer, err := writeToTmp(creds.KeyData) + if len(creds.GetKeyData()) > 0 { + filePath, closer, err := writeToTmp(creds.GetKeyData()) if err != nil { return "", fmt.Errorf("failed to write key data to temporary file: %w", err) } @@ -293,7 +306,7 @@ func (c *Cmd) PullOCI(repo string, chart string, version string, destination str args = append(args, "--key-file", filePath) } - if creds.InsecureSkipVerify { + if creds.GetInsecureSkipVerify() { args = append(args, "--insecure-skip-tls-verify") } out, _, err := c.run(args...) diff --git a/util/helm/creds.go b/util/helm/creds.go new file mode 100644 index 0000000000000..740d73a7eeae9 --- /dev/null +++ b/util/helm/creds.go @@ -0,0 +1,262 @@ +package helm + +import ( + "crypto/tls" + "encoding/json" + "errors" + "fmt" + "io" + "net/http" + "net/url" + "strings" + "time" + + gocache "github.com/patrickmn/go-cache" + + argoutils "github.com/argoproj/argo-cd/v3/util" + "github.com/argoproj/argo-cd/v3/util/env" + "github.com/argoproj/argo-cd/v3/util/workloadidentity" +) + +// In memory cache for storing Azure tokens +var azureTokenCache *gocache.Cache + +func init() { + azureTokenCache = gocache.New(gocache.NoExpiration, 0) +} + +// StoreToken stores a token in the cache +func storeAzureToken(key, token string, expiration time.Duration) { + azureTokenCache.Set(key, token, expiration) +} + +type Creds interface { + GetUsername() string + GetPassword() (string, error) + GetCAPath() string + GetCertData() []byte + GetKeyData() []byte + GetInsecureSkipVerify() bool +} + +var _ Creds = HelmCreds{} + +type HelmCreds struct { + Username string + Password string + CAPath string + CertData []byte + KeyData []byte + InsecureSkipVerify bool +} + +func (creds HelmCreds) GetUsername() string { + return creds.Username +} + +func (creds HelmCreds) GetPassword() (string, error) { + return creds.Password, nil +} + +func (creds HelmCreds) GetCAPath() string { + return creds.CAPath +} + +func (creds HelmCreds) GetCertData() []byte { + return creds.CertData +} + +func (creds HelmCreds) GetKeyData() []byte { + return creds.KeyData +} + +func (creds HelmCreds) GetInsecureSkipVerify() bool { + return creds.InsecureSkipVerify +} + +var _ Creds = AzureWorkloadIdentityCreds{} + +type AzureWorkloadIdentityCreds struct { + repoUrl string + CAPath string + CertData []byte + KeyData []byte + InsecureSkipVerify bool + tokenProvider workloadidentity.TokenProvider +} + +func (creds AzureWorkloadIdentityCreds) GetUsername() string { + return workloadidentity.EmptyGuid +} + +func (creds AzureWorkloadIdentityCreds) GetPassword() (string, error) { + return creds.GetAccessToken() +} + +func (creds AzureWorkloadIdentityCreds) GetCAPath() string { + return creds.CAPath +} + +func (creds AzureWorkloadIdentityCreds) GetCertData() []byte { + return creds.CertData +} + +func (creds AzureWorkloadIdentityCreds) GetKeyData() []byte { + return creds.KeyData +} + +func (creds AzureWorkloadIdentityCreds) GetInsecureSkipVerify() bool { + return creds.InsecureSkipVerify +} + +func NewAzureWorkloadIdentityCreds(repoUrl string, caPath string, certData []byte, keyData []byte, insecureSkipVerify bool, tokenProvider workloadidentity.TokenProvider) AzureWorkloadIdentityCreds { + return AzureWorkloadIdentityCreds{ + repoUrl: repoUrl, + CAPath: caPath, + CertData: certData, + KeyData: keyData, + InsecureSkipVerify: insecureSkipVerify, + tokenProvider: tokenProvider, + } +} + +func (creds AzureWorkloadIdentityCreds) GetAccessToken() (string, error) { + registryHost := strings.Split(creds.repoUrl, "/")[0] + + // Compute hash as key for refresh token in the cache + key, err := argoutils.GenerateCacheKey("accesstoken-%s", registryHost) + if err != nil { + return "", fmt.Errorf("failed to compute key for cache: %w", err) + } + + // Check cache for GitHub transport which helps fetch an API token + t, found := azureTokenCache.Get(key) + if found { + fmt.Println("access token found token in cache") + return t.(string), nil + } + + tokenParams, err := creds.challengeAzureContainerRegistry(registryHost) + if err != nil { + return "", fmt.Errorf("failed to challenge Azure Container Registry: %w", err) + } + + token, err := creds.getAccessTokenAfterChallenge(tokenParams) + if err != nil { + return "", fmt.Errorf("failed to get Azure access token after challenge: %w", err) + } + + // Access token has a lifetime of 3 hours + storeAzureToken(key, token, 2*time.Hour) + return token, nil +} + +func (creds AzureWorkloadIdentityCreds) getAccessTokenAfterChallenge(tokenParams map[string]string) (string, error) { + realm := tokenParams["realm"] + service := tokenParams["service"] + + armTokenScope := env.StringFromEnv("AZURE_ARM_TOKEN_RESOURCE", "https://management.core.windows.net") + armAccessToken, err := creds.tokenProvider.GetToken(armTokenScope + "/.default") + if err != nil { + return "", fmt.Errorf("failed to get Azure access token: %w", err) + } + + parsedUrl, _ := url.Parse(realm) + parsedUrl.Path = "/oauth2/exchange" + refreshTokenUrl := parsedUrl.String() + + client := &http.Client{ + Timeout: 10 * time.Second, + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: creds.GetInsecureSkipVerify(), + }, + }, + } + + formValues := url.Values{} + formValues.Add("grant_type", "access_token") + formValues.Add("service", service) + formValues.Add("access_token", armAccessToken) + + resp, err := client.PostForm(refreshTokenUrl, formValues) + if err != nil { + return "", fmt.Errorf("unable to connect to registry '%w'", err) + } + + defer resp.Body.Close() + body, err := io.ReadAll(resp.Body) + + if resp.StatusCode != http.StatusOK { + return "", fmt.Errorf("failed to get refresh token: %s", resp.Status) + } + + if err != nil { + return "", fmt.Errorf("failed to read response body: %w", err) + } + + type Response struct { + RefreshToken string `json:"refresh_token"` + } + + var res Response + err = json.Unmarshal(body, &res) + if err != nil { + return "", fmt.Errorf("failed to unmarshal response body: %w", err) + } + + return res.RefreshToken, nil +} + +func (creds AzureWorkloadIdentityCreds) challengeAzureContainerRegistry(azureContainerRegistry string) (map[string]string, error) { + requestUrl := fmt.Sprintf("https://%s/v2/", azureContainerRegistry) + + client := &http.Client{ + Timeout: 10 * time.Second, + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: creds.GetInsecureSkipVerify(), + }, + }, + } + + req, err := http.NewRequest(http.MethodGet, requestUrl, nil) + if err != nil { + return nil, err + } + + resp, err := client.Do(req) + if err != nil { + return nil, fmt.Errorf("unable to connect to registry '%w'", err) + } + + defer resp.Body.Close() + + if resp.StatusCode != http.StatusUnauthorized || resp.Header.Get("Www-Authenticate") == "" { + return nil, fmt.Errorf("registry '%s' did not issue a challenge", azureContainerRegistry) + } + + authenticate := resp.Header.Get("Www-Authenticate") + tokens := strings.Split(authenticate, " ") + + if strings.ToLower(tokens[0]) != "bearer" { + return nil, fmt.Errorf("registry does not allow 'Bearer' authentication, got '%s'", tokens[0]) + } + + tokenParams := make(map[string]string) + + for _, token := range strings.Split(tokens[1], ",") { + kvPair := strings.Split(token, "=") + tokenParams[kvPair[0]] = strings.Trim(kvPair[1], "\"") + } + + if _, realmExists := tokenParams["realm"]; !realmExists { + return nil, errors.New("realm parameter not found in challenge") + } + + if _, serviceExists := tokenParams["service"]; !serviceExists { + return nil, errors.New("service parameter not found in challenge") + } + + return tokenParams, nil +} diff --git a/util/helm/creds_test.go b/util/helm/creds_test.go new file mode 100644 index 0000000000000..afdb7c152c989 --- /dev/null +++ b/util/helm/creds_test.go @@ -0,0 +1,260 @@ +package helm + +import ( + "fmt" + "net/http" + "net/http/httptest" + "testing" + "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + argoutils "github.com/argoproj/argo-cd/v3/util" + "github.com/argoproj/argo-cd/v3/util/workloadidentity" + "github.com/argoproj/argo-cd/v3/util/workloadidentity/mocks" +) + +func TestWorkLoadIdentityUserNameShouldBeEmptyGuid(t *testing.T) { + workloadIdentityMock := new(mocks.TokenProvider) + creds := NewAzureWorkloadIdentityCreds("contoso.azurecr.io/charts", "", nil, nil, false, workloadIdentityMock) + username := creds.GetUsername() + + assert.Equal(t, workloadidentity.EmptyGuid, username, "The username for azure workload identity is not empty Guid") +} + +func TestGetAccessTokenShouldReturnTokenFromCacheIfPresent(t *testing.T) { + workloadIdentityMock := new(mocks.TokenProvider) + creds := NewAzureWorkloadIdentityCreds("contoso.azurecr.io/charts", "", nil, nil, false, workloadIdentityMock) + + cacheKey, err := argoutils.GenerateCacheKey("accesstoken-%s", "contoso.azurecr.io") + require.NoError(t, err, "Error generating cache key") + + // Store the token in the cache + storeAzureToken(cacheKey, "testToken", time.Hour) + + // Retrieve the token from the cache + token, err := creds.GetAccessToken() + require.NoError(t, err, "Error getting access token") + assert.Equal(t, "testToken", token, "The retrieved token should match the stored token") +} + +func TestGetPasswordShouldReturnTokenFromCacheIfPresent(t *testing.T) { + workloadIdentityMock := new(mocks.TokenProvider) + creds := NewAzureWorkloadIdentityCreds("contoso.azurecr.io/charts", "", nil, nil, false, workloadIdentityMock) + + cacheKey, err := argoutils.GenerateCacheKey("accesstoken-%s", "contoso.azurecr.io") + require.NoError(t, err, "Error generating cache key") + + // Store the token in the cache + storeAzureToken(cacheKey, "testToken", time.Hour) + + // Retrieve the token from the cache + token, err := creds.GetPassword() + require.NoError(t, err, "Error getting access token") + assert.Equal(t, "testToken", token, "The retrieved token should match the stored token") +} + +func TestGetPasswordShouldGenerateTokenIfNotPresentInCache(t *testing.T) { + mockUrl := "" + serverUrl := func() string { + return mockUrl + } + + // Mock the server to return a successful response + mockServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/v2/": + w.Header().Set("Www-Authenticate", fmt.Sprintf(`Bearer realm="%s",service="%s"`, serverUrl(), serverUrl()[8:])) + w.WriteHeader(http.StatusUnauthorized) + + case "/oauth2/exchange": + response := `{"refresh_token":"newRefreshToken"}` + w.WriteHeader(http.StatusOK) + _, err := w.Write([]byte(response)) + require.NoError(t, err) + } + })) + mockUrl = mockServer.URL + defer mockServer.Close() + + workloadIdentityMock := new(mocks.TokenProvider) + workloadIdentityMock.On("GetToken", "https://management.core.windows.net/.default").Return("accessToken", nil) + creds := NewAzureWorkloadIdentityCreds(mockServer.URL[8:], "", nil, nil, true, workloadIdentityMock) + + // Retrieve the token from the cache + token, err := creds.GetPassword() + require.NoError(t, err) + assert.Equal(t, "newRefreshToken", token, "The retrieved token should match the stored token") +} + +func TestChallengeAzureContainerRegistry(t *testing.T) { + // Set up the mock server + mockServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, "/v2/", r.URL.Path) + w.Header().Set("Www-Authenticate", `Bearer realm="https://login.microsoftonline.com/",service="registry.example.com"`) + w.WriteHeader(http.StatusUnauthorized) + })) + defer mockServer.Close() + + workloadIdentityMock := new(mocks.TokenProvider) + creds := NewAzureWorkloadIdentityCreds(mockServer.URL[8:], "", nil, nil, true, workloadIdentityMock) + + tokenParams, err := creds.challengeAzureContainerRegistry(creds.repoUrl) + require.NoError(t, err) + + expectedParams := map[string]string{ + "realm": "https://login.microsoftonline.com/", + "service": "registry.example.com", + } + assert.Equal(t, expectedParams, tokenParams) +} + +func TestChallengeAzureContainerRegistryNoChallenge(t *testing.T) { + // Set up the mock server without Www-Authenticate header + mockServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, "/v2/", r.URL.Path) + w.WriteHeader(http.StatusOK) + })) + defer mockServer.Close() + + // Replace the real URL with the mock server URL + workloadIdentityMock := new(mocks.TokenProvider) + creds := NewAzureWorkloadIdentityCreds(mockServer.URL[8:], "", nil, nil, true, workloadIdentityMock) + + _, err := creds.challengeAzureContainerRegistry(creds.repoUrl) + require.Error(t, err) + assert.Contains(t, err.Error(), "did not issue a challenge") +} + +func TestChallengeAzureContainerRegistryNonBearer(t *testing.T) { + // Set up the mock server with a non-Bearer Www-Authenticate header + mockServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, "/v2/", r.URL.Path) + w.Header().Set("Www-Authenticate", `Basic realm="example"`) + w.WriteHeader(http.StatusUnauthorized) + })) + defer mockServer.Close() + + // Replace the real URL with the mock server URL + workloadIdentityMock := new(mocks.TokenProvider) + creds := NewAzureWorkloadIdentityCreds(mockServer.URL[8:], "", nil, nil, true, workloadIdentityMock) + + _, err := creds.challengeAzureContainerRegistry(creds.repoUrl) + require.Error(t, err) + assert.Contains(t, err.Error(), "does not allow 'Bearer' authentication") +} + +func TestChallengeAzureContainerRegistryNoService(t *testing.T) { + // Set up the mock server with a non-Bearer Www-Authenticate header + mockServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, "/v2/", r.URL.Path) + w.Header().Set("Www-Authenticate", `Bearer realm="example"`) + w.WriteHeader(http.StatusUnauthorized) + })) + defer mockServer.Close() + + // Replace the real URL with the mock server URL + workloadIdentityMock := new(mocks.TokenProvider) + creds := NewAzureWorkloadIdentityCreds(mockServer.URL[8:], "", nil, nil, true, workloadIdentityMock) + + _, err := creds.challengeAzureContainerRegistry(creds.repoUrl) + require.Error(t, err) + assert.Contains(t, err.Error(), "service parameter not found in challenge") +} + +func TestChallengeAzureContainerRegistryNoRealm(t *testing.T) { + // Set up the mock server with a non-Bearer Www-Authenticate header + mockServer := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, "/v2/", r.URL.Path) + w.Header().Set("Www-Authenticate", `Bearer service="example"`) + w.WriteHeader(http.StatusUnauthorized) + })) + defer mockServer.Close() + + // Replace the real URL with the mock server URL + workloadIdentityMock := new(mocks.TokenProvider) + creds := NewAzureWorkloadIdentityCreds(mockServer.URL[8:], "", nil, nil, true, workloadIdentityMock) + + _, err := creds.challengeAzureContainerRegistry(creds.repoUrl) + require.Error(t, err) + assert.Contains(t, err.Error(), "realm parameter not found in challenge") +} + +func TestGetAccessTokenAfterChallenge_Success(t *testing.T) { + // Mock the server to return a successful response + mockServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, "/oauth2/exchange", r.URL.Path) + + response := `{"refresh_token":"newRefreshToken"}` + w.WriteHeader(http.StatusOK) + _, err := w.Write([]byte(response)) + require.NoError(t, err) + })) + defer mockServer.Close() + + workloadIdentityMock := new(mocks.TokenProvider) + workloadIdentityMock.On("GetToken", "https://management.core.windows.net/.default").Return("accessToken", nil) + creds := NewAzureWorkloadIdentityCreds(mockServer.URL[8:], "", nil, nil, true, workloadIdentityMock) + + tokenParams := map[string]string{ + "realm": mockServer.URL, + "service": "registry.example.com", + } + + refreshToken, err := creds.getAccessTokenAfterChallenge(tokenParams) + require.NoError(t, err) + assert.Equal(t, "newRefreshToken", refreshToken) +} + +func TestGetAccessTokenAfterChallenge_Failure(t *testing.T) { + // Mock the server to return an error response + mockServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, "/oauth2/exchange", r.URL.Path) + w.WriteHeader(http.StatusBadRequest) + _, err := w.Write([]byte(`{"error": "invalid_request"}`)) + require.NoError(t, err) + })) + defer mockServer.Close() + + // Create an instance of AzureWorkloadIdentityCreds with the mock credential wrapper + workloadIdentityMock := new(mocks.TokenProvider) + workloadIdentityMock.On("GetToken", "https://management.core.windows.net/.default").Return("accessToken", nil) + creds := NewAzureWorkloadIdentityCreds(mockServer.URL[8:], "", nil, nil, true, workloadIdentityMock) + + tokenParams := map[string]string{ + "realm": mockServer.URL, + "service": "registry.example.com", + } + + refreshToken, err := creds.getAccessTokenAfterChallenge(tokenParams) + require.Error(t, err) + assert.Contains(t, err.Error(), "failed to get refresh token") + assert.Empty(t, refreshToken) +} + +func TestGetAccessTokenAfterChallenge_MalformedResponse(t *testing.T) { + // Mock the server to return a malformed JSON response + mockServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, "/oauth2/exchange", r.URL.Path) + w.WriteHeader(http.StatusOK) + _, err := w.Write([]byte(`{"refresh_token":`)) + require.NoError(t, err) + })) + defer mockServer.Close() + + // Create an instance of AzureWorkloadIdentityCreds with the mock credential wrapper + workloadIdentityMock := new(mocks.TokenProvider) + workloadIdentityMock.On("GetToken", "https://management.core.windows.net/.default").Return("accessToken", nil) + creds := NewAzureWorkloadIdentityCreds(mockServer.URL[8:], "", nil, nil, true, workloadIdentityMock) + + tokenParams := map[string]string{ + "realm": mockServer.URL, + "service": "registry.example.com", + } + + refreshToken, err := creds.getAccessTokenAfterChallenge(tokenParams) + require.Error(t, err) + assert.Contains(t, err.Error(), "failed to unmarshal response body") + assert.Empty(t, refreshToken) +} diff --git a/util/helm/helm.go b/util/helm/helm.go index 12d0a40c0c7ed..87d5b551aa8e2 100644 --- a/util/helm/helm.go +++ b/util/helm/helm.go @@ -84,7 +84,11 @@ func (h *helm) DependencyBuild() error { repo := h.repos[i] if repo.EnableOci { h.cmd.IsHelmOci = true - if repo.Creds.Username != "" && repo.Creds.Password != "" { + helmPassword, err := repo.Creds.GetPassword() + if err != nil { + return fmt.Errorf("failed to get password for helm registry: %w", err) + } + if repo.Creds.GetUsername() != "" && helmPassword != "" { _, err := h.cmd.RegistryLogin(repo.Repo, repo.Creds) defer func() { @@ -114,15 +118,9 @@ func (h *helm) Dispose() { h.cmd.Close() } -func Version(shortForm bool) (string, error) { - executable := "helm" - cmdArgs := []string{"version", "--client"} - if shortForm { - cmdArgs = append(cmdArgs, "--short") - } - cmd := exec.Command(executable, cmdArgs...) +func Version() (string, error) { + cmd := exec.Command("helm", "version", "--client", "--short") // example version output: - // long: "version.BuildInfo{Version:\"v3.3.1\", GitCommit:\"249e5215cde0c3fa72e27eb7a30e8d55c9696144\", GitTreeState:\"clean\", GoVersion:\"go1.14.7\"}" // short: "v3.3.1+g249e521" version, err := executil.RunWithRedactor(cmd, redactor) if err != nil { diff --git a/util/helm/helm_test.go b/util/helm/helm_test.go index a5ade55a0dc34..66cc3fde7120f 100644 --- a/util/helm/helm_test.go +++ b/util/helm/helm_test.go @@ -175,7 +175,7 @@ func TestHelmArgCleaner(t *testing.T) { } func TestVersion(t *testing.T) { - ver, err := Version(false) + ver, err := Version() require.NoError(t, err) assert.NotEmpty(t, ver) } diff --git a/util/http/http.go b/util/http/http.go index a293e63c3095b..954117d7dce04 100644 --- a/util/http/http.go +++ b/util/http/http.go @@ -64,11 +64,12 @@ func splitCookie(key, value, attributes string) []string { } var cookie string - if j == 0 && numberOfChunks == 1 { + switch { + case j == 0 && numberOfChunks == 1: cookie = fmt.Sprintf("%s=%s", key, value[i:end]) - } else if j == 0 { + case j == 0: cookie = fmt.Sprintf("%s=%d:%s", key, numberOfChunks, value[i:end]) - } else { + default: cookie = fmt.Sprintf("%s-%d=%s", key, j, value[i:end]) } if attributes != "" { @@ -102,15 +103,16 @@ func JoinCookies(key string, cookieList []*http.Cookie) (string, error) { } parts := strings.Split(token, ":") - if len(parts) == 2 { + switch len(parts) { + case 2: if numOfChunks, err = strconv.Atoi(parts[0]); err != nil { return "", err } sb.WriteString(parts[1]) - } else if len(parts) == 1 { + case 1: numOfChunks = 1 sb.WriteString(parts[0]) - } else { + default: return "", fmt.Errorf("invalid cookie for key %s", key) } diff --git a/util/io/files/secure_mkdir_linux.go b/util/io/files/secure_mkdir_linux.go index 14f727dda480d..f6755c578b7f5 100644 --- a/util/io/files/secure_mkdir_linux.go +++ b/util/io/files/secure_mkdir_linux.go @@ -13,7 +13,7 @@ import ( // directory traversal attacks by ensuring the path is within the root directory. The path is constructed as if the // given root is the root of the filesystem. So anything traversing outside the root is simply removed from the path. func SecureMkdirAll(root, unsafePath string, mode os.FileMode) (string, error) { - err := securejoin.MkdirAll(root, unsafePath, int(mode)) + err := securejoin.MkdirAll(root, unsafePath, mode) if err != nil { return "", fmt.Errorf("failed to make directory: %w", err) } diff --git a/util/kube/failureretrywrapper.go b/util/kube/failureretrywrapper.go index 9cacc6d0c734a..60ceb21858cfd 100644 --- a/util/kube/failureretrywrapper.go +++ b/util/kube/failureretrywrapper.go @@ -16,7 +16,6 @@ type failureRetryRoundTripper struct { failureRetryPeriodMilliSeconds int } -// nolint:unparam func shouldRetry(counter int, _ *http.Request, response *http.Response, err error) bool { if counter <= 0 { return false diff --git a/util/kube/portforwarder.go b/util/kube/portforwarder.go index bba176772a2a8..94875baa99e2e 100644 --- a/util/kube/portforwarder.go +++ b/util/kube/portforwarder.go @@ -10,10 +10,12 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/httpstream" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/tools/portforward" "k8s.io/client-go/transport/spdy" + cmdutil "k8s.io/kubectl/pkg/cmd/util" "github.com/argoproj/argo-cd/v3/util/io" ) @@ -71,6 +73,18 @@ func PortForward(targetPort int, namespace string, overrides *clientcmd.ConfigOv } dialer := spdy.NewDialer(upgrader, &http.Client{Transport: transport}, "POST", url) + // Reuse environment variable for kubectl to disable the feature flag, default is enabled. + if !cmdutil.PortForwardWebsockets.IsDisabled() { + tunnelingDialer, err := portforward.NewSPDYOverWebsocketDialer(url, config) + if err != nil { + return -1, fmt.Errorf("could not create tunneling dialer: %w", err) + } + // First attempt tunneling (websocket) dialer, then fallback to spdy dialer. + dialer = portforward.NewFallbackDialer(tunnelingDialer, dialer, func(err error) bool { + return httpstream.IsUpgradeFailure(err) || httpstream.IsHTTPSProxyError(err) + }) + } + readyChan := make(chan struct{}, 1) failedChan := make(chan error, 1) out := new(bytes.Buffer) @@ -82,8 +96,7 @@ func PortForward(targetPort int, namespace string, overrides *clientcmd.ConfigOv } port := ln.Addr().(*net.TCPAddr).Port io.Close(ln) - - forwarder, err := portforward.New(dialer, []string{fmt.Sprintf("%d:%d", port, targetPort)}, context.Background().Done(), readyChan, out, errOut) + forwarder, err := portforward.NewOnAddresses(dialer, []string{"localhost"}, []string{fmt.Sprintf("%d:%d", port, targetPort)}, context.Background().Done(), readyChan, out, errOut) if err != nil { return -1, err } diff --git a/util/kube/util_test.go b/util/kube/util_test.go index 1145b77eda333..fd115eb3cf13d 100644 --- a/util/kube/util_test.go +++ b/util/kube/util_test.go @@ -12,7 +12,6 @@ import ( "k8s.io/client-go/kubernetes/fake" ) -// nolint:unparam func getSecret(client kubernetes.Interface, ns, name string) (*corev1.Secret, error) { s, err := client.CoreV1().Secrets(ns).Get(context.TODO(), name, metav1.GetOptions{}) if err != nil { diff --git a/util/kustomize/kustomize.go b/util/kustomize/kustomize.go index 1eb255d758442..ed6417b106d2a 100644 --- a/util/kustomize/kustomize.go +++ b/util/kustomize/kustomize.go @@ -123,13 +123,14 @@ func (k *kustomize) Build(opts *v1alpha1.ApplicationSourceKustomize, kustomizeOp log.Warnf("Could not parse URL %s: %v", k.repo, err) } else { caPath, err := certutil.GetCertBundlePathForRepository(parsedURL.Host) - if err != nil { + switch { + case err != nil: // Some error while getting CA bundle log.Warnf("Could not get CA bundle path for %s: %v", parsedURL.Host, err) - } else if caPath == "" { + case caPath == "": // No cert configured log.Debugf("No caCert found for repo %s", parsedURL.Host) - } else { + default: // Make Git use CA bundle environ = append(environ, "GIT_SSL_CAINFO="+caPath) } @@ -397,7 +398,7 @@ var ( // getSemver returns parsed kustomize version func getSemver() (*semver.Version, error) { - verStr, err := Version(true) + verStr, err := Version() if err != nil { return nil, err } @@ -428,33 +429,25 @@ func getSemverSafe() *semver.Version { return semVer } -func Version(shortForm bool) (string, error) { - executable := "kustomize" - cmdArgs := []string{"version"} - if shortForm { - cmdArgs = append(cmdArgs, "--short") - } - cmd := exec.Command(executable, cmdArgs...) +func Version() (string, error) { + cmd := exec.Command("kustomize", "version", "--short") // example version output: - // long: "{Version:kustomize/v3.8.1 GitCommit:0b359d0ef0272e6545eda0e99aacd63aef99c4d0 BuildDate:2020-07-16T00:58:46Z GoOs:linux GoArch:amd64}" // short: "{kustomize/v3.8.1 2020-07-16T00:58:46Z }" version, err := executil.Run(cmd) if err != nil { return "", fmt.Errorf("could not get kustomize version: %w", err) } version = strings.TrimSpace(version) - if shortForm { - // trim the curly braces - version = strings.TrimPrefix(version, "{") - version = strings.TrimSuffix(version, "}") - version = strings.TrimSpace(version) + // trim the curly braces + version = strings.TrimPrefix(version, "{") + version = strings.TrimSuffix(version, "}") + version = strings.TrimSpace(version) - // remove double space in middle - version = strings.ReplaceAll(version, " ", " ") + // remove double space in middle + version = strings.ReplaceAll(version, " ", " ") - // remove extra 'kustomize/' before version - version = strings.TrimPrefix(version, "kustomize/") - } + // remove extra 'kustomize/' before version + version = strings.TrimPrefix(version, "kustomize/") return version, nil } diff --git a/util/kustomize/kustomize_test.go b/util/kustomize/kustomize_test.go index a8aac92709436..bf8d122bd379b 100644 --- a/util/kustomize/kustomize_test.go +++ b/util/kustomize/kustomize_test.go @@ -170,7 +170,7 @@ func TestParseKustomizeBuildHelmOptions(t *testing.T) { } func TestVersion(t *testing.T) { - ver, err := Version(false) + ver, err := Version() require.NoError(t, err) assert.NotEmpty(t, ver) } diff --git a/util/log/logrus.go b/util/log/logrus.go index cc58a5c07156f..6a51cd344ee0a 100644 --- a/util/log/logrus.go +++ b/util/log/logrus.go @@ -36,15 +36,19 @@ func CreateFormatter(logFormat string) logrus.Formatter { var formatType logrus.Formatter switch strings.ToLower(logFormat) { case JsonFormat: - formatType = &logrus.JSONFormatter{} + formatType = &logrus.JSONFormatter{ + TimestampFormat: checkTimestampFormat(), + } case TextFormat: formatType = &logrus.TextFormatter{ - ForceColors: checkForceLogColors(), - FullTimestamp: checkEnableFullTimestamp(), + ForceColors: checkForceLogColors(), + FullTimestamp: checkEnableFullTimestamp(), + TimestampFormat: checkTimestampFormat(), } default: formatType = &logrus.TextFormatter{ - FullTimestamp: checkEnableFullTimestamp(), + FullTimestamp: checkEnableFullTimestamp(), + TimestampFormat: checkTimestampFormat(), } } @@ -66,3 +70,7 @@ func checkForceLogColors() bool { func checkEnableFullTimestamp() bool { return strings.ToLower(os.Getenv(common.EnvLogFormatEnableFullTimestamp)) == "1" } + +func checkTimestampFormat() string { + return os.Getenv(common.EnvLogFormatTimestamp) +} diff --git a/util/log/logrus_test.go b/util/log/logrus_test.go index b63ebd3a32883..66c8dcfb7512b 100644 --- a/util/log/logrus_test.go +++ b/util/log/logrus_test.go @@ -2,6 +2,7 @@ package log import ( "testing" + "time" "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" @@ -35,6 +36,15 @@ func TestCreateFormatter(t *testing.T) { result := CreateFormatter("text") assert.Equal(t, &logrus.TextFormatter{}, result) }) + t.Run(common.EnvLogFormatTimestamp+" is not set", func(t *testing.T) { + result := CreateFormatter("text") + assert.Equal(t, &logrus.TextFormatter{}, result) + }) + t.Run(common.EnvLogFormatTimestamp+" is set", func(t *testing.T) { + t.Setenv(common.EnvLogFormatTimestamp, time.RFC3339Nano) + result := CreateFormatter("text") + assert.Equal(t, &logrus.TextFormatter{TimestampFormat: time.RFC3339Nano}, result) + }) }) t.Run("log format is not json or text", func(t *testing.T) { result := CreateFormatter("xml") diff --git a/util/oidc/oidc.go b/util/oidc/oidc.go index d5dd1f7c037f9..7ef37bd0a0d09 100644 --- a/util/oidc/oidc.go +++ b/util/oidc/oidc.go @@ -1,6 +1,7 @@ package oidc import ( + "context" "encoding/hex" "encoding/json" "errors" @@ -14,6 +15,7 @@ import ( "os" "path" "strings" + "sync" "time" gooidc "github.com/coreos/go-oidc/v3/oidc" @@ -60,6 +62,8 @@ type ClientApp struct { clientID string // OAuth2 client secret of this application clientSecret string + // Use Azure Workload Identity for clientID auth instead of clientSecret + useAzureWorkloadIdentity bool // Callback URL for OAuth2 responses (e.g. https://argocd.example.com/auth/callback) redirectURI string // URL of the issuer (e.g. https://argocd.example.com/api/dex) @@ -81,6 +85,17 @@ type ClientApp struct { provider Provider // clientCache represent a cache of sso artifact clientCache cache.CacheClient + // properties for azure workload identity. + azure azureApp +} + +type azureApp struct { + // federated azure token for the service account + assertion string + // expiry of the token + expires time.Time + // mutex for parallelism for reading the token + mtx *sync.RWMutex } func GetScopesOrDefault(scopes []string) []string { @@ -102,14 +117,16 @@ func NewClientApp(settings *settings.ArgoCDSettings, dexServerAddr string, dexTl return nil, err } a := ClientApp{ - clientID: settings.OAuth2ClientID(), - clientSecret: settings.OAuth2ClientSecret(), - redirectURI: redirectURL, - issuerURL: settings.IssuerURL(), - userInfoPath: settings.UserInfoPath(), - baseHRef: baseHRef, - encryptionKey: encryptionKey, - clientCache: cacheClient, + clientID: settings.OAuth2ClientID(), + clientSecret: settings.OAuth2ClientSecret(), + useAzureWorkloadIdentity: settings.UseAzureWorkloadIdentity(), + redirectURI: redirectURL, + issuerURL: settings.IssuerURL(), + userInfoPath: settings.UserInfoPath(), + baseHRef: baseHRef, + encryptionKey: encryptionKey, + clientCache: cacheClient, + azure: azureApp{mtx: &sync.RWMutex{}}, } log.Infof("Creating client app (%s)", a.clientID) u, err := url.Parse(settings.URL) @@ -158,6 +175,7 @@ func (a *ClientApp) oauth2Config(request *http.Request, scopes []string) (*oauth log.Warnf("Unable to find ArgoCD URL from request, falling back to configured redirect URI: %v", err) redirectURL = a.redirectURI } + return &oauth2.Config{ ClientID: a.clientID, ClientSecret: a.clientSecret, @@ -272,9 +290,9 @@ func isValidRedirectURL(redirectURL string, allowedURLs []string) bool { // scheme and host are mandatory to match. if b.Scheme == r.Scheme && b.Host == r.Host { // If path of redirectURL and allowedURL match, redirectURL is allowed - //if b.Path == r.Path { - // return true - //} + // if b.Path == r.Path { + // return true + // } // If path of redirectURL is within allowed URL's path, redirectURL is allowed if strings.HasPrefix(path.Clean(r.Path), b.Path) { return true @@ -296,10 +314,13 @@ func (a *ClientApp) HandleLogin(w http.ResponseWriter, r *http.Request) { scopes := make([]string, 0) var opts []oauth2.AuthCodeOption if config := a.settings.OIDCConfig(); config != nil { - scopes = config.RequestedScopes + scopes = GetScopesOrDefault(config.RequestedScopes) opts = AppendClaimsAuthenticationRequestParameter(opts, config.RequestedIDTokenClaims) + } else if a.settings.IsDexConfigured() { + scopes = append(GetScopesOrDefault(nil), common.DexFederatedScope) } - oauth2Config, err := a.oauth2Config(r, GetScopesOrDefault(scopes)) + + oauth2Config, err := a.oauth2Config(r, scopes) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -336,6 +357,44 @@ func (a *ClientApp) HandleLogin(w http.ResponseWriter, r *http.Request) { http.Redirect(w, r, url, http.StatusSeeOther) } +// getFederatedServiceAccountToken returns the specified file's content, which is expected to be Federated Kubernetes service account token. +// Kubernetes is responsible for updating the file as service account tokens expire. +// Azure Workload Identity mutation webhook will set the environment variable AZURE_FEDERATED_TOKEN_FILE +// Content of this file will contain a federated token which can be used in assertion with Microsoft Entra Application. +func (a *azureApp) getFederatedServiceAccountToken(context.Context) (string, error) { + file, ok := os.LookupEnv("AZURE_FEDERATED_TOKEN_FILE") + if file == "" || !ok { + return "", errors.New("AZURE_FEDERATED_TOKEN_FILE env variable not found, make sure workload identity is enabled on the cluster") + } + + if _, err := os.Stat(file); errors.Is(err, os.ErrNotExist) { + return "", errors.New("AZURE_FEDERATED_TOKEN_FILE specified file does not exist") + } + + a.mtx.RLock() + if a.expires.Before(time.Now()) { + // ensure only one goroutine at a time updates the assertion + a.mtx.RUnlock() + a.mtx.Lock() + defer a.mtx.Unlock() + // double check because another goroutine may have acquired the write lock first and done the update + if now := time.Now(); a.expires.Before(now) { + content, err := os.ReadFile(file) + if err != nil { + return "", err + } + a.assertion = string(content) + // Kubernetes rotates service account tokens when they reach 80% of their total TTL. The shortest TTL + // is 1 hour. That implies the token we just read is valid for at least 12 minutes (20% of 1 hour), + // but we add some margin for safety. + a.expires = now.Add(10 * time.Minute) + } + } else { + defer a.mtx.RUnlock() + } + return a.assertion, nil +} + // HandleCallback is the callback handler for an OAuth2 login flow func (a *ClientApp) HandleCallback(w http.ResponseWriter, r *http.Request) { oauth2Config, err := a.oauth2Config(r, nil) @@ -361,12 +420,29 @@ func (a *ClientApp) HandleCallback(w http.ResponseWriter, r *http.Request) { http.Error(w, err.Error(), http.StatusBadRequest) return } + ctx := gooidc.ClientContext(r.Context(), a.client) - token, err := oauth2Config.Exchange(ctx, code) + options := []oauth2.AuthCodeOption{} + + if a.useAzureWorkloadIdentity { + clientAssertion, err := a.azure.getFederatedServiceAccountToken(ctx) + if err != nil { + http.Error(w, fmt.Sprintf("failed to generate client assertion: %v", err), http.StatusInternalServerError) + return + } + + options = []oauth2.AuthCodeOption{ + oauth2.SetAuthURLParam("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"), + oauth2.SetAuthURLParam("client_assertion", clientAssertion), + } + } + + token, err := oauth2Config.Exchange(ctx, code, options...) if err != nil { http.Error(w, fmt.Sprintf("failed to get token: %v", err), http.StatusInternalServerError) return } + idTokenRAW, ok := token.Extra("id_token").(string) if !ok { http.Error(w, "no id_token in token response", http.StatusInternalServerError) @@ -642,11 +718,12 @@ func (a *ClientApp) GetUserInfo(actualClaims jwt.MapClaims, issuerURL, userInfoP // only use configured expiry if the token lives longer and the expiry is configured // if the token has no expiry, use the expiry of the actual token // otherwise use the expiry of the token - if settingExpiry < tokenExpiry && settingExpiry != 0 { + switch { + case settingExpiry < tokenExpiry && settingExpiry != 0: cacheExpiry = settingExpiry - } else if tokenExpiry < 0 { + case tokenExpiry < 0: cacheExpiry = getTokenExpiration(actualClaims) - } else { + default: cacheExpiry = tokenExpiry } diff --git a/util/oidc/oidc_test.go b/util/oidc/oidc_test.go index 47bd34a6a78fd..a98d4ed761c6b 100644 --- a/util/oidc/oidc_test.go +++ b/util/oidc/oidc_test.go @@ -1,6 +1,7 @@ package oidc import ( + "context" "crypto/tls" "encoding/hex" "encoding/json" @@ -9,7 +10,9 @@ import ( "net/http/httptest" "net/url" "os" + "path/filepath" "strings" + "sync" "testing" "time" @@ -18,6 +21,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "golang.org/x/oauth2" + "sigs.k8s.io/yaml" "github.com/argoproj/argo-cd/v3/common" "github.com/argoproj/argo-cd/v3/server/settings/oidc" @@ -29,6 +33,18 @@ import ( "github.com/argoproj/argo-cd/v3/util/test" ) +func setupAzureIdentity(t *testing.T) { + t.Helper() + + tempDir := t.TempDir() + tokenFilePath := filepath.Join(tempDir, "token.txt") + tempFile, err := os.Create(tokenFilePath) + require.NoError(t, err) + _, err = tempFile.Write([]byte("serviceAccountToken")) + require.NoError(t, err) + t.Setenv("AZURE_FEDERATED_TOKEN_FILE", tokenFilePath) +} + func TestInferGrantType(t *testing.T) { for _, path := range []string{"dex", "okta", "auth0", "onelogin"} { t.Run(path, func(t *testing.T) { @@ -137,9 +153,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL), app.HandleLogin(w, req) - if !strings.Contains(w.Body.String(), "certificate signed by unknown authority") && !strings.Contains(w.Body.String(), "certificate is not trusted") { - t.Fatal("did not receive expected certificate verification failure error") - } + assert.Contains(t, w.Body.String(), "certificate signed by unknown authority") cdSettings.OIDCTLSInsecureSkipVerify = true @@ -167,7 +181,6 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL), cert, err := tls.X509KeyPair(test.Cert, test.PrivateKey) require.NoError(t, err) cdSettings.Certificate = &cert - app, err := NewClientApp(cdSettings, dexTestServer.URL, nil, "https://argocd.example.com", cache.NewInMemoryCache(24*time.Hour)) require.NoError(t, err) @@ -192,6 +205,108 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL), assert.NotContains(t, w.Body.String(), "certificate signed by unknown authority") }) + t.Run("OIDC auth", func(t *testing.T) { + cdSettings := &settings.ArgoCDSettings{ + URL: "https://argocd.example.com", + OIDCTLSInsecureSkipVerify: true, + } + oidcConfig := settings.OIDCConfig{ + Name: "Test", + Issuer: oidcTestServer.URL, + ClientID: "xxx", + ClientSecret: "yyy", + } + oidcConfigRaw, err := yaml.Marshal(oidcConfig) + require.NoError(t, err) + cdSettings.OIDCConfigRAW = string(oidcConfigRaw) + + app, err := NewClientApp(cdSettings, dexTestServer.URL, &dex.DexTLSConfig{StrictValidation: false}, "https://argocd.example.com", cache.NewInMemoryCache(24*time.Hour)) + require.NoError(t, err) + + req := httptest.NewRequest(http.MethodGet, "https://argocd.example.com/auth/login", nil) + w := httptest.NewRecorder() + app.HandleLogin(w, req) + + assert.Equal(t, http.StatusSeeOther, w.Code) + location, err := url.Parse(w.Header().Get("Location")) + require.NoError(t, err) + values, err := url.ParseQuery(location.RawQuery) + require.NoError(t, err) + assert.Equal(t, []string{"openid", "profile", "email", "groups"}, strings.Split(values.Get("scope"), " ")) + assert.Equal(t, "xxx", values.Get("client_id")) + assert.Equal(t, "code", values.Get("response_type")) + }) + + t.Run("OIDC auth with custom scopes", func(t *testing.T) { + cdSettings := &settings.ArgoCDSettings{ + URL: "https://argocd.example.com", + OIDCTLSInsecureSkipVerify: true, + } + oidcConfig := settings.OIDCConfig{ + Name: "Test", + Issuer: oidcTestServer.URL, + ClientID: "xxx", + ClientSecret: "yyy", + RequestedScopes: []string{"oidc"}, + } + oidcConfigRaw, err := yaml.Marshal(oidcConfig) + require.NoError(t, err) + cdSettings.OIDCConfigRAW = string(oidcConfigRaw) + + app, err := NewClientApp(cdSettings, dexTestServer.URL, &dex.DexTLSConfig{StrictValidation: false}, "https://argocd.example.com", cache.NewInMemoryCache(24*time.Hour)) + require.NoError(t, err) + + req := httptest.NewRequest(http.MethodGet, "https://argocd.example.com/auth/login", nil) + w := httptest.NewRecorder() + app.HandleLogin(w, req) + + assert.Equal(t, http.StatusSeeOther, w.Code) + location, err := url.Parse(w.Header().Get("Location")) + require.NoError(t, err) + values, err := url.ParseQuery(location.RawQuery) + require.NoError(t, err) + assert.Equal(t, []string{"oidc"}, strings.Split(values.Get("scope"), " ")) + assert.Equal(t, "xxx", values.Get("client_id")) + assert.Equal(t, "code", values.Get("response_type")) + }) + + t.Run("Dex auth", func(t *testing.T) { + cdSettings := &settings.ArgoCDSettings{ + URL: dexTestServer.URL, + } + dexConfig := map[string]any{ + "connectors": []map[string]any{ + { + "type": "github", + "name": "GitHub", + "config": map[string]any{ + "clientId": "aabbccddeeff00112233", + "clientSecret": "aabbccddeeff00112233", + }, + }, + }, + } + dexConfigRaw, err := yaml.Marshal(dexConfig) + require.NoError(t, err) + cdSettings.DexConfig = string(dexConfigRaw) + + app, err := NewClientApp(cdSettings, dexTestServer.URL, &dex.DexTLSConfig{StrictValidation: false}, "https://argocd.example.com", cache.NewInMemoryCache(24*time.Hour)) + require.NoError(t, err) + + req := httptest.NewRequest(http.MethodGet, "https://argocd.example.com/auth/login", nil) + w := httptest.NewRecorder() + app.HandleLogin(w, req) + + assert.Equal(t, http.StatusSeeOther, w.Code) + location, err := url.Parse(w.Header().Get("Location")) + require.NoError(t, err) + values, err := url.ParseQuery(location.RawQuery) + require.NoError(t, err) + assert.Equal(t, []string{"openid", "profile", "email", "groups", common.DexFederatedScope}, strings.Split(values.Get("scope"), " ")) + assert.Equal(t, common.ArgoCDClientAppID, values.Get("client_id")) + assert.Equal(t, "code", values.Get("response_type")) + }) + t.Run("with additional base URL", func(t *testing.T) { cdSettings := &settings.ArgoCDSettings{ URL: "https://argocd.example.com", @@ -213,7 +328,6 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL), cert, err := tls.X509KeyPair(test.Cert, test.PrivateKey) require.NoError(t, err) cdSettings.Certificate = &cert - app, err := NewClientApp(cdSettings, dexTestServer.URL, &dex.DexTLSConfig{StrictValidation: false}, "https://argocd.example.com", cache.NewInMemoryCache(24*time.Hour)) require.NoError(t, err) @@ -308,7 +422,6 @@ clientSecret: yyy requestedScopes: ["oidc"]`, oidcTestServer.URL), OIDCTLSInsecureSkipVerify: true, } - // The base href (the last argument for NewClientApp) is what HandleLogin will fall back to when no explicit // redirect URL is given. app, err := NewClientApp(cdSettings, "", nil, "/", cache.NewInMemoryCache(24*time.Hour)) @@ -393,7 +506,6 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL), cert, err := tls.X509KeyPair(test.Cert, test.PrivateKey) require.NoError(t, err) cdSettings.Certificate = &cert - app, err := NewClientApp(cdSettings, dexTestServer.URL, nil, "https://argocd.example.com", cache.NewInMemoryCache(24*time.Hour)) require.NoError(t, err) @@ -419,6 +531,144 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL), }) } +func Test_azureApp_getFederatedServiceAccountToken(t *testing.T) { + app := azureApp{mtx: &sync.RWMutex{}} + + setupAzureIdentity(t) + + t.Run("before the method call assertion should be empty.", func(t *testing.T) { + assert.Equal(t, "", app.assertion) + }) + + t.Run("Fetch the token value from the file", func(t *testing.T) { + _, err := app.getFederatedServiceAccountToken(context.Background()) + require.NoError(t, err) + assert.Equal(t, "serviceAccountToken", app.assertion) + }) + + t.Run("Workload Identity Not enabled.", func(t *testing.T) { + t.Setenv("AZURE_FEDERATED_TOKEN_FILE", "") + _, err := app.getFederatedServiceAccountToken(context.Background()) + assert.ErrorContains(t, err, "AZURE_FEDERATED_TOKEN_FILE env variable not found, make sure workload identity is enabled on the cluster") + }) + + t.Run("Workload Identity invalid file", func(t *testing.T) { + t.Setenv("AZURE_FEDERATED_TOKEN_FILE", filepath.Join(t.TempDir(), "invalid.txt")) + _, err := app.getFederatedServiceAccountToken(context.Background()) + assert.ErrorContains(t, err, "AZURE_FEDERATED_TOKEN_FILE specified file does not exist") + }) + + t.Run("Concurrent access to the function", func(t *testing.T) { + currentExpiryTime := app.expires + + var wg sync.WaitGroup + numGoroutines := 10 + wg.Add(numGoroutines) + for i := 0; i < numGoroutines; i++ { + go func() { + defer wg.Done() + _, err := app.getFederatedServiceAccountToken(context.Background()) + require.NoError(t, err) + assert.Equal(t, "serviceAccountToken", app.assertion) + }() + } + wg.Wait() + + // Event with multiple concurrent calls the expiry time should not change untile it passes. + assert.Equal(t, currentExpiryTime, app.expires) + }) + + t.Run("Concurrent access to the function when the current token expires", func(t *testing.T) { + var wg sync.WaitGroup + currentExpiryTime := app.expires + app.expires = time.Now() + numGoroutines := 10 + wg.Add(numGoroutines) + for i := 0; i < numGoroutines; i++ { + go func() { + defer wg.Done() + _, err := app.getFederatedServiceAccountToken(context.Background()) + require.NoError(t, err) + assert.Equal(t, "serviceAccountToken", app.assertion) + }() + } + wg.Wait() + + assert.NotEqual(t, currentExpiryTime, app.expires) + }) +} + +func TestClientAppWithAzureWorkloadIdentity_HandleCallback(t *testing.T) { + tokenRequestAssertions := func(r *http.Request) { + err := r.ParseForm() + require.NoError(t, err) + + formData := r.Form + clientAssertion := formData.Get("client_assertion") + clientAssertionType := formData.Get("client_assertion_type") + assert.Equal(t, "serviceAccountToken", clientAssertion) + assert.Equal(t, "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", clientAssertionType) + } + + oidcTestServer := test.GetAzureOIDCTestServer(t, tokenRequestAssertions) + t.Cleanup(oidcTestServer.Close) + + dexTestServer := test.GetDexTestServer(t) + t.Cleanup(dexTestServer.Close) + signature, err := util.MakeSignature(32) + require.NoError(t, err) + + setupAzureIdentity(t) + + t.Run("oidc certificate checking during oidc callback should toggle on config", func(t *testing.T) { + cdSettings := &settings.ArgoCDSettings{ + URL: "https://argocd.example.com", + ServerSignature: signature, + OIDCConfigRAW: fmt.Sprintf(` +name: Test +issuer: %s +clientID: xxx +azure: + useWorkloadIdentity: true +skipAudienceCheckWhenTokenHasNoAudience: true +requestedScopes: ["oidc"]`, oidcTestServer.URL), + } + + app, err := NewClientApp(cdSettings, dexTestServer.URL, nil, "https://argocd.example.com", cache.NewInMemoryCache(24*time.Hour)) + require.NoError(t, err) + + req := httptest.NewRequest(http.MethodGet, "https://argocd.example.com/auth/callback", nil) + req.Form = url.Values{ + "code": {"abc"}, + "state": {"123"}, + } + w := httptest.NewRecorder() + + app.HandleCallback(w, req) + + if !strings.Contains(w.Body.String(), "certificate signed by unknown authority") && !strings.Contains(w.Body.String(), "certificate is not trusted") { + t.Fatal("did not receive expected certificate verification failure error") + } + + cdSettings.OIDCTLSInsecureSkipVerify = true + + app, err = NewClientApp(cdSettings, dexTestServer.URL, nil, "https://argocd.example.com", cache.NewInMemoryCache(24*time.Hour)) + require.NoError(t, err) + + w = httptest.NewRecorder() + + key, err := cdSettings.GetServerEncryptionKey() + require.NoError(t, err) + encrypted, _ := crypto.Encrypt([]byte("123"), key) + req.AddCookie(&http.Cookie{Name: common.StateCookieName, Value: hex.EncodeToString(encrypted)}) + + app.HandleCallback(w, req) + + assert.NotContains(t, w.Body.String(), "certificate is not trusted") + assert.NotContains(t, w.Body.String(), "certificate signed by unknown authority") + }) +} + func TestIsValidRedirect(t *testing.T) { tests := []struct { name string @@ -594,7 +844,6 @@ func TestGenerateAppState_NoReturnURL(t *testing.T) { req := httptest.NewRequest(http.MethodGet, "/", nil) encrypted, err := crypto.Encrypt([]byte("123"), key) require.NoError(t, err) - app, err := NewClientApp(cdSettings, "", nil, "/argo-cd", cache.NewInMemoryCache(24*time.Hour)) require.NoError(t, err) @@ -714,7 +963,7 @@ func TestGetUserInfo(t *testing.T) { idpClaims: jwt.MapClaims{"sub": "randomUser", "exp": float64(time.Now().Add(5 * time.Minute).Unix())}, idpHandler: func(w http.ResponseWriter, _ *http.Request) { userInfoBytes := ` - notevenJsongarbage + notevenJsongarbage ` _, err := w.Write([]byte(userInfoBytes)) if err != nil { diff --git a/util/password/password_test.go b/util/password/password_test.go index bbdf1ebb51fb1..3447cdf917289 100644 --- a/util/password/password_test.go +++ b/util/password/password_test.go @@ -63,7 +63,7 @@ func TestPasswordHashing(t *testing.T) { } valid, _ = verifyPasswordWithHashers(blankPassword, "", hashers) - if valid != false { + if valid { t.Errorf("Blank password should have failed verification") } } diff --git a/util/rbac/rbac.go b/util/rbac/rbac.go index 188a132b5850c..e200d04502807 100644 --- a/util/rbac/rbac.go +++ b/util/rbac/rbac.go @@ -11,6 +11,7 @@ import ( "time" "github.com/argoproj/argo-cd/v3/util/assets" + claimsutil "github.com/argoproj/argo-cd/v3/util/claims" "github.com/argoproj/argo-cd/v3/util/glob" jwtutil "github.com/argoproj/argo-cd/v3/util/jwt" @@ -244,6 +245,7 @@ func (e *Enforcer) Enforce(rvals ...any) bool { func (e *Enforcer) EnforceErr(rvals ...any) error { if !e.Enforce(rvals...) { errMsg := "permission denied" + if len(rvals) > 0 { rvalsStrs := make([]string, len(rvals)-1) for i, rval := range rvals[1:] { @@ -252,16 +254,20 @@ func (e *Enforcer) EnforceErr(rvals ...any) error { if s, ok := rvals[0].(jwt.Claims); ok { claims, err := jwtutil.MapClaims(s) if err == nil { - if sub := jwtutil.StringField(claims, "sub"); sub != "" { - rvalsStrs = append(rvalsStrs, "sub: "+sub) - } - if issuedAtTime, err := jwtutil.IssuedAtTime(claims); err == nil { - rvalsStrs = append(rvalsStrs, "iat: "+issuedAtTime.Format(time.RFC3339)) + argoClaims, err := claimsutil.MapClaimsToArgoClaims(claims) + if err == nil { + if argoClaims.GetUserIdentifier() != "" { + rvalsStrs = append(rvalsStrs, "sub: "+argoClaims.GetUserIdentifier()) + } + if issuedAtTime, err := jwtutil.IssuedAtTime(claims); err == nil { + rvalsStrs = append(rvalsStrs, "iat: "+issuedAtTime.Format(time.RFC3339)) + } } } } errMsg = fmt.Sprintf("%s: %s", errMsg, strings.Join(rvalsStrs, ", ")) } + return status.Error(codes.PermissionDenied, errMsg) } return nil diff --git a/util/rbac/rbac_test.go b/util/rbac/rbac_test.go index 7a664d52ebd5b..652b228f2579a 100644 --- a/util/rbac/rbac_test.go +++ b/util/rbac/rbac_test.go @@ -363,7 +363,7 @@ func TestEnforceErrorMessage(t *testing.T) { require.Error(t, err) assert.Equal(t, "rpc error: code = PermissionDenied desc = permission denied", err.Error()) - // nolint:staticcheck + //nolint:staticcheck ctx := context.WithValue(context.Background(), "claims", &jwt.RegisteredClaims{Subject: "proj:default:admin"}) err = enf.EnforceErr(ctx.Value("claims"), "project") require.Error(t, err) @@ -371,19 +371,19 @@ func TestEnforceErrorMessage(t *testing.T) { iat := time.Unix(int64(1593035962), 0).Format(time.RFC3339) exp := "rpc error: code = PermissionDenied desc = permission denied: project, sub: proj:default:admin, iat: " + iat - // nolint:staticcheck + //nolint:staticcheck ctx = context.WithValue(context.Background(), "claims", &jwt.RegisteredClaims{Subject: "proj:default:admin", IssuedAt: jwt.NewNumericDate(time.Unix(int64(1593035962), 0))}) err = enf.EnforceErr(ctx.Value("claims"), "project") require.Error(t, err) assert.Equal(t, exp, err.Error()) - // nolint:staticcheck + //nolint:staticcheck ctx = context.WithValue(context.Background(), "claims", &jwt.RegisteredClaims{ExpiresAt: jwt.NewNumericDate(time.Now())}) err = enf.EnforceErr(ctx.Value("claims"), "project") require.Error(t, err) assert.Equal(t, "rpc error: code = PermissionDenied desc = permission denied: project", err.Error()) - // nolint:staticcheck + //nolint:staticcheck ctx = context.WithValue(context.Background(), "claims", &jwt.RegisteredClaims{Subject: "proj:default:admin", IssuedAt: nil}) err = enf.EnforceErr(ctx.Value("claims"), "project") require.Error(t, err) diff --git a/util/session/sessionmanager.go b/util/session/sessionmanager.go index 446cb4df88b1c..c6bd069741696 100644 --- a/util/session/sessionmanager.go +++ b/util/session/sessionmanager.go @@ -24,6 +24,7 @@ import ( "github.com/argoproj/argo-cd/v3/pkg/client/listers/application/v1alpha1" "github.com/argoproj/argo-cd/v3/server/rbacpolicy" "github.com/argoproj/argo-cd/v3/util/cache/appstate" + claimsutil "github.com/argoproj/argo-cd/v3/util/claims" "github.com/argoproj/argo-cd/v3/util/dex" "github.com/argoproj/argo-cd/v3/util/env" httputil "github.com/argoproj/argo-cd/v3/util/http" @@ -156,15 +157,15 @@ func NewSessionManager(settingsMgr *settings.SettingsManager, projectsLister v1a // Passing a value of `0` for secondsBeforeExpiry creates a token that never expires. // The id parameter holds an optional unique JWT token identifier and stored as a standard claim "jti" in the JWT token. func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int64, id string) (string, error) { - // Create a new token object, specifying signing method and the claims - // you would like it to contain. now := time.Now().UTC() - claims := jwt.RegisteredClaims{ - IssuedAt: jwt.NewNumericDate(now), - Issuer: SessionManagerClaimsIssuer, - NotBefore: jwt.NewNumericDate(now), - Subject: subject, - ID: id, + claims := claimsutil.ArgoClaims{ + RegisteredClaims: jwt.RegisteredClaims{ + IssuedAt: jwt.NewNumericDate(now), + Issuer: SessionManagerClaimsIssuer, + NotBefore: jwt.NewNumericDate(now), + Subject: subject, + ID: id, + }, } if secondsBeforeExpiry > 0 { expires := now.Add(time.Duration(secondsBeforeExpiry) * time.Second) @@ -220,13 +221,17 @@ func (mgr *SessionManager) Parse(tokenString string) (jwt.Claims, string, error) if err != nil { return nil, "", err } + argoClaims, err := claimsutil.MapClaimsToArgoClaims(claims) + if err != nil { + return nil, "", err + } issuedAt, err := jwtutil.IssuedAtTime(claims) if err != nil { return nil, "", err } - subject := jwtutil.StringField(claims, "sub") + subject := argoClaims.GetUserIdentifier() id := jwtutil.StringField(claims, "jti") if projName, role, ok := rbacpolicy.GetProjectRoleFromSubject(subject); ok { @@ -503,7 +508,7 @@ func WithAuthMiddleware(disabled bool, authn TokenVerifier, next http.Handler) h } ctx := r.Context() // Add claims to the context to inspect for RBAC - // nolint:staticcheck + //nolint:staticcheck ctx = context.WithValue(ctx, "claims", claims) r = r.WithContext(ctx) } @@ -515,12 +520,14 @@ func WithAuthMiddleware(disabled bool, authn TokenVerifier, next http.Handler) h // We choose how to verify based on the issuer. func (mgr *SessionManager) VerifyToken(tokenString string) (jwt.Claims, string, error) { parser := jwt.NewParser(jwt.WithoutClaimsValidation()) - var claims jwt.RegisteredClaims + claims := jwt.MapClaims{} _, _, err := parser.ParseUnverified(tokenString, &claims) if err != nil { return nil, "", err } - switch claims.Issuer { + // Get issuer from MapClaims + issuer, _ := claims["iss"].(string) + switch issuer { case SessionManagerClaimsIssuer: // Argo CD signed token return mgr.Parse(tokenString) @@ -547,8 +554,8 @@ func (mgr *SessionManager) VerifyToken(tokenString string) (jwt.Claims, string, log.Warnf("Failed to verify token: %s", err) tokenExpiredError := &oidc.TokenExpiredError{} if errors.As(err, &tokenExpiredError) { - claims = jwt.RegisteredClaims{ - Issuer: "sso", + claims = jwt.MapClaims{ + "iss": "sso", } return claims, "", common.TokenVerificationErr } @@ -584,20 +591,23 @@ func (mgr *SessionManager) RevokeToken(ctx context.Context, id string, expiringA } func LoggedIn(ctx context.Context) bool { - return Sub(ctx) != "" && ctx.Value(AuthErrorCtxKey) == nil + return GetUserIdentifier(ctx) != "" && ctx.Value(AuthErrorCtxKey) == nil } // Username is a helper to extract a human readable username from a context func Username(ctx context.Context) string { - mapClaims, ok := mapClaims(ctx) + argoClaims, ok := argoClaims(ctx) if !ok { return "" } - switch jwtutil.StringField(mapClaims, "iss") { + switch argoClaims.Issuer { case SessionManagerClaimsIssuer: - return jwtutil.StringField(mapClaims, "sub") + return argoClaims.GetUserIdentifier() default: - return jwtutil.StringField(mapClaims, "email") + if argoClaims.Email != "" { + return argoClaims.Email + } + return argoClaims.GetUserIdentifier() } } @@ -617,12 +627,17 @@ func Iat(ctx context.Context) (time.Time, error) { return jwtutil.IssuedAtTime(mapClaims) } -func Sub(ctx context.Context) string { +// GetUserIdentifier returns the user identifier from context, prioritizing federated claims over subject +func GetUserIdentifier(ctx context.Context) string { mapClaims, ok := mapClaims(ctx) if !ok { return "" } - return jwtutil.StringField(mapClaims, "sub") + argoClaims, err := claimsutil.MapClaimsToArgoClaims(mapClaims) + if err != nil { + return "" + } + return argoClaims.GetUserIdentifier() } func Groups(ctx context.Context, scopes []string) []string { @@ -644,3 +659,15 @@ func mapClaims(ctx context.Context) (jwt.MapClaims, bool) { } return mapClaims, true } + +func argoClaims(ctx context.Context) (*claimsutil.ArgoClaims, bool) { + mapClaims, ok := mapClaims(ctx) + if !ok { + return nil, false + } + argoClaims, err := claimsutil.MapClaimsToArgoClaims(mapClaims) + if err != nil { + return nil, false + } + return argoClaims, true +} diff --git a/util/session/sessionmanager_norace_test.go b/util/session/sessionmanager_norace_test.go index afd5ef414cc2c..dab4c520df6ff 100644 --- a/util/session/sessionmanager_norace_test.go +++ b/util/session/sessionmanager_norace_test.go @@ -16,7 +16,7 @@ import ( func TestRandomPasswordVerificationDelay(t *testing.T) { // !race: - //`SessionManager.VerifyUsernamePassword` uses bcrypt to prevent against time-based attacks + // `SessionManager.VerifyUsernamePassword` uses bcrypt to prevent against time-based attacks // and verify the hashed password; however this is a CPU intensive algorithm that is made // significantly slower due to data race detection being enabled, which breaks through // the maximum time limit required by `TestRandomPasswordVerificationDelay`. diff --git a/util/session/sessionmanager_test.go b/util/session/sessionmanager_test.go index b6ca03875271a..49f92dd489b24 100644 --- a/util/session/sessionmanager_test.go +++ b/util/session/sessionmanager_test.go @@ -29,7 +29,9 @@ import ( apps "github.com/argoproj/argo-cd/v3/pkg/client/clientset/versioned/fake" "github.com/argoproj/argo-cd/v3/pkg/client/listers/application/v1alpha1" "github.com/argoproj/argo-cd/v3/test" + claimsutil "github.com/argoproj/argo-cd/v3/util/claims" "github.com/argoproj/argo-cd/v3/util/errors" + jwtutil "github.com/argoproj/argo-cd/v3/util/jwt" "github.com/argoproj/argo-cd/v3/util/password" "github.com/argoproj/argo-cd/v3/util/settings" utiltest "github.com/argoproj/argo-cd/v3/util/test" @@ -98,11 +100,12 @@ func TestSessionManager_AdminToken(t *testing.T) { require.NoError(t, err) assert.Empty(t, newToken) - mapClaims := *(claims.(*jwt.MapClaims)) - subject := mapClaims["sub"].(string) - if subject != "admin" { - t.Errorf("Token claim subject %q does not match expected subject %q.", subject, "admin") - } + mapClaims, err := jwtutil.MapClaims(claims) + require.NoError(t, err) + argoClaims, err := claimsutil.MapClaimsToArgoClaims(mapClaims) + require.NoError(t, err) + + assert.Equal(t, "admin", argoClaims.Subject) } func TestSessionManager_AdminToken_ExpiringSoon(t *testing.T) { @@ -113,9 +116,7 @@ func TestSessionManager_AdminToken_ExpiringSoon(t *testing.T) { mgr := newSessionManager(settingsMgr, getProjLister(), NewUserStateStorage(redisClient)) token, err := mgr.Create("admin:login", int64(autoRegenerateTokenDuration.Seconds()-1), "123") - if err != nil { - t.Errorf("Could not create token: %v", err) - } + require.NoError(t, err) // verify new token is generated is login token is expiring soon _, newToken, err := mgr.Parse(token) @@ -125,9 +126,14 @@ func TestSessionManager_AdminToken_ExpiringSoon(t *testing.T) { // verify that new token is valid and for the same user claims, _, err := mgr.Parse(newToken) require.NoError(t, err) - mapClaims := *(claims.(*jwt.MapClaims)) - subject := mapClaims["sub"].(string) - assert.Equal(t, "admin", subject) + + mapClaims, err := jwtutil.MapClaims(claims) + require.NoError(t, err) + + argoClaims, err := claimsutil.MapClaimsToArgoClaims(mapClaims) + require.NoError(t, err) + + assert.Equal(t, "admin", argoClaims.Subject) } func TestSessionManager_AdminToken_Revoked(t *testing.T) { @@ -197,8 +203,16 @@ func TestSessionManager_ProjectToken(t *testing.T) { jwtToken, err := mgr.Create("proj:default:test", 100, "abc") require.NoError(t, err) - _, _, err = mgr.Parse(jwtToken) + claims, _, err := mgr.Parse(jwtToken) + require.NoError(t, err) + + mapClaims, err := jwtutil.MapClaims(claims) require.NoError(t, err) + + argoClaims, err := claimsutil.MapClaimsToArgoClaims(mapClaims) + require.NoError(t, err) + + assert.Equal(t, "proj:default:test", argoClaims.Subject) }) t.Run("Token Revoked", func(t *testing.T) { @@ -221,7 +235,7 @@ func TestSessionManager_ProjectToken(t *testing.T) { } type tokenVerifierMock struct { - claims *jwt.RegisteredClaims + claims jwt.Claims err error } @@ -338,29 +352,36 @@ func TestSessionManager_WithAuthMiddleware(t *testing.T) { } } -var loggedOutContext = context.Background() - -// nolint:staticcheck -var loggedInContext = context.WithValue(context.Background(), "claims", &jwt.MapClaims{"iss": "qux", "sub": "foo", "email": "bar", "groups": []string{"baz"}}) +var ( + loggedOutContext = context.Background() + //nolint:staticcheck + loggedInContext = context.WithValue(context.Background(), "claims", &jwt.MapClaims{"iss": "qux", "sub": "foo", "email": "bar", "groups": []string{"baz"}}) + //nolint:staticcheck + loggedInContextFederated = context.WithValue(context.Background(), "claims", &jwt.MapClaims{"iss": "qux", "sub": "not-foo", "email": "bar", "groups": []string{"baz"}, "federated_claims": map[string]any{"user_id": "foo"}}) +) func TestIss(t *testing.T) { assert.Empty(t, Iss(loggedOutContext)) assert.Equal(t, "qux", Iss(loggedInContext)) + assert.Equal(t, "qux", Iss(loggedInContextFederated)) } func TestLoggedIn(t *testing.T) { assert.False(t, LoggedIn(loggedOutContext)) assert.True(t, LoggedIn(loggedInContext)) + assert.True(t, LoggedIn(loggedInContextFederated)) } func TestUsername(t *testing.T) { assert.Empty(t, Username(loggedOutContext)) assert.Equal(t, "bar", Username(loggedInContext)) + assert.Equal(t, "bar", Username(loggedInContextFederated)) } -func TestSub(t *testing.T) { - assert.Empty(t, Sub(loggedOutContext)) - assert.Equal(t, "foo", Sub(loggedInContext)) +func TestGetUserIdentifier(t *testing.T) { + assert.Empty(t, GetUserIdentifier(loggedOutContext)) + assert.Equal(t, "foo", GetUserIdentifier(loggedInContext)) + assert.Equal(t, "foo", GetUserIdentifier(loggedInContextFederated)) } func TestGroups(t *testing.T) { diff --git a/util/settings/settings.go b/util/settings/settings.go index 3820e092a2911..42f3eb980938f 100644 --- a/util/settings/settings.go +++ b/util/settings/settings.go @@ -169,6 +169,7 @@ func (o *oidcConfig) toExported() *OIDCConfig { Issuer: o.Issuer, ClientID: o.ClientID, ClientSecret: o.ClientSecret, + Azure: o.Azure, CLIClientID: o.CLIClientID, UserInfoPath: o.UserInfoPath, EnableUserInfoGroups: o.EnableUserInfoGroups, @@ -197,6 +198,11 @@ type OIDCConfig struct { RootCA string `json:"rootCA,omitempty"` EnablePKCEAuthentication bool `json:"enablePKCEAuthentication,omitempty"` DomainHint string `json:"domainHint,omitempty"` + Azure *AzureOIDCConfig `json:"azure,omitempty"` +} + +type AzureOIDCConfig struct { + UseWorkloadIdentity bool `json:"useWorkloadIdentity,omitempty"` } // DEPRECATED. Helm repository credentials are now managed using RepoCredentials @@ -350,6 +356,8 @@ type Repository struct { GCPServiceAccountKey *corev1.SecretKeySelector `json:"gcpServiceAccountKey,omitempty"` // ForceHttpBasicAuth determines whether Argo CD should force use of basic auth for HTTP connected repositories ForceHttpBasicAuth bool `json:"forceHttpBasicAuth,omitempty"` + // UseAzureWorkloadIdentity specifies whether to use Azure Workload Identity for authentication + UseAzureWorkloadIdentity bool `json:"useAzureWorkloadIdentity,omitempty"` } // Credential template for accessing repositories @@ -382,6 +390,8 @@ type RepositoryCredentials struct { GCPServiceAccountKey *corev1.SecretKeySelector `json:"gcpServiceAccountKey,omitempty"` // ForceHttpBasicAuth determines whether Argo CD should force use of basic auth for HTTP connected repositories ForceHttpBasicAuth bool `json:"forceHttpBasicAuth,omitempty"` + // UseAzureWorkloadIdentity specifies whether to use Azure Workload Identity for authentication + UseAzureWorkloadIdentity bool `json:"useAzureWorkloadIdentity,omitempty"` } // DeepLink structure @@ -511,6 +521,8 @@ const ( inClusterEnabledKey = "cluster.inClusterEnabled" // settingsServerRBACLogEnforceEnable is the key to configure whether logs RBAC enforcement is enabled settingsServerRBACLogEnforceEnableKey = "server.rbac.log.enforce.enable" + // settingsServerRBACEDisableFineGrainedInheritance is the key to configure find-grained RBAC inheritance + settingsServerRBACDisableFineGrainedInheritance = "server.rbac.disableApplicationFineGrainedRBACInheritance" // MaxPodLogsToRender the maximum number of pod logs to render settingsMaxPodLogsToRender = "server.maxPodLogsToRender" // helmValuesFileSchemesKey is the key to configure the list of supported helm values file schemas @@ -859,6 +871,19 @@ func (mgr *SettingsManager) GetServerRBACLogEnforceEnable() (bool, error) { return strconv.ParseBool(argoCDCM.Data[settingsServerRBACLogEnforceEnableKey]) } +func (mgr *SettingsManager) ApplicationFineGrainedRBACInheritanceDisabled() (bool, error) { + argoCDCM, err := mgr.getConfigMap() + if err != nil { + return false, err + } + + if argoCDCM.Data[settingsServerRBACDisableFineGrainedInheritance] == "" { + return true, nil + } + + return strconv.ParseBool(argoCDCM.Data[settingsServerRBACDisableFineGrainedInheritance]) +} + func (mgr *SettingsManager) GetMaxPodLogsToRender() (int64, error) { argoCDCM, err := mgr.getConfigMap() if err != nil { @@ -2005,6 +2030,13 @@ func (a *ArgoCDSettings) OAuth2ClientSecret() string { return "" } +func (a *ArgoCDSettings) UseAzureWorkloadIdentity() bool { + if oidcConfig := a.OIDCConfig(); oidcConfig != nil && oidcConfig.Azure != nil { + return oidcConfig.Azure.UseWorkloadIdentity + } + return false +} + // OIDCTLSConfig returns the TLS config for the OIDC provider. If an external provider is configured, returns a TLS // config using the root CAs (if any) specified in the OIDC config. If an external OIDC provider is not configured, // returns the API server TLS config, because the API server proxies requests to Dex. diff --git a/util/settings/settings_test.go b/util/settings/settings_test.go index e7482e29ae95d..48052833ebf0a 100644 --- a/util/settings/settings_test.go +++ b/util/settings/settings_test.go @@ -280,6 +280,31 @@ func TestGetServerRBACLogEnforceEnableKeyDefaultFalse(t *testing.T) { assert.False(t, serverRBACLogEnforceEnable) } +func TestGetServerRBACLogEnforceEnableKey(t *testing.T) { + _, settingsManager := fixtures(map[string]string{ + "server.rbac.log.enforce.enable": "true", + }) + serverRBACLogEnforceEnable, err := settingsManager.GetServerRBACLogEnforceEnable() + require.NoError(t, err) + assert.True(t, serverRBACLogEnforceEnable) +} + +func TestApplicationFineGrainedRBACInheritanceDisabledDefault(t *testing.T) { + _, settingsManager := fixtures(nil) + flag, err := settingsManager.ApplicationFineGrainedRBACInheritanceDisabled() + require.NoError(t, err) + assert.True(t, flag) +} + +func TestApplicationFineGrainedRBACInheritanceDisabled(t *testing.T) { + _, settingsManager := fixtures(map[string]string{ + "server.rbac.disableApplicationFineGrainedRBACInheritance": "false", + }) + flag, err := settingsManager.ApplicationFineGrainedRBACInheritanceDisabled() + require.NoError(t, err) + assert.False(t, flag) +} + func TestGetIsIgnoreResourceUpdatesEnabled(t *testing.T) { _, settingsManager := fixtures(nil) ignoreResourceUpdatesEnabled, err := settingsManager.GetIsIgnoreResourceUpdatesEnabled() @@ -303,15 +328,6 @@ func TestGetIsIgnoreResourceUpdatesEnabledFalse(t *testing.T) { assert.False(t, ignoreResourceUpdatesEnabled) } -func TestGetServerRBACLogEnforceEnableKey(t *testing.T) { - _, settingsManager := fixtures(map[string]string{ - "server.rbac.log.enforce.enable": "true", - }) - serverRBACLogEnforceEnable, err := settingsManager.GetServerRBACLogEnforceEnable() - require.NoError(t, err) - assert.True(t, serverRBACLogEnforceEnable) -} - func TestGetResourceOverrides(t *testing.T) { ignoreStatus := v1alpha1.ResourceOverride{IgnoreDifferences: v1alpha1.OverrideIgnoreDiff{ JSONPointers: []string{"/status"}, @@ -1813,6 +1829,55 @@ func TestRedirectAdditionalURLs(t *testing.T) { } } +func TestUseAzureWorkloadIdentity(t *testing.T) { + testCases := []struct { + Name string + Settings *ArgoCDSettings + ExpectedResult bool + }{ + { + Name: "UseAzureWorkloadIdentity defined and set to true", + Settings: &ArgoCDSettings{ + OIDCConfigRAW: "{ \"azure\": {\"useWorkloadIdentity\": true }}", + }, + ExpectedResult: true, + }, + { + Name: "UseAzureWorkloadIdentity defined and set to false", + Settings: &ArgoCDSettings{ + OIDCConfigRAW: "{ \"azure\": {\"useWorkloadIdentity\": false }}", + }, + ExpectedResult: false, + }, + { + Name: "UseAzureWorkloadIdentity not defined, with azure key present", + Settings: &ArgoCDSettings{ + OIDCConfigRAW: "{ \"azure\": {}}", + }, + ExpectedResult: false, + }, + { + Name: "UseAzureWorkloadIdentity not defined", + Settings: &ArgoCDSettings{ + OIDCConfigRAW: "{}", + }, + ExpectedResult: false, + }, + { + Name: "OIDC config isnot defined", + Settings: &ArgoCDSettings{}, + ExpectedResult: false, + }, + } + + for _, tc := range testCases { + t.Run(tc.Name, func(t *testing.T) { + result := tc.Settings.UseAzureWorkloadIdentity() + require.Equal(t, tc.ExpectedResult, result) + }) + } +} + func TestIsImpersonationEnabled(t *testing.T) { // When there is no argocd-cm itself, // Then IsImpersonationEnabled() must return false (default value) and an error with appropriate error message. diff --git a/util/test/testutil.go b/util/test/testutil.go index 0da029fdae023..0a30036e73d3c 100644 --- a/util/test/testutil.go +++ b/util/test/testutil.go @@ -7,6 +7,7 @@ import ( "net/http" "net/http/httptest" "testing" + "time" "github.com/go-jose/go-jose/v3" "github.com/golang-jwt/jwt/v5" @@ -148,7 +149,7 @@ func GetDexTestServer(t *testing.T) *httptest.Server { return ts } -func oidcMockHandler(t *testing.T, url string) func(http.ResponseWriter, *http.Request) { +func oidcMockHandler(t *testing.T, url string, tokenRequestPreHandler func(r *http.Request)) func(http.ResponseWriter, *http.Request) { t.Helper() return func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json") @@ -196,6 +197,16 @@ func oidcMockHandler(t *testing.T, url string) func(http.ResponseWriter, *http.R require.NoError(t, err) _, err = w.Write(out) require.NoError(t, err) + case "/token": + if tokenRequestPreHandler != nil { + tokenRequestPreHandler(r) + } + response, err := mockTokenEndpointResponse(url) + require.NoError(t, err) + out, err := json.Marshal(response) + require.NoError(t, err) + _, err = w.Write(out) + require.NoError(t, err) default: w.WriteHeader(http.StatusNotFound) } @@ -208,7 +219,53 @@ func GetOIDCTestServer(t *testing.T) *httptest.Server { // Start with a placeholder. We need the server URL before setting up the real handler. })) ts.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - oidcMockHandler(t, ts.URL)(w, r) + oidcMockHandler(t, ts.URL, nil)(w, r) + }) + return ts +} + +func GetAzureOIDCTestServer(t *testing.T, tokenRequestPreHandler func(r *http.Request)) *httptest.Server { + t.Helper() + ts := httptest.NewTLSServer(http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) { + // Start with a placeholder. We need the server URL before setting up the real handler. + })) + ts.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + oidcMockHandler(t, ts.URL, tokenRequestPreHandler)(w, r) }) return ts } + +type TokenResponse struct { + AccessToken string `json:"access_token"` + TokenType string `json:"token_type"` + ExpiresIn int `json:"expires_in"` + IDToken string `json:"id_token"` + RefreshToken string `json:"refresh_token"` +} + +func mockTokenEndpointResponse(issuer string) (TokenResponse, error) { + token, err := generateJWTToken(issuer) + return TokenResponse{ + AccessToken: token, + TokenType: "Bearer", + ExpiresIn: 3600, + IDToken: token, + RefreshToken: token, + }, err +} + +// Helper function to generate a JWT token +func generateJWTToken(issuer string) (string, error) { + token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ + "sub": "1234567890", + "name": "John Doe", + "iat": time.Now().Unix(), + "iss": issuer, + "exp": time.Now().Add(time.Hour).Unix(), // Set the expiration time + }) + tokenString, err := token.SignedString([]byte("secret")) + if err != nil { + return "", err + } + return tokenString, nil +} diff --git a/util/util.go b/util/util.go index 2f3a458f9979b..7046d9480b295 100644 --- a/util/util.go +++ b/util/util.go @@ -2,7 +2,10 @@ package util import ( "crypto/rand" + "crypto/sha256" "encoding/base64" + "encoding/hex" + "fmt" corev1 "k8s.io/api/core/v1" ) @@ -30,3 +33,15 @@ func SecretCopy(secrets []*corev1.Secret) []*corev1.Secret { } return secretsCopy } + +// GenerateCacheKey generates a cache key based on a format string and arguments +func GenerateCacheKey(format string, args ...any) (string, error) { + h := sha256.New() + _, err := h.Write([]byte(fmt.Sprintf(format, args...))) + if err != nil { + return "", err + } + + key := hex.EncodeToString(h.Sum(nil)) + return key, nil +} diff --git a/util/util_test.go b/util/util_test.go index d249e47182e82..bbc41f0d13439 100644 --- a/util/util_test.go +++ b/util/util_test.go @@ -1,6 +1,7 @@ package util_test import ( + "fmt" "testing" "github.com/stretchr/testify/assert" @@ -80,3 +81,52 @@ func TestSecretCopy(t *testing.T) { }) } } + +// TestGenerateCacheKey tests the GenerateCacheKey function +func TestGenerateCacheKey(t *testing.T) { + // Define test cases + testCases := []struct { + format string + args []any + expected string + shouldErr bool + }{ + { + format: "Hello %s", + args: []any{"World"}, + expected: "a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b57b277d9ad9f146e", + shouldErr: false, + }, + { + format: "", + args: []any{}, + expected: "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + shouldErr: false, + }, + { + format: "Number: %d", + args: []any{123}, + expected: "665fb090bf37fa3cbba9b92b9f82e6fa4bb851bad4c0a0a6edfb0aefa542150b", + shouldErr: false, + }, + // Add more test cases as needed + } + + for _, tc := range testCases { + t.Run(fmt.Sprintf("format=%s args=%v", tc.format, tc.args), func(t *testing.T) { + key, err := util.GenerateCacheKey(tc.format, tc.args...) + if tc.shouldErr { + if err == nil { + t.Fatalf("expected error but got none") + } + return + } + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if key != tc.expected { + t.Fatalf("expected %s but got %s", tc.expected, key) + } + }) + } +} diff --git a/util/workloadidentity/mocks/TokenProvider.go b/util/workloadidentity/mocks/TokenProvider.go new file mode 100644 index 0000000000000..f2ddd48911c92 --- /dev/null +++ b/util/workloadidentity/mocks/TokenProvider.go @@ -0,0 +1,52 @@ +// Code generated by mockery v2.43.2. DO NOT EDIT. + +package mocks + +import mock "github.com/stretchr/testify/mock" + +// TokenProvider is an autogenerated mock type for the TokenProvider type +type TokenProvider struct { + mock.Mock +} + +// GetToken provides a mock function with given fields: scope +func (_m *TokenProvider) GetToken(scope string) (string, error) { + ret := _m.Called(scope) + + if len(ret) == 0 { + panic("no return value specified for GetToken") + } + + var r0 string + var r1 error + if rf, ok := ret.Get(0).(func(string) (string, error)); ok { + return rf(scope) + } + if rf, ok := ret.Get(0).(func(string) string); ok { + r0 = rf(scope) + } else { + r0 = ret.Get(0).(string) + } + + if rf, ok := ret.Get(1).(func(string) error); ok { + r1 = rf(scope) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewTokenProvider creates a new instance of TokenProvider. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewTokenProvider(t interface { + mock.TestingT + Cleanup(func()) +}) *TokenProvider { + mock := &TokenProvider{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/util/workloadidentity/workloadidentity.go b/util/workloadidentity/workloadidentity.go new file mode 100644 index 0000000000000..64871fb201a79 --- /dev/null +++ b/util/workloadidentity/workloadidentity.go @@ -0,0 +1,45 @@ +package workloadidentity + +import ( + "context" + + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" +) + +const ( + EmptyGuid = "00000000-0000-0000-0000-000000000000" +) + +type TokenProvider interface { + GetToken(scope string) (string, error) +} + +type WorkloadIdentityTokenProvider struct { + tokenCredential azcore.TokenCredential +} + +// Used to propagate initialization error if any +var initError error + +func NewWorkloadIdentityTokenProvider() TokenProvider { + cred, err := azidentity.NewDefaultAzureCredential(&azidentity.DefaultAzureCredentialOptions{}) + initError = err + return WorkloadIdentityTokenProvider{tokenCredential: cred} +} + +func (c WorkloadIdentityTokenProvider) GetToken(scope string) (string, error) { + if initError != nil { + return "", initError + } + + token, err := c.tokenCredential.GetToken(context.Background(), policy.TokenRequestOptions{ + Scopes: []string{scope}, + }) + if err != nil { + return "", err + } + + return token.Token, nil +} diff --git a/util/workloadidentity/workloadidentity_test.go b/util/workloadidentity/workloadidentity_test.go new file mode 100644 index 0000000000000..6e16f8d82926d --- /dev/null +++ b/util/workloadidentity/workloadidentity_test.go @@ -0,0 +1,60 @@ +package workloadidentity + +import ( + "context" + "errors" + "testing" + + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +type MockTokenCredential struct { + mockedToken string + mockedError error +} + +func (c MockTokenCredential) GetToken(_ context.Context, _ policy.TokenRequestOptions) (azcore.AccessToken, error) { + return azcore.AccessToken{Token: c.mockedToken}, c.mockedError +} + +func TestNewWorkloadIdentityTokenProvider_Success(t *testing.T) { + // Replace the initialization with the mock + initError = nil + provider := WorkloadIdentityTokenProvider{tokenCredential: MockTokenCredential{}} + + // Test the NewWorkloadIdentityTokenProvider function + _, err := provider.GetToken("https://management.core.windows.net/.default") + require.NoError(t, err, "Expected no error from GetToken") +} + +func TestGetToken_Success(t *testing.T) { + initError = nil + provider := WorkloadIdentityTokenProvider{tokenCredential: MockTokenCredential{mockedToken: "mocked_token"}} + scope := "https://management.core.windows.net/.default" + + token, err := provider.GetToken(scope) + require.NoError(t, err, "Expected no error from GetToken") + assert.Equal(t, "mocked_token", token, "Expected token to match") +} + +func TestGetToken_Failure(t *testing.T) { + initError = nil + provider := WorkloadIdentityTokenProvider{tokenCredential: MockTokenCredential{mockedToken: "mocked_token", mockedError: errors.New("Expected error from GetToken")}} + scope := "https://management.core.windows.net/.default" + + token, err := provider.GetToken(scope) + require.Error(t, err, "Expected error from GetToken") + assert.Empty(t, token, "Expected token to be empty on error") +} + +func TestGetToken_InitError(t *testing.T) { + initError = errors.New("initialization error") + provider := WorkloadIdentityTokenProvider{tokenCredential: MockTokenCredential{mockedToken: "mocked_token", mockedError: errors.New("Expected error from GetToken")}} + + token, err := provider.GetToken("https://management.core.windows.net/.default") + require.Error(t, err, "Expected error from GetToken due to initialization error") + assert.Empty(t, token, "Expected token to be empty on initialization error") +}