From df42bb2594f418386a7793bdee928e96f25050dd Mon Sep 17 00:00:00 2001 From: Nathaniel Jason Date: Fri, 15 Apr 2022 01:31:08 +0700 Subject: [PATCH] implement observe telemetry and alert command Signed-off-by: Nathaniel Jason minor fix code sequence Signed-off-by: Nathaniel Jason initial feature for observe command Network Insight support for discovery-engine (#63) * Network insight support Signed-off-by: Eswar Rajan Subramanian update kubearmor protobuf Signed-off-by: daemon1024 Fix for json and yaml formatting (#67) Signed-off-by: Eswar Rajan Subramanian add limit flag Signed-off-by: slayer321 Remove empty type for json and yaml format (#68) Signed-off-by: Eswar Rajan Subramanian Add labels to alerts/logs (#69) Signed-off-by: Eswar Rajan Subramanian update policy packages to install updated CRDs Signed-off-by: daemon1024 feat: add selector flag to logs Signed-off-by: slayer321 configure audit posture during installation Signed-off-by: daemon1024 updated deployment to get kubearmor hostname fix Ref: kubearmor/kubearmor#736 Signed-off-by: Rahul Jadhav add controller installation to karmor (#65) Support input files that contain multiple VM host/network policies (#83) Signed-off-by: Wazir Ahmed Synched with /vmlist response format changes in kvm-service (#82) Signed-off-by: Wazir Ahmed Upgrade go.mo/go.sum to support latest version of discovery-engine Signed-off-by: Eswar Rajan Subramanian added selfupdate support `karmor selfupdate` to auto update karmor to latest one Signed-off-by: Rahul Jadhav added support for --force `--force` will remove all kubearmor annotations from all the deployments. Signed-off-by: Rahul Jadhav updates to go.mod/sum Signed-off-by: Rahul Jadhav releaser update Signed-off-by: Rahul Jadhav updated README Signed-off-by: Rahul Jadhav event channel support External tools might want to handle events as and when they arrive. Currently, karmor simply prints the events to stdout. Now the API is added support to export the events on a channel to external tool. Needed this for kubearmor auto test framework. Signed-off-by: Rahul Jadhav added unit-tests in CI Signed-off-by: Rahul Jadhav refactored description removed unnecessary text. install: autodetect bottlerocket env Signed-off-by: daemon1024 log: refactor telemetry helper - handle alert and logs in same helper - future proof output for telemetry events fields - modify tests to demo suggested usage Signed-off-by: daemon1024 changed the EventChan exported data; fixed lints Signed-off-by: Rahul Jadhav sysdump issue fixes * gets apparmor profiles from all kubearmor pods * if the exec to kubearmor pod fails, handle the failure graciously and get other information Closes: #95 Signed-off-by: Rahul Jadhav sysdump output file * certain platforms do not allow colons to be part of filename (faced problem on GH action while uploading artifacts) * ability to explicitly specify output file name Signed-off-by: Rahul Jadhav ignore err if kubearmor daemonset not found using `karmor sysdump` in the context of dev env causes problem since kubearmor is not running in daemonset mode. Signed-off-by: Rahul Jadhav Add cri-o in environment for karmor (#98) add observe alert command Signed-off-by: Nathaniel Jason add help message for invalid key on custom columns Signed-off-by: Nathaniel Jason add filter on listen alerts Signed-off-by: Nathaniel Jason fix timestamp formatting on observe telemetry Signed-off-by: Nathaniel Jason update deployment package to use init container (#108) update deployment package to fix generic env installation Signed-off-by: daemon1024 install: Add flag to just save manifest and not install New flag to save the KubeArmor Manifest file for the cluster env without installing Also fixed panic when Nodes aren't available for environment detection Signed-off-by: daemon1024 sysdump even if kubearmor pods are not found currently, the sysdump expects the kubearmor daemon + pods to be mandatorily present in the k8s. If not present, the sysdump errors out and no zip file is produced. karmor sysdump could also be used in cases where the user might just want to provide the snapshot of current k8s cluster on which they intend to deploy kubearmor. Similarly, sysdump is used in the context where kubearmor might be used in host process mode (for e.g, dev env). Signed-off-by: Rahul Jadhav check if key value exists in map Signed-off-by: rk Added progression bar, Added time wait status check for all kubearmor-app pods, Added execution time counter, Added cursor animation, Added emojis. Update install/install.go Co-authored-by: Rahul Jadhav Update install/install.go Co-authored-by: Barun Acharya Update install/install.go Co-authored-by: Rahul Jadhav Update install/install.go Co-authored-by: Rahul Jadhav Done changes Changes proposed were made Update install/install.go Co-authored-by: Rahul Jadhav create probe utility, probe host for observability/audit Signed-off-by: essietom squash all commits for karmor probe utility rename methods properly Signed-off-by: essietom check supported enforcement for host Signed-off-by: essietom correct print output Signed-off-by: essietom rrefactor code to remove redundancy Signed-off-by: essietom format text output Signed-off-by: essietom check node observability support Signed-off-by: essietom refactor code Signed-off-by: essietom refactor code Signed-off-by: essietom refactor code Signed-off-by: essietom refactor code Signed-off-by: essietom remove non probe commits Signed-off-by: essietom probe deployment Signed-off-by: essietom handle error from bold text Signed-off-by: essietom refactor code, check bpf support in lsm, check lib module in kernel header Signed-off-by: essietom format code fix indentation Signed-off-by: essietom add licence identifier Signed-off-by: essietom ci: check if any files are unformatted gofmt doesn't error it incase files are unformatted so we manually check if the output filelist contains any files or not Signed-off-by: daemon1024 chore: handle fmt and linter error/warnings Signed-off-by: daemon1024 uninstall: uninstall CRD only if force option is used Signed-off-by: daemon1024 Add info emoji when resource already exists Signed-off-by: daemon1024 add support for handling un-orchestrated containers Signed-off-by: Ankur Kothiwal fix sysname error and os probe support Signed-off-by: essietom remove redundant space Signed-off-by: essietom put back comment Signed-off-by: essietom put comment Signed-off-by: essietom fix animation flag revert animation flag removal in introduced #120 Signed-off-by: daemon1024 policy recommend option for karmor Signed-off-by: Rahul Jadhav report handling in text format Signed-off-by: Rahul Jadhav fix: blank policy check Signed-off-by: slayer321 remove extra spaces during karmor install Signed-off-by: Anurag <81210977+kranurag7@users.noreply.github.com> Configure Renovate (#127) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Rudraksh Pareek update go modules Signed-off-by: Ankur Kothiwal Enable system summary in karmor Signed-off-by: Eswar Rajan Subramanian Update cmd/summary.go Co-authored-by: Rahul Jadhav fix package version (#153) Signed-off-by: achref ben saad Signed-off-by: achref ben saad probe when kubearmor is running Signed-off-by: essietom remove ioutil Signed-off-by: Esther Adenekan fix go sec and fmt error Signed-off-by: Esther Adenekan fix go sec error Signed-off-by: Esther Adenekan fix go sec error Signed-off-by: Esther Adenekan add karmor probe description to readme Signed-off-by: Esther Adenekan update karmor probe description in cmd Signed-off-by: Esther Adenekan get policy for each annotated pod, output active lsm Signed-off-by: Esther Adenekan get active lsm only Signed-off-by: Esther Adenekan fix fmt error and run go mod tidy Signed-off-by: Esther Adenekan fix fmt error Signed-off-by: Esther Adenekan handle error Signed-off-by: Esther Adenekan fix fmt error and handle error Signed-off-by: Esther Adenekan fix fmt error and handle error Signed-off-by: Esther Adenekan get container and host default posture Signed-off-by: Esther Adenekan fix fmt error Signed-off-by: Esther Adenekan fix formatting Signed-off-by: Esther Adenekan leverage table for printing output Signed-off-by: Esther Adenekan format space and handle error Signed-off-by: Esther Adenekan leverage table for formating output Signed-off-by: Esther Adenekan add detailed description in probe help Signed-off-by: Esther Adenekan format help info Signed-off-by: Esther Adenekan format text Signed-off-by: Esther Adenekan fix fmt error Signed-off-by: Esther Adenekan fix typo errors and refactor code Signed-off-by: Esther Adenekan refactor get container method Signed-off-by: Esther Adenekan group annotated pods by policies and also print annotated pods without policy Signed-off-by: Esther Adenekan resolve merge conflict Signed-off-by: Esther Adenekan remove redundant return Signed-off-by: Esther Adenekan resolve conflict Signed-off-by: Esther Adenekan fix formatting Signed-off-by: Esther Adenekan Update karmor recommend command - Added condition to check if at least an image is passed as an argument. - If no images are passed, a proper error message is shown in the terminal. Addresses https://github.com/kubearmor/kubearmor-client/issues/112#issuecomment-1216476912 Signed-off-by: vishnusomank Co-authored-by: Barun Acharya fix formatting error in karmor probe Signed-off-by: Esther Adenekan format table Signed-off-by: Esther Adenekan format spaces Signed-off-by: Esther Adenekan format table Signed-off-by: Esther Adenekan remove redundant else statement Signed-off-by: Esther Adenekan Update karmor recommend command with user labels - Added use-labels flag to input labels for policy - Updated the Options struct to include Uselabels field - Updated policy logic to include ownerOnly flag if its enabled in Rules.json - Updated policy logic to include user defined labels - Removing lint warnings Addresses kubearmor#112 (comment) Signed-off-by: vishnusomank recommend: Removed hardcoded recursive flag from policy generation Signed-off-by: Wazir Ahmed recommend: Converted rules spec file to YAML format Signed-off-by: Wazir Ahmed fix(deps): update github.com/kubearmor/kubearmor/deployments digest to 23f39cf Fixed broken link in README (#164) Signed-off-by: Kanha Kesarwani Update karmor recommend command to include namespace - Added use-namespace flag to input namespace - Change policy name from default to container specific [ [NAMESPACE-]CONTAINERIMGNAME-POLICY-NAME ] Addresses: https://github.com/kubearmor/kubearmor-client/issues/112#issuecomment-1216476912 Signed-off-by: vishnusomank Update recommend/policy.go: Changed condition to check for non-empty namespace string Co-authored-by: Wazir Ahmed Update cmd/recommend.go: remove shorthand flags for labels and namespace recommend: Added processRule support Signed-off-by: Wazir Ahmed recommend: Added examples for processRule Signed-off-by: Wazir Ahmed probe: update kernel header check - We now check for either BTF Information or Kernel Headers. - recreate the daemonset without relevant mounts if error while mounting kernel headers probe - refactored exec into pod logic Signed-off-by: daemon1024 Update karmor recommend with network rules - Added networkRule struct - Added function to create network rules - Updated checkPreconditions function to remove static check warning Addresses: https://github.com/kubearmor/kubearmor-client/issues/112#issuecomment-1216476912 Signed-off-by: vishnusomank Added CLI options for kubeconfig file and context Signed-off-by: Wazir Ahmed Add filter RequestType for process/file/nw summary (#169) Signed-off-by: Eswar Rajan Subramanian recommend: Support for k8s manifest - Fetch deployments from k8s based on given namespace & labels - Get the images used by the deployment - Generate policy for each image based on rules.yaml Signed-off-by: Wazir Ahmed Enable aggregation in kubearmor summary (#171) Signed-off-by: Eswar Rajan Subramanian recommend: Handle image names with sha256 digests Fixes #174 Signed-off-by: Wazir Ahmed Display PodInfo in table format (#178) Signed-off-by: Eswar Rajan Subramanian recommend runtime policy using karmor - Added the ability to query the discovery engine to get summary details - Added the ability to create dynamic policy based on k8s service account access data from the discovery engine - Added support for the creation of a single policy with multiple rules - Optimised the function to include details of generated policies on the report file Addresses https://github.com/kubearmor/kubearmor-client/issues/112#issuecomment-1216476912 Signed-off-by: vishnusomank Modify Incoming/Outgoing display string to Ingress/Egress in summary Signed-off-by: Eswar Rajan Subramanian karmor recommend: handling policy-templates - Updated `policy recommend` with `--update` flag - Added functions to check for new policy-template releases - Added functions to generate rules.yaml from metadata.yaml in policy-templates - Updated policy creation logic will select embeded rules.yaml if it cannot generate rules.yaml from policy-templates - Updated rules structure to include policy-template policies - Updated runtime policy generation logic - added ability to continue generate policies from rules.yaml even if runtime policy generation fails - Included `and operation` on preconditions while creating policy - Updated code to use existing rules.yaml if user doesnt want to downlaod policy-templates Fixes: https://github.com/kubearmor/kubearmor-client/issues/176 Signed-off-by: vishnusomank karmor recommend: policy-template fix - Added option to show latest version on policy-template update warning - Updated logic to create runtime policy to block access to serviceaccount Signed-off-by: vishnusomank `karmor recommend` enhancement and bug fix - Updated table writer summary with policy-template version and output directory path - Removed relative policy path from table writer to avoid clutter - Performance improvement in policy recommendation - Added metadata for runtime serviceaccount access policies Fixes: https://github.com/kubearmor/kubearmor-client/issues/186 https://github.com/kubearmor/kubearmor-client/issues/187 Signed-off-by: vishnusomank Adding count/updatedTime for kubearmor ingress/egress Signed-off-by: Eswar Rajan Subramanian revert changes Signed-off-by: Nathaniel Jason improve help message for observe command Signed-off-by: Nathaniel Jason improve observe command network error handling Signed-off-by: Nathaniel Jason --- .github/workflows/ci-go.yml | 14 + .gitignore | 1 + .goreleaser.yaml | 2 +- Makefile | 13 +- README.md | 39 +- cmd/insight.go | 7 +- cmd/install.go | 4 + cmd/log.go | 2 + cmd/observe.go | 49 +++ cmd/observe_alert.go | 34 ++ cmd/probe.go | 38 ++ cmd/recommend.go | 52 +++ cmd/root.go | 6 + cmd/rotate-tls.go | 25 ++ cmd/selfupdate.go | 26 ++ cmd/summary.go | 36 ++ cmd/sysdump.go | 5 +- cmd/uninstall.go | 1 + cmd/vm.go | 9 +- deployment/probedeployment.go | 138 ++++++ discover/discover.go | 23 +- get/get.go | 1 + go.mod | 136 +++--- go.sum | 776 ++++++++++++---------------------- insight/insight.go | 22 +- install/customResource.go | 17 +- install/defaults.go | 1 - install/install.go | 517 ++++++++++++++++++---- install/pki.go | 121 ++++++ k8s/client.go | 15 +- log/log.go | 79 ++-- log/logClient.go | 393 +++++++++-------- log/logClient_test.go | 78 ++++ main.go | 1 + observe/observe_alert.go | 85 ++++ observe/observe_telemetry.go | 156 +++++++ probe/probe.go | 673 +++++++++++++++++++++++++++++ recommend/html/footer.html | 2 + recommend/html/header.html | 67 +++ recommend/html/record.html | 20 + recommend/html/sectend.html | 3 + recommend/html/section.html | 17 + recommend/imageHandler.go | 450 ++++++++++++++++++++ recommend/policy.go | 168 ++++++++ recommend/policyRules.go | 80 ++++ recommend/policyTemplates.go | 226 ++++++++++ recommend/recommend.go | 195 +++++++++ recommend/report.go | 80 ++++ recommend/report_html.go | 176 ++++++++ recommend/report_text.go | 112 +++++ recommend/runtimePolicy.go | 126 ++++++ recommend/yaml/distro.yaml | 10 + recommend/yaml/rules.yaml | 207 +++++++++ renovate.json | 11 + rotatetls/rotate-tls.go | 228 ++++++++++ selfupdate/selfupdate.go | 121 ++++++ summary/summary.go | 101 +++++ summary/table.go | 164 +++++++ sysdump/sysdump.go | 137 +++--- version/version.go | 16 +- vm/cilium.go | 3 + vm/label.go | 8 +- vm/onboarding.go | 27 +- vm/policy.go | 121 ++++-- vm/vm.go | 5 + 65 files changed, 5460 insertions(+), 1016 deletions(-) create mode 100644 cmd/observe.go create mode 100644 cmd/observe_alert.go create mode 100644 cmd/probe.go create mode 100644 cmd/recommend.go create mode 100644 cmd/rotate-tls.go create mode 100644 cmd/selfupdate.go create mode 100644 cmd/summary.go create mode 100644 deployment/probedeployment.go create mode 100644 install/pki.go create mode 100644 log/logClient_test.go create mode 100644 observe/observe_alert.go create mode 100644 observe/observe_telemetry.go create mode 100644 probe/probe.go create mode 100644 recommend/html/footer.html create mode 100644 recommend/html/header.html create mode 100644 recommend/html/record.html create mode 100644 recommend/html/sectend.html create mode 100644 recommend/html/section.html create mode 100644 recommend/imageHandler.go create mode 100644 recommend/policy.go create mode 100644 recommend/policyRules.go create mode 100644 recommend/policyTemplates.go create mode 100644 recommend/recommend.go create mode 100644 recommend/report.go create mode 100644 recommend/report_html.go create mode 100644 recommend/report_text.go create mode 100644 recommend/runtimePolicy.go create mode 100644 recommend/yaml/distro.yaml create mode 100644 recommend/yaml/rules.yaml create mode 100644 renovate.json create mode 100644 rotatetls/rotate-tls.go create mode 100644 selfupdate/selfupdate.go create mode 100644 summary/summary.go create mode 100644 summary/table.go create mode 100644 vm/vm.go diff --git a/.github/workflows/ci-go.yml b/.github/workflows/ci-go.yml index 85737621..ceaeaebe 100644 --- a/.github/workflows/ci-go.yml +++ b/.github/workflows/ci-go.yml @@ -56,3 +56,17 @@ jobs: uses: morphy2k/revive-action@v2 with: path: "./..." + + unit-tests: + runs-on: ubuntu-latest + steps: + - name: Checkout Source + uses: actions/checkout@v2 + + - uses: actions/setup-go@v2 + with: + go-version: v1.18 + + - name: Run unit tests + run: make test + diff --git a/.gitignore b/.gitignore index 72516964..cd1dd827 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ *.dylib kubearmor* karmor +out/ # Test binary, built with `go test -c` *.test diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 30274084..acbfd84f 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -8,6 +8,6 @@ builds: goarch: - amd64 - arm64 - ldflags: -w -s -X github.com/kubearmor/kubearmor-client/version.BuildDate={{.Date}} -X github.com/kubearmor/kubearmor-client/version.GitSummary={{.Version}} + ldflags: -w -s -X github.com/kubearmor/kubearmor-client/selfupdate.BuildDate={{.Date}} -X github.com/kubearmor/kubearmor-client/selfupdate.GitSummary={{.Version}} env: - CGO_ENABLED=0 diff --git a/Makefile b/Makefile index e739ede6..4363ed53 100644 --- a/Makefile +++ b/Makefile @@ -5,16 +5,20 @@ CURDIR := $(shell pwd) INSTALLDIR := $(shell go env GOPATH)/bin/ ifeq (, $(shell which govvv)) -$(shell go get github.com/ahmetb/govvv@latest) +$(shell go install github.com/ahmetb/govvv@latest) endif -PKG := $(shell go list ./version) +PKG := $(shell go list ./selfupdate) GIT_INFO := $(shell govvv -flags -pkg $(PKG)) .PHONY: build build: cd $(CURDIR); go mod tidy; CGO_ENABLED=0 go build -ldflags "-w -s ${GIT_INFO}" -o karmor +.PHONY: debug +debug: + cd $(CURDIR); go mod tidy; CGO_ENABLED=0 go build -ldflags "${GIT_INFO}" -o karmor + .PHONY: install install: build install -m 0755 karmor $(DESTDIR)$(INSTALLDIR) @@ -23,6 +27,10 @@ install: build clean: cd $(CURDIR); rm -f karmor +.PHONY: test +test: + cd $(CURDIR); go test -v ./... + .PHONY: protobuf vm-protobuf: cd $(CURDIR)/vm/protobuf; protoc --proto_path=. --go_opt=paths=source_relative --go_out=plugins=grpc:. vm.proto @@ -30,6 +38,7 @@ vm-protobuf: .PHONY: gofmt gofmt: cd $(CURDIR); gofmt -s -d $(shell find . -type f -name '*.go' -print) + cd $(CURDIR); test -z "$(shell gofmt -s -l $(shell find . -type f -name '*.go' -print) | tee /dev/stderr)" .PHONY: golint golint: diff --git a/README.md b/README.md index b114296b..3831fb44 100644 --- a/README.md +++ b/README.md @@ -1,28 +1,16 @@ -# kArmor +# karmor -**kArmor** is a CLI client to help manage [KubeArmor](github.com/kubearmor/KubeArmor). - -KubeArmor is a container-aware runtime security enforcement system that -restricts the behavior (such as process execution, file access, and networking -operation) of containers at the system level. +**karmor** is a client tool to help manage [KubeArmor](https://github.com/kubearmor/KubeArmor). ## Installation -The following sections show how to install the kArmor. It can be installed either from source, or from pre-built binary releases. - -### From Script - -kArmor has an installer script that will automatically grab the latest version of kArmor and install it locally. - ``` -curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sudo sh -s -- -b /usr/local/bin +curl -sfL http://get.kubearmor.io/ | sudo sh -s -- -b /usr/local/bin ``` -The binary will be installed in `/usr/local/bin` folder. +### Installing from Source -### From Source - -Building kArmor from source is slightly more work, but is the best way to go if you want to test the latest (pre-release) kArmor version. +Build karmor from source if you want to test the latest (pre-release) karmor version. ``` git clone https://github.com/kubearmor/kubearmor-client.git @@ -35,23 +23,28 @@ make install ``` CLI Utility to help manage KubeArmor +KubeArmor is a container-aware runtime security enforcement system that +restricts the behavior (such as process execution, file access, and networking +operation) of containers at the system level. + Usage: karmor [command] Available Commands: - completion generate the autocompletion script for the specified shell + completion Generate the autocompletion script for the specified shell + discover Discover applicable policies get Display specified resources help Help about any command + insight Policy insight from discovery engine install Install KubeArmor in a Kubernetes Cluster log Observe Logs from KubeArmor + rotate-tls Rotate webhook controller tls certificates + selfupdate selfupdate this cli tool sysdump Collect system dump information for troubleshooting and error report uninstall Uninstall KubeArmor from a Kubernetes Cluster version Display version information - vm VM commands - -Available VM SubCommands: - getscript download vm installation script for nonk8s control plane - policy policy handling for vm nonk8s control plane + vm VM commands for kvmservice + probe Checks for supported kubearmor features in the current environment Flags: -h, --help help for karmor diff --git a/cmd/insight.go b/cmd/insight.go index c3de3068..46f5b8d4 100644 --- a/cmd/insight.go +++ b/cmd/insight.go @@ -13,8 +13,8 @@ var insightOptions insight.Options // insightCmd represents the insight command var insightCmd = &cobra.Command{ Use: "insight", - Short: "Observe policy from the discovery engine", - Long: `Observe policy from the discovery engine`, + Short: "Policy insight from discovery engine", + Long: `Policy insight from discovery engine`, RunE: func(cmd *cobra.Command, args []string) error { if err := insight.StartInsight(insightOptions); err != nil { return err @@ -27,9 +27,12 @@ func init() { rootCmd.AddCommand(insightCmd) insightCmd.Flags().StringVar(&insightOptions.GRPC, "gRPC", "", "gRPC server information") + insightCmd.Flags().StringVar(&insightOptions.Source, "source", "all", "The DB for insight : system|network|all") insightCmd.Flags().StringVar(&insightOptions.Labels, "labels", "", "Labels for resources") insightCmd.Flags().StringVar(&insightOptions.Containername, "containername", "", "Filter according to the Container name") insightCmd.Flags().StringVar(&insightOptions.Clustername, "clustername", "", "Filter according to the Cluster name") insightCmd.Flags().StringVar(&insightOptions.Fromsource, "fromsource", "", "Filter according to the source path") insightCmd.Flags().StringVarP(&insightOptions.Namespace, "namespace", "n", "", "Namespace for resources") + insightCmd.Flags().StringVar(&insightOptions.Type, "type", "", "NW packet type : ingress|egress") + insightCmd.Flags().StringVar(&insightOptions.Rule, "rule", "", "NW packet Rule") } diff --git a/cmd/install.go b/cmd/install.go index 404bb300..75453962 100644 --- a/cmd/install.go +++ b/cmd/install.go @@ -16,6 +16,7 @@ var installCmd = &cobra.Command{ Short: "Install KubeArmor in a Kubernetes Cluster", Long: `Install KubeArmor in a Kubernetes Clusters`, RunE: func(cmd *cobra.Command, args []string) error { + installOptions.Animation = true if err := install.K8sInstaller(client, installOptions); err != nil { return err } @@ -28,4 +29,7 @@ func init() { installCmd.Flags().StringVarP(&installOptions.Namespace, "namespace", "n", "kube-system", "Namespace for resources") installCmd.Flags().StringVarP(&installOptions.KubearmorImage, "image", "i", "kubearmor/kubearmor:stable", "Kubearmor daemonset image to use") + installCmd.Flags().StringVarP(&installOptions.Audit, "audit", "a", "", "Kubearmor Audit Posture Context [all,file,network,capabilities]") + installCmd.Flags().BoolVar(&installOptions.Save, "save", false, "Save KubeArmor Manifest ") + } diff --git a/cmd/log.go b/cmd/log.go index d690cdce..9587f73f 100644 --- a/cmd/log.go +++ b/cmd/log.go @@ -39,4 +39,6 @@ func init() { logCmd.Flags().StringVar(&logOptions.PodName, "pod", "", "name of the pod ") logCmd.Flags().StringVar(&logOptions.Resource, "resource", "", "command used by the user") logCmd.Flags().StringVar(&logOptions.Source, "source", "", "binary used by the system ") + logCmd.Flags().Uint32Var(&logOptions.Limit, "limit", 0, "number of logs you want to see") + logCmd.Flags().StringArrayVarP(&logOptions.Selector, "selector", "l", []string{}, "use the label to get the particular log") } diff --git a/cmd/observe.go b/cmd/observe.go new file mode 100644 index 00000000..70070128 --- /dev/null +++ b/cmd/observe.go @@ -0,0 +1,49 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2021 Authors of KubeArmor + +package cmd + +import ( + "errors" + + "github.com/kubearmor/kubearmor-client/observe" + "github.com/spf13/cobra" +) + +var observeTelemetryOptions observe.TelemetryOptions + +var observeCmd = &cobra.Command{ + Use: "observe", + Short: "Retrieve observabilities data", + Long: "Retrieve observabilities data", + Args: func(cmd *cobra.Command, args []string) error { + if len(args) < 1 { + return errors.New("requires an operation to observe as argument, valid operations are [file|network|process|syscall|alert]") + } + return nil + }, + RunE: func(cmd *cobra.Command, args []string) error { + if err := observe.StartObserveTelemetry(args, observeTelemetryOptions); err != nil { + return err + } + + return nil + }, +} + +func init() { + rootCmd.AddCommand(observeCmd) + + observeCmd.Flags().StringVarP(&observeTelemetryOptions.Namespace, "namespace", "n", "default", "the desired namespace") + observeCmd.Flags().BoolVarP(&observeTelemetryOptions.AllNamespace, "all", "A", false, "the desired namespace") + observeCmd.Flags().StringVarP(&observeTelemetryOptions.Labels, "labels", "l", "", "the labels of the resource") + observeCmd.Flags().BoolVar(&observeTelemetryOptions.ShowLabels, "show-labels", false, "display the labels") + observeCmd.Flags().StringVar(&observeTelemetryOptions.Since, "since", "", "duration of observabilities data to be displayed") + observeCmd.Flags().StringVar( + &observeTelemetryOptions.CustomColumns, + "custom-columns", + "", + "the custom columns of the output, the valid keys are process_name, type, data, host_name, labels, container_image, ppid, cluster_name, parent_process_name, host_ppid, operation, result, created_at, namespace_name, container_name, host_pid, source, resource, pod_name, container_id, pid", + ) + observeCmd.Flags().StringVar(&observeTelemetryOptions.GRPC, "gRPC", "", "gRPC server information") +} diff --git a/cmd/observe_alert.go b/cmd/observe_alert.go new file mode 100644 index 00000000..3c8c717f --- /dev/null +++ b/cmd/observe_alert.go @@ -0,0 +1,34 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2021 Authors of KubeArmor + +package cmd + +import ( + "github.com/kubearmor/kubearmor-client/observe" + "github.com/spf13/cobra" +) + +var observeAlertOptions observe.AlertOptions + +var observeAlertCmd = &cobra.Command{ + Use: "alert", + Short: "Retrieve alert", + Long: "Retrieve alert", + RunE: func(cmd *cobra.Command, args []string) error { + if err := observe.StartObserveAlert(args, observeAlertOptions); err != nil { + return err + } + + return nil + }, +} + +func init() { + observeCmd.AddCommand(observeAlertCmd) + + observeAlertCmd.Flags().StringVarP(&observeAlertOptions.Namespace, "namespace", "n", "", "Specify the namespace") + observeAlertCmd.Flags().StringVar(&observeAlertOptions.Pod, "pod", "", "name of the pod ") + observeAlertCmd.Flags().StringVar(&observeAlertOptions.Container, "container", "", "name of the container ") + observeAlertCmd.Flags().BoolVar(&observeAlertOptions.JSON, "json", false, "Flag to print alerts and logs in the JSON format") + observeAlertCmd.Flags().StringVar(&observeAlertOptions.GRPC, "gRPC", "", "gRPC server information") +} diff --git a/cmd/probe.go b/cmd/probe.go new file mode 100644 index 00000000..1278ee87 --- /dev/null +++ b/cmd/probe.go @@ -0,0 +1,38 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +package cmd + +import ( + "github.com/kubearmor/kubearmor-client/probe" + "github.com/spf13/cobra" +) + +var probeInstallOptions probe.Options + +// probeCmd represents the get command +var probeCmd = &cobra.Command{ + Use: "probe", + Short: "Checks for supported KubeArmor features in the current environment", + Long: `Checks for supported KubeArmor features in the current environment. + +If KubeArmor is not running, it does a precheck to know if kubearmor will be supported in the environment +and what KubeArmor features will be supported e.g: observability, enforcement, etc. + +If KubeArmor is running, It probes which environment KubeArmor is running on (e.g: systemd mode, kubernetes etc.), +the supported KubeArmor features in the environment, the pods being handled by KubeArmor and the policies running on each of these pods`, + RunE: func(cmd *cobra.Command, args []string) error { + if err := probe.PrintProbeResult(client, probeInstallOptions); err != nil { + return err + } + return nil + + }, +} + +func init() { + rootCmd.AddCommand(probeCmd) + probeCmd.Flags().StringVarP(&probeInstallOptions.Namespace, "namespace", "n", "kube-system", "Namespace for resources") + probeCmd.Flags().BoolVar(&probeInstallOptions.Full, "full", false, `If KubeArmor is not running, it deploys a daemonset to have access to more +information on KubeArmor support in the environment and deletes daemonset after probing`) +} diff --git a/cmd/recommend.go b/cmd/recommend.go new file mode 100644 index 00000000..6589ea6c --- /dev/null +++ b/cmd/recommend.go @@ -0,0 +1,52 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +package cmd + +import ( + "github.com/kubearmor/kubearmor-client/recommend" + log "github.com/sirupsen/logrus" + "github.com/spf13/cobra" +) + +var recommendOptions recommend.Options + +// recommendCmd represents the recommend command +var recommendCmd = &cobra.Command{ + Use: "recommend", + Short: "Recommend Policies", + Long: `Recommend policies based on container image, k8s manifest or the actual runtime env`, + RunE: func(cmd *cobra.Command, args []string) error { + if err := recommend.Recommend(client, recommendOptions); err != nil { + return err + } + return nil + }, +} +var updateCmd = &cobra.Command{ + Use: "update", + Short: "Updates policy-template cache", + Long: "Updates the local cache of policy-templates ($HOME/.cache/karmor)", + RunE: func(cmd *cobra.Command, args []string) error { + + if _, err := recommend.DownloadAndUnzipRelease(); err != nil { + return err + } + log.WithFields(log.Fields{ + "Current Version": recommend.CurrentVersion, + }).Info("policy-templates updated") + return nil + }, +} + +func init() { + rootCmd.AddCommand(recommendCmd) + recommendCmd.AddCommand(updateCmd) + + recommendCmd.Flags().StringSliceVarP(&recommendOptions.Images, "image", "i", []string{}, "Container image list (comma separated)") + recommendCmd.Flags().StringSliceVarP(&recommendOptions.Labels, "labels", "l", []string{}, "User defined labels for policy (comma separated)") + recommendCmd.Flags().StringVarP(&recommendOptions.Namespace, "namespace", "n", "", "User defined namespace value for policies") + recommendCmd.Flags().StringVarP(&recommendOptions.OutDir, "outdir", "o", "out", "output folder to write policies") + recommendCmd.Flags().StringVarP(&recommendOptions.ReportFile, "report", "r", "report.txt", "report file") + recommendCmd.Flags().StringSliceVarP(&recommendOptions.Tags, "tag", "t", []string{}, "tags (comma-separated) to apply. Eg. PCI-DSS, MITRE") +} diff --git a/cmd/root.go b/cmd/root.go index 585ced26..a1cfdb97 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -1,6 +1,7 @@ // SPDX-License-Identifier: Apache-2.0 // Copyright 2021 Authors of KubeArmor +// Package cmd is the collection of all the subcommands available in kArmor while providing relevant options for the same package cmd import ( @@ -37,6 +38,11 @@ operation) of containers at the system level. SilenceErrors: true, } +func init() { + rootCmd.PersistentFlags().StringVar(&k8s.KubeConfig, "kubeconfig", "", "Path to the kubeconfig file to use") + rootCmd.PersistentFlags().StringVar(&k8s.ContextName, "context", "", "Name of the kubeconfig context to use") +} + // Execute adds all child commands to the root command and sets flags appropriately. // This is called by main.main(). It only needs to happen once to the rootCmd. func Execute() { diff --git a/cmd/rotate-tls.go b/cmd/rotate-tls.go new file mode 100644 index 00000000..ee770a66 --- /dev/null +++ b/cmd/rotate-tls.go @@ -0,0 +1,25 @@ +package cmd + +import ( + "github.com/kubearmor/kubearmor-client/rotatetls" + "github.com/spf13/cobra" +) + +var namespace string +var rotateCmd = &cobra.Command{ + Use: "rotate-tls", + Short: "Rotate webhook controller tls certificates", + Long: `Rotate webhook controller tls certificates`, + RunE: func(cmd *cobra.Command, args []string) error { + if err := rotatetls.RotateTLS(client, namespace); err != nil { + return err + } + return nil + }, +} + +func init() { + rootCmd.AddCommand(rotateCmd) + + rotateCmd.Flags().StringVarP(&namespace, "namespace", "n", "kube-system", "Namespace for resources") +} diff --git a/cmd/selfupdate.go b/cmd/selfupdate.go new file mode 100644 index 00000000..7deda385 --- /dev/null +++ b/cmd/selfupdate.go @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +package cmd + +import ( + "github.com/kubearmor/kubearmor-client/selfupdate" + "github.com/spf13/cobra" +) + +// selfUpdateCmd represents the get command +var selfUpdateCmd = &cobra.Command{ + Use: "selfupdate", + Short: "selfupdate this cli tool", + Long: `selfupdate this cli tool for checking the latest release on the github`, + RunE: func(cmd *cobra.Command, args []string) error { + if err := selfupdate.SelfUpdate(client); err != nil { + return err + } + return nil + }, +} + +func init() { + rootCmd.AddCommand(selfUpdateCmd) +} diff --git a/cmd/summary.go b/cmd/summary.go new file mode 100644 index 00000000..5385f4ac --- /dev/null +++ b/cmd/summary.go @@ -0,0 +1,36 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +package cmd + +import ( + "github.com/kubearmor/kubearmor-client/summary" + "github.com/spf13/cobra" +) + +var summaryOptions summary.Options + +// summaryCmd represents the summary command +var summaryCmd = &cobra.Command{ + Use: "summary", + Short: "Observability from discovery engine", + Long: `Discovery engine keeps the telemetry information from the policy enforcement engines and the karmor connects to it to provide this as observability data`, + RunE: func(cmd *cobra.Command, args []string) error { + if err := summary.Summary(summaryOptions); err != nil { + return err + } + return nil + }, +} + +func init() { + rootCmd.AddCommand(summaryCmd) + summaryCmd.Flags().StringVarP(&summaryOptions.Labels, "labels", "l", "", "Labels") + summaryCmd.Flags().StringVarP(&summaryOptions.Namespace, "namespace", "n", "", "Namespace") + summaryCmd.Flags().StringVarP(&summaryOptions.PodName, "pod", "p", "", "PodName") + summaryCmd.Flags().StringVarP(&summaryOptions.Type, "type", "t", summary.DefaultReqType, "Summary filter type : process|file|network ") + summaryCmd.Flags().StringVar(&summaryOptions.ClusterName, "cluster", "", "Cluster name") + summaryCmd.Flags().StringVar(&summaryOptions.ContainerName, "container", "", "Container name") + summaryCmd.Flags().BoolVar(&summaryOptions.RevDNSLookup, "rev-dns-lookup", false, "Reverse DNS Lookup") + summaryCmd.Flags().BoolVar(&summaryOptions.Aggregation, "agg", false, "Aggregate destination files/folder path") +} diff --git a/cmd/sysdump.go b/cmd/sysdump.go index 614dfca9..f03652e4 100644 --- a/cmd/sysdump.go +++ b/cmd/sysdump.go @@ -8,13 +8,15 @@ import ( "github.com/spf13/cobra" ) +var dumpOptions sysdump.Options + // sysdumpCmd represents the get command var sysdumpCmd = &cobra.Command{ Use: "sysdump", Short: "Collect system dump information for troubleshooting and error report", Long: `Collect system dump information for troubleshooting and error reports`, RunE: func(cmd *cobra.Command, args []string) error { - if err := sysdump.Collect(client); err != nil { + if err := sysdump.Collect(client, dumpOptions); err != nil { return err } return nil @@ -23,4 +25,5 @@ var sysdumpCmd = &cobra.Command{ func init() { rootCmd.AddCommand(sysdumpCmd) + sysdumpCmd.Flags().StringVarP(&dumpOptions.Filename, "file", "f", "", "output file to use") } diff --git a/cmd/uninstall.go b/cmd/uninstall.go index 0d577e8f..a08c9c9a 100644 --- a/cmd/uninstall.go +++ b/cmd/uninstall.go @@ -27,4 +27,5 @@ func init() { rootCmd.AddCommand(uninstallCmd) uninstallCmd.Flags().StringVarP(&uninstallOptions.Namespace, "namespace", "n", "kube-system", "Namespace for resources") + uninstallCmd.Flags().BoolVar(&uninstallOptions.Force, "force", false, "Force remove kubearmor annotations from deployments. (Deployments might be restarted)") } diff --git a/cmd/vm.go b/cmd/vm.go index 2d831327..50e217de 100644 --- a/cmd/vm.go +++ b/cmd/vm.go @@ -12,9 +12,12 @@ import ( var ( scriptOptions vm.ScriptOptions - HTTPIP string // HTTPIP : IP of the http request - HTTPPort string // HTTPPort : Port of the http request - IsKvmsEnv bool + // HTTPIP : IP of the http request + HTTPIP string + // HTTPPort : Port of the http request + HTTPPort string + //IsKvmsEnv : Is kubearmor virtual machine env? + IsKvmsEnv bool ) // vmCmd represents the vm command diff --git a/deployment/probedeployment.go b/deployment/probedeployment.go new file mode 100644 index 00000000..971fa771 --- /dev/null +++ b/deployment/probedeployment.go @@ -0,0 +1,138 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +// Package deployment contains configuration for the daemonset deployment we leverage to probe into k8s cluster +package deployment + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" +) + +// Karmorprobe is the identifier for the daemonset we use to probe into k8s cluster +var Karmorprobe = "karmor-probe" + +// GenerateDaemonSet Function +func GenerateDaemonSet(namespace string, krnhdr bool) *appsv1.DaemonSet { + + var label = map[string]string{ + "kubearmor-app": Karmorprobe, + } + var privileged = bool(true) + var terminationGracePeriodSeconds = int64(30) + var args = []string{ + "while true; do sleep 30; done;", + } + + var volumeMounts = []corev1.VolumeMount{ + { + Name: "lsm-path", //lsm (read-only) + MountPath: "/sys/kernel/security", + ReadOnly: true, + }, + } + + var volumes = []corev1.Volume{ + { + Name: "lsm-path", + VolumeSource: corev1.VolumeSource{ + HostPath: &corev1.HostPathVolumeSource{ + Path: "/sys/kernel/security", + }, + }, + }, + } + + if krnhdr { + volumeMounts = append(volumeMounts, []corev1.VolumeMount{ + { + Name: "lib-modules", //lib modules (read-only) + MountPath: "/lib/modules", + ReadOnly: true, + }, + { + Name: "kernel-header", //kernel header (read-only) + MountPath: "/usr/src", + ReadOnly: true, + }, + }...) + volumes = append(volumes, []corev1.Volume{ + { + Name: "lib-modules", + VolumeSource: corev1.VolumeSource{ + HostPath: &corev1.HostPathVolumeSource{ + Path: "/lib/modules", + }, + }, + }, + { + Name: "kernel-header", + VolumeSource: corev1.VolumeSource{ + HostPath: &corev1.HostPathVolumeSource{ + Path: "/usr/src", + }, + }, + }, + }...) + } + + return &appsv1.DaemonSet{ + TypeMeta: metav1.TypeMeta{ + Kind: "DaemonSet", + APIVersion: "apps/v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: Karmorprobe, + Labels: label, + Namespace: namespace, + }, + Spec: appsv1.DaemonSetSpec{ + Selector: &metav1.LabelSelector{ + MatchLabels: label, + }, + Template: corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: label, + }, + Spec: corev1.PodSpec{ + NodeSelector: map[string]string{ + "kubernetes.io/os": "linux", + }, + Tolerations: []corev1.Toleration{ + { + Operator: "Exists", + Key: "node-role.kubernetes.io/control-plane", + Effect: "NoSchedule", + }, + }, + RestartPolicy: "Always", + Containers: []corev1.Container{ + { + Name: Karmorprobe, + Image: "alpine", + ImagePullPolicy: "Always", + SecurityContext: &corev1.SecurityContext{ + Privileged: &privileged, + }, + Command: []string{ + "/bin/sh", + "-c", + "--", + }, + Args: args, + + VolumeMounts: volumeMounts, + + TerminationMessagePolicy: "File", + TerminationMessagePath: "/dev/termination-log", + }, + }, + TerminationGracePeriodSeconds: &terminationGracePeriodSeconds, + Volumes: volumes, + }, + }, + }, + } +} diff --git a/discover/discover.go b/discover/discover.go index 242fddc5..4dfe8028 100644 --- a/discover/discover.go +++ b/discover/discover.go @@ -1,21 +1,22 @@ // SPDX-License-Identifier: Apache-2.0 // Copyright 2022 Authors of KubeArmor +// Package discover fetches policies from discovery engine package discover import ( "context" - "encoding/json" "errors" "fmt" "os" + "github.com/clarketm/json" "github.com/rs/zerolog/log" + "sigs.k8s.io/yaml" wpb "github.com/accuknox/auto-policy-discovery/src/protobuf/v1/worker" "github.com/accuknox/auto-policy-discovery/src/types" "google.golang.org/grpc" - "sigs.k8s.io/yaml" ) // Options Structure @@ -89,9 +90,10 @@ func ConvertPolicy(o Options) error { str = fmt.Sprintf("%s\n", string(arr)) fmt.Printf("%s", str) } else if o.Format == "yaml" { - yamlarr, _ := yaml.Marshal(policy) - str = fmt.Sprintf("%s\n", string(yamlarr)) - fmt.Printf("%s", str) + arr, _ := json.Marshal(policy) + yamlarr, _ := yaml.JSONToYAML(arr) + str = fmt.Sprintf("%s", string(yamlarr)) + fmt.Printf("%s---\n", str) } else { log.Printf("Currently supported formats are json and yaml\n") break @@ -99,13 +101,11 @@ func ConvertPolicy(o Options) error { } } } else if o.Policy == "system" { - policy := types.KubeArmorPolicy{} - kubearmorpolicy := []types.KubeArmorPolicy{} if len(response.Kubearmorpolicy) > 0 { for _, val := range response.Kubearmorpolicy { - policy = types.KubeArmorPolicy{} + policy := types.KubeArmorPolicy{} err = json.Unmarshal(val.Data, &policy) if err != nil { @@ -121,9 +121,10 @@ func ConvertPolicy(o Options) error { str = fmt.Sprintf("%s\n", string(arr)) fmt.Printf("%s", str) } else if o.Format == "yaml" { - yamlarr, _ := yaml.Marshal(policy) - str = fmt.Sprintf("%s\n", string(yamlarr)) - fmt.Printf("%s", str) + arr, _ := json.Marshal(policy) + yamlarr, _ := yaml.JSONToYAML(arr) + str = fmt.Sprintf("%s", string(yamlarr)) + fmt.Printf("%s---\n", str) } else { fmt.Printf("Currently supported formats are json and yaml\n") break diff --git a/get/get.go b/get/get.go index fe790f8b..337e29e9 100644 --- a/get/get.go +++ b/get/get.go @@ -1,6 +1,7 @@ // SPDX-License-Identifier: Apache-2.0 // Copyright 2021 Authors of KubeArmor +// Package get communicates with CRD Client package get import ( diff --git a/go.mod b/go.mod index afd46eb1..04d206c7 100644 --- a/go.mod +++ b/go.mod @@ -11,38 +11,61 @@ replace ( ) require ( - github.com/accuknox/auto-policy-discovery/src v0.0.0-20220412023742-5df1489d264b - github.com/cilium/cilium v1.10.0 - github.com/kubearmor/KVMService/src/types v0.0.0-20220228115540-2211247620dd - github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20220321102834-0971f727bd8a - github.com/kubearmor/KubeArmor/deployments v0.0.0-20220321102834-0971f727bd8a - github.com/kubearmor/KubeArmor/pkg/KubeArmorHostPolicy v0.0.0-20220321102834-0971f727bd8a - github.com/kubearmor/KubeArmor/pkg/KubeArmorPolicy v0.0.0-20220321102834-0971f727bd8a - github.com/kubearmor/KubeArmor/protobuf v0.0.0-20220321102834-0971f727bd8a + github.com/accuknox/auto-policy-discovery/src v0.0.0-20221004060846-9c120a7390e8 + github.com/blang/semver v3.5.1+incompatible + github.com/cilium/cilium v1.10.13 + github.com/fatih/color v1.13.0 + github.com/clarketm/json v1.17.1 + github.com/docker/docker v20.10.17+incompatible + github.com/fatih/color v1.13.0 + github.com/json-iterator/go v1.1.12 + github.com/kubearmor/KVMService/src/types v0.0.0-20220714130113-b0eba8c9ff34 + github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20220815044951-425f333210e1 + github.com/kubearmor/KubeArmor/deployments v0.0.0-20220902110926-23f39cfa09e5 + github.com/kubearmor/KubeArmor/pkg/KubeArmorHostPolicy v0.0.0-20220620050120-7e1810d2ad41 + github.com/kubearmor/KubeArmor/pkg/KubeArmorPolicy v0.0.0-20220620050120-7e1810d2ad41 + github.com/kubearmor/KubeArmor/protobuf v0.0.0-20220815044951-425f333210e1 github.com/mholt/archiver/v3 v3.5.1 + github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae + github.com/olekukonko/tablewriter v0.0.5 + github.com/rodaine/table v1.0.1 + github.com/rhysd/go-github-selfupdate v1.2.3 + github.com/rodaine/table v1.0.1 github.com/rs/zerolog v1.26.1 + github.com/sirupsen/logrus v1.9.0 github.com/spf13/cobra v1.4.0 - golang.org/x/mod v0.5.1 - golang.org/x/sync v0.0.0-20210220032951-036812b2e83c - google.golang.org/grpc v1.45.0 - google.golang.org/protobuf v1.28.0 - k8s.io/api v0.23.5 + golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e + golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 + golang.org/x/net v0.0.0-20220607020251-c690dde0001d // indirect + golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde + golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f + google.golang.org/genproto v0.0.0-20220815135757-37a418bb8959 // indirect + google.golang.org/grpc v1.48.0 + google.golang.org/protobuf v1.28.1 + k8s.io/api v0.24.3 k8s.io/apiextensions-apiserver v0.22.3 - k8s.io/apimachinery v0.23.5 - k8s.io/cli-runtime v0.22.3 + k8s.io/apimachinery v0.24.3 + k8s.io/cli-runtime v0.24.3 k8s.io/client-go v11.0.0+incompatible sigs.k8s.io/yaml v1.3.0 ) require ( - cloud.google.com/go v0.93.3 // indirect + github.com/cavaliergopher/grab/v3 v3.0.1 + github.com/google/go-github v17.0.0+incompatible + k8s.io/utils v0.0.0-20220812165043-ad590609e2e5 +) + +require ( + cloud.google.com/go/compute v1.7.0 // indirect + github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.22 // indirect github.com/Azure/go-autorest/autorest/adal v0.9.17 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect - github.com/DATA-DOG/go-sqlmock v1.5.0 // indirect + github.com/Microsoft/go-winio v0.5.2 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect github.com/StackExchange/wmi v1.2.1 // indirect @@ -51,13 +74,15 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect - github.com/confluentinc/confluent-kafka-go v1.6.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect + github.com/docker/distribution v2.8.1+incompatible // indirect + github.com/docker/go-connections v0.4.0 // indirect + github.com/docker/go-units v0.4.0 // indirect github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect - github.com/fsnotify/fsnotify v1.5.1 // indirect + github.com/fsnotify/fsnotify v1.5.4 // indirect github.com/go-errors/errors v1.0.1 // indirect - github.com/go-logr/logr v1.2.0 // indirect + github.com/go-logr/logr v1.2.3 // indirect github.com/go-ole/go-ole v1.2.6 // indirect github.com/go-openapi/analysis v0.21.1 // indirect github.com/go-openapi/errors v0.20.1 // indirect @@ -69,87 +94,92 @@ require ( github.com/go-openapi/strfmt v0.21.0 // indirect github.com/go-openapi/swag v0.19.15 // indirect github.com/go-openapi/validate v0.20.3 // indirect - github.com/go-sql-driver/mysql v1.5.0 // indirect github.com/go-stack/stack v1.8.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.1.0 // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/golang/snappy v0.0.4 // indirect github.com/google/btree v1.0.1 // indirect - github.com/google/go-cmp v0.5.6 // indirect + github.com/google/go-cmp v0.5.8 // indirect + github.com/google/go-github/v30 v30.1.0 // indirect + github.com/google/go-querystring v1.0.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.3.0 // indirect github.com/googleapis/gnostic v0.5.5 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect github.com/hashicorp/hcl v1.0.0 // indirect - github.com/imdario/mergo v0.3.12 // indirect + github.com/imdario/mergo v0.3.13 // indirect + github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/josharian/intern v1.0.0 // indirect - github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.13.6 // indirect github.com/klauspost/pgzip v1.2.5 // indirect github.com/kr/pretty v0.3.0 // indirect github.com/kr/text v0.2.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect - github.com/magiconair/properties v1.8.5 // indirect + github.com/magiconair/properties v1.8.6 // indirect github.com/mailru/easyjson v0.7.7 // indirect + github.com/mattn/go-colorable v0.1.9 // indirect + github.com/mattn/go-isatty v0.0.14 // indirect + github.com/mattn/go-colorable v0.1.12 // indirect + github.com/mattn/go-isatty v0.0.14 // indirect + github.com/mattn/go-runewidth v0.0.9 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect - github.com/miekg/dns v1.1.26 // indirect - github.com/mitchellh/mapstructure v1.4.2 // indirect + github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/moby/spdystream v0.2.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect + github.com/morikuni/aec v1.0.0 // indirect github.com/nwaples/rardecode v1.1.0 // indirect github.com/oklog/ulid v1.3.1 // indirect + github.com/opencontainers/go-digest v1.0.0 // indirect + github.com/opencontainers/image-spec v1.0.3-0.20211202193544-a5463b7f9c84 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect - github.com/pelletier/go-toml v1.9.4 // indirect + github.com/pelletier/go-toml v1.9.5 // indirect + github.com/pelletier/go-toml/v2 v2.0.2 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 // indirect github.com/pierrec/lz4/v4 v4.1.2 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/prometheus/client_golang v1.11.0 // indirect + github.com/prometheus/client_golang v1.12.2 // indirect github.com/prometheus/client_model v0.2.1-0.20210607210712-147c58e9608a // indirect github.com/prometheus/common v0.32.1 // indirect github.com/prometheus/procfs v0.7.3 // indirect - github.com/robfig/cron v1.2.0 // indirect github.com/rogpeppe/go-internal v1.8.0 // indirect github.com/sasha-s/go-deadlock v0.3.1 // indirect github.com/shirou/gopsutil/v3 v3.21.10 // indirect - github.com/sirupsen/logrus v1.8.1 // indirect - github.com/spf13/afero v1.6.0 // indirect - github.com/spf13/cast v1.4.1 // indirect + github.com/spf13/afero v1.9.2 // indirect + github.com/spf13/cast v1.5.0 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/spf13/viper v1.9.0 // indirect - github.com/stretchr/testify v1.7.0 // indirect - github.com/subosito/gotenv v1.2.0 // indirect - github.com/ulikunitz/xz v0.5.9 // indirect + github.com/spf13/viper v1.12.0 // indirect + github.com/stretchr/testify v1.7.2 // indirect + github.com/subosito/gotenv v1.4.0 // indirect + github.com/tcnksm/go-gitconfig v0.1.2 // indirect + github.com/ulikunitz/xz v0.5.10 // indirect github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect github.com/xlab/treeprint v1.0.0 // indirect go.mongodb.org/mongo-driver v1.8.4 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect - golang.org/x/crypto v0.0.0-20211215165025-cf75a172585e // indirect - golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect - golang.org/x/oauth2 v0.0.0-20211028175245-ba495a64dcb5 // indirect - golang.org/x/sys v0.0.0-20211103184734-ae416a5f93c7 // indirect - golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect + golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect + golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb // indirect + golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 // indirect golang.org/x/text v0.3.7 // indirect - golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect + golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/ini.v1 v1.64.0 // indirect - gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect + gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect - k8s.io/klog/v2 v2.30.0 // indirect - k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect - k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect - sigs.k8s.io/kustomize/api v0.10.1 // indirect - sigs.k8s.io/kustomize/kyaml v0.13.0 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/klog/v2 v2.70.1 // indirect + k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 // indirect + sigs.k8s.io/kustomize/api v0.11.4 // indirect + sigs.k8s.io/kustomize/kyaml v0.13.6 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect ) + +replace github.com/etcd-io/bbolt => go.etcd.io/bbolt v1.3.5 diff --git a/go.sum b/go.sum index 693604cf..cfb1d7d2 100644 --- a/go.sum +++ b/go.sum @@ -1,9 +1,9 @@ -bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= @@ -16,6 +16,7 @@ cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOY cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= +cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= @@ -23,18 +24,29 @@ cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAV cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= -cloud.google.com/go v0.93.3 h1:wPBktZFzYBcCZVARvwVKqH1uEj+aLXofJEtrb4oOsio= cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= +cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= +cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= +cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA= +cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A= +cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= +cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= +cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= +cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s= +cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= +cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk= +cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/firestore v1.6.0/go.mod h1:afJwI0vaXwAG54kI7A//lP/lSPDkQORQuMkv56TxEPU= +cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -44,13 +56,14 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= +cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v50.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v54.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= +github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= -github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= @@ -85,26 +98,10 @@ github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUM github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= -github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= -github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= -github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= -github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= -github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= -github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= -github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= -github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= -github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= +github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA= +github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= -github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= -github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ= -github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8= -github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg= -github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00= -github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600= -github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= -github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= @@ -115,18 +112,18 @@ github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbt github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= -github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= -github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= github.com/StackExchange/wmi v1.2.1 h1:VIkavFPXSjcnS+O8yTq7NI32k0R5Aj+v39y29VYDOSA= github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= -github.com/accuknox/auto-policy-discovery/src v0.0.0-20220407062502-7a17738e4ebc h1:bmbqlL+2Nu4wnh53a1jq1hyW7KhjSXl3PqcbKtTeCeo= -github.com/accuknox/auto-policy-discovery/src v0.0.0-20220407062502-7a17738e4ebc/go.mod h1:PjyjUUBKD3cfU4a2FlUJfH3b+coUvOS8MovbZtf6xSk= github.com/accuknox/auto-policy-discovery/src v0.0.0-20220412023742-5df1489d264b h1:r4Bw2IznyBivFgu0qrkls3vn+CowjXqtWagxp3qAHk4= github.com/accuknox/auto-policy-discovery/src v0.0.0-20220412023742-5df1489d264b/go.mod h1:PjyjUUBKD3cfU4a2FlUJfH3b+coUvOS8MovbZtf6xSk= -github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= +github.com/accuknox/auto-policy-discovery/src v0.0.0-20220906112453-a79685a5de25 h1:qKWzxf5lfdu26m1zh6f5uskkxxmsjFw40vMBFq/7QCo= +github.com/accuknox/auto-policy-discovery/src v0.0.0-20220906112453-a79685a5de25/go.mod h1:R5eU8iW3k7lPwrycZ0zpe4s0X76IpjJxpHCkSyd7CpY= +github.com/accuknox/auto-policy-discovery/src v0.0.0-20220908062018-731641ea2a8d h1:47SNjljio848XPh4E59WzIYGUIi36TjrI9ZurR4dslg= +github.com/accuknox/auto-policy-discovery/src v0.0.0-20220908062018-731641ea2a8d/go.mod h1:R5eU8iW3k7lPwrycZ0zpe4s0X76IpjJxpHCkSyd7CpY= +github.com/accuknox/auto-policy-discovery/src v0.0.0-20221004060846-9c120a7390e8 h1:FgHgVCj7+WNkQ5fJ0tbiquLbEPLqeeBqFGRj7baMbRw= +github.com/accuknox/auto-policy-discovery/src v0.0.0-20221004060846-9c120a7390e8/go.mod h1:R5eU8iW3k7lPwrycZ0zpe4s0X76IpjJxpHCkSyd7CpY= github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -140,14 +137,11 @@ github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= @@ -155,11 +149,7 @@ github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:o github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= -github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= -github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.34.28/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48= -github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/aws/aws-sdk-go-v2 v1.3.2/go.mod h1:7OaACgj2SX3XGWnrIjGlJM22h6yD6MEWKvm7levnnM8= github.com/aws/aws-sdk-go-v2 v1.3.3/go.mod h1:7OaACgj2SX3XGWnrIjGlJM22h6yD6MEWKvm7levnnM8= github.com/aws/aws-sdk-go-v2/config v1.1.6/go.mod h1:Kx90DDOgkMpRfSkzGbF13AVXHHfBNct1liO+95KxXsU= @@ -171,28 +161,21 @@ github.com/aws/aws-sdk-go-v2/service/sso v1.1.5/go.mod h1:bpGz0tidC4y39sZkQSkpO/ github.com/aws/aws-sdk-go-v2/service/sts v1.3.0/go.mod h1:ssRzzJ2RZOVuKj2Vx1YE7ypfil/BIlgmQnCSW4DistU= github.com/aws/smithy-go v1.3.1/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= -github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= -github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= -github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= -github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= -github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= -github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= -github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= +github.com/cavaliergopher/grab/v3 v3.0.1 h1:4z7TkBfmPjmLAAmkkAZNX/6QJ1nNFdv3SdIHXju0Fr4= +github.com/cavaliergopher/grab/v3 v3.0.1/go.mod h1:1U/KNnD+Ft6JJiYoYBAimKH2XrYptb8Kl3DFGmsjpq4= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= @@ -201,23 +184,20 @@ github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghf github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/cilium/cilium v1.10.0 h1:tjCs7h6hLviYlggx57DiIFB8uoTh1dg1QpbOX8JIfGQ= -github.com/cilium/cilium v1.10.0/go.mod h1:qRN8+/x/22TSTJIKmuRRx4jsNp7XbfGxAbIvTKRcyUo= +github.com/cilium/cilium v1.10.13 h1:ostbTIDt600dKjLyj3I2XdUPdWqwHh/dEHviMVCOv4A= +github.com/cilium/cilium v1.10.13/go.mod h1:+Sa7T3n0zwB6wENdFhKT/GLa5unuviOOQXKsVlAk22s= github.com/cilium/customvet v0.0.0-20201209211516-9852765c1ac4/go.mod h1:MEn5V1CejgUNFP3Y1JKmBC6Mb9TuK53ecHG9lffctFg= github.com/cilium/deepequal-gen v0.0.0-20200406125435-ad6a9003139e/go.mod h1:c4R5wxGyXhbM6zyKeRKNIc9aab5EZi4z4oOSZvUMvZA= -github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg= -github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc= -github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs= -github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/cilium/ebpf v0.5.1-0.20210421150058-a4ee356536f3/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/cilium/ipam v0.0.0-20201106170308-4184bc4bf9d6/go.mod h1:Ascfar4FtgB+K+mwqbZpSb3WVZ5sPFIarg+iAOXNZqI= github.com/cilium/kafka v0.0.0-20180809090225-01ce283b732b/go.mod h1:ktgizta3CPZBKz5uW272SJyjiro0vn4nOVP7Pk4RopA= github.com/cilium/proxy v0.0.0-20210511221533-82a70d56bf32/go.mod h1:mvauc94lqkyJunRsU9Ef5FIsixi8vBeDoxuMYoGBemk= -github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= +github.com/cilium/workerpool v1.1.0/go.mod h1:GOYJhwlnIjR+jWSDNBb5kw47G1H/XA9X4WOBpgr4pQU= +github.com/clarketm/json v1.17.1 h1:U1IxjqJkJ7bRK4L6dyphmoO840P6bdhPdbbLySourqI= +github.com/clarketm/json v1.17.1/go.mod h1:ynr2LRfb0fQU34l07csRNBTcivjySLLiY1YzQqKVfdo= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -227,122 +207,36 @@ github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XP github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= -github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= -github.com/confluentinc/confluent-kafka-go v1.6.1 h1:YxM/UtMQ2vgJX2gIgeJFUD0ANQYTEvfo4Cs4qKUlmGE= -github.com/confluentinc/confluent-kafka-go v1.6.1/go.mod h1:u2zNLny2xq+5rWeTQjFHbDzzNuba4P1vo31r9r4uAdg= -github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE= -github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU= -github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU= -github.com/containerd/aufs v1.0.0/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU= -github.com/containerd/btrfs v0.0.0-20201111183144-404b9149801e/go.mod h1:jg2QkJcsabfHugurUvvPhS3E08Oxiuh5W/g1ybB4e0E= -github.com/containerd/btrfs v0.0.0-20210316141732-918d888fb676/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss= -github.com/containerd/btrfs v1.0.0/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss= -github.com/containerd/cgroups v0.0.0-20190717030353-c4b9ac5c7601/go.mod h1:X9rLEHIqSf/wfK8NsPqxJmeZgW4pcfzdXITDrUSJ6uI= -github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko= -github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM= -github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo= -github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo= -github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE= -github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU= -github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= -github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= -github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE= -github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw= -github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ= -github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.3.1-0.20191213020239-082f7e3aed57/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.4.0-beta.2.0.20200729163537-40b22ef07410/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7V960Tmcumvqn8Mc+pCYQ= -github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU= -github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI= -github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s= -github.com/containerd/containerd v1.5.2/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g= -github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= -github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= -github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= -github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo= -github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y= -github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= -github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM= -github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= -github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= -github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= -github.com/containerd/fifo v0.0.0-20201026212402-0724c46b320c/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= -github.com/containerd/fifo v0.0.0-20210316144830-115abcc95a1d/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4= -github.com/containerd/fifo v1.0.0/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4= -github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU= -github.com/containerd/go-cni v1.0.2/go.mod h1:nrNABBHzu0ZwCug9Ije8hL2xBCYh/pjfMb1aZGrrohk= -github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= -github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= -github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328/go.mod h1:PpyHrqVs8FTi9vpyHwPwiNEGaACDxT/N/pLcvMSRA9g= -github.com/containerd/go-runc v0.0.0-20201020171139-16b287bc67d0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok= -github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok= -github.com/containerd/imgcrypt v1.0.1/go.mod h1:mdd8cEPW7TPgNG4FpuP3sGBiQ7Yi/zak9TYCG3juvb0= -github.com/containerd/imgcrypt v1.0.4-0.20210301171431-0ae5c75f59ba/go.mod h1:6TNsg0ctmizkrOgXRNQjAPFWpMYRWuiB6dSF4Pfa5SA= -github.com/containerd/imgcrypt v1.1.1-0.20210312161619-7ed62a527887/go.mod h1:5AZJNI6sLHJljKuI9IHnw1pWqo/F0nGDOuR9zgTs7ow= -github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJrXQb0Dpc4ms= -github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c= -github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= -github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= -github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= -github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= -github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8= -github.com/containerd/ttrpc v1.0.1/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y= -github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y= -github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc= -github.com/containerd/typeurl v0.0.0-20190911142611-5eb25027c9fd/go.mod h1:GeKYzf2pQcqv7tJ0AoCuuhtnqhva5LNU3U+OyKxxJpk= -github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg= -github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s= -github.com/containerd/zfs v0.0.0-20200918131355-0a33824f23a2/go.mod h1:8IgZOBdv8fAgXddBT4dBXJPtxyRsejFIpXoklgxgEjw= -github.com/containerd/zfs v0.0.0-20210301145711-11e8f1707f62/go.mod h1:A9zfAbMlQwE+/is6hi0Xw8ktpL+6glmqZYtevJgaB8Y= -github.com/containerd/zfs v0.0.0-20210315114300-dde8f0fda960/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY= -github.com/containerd/zfs v0.0.0-20210324211415-d5c4544f0433/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY= -github.com/containerd/zfs v1.0.0/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY= -github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= -github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM= github.com/containernetworking/plugins v0.9.0/go.mod h1:dbWv4dI0QrBGuVgj+TuVQ6wJRZVOhrCQj91YyC92sxg= -github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8= -github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= -github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4= -github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= -github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= -github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= -github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ= github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8= @@ -350,28 +244,23 @@ github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjI github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= -github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= -github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= -github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= -github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= +github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v20.10.17+incompatible h1:JYCuMrWaVNophQTOrMMoSwudOVEfcegoZZrleKc1xwE= +github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= -github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= -github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= -github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI= -github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw= github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/libnetwork v0.0.0-20190128195551-d8d4c8cf03d7/go.mod h1:93m0aTqz6z+g32wla4l4WxTrdtvBRmVzYRkYvasA5Z8= -github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 h1:iFaUwBSo5Svw6L7HYpRu/0lE3e0BaElwnNO1qkNQxBY= github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5/go.mod h1:qssHWj60/X5sZFNxpG4HBPDHVqxNm4DfnCKgrbZOT+s= @@ -379,15 +268,11 @@ github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdf github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eapache/channels v1.1.0/go.mod h1:jMm2qB5Ubtg9zLd+inMZd2/NUvXgzmWXsDaLyQIGfH0= -github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= -github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= -github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -396,6 +281,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= +github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.4.2-0.20210105193028-872b28c45782/go.mod h1:xL5IroIBOR+aTp0IZk48epGwBV3+LcuaosPL0pr0hE0= github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= @@ -405,20 +291,20 @@ github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQL github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= +github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= +github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= +github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= +github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= -github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= +github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.4.10-0.20200417215612-7f4cf4dd2b52/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI= -github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= -github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= -github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY= +github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI= +github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -430,10 +316,8 @@ github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= @@ -441,9 +325,9 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v1.2.0 h1:QK40JKJyMdUDz+h+xvCsru/bJhvG0UxvePV0ufL/AcE= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/zapr v0.4.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= +github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= +github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM= github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= @@ -555,13 +439,10 @@ github.com/go-openapi/validate v0.19.15/go.mod h1:tbn/fdOwYHgrhPBzidZfJC2MIVvs9G github.com/go-openapi/validate v0.20.1/go.mod h1:b60iJT+xNNLfaQJUqLI7946tYiFEOuE9E4k54HpKcJ0= github.com/go-openapi/validate v0.20.3 h1:GZPPhhKSZrE8HjB4eEkoYAZmoWA4+tCemSgINH1/vKw= github.com/go-openapi/validate v0.20.3/go.mod h1:goDdqVGiigM3jChcrYJxD2joalke3ZXeftD16byIjA4= -github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= -github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-stack/stack v1.8.1 h1:ntEHSVwIt7PNXNpgPmVfMrNhLtgjlmnZha2kOpuRiDw= github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY= github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg= @@ -587,19 +468,10 @@ github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWe github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ= github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0= github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= -github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= -github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= -github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= -github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU= -github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -642,7 +514,6 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -652,6 +523,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= +github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= +github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -663,8 +536,16 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= +github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= +github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY= +github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= +github.com/google/go-github/v30 v30.1.0 h1:VLDx+UolQICEOKu2m4uAoMti1SxuEBAl7RSEG16L+Oo= +github.com/google/go-github/v30 v30.1.0/go.mod h1:n8jBpHl45a/rlBUtRJMOG4GhNADUQFEufcolZ95JfU8= +github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk= +github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= @@ -684,6 +565,7 @@ github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= @@ -699,21 +581,23 @@ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= +github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= +github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM= +github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM= +github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= github.com/googleapis/gnostic v0.5.5 h1:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw= github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= +github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= +github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= -github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= -github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= @@ -729,27 +613,19 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= -github.com/hashicorp/consul/api v1.10.1/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms= -github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= -github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -758,33 +634,23 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= -github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/memberlist v0.1.7/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= -github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= -github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/iancoleman/strcase v0.0.0-20180726023541-3605ed457bf7/go.mod h1:SK73tn/9oHe+/Y0h39VT4UCxmurVJkR5NA7kMEAOgSE= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= -github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= +github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= +github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf h1:WfD7VjIE6z8dIvMsI4/s+1qr5EL+zoIGev1BQj1eoJ8= +github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf/go.mod h1:hyb9oH7vZsitZCiBt0ZvifOrB+qc8PS5IiilCIb87rg= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= -github.com/iovisor/gobpf v0.2.0/go.mod h1:WSY9Jj5RhdgC3ci1QaacvbFdQ8cbrEjrpiZbLHLt2s4= github.com/ishidawataru/sctp v0.0.0-20180213033435-07191f837fed/go.mod h1:DM4VvS+hD/kDi1U1QsX2fnZowwBhqD0Dk3bRPKF/Oc8= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= github.com/jeremywohl/flatten v1.0.1/go.mod h1:4AmD/VxjWcI5SRB0n6szE2A6s2fsNHDLO0nAlMHgfLQ= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= @@ -825,9 +691,7 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= -github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= @@ -848,31 +712,28 @@ github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kubearmor/KVMService/src/types v0.0.0-20220228115540-2211247620dd h1:rcPAY2D01jWBhHhRLgENgwlORNuN4nwE9GcXw9yyMwY= -github.com/kubearmor/KVMService/src/types v0.0.0-20220228115540-2211247620dd/go.mod h1:jH95bvc6gzdHxVdyUAx/MM9q27P9EPQUl13HkBO5mr4= -github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20220321102834-0971f727bd8a h1:udzAyYotf55h76Vyk/PcFVBUqS1ixgK91s4biW5tdg4= -github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20220321102834-0971f727bd8a/go.mod h1:XW0GkkQIkPga9V271oIT8aZqklO8z41VvVix6qpt+Zk= -github.com/kubearmor/KubeArmor/deployments v0.0.0-20220321102834-0971f727bd8a h1:VC4oM6SQSxITOjE0wj1hoEl0HhpaKBQXcLX3WGhHHg0= -github.com/kubearmor/KubeArmor/deployments v0.0.0-20220321102834-0971f727bd8a/go.mod h1:cyEhgwG/sKmC6OI0Jgx+4T6/G7YiafcX2OpgSsbZ+b8= -github.com/kubearmor/KubeArmor/pkg/KubeArmorHostPolicy v0.0.0-20220321102834-0971f727bd8a h1:JtVC7JcrTrXQiEEkxZOjcRcRPL7srMoMvLfHsfK7n1E= -github.com/kubearmor/KubeArmor/pkg/KubeArmorHostPolicy v0.0.0-20220321102834-0971f727bd8a/go.mod h1:5r/mNlA5W9ltGM+ZChq+giuI8ZQYC8dApJW5e6e+yjc= -github.com/kubearmor/KubeArmor/pkg/KubeArmorPolicy v0.0.0-20220321102834-0971f727bd8a h1:p1iS9Ejq92nB6UZO2UxvoTNfJ/bgJPaqQQfBUw2Z43o= -github.com/kubearmor/KubeArmor/pkg/KubeArmorPolicy v0.0.0-20220321102834-0971f727bd8a/go.mod h1:/oe9pJ7mmIdcr2TqLTNxAYxXxZBC6N0/Z3toqkEOPbo= -github.com/kubearmor/KubeArmor/protobuf v0.0.0-20211217093440-d99a1cb5f908/go.mod h1:cgV6r6BtsMLSG83kCQtLDL8wuuSaKeYO6TDgSwjwoKA= -github.com/kubearmor/KubeArmor/protobuf v0.0.0-20220321102834-0971f727bd8a h1:YYimZ6uO6cnLQVciHAIIg73Mr4hByzWuDHH23Gz5GGg= -github.com/kubearmor/KubeArmor/protobuf v0.0.0-20220321102834-0971f727bd8a/go.mod h1:cgV6r6BtsMLSG83kCQtLDL8wuuSaKeYO6TDgSwjwoKA= +github.com/kubearmor/KVMService/src/types v0.0.0-20220714130113-b0eba8c9ff34 h1:DYGyMKCPcwbjcS6BAq43USVLlOnUKL72i/OlH32Ecfs= +github.com/kubearmor/KVMService/src/types v0.0.0-20220714130113-b0eba8c9ff34/go.mod h1:jH95bvc6gzdHxVdyUAx/MM9q27P9EPQUl13HkBO5mr4= +github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20220815044951-425f333210e1 h1:AO1TIcEDCQFIN9fEls5bTwM86/7/5kiLpZ8wEkNYiRU= +github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20220815044951-425f333210e1/go.mod h1:eZsn+ZbHGi1e/rIJW7IwYFvOJv8S2YekphskoBcUVOI= +github.com/kubearmor/KubeArmor/deployments v0.0.0-20220902110926-23f39cfa09e5 h1:Z8bcwblMpPRhL3R/4STE8NktiyOyyEW83uynikZZvJ8= +github.com/kubearmor/KubeArmor/deployments v0.0.0-20220902110926-23f39cfa09e5/go.mod h1:MIcoFMLGKjXSxwSIhBaLbp1aYItmNMI2podNwc30bug= +github.com/kubearmor/KubeArmor/pkg/KubeArmorHostPolicy v0.0.0-20220620050120-7e1810d2ad41 h1:qlcrgrK4NAD1tIatGKUgsZUh/TfLXdLfyNwS7wbnKF0= +github.com/kubearmor/KubeArmor/pkg/KubeArmorHostPolicy v0.0.0-20220620050120-7e1810d2ad41/go.mod h1:ihWxQRuta8kGodG9NP4va/s8Se4ZY59yjZVeB/NahMo= +github.com/kubearmor/KubeArmor/pkg/KubeArmorPolicy v0.0.0-20220620050120-7e1810d2ad41 h1:UUe18MML5aPkQUki97K7mdnWofNYHNOJw65FJ/pK1lI= +github.com/kubearmor/KubeArmor/pkg/KubeArmorPolicy v0.0.0-20220620050120-7e1810d2ad41/go.mod h1:8NwuCbDs76/wmWvRnODxpTqdHTX61ovSJ5DBXh22C+w= +github.com/kubearmor/KubeArmor/protobuf v0.0.0-20220815044951-425f333210e1 h1:HOntsSjM0bA7QlFimkSwFMUdxN7i2S9hx2TS/EdPp14= +github.com/kubearmor/KubeArmor/protobuf v0.0.0-20220815044951-425f333210e1/go.mod h1:tsQnbUwJtoeDB4oQiIaBBoOOajwKoQFpKrTHLAeD4F8= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= -github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= -github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4= github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I= github.com/lyft/protoc-gen-star v0.5.1/go.mod h1:9toiA3cC7z5uVbODF7kEQ91Xn7XNFkVUl+SrEe+ZORU= -github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= +github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo= +github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -885,18 +746,24 @@ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= -github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40= +github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= +github.com/mattn/go-colorable v0.1.9 h1:sqDoxXbdeALODt0DAeJCVp38ps9ZogZEAXjus69YV3U= +github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40= +github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= -github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y= +github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= +github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= +github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= @@ -922,13 +789,9 @@ github.com/mdlayher/raw v0.0.0-20190606142536-fef19f00fc18/go.mod h1:7EpbotpCmVZ github.com/mholt/archiver/v3 v3.5.1 h1:rDjOBX9JSF5BvoJGvjqK479aL70qh9DIpZCl+k7Clwo= github.com/mholt/archiver/v3 v3.5.1/go.mod h1:e3dqJ7H78uzsRSEACH1joayhuSyhnonssnDhppzS1L4= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/miekg/dns v1.1.26 h1:gPxPSwALAeHJSjarOs00QjVdV9QoBvc1D2ujQUr5BzU= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= -github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721/go.mod h1:Ickgr2WtCLZ2MDGd4Gr0geeCH5HybhRJbonOgQpvSxc= -github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= -github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= @@ -940,18 +803,14 @@ github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/mapstructure v1.4.2 h1:6h7AQ0yhTcIsmFmnAwQls75jp2Gzs4iB8W7pjMO+rqo= -github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= -github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= +github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= -github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= -github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= -github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ= -github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc= github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A= +github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae h1:O4SWKdcHVCvYqyDV+9CJA1fcDN2L11Bule0iFy3YlAI= +github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -962,166 +821,107 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= +github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= -github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= -github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= -github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= -github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= -github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= -github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nwaples/rardecode v1.1.0 h1:vSxaY8vQhOcVr4mm5e8XllHWTiM4JF507A0Katqw7MQ= github.com/nwaples/rardecode v1.1.0/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= -github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= -github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= +github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= -github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= github.com/onsi/gomega v1.10.5/go.mod h1:gza4q3jKQJijlu05nKWRCW/GavJumGt8aNRxWg7mt48= -github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= -github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= -github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= -github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= -github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= +github.com/onsi/gomega v1.16.0 h1:6gjqkI8iiRHMvdccRJM8rVKjCWk6ZIm6FTm3ddIe4/c= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= -github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= +github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= -github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= -github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= -github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= -github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0= -github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs= -github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= -github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= -github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= -github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= -github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= +github.com/opencontainers/image-spec v1.0.3-0.20211202193544-a5463b7f9c84 h1:g47eG1u/gw0JB7mZ88TcHKCmsy7sWUNZD8ZS9Jhi0O8= +github.com/opencontainers/image-spec v1.0.3-0.20211202193544-a5463b7f9c84/go.mod h1:Qnt1q4cjDNQI9bT832ziho5Iw2BhK8o1KwLOwW56VP4= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= -github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= -github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= -github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/osrg/gobgp v2.0.0+incompatible/go.mod h1:vGVJPLW6JFDD7WA1vJsjB8OKmbbC2TKwHtr90CZS/u4= -github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.4.0/go.mod h1:PN7xzY2wHTK0K9p34ErDQMlFxa51Fk0OUruD3k1mMwo= github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE= -github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc= -github.com/pelletier/go-toml v1.9.4 h1:tjENF6MfZAg8e4ZmZTeWaWiT2vXtsoO6+iuOjFhECwM= -github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= +github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= +github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= +github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= +github.com/pelletier/go-toml/v2 v2.0.2 h1:+jQXlF3scKIcSEKkdHzXhCTDLPFi5r1wnK6yPS+49Gw= +github.com/pelletier/go-toml/v2 v2.0.2/go.mod h1:MovirKjgVRESsAvNZlAjtFwV867yGuwRkXbG66OzopI= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 h1:q2e307iGHPdTGp0hoxKjt1H5pDo6utceo3dQVK3I5XQ= github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5/go.mod h1:jvVRKCrJTQWu0XVbaOlby/2lO20uSCHEMzzplHXte1o= -github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= -github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pierrec/lz4/v4 v4.1.2 h1:qvY3YFXRQE/XB8MlLzJH7mSzBs74eA2gg52YTk6jUPM= github.com/pierrec/lz4/v4 v4.1.2/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= +github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= -github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= -github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.9.0/go.mod h1:FqZLKOZnGdFAhOK4nqGHa7D66IdsO+O441Eve7ptJDU= -github.com/prometheus/client_golang v1.11.0 h1:HNkLOAEQMIDv/K+04rukrLx6ch7msSRwf3/SASFAGtQ= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34= +github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.1-0.20200623203004-60555c9708c7/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.1-0.20210607210712-147c58e9608a h1:CmF68hwI0XsOQ5UwlBopMi2Ow4Pbg32akc4KIVCOm+Y= github.com/prometheus/client_model v0.2.1-0.20210607210712-147c58e9608a/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= -github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= -github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= -github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= -github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/robfig/cron v1.2.0 h1:ZjScXvvxeQ63Dbyxy76Fj3AT3Ut0aKsyd2/tl3DTMuQ= -github.com/robfig/cron v1.2.0/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k= +github.com/rhysd/go-github-selfupdate v1.2.3 h1:iaa+J202f+Nc+A8zi75uccC8Wg3omaM7HDeimXA22Ag= +github.com/rhysd/go-github-selfupdate v1.2.3/go.mod h1:mp/N8zj6jFfBQy/XMYoWsmfzxazpPAODuqarmPDe2Rg= +github.com/rodaine/table v1.0.1 h1:U/VwCnUxlVYxw8+NJiLIuCxA/xa6jL38MY3FYysVWWQ= +github.com/rodaine/table v1.0.1/go.mod h1:UVEtfBsflpeEcD56nF4F5AocNFta0ZuolpSVdPtlmP4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= @@ -1134,18 +934,16 @@ github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/zerolog v1.26.1 h1:/ihwxqH+4z8UxyI70wM1z9yCvkWcfz/a3mj48k/Zngc= github.com/rs/zerolog v1.26.1/go.mod h1:/wSSJWX7lVrsOwlbyTRSOJvqRlc+WjWlfes+CiJ+tmc= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= +github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= -github.com/sagikazarmark/crypt v0.1.0/go.mod h1:B/mN0msZuINBtQ1zZLEQcegFJJf9vnYIR88KRMEuODE= -github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sasha-s/go-deadlock v0.2.1-0.20190427202633-1595213edefa/go.mod h1:F73l+cr82YSh10GxyRI6qZiCgK64VaZjwesgfQ1/iLM= github.com/sasha-s/go-deadlock v0.3.1 h1:sqv7fDNShgjcaxkO0JNcOAlr8B9+cV5Ey/OB71efZx0= github.com/sasha-s/go-deadlock v0.3.1/go.mod h1:F73l+cr82YSh10GxyRI6qZiCgK64VaZjwesgfQ1/iLM= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= @@ -1154,7 +952,6 @@ github.com/shirou/gopsutil/v3 v3.21.2/go.mod h1:ghfMypLDrFSWN2c9cDYFLHyynQ+QUht0 github.com/shirou/gopsutil/v3 v3.21.10 h1:flTg1DrnV/UVrBqjLgVgDJzx6lf+91rC64/dBHmO2IA= github.com/shirou/gopsutil/v3 v3.21.10/go.mod h1:t75NhzCZ/dYyPQjyQmrAYP6c8+LCdFANeBMdLPCNnew= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= @@ -1162,37 +959,39 @@ github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMB github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= +github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= github.com/spf13/afero v1.3.4/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= -github.com/spf13/afero v1.6.0 h1:xoax2sJ2DT8S8xA2paPFjDCScCNeWsg75VG0DLRreiY= github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= +github.com/spf13/afero v1.9.2 h1:j49Hj62F0n+DaZ1dDCvhABaPNSGNkt32oRFxI33IEMw= +github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA= +github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= +github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= +github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q= github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -1201,32 +1000,27 @@ github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DM github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/spf13/viper v1.7.1/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/spf13/viper v1.9.0 h1:yR6EXjTp0y0cLN8OZg1CRZmOBdI88UcGkhgyJhu6nZk= -github.com/spf13/viper v1.9.0/go.mod h1:+i6ajR7OX2XaiBkrcZJFK21htRk7eDeLg7+O6bhUPP4= -github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= +github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns= +github.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ= +github.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiuKtSI= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= -github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= -github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= -github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s= +github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s= +github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= -github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= +github.com/subosito/gotenv v1.4.0 h1:yAzM1+SmVcz5R4tXGsNMu1jUl2aOJXoiWUCEwwnGrvs= +github.com/subosito/gotenv v1.4.0/go.mod h1:mZd6rFysKEcUhUHXJk0C/08wAgyDBFuwEYL7vWWGaGo= +github.com/tcnksm/go-gitconfig v0.1.2 h1:iiDhRitByXAEyjgBqsKi9QU4o2TNtv9kPP3RgPgXBPw= +github.com/tcnksm/go-gitconfig v0.1.2/go.mod h1:/8EhP4H7oJZdIPyT+/UIsG87kTzrzM4UsLGSItWYCpE= github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tklauser/go-sysconf v0.3.4/go.mod h1:Cl2c8ZRWfHD5IrfHo9VN+FX9kCFjIOyVklgXycLB6ek= @@ -1239,25 +1033,17 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/ulikunitz/xz v0.5.9 h1:RsKRIA2MO8x56wkkcd3LbtcE/uMszhb6DpRf+3uwa3I= github.com/ulikunitz/xz v0.5.9/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= +github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8= +github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= -github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= -github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= github.com/vishvananda/netlink v1.0.0/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= -github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= -github.com/vishvananda/netlink v1.1.1-0.20210510164352-d17758a128bf/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= -github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= +github.com/vishvananda/netlink v1.1.1-0.20220125195016-0639e7e787ba/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= github.com/vishvananda/netns v0.0.0-20190625233234-7109fa855b0f/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= -github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/vishvananda/netns v0.0.0-20201230012202-c4f3ca719c73/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= -github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= -github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs= github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= @@ -1265,7 +1051,7 @@ github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhe github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= +github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo= github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= @@ -1280,9 +1066,6 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs= -github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA= -github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= gitlab.com/golang-commonmark/puny v0.0.0-20180912090636-2cd490539afe/go.mod h1:P9LSM1KVzrIstFgUaveuwiAm8PK5VTB3yJEU8kqlbrU= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= @@ -1310,9 +1093,6 @@ go.mongodb.org/mongo-driver v1.5.1/go.mod h1:gRXCHX4Jo7J0IJ1oDQyUxF7jfy19UfxniMS go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg= go.mongodb.org/mongo-driver v1.8.4 h1:NruvZPPL0PBcRJKmbswoWSrmHeUvzdxA3GCPfD/NEOA= go.mongodb.org/mongo-driver v1.8.4/go.mod h1:0sQWfOeY63QTntERDJJ/0SuKK0T1uVSgKCuAROlKEPY= -go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= -go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= -go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -1336,22 +1116,14 @@ go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee33 go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= -go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.universe.tf/metallb v0.9.6/go.mod h1:mJnnUITBIRREP/BMjZWxa6K2Rh8QA1zJZEhuBD9pf5M= -golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -1362,24 +1134,24 @@ golang.org/x/crypto v0.0.0-20190530122614-20be4c3c3ed5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= -golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= +golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210503195802-e9a32991a82e/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= -golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211215165025-cf75a172585e h1:1SzTfNOXwIS2oWiMF+6qu0OUDKb0dauo6MoDUQyu+yU= +golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211215165025-cf75a172585e/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= +golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA= +golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1390,6 +1162,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA= +golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1416,20 +1190,18 @@ golang.org/x/mod v0.3.1-0.20200828183125-ce943fd02449/go.mod h1:s0Qsj1ACt9ePp/hM golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38= -golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= +golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= +golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -1441,7 +1213,6 @@ golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -1476,20 +1247,26 @@ golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20201216054612-986b41b23924/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210224082022-3d97a244fca7/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM= -golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210504132125-bbd867fde50d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220607020251-c690dde0001d h1:4SFsTMi4UahlKoloni7L4eYzhFRifURQLw+yv0QDCx8= +golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1500,12 +1277,17 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20211028175245-ba495a64dcb5 h1:v79phzBz03tsVCUTbvTBmmC3CUXF5mKYt7DA4ZVldpM= -golang.org/x/oauth2 v0.0.0-20211028175245-ba495a64dcb5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb h1:8tDJ3aechhddbdPAxpycgXHJRMLpk/Ab+aa4OgdN5/g= +golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1517,8 +1299,10 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde h1:ejfdSekXMDxDLbRrJMwUk6KnSLZ2McaUCVcIKM+N6jc= +golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1527,7 +1311,6 @@ golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1541,19 +1324,13 @@ golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190516110030-61b9204099cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606122018-79a91cf218c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190812073006-9eafafc0a87e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1563,20 +1340,14 @@ golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1590,30 +1361,21 @@ golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200817155316-9781c653f443/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200922070232-aee5d888a860/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201118182958-a01c418693c7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201218084310-7d0127a74742/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210110051926-789bb1bd4061/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210123111255-9b0068b26619/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1625,11 +1387,11 @@ golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210309040221-94ec62e08169/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210503173754-0981d6026fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1641,16 +1403,32 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211103184734-ae416a5f93c7 h1:wQUOddybiV2Rfc8FX691KCOx5yEoZlfwpBjtKV6huYo= -golang.org/x/sys v0.0.0-20211103184734-ae416a5f93c7/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 h1:CBpWXWQpIRjzmkkA+M7q9Fqnwd2mZr3AFqexg8YTfoM= +golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1667,10 +1445,10 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac h1:7zkz7BUtwNFFqcowJ+RIgu2MaV/MapERkDIy+mwPyjs= golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 h1:ftMN5LMiBFjbzleLqtoBZk7KdJwhuybIU+FckUHgoyQ= +golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1699,8 +1477,6 @@ golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -1710,7 +1486,6 @@ golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= @@ -1738,9 +1513,9 @@ golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82u golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= @@ -1751,13 +1526,12 @@ golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= golang.zx2c4.com/wireguard v0.0.0-20210427022245-097af6e1351b/go.mod h1:a057zjmoc00UN7gVkaJt2sXVK523kMJcogDTEvPIasg= golang.zx2c4.com/wireguard/wgctrl v0.0.0-20210506160403-92e472f520a5/go.mod h1:+1XihzyZUBJcSc5WO9SwNA7v26puQwOEDwanaxfNXPQ= -gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY= -google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= -google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= @@ -1779,14 +1553,27 @@ google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34q google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= +google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8= google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= +google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= +google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= +google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= +google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo= +google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g= +google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA= +google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8= +google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs= +google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= +google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw= +google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg= +google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= @@ -1794,14 +1581,11 @@ google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCID google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= @@ -1810,7 +1594,6 @@ google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvx google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200117163144-32f20d992d24/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= @@ -1839,9 +1622,11 @@ google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= @@ -1855,19 +1640,39 @@ google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKr google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa h1:I0YcKz0I7OAhddo7ya8kMnvprhcWM045PmkBdMO9zN0= +google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= -google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= +google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E= +google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220815135757-37a418bb8959 h1:hw4Y42zL1VyVKxPgRHHh191fpVBGV8sNVmcow5Z8VXY= +google.golang.org/genproto v0.0.0-20220815135757-37a418bb8959/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= @@ -1889,8 +1694,18 @@ google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= +google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.45.0 h1:NEpgUqV3Z+ZjkqMsxMg11IaDrXY4RY6CQukSGK0uI1M= google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= +google.golang.org/grpc v1.47.0 h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8= +google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w= +google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -1905,12 +1720,12 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= +google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20141024133853-64131543e789/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1919,24 +1734,18 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.63.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.64.0 h1:Mj2zXEXcNb5joEiSA0zc3HZpTst/iyjNiR4CN8tDzOg= -gopkg.in/ini.v1 v1.64.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= +gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= +gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -1951,12 +1760,15 @@ gopkg.in/yaml.v3 v3.0.0-20190905181640-827449938966/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= +gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= -honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -1967,38 +1779,24 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 k8s.io/api v0.22.3 h1:wOoES2GoSkUsdped2RB4zYypPqWtvprGoKCENTOOjP4= k8s.io/api v0.22.3/go.mod h1:azgiXFiXqiWyLCfI62/eYBOu19rj2LKmIhFPP4+33fs= k8s.io/apiextensions-apiserver v0.18.2/go.mod h1:q3faSnRGmYimiocj6cHQ1I3WpLqmDgJFlKL37fC4ZvY= -k8s.io/apiextensions-apiserver v0.21.0/go.mod h1:gsQGNtGkc/YoDG9loKI0V+oLZM4ljRPjc/sql5tmvzc= -k8s.io/apiextensions-apiserver v0.22.1/go.mod h1:HeGmorjtRmRLE+Q8dJu6AYRoZccvCMsghwS8XTUYb2c= +k8s.io/apiextensions-apiserver v0.21.14/go.mod h1:MKA36v8kURZzbhgTNUajJHl+HcboH84/C9utyf/UH5Y= k8s.io/apiextensions-apiserver v0.22.3 h1:bKku7MqawIbtTZc084BZoMV4fz0WZuvCnB5E+yrQXGM= k8s.io/apiextensions-apiserver v0.22.3/go.mod h1:f4plF+CXeqI89jAXL0Ml4LI/kSAZ54JS94+XOX1sae8= k8s.io/apimachinery v0.22.3 h1:mrvBG5CZnEfwgpVqWcrRKvdsYECTrhAR6cApAgdsflk= k8s.io/apimachinery v0.22.3/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= k8s.io/apiserver v0.18.2/go.mod h1:Xbh066NqrZO8cbsoenCwyDJ1OSi8Ag8I2lezeHxzwzw= -k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= -k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM= -k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q= -k8s.io/apiserver v0.21.0/go.mod h1:w2YSn4/WIwYuxG5zJmcqtRdtqgW/J2JRgFAqps3bBpg= -k8s.io/apiserver v0.22.1/go.mod h1:2mcM6dzSt+XndzVQJX21Gx0/Klo7Aen7i0Ai6tIa400= +k8s.io/apiserver v0.21.14/go.mod h1:hdi/G4/ztsNCFzQuWvMF/Xb7fOl1E2ZrKL1KQ0Kkgpg= k8s.io/apiserver v0.22.3/go.mod h1:oam7lH/F1Kto/WTamyQYrD68fS0mGUBORAFf6x/9Mxs= k8s.io/cli-runtime v0.22.3 h1:AeOgaDpb/k36amWsjyyIU+FLpLzzdmoLD5gn38c5fio= k8s.io/cli-runtime v0.22.3/go.mod h1:um6JvCxV9Hrhq0zCUxcqYoY7/wF64g6IYgOViI8sg6Q= k8s.io/client-go v0.22.3 h1:6onkOSc+YNdwq5zXE0wFXicq64rrym+mXwHu/CPVGO4= k8s.io/client-go v0.22.3/go.mod h1:ElDjYf8gvZsKDYexmsmnMQ0DYO8W9RwBjfQ1PI53yow= k8s.io/code-generator v0.18.2/go.mod h1:+UHX5rSbxmR8kzS+FAv7um6dtYrZokQvjHpDSYRVkTc= -k8s.io/code-generator v0.21.0/go.mod h1:hUlps5+9QaTrKx+jiM4rmq7YmH8wPOIko64uZCHDh6Q= -k8s.io/code-generator v0.22.1/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o= +k8s.io/code-generator v0.21.14/go.mod h1:81hFjkYbF/UaE/v1TOUrQ9/QtaBvnAxNqMTWO9CQLs0= k8s.io/code-generator v0.22.3/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o= k8s.io/component-base v0.18.2/go.mod h1:kqLlMuhJNHQ9lz8Z7V5bxUUtjFZnrypArGl58gmDfUM= -k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk= -k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI= -k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM= -k8s.io/component-base v0.21.0/go.mod h1:qvtjz6X0USWXbgmbfXR+Agik4RZ3jv2Bgr5QnZzdPYw= -k8s.io/component-base v0.22.1/go.mod h1:0D+Bl8rrnsPN9v0dyYvkqFfBeAd4u7n77ze+p8CMiPo= +k8s.io/component-base v0.21.14/go.mod h1:xqEsBuZAjYeAhe/yU+JQ2D9MXJpkj+eIAWzxDyj5Pu0= k8s.io/component-base v0.22.3/go.mod h1:kuybv1miLCMoOk3ebrqF93GbQHQx6W2287FC0YEQY6s= -k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM= -k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= -k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= -k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200205140755-e0e292d8aa12/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= @@ -2011,52 +1809,42 @@ k8s.io/klog v0.3.1/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.8.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= -k8s.io/klog/v2 v2.10.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= -k8s.io/klog/v2 v2.30.0 h1:bUO6drIvCIsvZ/XFgfxoGFQU/a4Qkh0iAlvUR7vlHJw= -k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ= +k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= -k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= -k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7/go.mod h1:wXW5VT87nVfh/iLV8FpR2uDvrFyomxbtb1KivDbvPTE= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= -k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 h1:E3J9oCLlaobFUqsjG9DfKbP2BmgwBL2p7pn0A3dG9W4= -k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= -k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= +k8s.io/kube-openapi v0.0.0-20211110012726-3cc51fd1e909/go.mod h1:wXW5VT87nVfh/iLV8FpR2uDvrFyomxbtb1KivDbvPTE= +k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 h1:Gii5eqf+GmIEwGNKQYQClCayuJCe2/4fZUvF7VG99sU= +k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= -k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20211116205334-6203023598ed h1:ck1fRPWPJWsMd8ZRFsWc6mh/zHp5fZ/shhbrgPUxDAE= k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20220812165043-ad590609e2e5 h1:XmRqFcQlCy/lKRZ39j+RVpokYNroHPqV3mcBRfnhT5o= +k8s.io/utils v0.0.0-20220812165043-ad590609e2e5/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/goversion v1.2.0/go.mod h1:Eih9y/uIBS3ulggl7KNJ09xGSLcuNaLgmvvqa07sgfo= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= -sigs.k8s.io/controller-runtime v0.10.0/go.mod h1:GCdh6kqV6IY4LK0JLwX0Zm6g233RtVGdb/f0+KSfprg= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw= sigs.k8s.io/controller-tools v0.3.1-0.20200716001835-4a903ddb7005/go.mod h1:G9rHdZMVlBDocIxGkK3jHLWqcTMNvveypYJwrvYKjWU= sigs.k8s.io/kustomize/api v0.8.11/go.mod h1:a77Ls36JdfCWojpUqR6m60pdGY1AYFix4AH83nJtY1g= -sigs.k8s.io/kustomize/api v0.10.1 h1:KgU7hfYoscuqag84kxtzKdEC3mKMb99DPI3a0eaV1d0= -sigs.k8s.io/kustomize/api v0.10.1/go.mod h1:2FigT1QN6xKdcnGS2Ppp1uIWrtWN28Ms8A3OZUZhwr8= +sigs.k8s.io/kustomize/api v0.11.4 h1:/0Mr3kfBBNcNPOW5Qwk/3eb8zkswCwnqQxxKtmrTkRo= +sigs.k8s.io/kustomize/api v0.11.4/go.mod h1:k+8RsqYbgpkIrJ4p9jcdPqe8DprLxFUUO0yNOq8C+xI= sigs.k8s.io/kustomize/kyaml v0.11.0/go.mod h1:GNMwjim4Ypgp/MueD3zXHLRJEjz7RvtPae0AwlvEMFM= -sigs.k8s.io/kustomize/kyaml v0.13.0 h1:9c+ETyNfSrVhxvphs+K2dzT3dh5oVPPEqPOE/cUpScY= -sigs.k8s.io/kustomize/kyaml v0.13.0/go.mod h1:FTJxEZ86ScK184NpGSAQcfEqee0nul8oLCK30D47m4E= +sigs.k8s.io/kustomize/kyaml v0.13.6 h1:eF+wsn4J7GOAXlvajv6OknSunxpcOBQQqsnPxObtkGs= +sigs.k8s.io/kustomize/kyaml v0.13.6/go.mod h1:yHP031rn1QX1lr/Xd934Ri/xdVNG8BE2ECa78Ht/kEg= sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.1.0/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= -sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y= sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= -sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= diff --git a/insight/insight.go b/insight/insight.go index 870c3a9c..0efddb4d 100644 --- a/insight/insight.go +++ b/insight/insight.go @@ -1,6 +1,7 @@ // SPDX-License-Identifier: Apache-2.0 // Copyright 2022 Authors of KubeArmor +// Package insight fetches insight data from discovery engine package insight import ( @@ -8,10 +9,9 @@ import ( "encoding/json" "errors" "fmt" - "log" "os" - opb "github.com/accuknox/auto-policy-discovery/src/protobuf/v1/observability" + ipb "github.com/accuknox/auto-policy-discovery/src/protobuf/v1/insight" "google.golang.org/grpc" ) @@ -23,9 +23,12 @@ type Options struct { Clustername string Fromsource string Namespace string + Source string + Type string + Rule string } -// Get insights on observability data +// StartInsight - Get insights on observability data func StartInsight(o Options) error { gRPC := "" @@ -39,15 +42,16 @@ func StartInsight(o Options) error { } } - fmt.Println("gRPC server: " + gRPC) - - data := &opb.Data{ + data := &ipb.Request{ Request: "observe", + Source: o.Source, Labels: o.Labels, ContainerName: o.Containername, ClusterName: o.Clustername, FromSource: o.Fromsource, Namespace: o.Namespace, + Type: o.Type, + Rule: o.Rule, } // create a client @@ -57,10 +61,10 @@ func StartInsight(o Options) error { } defer conn.Close() - client := opb.NewObservabilityClient(conn) + client := ipb.NewInsightClient(conn) // var response opb.Response - response, err := client.SysObservabilityData(context.Background(), data) + response, err := client.GetInsightData(context.Background(), data) if err != nil { return errors.New("could not connect to the server. Possible troubleshooting:\n- Check if discovery engine is running\n- Create a portforward to discovery engine service using\n\t\033[1mkubectl port-forward -n explorer service/knoxautopolicy --address 0.0.0.0 --address :: 9089:9089\033[0m\n- Configure grpc server information using\n\t\033[1mkarmor log --grpc \033[0m") } @@ -69,7 +73,7 @@ func StartInsight(o Options) error { arr, _ := json.MarshalIndent(response, "", " ") str = fmt.Sprintf("%s\n", string(arr)) - log.Printf("%s \n", str) + fmt.Printf("%s \n", str) return nil } diff --git a/install/customResource.go b/install/customResource.go index 46c2c899..f99d1db1 100644 --- a/install/customResource.go +++ b/install/customResource.go @@ -4,22 +4,16 @@ package install import ( - "context" - "fmt" - hsp "github.com/kubearmor/KubeArmor/pkg/KubeArmorHostPolicy/crd" ksp "github.com/kubearmor/KubeArmor/pkg/KubeArmorPolicy/crd" - "github.com/kubearmor/kubearmor-client/k8s" apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var kspName = "kubearmorpolicies.security.kubearmor.com" var hspName = "kubearmorhostpolicies.security.kubearmor.com" // CreateCustomResourceDefinition creates the CRD and add it into Kubernetes. -func CreateCustomResourceDefinition(c *k8s.Client, crdName string) (*apiextensions.CustomResourceDefinition, error) { +func CreateCustomResourceDefinition(crdName string) apiextensions.CustomResourceDefinition { var crd apiextensions.CustomResourceDefinition switch crdName { case kspName: @@ -27,13 +21,6 @@ func CreateCustomResourceDefinition(c *k8s.Client, crdName string) (*apiextensio case hspName: crd = hsp.GetCRD() } - _, err := c.APIextClientset.ApiextensionsV1().CustomResourceDefinitions().Create(context.Background(), &crd, metav1.CreateOptions{}) - if err != nil { - if apierrors.IsAlreadyExists(err) { - return nil, fmt.Errorf("CRD %s already exists %+v", crdName, err) - } - return nil, fmt.Errorf("failed to create CRD %s: %+v", crdName, err) - } - return &crd, nil + return crd } diff --git a/install/defaults.go b/install/defaults.go index caeda943..e91ff6be 100644 --- a/install/defaults.go +++ b/install/defaults.go @@ -4,7 +4,6 @@ package install var kubearmor = "kubearmor" -var port int32 = 32767 var serviceAccountName = kubearmor var clusterRoleBindingName = kubearmor diff --git a/install/install.go b/install/install.go index 7f827d84..ff5a3630 100644 --- a/install/install.go +++ b/install/install.go @@ -1,130 +1,460 @@ // SPDX-License-Identifier: Apache-2.0 // Copyright 2021 Authors of KubeArmor +// Package install is responsible for installation and uninstallation of KubeArmor while autogenerating the configuration package install import ( "context" + "path/filepath" + "errors" "fmt" + "os" + "path" "strings" + "time" + + "github.com/clarketm/json" + "sigs.k8s.io/yaml" deployments "github.com/kubearmor/KubeArmor/deployments/get" "github.com/kubearmor/kubearmor-client/k8s" "golang.org/x/mod/semver" + v1 "k8s.io/api/apps/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" ) // Options for karmor install type Options struct { Namespace string KubearmorImage string + Audit string + Force bool + Save bool + Animation bool +} + +var animation bool +var progress int +var cursorcount int + +func clearLine(size int) int { + for i := 0; i < size; i++ { + fmt.Printf(" ") + } + fmt.Printf("\r") + return 0 +} + +func printBar(msg string, total int) int { + fill := "▇▇▇" + blank := " " + bar := "" + percent := float64(progress) / float64(total) * 100 + for i := 0; i < progress; i++ { + bar = bar + fill + } + for i := 0; i < total-progress; i++ { + bar = bar + blank + } + fmt.Printf(msg+"[%s] %0.2f%%\r", bar, percent) + if progress == total { + time.Sleep(500 * time.Millisecond) + clearLine(90) + fmt.Printf("🥳 Done Installing KubeArmor\n") + } + return 0 +} + +func printAnimation(msg string, flag bool) int { + clearLine(90) + fmt.Printf(msg + "\n") + if flag { + progress++ + } + printBar(" KubeArmor Installing ", 16) + return 0 +} + +func printMessage(msg string, flag bool) int { + if animation { + printAnimation(msg, flag) + } + return 0 +} + +func checkPods(c *k8s.Client) int { + cursor := [4]string{"|", "/", "—", "\\"} + fmt.Printf("😋 Checking if KubeArmor pods are running ...") + stime := time.Now() + otime := stime.Add(600 * time.Second) + for { + time.Sleep(200 * time.Millisecond) + pods, _ := c.K8sClientset.CoreV1().Pods("").List(context.TODO(), metav1.ListOptions{LabelSelector: "kubearmor-app", FieldSelector: "status.phase!=Running"}) + podno := len(pods.Items) + clearLine(90) + fmt.Printf("\rKUBEARMOR pods left to run : %d ... %s", podno, cursor[cursorcount]) + cursorcount++ + if cursorcount == 4 { + cursorcount = 0 + } + if !otime.After(time.Now()) { + fmt.Printf("\r⌚️ Check Incomplete due to Time-Out! \n") + break + } + if podno == 0 { + fmt.Printf("\r🥳 Done Checking , ALL Services are running! \n") + fmt.Printf("⌚️ Execution Time : %s \n", time.Since(stime)) + break + } + } + return 0 } // K8sInstaller for karmor install func K8sInstaller(c *k8s.Client, o Options) error { - env := autoDetectEnvironment(c) + animation = o.Animation + env := AutoDetectEnvironment(c) if env == "none" { return errors.New("unsupported environment or cluster not configured correctly") } - fmt.Printf("Auto Detected Environment : %s\n", env) - - fmt.Printf("CRD %s ...\n", kspName) - if _, err := CreateCustomResourceDefinition(c, kspName); err != nil { - if !strings.Contains(err.Error(), "already exists") { - return err + printMessage("😄 Auto Detected Environment : "+env, true) + + var printYAML []interface{} + + kspCRD := CreateCustomResourceDefinition(kspName) + if !o.Save { + printMessage("🔥 CRD "+kspName+" ", true) + if _, err := c.APIextClientset.ApiextensionsV1().CustomResourceDefinitions().Create(context.Background(), &kspCRD, metav1.CreateOptions{}); err != nil { + if !apierrors.IsAlreadyExists(err) { + return fmt.Errorf("failed to create CRD %s: %+v", kspName, err) + } + printMessage("ℹ️ CRD "+kspName+" already exists", false) } - fmt.Printf("CRD %s already exists ...\n", kspName) + } else { + printYAML = append(printYAML, kspCRD) } - fmt.Printf("CRD %s ...\n", hspName) - if _, err := CreateCustomResourceDefinition(c, hspName); err != nil { - if !strings.Contains(err.Error(), "already exists") { - return err + hspCRD := CreateCustomResourceDefinition(hspName) + if !o.Save { + printMessage("🔥 CRD "+hspName+" ", true) + if _, err := c.APIextClientset.ApiextensionsV1().CustomResourceDefinitions().Create(context.Background(), &hspCRD, metav1.CreateOptions{}); err != nil { + if !apierrors.IsAlreadyExists(err) { + return fmt.Errorf("failed to create CRD %s: %+v", hspName, err) + } + printMessage("ℹ️ CRD "+hspName+" already exists", false) } - fmt.Printf("CRD %s already exists ...\n", hspName) + } else { + printYAML = append(printYAML, hspCRD) } - fmt.Print("Service Account ...\n") - if _, err := c.K8sClientset.CoreV1().ServiceAccounts(o.Namespace).Create(context.Background(), deployments.GetServiceAccount(o.Namespace), metav1.CreateOptions{}); err != nil { - if !strings.Contains(err.Error(), "already exists") { - return err + serviceAccount := deployments.GetServiceAccount(o.Namespace) + if !o.Save { + printMessage("💫 Service Account ", true) + if _, err := c.K8sClientset.CoreV1().ServiceAccounts(o.Namespace).Create(context.Background(), serviceAccount, metav1.CreateOptions{}); err != nil { + if !strings.Contains(err.Error(), "already exists") { + return err + } + printMessage("ℹ️ Service Account already exists ", false) } - fmt.Print("Service Account already exists ...\n") + } else { + printYAML = append(printYAML, serviceAccount) } - fmt.Print("Cluster Role Bindings ...\n") - if _, err := c.K8sClientset.RbacV1().ClusterRoleBindings().Create(context.Background(), deployments.GetClusterRoleBinding(o.Namespace), metav1.CreateOptions{}); err != nil { - if !strings.Contains(err.Error(), "already exists") { - return err + clusterRoleBinding := deployments.GetClusterRoleBinding(o.Namespace) + if !o.Save { + printMessage("⚙️ Cluster Role Bindings ", true) + if _, err := c.K8sClientset.RbacV1().ClusterRoleBindings().Create(context.Background(), clusterRoleBinding, metav1.CreateOptions{}); err != nil { + if !strings.Contains(err.Error(), "already exists") { + return err + } + printMessage("ℹ️ Cluster Role Bindings already exists ", false) } - fmt.Print("Cluster Role Bindings already exists ...\n") + } else { + printYAML = append(printYAML, clusterRoleBinding) } - fmt.Print("KubeArmor Relay Service ...\n") - if _, err := c.K8sClientset.CoreV1().Services(o.Namespace).Create(context.Background(), deployments.GetRelayService(o.Namespace), metav1.CreateOptions{}); err != nil { - if !strings.Contains(err.Error(), "already exists") { - return err + relayService := deployments.GetRelayService(o.Namespace) + if !o.Save { + printMessage("🛡 KubeArmor Relay Service ", true) + if _, err := c.K8sClientset.CoreV1().Services(o.Namespace).Create(context.Background(), relayService, metav1.CreateOptions{}); err != nil { + if !strings.Contains(err.Error(), "already exists") { + return err + } + printMessage("ℹ️ KubeArmor Relay Service already exists ", false) } - fmt.Print("KubeArmor Relay Service already exists ...\n") + } else { + printYAML = append(printYAML, relayService) } - fmt.Print("KubeArmor Relay Deployment ...\n") - if _, err := c.K8sClientset.AppsV1().Deployments(o.Namespace).Create(context.Background(), deployments.GetRelayDeployment(o.Namespace), metav1.CreateOptions{}); err != nil { - if !strings.Contains(err.Error(), "already exists") { - return err + relayDeployment := deployments.GetRelayDeployment(o.Namespace) + if !o.Save { + printMessage("🛰 KubeArmor Relay Deployment ", true) + if _, err := c.K8sClientset.AppsV1().Deployments(o.Namespace).Create(context.Background(), relayDeployment, metav1.CreateOptions{}); err != nil { + if !strings.Contains(err.Error(), "already exists") { + return err + } + printMessage("ℹ️ KubeArmor Relay Deployment already exists ", false) } - fmt.Print("KubeArmor Relay Deployment already exists ...\n") + } else { + printYAML = append(printYAML, relayDeployment) } - fmt.Printf("KubeArmor DaemonSet %s...\n", o.KubearmorImage) daemonset := deployments.GenerateDaemonSet(env, o.Namespace) daemonset.Spec.Template.Spec.Containers[0].Image = o.KubearmorImage - if _, err := c.K8sClientset.AppsV1().DaemonSets(o.Namespace).Create(context.Background(), daemonset, metav1.CreateOptions{}); err != nil { - if !strings.Contains(err.Error(), "already exists") { - return err + if o.Audit == "all" || strings.Contains(o.Audit, "file") { + daemonset.Spec.Template.Spec.Containers[0].Args = append(daemonset.Spec.Template.Spec.Containers[0].Args, "-defaultFilePosture=audit") + } + if o.Audit == "all" || strings.Contains(o.Audit, "network") { + daemonset.Spec.Template.Spec.Containers[0].Args = append(daemonset.Spec.Template.Spec.Containers[0].Args, "-defaultNetworkPosture=audit") + } + if o.Audit == "all" || strings.Contains(o.Audit, "capabilities") { + daemonset.Spec.Template.Spec.Containers[0].Args = append(daemonset.Spec.Template.Spec.Containers[0].Args, "-defaultCapabilitiesPosture=audit") + } + s := strings.Join(daemonset.Spec.Template.Spec.Containers[0].Args, " ") + printMessage("🛡 KubeArmor DaemonSet"+daemonset.Spec.Template.Spec.Containers[0].Image+s+" ", true) + + if !o.Save { + if _, err := c.K8sClientset.AppsV1().DaemonSets(o.Namespace).Create(context.Background(), daemonset, metav1.CreateOptions{}); err != nil { + if !strings.Contains(err.Error(), "already exists") { + return err + } + printMessage("ℹ️ KubeArmor DaemonSet already exists ", false) } - fmt.Print("KubeArmor DaemonSet already exists ...\n") + } else { + printYAML = append(printYAML, daemonset) } - fmt.Print("KubeArmor Policy Manager Service ...\n") - if _, err := c.K8sClientset.CoreV1().Services(o.Namespace).Create(context.Background(), deployments.GetPolicyManagerService(o.Namespace), metav1.CreateOptions{}); err != nil { - if !strings.Contains(err.Error(), "already exists") { - return err + policyManagerService := deployments.GetPolicyManagerService(o.Namespace) + if !o.Save { + printMessage("🧐 KubeArmor Policy Manager Service ", true) + if _, err := c.K8sClientset.CoreV1().Services(o.Namespace).Create(context.Background(), policyManagerService, metav1.CreateOptions{}); err != nil { + if !strings.Contains(err.Error(), "already exists") { + return err + } + printMessage("ℹ️ KubeArmor Policy Manager Service already exists ", false) } - fmt.Print("KubeArmor Policy Manager Service already exists ...\n") + } else { + printYAML = append(printYAML, policyManagerService) } - fmt.Print("KubeArmor Policy Manager Deployment ...\n") - if _, err := c.K8sClientset.AppsV1().Deployments(o.Namespace).Create(context.Background(), deployments.GetPolicyManagerDeployment(o.Namespace), metav1.CreateOptions{}); err != nil { - if !strings.Contains(err.Error(), "already exists") { - return err + policyManagerDeployment := deployments.GetPolicyManagerDeployment(o.Namespace) + if !o.Save { + printMessage("🤖 KubeArmor Policy Manager Deployment ", true) + if _, err := c.K8sClientset.AppsV1().Deployments(o.Namespace).Create(context.Background(), policyManagerDeployment, metav1.CreateOptions{}); err != nil { + if !strings.Contains(err.Error(), "already exists") { + return err + } + printMessage("ℹ️ KubeArmor Policy Manager Deployment already exists ", false) } - fmt.Print("KubeArmor Policy Manager Deployment already exists ...\n") + } else { + printYAML = append(printYAML, policyManagerDeployment) } - fmt.Print("KubeArmor Host Policy Manager Service ...\n") - if _, err := c.K8sClientset.CoreV1().Services(o.Namespace).Create(context.Background(), deployments.GetHostPolicyManagerService(o.Namespace), metav1.CreateOptions{}); err != nil { - if !strings.Contains(err.Error(), "already exists") { - return err + hostPolicyManagerService := deployments.GetHostPolicyManagerService(o.Namespace) + if !o.Save { + printMessage("😃 KubeArmor Host Policy Manager Service ", true) + if _, err := c.K8sClientset.CoreV1().Services(o.Namespace).Create(context.Background(), hostPolicyManagerService, metav1.CreateOptions{}); err != nil { + if !strings.Contains(err.Error(), "already exists") { + return err + } + printMessage("ℹ️ KubeArmor Host Policy Manager Service already exists ", false) } - fmt.Print("KubeArmor Host Policy Manager Service already exists ...\n") + } else { + printYAML = append(printYAML, hostPolicyManagerService) } - fmt.Print("KubeArmor Host Policy Manager Deployment ...\n") - if _, err := c.K8sClientset.AppsV1().Deployments(o.Namespace).Create(context.Background(), deployments.GetHostPolicyManagerDeployment(o.Namespace), metav1.CreateOptions{}); err != nil { - if !strings.Contains(err.Error(), "already exists") { - return err + hostPolicyManagerDeployment := deployments.GetHostPolicyManagerDeployment(o.Namespace) + if !o.Save { + printMessage("🛡 KubeArmor Host Policy Manager Deployment ", true) + if _, err := c.K8sClientset.AppsV1().Deployments(o.Namespace).Create(context.Background(), hostPolicyManagerDeployment, metav1.CreateOptions{}); err != nil { + if !strings.Contains(err.Error(), "already exists") { + return err + } + printMessage("ℹ️ KubeArmor Host Policy Manager Deployment already exists ", false) + } + } else { + printYAML = append(printYAML, hostPolicyManagerDeployment) + } + + caCert, tlsCrt, tlsKey, err := GeneratePki(o.Namespace, deployments.AnnotationsControllerServiceName) + if err != nil { + printMessage("Couldn't generate TLS secret ", false) + return err + } + annotationsControllerTLSSecret := deployments.GetAnnotationsControllerTLSSecret(o.Namespace, caCert.String(), tlsCrt.String(), tlsKey.String()) + if !o.Save { + printMessage("🛡 KubeArmor Annotation Controller TLS certificates ", true) + if _, err := c.K8sClientset.CoreV1().Secrets(o.Namespace).Create(context.Background(), annotationsControllerTLSSecret, metav1.CreateOptions{}); err != nil { + if !strings.Contains(err.Error(), "already exists") { + return err + } + printMessage("ℹ️ KubeArmor Annotation Controller TLS certificates already exists ", false) } - fmt.Print("KubeArmor Host Policy Manager Deployment already exists ...\n") + } else { + printYAML = append(printYAML, annotationsControllerTLSSecret) } + annotationsControllerDeployment := deployments.GetAnnotationsControllerDeployment(o.Namespace) + if !o.Save { + printMessage("🚀 KubeArmor Annotation Controller Deployment ", true) + if _, err := c.K8sClientset.AppsV1().Deployments(o.Namespace).Create(context.Background(), annotationsControllerDeployment, metav1.CreateOptions{}); err != nil { + if !strings.Contains(err.Error(), "already exists") { + return err + } + printMessage("ℹ️ KubeArmor Annotation Controller Deployment already exists ", false) + } + } else { + printYAML = append(printYAML, annotationsControllerDeployment) + } + + annotationsControllerService := deployments.GetAnnotationsControllerService(o.Namespace) + if !o.Save { + printMessage("🚀 KubeArmor Annotation Controller Service ", true) + if _, err := c.K8sClientset.CoreV1().Services(o.Namespace).Create(context.Background(), annotationsControllerService, metav1.CreateOptions{}); err != nil { + if !strings.Contains(err.Error(), "already exists") { + return err + } + printMessage("ℹ️ KubeArmor Annotation Controller Service already exists ", false) + } + } else { + printYAML = append(printYAML, annotationsControllerService) + } + + annotationsControllerMutationAdmissionConfiguration := deployments.GetAnnotationsControllerMutationAdmissionConfiguration(o.Namespace, caCert.Bytes()) + if !o.Save { + printMessage("🤩 KubeArmor Annotation Controller Mutation Admission Registration ", true) + if _, err := c.K8sClientset.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.Background(), annotationsControllerMutationAdmissionConfiguration, metav1.CreateOptions{}); err != nil { + if !strings.Contains(err.Error(), "already exists") { + return err + } + printMessage("ℹ️ KubeArmor Annotation Controller Mutation Admission Registration already exists ", false) + } + } else { + printYAML = append(printYAML, annotationsControllerMutationAdmissionConfiguration) + } + + // Save the Generated YAML to file + if o.Save { + currDir, err := os.Getwd() + if err != nil { + return err + } + + f, err := os.Create(filepath.Clean(path.Join(currDir, "kubearmor.yaml"))) + if err != nil { + return err + } + defer func() { + if err := f.Close(); err != nil { + fmt.Printf("Error closing file: %s\n", err) + } + }() + + for _, o := range printYAML { + if err := writeToYAML(f, o); err != nil { + return err + } + } + + err = f.Sync() + if err != nil { + return err + } + s3 := f.Name() + printMessage("🤩 KubeArmor manifest file saved to \033[1m"+s3+"\033[0m", false) + + } + if animation { + checkPods(c) + } return nil } +type patchStringValue struct { + Op string `json:"op"` + Path string `json:"path"` + Value string `json:"value"` +} + +func removeDeployAnnotations(c *k8s.Client, dep *v1.Deployment) { + cnt := 0 + patchPayload := []patchStringValue{} + for k, v := range dep.Spec.Template.ObjectMeta.Annotations { + if strings.Contains(k, "kubearmor") || strings.Contains(v, "kubearmor") { + k = strings.Replace(k, "/", "~1", -1) + payload := patchStringValue{ + Op: "remove", + Path: "/spec/template/metadata/annotations/" + k, + } + patchPayload = append(patchPayload, payload) + cnt++ + } + } + + if cnt > 0 { + fmt.Printf("\tRemoving kubearmor annotations from deployment=%s namespace=%s\n", + dep.ObjectMeta.Name, dep.ObjectMeta.Namespace) + payloadBytes, _ := json.Marshal(patchPayload) + _, err := c.K8sClientset.AppsV1().Deployments(dep.ObjectMeta.Namespace).Patch(context.Background(), dep.ObjectMeta.Name, types.JSONPatchType, payloadBytes, metav1.PatchOptions{}) + if err != nil { + fmt.Printf("failed to remove annotation ns:%s, deployment:%s, err:%s\n", + dep.ObjectMeta.Namespace, dep.ObjectMeta.Name, err.Error()) + return + } + } +} + +func removeAnnotations(c *k8s.Client) { + deps, err := c.K8sClientset.AppsV1().Deployments("").List(context.Background(), metav1.ListOptions{}) + if err != nil { + fmt.Println("could not get deployments") + return + } + fmt.Println("Force removing the annotations. Deployments might be restarted.") + for _, dep := range deps.Items { + dep := dep // this is added to handle "Implicit Memory Aliasing..." + removeDeployAnnotations(c, &dep) + } +} + // K8sUninstaller for karmor uninstall func K8sUninstaller(c *k8s.Client, o Options) error { + fmt.Print("Mutation Admission Registration ...\n") + if err := c.K8sClientset.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.Background(), deployments.AnnotationsControllerServiceName, metav1.DeleteOptions{}); err != nil { + if !strings.Contains(err.Error(), "not found") { + return err + } + fmt.Print("Mutation Admission Registration not found ...\n") + } + + fmt.Print("KubeArmor Annotation Controller Service ...\n") + if err := c.K8sClientset.CoreV1().Services(o.Namespace).Delete(context.Background(), deployments.AnnotationsControllerServiceName, metav1.DeleteOptions{}); err != nil { + if !strings.Contains(err.Error(), "not found") { + return err + } + fmt.Print("KubeArmor Annotation Controller Service not found ...\n") + } + + fmt.Print("KubeArmor Annotation Controller Deployment ...\n") + if err := c.K8sClientset.AppsV1().Deployments(o.Namespace).Delete(context.Background(), deployments.AnnotationsControllerDeploymentName, metav1.DeleteOptions{}); err != nil { + if !strings.Contains(err.Error(), "not found") { + return err + } + fmt.Print("KubeArmor Annotation Controller Deployment not found ...\n") + } + + fmt.Print("KubeArmor Annotation Controller TLS certificates ...\n") + if err := c.K8sClientset.CoreV1().Secrets(o.Namespace).Delete(context.Background(), deployments.KubeArmorControllerSecretName, metav1.DeleteOptions{}); err != nil { + if !strings.Contains(err.Error(), "not found") { + return err + } + fmt.Print("KubeArmor Annotation Controller TLS certificates not found ...\n") + } fmt.Print("Service Account ...\n") if err := c.K8sClientset.CoreV1().ServiceAccounts(o.Namespace).Delete(context.Background(), serviceAccountName, metav1.DeleteOptions{}); err != nil { if !strings.Contains(err.Error(), "not found") { @@ -197,26 +527,31 @@ func K8sUninstaller(c *k8s.Client, o Options) error { fmt.Print("KubeArmor Host Policy Manager Deployment not found ...\n") } - fmt.Printf("CRD %s ...\n", kspName) - if err := c.APIextClientset.ApiextensionsV1().CustomResourceDefinitions().Delete(context.Background(), kspName, metav1.DeleteOptions{}); err != nil { - if !strings.Contains(err.Error(), "not found") { - return err + if o.Force { + fmt.Printf("CRD %s ...\n", kspName) + if err := c.APIextClientset.ApiextensionsV1().CustomResourceDefinitions().Delete(context.Background(), kspName, metav1.DeleteOptions{}); err != nil { + if !strings.Contains(err.Error(), "not found") { + return err + } + fmt.Printf("CRD %s not found ...\n", kspName) } - fmt.Printf("CRD %s not found ...\n", kspName) - } - fmt.Printf("CRD %s ...\n", hspName) - if err := c.APIextClientset.ApiextensionsV1().CustomResourceDefinitions().Delete(context.Background(), hspName, metav1.DeleteOptions{}); err != nil { - if !strings.Contains(err.Error(), "not found") { - return err + fmt.Printf("CRD %s ...\n", hspName) + if err := c.APIextClientset.ApiextensionsV1().CustomResourceDefinitions().Delete(context.Background(), hspName, metav1.DeleteOptions{}); err != nil { + if !strings.Contains(err.Error(), "not found") { + return err + } + fmt.Printf("CRD %s not found ...\n", hspName) } - fmt.Printf("CRD %s not found ...\n", hspName) + + removeAnnotations(c) } return nil } -func autoDetectEnvironment(c *k8s.Client) (name string) { +// AutoDetectEnvironment detect the environment for a given k8s context +func AutoDetectEnvironment(c *k8s.Client) (name string) { env := "none" contextName := c.RawConfig.CurrentContext @@ -227,8 +562,14 @@ func autoDetectEnvironment(c *k8s.Client) (name string) { clusterName := clusterContext.Cluster cluster := c.RawConfig.Clusters[clusterName] + nodes, _ := c.K8sClientset.CoreV1().Nodes().List(context.Background(), metav1.ListOptions{}) + if len(nodes.Items) <= 0 { + return env + } + containerRuntime := nodes.Items[0].Status.NodeInfo.ContainerRuntimeVersion + nodeImage := nodes.Items[0].Status.NodeInfo.OSImage - // Detecting Environment based on cluster name and context + // Detecting Environment based on cluster name and context or OSImage if clusterName == "minikube" || contextName == "minikube" { env = "minikube" return env @@ -244,6 +585,11 @@ func autoDetectEnvironment(c *k8s.Client) (name string) { return env } + if strings.Contains(nodeImage, "Bottlerocket") { + env = "bottlerocket" + return env + } + if strings.HasSuffix(clusterName, ".eksctl.io") || strings.HasSuffix(cluster.Server, "eks.amazonaws.com") { env = "eks" return env @@ -251,9 +597,6 @@ func autoDetectEnvironment(c *k8s.Client) (name string) { // Environment is Self Managed K8s, checking container runtime and it's version - nodes, _ := c.K8sClientset.CoreV1().Nodes().List(context.Background(), metav1.ListOptions{}) - containerRuntime := nodes.Items[0].Status.NodeInfo.ContainerRuntimeVersion - if strings.Contains(containerRuntime, "k3s") { env = "k3s" return env @@ -267,6 +610,12 @@ func autoDetectEnvironment(c *k8s.Client) (name string) { env = "docker" return env } + + if runtime == "cri-o" { + env = "oke" + return env + } + if (runtime == "docker" && semver.Compare(version, "v19.3") >= 0) || runtime == "containerd" { env = "generic" return env @@ -274,3 +623,23 @@ func autoDetectEnvironment(c *k8s.Client) (name string) { return env } + +func writeToYAML(f *os.File, o interface{}) error { + // Use "clarketm/json" to marshal so as to support zero values of structs with omitempty + j, err := json.Marshal(o) + if err != nil { + return err + } + + object, err := yaml.JSONToYAML(j) + if err != nil { + return err + } + + _, err = f.Write(append([]byte("---\n"), object...)) + if err != nil { + return err + } + + return nil +} diff --git a/install/pki.go b/install/pki.go new file mode 100644 index 00000000..6bb6439f --- /dev/null +++ b/install/pki.go @@ -0,0 +1,121 @@ +package install + +import ( + "bytes" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "errors" + "math/big" + "time" +) + +// GeneratePki - generate pub/priv keypair +func GeneratePki(namespace string, serviceName string) (*bytes.Buffer, *bytes.Buffer, *bytes.Buffer, error) { + ca, cakey, err := GenerateCA() + if err != nil { + return bytes.NewBuffer([]byte{}), bytes.NewBuffer([]byte{}), bytes.NewBuffer([]byte{}), err + } + csr, csrkey, err := GenerateCSR(namespace, serviceName) + if err != nil { + return bytes.NewBuffer([]byte{}), bytes.NewBuffer([]byte{}), bytes.NewBuffer([]byte{}), err + } + crt, err := SignCSR(ca, cakey, csr, csrkey) + if err != nil { + return bytes.NewBuffer([]byte{}), bytes.NewBuffer([]byte{}), bytes.NewBuffer([]byte{}), err + } + + caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &cakey.PublicKey, cakey) + if err != nil { + return bytes.NewBuffer([]byte{}), bytes.NewBuffer([]byte{}), bytes.NewBuffer([]byte{}), err + } + caPEM := new(bytes.Buffer) + err = pem.Encode(caPEM, &pem.Block{ + Type: "CERTIFICATE", + Bytes: caBytes, + }) + if err != nil { + return bytes.NewBuffer([]byte{}), bytes.NewBuffer([]byte{}), bytes.NewBuffer([]byte{}), err + } + crtPEM := new(bytes.Buffer) + err = pem.Encode(crtPEM, &pem.Block{ + Type: "CERTIFICATE", + Bytes: crt, + }) + if err != nil { + return bytes.NewBuffer([]byte{}), bytes.NewBuffer([]byte{}), bytes.NewBuffer([]byte{}), err + } + crtKeyPEM := new(bytes.Buffer) + err = pem.Encode(crtKeyPEM, &pem.Block{ + Type: "RSA PRIVATE KEY", + Bytes: x509.MarshalPKCS1PrivateKey(csrkey), + }) + if err != nil { + return bytes.NewBuffer([]byte{}), bytes.NewBuffer([]byte{}), bytes.NewBuffer([]byte{}), err + } + return caPEM, crtPEM, crtKeyPEM, nil +} + +// GenerateCA - generate private key and a cert for a CA +func GenerateCA() (*x509.Certificate, *rsa.PrivateKey, error) { + ca := &x509.Certificate{ + SerialNumber: big.NewInt(123), + Subject: pkix.Name{ + Organization: []string{"kubearmor"}, + Country: []string{"US"}, + Province: []string{""}, + CommonName: "kubearmor-ca", + }, + NotBefore: time.Now(), + NotAfter: time.Now().AddDate(3, 0, 0), + IsCA: true, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, + KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCRLSign | x509.KeyUsageCertSign, + BasicConstraintsValid: true, + } + caPrivKey, err := rsa.GenerateKey(rand.Reader, 4096) + if err != nil { + return &x509.Certificate{}, &rsa.PrivateKey{}, errors.New("cannot generate ca private key") + } + + return ca, caPrivKey, nil +} + +// GenerateCSR - generate certificate signing request +func GenerateCSR(namespace string, serviceName string) (*x509.Certificate, *rsa.PrivateKey, error) { + csr := &x509.Certificate{ + SerialNumber: big.NewInt(1234), + Subject: pkix.Name{ + Organization: []string{"kubearmor"}, + Country: []string{"US"}, + Province: []string{""}, + CommonName: "kubearmor-webhook", + }, + DNSNames: []string{ + serviceName + "." + namespace + ".svc", + serviceName + "." + namespace + ".svc.cluster.local", + }, + NotBefore: time.Now(), + NotAfter: time.Now().AddDate(3, 0, 0), + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, + KeyUsage: x509.KeyUsageDigitalSignature, + SubjectKeyId: []byte{1, 2, 3, 4, 5}, + BasicConstraintsValid: true, + } + certPrivKey, err := rsa.GenerateKey(rand.Reader, 4096) + if err != nil { + return &x509.Certificate{}, &rsa.PrivateKey{}, errors.New("cannot generate csr private key") + } + return csr, certPrivKey, nil +} + +// SignCSR - signs a certificate signing request essentially approving it using the given CA +func SignCSR(caCrt *x509.Certificate, caKey *rsa.PrivateKey, csrCrt *x509.Certificate, csrKey *rsa.PrivateKey) ([]byte, error) { + certBytes, err := x509.CreateCertificate(rand.Reader, csrCrt, caCrt, &csrKey.PublicKey, caKey) + if err != nil { + return []byte{}, errors.New("cannot sign the csr") + } + return certBytes, nil +} diff --git a/k8s/client.go b/k8s/client.go index e8ee89ef..e7d37f3b 100644 --- a/k8s/client.go +++ b/k8s/client.go @@ -1,6 +1,7 @@ // SPDX-License-Identifier: Apache-2.0 // Copyright 2021 Authors of KubeArmor +// Package k8s contains helper functions to establlish connection and communicate with k8s apis package k8s import ( @@ -26,16 +27,20 @@ type Client struct { Config *rest.Config } +var ( + // KubeConfig specifies the path of kubeconfig file + KubeConfig string + // ContextName specifies the name of kubeconfig context + ContextName string +) + // ConnectK8sClient Function func ConnectK8sClient() (*Client, error) { - var kubeconfig string - var contextName string - _ = kspAPI.AddToScheme(scheme.Scheme) restClientGetter := genericclioptions.ConfigFlags{ - Context: &contextName, - KubeConfig: &kubeconfig, + Context: &ContextName, + KubeConfig: &KubeConfig, } rawKubeConfigLoader := restClientGetter.ToRawKubeConfigLoader() diff --git a/log/log.go b/log/log.go index a7916195..718013f2 100644 --- a/log/log.go +++ b/log/log.go @@ -1,6 +1,7 @@ // SPDX-License-Identifier: Apache-2.0 // Copyright 2021 Authors of KubeArmor +// Package log connects and observes telemetry from KubeArmor package log import ( @@ -16,8 +17,9 @@ import ( type regexType *regexp.Regexp +// Regex Compiled Structs var ( - CNamespace regexType // CNamespace : It is the regex compiled namespace + CNamespace regexType CLogtype regexType COperation regexType CContainerName regexType @@ -40,10 +42,15 @@ type Options struct { PodName string Source string Resource string + Limit uint32 + Selector []string + EventChan chan EventInfo // channel to send events on } // StopChan Channel var StopChan chan struct{} +var sigChan chan os.Signal +var unblockSignal = false // GetOSSigChannel Function func GetOSSigChannel() chan os.Signal { @@ -93,21 +100,25 @@ func regexCompile(o Options) error { return nil } +func closeStopChan() { + if StopChan == nil { + return + } + close(StopChan) + StopChan = nil +} + // StartObserver Function func StartObserver(o Options) error { - gRPC := "" + gRPC := "localhost:32767" if o.GRPC != "" { gRPC = o.GRPC - } else { - if val, ok := os.LookupEnv("KUBEARMOR_SERVICE"); ok { - gRPC = val - } else { - gRPC = "localhost:32767" - } + } else if val, ok := os.LookupEnv("KUBEARMOR_SERVICE"); ok { + gRPC = val } - fmt.Println("gRPC server: " + gRPC) + fmt.Fprintln(os.Stderr, "gRPC server: "+gRPC) if o.MsgPath == "none" && o.LogPath == "none" { flag.PrintDefaults() @@ -120,22 +131,22 @@ func StartObserver(o Options) error { } // create a client - logClient := NewClient(gRPC, o.MsgPath, o.LogPath, o.LogFilter) + logClient := NewClient(gRPC, o.MsgPath, o.LogPath, o.LogFilter, o.Limit) if logClient == nil { return errors.New("failed to connect to the gRPC server\nPossible troubleshooting:\n- Check if Kubearmor is running\n- Create a portforward to KubeArmor relay service using\n\t\033[1mkubectl -n kube-system port-forward service/kubearmor --address 0.0.0.0 --address :: 32767:32767\033[0m\n- Configure grpc server information using\n\t\033[1mkarmor log --grpc \033[0m") } - fmt.Printf("Created a gRPC client (%s)\n", gRPC) + fmt.Fprintf(os.Stderr, "Created a gRPC client (%s)\n", gRPC) // do healthcheck if ok := logClient.DoHealthCheck(); !ok { return errors.New("failed to check the liveness of the gRPC server") } - fmt.Println("Checked the liveness of the gRPC server") + fmt.Fprintln(os.Stderr, "Checked the liveness of the gRPC server") if o.MsgPath != "none" { // watch messages go logClient.WatchMessages(o.MsgPath, o.JSON) - fmt.Println("Started to watch messages") + fmt.Fprintln(os.Stderr, "Started to watch messages") } err := regexCompile(o) @@ -143,33 +154,51 @@ func StartObserver(o Options) error { return err } + Limitchan = make(chan bool, 2) if o.LogPath != "none" { if o.LogFilter == "all" || o.LogFilter == "policy" { // watch alerts go logClient.WatchAlerts(o) - fmt.Println("Started to watch alerts") + fmt.Fprintln(os.Stderr, "Started to watch alerts") } if o.LogFilter == "all" || o.LogFilter == "system" { // watch logs go logClient.WatchLogs(o) - fmt.Println("Started to watch logs") + fmt.Fprintln(os.Stderr, "Started to watch logs") } } - // listen for interrupt signals - sigChan := GetOSSigChannel() - <-sigChan - close(StopChan) + if o.Limit != 0 { + if o.LogFilter == "all" { + <-Limitchan + <-Limitchan + } else { + <-Limitchan + } + } else { + // listen for interrupt signals + unblockSignal = false + sigChan = GetOSSigChannel() + for !unblockSignal { + time.Sleep(50 * time.Millisecond) + select { + case <-sigChan: + unblockSignal = true + default: + } + } + } + fmt.Fprintln(os.Stderr, "releasing grpc client") + closeStopChan() logClient.Running = false - time.Sleep(time.Second * 1) // destroy the client - if err := logClient.DestroyClient(); err != nil { - return err - } - fmt.Println("Destroyed the gRPC client") + return logClient.DestroyClient() +} - return nil +// StopObserver unblocks signal +func StopObserver() { + unblockSignal = true } diff --git a/log/logClient.go b/log/logClient.go index d06b477d..5e760981 100644 --- a/log/logClient.go +++ b/log/logClient.go @@ -6,18 +6,31 @@ package log import ( "context" "encoding/json" + "errors" "fmt" "math/rand" "os" "path/filepath" "regexp" + "sort" "strings" "sync" pb "github.com/kubearmor/KubeArmor/protobuf" + "golang.org/x/exp/slices" "google.golang.org/grpc" ) +// EventInfo Event data signalled on EventChan +type EventInfo struct { + Data []byte // json marshalled byte data for alert/log + Type string // "Alert"/"Log" +} + +// Limitchan handles telemetry event output limit +var Limitchan chan bool +var i uint32 + // ============ // // == Common == // // ============ // @@ -27,28 +40,28 @@ func StrToFile(str, destFile string) { if _, err := os.Stat(destFile); err != nil { newFile, err := os.Create(filepath.Clean(destFile)) if err != nil { - fmt.Printf("Failed to create a file (%s, %s)\n", destFile, err.Error()) + fmt.Fprintf(os.Stderr, "Failed to create a file (%s, %s)\n", destFile, err.Error()) return } if err := newFile.Close(); err != nil { - fmt.Printf("Failed to close the file (%s, %s)\n", destFile, err.Error()) + fmt.Fprintf(os.Stderr, "Failed to close the file (%s, %s)\n", destFile, err.Error()) } } // #nosec file, err := os.OpenFile(destFile, os.O_WRONLY|os.O_APPEND, 0644) if err != nil { - fmt.Printf("Failed to open a file (%s, %s)\n", destFile, err.Error()) + fmt.Fprintf(os.Stderr, "Failed to open a file (%s, %s)\n", destFile, err.Error()) } defer func() { if err := file.Close(); err != nil { - fmt.Printf("Failed to close the file (%s, %s)\n", destFile, err.Error()) + fmt.Fprintf(os.Stderr, "Failed to close the file (%s, %s)\n", destFile, err.Error()) } }() _, err = file.WriteString(str) if err != nil { - fmt.Printf("Failed to write a string into the file (%s, %s)\n", destFile, err.Error()) + fmt.Fprintf(os.Stderr, "Failed to write a string into the file (%s, %s)\n", destFile, err.Error()) } } @@ -64,6 +77,9 @@ type Feeder struct { // server server string + //limit + limit uint32 + // connection conn *grpc.ClientConn @@ -84,13 +100,15 @@ type Feeder struct { } // NewClient Function -func NewClient(server, msgPath, logPath, logFilter string) *Feeder { +func NewClient(server, msgPath, logPath, logFilter string, limit uint32) *Feeder { fd := &Feeder{} fd.Running = true fd.server = server + fd.limit = limit + conn, err := grpc.Dial(fd.server, grpc.WithInsecure()) if err != nil { return nil @@ -165,7 +183,7 @@ func (fd *Feeder) WatchMessages(msgPath string, jsonFormat bool) error { for fd.Running { res, err := fd.msgStream.Recv() if err != nil { - fmt.Printf("Failed to receive a message (%s)\n", err.Error()) + fmt.Fprintf(os.Stderr, "Failed to receive a message (%s)\n", err.Error()) break } @@ -183,12 +201,12 @@ func (fd *Feeder) WatchMessages(msgPath string, jsonFormat bool) error { if msgPath == "stdout" { fmt.Printf("%s", str) - } else { + } else if msgPath != "" { StrToFile(str, msgPath) } } - fmt.Println("Stopped WatchMessages") + fmt.Fprintln(os.Stderr, "Stopped WatchMessages") return nil } @@ -207,231 +225,235 @@ func (fd *Feeder) WatchAlerts(o Options) error { fd.WgClient.Add(1) defer fd.WgClient.Done() - for fd.Running { - res, err := fd.alertStream.Recv() - if err != nil { - fmt.Printf("Failed to receive an alert (%s)\n", err.Error()) - break - } - - if o.Namespace != "" { - match := regexMatcher(CNamespace, res.NamespaceName) - if !match { - return nil + if o.Limit > 0 { + for i = 0; i < o.Limit; i++ { + res, err := fd.alertStream.Recv() + if err != nil { + break } - } - if o.LogType != "" { - match := regexMatcher(CLogtype, res.Type) - if !match { - return nil - } - } + t, _ := json.Marshal(res) + WatchTelemetryHelper(t, "Alert", o) - if o.Operation != "" { - match := regexMatcher(COperation, res.Operation) - if !match { - return nil - } } + Limitchan <- true - if o.ContainerName != "" { - match := regexMatcher(CContainerName, res.ContainerName) - if !match { - return nil + } else { + for fd.Running { + res, err := fd.alertStream.Recv() + if err != nil { + break } - } - if o.PodName != "" { - match := regexMatcher(CPodName, res.PodName) - if !match { - return nil - } - } - - if o.Source != "" { - match := regexMatcher(CSource, res.Source) - if !match { - return nil - } - } + t, _ := json.Marshal(res) + WatchTelemetryHelper(t, "Alert", o) - if o.Resource != "" { - match := regexMatcher(CResource, res.Resource) - if !match { - return nil - } } + } - str := "" - - if o.JSON { - arr, _ := json.Marshal(res) - str = fmt.Sprintf("%s\n", string(arr)) - } else { - updatedTime := strings.Replace(res.UpdatedTime, "T", " ", -1) - updatedTime = strings.Replace(updatedTime, "Z", "", -1) - - str = fmt.Sprintf("== Alert / %s ==\n", updatedTime) - - str = str + fmt.Sprintf("Cluster Name: %s\n", res.ClusterName) - str = str + fmt.Sprintf("Host Name: %s\n", res.HostName) - - if res.NamespaceName != "" { - str = str + fmt.Sprintf("Namespace Name: %s\n", res.NamespaceName) - str = str + fmt.Sprintf("Pod Name: %s\n", res.PodName) - str = str + fmt.Sprintf("Container ID: %s\n", res.ContainerID) - str = str + fmt.Sprintf("Container Name: %s\n", res.ContainerName) - } - - if len(res.PolicyName) > 0 { - str = str + fmt.Sprintf("Policy Name: %s\n", res.PolicyName) - } + fmt.Fprintln(os.Stderr, "Stopped WatchAlerts") - if len(res.Severity) > 0 { - str = str + fmt.Sprintf("Severity: %s\n", res.Severity) - } + return nil +} - if len(res.Tags) > 0 { - str = str + fmt.Sprintf("Tags: %s\n", res.Tags) - } +// WatchLogs Function +func (fd *Feeder) WatchLogs(o Options) error { + fd.WgClient.Add(1) + defer fd.WgClient.Done() - if len(res.Message) > 0 { - str = str + fmt.Sprintf("Message: %s\n", res.Message) + if o.Limit > 0 { + for i = 0; i < o.Limit; i++ { + res, err := fd.logStream.Recv() + if err != nil { + break } - str = str + fmt.Sprintf("Type: %s\n", res.Type) - str = str + fmt.Sprintf("Source: %s\n", res.Source) - str = str + fmt.Sprintf("Operation: %s\n", res.Operation) - str = str + fmt.Sprintf("Resource: %s\n", res.Resource) + t, _ := json.Marshal(res) + WatchTelemetryHelper(t, "Log", o) - if len(res.Data) > 0 { - str = str + fmt.Sprintf("Data: %s\n", res.Data) + } + Limitchan <- true + } else { + for fd.Running { + res, err := fd.logStream.Recv() + if err != nil { + break } - if len(res.Action) > 0 { - str = str + fmt.Sprintf("Action: %s\n", res.Action) - } + t, _ := json.Marshal(res) + WatchTelemetryHelper(t, "Log", o) - str = str + fmt.Sprintf("Result: %s\n", res.Result) - } - - if o.LogPath == "stdout" { - fmt.Printf("%s", str) - } else { - StrToFile(str, o.LogPath) } } - fmt.Println("Stopped WatchAlerts") + fmt.Fprintln(os.Stderr, "Stopped WatchLogs") return nil } -// WatchLogs Function -func (fd *Feeder) WatchLogs(o Options) error { - fd.WgClient.Add(1) - defer fd.WgClient.Done() +// WatchTelemetryHelper handles Alerts and Logs +func WatchTelemetryHelper(arr []byte, t string, o Options) { + var res map[string]interface{} + err := json.Unmarshal(arr, &res) + if err != nil { + return + } - for fd.Running { - res, err := fd.logStream.Recv() - if err != nil { - fmt.Printf("Failed to receive a log (%s)\n", err.Error()) - break + // Filter Telemetry based on provided options + if len(o.Selector) != 0 { + val := selectLabels(o, res["Labels"].(string)) + if val != nil { + return } + } - if o.Namespace != "" { - match := regexMatcher(CNamespace, res.NamespaceName) - if !match { - return nil - } + if o.Namespace != "" { + ns, ok := res["NamespaceName"].(string) + if !ok { + return } - - if o.LogType != "" { - match := regexMatcher(CLogtype, res.Type) - if !match { - return nil - } + match := regexMatcher(CNamespace, ns) + if !match { + return } + } - if o.Operation != "" { - match := regexMatcher(COperation, res.Operation) - if !match { - return nil - } + if o.LogType != "" { + t, ok := res["Type"].(string) + if !ok { + return + } + match := regexMatcher(CLogtype, t) + if !match { + return } + } - if o.ContainerName != "" { - match := regexMatcher(CContainerName, res.ContainerName) - if !match { - return nil - } + if o.Operation != "" { + op, ok := res["Operation"].(string) + if !ok { + return } + match := regexMatcher(COperation, op) + if !match { + return + } + } - if o.PodName != "" { - match := regexMatcher(CPodName, res.PodName) - if !match { - return nil - } + if o.ContainerName != "" { + cn, ok := res["ContainerName"].(string) + if !ok { + return + } + match := regexMatcher(CContainerName, cn) + if !match { + return } + } - if o.Source != "" { - match := regexMatcher(CSource, res.Source) - if !match { - return nil - } + if o.PodName != "" { + pn, ok := res["PodName"].(string) + if !ok { + return + } + match := regexMatcher(CPodName, pn) + if !match { + return } + } - if o.Resource != "" { - match := regexMatcher(CResource, res.Resource) - if !match { - return nil - } + if o.Source != "" { + src, ok := res["Source"].(string) + if !ok { + return } + match := regexMatcher(CSource, src) + if !match { + return + } + } - str := "" + if o.Resource != "" { + rs, ok := res["Resource"].(string) + if !ok { + return + } + match := regexMatcher(CResource, rs) + if !match { + return + } + } - if o.JSON { - arr, _ := json.Marshal(res) - str = fmt.Sprintf("%s\n", string(arr)) - } else { - updatedTime := strings.Replace(res.UpdatedTime, "T", " ", -1) - updatedTime = strings.Replace(updatedTime, "Z", "", -1) + str := "" - str = fmt.Sprintf("== Log / %s ==\n", updatedTime) + // Pass Events to Channel for further handling + if o.EventChan != nil { + o.EventChan <- EventInfo{Data: arr, Type: t} + } - str = str + fmt.Sprintf("Cluster Name: %s\n", res.ClusterName) - str = str + fmt.Sprintf("Host Name: %s\n", res.HostName) + if o.JSON { + str = fmt.Sprintf("%s\n", string(arr)) + } else { - if res.NamespaceName != "" { - str = str + fmt.Sprintf("Namespace Name: %s\n", res.NamespaceName) - str = str + fmt.Sprintf("Pod Name: %s\n", res.PodName) - str = str + fmt.Sprintf("Container ID: %s\n", res.ContainerID) - str = str + fmt.Sprintf("Container Name: %s\n", res.ContainerName) - } + if time, ok := res["UpdatedTime"]; ok { + updatedTime := strings.Replace(time.(string), "T", " ", -1) + updatedTime = strings.Replace(updatedTime, "Z", "", -1) + str = fmt.Sprintf("== %s / %s ==\n", t, updatedTime) + } else { + str = fmt.Sprintf("== %s ==\n", t) + } - str = str + fmt.Sprintf("Type: %s\n", res.Type) - str = str + fmt.Sprintf("Source: %s\n", res.Source) - str = str + fmt.Sprintf("Operation: %s\n", res.Operation) - str = str + fmt.Sprintf("Resource: %s\n", res.Resource) + // Array of Keys to preserve order in Output + telKeys := []string{ + "UpdatedTime", + "Timestamp", + "ClusterName", + "HostName", + "NamespaceName", + "PodName", + "Labels", + "ContainerName", + "ContainerID", + "ContainerImage", + "Type", + "PolicyName", + "Severity", + "Message", + "Source", + "Resource", + "Operation", + "Action", + "Data", + "Enforcer", + "Result", + } - if len(res.Data) > 0 { - str = str + fmt.Sprintf("Data: %s\n", res.Data) + var additionalKeys []string + // Looping through the Map to find additional keys not present in our array + for k := range res { + if !slices.Contains(telKeys, k) { + additionalKeys = append(additionalKeys, k) } - - str = str + fmt.Sprintf("Result: %s\n", res.Result) } - - if o.LogPath == "stdout" { - fmt.Printf("%s", str) - } else { - StrToFile(str, o.LogPath) + sort.Strings(additionalKeys) + telKeys = append(telKeys, additionalKeys...) + + for i := 2; i < len(telKeys); i++ { // Starting the loop from index 2 to skip printing timestamp again + k := telKeys[i] + // Check if fields are present in the structure and if present verifying that they are not empty + // Certain fields like Container* are not present in HostLogs, this check handles that and other edge cases + if v, ok := res[k]; ok && v != "" { + str = str + fmt.Sprintf("%s: %v\n", k, res[k]) + } } } - fmt.Println("Stopped WatchLogs") + if o.LogPath == "stdout" { + fmt.Printf("%s", str) + } else if o.LogPath != "" { + StrToFile(str, o.LogPath) + } - return nil } // DestroyClient Function @@ -439,8 +461,15 @@ func (fd *Feeder) DestroyClient() error { if err := fd.conn.Close(); err != nil { return err } - fd.WgClient.Wait() - return nil } + +func selectLabels(o Options, labels string) error { + for _, val := range o.Selector { + if val == labels { + return nil + } + } + return errors.New("Not found any flag") +} diff --git a/log/logClient_test.go b/log/logClient_test.go new file mode 100644 index 00000000..e62fc555 --- /dev/null +++ b/log/logClient_test.go @@ -0,0 +1,78 @@ +package log + +import ( + "encoding/json" + "fmt" + "testing" + "time" + + pb "github.com/kubearmor/KubeArmor/protobuf" +) + +var eventChan chan EventInfo +var done chan bool +var gotAlerts = 0 +var gotLogs = 0 + +const maxEvents = 5 + +func genericWaitOnEvent(cnt int) { + for evtin := range eventChan { + switch evtin.Type { + case "Alert": + gotAlerts++ + case "Log": + gotLogs++ + default: + fmt.Printf("unknown event\n") + break + } + + if gotAlerts+gotLogs >= cnt { + break + } + } + done <- true +} + +func TestLogClient(t *testing.T) { + var res = &pb.Alert{ + ClusterName: "breaking-bad", + HostName: "saymyname", + NamespaceName: "heisenberg", + PodName: "new-mexico", + Labels: "substance=meth,currency=usd", + ContainerID: "12345678901234567890", + ContainerName: "los-polos", + ContainerImage: "evergreen", + Type: "MatchedPolicy", + } + eventChan = make(chan EventInfo, maxEvents) + var o = Options{ + EventChan: eventChan, + } + + tel, err := json.Marshal(res) + if err != nil { + t.Error(err.Error()) + return + } + + // Handle Telemetry Events + for i := 0; i < maxEvents; i++ { + WatchTelemetryHelper(tel, "Alert", o) + } + + done = make(chan bool, 1) + go genericWaitOnEvent(maxEvents) + + // Check for timeouts + select { + case <-done: + if gotAlerts < maxEvents { + t.Errorf("did not receive all the events") + } + case <-time.After(100 * time.Millisecond): + t.Errorf("timed out") + } +} diff --git a/main.go b/main.go index e05e653d..ffe45611 100644 --- a/main.go +++ b/main.go @@ -1,6 +1,7 @@ // SPDX-License-Identifier: Apache-2.0 // Copyright 2021 Authors of KubeArmor +// Package main is responsible for the execution of CLI package main import "github.com/kubearmor/kubearmor-client/cmd" diff --git a/observe/observe_alert.go b/observe/observe_alert.go new file mode 100644 index 00000000..d64fc665 --- /dev/null +++ b/observe/observe_alert.go @@ -0,0 +1,85 @@ +package observe + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "time" + + proto "github.com/kubearmor/koach/protobuf" + "google.golang.org/grpc" +) + +type AlertOptions struct { + Namespace string + Pod string + Container string + JSON bool + GRPC string +} + +func StartObserveAlert(args []string, options AlertOptions) error { + gRPC := "localhost:3001" + + if options.GRPC != "" { + gRPC = options.GRPC + } + + conn, err := grpc.Dial(gRPC, grpc.WithInsecure()) + if err != nil { + return errors.New("could not connect to the server. Possible troubleshooting:\n- Check if koach server is running\n- Create a portforward to koach service using\n\t\033[1mkubectl port-forward -n kube-system service/koach --address 0.0.0.0 --address :: 3001:3001\033[0m\n- Configure grpc server information using\n\t\033[1mkarmor observe alert --grpc \033[0m") + } + + client := proto.NewObservabilityServiceClient(conn) + + stream, err := client.ListenAlert(context.Background(), &proto.ListenAlertRequest{ + NamespaceId: options.Namespace, + PodId: options.Pod, + ContainerId: options.Container, + }) + if err != nil { + return errors.New("could not connect to the server. Possible troubleshooting:\n- Check if koach server is running\n- Create a portforward to koach service using\n\t\033[1mkubectl port-forward -n kube-system service/koach --address 0.0.0.0 --address :: 3001:3001\033[0m\n- Configure grpc server information using\n\t\033[1mkarmor observe --grpc \033[0m") + } + + for { + resp, err := stream.Recv() + if err != nil { + break + } + + timestamp, _ := time.Parse("2006-01-02 15:04:05.999999 -0700 MST", resp.Observability.CreatedAt) + + if options.JSON { + arr, _ := json.Marshal(resp) + fmt.Println(string(arr)) + } else { + fmt.Printf("=== Alert / %s ===\n", timestamp.Format("2006-01-02 15:04:05")) + fmt.Println("Message:", resp.Message) + fmt.Println("Severity:", resp.Severity) + fmt.Println("ClusterName:", resp.Observability.ClusterName) + fmt.Println("HostName:", resp.Observability.HostName) + fmt.Println("NamespaceName:", resp.Observability.NamespaceName) + fmt.Println("PodName:", resp.Observability.PodName) + fmt.Println("Labels:", resp.Observability.Labels) + fmt.Println("ContainerID:", resp.Observability.ContainerId) + fmt.Println("ContainerName:", resp.Observability.ContainerName) + fmt.Println("ContainerImage:", resp.Observability.ContainerImage) + fmt.Println("ParentProcessName:", resp.Observability.ParentProcessName) + fmt.Println("ProcessName:", resp.Observability.ProcessName) + fmt.Println("HostPPID:", resp.Observability.HostPpid) + fmt.Println("HostPID:", resp.Observability.HostPid) + fmt.Println("PPID:", resp.Observability.Ppid) + fmt.Println("PID:", resp.Observability.Pid) + fmt.Println("UID:", resp.Observability.Uid) + fmt.Println("Type:", resp.Observability.Type) + fmt.Println("Source:", resp.Observability.Source) + fmt.Println("Operation:", resp.Observability.Operation) + fmt.Println("Resource:", resp.Observability.Resource) + fmt.Println("Data:", resp.Observability.Data) + fmt.Println("Result:", resp.Observability.Result) + } + } + + return nil +} diff --git a/observe/observe_telemetry.go b/observe/observe_telemetry.go new file mode 100644 index 00000000..90ac3896 --- /dev/null +++ b/observe/observe_telemetry.go @@ -0,0 +1,156 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2021 Authors of KubeArmor + +package observe + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "strings" + "time" + + "github.com/fatih/color" + proto "github.com/kubearmor/koach/protobuf" + "github.com/rodaine/table" + "google.golang.org/grpc" +) + +// Options Structure +type TelemetryOptions struct { + Namespace string + AllNamespace bool + Labels string + ShowLabels bool + Since string + CustomColumns string + GRPC string +} + +// Get observability data +func StartObserveTelemetry(args []string, options TelemetryOptions) error { + gRPC := "localhost:3001" + + if options.GRPC != "" { + gRPC = options.GRPC + } + + conn, err := grpc.Dial(gRPC, grpc.WithInsecure()) + if err != nil { + return errors.New("could not connect to the server. Possible troubleshooting:\n- Check if koach server is running\n- Create a portforward to koach service using\n\t\033[1mkubectl port-forward -n kube-system service/koach --address 0.0.0.0 --address :: 3001:3001\033[0m\n- Configure grpc server information using\n\t\033[1mkarmor observe --grpc \033[0m") + } + + client := proto.NewObservabilityServiceClient(conn) + + operations := map[string]string{ + "file": "File", + "network": "Network", + "process": "Process", + "syscall": "Syscall", + } + + operation, found := operations[args[0]] + if !found { + return errors.New("invalid operation to observe, valid operations are [file|network|process|syscall|alert]") + } + + req := &proto.GetRequest{ + Labels: options.Labels, + Time: options.Since, + OperationType: operation, + } + + if options.AllNamespace { + req.NamespaceId = "" + } else { + req.NamespaceId = options.Namespace + } + + res, err := client.Get(context.Background(), req) + if err != nil { + return errors.New("could not connect to the server. Possible troubleshooting:\n- Check if koach server is running\n- Create a portforward to koach service using\n\t\033[1mkubectl port-forward -n kube-system service/koach --address 0.0.0.0 --address :: 3001:3001\033[0m\n- Configure grpc server information using\n\t\033[1mkarmor observe --grpc \033[0m") + } + + if len(res.Data) == 0 { + fmt.Println("No observability data found") + return nil + } + + var tbl table.Table + + if options.CustomColumns == "" { + columns := []interface{}{"POD", "RESOURCE"} + + if options.ShowLabels { + columns = append(columns, "LABELS") + } + + columns = append(columns, "TIMESTAMP") + + tbl = table.New(columns...) + + headerFmt := color.New(color.FgWhite).SprintfFunc() + tbl.WithHeaderFormatter(headerFmt) + + for _, observability := range res.Data { + timestamp, _ := time.Parse("2006-01-02 15:04:05.999999 -0700 MST", observability.CreatedAt) + timestampStr := timestamp.Format("2006-01-02 15:04:05") + + row := []interface{}{observability.PodName, observability.Resource} + + if options.ShowLabels { + row = append(row, observability.Labels) + } + + row = append(row, timestampStr) + + tbl.AddRow(row...) + } + + } else { + customColumnsSplit := strings.Split(options.CustomColumns, ",") + + columns := []interface{}{} + keys := []string{} + + for _, customColumn := range customColumnsSplit { + customColumnSplit := strings.Split(customColumn, ":") + + columns = append(columns, customColumnSplit[0]) + keys = append(keys, strings.Split(customColumnSplit[1], ".")[1]) + } + + tbl = table.New(columns...) + + headerFmt := color.New(color.FgWhite).SprintfFunc() + tbl.WithHeaderFormatter(headerFmt) + + for _, observability := range res.Data { + row := []interface{}{} + + var observabilityMap map[string]interface{} + observabilityJSON, _ := json.Marshal(observability) + json.Unmarshal(observabilityJSON, &observabilityMap) + + for _, key := range keys { + value, ok := observabilityMap[key] + if !ok { + fmt.Println("Valid key for custom columns:") + for key := range observabilityMap { + fmt.Printf(" %s\n", key) + } + return fmt.Errorf("unrecognized key in custom columns") + } + + row = append(row, value) + } + + tbl.AddRow(row...) + } + } + + tbl.Print() + + return nil +} diff --git a/probe/probe.go b/probe/probe.go new file mode 100644 index 00000000..9c3b52fd --- /dev/null +++ b/probe/probe.go @@ -0,0 +1,673 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +// Package probe helps check compatibility of KubeArmor in a given environment +package probe + +import ( + "bytes" + "context" + "fmt" + "io" + "log" + "os" + "os/exec" + "runtime" + "strconv" + "strings" + "time" + + "github.com/fatih/color" + jsoniter "github.com/json-iterator/go" + tp "github.com/kubearmor/KubeArmor/KubeArmor/types" + "github.com/kubearmor/kubearmor-client/deployment" + "github.com/kubearmor/kubearmor-client/k8s" + "github.com/olekukonko/tablewriter" + "golang.org/x/exp/slices" + "golang.org/x/mod/semver" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes/scheme" + "k8s.io/client-go/tools/remotecommand" + + "errors" + + "github.com/kubearmor/kubearmor-client/install" + "golang.org/x/sys/unix" +) + +var white = color.New(color.FgWhite) +var boldWhite = white.Add(color.Bold) +var green = color.New(color.FgGreen).SprintFunc() +var itwhite = color.New(color.Italic).Add(color.Italic).SprintFunc() + +// Options provides probe daemonset options install +type Options struct { + Namespace string + Full bool +} + +// K8sInstaller for karmor install +func probeDaemonInstaller(c *k8s.Client, o Options, krnhdr bool) error { + daemonset := deployment.GenerateDaemonSet(o.Namespace, krnhdr) + if _, err := c.K8sClientset.AppsV1().DaemonSets(o.Namespace).Create(context.Background(), daemonset, metav1.CreateOptions{}); err != nil { + if !strings.Contains(err.Error(), "already exists") { + return err + } + } + + return nil +} + +func probeDaemonUninstaller(c *k8s.Client, o Options) error { + if err := c.K8sClientset.AppsV1().DaemonSets(o.Namespace).Delete(context.Background(), deployment.Karmorprobe, metav1.DeleteOptions{}); err != nil { + if !strings.Contains(err.Error(), "not found") { + return err + } + fmt.Print("Karmor probe DaemonSet not found ...\n") + } + + return nil +} + +// PrintProbeResult prints the result for the host and k8s probing kArmor does to check compatibility with KubeArmor +func PrintProbeResult(c *k8s.Client, o Options) error { + if runtime.GOOS != "linux" { + env := install.AutoDetectEnvironment(c) + if env == "none" { + return errors.New("unsupported environment or cluster not configured correctly") + } + } + if isSystemdMode() { + err := probeSystemdMode() + if err != nil { + return err + } + return nil + } + if isKubeArmorRunning(c, o) { + getKubeArmorDeployments(c, o) + getKubeArmorContainers(c, o) + err := probeRunningKubeArmorNodes(c, o) + if err != nil { + log.Println("error occured when probing kubearmor nodes", err) + } + err = getAnnotatedPods(c) + if err != nil { + log.Println("error occured when getting annotated pods", err) + } + return nil + } + + /*** if kubearmor is not running: ***/ + + if o.Full { + checkHostAuditSupport() + checkLsmSupport(getHostSupportedLSM()) + + if err := probeDaemonInstaller(c, o, true); err != nil { + return err + } + color.Yellow("\nCreating probe daemonset ...") + + checkprobe: + for timeout := time.After(10 * time.Second); ; { + select { + case <-timeout: + color.Red("Failed to deploy probe daemonset ...") + color.Yellow("Cleaning Up Karmor Probe DaemonSet ...\n") + if err := probeDaemonUninstaller(c, o); err != nil { + return err + } + return nil + default: + time.Sleep(500 * time.Millisecond) + pods, _ := c.K8sClientset.CoreV1().Pods("").List(context.TODO(), metav1.ListOptions{LabelSelector: "kubearmor-app=" + deployment.Karmorprobe, FieldSelector: "status.phase!=Running"}) + if len(pods.Items) == 0 { + break checkprobe + } + if pods.Items[0].Status.ContainerStatuses[0].State.Waiting != nil { + state := pods.Items[0].Status.ContainerStatuses[0].State.Waiting + // We redeploy without kernel header mounts + if state.Reason == "CreateContainerError" { + if strings.Contains(state.Message, "/usr/src") || strings.Contains(state.Message, "/lib/modules") { + color.Yellow("Recreating Probe Daemonset ...") + if err := probeDaemonUninstaller(c, o); err != nil { + return err + } + if err := probeDaemonInstaller(c, o, false); err != nil { + return err + } + } + } + } + } + } + probeNode(c, o) + color.Yellow("\nDeleting Karmor Probe DaemonSet ...\n") + if err := probeDaemonUninstaller(c, o); err != nil { + return err + } + } else { + checkHostAuditSupport() + checkLsmSupport(getHostSupportedLSM()) + color.Blue("To get full probe, a daemonset will be deployed in your cluster - This daemonset will be deleted after probing") + color.Blue("Use --full tag to get full probing") + } + return nil +} + +func checkLsmSupport(supportedLSM string) { + fmt.Printf("\t Enforcement:") + if strings.Contains(supportedLSM, "selinux") { + color.Yellow(" Partial (Supported LSMs: " + supportedLSM + ") \n\t To have full enforcement support, apparmor must be supported") + } else if strings.Contains(supportedLSM, "apparmor") || strings.Contains(supportedLSM, "bpf") { + color.Green(" Full (Supported LSMs: " + supportedLSM + ")") + } else { + color.Red(" None (Supported LSMs: " + supportedLSM + ") \n\t To have full enforcement support, AppArmor or BPFLSM must be supported") + } +} + +func getHostSupportedLSM() string { + b, err := os.ReadFile("/sys/kernel/security/lsm") + if err != nil { + log.Printf("an error occured when reading file") + return "none" + } + s := string(b) + return s +} + +func kernelVersionSupported(kernelVersion string) bool { + return semver.Compare(kernelVersion, "4.14") >= 0 +} + +func checkAuditSupport(kernelVersion string, kernelHeaderPresent bool) { + if kernelVersionSupported(kernelVersion) && kernelHeaderPresent { + color.Green(" Supported (Kernel Version " + kernelVersion + ")") + } else if kernelVersionSupported(kernelVersion) { + color.Red(" Not Supported : BTF Information/Kernel Headers must be available") + } else { + color.Red(" Not Supported (Kernel Version " + kernelVersion + " \n\t Kernel version must be greater than 4.14) and BTF Information/Kernel Headers must be available") + } +} + +func checkBTFSupport() bool { + if _, err := os.Stat("/sys/kernel/btf/vmlinux"); !os.IsNotExist(err) { + return true + } + return false +} + +func checkKernelHeaderPresent() bool { + //check if there's any directory /usr/src/$(uname -r) + var uname unix.Utsname + if err := unix.Uname(&uname); err == nil { + var path = "" + if _, err := os.Stat("/etc/redhat-release"); !os.IsNotExist(err) { + path = "/usr/src/" + string(uname.Release[:]) + } else if _, err := os.Stat("/lib/modules/" + string(uname.Release[:]) + "/build/Kconfig"); !os.IsNotExist(err) { + path = "/lib/modules/" + string(uname.Release[:]) + "/build" + } else if _, err := os.Stat("/lib/modules/" + string(uname.Release[:]) + "/source/Kconfig"); !os.IsNotExist(err) { + path = "/lib/modules/" + string(uname.Release[:]) + "/source" + } else { + path = "/usr/src/linux-headers-" + string(uname.Release[:]) + } + + if _, err := os.Stat(path); !os.IsNotExist(err) { + return true + } + } + + return false +} + +func execIntoPod(c *k8s.Client, podname, namespace, containername string, cmd string) (string, error) { + buf := &bytes.Buffer{} + errBuf := &bytes.Buffer{} + request := c.K8sClientset.CoreV1().RESTClient(). + Post(). + Namespace(namespace). + Resource("pods"). + Name(podname). + SubResource("exec"). + VersionedParams(&corev1.PodExecOptions{ + Command: []string{"/bin/sh", "-c", cmd}, + Stdin: false, + Stdout: true, + Stderr: true, + TTY: true, + }, scheme.ParameterCodec) + exec, err := remotecommand.NewSPDYExecutor(c.Config, "POST", request.URL()) + err = exec.Stream(remotecommand.StreamOptions{ + Stdout: buf, + Stderr: errBuf, + }) + + if err != nil { + return "none", err + } + + return buf.String(), nil +} + +func findFileInDir(c *k8s.Client, podname, namespace, containername string, cmd string) bool { + s, err := execIntoPod(c, podname, namespace, containername, cmd) + if err != nil { + return false + } + if strings.Contains(s, "No such file or directory") || len(s) == 0 { + return false + } + + return true +} + +// Check for BTF Information or Kernel Headers Availability +func checkNodeKernelHeaderPresent(c *k8s.Client, o Options, nodeName string, kernelVersion string) bool { + pods, err := c.K8sClientset.CoreV1().Pods(o.Namespace).List(context.Background(), metav1.ListOptions{ + LabelSelector: "kubearmor-app=" + deployment.Karmorprobe, + FieldSelector: "spec.nodeName=" + nodeName, + }) + if err != nil { + return false + } + + if findFileInDir(c, pods.Items[0].Name, o.Namespace, pods.Items[0].Spec.Containers[0].Name, "find /sys/kernel/btf/ -name vmlinux") || + findFileInDir(c, pods.Items[0].Name, o.Namespace, pods.Items[0].Spec.Containers[0].Name, "find -L /usr/src -maxdepth 2 -path \"*$(uname -r)*\" -name \"Kconfig\"") || + findFileInDir(c, pods.Items[0].Name, o.Namespace, pods.Items[0].Spec.Containers[0].Name, "find -L /lib/modules/ -maxdepth 3 -path \"*$(uname -r)*\" -name \"Kconfig\"") { + return true + } + + return false +} + +func checkHostAuditSupport() { + color.Yellow("\nDidn't find KubeArmor in systemd or Kubernetes, probing for support for KubeArmor\n\n") + var uname unix.Utsname + if err := unix.Uname(&uname); err == nil { + kerVersion := string(uname.Release[:]) + s := strings.Split(kerVersion, "-") + kernelVersion := s[0] + + _, err := boldWhite.Println("Host:") + if err != nil { + color.Red(" Error") + } + fmt.Printf("\t Observability/Audit:") + checkAuditSupport(kernelVersion, checkBTFSupport() || checkKernelHeaderPresent()) + } else { + color.Red(" Error") + } +} + +func getNodeLsmSupport(c *k8s.Client, o Options, nodeName string) (string, error) { + srcPath := "/sys/kernel/security/lsm" + pods, err := c.K8sClientset.CoreV1().Pods(o.Namespace).List(context.Background(), metav1.ListOptions{ + LabelSelector: "kubearmor-app=karmor-probe", + FieldSelector: "spec.nodeName=" + nodeName, + }) + if err != nil { + return "none", err + } + + s, err := execIntoPod(c, pods.Items[0].Name, o.Namespace, pods.Items[0].Spec.Containers[0].Name, "cat "+srcPath) + if err != nil { + return "none", err + } + return s, nil +} + +func probeNode(c *k8s.Client, o Options) { + nodes, _ := c.K8sClientset.CoreV1().Nodes().List(context.Background(), metav1.ListOptions{}) + if len(nodes.Items) > 0 { + for i, item := range nodes.Items { + _, err := boldWhite.Printf("Node %d : \n", i+1) + if err != nil { + color.Red(" Error") + } + fmt.Printf("\t Observability/Audit:") + kernelVersion := item.Status.NodeInfo.KernelVersion + check2 := checkNodeKernelHeaderPresent(c, o, item.Name, kernelVersion) + checkAuditSupport(kernelVersion, check2) + lsm, err := getNodeLsmSupport(c, o, item.Name) + if err != nil { + color.Red(err.Error()) + } + checkLsmSupport(lsm) + } + } else { + fmt.Println("No kubernetes environment found") + } +} + +// KubeArmorProbeData structure definition +type KubeArmorProbeData struct { + OSImage string + KernelVersion string + KubeletVersion string + ContainerRuntime string + ActiveLSM string + KernelHeaderPresent bool + HostSecurity bool + ContainerSecurity bool + ContainerDefaultPosture tp.DefaultPosture + HostDefaultPosture tp.DefaultPosture +} + +func isKubeArmorRunning(c *k8s.Client, o Options) bool { + _, err := getKubeArmorDaemonset(c, o) + return err == nil + +} + +func getKubeArmorDaemonset(c *k8s.Client, o Options) (bool, error) { + var data [][]string + // KubeArmor DaemonSet + w, err := c.K8sClientset.AppsV1().DaemonSets(o.Namespace).Get(context.Background(), "kubearmor", metav1.GetOptions{}) + if err != nil { + return false, err + } + color.Green("\nFound KubeArmor running in Kubernetes\n\n") + _, err = boldWhite.Printf("Daemonset :\n") + if err != nil { + color.Red(" Error while printing") + } + desired, ready, available := w.Status.DesiredNumberScheduled, w.Status.NumberReady, w.Status.NumberAvailable + if desired != ready && desired != available { + data = append(data, []string{" ", "kubearmor ", "Desired: " + strconv.Itoa(int(desired)), "Ready: " + strconv.Itoa(int(ready)), "Available: " + strconv.Itoa(int(available))}) + return false, nil + } + data = append(data, []string{" ", "kubearmor ", "Desired: " + strconv.Itoa(int(desired)), "Ready: " + strconv.Itoa(int(ready)), "Available: " + strconv.Itoa(int(available))}) + renderOutputInTableWithNoBorders(data) + return true, nil +} +func getKubeArmorDeployments(c *k8s.Client, o Options) { + var data [][]string + _, err := boldWhite.Printf("Deployments : \n") + if err != nil { + color.Red(" Error while printing") + } + kubearmorDeployments, err := c.K8sClientset.AppsV1().Deployments(o.Namespace).List(context.Background(), metav1.ListOptions{ + LabelSelector: "kubearmor-app", + }) + + if err != nil { + return + } + if len(kubearmorDeployments.Items) > 0 { + for _, kubearmorDeploymentItem := range kubearmorDeployments.Items { + desired, ready, available := kubearmorDeploymentItem.Status.UpdatedReplicas, kubearmorDeploymentItem.Status.ReadyReplicas, kubearmorDeploymentItem.Status.AvailableReplicas + if desired != ready && desired != available { + continue + } else { + data = append(data, []string{" ", kubearmorDeploymentItem.Name, "Desired: " + strconv.Itoa(int(desired)), "Ready: " + strconv.Itoa(int(ready)), "Available: " + strconv.Itoa(int(available))}) + } + } + } + renderOutputInTableWithNoBorders(data) +} + +func getKubeArmorContainers(c *k8s.Client, o Options) { + var data [][]string + _, err := boldWhite.Printf("Containers : \n") + if err != nil { + color.Red(" Error while printing") + } + kubearmorPods, err := c.K8sClientset.CoreV1().Pods(o.Namespace).List(context.Background(), metav1.ListOptions{ + LabelSelector: "kubearmor-app", + }) + if err != nil { + log.Println("error occured when getting kubearmor pods", err) + return + } + + if len(kubearmorPods.Items) > 0 { + for _, kubearmorPodItem := range kubearmorPods.Items { + data = append(data, []string{" ", kubearmorPodItem.Name, "Running: " + strconv.Itoa(len(kubearmorPodItem.Spec.Containers)), "Image Version: " + kubearmorPodItem.Spec.Containers[0].Image}) + } + } + + renderOutputInTableWithNoBorders(data) + +} + +func probeRunningKubeArmorNodes(c *k8s.Client, o Options) error { + + // // KubeArmor Nodes + nodes, err := c.K8sClientset.CoreV1().Nodes().List(context.Background(), metav1.ListOptions{}) + if err != nil { + log.Println("error getting nodes", err) + return err + } + + if len(nodes.Items) > 0 { + + for i, item := range nodes.Items { + _, err := boldWhite.Printf("Node %d : \n", i+1) + if err != nil { + color.Red(" Error while printing") + } + err = readDataFromKubeArmor(c, o, item.Name) + if err != nil { + return err + } + } + } else { + fmt.Println("No kubernetes environment found") + } + return nil +} + +func readDataFromKubeArmor(c *k8s.Client, o Options, nodeName string) error { + srcPath := "/tmp/karmorProbeData.cfg" + pods, err := c.K8sClientset.CoreV1().Pods(o.Namespace).List(context.Background(), metav1.ListOptions{ + LabelSelector: "kubearmor-app=kubearmor", + FieldSelector: "spec.nodeName=" + nodeName, + }) + if err != nil { + log.Println("error occured while getting kubeArmor pods", err) + return err + } + reader, outStream := io.Pipe() + cmdArr := []string{"cat", srcPath} + req := c.K8sClientset.CoreV1().RESTClient(). + Get(). + Namespace(o.Namespace). + Resource("pods"). + Name(pods.Items[0].Name). + SubResource("exec"). + VersionedParams(&corev1.PodExecOptions{ + Container: pods.Items[0].Spec.Containers[0].Name, + Command: cmdArr, + Stdin: true, + Stdout: true, + Stderr: true, + TTY: false, + }, scheme.ParameterCodec) + exec, err := remotecommand.NewSPDYExecutor(c.Config, "POST", req.URL()) + + if err != nil { + return err + } + go func() { + defer outStream.Close() + err = exec.Stream(remotecommand.StreamOptions{ + Stdin: os.Stdin, + Stdout: outStream, + Stderr: os.Stderr, + Tty: false, + }) + }() + buf, err := io.ReadAll(reader) + if err != nil { + log.Println("an error occured when reading file", err) + return err + } + err = printKubeArmorProbeOutput(buf) + if err != nil { + log.Println("an error occured when printing output", err) + return err + } + return nil +} + +func printKubeArmorProbeOutput(buf []byte) error { + var kd *KubeArmorProbeData + var json = jsoniter.ConfigCompatibleWithStandardLibrary + var data [][]string + err := json.Unmarshal(buf, &kd) + if err != nil { + log.Println("an error occured when parsing file", err) + return err + } + data = append(data, []string{" ", "OS Image:", green(kd.OSImage)}) + data = append(data, []string{" ", "Kernel Version:", green(kd.KernelVersion)}) + data = append(data, []string{" ", "Kubelet Version:", green(kd.KubeletVersion)}) + data = append(data, []string{" ", "Container Runtime:", green(kd.ContainerRuntime)}) + data = append(data, []string{" ", "Active LSM:", green(kd.ActiveLSM)}) + data = append(data, []string{" ", "Host Security:", green(strconv.FormatBool(kd.HostSecurity))}) + data = append(data, []string{" ", "Container Security:", green(strconv.FormatBool(kd.ContainerSecurity))}) + data = append(data, []string{" ", "Container Default Posture:", green(kd.ContainerDefaultPosture.FileAction) + itwhite("(File)"), green(kd.ContainerDefaultPosture.FileAction) + itwhite("(Capabilities)"), green(kd.ContainerDefaultPosture.NetworkAction) + itwhite("(Network)")}) + data = append(data, []string{" ", "Host Default Posture:", green(kd.HostDefaultPosture.FileAction) + itwhite("(File)"), green(kd.HostDefaultPosture.CapabilitiesAction) + itwhite("(Capabilities)"), green(kd.HostDefaultPosture.NetworkAction) + itwhite("(Network)")}) + renderOutputInTableWithNoBorders(data) + return nil +} + +// sudo systemctl status kubearmor +func isSystemdMode() bool { + cmd := exec.Command("systemctl", "status", "kubearmor") + _, err := cmd.CombinedOutput() + if err != nil { + return false + } + color.Green("\nFound KubeArmor running in Systemd mode \n\n") + return true +} + +func probeSystemdMode() error { + jsonFile, err := os.Open("/tmp/karmorProbeData.cfg") + if err != nil { + log.Println(err) + return err + } + + buf, err := io.ReadAll(jsonFile) + if err != nil { + log.Println("an error occured when reading file", err) + return err + } + _, err = boldWhite.Printf("Host : \n") + if err != nil { + color.Red(" Error") + } + err = printKubeArmorProbeOutput(buf) + if err != nil { + log.Println("an error occured when printing output", err) + return err + } + return nil +} + +func getAnnotatedPods(c *k8s.Client) error { + // Annotated Pods Description + var data [][]string + pods, err := c.K8sClientset.CoreV1().Pods("").List(context.Background(), metav1.ListOptions{}) + if err != nil { + return err + } + + policyMap, err := getPoliciesOnAnnotatedPods(c) + if err != nil { + color.Red(" Error getting policies on annotated pods") + } + + for _, p := range pods.Items { + if p.Annotations["kubearmor-policy"] == "enabled" { + armoredPod, err := c.K8sClientset.CoreV1().Pods(p.Namespace).Get(context.Background(), p.Name, metav1.GetOptions{}) + if err != nil { + return err + } + data = append(data, []string{armoredPod.Namespace, armoredPod.Name, ""}) + for key, value := range armoredPod.Labels { + for policyKey, policyValue := range policyMap { + if slices.Contains(policyValue, key+":"+value) { + if checkIfDataAlreadyContainsPodName(data, armoredPod.Name, policyKey) { + continue + } else { + data = append(data, []string{armoredPod.Namespace, armoredPod.Name, policyKey}) + } + + } + + } + } + } + } + _, err = boldWhite.Printf("Armored Up pods : \n") + if err != nil { + color.Red(" Error printing bold text") + } + + table := tablewriter.NewWriter(os.Stdout) + table.SetHeader([]string{"NAMESPACE", "NAME", "POLICY"}) + + for _, v := range data { + table.Append(v) + } + table.SetRowLine(true) + table.SetAutoMergeCellsByColumnIndex([]int{0, 1}) + table.Render() + return nil +} + +func getPoliciesOnAnnotatedPods(c *k8s.Client) (map[string][]string, error) { + maps := make(map[string][]string) + kspInterface := c.KSPClientset.KubeArmorPolicies("") + policies, err := kspInterface.List(context.Background(), metav1.ListOptions{}) + if err != nil { + return nil, err + } + if len(policies.Items) > 0 { + for _, policy := range policies.Items { + selectLabels := policy.Spec.Selector.MatchLabels + for key, value := range selectLabels { + maps[policy.Name] = append(maps[policy.Name], key+":"+value) + } + } + } + return maps, nil +} + +func renderOutputInTableWithNoBorders(data [][]string) { + table := tablewriter.NewWriter(os.Stdout) + table.SetAutoWrapText(false) + table.SetAutoFormatHeaders(true) + table.SetHeaderAlignment(tablewriter.ALIGN_LEFT) + table.SetAlignment(tablewriter.ALIGN_LEFT) + table.SetCenterSeparator("") + table.SetColumnSeparator("") + table.SetRowSeparator("") + table.SetHeaderLine(false) + table.SetBorder(false) + table.SetTablePadding("\t") // pad with tabs + table.SetNoWhiteSpace(true) + table.AppendBulk(data) // Add Bulk Data + table.Render() +} + +func checkIfDataAlreadyContainsPodName(input [][]string, name string, policy string) bool { + for _, slice := range input { + //if slice contains podname, then append the policy to the existing policies + if slices.Contains(slice, name) { + if slice[2] == "" { + slice[2] = policy + } else { + slice[2] = slice[2] + "\n" + policy + } + return true + } + + } + return false +} diff --git a/recommend/html/footer.html b/recommend/html/footer.html new file mode 100644 index 00000000..308b1d01 --- /dev/null +++ b/recommend/html/footer.html @@ -0,0 +1,2 @@ + + diff --git a/recommend/html/header.html b/recommend/html/header.html new file mode 100644 index 00000000..7ba17823 --- /dev/null +++ b/recommend/html/header.html @@ -0,0 +1,67 @@ + + + + + + + + + + + + + + + +

{{.ReportTitle}}

+ +

Date: {{.DateTime}}

diff --git a/recommend/html/record.html b/recommend/html/record.html new file mode 100644 index 00000000..c7a72315 --- /dev/null +++ b/recommend/html/record.html @@ -0,0 +1,20 @@ + + {{range .Rec}} + {{.Name}} + {{end}} + + + +

Kubearmor Security Policy

+
+{{.Policy}}
+
+

Description

+ {{.Description}} +
+

References

+ {{range .Refs}} + {{.Name}}: {{.URL}}
+ {{end}} + + diff --git a/recommend/html/sectend.html b/recommend/html/sectend.html new file mode 100644 index 00000000..c8712aa4 --- /dev/null +++ b/recommend/html/sectend.html @@ -0,0 +1,3 @@ + +
+
diff --git a/recommend/html/section.html b/recommend/html/section.html new file mode 100644 index 00000000..c026b26e --- /dev/null +++ b/recommend/html/section.html @@ -0,0 +1,17 @@ +
+ + {{range .ImgInfo}} + + + + + {{end}} +
{{.Key}}{{.Val}}
+ + + + {{range .HdrCols}} + + {{end}} + + diff --git a/recommend/imageHandler.go b/recommend/imageHandler.go new file mode 100644 index 00000000..334d48c7 --- /dev/null +++ b/recommend/imageHandler.go @@ -0,0 +1,450 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +package recommend + +import ( + "archive/tar" + "bufio" + "context" + _ "embed" // need for embedding + "encoding/base64" + "fmt" + "io" + "math/rand" + "os" + "path/filepath" + "regexp" + "strings" + "time" + + "github.com/clarketm/json" + "sigs.k8s.io/yaml" + + "github.com/docker/docker/api/types" + "github.com/docker/docker/client" + "github.com/docker/docker/pkg/jsonmessage" + "github.com/fatih/color" + "github.com/moby/term" + log "github.com/sirupsen/logrus" +) + +var cli *client.Client // docker client +var tempDir string // temporary directory used by karmor to save image etc + +// ImageInfo contains image information +type ImageInfo struct { + Name string + RepoTags []string + Arch string + Distro string + OS string + FileList []string + DirList []string + Namespace string + Deployment string + Labels LabelMap +} + +func getAuthStr() string { + u := os.Getenv("DOCKER_USERNAME") + p := os.Getenv("DOCKER_PASSWORD") + if u == "" || p == "" { + return "" + } + + encodedJSON, err := json.Marshal(types.AuthConfig{ + Username: u, + Password: p, + }) + if err != nil { + log.WithError(err).Fatal("failed to marshal credentials") + } + + return base64.URLEncoding.EncodeToString(encodedJSON) +} + +func init() { + var err error + + rand.Seed(time.Now().UnixNano()) // random seed init for random string generator + + cli, err = client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation()) + if err != nil { + log.WithError(err).Fatal("could not create new docker client") + } +} + +func pullImage(imageName string) error { + out, err := cli.ImagePull(context.Background(), imageName, types.ImagePullOptions{RegistryAuth: getAuthStr()}) + if err != nil { + log.WithError(err).Fatal("could not pull image") + } + defer out.Close() + + termFd, isTerm := term.GetFdInfo(os.Stderr) + err = jsonmessage.DisplayJSONMessagesStream(out, os.Stderr, termFd, isTerm, nil) + if err != nil { + log.WithError(err).Error("could not display json") + } + + return nil +} + +// The randomizer used in this function is not used for any cryptographic +// operation and hence safe to use. +func randString(n int) string { + var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") + b := make([]rune, n) + for i := range b { + b[i] = letterRunes[rand.Intn(len(letterRunes))] // #nosec + } + return string(b) +} + +func closeCheckErr(f *os.File, fname string) { + err := f.Close() + if err != nil { + log.WithFields(log.Fields{ + "file": fname, + }).Error("close file failed") + } +} + +// Sanitize archive file pathing from "G305: Zip Slip vulnerability" +func sanitizeArchivePath(d, t string) (v string, err error) { + v = filepath.Join(d, t) + if strings.HasPrefix(v, filepath.Clean(d)) { + return v, nil + } + + return "", fmt.Errorf("%s: %s", "content filepath is tainted", t) +} + +func extractTar(tarname string) ([]string, []string) { + var fl []string + var dl []string + + f, err := os.Open(filepath.Clean(tarname)) + if err != nil { + log.WithError(err).WithFields(log.Fields{ + "tar": tarname, + }).Fatal("os create failed") + } + defer closeCheckErr(f, tarname) + + tr := tar.NewReader(bufio.NewReader(f)) + for { + hdr, err := tr.Next() + if err == io.EOF { + break // End of archive + } + if err != nil { + log.WithError(err).Fatal("tar next failed") + } + + tgt, err := sanitizeArchivePath(tempDir, hdr.Name) + if err != nil { + log.WithError(err).WithFields(log.Fields{ + "file": hdr.Name, + }).Error("ignoring file since it could not be sanitized") + continue + } + + switch hdr.Typeflag { + case tar.TypeDir: + if _, err := os.Stat(tgt); err != nil { + if err := os.MkdirAll(tgt, 0750); err != nil { + log.WithError(err).WithFields(log.Fields{ + "target": tgt, + }).Fatal("tar mkdirall") + } + } + dl = append(dl, tgt) + case tar.TypeReg: + f, err := os.OpenFile(filepath.Clean(tgt), os.O_CREATE|os.O_RDWR, os.FileMode(hdr.Mode)) + if err != nil { + log.WithError(err).WithFields(log.Fields{ + "target": tgt, + }).Error("tar open file") + } else { + + // copy over contents + if _, err := io.CopyN(f, tr, 2e+9 /*2GB*/); err != io.EOF { + log.WithError(err).WithFields(log.Fields{ + "target": tgt, + }).Fatal("tar io.Copy()") + } + } + closeCheckErr(f, tgt) + if strings.HasSuffix(tgt, "layer.tar") { // deflate container image layer + ifl, idl := extractTar(tgt) + fl = append(fl, ifl...) + dl = append(dl, idl...) + } else { + fl = append(fl, tgt) + } + } + } + return fl, dl +} + +func saveImageToTar(imageName string) string { + imgdata, err := cli.ImageSave(context.Background(), []string{imageName}) + if err != nil { + log.WithError(err).Fatal("could not save image") + } + defer imgdata.Close() + + tarname := filepath.Join(tempDir, randString(8)+".tar") + + f, err := os.Create(filepath.Clean(tarname)) + if err != nil { + log.WithError(err).Fatal("os create failed") + } + + if _, err := io.CopyN(bufio.NewWriter(f), imgdata, 5e+9 /*5GB*/); err != io.EOF { + log.WithError(err).WithFields(log.Fields{ + "tar": tarname, + }).Fatal("io.CopyN() failed") + } + closeCheckErr(f, tarname) + log.WithFields(log.Fields{ + "tar": tarname, + }).Info("dumped image to tar") + return tarname +} + +func checkForSpec(spec string, fl []string) []string { + var matches []string + if !strings.HasSuffix(spec, "*") { + spec = fmt.Sprintf("%s$", spec) + } + + re := regexp.MustCompile(spec) + for _, name := range fl { + if re.Match([]byte(name)) { + matches = append(matches, name) + } + } + return matches +} + +func getFileBytes(fname string) ([]byte, error) { + f, err := os.Open(filepath.Clean(fname)) + if err != nil { + log.WithFields(log.Fields{ + "file": fname, + }).Fatal("open file failed") + } + defer closeCheckErr(f, fname) + return io.ReadAll(f) +} + +func (img *ImageInfo) readManifest(manifest string) { + // read manifest file + barr, err := getFileBytes(manifest) + if err != nil { + log.WithError(err).Fatal("manifest read failed") + } + var manres []map[string]interface{} + err = json.Unmarshal(barr, &manres) + if err != nil { + log.WithError(err).Fatal("manifest json unmarshal failed") + } + if len(manres) < 1 { + log.WithFields(log.Fields{ + "len": len(manres), + "results": manres, + }).Fatal("expecting atleast one config in manifest!") + } + + var man map[string]interface{} + for _, man = range manres { + if man["RepoTags"] != nil { + break + } + } + + // read config file + config := filepath.Join(tempDir, man["Config"].(string)) + barr, err = getFileBytes(config) + if err != nil { + log.WithFields(log.Fields{ + "config": config, + }).Fatal("config read failed") + } + var cfgres map[string]interface{} + err = json.Unmarshal(barr, &cfgres) + if err != nil { + log.WithError(err).Fatal("config json unmarshal failed") + } + img.Arch = cfgres["architecture"].(string) + img.OS = cfgres["os"].(string) + + if man["RepoTags"] == nil { + // If the image name contains sha256 digest, + // then manifest["RepoTags"] will be `nil`. + img.RepoTags = append(img.RepoTags, shortenImageNameWithSha256(img.Name)) + } else { + for _, tag := range man["RepoTags"].([]interface{}) { + img.RepoTags = append(img.RepoTags, tag.(string)) + } + } +} + +func (img *ImageInfo) getPolicyDir() string { + var policyDir string + + if img.Deployment == "" { + // policy recommendation for container images + if img.Namespace == "" { + policyDir = mkPathFromTag(img.RepoTags[0]) + } else { + policyDir = fmt.Sprintf("%s-%s", img.Namespace, mkPathFromTag(img.RepoTags[0])) + } + } else { + // policy recommendation based on k8s manifest + policyDir = fmt.Sprintf("%s-%s", img.Namespace, img.Deployment) + } + return filepath.Join(options.OutDir, policyDir) +} + +func (img *ImageInfo) getPolicyFile(spec string) string { + var policyFile string + + if img.Deployment != "" { + // policy recommendation based on k8s manifest + policyFile = fmt.Sprintf("%s-%s.yaml", mkPathFromTag(img.RepoTags[0]), spec) + } else { + policyFile = fmt.Sprintf("%s.yaml", spec) + } + + return filepath.Join(img.getPolicyDir(), policyFile) +} + +func (img *ImageInfo) getPolicyName(spec string) string { + var policyName string + + if img.Deployment == "" { + // policy recommendation for container images + policyName = fmt.Sprintf("%s-%s", mkPathFromTag(img.RepoTags[0]), spec) + } else { + // policy recommendation based on k8s manifest + policyName = fmt.Sprintf("%s-%s-%s", img.Deployment, mkPathFromTag(img.RepoTags[0]), spec) + } + return policyName +} + +type distroRule struct { + Name string `json:"name" yaml:"name"` + Match []struct { + Path string `json:"path" yaml:"path"` + } `json:"match" yaml:"match"` +} + +//go:embed yaml/distro.yaml +var distroYAML []byte + +var distroRules []distroRule + +func init() { + distroJSON, err := yaml.YAMLToJSON(distroYAML) + if err != nil { + color.Red("failed to convert distro rules yaml to json") + log.WithError(err).Fatal("failed to convert distro rules yaml to json") + } + + var jsonRaw map[string]json.RawMessage + err = json.Unmarshal(distroJSON, &jsonRaw) + if err != nil { + color.Red("failed to unmarshal distro rules json") + log.WithError(err).Fatal("failed to unmarshal distro rules json") + } + + err = json.Unmarshal(jsonRaw["distroRules"], &distroRules) + if err != nil { + color.Red("failed to unmarshal distro rules") + log.WithError(err).Fatal("failed to unmarshal distro rules") + } +} + +func (img *ImageInfo) getDistro() { + for _, d := range distroRules { + match := true + for _, m := range d.Match { + matches := checkForSpec(filepath.Clean(tempDir+m.Path), img.FileList) + if len(matches) == 0 { + match = false + break + } + } + if len(d.Match) > 0 && match { + color.Green("Distribution %s", d.Name) + img.Distro = d.Name + return + } + } +} + +func (img *ImageInfo) getImageInfo() { + matches := checkForSpec(filepath.Join(tempDir, "manifest.json"), img.FileList) + if len(matches) != 1 { + log.WithFields(log.Fields{ + "len": len(matches), + "matches": matches, + }).Fatal("expecting one manifest.json!") + } + img.readManifest(matches[0]) + + img.getDistro() +} + +func getImageDetails(namespace, deployment string, labels LabelMap, imageName string) error { + img := ImageInfo{ + Name: imageName, + Namespace: namespace, + Deployment: deployment, + Labels: labels, + } + + // step 1: save the image to a tar file + tarname := saveImageToTar(imageName) + + // step 2: retrieve information from tar + img.FileList, img.DirList = extractTar(tarname) + + // step 3: getImageInfo + img.getImageInfo() + + // step 4: get policy from image info + img.getPolicyFromImageInfo() + + return nil +} + +func imageHandler(namespace, deployment string, labels LabelMap, imageName string) error { + log.WithFields(log.Fields{ + "image": imageName, + }).Info("pulling image") + err := pullImage(imageName) + if err != nil { + return err + } + + err = getImageDetails(namespace, deployment, labels, imageName) + if err != nil { + return err + } + + return nil +} + +// shortenImageNameWithSha256 truncates the sha256 digest in image name +func shortenImageNameWithSha256(name string) string { + if strings.Contains(name, "@sha256:") { + // shorten sha256 to first 8 chars + return name[:len(name)-56] + } + return name +} diff --git a/recommend/policy.go b/recommend/policy.go new file mode 100644 index 00000000..c6f89895 --- /dev/null +++ b/recommend/policy.go @@ -0,0 +1,168 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +package recommend + +import ( + "fmt" + "os" + "path/filepath" + "strings" + + "github.com/clarketm/json" + "github.com/fatih/color" + pol "github.com/kubearmor/KubeArmor/pkg/KubeArmorPolicy/api/security.kubearmor.com/v1" + log "github.com/sirupsen/logrus" + "k8s.io/utils/strings/slices" + "sigs.k8s.io/yaml" +) + +func addPolicyRule(policy *pol.KubeArmorPolicy, r pol.KubeArmorPolicySpec) { + + if len(r.File.MatchDirectories) != 0 || len(r.File.MatchPaths) != 0 { + policy.Spec.File = r.File + } + if len(r.Process.MatchDirectories) != 0 || len(r.Process.MatchPaths) != 0 { + policy.Spec.Process = r.Process + } + if len(r.Network.MatchProtocols) != 0 { + policy.Spec.Network = r.Network + } +} + +func mkPathFromTag(tag string) string { + r := strings.NewReplacer( + "/", "-", + ":", "-", + "\\", "-", + ".", "-", + "@", "-", + ) + return r.Replace(tag) +} + +func (img *ImageInfo) createPolicy(ms MatchSpec) (pol.KubeArmorPolicy, error) { + policy := pol.KubeArmorPolicy{ + Spec: pol.KubeArmorPolicySpec{ + Severity: 1, // by default + Selector: pol.SelectorType{ + MatchLabels: map[string]string{}}, + }, + } + policy.APIVersion = "security.kubearmor.com/v1" + policy.Kind = "KubeArmorPolicy" + + policy.ObjectMeta.Name = img.getPolicyName(ms.Name) + + if img.Namespace != "" { + policy.ObjectMeta.Namespace = img.Namespace + } + + policy.Spec.Action = ms.Spec.Action + policy.Spec.Severity = ms.Spec.Severity + if ms.Spec.Message != "" { + policy.Spec.Message = ms.Spec.Message + } + if len(ms.Spec.Tags) > 0 { + policy.Spec.Tags = ms.Spec.Tags + } + + if len(img.Labels) > 0 { + policy.Spec.Selector.MatchLabels = img.Labels + } else { + repotag := strings.Split(img.RepoTags[0], ":") + policy.Spec.Selector.MatchLabels["kubearmor.io/container.name"] = repotag[0] + } + + addPolicyRule(&policy, ms.Spec) + return policy, nil +} + +func (img *ImageInfo) checkPreconditions(ms MatchSpec) bool { + var matches []string + for _, preCondition := range ms.Precondition { + matches = append(matches, checkForSpec(filepath.Join(preCondition), img.FileList)...) + } + return len(matches) >= len(ms.Precondition) +} + +func matchTags(ms MatchSpec) bool { + if len(options.Tags) <= 0 { + return true + } + for _, t := range options.Tags { + if slices.Contains(ms.Spec.Tags, t) { + return true + } + } + return false +} + +func (img *ImageInfo) writePolicyFile(ms MatchSpec) { + policy, err := img.createPolicy(ms) + if err != nil { + log.WithError(err).WithFields(log.Fields{ + "image": img, "spec": ms, + }).Error("create policy failed, skipping") + + } + + outFile := img.getPolicyFile(ms.Name) + _ = os.MkdirAll(filepath.Dir(outFile), 0750) + + f, err := os.Create(filepath.Clean(outFile)) + if err != nil { + log.WithError(err).Error(fmt.Sprintf("create file %s failed", outFile)) + + } + + arr, _ := json.Marshal(policy) + yamlArr, _ := yaml.JSONToYAML(arr) + if _, err := f.WriteString(string(yamlArr)); err != nil { + log.WithError(err).Error("WriteString failed") + } + if err := f.Sync(); err != nil { + log.WithError(err).Error("file sync failed") + } + if err := f.Close(); err != nil { + log.WithError(err).Error("file close failed") + } + _ = ReportRecord(ms, outFile) + color.Green("created policy %s ...", outFile) + +} + +func (img *ImageInfo) getPolicyFromImageInfo() { + if img.OS != "linux" { + color.Red("non-linux platforms are not supported, yet.") + return + } + idx := 0 + if err := ReportStart(img); err != nil { + log.WithError(err).Error("report start failed") + return + } + var ms MatchSpec + var err error + + err = createRuntimePolicy(img) + if err != nil { + log.Infof("No runtime policy generated for %s/%s/%s", img.Namespace, img.Deployment, img.Name) + } + + ms, err = getNextRule(&idx) + for ; err == nil; ms, err = getNextRule(&idx) { + // matches preconditions + + if !matchTags(ms) { + continue + } + + if !img.checkPreconditions(ms) { + continue + } + img.writePolicyFile(ms) + } + + _ = ReportSectEnd(img) +} diff --git a/recommend/policyRules.go b/recommend/policyRules.go new file mode 100644 index 00000000..d7a6301d --- /dev/null +++ b/recommend/policyRules.go @@ -0,0 +1,80 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +package recommend + +import ( + _ "embed" // need for embedding + + "errors" + + "github.com/clarketm/json" + "sigs.k8s.io/yaml" + + "github.com/fatih/color" + pol "github.com/kubearmor/KubeArmor/pkg/KubeArmorPolicy/api/security.kubearmor.com/v1" + log "github.com/sirupsen/logrus" +) + +// MatchSpec spec to match for defining policy +type MatchSpec struct { + Name string `json:"name" yaml:"name"` + Precondition []string `json:"precondition" yaml:"precondition"` + Description Description `json:"description" yaml:"description"` + Yaml string `json:"yaml" yaml:"yaml"` + Spec pol.KubeArmorPolicySpec `json:"spec,omitempty" yaml:"spec,omitempty"` +} + +// Ref for the policy rules +type Ref struct { + Name string `json:"name" yaml:"name"` + URL []string `json:"url" yaml:"url"` +} + +// Description detailed description for the policy rule +type Description struct { + Refs []Ref `json:"refs" yaml:"refs"` + Tldr string `json:"tldr" yaml:"tldr"` + Detailed string `json:"detailed" yaml:"detailed"` +} + +var policyRules []MatchSpec + +//go:embed yaml/rules.yaml +var policyRulesYAML []byte + +func updateRulesYAML(yamlFile []byte) string { + policyRules = []MatchSpec{} + if len(yamlFile) < 30 { + yamlFile = policyRulesYAML + } + policyRulesJSON, err := yaml.YAMLToJSON(yamlFile) + if err != nil { + color.Red("failed to convert policy rules yaml to json") + log.WithError(err).Fatal("failed to convert policy rules yaml to json") + } + var jsonRaw map[string]json.RawMessage + err = json.Unmarshal(policyRulesJSON, &jsonRaw) + if err != nil { + color.Red("failed to unmarshal policy rules json") + log.WithError(err).Fatal("failed to unmarshal policy rules json") + } + err = json.Unmarshal(jsonRaw["policyRules"], &policyRules) + if err != nil { + color.Red("failed to unmarshal policy rules") + log.WithError(err).Fatal("failed to unmarshal policy rules") + } + return string(jsonRaw["version"]) +} + +func getNextRule(idx *int) (MatchSpec, error) { + if *idx < 0 { + (*idx)++ + } + if *idx >= len(policyRules) { + return MatchSpec{}, errors.New("no rule at idx") + } + r := policyRules[*idx] + (*idx)++ + return r, nil +} diff --git a/recommend/policyTemplates.go b/recommend/policyTemplates.go new file mode 100644 index 00000000..31a6429f --- /dev/null +++ b/recommend/policyTemplates.go @@ -0,0 +1,226 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +package recommend + +import ( + "archive/zip" + "context" + "fmt" + "os" + "path" + "path/filepath" + "runtime" + "strings" + + "github.com/cavaliergopher/grab/v3" + "github.com/google/go-github/github" + pol "github.com/kubearmor/KubeArmor/pkg/KubeArmorPolicy/api/security.kubearmor.com/v1" + log "github.com/sirupsen/logrus" + "sigs.k8s.io/yaml" +) + +const ( + org = "kubearmor" + repo = "policy-templates" + url = "https://github.com/kubearmor/policy-templates/archive/refs/tags/" + cache = ".cache/karmor/" +) + +// CurrentVersion stores the current version of policy-template +var CurrentVersion string + +// LatestVersion stores the latest version of policy-template +var LatestVersion string + +func getCachePath() string { + cache := fmt.Sprintf("%s/%s", userHome(), cache) + return cache + +} + +// userHome function returns users home directory +func userHome() string { + if runtime.GOOS == "windows" { + home := os.Getenv("HOMEDRIVE") + os.Getenv("HOMEPATH") + if home == "" { + home = os.Getenv("USERPROFILE") + } + return home + } + return os.Getenv("HOME") +} + +func latestRelease() string { + latestRelease, _, err := github.NewClient(nil).Repositories.GetLatestRelease(context.Background(), org, repo) + if err != nil { + log.WithError(err) + return "" + } + return *latestRelease.TagName +} + +// CurrentRelease gets the current release of policy-templates +func CurrentRelease() string { + + path, err := os.ReadFile(fmt.Sprintf("%s%s", getCachePath(), "rules.yaml")) + if err != nil { + CurrentVersion = strings.Trim(updateRulesYAML([]byte{}), "\"") + } else { + + CurrentVersion = strings.Trim(updateRulesYAML(path), "\"") + } + + return CurrentVersion +} + +func isLatest() bool { + LatestVersion = latestRelease() + + if LatestVersion == "" { + // error while fetching latest release tag + // assume the current release is the latest one + return true + } + return (CurrentVersion == LatestVersion) +} + +func removeData(file string) error { + err := os.RemoveAll(file) + return err +} + +func init() { + CurrentVersion = CurrentRelease() +} + +// DownloadAndUnzipRelease downloads the latest version of policy-templates +func DownloadAndUnzipRelease() (string, error) { + + LatestVersion = latestRelease() + + _ = removeData(getCachePath()) + err := os.MkdirAll(filepath.Dir(getCachePath()), 0750) + if err != nil { + return "", err + } + downloadURL := fmt.Sprintf("%s%s.zip", url, LatestVersion) + resp, err := grab.Get(getCachePath(), downloadURL) + if err != nil { + _ = removeData(getCachePath()) + return "", err + } + err = unZip(resp.Filename, getCachePath()) + if err != nil { + return "", err + } + err = removeData(resp.Filename) + if err != nil { + return "", err + } + _ = updatePolicyRules(strings.TrimSuffix(resp.Filename, ".zip")) + CurrentVersion = CurrentRelease() + return LatestVersion, nil +} + +func unZip(source, dest string) error { + read, err := zip.OpenReader(source) + if err != nil { + return err + } + defer read.Close() + for _, file := range read.File { + if file.Mode().IsDir() { + continue + } + open, err := file.Open() + if err != nil { + return err + } + name, err := sanitizeArchivePath(dest, file.Name) + if err != nil { + return err + } + _ = os.MkdirAll(path.Dir(name), 0750) + create, err := os.Create(filepath.Clean(name)) + if err != nil { + return err + } + _, err = create.ReadFrom(open) + if err != nil { + return err + } + if err = create.Close(); err != nil { + return err + } + defer open.Close() + } + return nil +} + +func updatePolicyRules(filePath string) error { + var files []string + err := filepath.Walk(filePath, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + if !info.IsDir() && info.Name() == "metadata.yaml" { + files = append(files, path) + } + return nil + }) + if err != nil { + return err + } + rulesYamlPath := filepath.Join(getCachePath(), "rules.yaml") + f, err := os.Create(filepath.Clean(rulesYamlPath)) + if err != nil { + log.WithError(err).Errorf("Failed to create %s", rulesYamlPath) + } + + var yamlFile []byte + var completePolicy []MatchSpec + var version string + + for _, file := range files { + idx := 0 + yamlFile, err = os.ReadFile(filepath.Clean(file)) + if err != nil { + return err + } + version = updateRulesYAML(yamlFile) + ms, err := getNextRule(&idx) + for ; err == nil; ms, err = getNextRule(&idx) { + if ms.Yaml != "" { + newPolicyFile := pol.KubeArmorPolicy{} + newYaml, err := os.ReadFile(filepath.Clean(fmt.Sprintf("%s%s", strings.TrimSuffix(file, "metadata.yaml"), ms.Yaml))) + if err != nil { + newYaml, _ = os.ReadFile(filepath.Clean(fmt.Sprintf("%s/%s", filePath, ms.Yaml))) + } + err = yaml.Unmarshal(newYaml, &newPolicyFile) + if err != nil { + return err + } + ms.Yaml = "" + ms.Spec = newPolicyFile.Spec + } + completePolicy = append(completePolicy, ms) + } + } + yamlFile, err = yaml.Marshal(completePolicy) + if err != nil { + return err + } + version = strings.Trim(version, "\"") + yamlFile = []byte(fmt.Sprintf("version: %s\npolicyRules:\n%s", version, yamlFile)) + if _, err := f.WriteString(string(yamlFile)); err != nil { + log.WithError(err).Error("WriteString failed") + } + if err := f.Sync(); err != nil { + log.WithError(err).Error("file sync failed") + } + if err := f.Close(); err != nil { + log.WithError(err).Error("file close failed") + } + return nil +} diff --git a/recommend/recommend.go b/recommend/recommend.go new file mode 100644 index 00000000..0429cc99 --- /dev/null +++ b/recommend/recommend.go @@ -0,0 +1,195 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +package recommend + +import ( + "context" + "errors" + "fmt" + "os" + "path/filepath" + "strings" + + "github.com/fatih/color" + "github.com/kubearmor/kubearmor-client/k8s" + log "github.com/sirupsen/logrus" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// Options for karmor recommend +type Options struct { + Images []string + Labels []string + Tags []string + Namespace string + OutDir string + ReportFile string +} + +// LabelMap is an alias for map[string]string +type LabelMap = map[string]string + +// Deployment contains brief information about a k8s deployment +type Deployment struct { + Name string + Namespace string + Labels LabelMap + Images []string +} + +var options Options + +func unique(s []string) []string { + inResult := make(map[string]bool) + var result []string + for _, str := range s { + str = strings.Trim(str, " ") + if _, ok := inResult[str]; !ok { + inResult[str] = true + result = append(result, str) + } + } + return result +} + +func createOutDir(dir string) error { + if dir == "" { + return nil + } + _, err := os.Stat(dir) + if errors.Is(err, os.ErrNotExist) { + err = os.Mkdir(dir, 0750) + if err != nil { + return err + } + } else if err != nil { + return err + } + return nil +} + +func finalReport() { + repFile := filepath.Clean(filepath.Join(options.OutDir, options.ReportFile)) + _ = ReportRender(repFile) + color.Green("output report in %s ...", repFile) + if strings.Contains(repFile, ".html") { + return + } + data, err := os.ReadFile(repFile) + if err != nil { + log.WithError(err).Fatal("failed to read report file") + return + } + fmt.Println(string(data)) +} + +// Recommend handler for karmor cli tool +func Recommend(c *k8s.Client, o Options) error { + deployments := []Deployment{} + var err error + if !isLatest() { + log.Warn("\033[1;33mpolicy-templates ", LatestVersion, " is available. Use `karmor recommend update` to get recommendations based on the latest policy-templates.\033[0m") + } + + if err = createOutDir(o.OutDir); err != nil { + return err + } + + if o.ReportFile != "" { + ReportInit(o.ReportFile) + } + + labelMap := labelArrayToLabelMap(o.Labels) + + if len(o.Images) == 0 { + // recommendation based on k8s manifest + dps, err := c.K8sClientset.AppsV1().Deployments(o.Namespace).List(context.TODO(), v1.ListOptions{}) + if err != nil { + return err + } + for _, dp := range dps.Items { + + if matchLabels(labelMap, dp.Spec.Template.Labels) { + images := []string{} + for _, container := range dp.Spec.Template.Spec.Containers { + images = append(images, container.Image) + } + + deployments = append(deployments, Deployment{ + Name: dp.Name, + Namespace: dp.Namespace, + Labels: dp.Spec.Template.Labels, + Images: images, + }) + } + } + } else { + deployments = append(deployments, Deployment{ + Namespace: o.Namespace, + Labels: labelMap, + Images: o.Images, + }) + } + + // o.Images = unique(o.Images) + o.Tags = unique(o.Tags) + options = o + + for _, dp := range deployments { + err := handleDeployment(dp) + if err != nil { + log.Error(err) + } + } + + finalReport() + return nil +} + +func handleDeployment(dp Deployment) error { + + var err error + for _, img := range dp.Images { + tempDir, err = os.MkdirTemp("", "karmor") + if err != nil { + log.WithError(err).Error("could not create temp dir") + } + err = imageHandler(dp.Namespace, dp.Name, dp.Labels, img) + if err != nil { + log.WithError(err).WithFields(log.Fields{ + "image": img, + }).Error("could not handle container image") + } + _ = os.RemoveAll(tempDir) + } + + return nil +} + +func matchLabels(filter, selector LabelMap) bool { + match := true + for k, v := range filter { + if selector[k] != v { + match = false + break + } + } + return match +} + +func labelArrayToLabelMap(labels []string) LabelMap { + labelMap := LabelMap{} + for _, label := range labels { + kvPair := strings.FieldsFunc(label, labelSplitter) + if len(kvPair) != 2 { + continue + } + labelMap[kvPair[0]] = kvPair[1] + } + return labelMap +} + +func labelSplitter(r rune) bool { + return r == ':' || r == '=' +} diff --git a/recommend/report.go b/recommend/report.go new file mode 100644 index 00000000..d72e3a99 --- /dev/null +++ b/recommend/report.go @@ -0,0 +1,80 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +package recommend + +import ( + "errors" + "strings" +) + +/* +ReportInit() +for every image { + ReportStart() + for every policy { + ReportRecord() + } + ReportSectEnd() +} +ReportRender() +*/ + +// Handler interface +var Handler interface{} + +// ReportInit called once per execution +func ReportInit(fname string) { + if Handler != nil { + return + } + if strings.Contains(fname, ".html") { + Handler = NewHTMLReport() + } else { + Handler = NewTextReport() + } +} + +// ReportStart called once per container image at the start +func ReportStart(img *ImageInfo) error { + switch v := Handler.(type) { + case HTMLReport: + return v.Start(img) + case TextReport: + return v.Start(img) + } + return errors.New("unknown reporter type") +} + +// ReportRecord called once per policy +func ReportRecord(ms MatchSpec, policyName string) error { + switch v := Handler.(type) { + case HTMLReport: + return v.Record(ms, policyName) + case TextReport: + return v.Record(ms, policyName) + } + return errors.New("unknown reporter type") +} + +// ReportSectEnd called once per container image at the end +func ReportSectEnd(img *ImageInfo) error { + switch v := Handler.(type) { + case HTMLReport: + return v.SectionEnd(img) + case TextReport: + return v.SectionEnd(img) + } + return errors.New("unknown reporter type") +} + +// ReportRender called finaly to render the report +func ReportRender(out string) error { + switch v := Handler.(type) { + case HTMLReport: + return v.Render(out) + case TextReport: + return v.Render(out) + } + return errors.New("unknown reporter type") +} diff --git a/recommend/report_html.go b/recommend/report_html.go new file mode 100644 index 00000000..4eca53de --- /dev/null +++ b/recommend/report_html.go @@ -0,0 +1,176 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +// Package recommend package +package recommend + +import ( + _ "embed" // need for embedding + "fmt" + "html/template" + "os" + "path/filepath" + "strings" + "time" + + log "github.com/sirupsen/logrus" +) + +// HTMLReport Report in HTML format +type HTMLReport struct { + header *template.Template + section *template.Template + sectend *template.Template + record *template.Template + footer *template.Template + outString *strings.Builder + RecordCnt *int +} + +//go:embed html/record.html +var recordHTML string + +//go:embed html/header.html +var headerHTML string + +//go:embed html/footer.html +var footerHTML string + +//go:embed html/section.html +var sectionHTML string + +//go:embed html/sectend.html +var sectendHTML string + +// Col column of the table +type Col struct { + Name string +} + +// Info key val pair of the image info +type Info struct { + Key string + Val string +} + +// HeaderInfo HTML Header Info +type HeaderInfo struct { + ReportTitle string + DateTime string +} + +// SectionInfo Section information +type SectionInfo struct { + HdrCols []Col + ImgInfo []Info +} + +// NewHTMLReport instantiation on new html report +func NewHTMLReport() HTMLReport { + str := &strings.Builder{} + header, err := template.New("headertmpl").Parse(headerHTML) + if err != nil { + log.WithError(err).Fatal("failed parsing html header template") + } + record, err := template.New("recordtmpl").Parse(recordHTML) + if err != nil { + log.WithError(err).Fatal("failed parsing html record template") + } + footer, err := template.New("footertmpl").Parse(footerHTML) + if err != nil { + log.WithError(err).Fatal("failed parsing html footer template") + } + section, err := template.New("sectiontmpl").Parse(sectionHTML) + if err != nil { + log.WithError(err).Fatal("failed parsing html section template") + } + sectend, err := template.New("sectendtmpl").Parse(sectendHTML) + if err != nil { + log.WithError(err).Fatal("failed parsing html sectend template") + } + hdri := HeaderInfo{ + ReportTitle: "KubeArmor Security Report", + DateTime: time.Now().Format("02-Jan-2006 15:04:05"), + } + _ = header.Execute(str, hdri) + recordcnt := 0 + return HTMLReport{ + header: header, + section: section, + sectend: sectend, + record: record, + footer: footer, + outString: str, + RecordCnt: &recordcnt, + } +} + +// Start of HTML report section +func (r HTMLReport) Start(img *ImageInfo) error { + seci := SectionInfo{ + HdrCols: []Col{ + {Name: "Policy"}, + {Name: "Description"}, + {Name: "Severity"}, + {Name: "Action"}, + {Name: "Tags"}, + }, + ImgInfo: []Info{ + {Key: "Container", Val: img.RepoTags[0]}, + {Key: "OS/Arch/Distro", Val: img.OS + "/" + img.Arch + "/" + img.Distro}, + {Key: "Output Directory", Val: options.OutDir + "/" + img.Namespace + "-" + img.Deployment + "/"}, + {Key: "policy-template version", Val: CurrentVersion}, + }, + } + _ = r.section.Execute(r.outString, seci) + return nil +} + +// RecordInfo new row information in table +type RecordInfo struct { + RowID string + Rec []Col + Policy string + Description string + Refs []Ref +} + +// Record addition of new HTML table row +func (r HTMLReport) Record(ms MatchSpec, policyName string) error { + *r.RecordCnt = *r.RecordCnt + 1 + policy, err := os.ReadFile(filepath.Clean(policyName)) + if err != nil { + log.WithError(err).Error(fmt.Sprintf("failed to read policy %s", policyName)) + } + policyName = policyName[strings.LastIndex(policyName, "/")+1:] + reci := RecordInfo{ + RowID: fmt.Sprintf("row%d", *r.RecordCnt), + Rec: []Col{ + {Name: policyName}, + {Name: ms.Description.Tldr}, + {Name: fmt.Sprintf("%d", ms.Spec.Severity)}, + {Name: string(ms.Spec.Action)}, + {Name: strings.Join(ms.Spec.Tags[:], ",")}, + }, + Policy: string(policy), + Description: ms.Description.Detailed, + Refs: ms.Description.Refs, + } + _ = r.record.Execute(r.outString, reci) + return nil +} + +// SectionEnd end of section of the HTML table +func (r HTMLReport) SectionEnd(img *ImageInfo) error { + return r.sectend.Execute(r.outString, nil) +} + +// Render output the table +func (r HTMLReport) Render(out string) error { + _ = r.footer.Execute(r.outString, nil) + + if err := os.WriteFile(out, []byte(r.outString.String()), 0600); err != nil { + log.WithError(err).Error("failed to write file") + } + return nil +} diff --git a/recommend/report_text.go b/recommend/report_text.go new file mode 100644 index 00000000..52e61c05 --- /dev/null +++ b/recommend/report_text.go @@ -0,0 +1,112 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +package recommend + +import ( + _ "embed" // need for embedding + "fmt" + "os" + "strings" + + "github.com/olekukonko/tablewriter" + log "github.com/sirupsen/logrus" +) + +// TextReport Report in Text format +type TextReport struct { + table *tablewriter.Table + outString *strings.Builder +} + +// NewTextReport instantiation of new TextReport +func NewTextReport() TextReport { + str := &strings.Builder{} + table := tablewriter.NewWriter(str) + return TextReport{ + table: table, + outString: str, + } +} + +func (r TextReport) writeImageSummary(img *ImageInfo) { + t := tablewriter.NewWriter(r.outString) + t.SetBorder(false) + if img.Deployment != "" { + dp := fmt.Sprintf("%s/%s", img.Namespace, img.Deployment) + t.Append([]string{"Deployment", dp}) + } + t.Append([]string{"Container", img.RepoTags[0]}) + t.Append([]string{"OS", img.OS}) + t.Append([]string{"Arch", img.Arch}) + t.Append([]string{"Distro", img.Distro}) + t.Append([]string{"Output Directory", fmt.Sprintf("%s/%s-%s/", options.OutDir, img.Namespace, img.Deployment)}) + t.Append([]string{"policy-template version", CurrentVersion}) + t.Render() +} + +// Start Start of the section of the text report +func (r TextReport) Start(img *ImageInfo) error { + r.writeImageSummary(img) + r.table.SetHeader([]string{"Policy", "Short Desc", "Severity", "Action", "Tags"}) + r.table.SetAlignment(tablewriter.ALIGN_LEFT) + r.table.SetRowLine(true) + return nil +} + +// SectionEnd end of section of the text table +func (r TextReport) SectionEnd(img *ImageInfo) error { + r.table.Render() + r.table.ClearRows() + r.outString.WriteString("\n") + return nil +} + +// Record addition of new text table row +func (r TextReport) Record(ms MatchSpec, policyName string) error { + var rec []string + policyName = policyName[strings.LastIndex(policyName, "/")+1:] + rec = append(rec, wrapPolicyName(policyName, 35)) + rec = append(rec, ms.Description.Tldr) + rec = append(rec, fmt.Sprintf("%d", ms.Spec.Severity)) + rec = append(rec, string(ms.Spec.Action)) + rec = append(rec, strings.Join(ms.Spec.Tags[:], ",")) + r.table.Append(rec) + return nil +} + +func wrapPolicyName(name string, limit int) string { + line := "" + lines := []string{} + + strArr := strings.Split(name, "-") + + strArrLen := len(strArr) + for i, str := range strArr { + var newLine string + if (i + 1) != strArrLen { + newLine = line + str + "-" + } else { + newLine = line + str + } + + if len(newLine) <= limit { + line = newLine + } else { + lines = append(lines, line) + line = strings.TrimPrefix(newLine, line) + } + } + lines = append(lines, line) + + return strings.Join(lines, "\n") +} + +// Render output the table +func (r TextReport) Render(out string) error { + + if err := os.WriteFile(out, []byte(r.outString.String()), 0600); err != nil { + log.WithError(err).Error("failed to write file") + } + return nil +} diff --git a/recommend/runtimePolicy.go b/recommend/runtimePolicy.go new file mode 100644 index 00000000..488d20e1 --- /dev/null +++ b/recommend/runtimePolicy.go @@ -0,0 +1,126 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +package recommend + +import ( + "context" + "errors" + "fmt" + "os" + "strings" + + opb "github.com/accuknox/auto-policy-discovery/src/protobuf/v1/observability" + pol "github.com/kubearmor/KubeArmor/pkg/KubeArmorPolicy/api/security.kubearmor.com/v1" + + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" +) + +var saPath []string + +func init() { + saPath = []string{ + "/var/run/secrets/kubernetes.io/serviceaccount/", + "/run/secrets/kubernetes.io/serviceaccount/", + } +} + +// createRuntimePolicy function generates runtime policy for service account +func createRuntimePolicy(img *ImageInfo) error { + var labels string + for key, value := range img.Labels { + labels = strings.TrimPrefix(fmt.Sprintf("%s,%s=%s", labels, key, value), ",") + } + gRPC := "" + if val, ok := os.LookupEnv("DISCOVERY_SERVICE"); ok { + gRPC = val + } else { + gRPC = "localhost:9089" + } + // create a client + conn, err := grpc.Dial(gRPC, grpc.WithTransportCredentials(insecure.NewCredentials())) + if err != nil { + return errors.New("could not connect to the server. Possible troubleshooting:\n- Check if discovery engine is running\n- Create a portforward to discovery engine service using\n\t\033[1mkubectl port-forward -n explorer service/knoxautopolicy --address 0.0.0.0 --address :: 9089:9089\033[0m\n[0m") + } + defer conn.Close() + client := opb.NewObservabilityClient(conn) + podData, err := client.GetPodNames(context.Background(), &opb.Request{ + Label: labels, + NameSpace: img.Namespace, + Aggregate: true, + }) + if err != nil { + return err + } + var resp *opb.Response + var sumResp []*opb.Response + for _, pod := range podData.PodName { + resp, err = client.Summary(context.Background(), &opb.Request{ + PodName: pod, + Label: labels, + NameSpace: img.Namespace, + Type: "file", + Aggregate: true, + }) + if err != nil { + return err + } + sumResp = append(sumResp, resp) + } + + ms := checkProcessFileData(sumResp, img.Distro) + if ms != nil { + img.writePolicyFile(*ms) + } + return nil +} + +func checkProcessFileData(sumResp []*opb.Response, distro string) *MatchSpec { + var filePaths pol.FileType + ref := Ref{ + Name: "MITRE Unsecured Credentials: Container API", + URL: []string{"https://attack.mitre.org/techniques/T1552/007/"}, + } + fromSourceArr := []pol.MatchSourceType{} + ms := MatchSpec{ + Name: "allow-serviceaccount-runtime", + Description: Description{ + Refs: []Ref{ref}, + Tldr: "Kubernetes serviceaccount folder access should be limited", + Detailed: "Adversaries may gather credentials via APIs within a containers environment. APIs in these environments, such as the Docker API and Kubernetes APIs, allow a user to remotely manage their container resources and cluster components. An adversary may access the Docker API to collect logs that contain credentials to cloud, container, and various other resources in the environment. An adversary with sufficient permissions, such as via a pod's service account, may also use the Kubernetes API to retrieve credentials from the Kubernetes API server. These credentials may include those needed for Docker API authentication or secrets from Kubernetes cluster components.", + }, + } + for _, eachResp := range sumResp { + for _, fileData := range eachResp.FileData { + if strings.HasPrefix(fileData.ProcName, saPath[0]) || strings.HasPrefix(fileData.ProcName, saPath[1]) { + fromSourceArr = append(fromSourceArr, pol.MatchSourceType{ + Path: pol.MatchPathType(fileData.ParentProcName), + }) + } + } + } + filePaths.MatchDirectories = append(filePaths.MatchDirectories, pol.FileDirectoryType{ + Directory: pol.MatchDirectoryType(saPath[0]), + FromSource: fromSourceArr, + Recursive: true, + }) + filePaths.MatchDirectories = append(filePaths.MatchDirectories, pol.FileDirectoryType{ + Directory: pol.MatchDirectoryType(saPath[1]), + FromSource: fromSourceArr, + Recursive: true, + }) + ms.Spec = pol.KubeArmorPolicySpec{ + Action: "Allow", + Message: "serviceaccount access detected", + Tags: []string{"KUBERNETES", "SERVICE ACCOUNT", "RUNTIME POLICY"}, + Severity: 1, + File: filePaths, + } + if len(fromSourceArr) < 1 { + ms.Spec.Action = "Block" + ms.Name = "block-serviceaccount-runtime" + ms.Spec.Message = "serviceaccount access blocked" + } + return &ms +} diff --git a/recommend/yaml/distro.yaml b/recommend/yaml/distro.yaml new file mode 100644 index 00000000..c99172b9 --- /dev/null +++ b/recommend/yaml/distro.yaml @@ -0,0 +1,10 @@ +distroRules: +- name: ubuntu + match: + - path: "/etc/dpkg/origins/ubuntu" +- name: debian + match: + - path: "/etc/dpkg/origins/debian" +- name: alpine + match: + - path: "/sbin/apk" \ No newline at end of file diff --git a/recommend/yaml/rules.yaml b/recommend/yaml/rules.yaml new file mode 100644 index 00000000..20edad8d --- /dev/null +++ b/recommend/yaml/rules.yaml @@ -0,0 +1,207 @@ +version: v0.0.1 +policyRules: +- name: cert-access + precondition: + - /etc/ssl/.* + description: + refs: + - name: MITRE-TTP + url: + - https://attack.mitre.org/techniques/T1553/ + tldr: Restrict access to trusted certificated bundles in the OS image + detailed: Operating systems maintain a list of trusted certificates (often called + trust bundles) in file system. These bundles decides which authorities are trusted. + Subverting these trust controls would essentially allow an adversary to operate + as a trusted entity. Adversaries may undermine security controls that will either + warn users of untrusted activity or prevent execution of untrusted programs. + Operating systems and security products may contain mechanisms to identify programs + or websites as possessing some level of trust. Examples of such features would + include a program being allowed to run because it is signed by a valid code + signing certificate, a program prompting the user with a warning because it + has an attribute set from being downloaded from the Internet, or getting an + indication that you are about to connect to an untrusted site. + spec: + severity: 2 + message: restrict access to certificate data + tags: + - PCI-DSS + - MITRE + action: Audit + file: + matchDirectories: + - dir: "/etc/ssl/" + recursive: true + - dir: "/etc/pki/" + recursive: true + - dir: "/usr/local/share/ca-certificates/" + recursive: true +- name: sys-bin-protect + precondition: + - /bin/.* + description: + refs: + - name: MITRE-TTP + url: + - https://attack.mitre.org/techniques/T1543/ + tldr: create or modify system-level processes for persistence of malicious payloads + detailed: Adversaries may create or modify system-level processes to repeatedly + execute malicious payloads as part of persistence. + spec: + severity: 1 + message: attempted access to system binaries + tags: + - CIS + - MITRE + action: Audit + file: + matchDirectories: + - dir: "/bin/" + - dir: "/usr/bin/" + - dir: "/usr/sbin/" + recursive: true +- name: password-protect + precondition: + - /etc/passwd + description: + refs: + - name: MITRE-TTP + url: + - https://attack.mitre.org/techniques/T1555/ + tldr: abuse common password storage locations to obtain user credentials + detailed: Adversaries may search for common password storage locations to obtain + user credentials. Passwords are stored in several places on a system, depending + on the operating system or application holding the credentials. + spec: + severity: 1 + message: attempted access to password files + tags: + - CIS + - MITRE + action: Audit + file: + matchPaths: + - path: "/etc/passwd" + - path: "/etc/shadow" +- name: scheduler-protect + precondition: + - /etc/crontab + description: + refs: + - name: MITRE-TTP + url: + - https://attack.mitre.org/techniques/T1053/ + tldr: abuse task scheduling functionality to facilitate initial or recurring execution + of malicious code + detailed: |- + Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. + Adversaries may use task scheduling to execute programs at system startup or on a scheduled basis for persistence. These mechanisms can also be abused to run a process under the context of a specified account (such as one with elevated permissions/privileges). + spec: + severity: 1 + message: attempted access to cronjob settings + tags: + - MITRE + action: Audit + file: + matchPaths: + - path: "/etc/crontab" + - path: "/etc/at.allow" + - path: "/etc/at.deny" +- name: maint-tool-access + precondition: + - /sbin/apk + description: + refs: + - name: MITRE-TTP + url: + - https://attack.mitre.org/techniques/T1553/ + tldr: Restrict access to maintenance tools (apk, mii-tool, ...) + detailed: Container images might contain maintenance tools which should ideally + never be used in prod env, or if used, should be used only in certain time frames. + Examples include, dynamic package management tools, mii-tool, iptables etc + spec: + severity: 1 + message: restricted maintenance tool access attempted + tags: + - PCI-DSS + - MITRE + action: Audit + file: + matchDirectories: + - dir: "/sbin/" + recursive: true +- name: shell-access + precondition: + - /bin/sh + description: + refs: + - name: MITRE-TTP + url: + - https://attack.mitre.org/techniques/T1059/ + tldr: abuse shell access and execute arbitrary commands, scripts, or binaries + detailed: Containers comes with some built-in shell and scripting capabilities. + Adversaries may attempt to use the shell to execute arbitrary commands. + spec: + severity: 1 + message: attempted access to shell + tags: + - MITRE + action: Audit + process: + matchPaths: + - path: "/bin/sh" + - path: "/bin/bash" + - path: "/bin/dash" + - path: "/bin/ksh" + - path: "/bin/zsh" + - path: "/bin/tcsh" + - path: "/bin/csh" +- name: ssh-access + precondition: + - /usr/bin/ssh + description: + refs: + - name: MITRE-TTP + url: + - https://attack.mitre.org/techniques/T1021/ + tldr: use ssh to gain access to host in the same network + detailed: To accomplish Lateral Movement, adversaries can use SSH to login into host in the same network. + spec: + severity: 1 + message: attempted access to SSH + tags: + - MITRE + action: Audit + process: + matchPaths: + - path: "/usr/bin/ssh" +- name: nist-ca-3-net-icmp-audit + precondition: + - /bin/busybox + description: + refs: + - name: NIST-CA-3 + url: + - https://csf.tools/reference/nist-sp-800-53/r5/ca/ca-3/ + tldr: Audit ICMP protocol + detailed: Approve and manage the exchange of information between the system and + other systems using Assignment (one or more) interconnection security agreements, + information exchange security agreements, memoranda of understanding or agreement, + service level agreements, user agreements, nondisclosure agreements, + [Assignment organization-defined type of agreement] Document, as part of + each exchange agreement, the interface characteristics, security and privacy + requirements, controls, and responsibilities for each system, and the impact level + of the information communicated; and Review and update the agreements + [Assignment organization-defined frequency]. + spec: + severity: 1 + message: Detected Network traffic using ICMP packets + tags: + - NIST + - NIST-800-CA-3 + - NETWORK + - System-Interconnections + action: Audit + network: + matchProtocol: + - protocol: "icmp" + \ No newline at end of file diff --git a/renovate.json b/renovate.json new file mode 100644 index 00000000..28a81ed2 --- /dev/null +++ b/renovate.json @@ -0,0 +1,11 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base" + ], + "constraints": { + "go": "1.18" + }, + "ignorePresets": [":prHourlyLimit2"], + "reviewers": ["team:maintainers"] +} diff --git a/rotatetls/rotate-tls.go b/rotatetls/rotate-tls.go new file mode 100644 index 00000000..86e3f016 --- /dev/null +++ b/rotatetls/rotate-tls.go @@ -0,0 +1,228 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +// Package rotatetls rotates webhook controller tls certificates +package rotatetls + +import ( + "context" + "fmt" + "strings" + "time" + + deployments "github.com/kubearmor/KubeArmor/deployments/get" + "github.com/kubearmor/kubearmor-client/install" + "github.com/kubearmor/kubearmor-client/k8s" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/rand" +) + +// RotateTLS - rotate TLS certs +func RotateTLS(c *k8s.Client, namespace string) error { + // verify if all needed component are present in the cluster + fmt.Print("Checking if all needed component are present ...\n") + if _, err := c.K8sClientset.AdmissionregistrationV1().MutatingWebhookConfigurations().Get(context.Background(), deployments.AnnotationsControllerServiceName, metav1.GetOptions{}); err != nil { + return err + } + + if _, err := c.K8sClientset.CoreV1().Services(namespace).Get(context.Background(), deployments.AnnotationsControllerServiceName, metav1.GetOptions{}); err != nil { + return err + } + + origdeploy, err := c.K8sClientset.AppsV1().Deployments(namespace).Get(context.Background(), deployments.AnnotationsControllerDeploymentName, metav1.GetOptions{}) + if err != nil { + return err + } + if _, err := c.K8sClientset.CoreV1().Secrets(namespace).Get(context.Background(), deployments.KubeArmorControllerSecretName, metav1.GetOptions{}); err != nil { + return nil + } + + fmt.Print("All needed component are present ...\n") + + fmt.Print("Generating temporary certificates ...\n") + suffix, err := getFreeRandSuffix(c, namespace) + if err != nil { + fmt.Print("Error generating random suffix ...\n") + return err + } + fmt.Print("Using suffix " + suffix + " for all new temorary resources ...\n") + + serviceName := deployments.AnnotationsControllerServiceName + "-" + suffix + caCert, tlsCrt, tlsKey, err := install.GeneratePki(namespace, serviceName) + if err != nil { + fmt.Print("Could'nt generate TLS secret ...\n") + return err + } + + fmt.Print("Installing temporary resources ...\n") + fmt.Print("KubeArmor Annotation Controller temporary TLS certificates ...\n") + secret := deployments.GetAnnotationsControllerTLSSecret(namespace, caCert.String(), tlsCrt.String(), tlsKey.String()) + secret.Name = secret.GetName() + "-" + suffix + if _, err := c.K8sClientset.CoreV1().Secrets(namespace).Create(context.Background(), secret, metav1.CreateOptions{}); err != nil { + fmt.Print("KubeArmor Annotation Controller TLS certificates with the same suffix exists ...\n") + return err + } + + fmt.Print("KubeArmor Annotation Controller temporary Deployment ...\n") + deploy := deployments.GetAnnotationsControllerDeployment(namespace) + deploy.Name = deploy.GetName() + "-" + suffix + for i, s := range deploy.Spec.Template.Spec.Volumes { + if s.Name == "cert" { + s.Secret.SecretName = secret.GetName() + deploy.Spec.Template.Spec.Volumes[i] = s + break + } + } + selectLabels := deploy.Spec.Selector.MatchLabels + selectLabels["kubearmor-app"] = suffix + deploy.Spec.Selector.MatchLabels = selectLabels + deploy.Spec.Replicas = origdeploy.Spec.Replicas + if _, err := c.K8sClientset.AppsV1().Deployments(namespace).Create(context.Background(), deploy, metav1.CreateOptions{}); err != nil { + fmt.Print("KubeArmor Annotation Controller Deployment with the same suffix exists ...\n") + return err + } + + fmt.Print("Waiting for the deployment to start, sleeping 15 seconds ...\n") + time.Sleep(15 * time.Second) + + fmt.Print("KubeArmor Annotation Controller temporary Service ...\n") + service := deployments.GetAnnotationsControllerService(namespace) + service.Name = serviceName + service.Spec.Selector = selectLabels + if _, err := c.K8sClientset.CoreV1().Services(namespace).Create(context.Background(), service, metav1.CreateOptions{}); err != nil { + fmt.Print("KubeArmor Annotation Controller Service with the same suffix exists ...\n") + return err + } + + fmt.Print("KubeArmor Annotation Controller temporary Mutation Admission Registration ...\n") + mutation := deployments.GetAnnotationsControllerMutationAdmissionConfiguration(namespace, caCert.Bytes()) + mutation.Name = mutation.Name + "-" + suffix + mutation.Webhooks[0].ClientConfig.Service.Name = service.GetName() + if _, err := c.K8sClientset.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.Background(), mutation, metav1.CreateOptions{}); err != nil { + fmt.Print("KubeArmor Annotation Controller Mutation Admission Registration with the same suffix exists ...\n") + return err + } + + fmt.Print("Temporarily removing the main mutation registation ...\n") + if err := c.K8sClientset.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.Background(), deployments.AnnotationsControllerServiceName, metav1.DeleteOptions{}); err != nil { + return err + } + + fmt.Print("Generating new certificates ...\n") + caCert, tlsCrt, tlsKey, err = install.GeneratePki(namespace, deployments.AnnotationsControllerServiceName) + if err != nil { + fmt.Print("Could'nt generate TLS secret ...\n") + return err + } + + fmt.Print("Updating the main TLS secret ...\n") + if _, err := c.K8sClientset.CoreV1().Secrets(namespace).Update(context.Background(), deployments.GetAnnotationsControllerTLSSecret(namespace, caCert.String(), tlsCrt.String(), tlsKey.String()), metav1.UpdateOptions{}); err != nil { + return err + } + + fmt.Print("Refreshing controller deployment ...\n") + replicas := int32(0) + origdeploy.Spec.Replicas = &replicas + if _, err := c.K8sClientset.AppsV1().Deployments(namespace).Update(context.Background(), origdeploy, metav1.UpdateOptions{}); err != nil { + return err + } + time.Sleep(10 * time.Second) + + origdeploy, err = c.K8sClientset.AppsV1().Deployments(namespace).Get(context.Background(), deployments.AnnotationsControllerDeploymentName, metav1.GetOptions{}) + if err != nil { + return err + } + origdeploy.Spec.Replicas = deploy.Spec.Replicas + if _, err := c.K8sClientset.AppsV1().Deployments(namespace).Update(context.Background(), origdeploy, metav1.UpdateOptions{}); err != nil { + return err + } + time.Sleep(10 * time.Second) + + fmt.Print("Restoring main mutation registation ... \n") + if _, err := c.K8sClientset.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.Background(), deployments.GetAnnotationsControllerMutationAdmissionConfiguration(namespace, caCert.Bytes()), metav1.CreateOptions{}); err != nil { + if !strings.Contains(err.Error(), "already exists") { + return err + } + fmt.Print("KubeArmor Annotation Controller Mutation Admission Registration already exists ...\n") + } + + fmt.Print("Deleting temprary ressources ...\n") + fmt.Print("Mutation Admission Registration ...\n") + if err := c.K8sClientset.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.Background(), mutation.Name, metav1.DeleteOptions{}); err != nil { + if !strings.Contains(err.Error(), "not found") { + return err + } + fmt.Print("Mutation Admission Registration not found ...\n") + } + + fmt.Print("KubeArmor Annotation Controller Service ...\n") + if err := c.K8sClientset.CoreV1().Services(namespace).Delete(context.Background(), service.Name, metav1.DeleteOptions{}); err != nil { + if !strings.Contains(err.Error(), "not found") { + return err + } + fmt.Print("KubeArmor Annotation Controller Service not found ...\n") + } + + fmt.Print("KubeArmor Annotation Controller Deployment ...\n") + if err := c.K8sClientset.AppsV1().Deployments(namespace).Delete(context.Background(), deploy.Name, metav1.DeleteOptions{}); err != nil { + if !strings.Contains(err.Error(), "not found") { + return err + } + fmt.Print("KubeArmor Annotation Controller Deployment not found ...\n") + } + + fmt.Print("KubeArmor Annotation Controller TLS certificates ...\n") + if err := c.K8sClientset.CoreV1().Secrets(namespace).Delete(context.Background(), secret.Name, metav1.DeleteOptions{}); err != nil { + if !strings.Contains(err.Error(), "not found") { + return err + } + fmt.Print("KubeArmor Annotation Controller TLS certificates not found ...\n") + } + + fmt.Print("Certificates were rotated ...\n") + return nil +} + +func getFreeRandSuffix(c *k8s.Client, namespace string) (suffix string, err error) { + var found bool + for { + suffix = rand.String(5) + found = false + if _, err = c.K8sClientset.AdmissionregistrationV1().MutatingWebhookConfigurations().Get(context.Background(), deployments.AnnotationsControllerServiceName+"-"+suffix, metav1.GetOptions{}); err != nil { + if !strings.Contains(err.Error(), "not found") { + return "", err + } + } else { + found = true + } + + if _, err = c.K8sClientset.CoreV1().Services(namespace).Get(context.Background(), deployments.AnnotationsControllerServiceName+"-"+suffix, metav1.GetOptions{}); err != nil { + if !strings.Contains(err.Error(), "not found") { + return "", err + } + } else { + found = true + } + + if _, err = c.K8sClientset.AppsV1().Deployments(namespace).Get(context.Background(), deployments.AnnotationsControllerDeploymentName+"-"+suffix, metav1.GetOptions{}); err != nil { + if !strings.Contains(err.Error(), "not found") { + return "", err + } + } else { + found = true + } + + if _, err = c.K8sClientset.CoreV1().Secrets(namespace).Get(context.Background(), deployments.KubeArmorControllerSecretName+"-"+suffix, metav1.GetOptions{}); err != nil { + if !strings.Contains(err.Error(), "not found") { + return "", err + } + } else { + found = true + } + + if !found { + break + } + } + return suffix, nil +} diff --git a/selfupdate/selfupdate.go b/selfupdate/selfupdate.go new file mode 100644 index 00000000..6c95671f --- /dev/null +++ b/selfupdate/selfupdate.go @@ -0,0 +1,121 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +// Package selfupdate exposes KubeArmor build details and provides interface to check and update the CLI itself +package selfupdate + +import ( + "bufio" + "errors" + "fmt" + "os" + "strings" + + "github.com/blang/semver" + "github.com/fatih/color" + "github.com/kubearmor/kubearmor-client/k8s" + "github.com/rhysd/go-github-selfupdate/selfupdate" +) + +// GitSummary for accuknox-cli git build +var GitSummary string + +// BuildDate for accuknox-cli git build +var BuildDate string + +const ghrepo = "kubearmor/kubearmor-client" + +func isValidVersion(ver string) bool { + _, err := semver.Make(ver) + return err == nil +} + +// ConfirmUserAction - returns true if user inputs `y` +func ConfirmUserAction(action string) bool { + fmt.Printf("%s (y/n): ", action) + input, err := bufio.NewReader(os.Stdin).ReadString('\n') + if err != nil || (input != "y\n" && input != "n\n") { + fmt.Println("Invalid input") + return false + } + if input == "n\n" { + return false + } + return true +} + +func getLatest() (*selfupdate.Release, error) { + latest, found, err := selfupdate.DetectLatest(ghrepo) + if err != nil { + fmt.Println("Error occurred while detecting version:", err) + return nil, err + } + if !found { + fmt.Println("could not find latest release details") + return nil, errors.New("could not find latest release") + } + return latest, nil +} + +// IsLatest - check if the current binary is the latest +func IsLatest(curver string) (bool, string) { + if curver != "" && !isValidVersion(curver) { + return true, "" + } + latest, err := getLatest() + if err != nil { + fmt.Println("failed getting latest info") + return true, "" + } + if curver != "" { + v := semver.MustParse(curver) + if latest.Version.LTE(v) { + fmt.Println("current version is the latest") + return true, "" + } + } + return false, latest.Version.String() +} + +func doSelfUpdate(curver string) error { + latest, err := getLatest() + if err != nil { + return err + } + if curver != "" { + v := semver.MustParse(curver) + if latest.Version.LTE(v) { + fmt.Println("current version is the latest") + return nil + } + } + + exe, err := os.Executable() + if err != nil { + fmt.Println("Could not locate executable path") + return errors.New("could not locate exec path") + } + fmt.Println("updating from " + latest.AssetURL) + if err := selfupdate.UpdateTo(latest.AssetURL, exe); err != nil { + if strings.Contains(err.Error(), "permission denied") { + color.Red("use [sudo karmor selfupdate]") + } + return err + } + fmt.Println("update successful.") + return nil +} + +// SelfUpdate handler for karmor cli tool +func SelfUpdate(c *k8s.Client) error { + var ver = GitSummary + fmt.Printf("current karmor version %s\n", ver) + if !isValidVersion(ver) { + fmt.Println("version does not match the pattern. Maybe using a locally built karmor!") + if !ConfirmUserAction("Do you want to update it?") { + return nil + } + return doSelfUpdate("") + } + return doSelfUpdate(ver) +} diff --git a/summary/summary.go b/summary/summary.go new file mode 100644 index 00000000..b0efd415 --- /dev/null +++ b/summary/summary.go @@ -0,0 +1,101 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +// Package summary shows observability data from discovery engine +package summary + +import ( + "context" + "errors" + "os" + + opb "github.com/accuknox/auto-policy-discovery/src/protobuf/v1/observability" + + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" +) + +// DefaultReqType : default option for request type +var DefaultReqType = "process,file,network" + +// Options Structure +type Options struct { + GRPC string + Labels string + Namespace string + PodName string + ClusterName string + ContainerName string + Type string + RevDNSLookup bool + Aggregation bool +} + +// Summary : Get summary on pods +func Summary(o Options) error { + gRPC := "" + + if o.GRPC != "" { + gRPC = o.GRPC + } else { + if val, ok := os.LookupEnv("DISCOVERY_SERVICE"); ok { + gRPC = val + } else { + gRPC = "localhost:9089" + } + } + + data := &opb.Request{ + Label: o.Labels, + NameSpace: o.Namespace, + PodName: o.PodName, + ClusterName: o.ClusterName, + ContainerName: o.ContainerName, + Aggregate: o.Aggregation, + } + + // create a client + conn, err := grpc.Dial(gRPC, grpc.WithTransportCredentials(insecure.NewCredentials())) + if err != nil { + return errors.New("could not connect to the server. Possible troubleshooting:\n- Check if discovery engine is running\n- Create a portforward to discovery engine service using\n\t\033[1mkubectl port-forward -n explorer service/knoxautopolicy --address 0.0.0.0 --address :: 9089:9089\033[0m\n[0m") + } + defer conn.Close() + + client := opb.NewObservabilityClient(conn) + + if data.PodName != "" { + sumResp, err := client.Summary(context.Background(), &opb.Request{ + PodName: data.PodName, + Type: o.Type, + Aggregate: o.Aggregation, + }) + if err != nil { + return err + } + DisplaySummaryOutput(sumResp, o.RevDNSLookup, o.Type) + + } else { + //Fetch Summary Logs + podNameResp, err := client.GetPodNames(context.Background(), data) + if err != nil { + return err + } + + for _, podname := range podNameResp.PodName { + if podname == "" { + continue + } + sumResp, err := client.Summary(context.Background(), &opb.Request{ + PodName: podname, + Type: o.Type, + Aggregate: o.Aggregation, + }) + if err != nil { + return err + } + DisplaySummaryOutput(sumResp, o.RevDNSLookup, o.Type) + + } + } + return nil +} diff --git a/summary/table.go b/summary/table.go new file mode 100644 index 00000000..c858f220 --- /dev/null +++ b/summary/table.go @@ -0,0 +1,164 @@ +package summary + +import ( + "fmt" + "net" + "os" + "strings" + + opb "github.com/accuknox/auto-policy-discovery/src/protobuf/v1/observability" + + "github.com/olekukonko/tablewriter" +) + +var ( + // SysProcHeader variable contains source process, destination process path, count, timestamp and status + SysProcHeader = []string{"Src Process", "Destination Process Path", "Count", "Last Updated Time", "Status"} + // SysFileHeader variable contains source process, destination file path, count, timestamp and status + SysFileHeader = []string{"Src Process", "Destination File Path", "Count", "Last Updated Time", "Status"} + // SysNwHeader variable contains protocol, command, POD/SVC/IP, Port, Namespace, and Labels + SysNwHeader = []string{"Protocol", "Command", "POD/SVC/IP", "Port", "Namespace", "Labels", "Count", "Last Updated Time"} +) + +// DisplaySummaryOutput function +func DisplaySummaryOutput(resp *opb.Response, revDNSLookup bool, requestType string) { + + if len(resp.ProcessData) <= 0 && len(resp.FileData) <= 0 && len(resp.InNwData) <= 0 && len(resp.OutNwData) <= 0 { + return + } + + writePodInfoToTable(resp.PodName, resp.Namespace, resp.ClusterName, resp.ContainerName, resp.Label) + + if strings.Contains(requestType, "process") { + if len(resp.ProcessData) > 0 { + procRowData := [][]string{} + // Display process data + fmt.Printf("\nProcess Data\n") + for _, procData := range resp.ProcessData { + procStrSlice := []string{} + procStrSlice = append(procStrSlice, procData.ParentProcName) + procStrSlice = append(procStrSlice, procData.ProcName) + procStrSlice = append(procStrSlice, procData.Count) + procStrSlice = append(procStrSlice, procData.UpdatedTime) + procStrSlice = append(procStrSlice, procData.Status) + procRowData = append(procRowData, procStrSlice) + } + WriteTable(SysProcHeader, procRowData) + fmt.Printf("\n") + } + } + + if strings.Contains(requestType, "file") { + if len(resp.FileData) > 0 { + fmt.Printf("\nFile Data\n") + // Display file data + fileRowData := [][]string{} + for _, fileData := range resp.FileData { + fileStrSlice := []string{} + fileStrSlice = append(fileStrSlice, fileData.ParentProcName) + fileStrSlice = append(fileStrSlice, fileData.ProcName) + fileStrSlice = append(fileStrSlice, fileData.Count) + fileStrSlice = append(fileStrSlice, fileData.UpdatedTime) + fileStrSlice = append(fileStrSlice, fileData.Status) + fileRowData = append(fileRowData, fileStrSlice) + } + WriteTable(SysFileHeader, fileRowData) + fmt.Printf("\n") + } + } + + if strings.Contains(requestType, "network") { + if len(resp.InNwData) > 0 { + fmt.Printf("\nIngress connections\n") + // Display server conn data + inNwRowData := [][]string{} + for _, inNwData := range resp.InNwData { + inNwStrSlice := []string{} + domainName := dnsLookup(inNwData.IP, revDNSLookup) + inNwStrSlice = append(inNwStrSlice, inNwData.Protocol) + inNwStrSlice = append(inNwStrSlice, inNwData.Command) + inNwStrSlice = append(inNwStrSlice, domainName) + inNwStrSlice = append(inNwStrSlice, inNwData.Port) + inNwStrSlice = append(inNwStrSlice, inNwData.Namespace) + inNwStrSlice = append(inNwStrSlice, inNwData.Labels) + inNwStrSlice = append(inNwStrSlice, inNwData.Count) + inNwStrSlice = append(inNwStrSlice, inNwData.UpdatedTime) + inNwRowData = append(inNwRowData, inNwStrSlice) + } + WriteTable(SysNwHeader, inNwRowData) + fmt.Printf("\n") + } + + if len(resp.OutNwData) > 0 { + fmt.Printf("\nEgress connections\n") + // Display server conn data + outNwRowData := [][]string{} + for _, outNwData := range resp.OutNwData { + outNwStrSlice := []string{} + domainName := dnsLookup(outNwData.IP, revDNSLookup) + outNwStrSlice = append(outNwStrSlice, outNwData.Protocol) + outNwStrSlice = append(outNwStrSlice, outNwData.Command) + outNwStrSlice = append(outNwStrSlice, domainName) + outNwStrSlice = append(outNwStrSlice, outNwData.Port) + outNwStrSlice = append(outNwStrSlice, outNwData.Namespace) + outNwStrSlice = append(outNwStrSlice, outNwData.Labels) + outNwStrSlice = append(outNwStrSlice, outNwData.Count) + outNwStrSlice = append(outNwStrSlice, outNwData.UpdatedTime) + outNwRowData = append(outNwRowData, outNwStrSlice) + } + WriteTable(SysNwHeader, outNwRowData) + fmt.Printf("\n") + } + } +} + +func dnsLookup(ip string, revDNSLookup bool) string { + if revDNSLookup { + if strings.Contains(ip, "svc") || strings.Contains(ip, "pod") { + return ip + } + dns, err := net.LookupAddr(ip) + if err != nil { + return ip + } + if dns[0] != "" { + return dns[0] + } + } + return ip +} + +// WriteTable function +func WriteTable(header []string, data [][]string) { + table := tablewriter.NewWriter(os.Stdout) + table.SetHeader(header) + table.SetAlignment(tablewriter.ALIGN_LEFT) + for _, v := range data { + table.Append(v) + } + table.Render() +} + +func writePodInfoToTable(podname, namespace, clustername, containername, labels string) { + + fmt.Printf("\n") + + podinfo := [][]string{ + {"Pod Name", podname}, + {"Namespace Name", namespace}, + {"Cluster Name", clustername}, + {"Container Name", containername}, + {"Labels", labels}, + } + table := tablewriter.NewWriter(os.Stdout) + table.SetBorder(false) + table.SetTablePadding("\t") + table.SetCenterSeparator("") + table.SetColumnSeparator("") + table.SetRowSeparator("") + table.SetAlignment(tablewriter.ALIGN_LEFT) + for _, v := range podinfo { + table.Append(v) + } + table.Render() +} diff --git a/sysdump/sysdump.go b/sysdump/sysdump.go index 6e078a33..18af4cc8 100644 --- a/sysdump/sysdump.go +++ b/sysdump/sysdump.go @@ -1,6 +1,7 @@ // SPDX-License-Identifier: Apache-2.0 // Copyright 2021 Authors of KubeArmor +// Package sysdump collects and dumps information for troubleshooting KubeArmor package sysdump import ( @@ -10,6 +11,7 @@ import ( "io" "os" "path" + "strings" "time" "golang.org/x/sync/errgroup" @@ -25,8 +27,13 @@ import ( "github.com/mholt/archiver/v3" ) +// Options options for sysdump +type Options struct { + Filename string +} + // Collect Function -func Collect(c *k8s.Client) error { +func Collect(c *k8s.Client, o Options) error { var errs errgroup.Group d, err := os.MkdirTemp("", "karmor-sysdump") @@ -62,7 +69,8 @@ func Collect(c *k8s.Client) error { errs.Go(func() error { v, err := c.K8sClientset.AppsV1().DaemonSets("kube-system").Get(context.Background(), "kubearmor", metav1.GetOptions{}) if err != nil { - return err + fmt.Printf("kubearmor daemonset not found. (possible if kubearmor is running in process mode)\n") + return nil } if err := writeYaml(path.Join(d, "kubearmor-daemonset.yaml"), v); err != nil { return err @@ -74,7 +82,8 @@ func Collect(c *k8s.Client) error { errs.Go(func() error { v, err := c.KSPClientset.KubeArmorPolicies("").List(context.Background(), metav1.ListOptions{}) if err != nil { - return err + fmt.Printf("kubearmor CRD not found!\n") + return nil } if err := writeYaml(path.Join(d, "ksp.yaml"), v); err != nil { return err @@ -88,15 +97,18 @@ func Collect(c *k8s.Client) error { LabelSelector: "kubearmor-app=kubearmor", }) if err != nil { - return err + fmt.Printf("kubearmor pod not found. (possible if kubearmor is running in process mode)\n") + return nil } for _, p := range pods.Items { // KubeArmor Logs + fmt.Printf("getting logs from %s\n", p.Name) v := c.K8sClientset.CoreV1().Pods("kube-system").GetLogs(p.Name, &corev1.PodLogOptions{}) s, err := v.Stream(context.Background()) if err != nil { - return err + fmt.Printf("failed getting logs from pod=%s err=%s\n", p.Name, err) + continue } defer s.Close() var logs bytes.Buffer @@ -135,21 +147,19 @@ func Collect(c *k8s.Client) error { return err } for _, p := range pods.Items { - if p.Annotations["kubearmor-policy"] == "enabled" { - v, err := c.K8sClientset.CoreV1().Pods(p.Namespace).Get(context.Background(), p.Name, metav1.GetOptions{}) - if err != nil { - return err - } - if err := writeYaml(path.Join(d, p.Namespace+"-pod-"+p.Name+".yaml"), v); err != nil { - return err - } - e, err := c.K8sClientset.CoreV1().Events(p.Namespace).Search(scheme.Scheme, v) - if err != nil { - return err - } - if err := writeYaml(path.Join(d, p.Namespace+"-pod-events-"+p.Name+".yaml"), e); err != nil { - return err - } + v, err := c.K8sClientset.CoreV1().Pods(p.Namespace).Get(context.Background(), p.Name, metav1.GetOptions{}) + if err != nil { + return err + } + if err := writeYaml(path.Join(d, p.Namespace+"-pod-"+p.Name+".yaml"), v); err != nil { + return err + } + e, err := c.K8sClientset.CoreV1().Events(p.Namespace).Search(scheme.Scheme, v) + if err != nil { + return err + } + if err := writeYaml(path.Join(d, p.Namespace+"-pod-events-"+p.Name+".yaml"), e); err != nil { + return err } } return nil @@ -157,7 +167,7 @@ func Collect(c *k8s.Client) error { // AppArmor Gzip errs.Go(func() error { - if err := copyFromPod("/etc/apparmor.d", path.Join(d, "apparmor.tar.gz"), c); err != nil { + if err := copyFromPod("/etc/apparmor.d", d, c); err != nil { return err } return nil @@ -174,7 +184,12 @@ func Collect(c *k8s.Client) error { return dumpError } - sysdumpFile := "karmor-sysdump-" + time.Now().Format(time.UnixDate) + ".zip" + sysdumpFile := "" + if o.Filename == "" { + sysdumpFile = "karmor-sysdump-" + strings.Replace(time.Now().Format(time.UnixDate), ":", "_", -1) + ".zip" + } else { + sysdumpFile = o.Filename + } if err := archiver.Archive([]string{d}, sysdumpFile); err != nil { return fmt.Errorf("failed to create zip file: %w", err) @@ -210,48 +225,52 @@ func writeYaml(p string, o runtime.Object) error { return writeToFile(p, b.String()) } -func copyFromPod(srcPath string, destPath string, c *k8s.Client) error { +func copyFromPod(srcPath string, d string, c *k8s.Client) error { pods, err := c.K8sClientset.CoreV1().Pods("kube-system").List(context.Background(), metav1.ListOptions{ LabelSelector: "kubearmor-app=kubearmor", }) if err != nil { - return err - } - reader, outStream := io.Pipe() - cmdArr := []string{"tar", "cf", "-", srcPath} - req := c.K8sClientset.CoreV1().RESTClient(). - Get(). - Namespace("kube-system"). - Resource("pods"). - Name(pods.Items[0].Name). - SubResource("exec"). - VersionedParams(&corev1.PodExecOptions{ - Container: pods.Items[0].Spec.Containers[0].Name, - Command: cmdArr, - Stdin: true, - Stdout: true, - Stderr: true, - TTY: false, - }, scheme.ParameterCodec) - exec, err := remotecommand.NewSPDYExecutor(c.Config, "POST", req.URL()) - if err != nil { - return err - } - go func() { - defer outStream.Close() - err = exec.Stream(remotecommand.StreamOptions{ - Stdin: os.Stdin, - Stdout: outStream, - Stderr: os.Stderr, - Tty: false, - }) - }() - buf, err := io.ReadAll(reader) - if err != nil { - return err + fmt.Printf("kubearmor not deployed in pod mode\n") + return nil } - if err := os.WriteFile(destPath, buf, 0600); err != nil { - return err + for _, pod := range pods.Items { + destPath := path.Join(d, fmt.Sprintf("%s_apparmor.tar.gz", pod.Name)) + reader, outStream := io.Pipe() + cmdArr := []string{"tar", "cf", "-", srcPath} + req := c.K8sClientset.CoreV1().RESTClient(). + Get(). + Namespace("kube-system"). + Resource("pods"). + Name(pod.Name). + SubResource("exec"). + VersionedParams(&corev1.PodExecOptions{ + Container: pods.Items[0].Spec.Containers[0].Name, + Command: cmdArr, + Stdin: true, + Stdout: true, + Stderr: true, + TTY: false, + }, scheme.ParameterCodec) + exec, err := remotecommand.NewSPDYExecutor(c.Config, "POST", req.URL()) + if err != nil { + return err + } + go func() { + defer outStream.Close() + err = exec.Stream(remotecommand.StreamOptions{ + Stdin: os.Stdin, + Stdout: outStream, + Stderr: os.Stderr, + Tty: false, + }) + }() + buf, err := io.ReadAll(reader) + if err != nil { + return err + } + if err := os.WriteFile(destPath, buf, 0600); err != nil { + return err + } } return nil } diff --git a/version/version.go b/version/version.go index 69f0dc67..72ab76ee 100644 --- a/version/version.go +++ b/version/version.go @@ -1,6 +1,7 @@ // SPDX-License-Identifier: Apache-2.0 // Copyright 2021 Authors of KubeArmor +// Package version checks the current CLI version and if there's a need to update it package version import ( @@ -8,19 +9,20 @@ import ( "fmt" "runtime" + "github.com/fatih/color" "github.com/kubearmor/kubearmor-client/k8s" + "github.com/kubearmor/kubearmor-client/selfupdate" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -// GitSummary for karmor git build -var GitSummary string - -// BuildDate for karmor git build -var BuildDate string - // PrintVersion handler for karmor version func PrintVersion(c *k8s.Client) error { - fmt.Printf("karmor version %s %s/%s BuildDate=%s\n", GitSummary, runtime.GOOS, runtime.GOARCH, BuildDate) + fmt.Printf("karmor version %s %s/%s BuildDate=%s\n", selfupdate.GitSummary, runtime.GOOS, runtime.GOARCH, selfupdate.BuildDate) + latest, latestVer := selfupdate.IsLatest(selfupdate.GitSummary) + if !latest { + color.HiMagenta("update available version " + latestVer) + color.HiMagenta("use [karmor selfupdate] to update to latest") + } kubearmorVersion, err := getKubeArmorVersion(c) if err != nil { return nil diff --git a/vm/cilium.go b/vm/cilium.go index d2c31705..79ec360e 100644 --- a/vm/cilium.go +++ b/vm/cilium.go @@ -1,3 +1,6 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + package vm import ( diff --git a/vm/label.go b/vm/label.go index 1cfbd74e..d58bd06d 100644 --- a/vm/label.go +++ b/vm/label.go @@ -1,3 +1,6 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + package vm import ( @@ -81,10 +84,9 @@ func LabelHandling(t string, o LabelOptions, address string, isKvmsEnv bool) err if t == "LIST" { if string(respBody) == "" { return fmt.Errorf("failed to get label list") - } else { - fmt.Printf("The label list for %s is %s\n", o.VMName, string(respBody)) - return nil } + fmt.Printf("The label list for %s is %s\n", o.VMName, string(respBody)) + return nil } fmt.Println("Success") diff --git a/vm/onboarding.go b/vm/onboarding.go index 8270186d..f4bb8463 100644 --- a/vm/onboarding.go +++ b/vm/onboarding.go @@ -1,3 +1,6 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + package vm import ( @@ -8,6 +11,8 @@ import ( "net/http" "os" "path/filepath" + "strconv" + "strings" "time" tp "github.com/kubearmor/KVMService/src/types" @@ -43,6 +48,7 @@ func postHTTPRequest(eventData []byte, vmAction string, address string) (string, // List - Lists all configured VMs func List(address string) error { + var endpoints []tp.KVMSEndpoint vmlist, err := postHTTPRequest(nil, "vmlist", address) if err != nil { @@ -50,17 +56,30 @@ func List(address string) error { return err } - if vmlist == "" { + err = json.Unmarshal([]byte(vmlist), &endpoints) + if err != nil { + fmt.Println("Failed to parse vm list") + return err + } + + if len(endpoints) == 0 { fmt.Println("No VMs configured") } else { - fmt.Printf("List of configured vms are : %s\n", vmlist) + fmt.Println("-------------------------------------------") + fmt.Printf(" %-3s| %-15s| %-10s| %s\n", "", "VM Name", "Identity", "Labels") + fmt.Println("-------------------------------------------") + for idx, vm := range endpoints { + fmt.Printf(" %-3s| %-15s| %-10s| %s\n", strconv.Itoa(idx+1), + vm.VMName, strconv.Itoa(int(vm.Identity)), strings.Join(vm.Labels, "; ")) + } } return nil } +// Onboarding - onboards a vm func Onboarding(eventType string, path string, address string) error { - var vm tp.K8sKubeArmorExternalWorkloadPolicy + var vm tp.KubeArmorVirtualMachinePolicy vmFile, err := os.ReadFile(filepath.Clean(path)) if err != nil { @@ -72,7 +91,7 @@ func Onboarding(eventType string, path string, address string) error { return err } - vmEvent := tp.K8sKubeArmorExternalWorkloadPolicyEvent{ + vmEvent := tp.KubeArmorVirtualMachinePolicyEvent{ Type: eventType, Object: vm, } diff --git a/vm/policy.go b/vm/policy.go index 730785be..856064e1 100644 --- a/vm/policy.go +++ b/vm/policy.go @@ -11,6 +11,8 @@ import ( "net/http" "os" "path/filepath" + "regexp" + "strings" "time" v2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2" @@ -22,10 +24,14 @@ import ( ) const ( + // KubeArmorPolicy is the Kind used for KubeArmor container policies + KubeArmorPolicy = "KubeArmorPolicy" // KubeArmorHostPolicy is the Kind used for KubeArmor host policies KubeArmorHostPolicy = "KubeArmorHostPolicy" // CiliumNetworkPolicy is the Kind used for Cilium network policies CiliumNetworkPolicy = "CiliumNetworkPolicy" + // CiliumClusterwideNetworkPolicy is the Kind used for Cilium network policies + CiliumClusterwideNetworkPolicy = "CiliumClusterwideNetworkPolicy" ) // PolicyOptions are optional configuration for kArmor vm policy @@ -33,7 +39,7 @@ type PolicyOptions struct { GRPC string } -func sendPolicyOverGRPC(o PolicyOptions, policyEventData []byte) error { +func sendPolicyOverGRPC(o PolicyOptions, policyEventData []byte, kind string) error { gRPC := "" if o.GRPC != "" { @@ -57,11 +63,17 @@ func sendPolicyOverGRPC(o PolicyOptions, policyEventData []byte) error { Policy: policyEventData, } - resp, err := client.HostPolicy(context.Background(), &req) - if err != nil || resp.Status != 1 { - return fmt.Errorf("failed to send policy") + if kind == KubeArmorHostPolicy { + resp, err := client.HostPolicy(context.Background(), &req) + if err != nil || resp.Status != 1 { + return fmt.Errorf("failed to send policy") + } + } else { + resp, err := client.ContainerPolicy(context.Background(), &req) + if err != nil || resp.Status != 1 { + return fmt.Errorf("failed to send policy") + } } - fmt.Println("Success") return nil } @@ -107,59 +119,84 @@ func PolicyHandling(t string, path string, o PolicyOptions, httpAddress string, return err } - js, err := yaml.YAMLToJSON(policyFile) - if err != nil { - return err - } + policies := strings.Split(string(policyFile), "---") - err = json.Unmarshal(js, &k) - if err != nil { - return err - } + for _, policy := range policies { - var hostPolicy tp.K8sKubeArmorHostPolicy - var networkPolicy v2.CiliumNetworkPolicy - var policyEvent interface{} + if matched, _ := regexp.MatchString("^\\s*$", policy); matched { + continue + } - if k.Kind == KubeArmorHostPolicy { - err = json.Unmarshal(js, &hostPolicy) + js, err := yaml.YAMLToJSON([]byte(policy)) if err != nil { return err } - policyEvent = tp.K8sKubeArmorHostPolicyEvent{ - Type: t, - Object: hostPolicy, - } - - } else if k.Kind == CiliumNetworkPolicy { - err = json.Unmarshal(js, &networkPolicy) + err = json.Unmarshal(js, &k) if err != nil { return err } - policyEvent = NetworkPolicyRequest{ - Type: t, - Object: networkPolicy, - } - - } + var containerPolicy tp.K8sKubeArmorPolicy + var hostPolicy tp.K8sKubeArmorHostPolicy + var networkPolicy v2.CiliumNetworkPolicy + var policyEvent interface{} + + if k.Kind == KubeArmorHostPolicy { + err = json.Unmarshal(js, &hostPolicy) + if err != nil { + return err + } + + policyEvent = tp.K8sKubeArmorHostPolicyEvent{ + Type: t, + Object: hostPolicy, + } + + } else if k.Kind == KubeArmorPolicy { + err = json.Unmarshal(js, &containerPolicy) + if err != nil { + return err + } + + policyEvent = tp.K8sKubeArmorPolicyEvent{ + Type: t, + Object: containerPolicy, + } + + } else if k.Kind == CiliumNetworkPolicy || k.Kind == CiliumClusterwideNetworkPolicy { + err = json.Unmarshal(js, &networkPolicy) + if err != nil { + return err + } + + if networkPolicy.Spec == nil { + continue + } + + policyEvent = NetworkPolicyRequest{ + Type: t, + Object: networkPolicy, + } - policyEventData, err := json.Marshal(policyEvent) - if err != nil { - return err - } + } - if isKvmsEnv { - // Non-K8s control plane with kvmservice, hence send policy over HTTP - if err = sendPolicyOverHTTP(httpAddress, k.Kind, policyEventData); err != nil { + policyEventData, err := json.Marshal(policyEvent) + if err != nil { return err } - } else { - // Systemd mode, hence send policy over gRPC - if err = sendPolicyOverGRPC(o, policyEventData); err != nil { - return err + if isKvmsEnv { + // Non-K8s control plane with kvmservice, hence send policy over HTTP + if err = sendPolicyOverHTTP(httpAddress, k.Kind, policyEventData); err != nil { + return err + } + } else { + // Systemd mode, hence send policy over gRPC + if err = sendPolicyOverGRPC(o, policyEventData, k.Kind); err != nil { + return err + + } } } diff --git a/vm/vm.go b/vm/vm.go new file mode 100644 index 00000000..2bf884b7 --- /dev/null +++ b/vm/vm.go @@ -0,0 +1,5 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright 2022 Authors of KubeArmor + +// Package vm contains interfaces to setup or communicate with KubeArmor running in either systemd mode or with KVM Service +package vm
{{.Name}}