From e3d3fa9ef26ab3529af9bd5211cd234cc307e4ff Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Wed, 5 Feb 2025 09:23:22 +0000 Subject: [PATCH 01/93] Upgrading trivy from 0.59.0 to 0.59.1 Signed-off-by: secureCodeBoxBot --- scanners/trivy/Chart.yaml | 2 +- scanners/trivy/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scanners/trivy/Chart.yaml b/scanners/trivy/Chart.yaml index 323ff8f9c1..261b2d528b 100644 --- a/scanners/trivy/Chart.yaml +++ b/scanners/trivy/Chart.yaml @@ -8,7 +8,7 @@ description: A Helm chart for the trivy security scanner that integrates with th type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v3.1.0-alpha1 -appVersion: "0.59.0" +appVersion: "0.59.1" kubeVersion: ">=v1.11.0-0" annotations: versionApi: https://api.github.com/repos/aquasecurity/trivy/releases/latest diff --git a/scanners/trivy/README.md b/scanners/trivy/README.md index 842df9dd22..c1a431fda1 100644 --- a/scanners/trivy/README.md +++ b/scanners/trivy/README.md @@ -3,7 +3,7 @@ title: "Trivy" category: "scanner" type: "Container" state: "released" -appVersion: "0.59.0" +appVersion: "0.59.1" usecase: "Container Vulnerability Scanner" --- From 650ceb2b30f2ffd78f59203440c0a37c4def4329 Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Wed, 5 Feb 2025 09:23:21 +0000 Subject: [PATCH 02/93] Upgrading trivy-sbom from 0.59.0 to 0.59.1 Signed-off-by: secureCodeBoxBot --- scanners/trivy-sbom/Chart.yaml | 2 +- scanners/trivy-sbom/README.md | 2 +- scanners/trivy-sbom/docs/README.DockerHub-Parser.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/trivy-sbom/Chart.yaml b/scanners/trivy-sbom/Chart.yaml index 0795129b7b..00f38ddd2f 100644 --- a/scanners/trivy-sbom/Chart.yaml +++ b/scanners/trivy-sbom/Chart.yaml @@ -8,7 +8,7 @@ description: A Helm chart for the trivy-sbom security scanner that integrates wi type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v3.1.0-alpha1 -appVersion: "0.59.0" +appVersion: "0.59.1" kubeVersion: ">=v1.11.0-0" annotations: versionApi: https://api.github.com/repos/aquasecurity/trivy/releases/latest diff --git a/scanners/trivy-sbom/README.md b/scanners/trivy-sbom/README.md index 94093f15d4..ed68986e9f 100644 --- a/scanners/trivy-sbom/README.md +++ b/scanners/trivy-sbom/README.md @@ -3,7 +3,7 @@ title: "Trivy SBOM" category: "scanner" type: "Container" state: "released" -appVersion: "0.59.0" +appVersion: "0.59.1" usecase: "Container Dependency Scanner" --- diff --git a/scanners/trivy-sbom/docs/README.DockerHub-Parser.md b/scanners/trivy-sbom/docs/README.DockerHub-Parser.md index 75457d4005..70d3c2099e 100644 --- a/scanners/trivy-sbom/docs/README.DockerHub-Parser.md +++ b/scanners/trivy-sbom/docs/README.DockerHub-Parser.md @@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht ## Supported Tags - `latest` (represents the latest stable release build) -- tagged releases, e.g. `0.59.0` +- tagged releases, e.g. `0.59.1` ## How to use this image This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/scanners/trivy-sbom. From 17a7b640bc5e2a32c714ccf6790dca7b6d416de5 Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Wed, 5 Feb 2025 09:23:26 +0000 Subject: [PATCH 03/93] Upgrading semgrep from 1.106.0 to 1.107.0 Signed-off-by: secureCodeBoxBot --- scanners/semgrep/Chart.yaml | 2 +- scanners/semgrep/README.md | 2 +- scanners/semgrep/docs/README.DockerHub-Parser.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/semgrep/Chart.yaml b/scanners/semgrep/Chart.yaml index 2f242d8c95..5eb6d9332b 100644 --- a/scanners/semgrep/Chart.yaml +++ b/scanners/semgrep/Chart.yaml @@ -22,7 +22,7 @@ version: "v3.1.0-alpha1" # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.106.0" +appVersion: "1.107.0" annotations: versionApi: https://api.github.com/repos/semgrep/semgrep/releases/latest supported-platforms: linux/amd64,linux/arm64 diff --git a/scanners/semgrep/README.md b/scanners/semgrep/README.md index e67979e50c..ef1e3d2866 100644 --- a/scanners/semgrep/README.md +++ b/scanners/semgrep/README.md @@ -3,7 +3,7 @@ title: "Semgrep" category: "scanner" type: "Repository" state: "released" -appVersion: "1.106.0" +appVersion: "1.107.0" usecase: "Static Code Analysis" --- diff --git a/scanners/semgrep/docs/README.DockerHub-Parser.md b/scanners/semgrep/docs/README.DockerHub-Parser.md index a9e86066b0..74f0cc31dd 100644 --- a/scanners/semgrep/docs/README.DockerHub-Parser.md +++ b/scanners/semgrep/docs/README.DockerHub-Parser.md @@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht ## Supported Tags - `latest` (represents the latest stable release build) -- tagged releases, e.g. `1.106.0` +- tagged releases, e.g. `1.107.0` ## How to use this image This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/scanners/semgrep. From 8ff93b007866a89f495dbc6167a6cb97a30b05dc Mon Sep 17 00:00:00 2001 From: Sven Schliesing Date: Fri, 31 Jan 2025 14:41:15 +0100 Subject: [PATCH 04/93] Fix containerPort in Deployment Signed-off-by: Sven Schliesing --- demo-targets/http-webhook/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demo-targets/http-webhook/templates/deployment.yaml b/demo-targets/http-webhook/templates/deployment.yaml index e5cd034f17..120af929fe 100644 --- a/demo-targets/http-webhook/templates/deployment.yaml +++ b/demo-targets/http-webhook/templates/deployment.yaml @@ -47,7 +47,7 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http - containerPort: 80 + containerPort: 8080 protocol: TCP resources: {{- toYaml .Values.resources | nindent 12 }} From 2c9572c468cc27e764bca1fab3ec88f2dc1f7f8b Mon Sep 17 00:00:00 2001 From: Sven Schliesing Date: Fri, 31 Jan 2025 14:41:27 +0100 Subject: [PATCH 05/93] Fix Ingress serviceName and servicePort were removed and pathType is required in 1.22: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingress-v122 Signed-off-by: Sven Schliesing --- demo-targets/http-webhook/templates/ingress.yaml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/demo-targets/http-webhook/templates/ingress.yaml b/demo-targets/http-webhook/templates/ingress.yaml index 4bf8ebd334..737e7bba44 100644 --- a/demo-targets/http-webhook/templates/ingress.yaml +++ b/demo-targets/http-webhook/templates/ingress.yaml @@ -5,11 +5,7 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "http-webhook.fullname" . -}} {{- $svcPort := .Values.service.port -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} @@ -37,9 +33,12 @@ spec: paths: {{- range .paths }} - path: {{ . }} + pathType: Prefix backend: - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} + service: + name: {{ $fullName }} + port: + name: http {{- end }} {{- end }} {{- end }} From 1644a4f15a1c9f8029f7736245949549eb18537a Mon Sep 17 00:00:00 2001 From: Sven Schliesing Date: Fri, 31 Jan 2025 14:41:37 +0100 Subject: [PATCH 06/93] Preserve empty lines Otherwise it would break the yaml: --- # SPDX-License-Identifier: Apache-2.0apiVersion: networking.k8s.io/v1 kind: Ingress --- Signed-off-by: Sven Schliesing --- demo-targets/http-webhook/templates/ingress.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demo-targets/http-webhook/templates/ingress.yaml b/demo-targets/http-webhook/templates/ingress.yaml index 737e7bba44..8f9a6a0be8 100644 --- a/demo-targets/http-webhook/templates/ingress.yaml +++ b/demo-targets/http-webhook/templates/ingress.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -{{- if .Values.ingress.enabled -}} +{{ if .Values.ingress.enabled -}} {{- $fullName := include "http-webhook.fullname" . -}} {{- $svcPort := .Values.service.port -}} apiVersion: networking.k8s.io/v1 From 6a5a325c252cd593df2391cc688111f9567e47e9 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 6 Feb 2025 14:59:40 +0100 Subject: [PATCH 07/93] Update helm unit snapshots Signed-off-by: Jannik Hollenbach --- .../tests/__snapshot__/http-webhook_test.yaml.snap | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/demo-targets/http-webhook/tests/__snapshot__/http-webhook_test.yaml.snap b/demo-targets/http-webhook/tests/__snapshot__/http-webhook_test.yaml.snap index 797434b581..ca10197f30 100644 --- a/demo-targets/http-webhook/tests/__snapshot__/http-webhook_test.yaml.snap +++ b/demo-targets/http-webhook/tests/__snapshot__/http-webhook_test.yaml.snap @@ -44,7 +44,7 @@ matches the snapshot: imagePullPolicy: IfNotPresent name: http-webhook ports: - - containerPort: 80 + - containerPort: 8080 name: http protocol: TCP resources: @@ -93,6 +93,7 @@ matches the snapshot: kind: Deployment name: bar 4: | + apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: From f58e8bfa1a799cc278a68d51b7e006682b99c4fc Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 6 Feb 2025 11:54:52 +0100 Subject: [PATCH 08/93] Update version of minio chart used by default operator install Seems to be compatible with our default install method. Needs a note in the release for people who to be aware of potential breaking changes when they have heavily configured the chart. Signed-off-by: Jannik Hollenbach --- operator/Chart.lock | 6 +++--- operator/Chart.yaml | 2 +- operator/charts/minio-13.4.6.tgz | Bin 52669 -> 0 bytes operator/charts/minio-15.0.2.tgz | Bin 0 -> 57569 bytes ...4.6.tgz.license => minio-15.0.2.tgz.license} | 0 5 files changed, 4 insertions(+), 4 deletions(-) delete mode 100644 operator/charts/minio-13.4.6.tgz create mode 100644 operator/charts/minio-15.0.2.tgz rename operator/charts/{minio-13.4.6.tgz.license => minio-15.0.2.tgz.license} (100%) diff --git a/operator/Chart.lock b/operator/Chart.lock index 02aa05b000..5de87dc780 100644 --- a/operator/Chart.lock +++ b/operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: minio repository: https://charts.bitnami.com/bitnami - version: 13.4.6 -digest: sha256:c630690e4c52be88aa68d86b48326e0889c33a0e6b84280242e9acf61361e7f0 -generated: "2024-02-14T17:00:04.921476+01:00" + version: 15.0.2 +digest: sha256:1c6c189a521d342bfd29186c905428916a57fe71378c40b5d740dd866a70ab6d +generated: "2025-02-06T11:51:19.985812+01:00" diff --git a/operator/Chart.yaml b/operator/Chart.yaml index 2555f19338..fc2242742d 100644 --- a/operator/Chart.yaml +++ b/operator/Chart.yaml @@ -26,7 +26,7 @@ maintainers: dependencies: - name: minio - version: 13.4.6 + version: 15.0.2 repository: https://charts.bitnami.com/bitnami condition: minio.enabled diff --git a/operator/charts/minio-13.4.6.tgz b/operator/charts/minio-13.4.6.tgz deleted file mode 100644 index 983bbc14a911b6bf7a24b2251403eaafd7c1f7f7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 52669 zcmV)FK)=5qiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcd)qeBDBi#IDX>bqvHO~m?cBQB&HEh3c3QuUFF)H!&z{|$ z1R@~`HAS!lXh-YjeD>di8wr3QMP2MByXLdoSR^nQ3-7-X0vbkG4Hgba;IHXDGWWRyY5vOHvYhB^S?DI6m@0Kazt03ZMf zoT32`{1b#RMhO!iRKWp=NO*;^9wz-EW(l0)zFBs#yS@9Yx7+(m5TPN4NwBjMWG}0r zTfx-8cAlEhwk>Fc26TercpgAqZm_ds0^8Ys)&U^KAxbEx!d?o)2?}<5+Z~wV_b8*7 zBm;20+kt6X{4DV5L?}f`gpv>=I_PMmLNc9_qys>PQbI8klqVq`^!phaW6H8wu+ys` z8S?2$I{+{^7Q+?*^(81EUKcp@KJ`9zB1FRsr%b#$#>vs?#`z||6u<4Y#sx4<=y5TRR~$YcygI7V~}AQtvEdz}g4#F{Xc(m`Jn zp%;>A2Zy{ro-ch!DPpuw84RzeWRpIgjujJ%*TL@Y_NU#a&w6Px?p&eS4ap)gIFj=M z-M>ztNEDPW=+jOB!Z@c4WgXsa262KiV{G3a-@puQfukhsbpXh-xI}b}*(4tdJT>2` zF*RAAk~|9~yUeZFXBk3$j)*-qIt3r>JncQ}z34de-<1C`39s%##>|ob+fSeER^uEJl!`Eszj~0GmJt*aTB>gX0*G zYm{X;;_p$V@)p2J80Qh!FibhdRhMLh$3oj+gsUT>{#c?Sn4LGgpJy3L7=YIh$B^qe z<3?l$^3A!DfLrqCSsuq1D9jM!%2cG4hW!{)D(NF2DA+v?K~m=EM@uDMQUy5di0CO@CRDG~)VXtO5x$1kPoDUcKmTAa8q)-RLKjIMLC zoNB(hU_wD}vJLlje>{$T{bNK8T)$9$5; zWQHQ8PV?E{F>4LL?dJ->z0yJj=HG2W8+9D`SNRYrQw_W!S%?6G*%&eKQ$9plf*7J& zlK~q!p-nLnv;p@0txiURpcFQetK4uILFZ1Pk%hQ#7WbzjvmaarQ7!D><0BR|b4 z<3lrrNiJZ78REv7X4hhk>b2`2gY-)DPU>($N}{0XYoGT-b}mRWd<_{Yc&%Tk9ZJ7Q zm(e)Vin1a4D#nXtIpRY*BRRMcEE(e~#J^C4l+4A+h-6c-;sBBe{?(ubM-RXV#zOG= zB!jw~_)=5+SqC(hDqKZ+xT-CJ~HDf<6M0fsYYK3lDRKqK}&u z_T;m;Con4Jv{50Dxc-*o@QNGXEEwlF5{d|KZ2-!~IAjASn6n8tLqj>aEHkphKdMQt zy2Rh~GD6rpiZT-pf5)xDEHS3NE;s-%n&QL{=?qeOL$U}Ie{ciI2igRy3zsX32^W3B zl;LD7We#{pxge3R^y0}I2{R;Ya2Qh%AqH_w!Ny0cj~|5r`muuTN6BzQ1n@W^+$!ef zQXF2P2;?akWn?OORkpX;1D6w|8=pY2vMC8Hxb+InDEP>m2=cOB@jKORZfXkH{qxgc z#MSSDrcxQ_kVVUSNy^Y~Ip)~wHVV0FRoC*h(nwCxeo4ePI7Sp4lRRM-ZMljf_a6XG zC_^yfOQ2N$VFFNcjWd!=xj?vv8Rp_eqv2_w78!x^3A*`-lTvnA@Q#Vf1}A|WE7iA6 zPLH7!V}*+YU88IU7@i7IG6UfRCS#-}lpIByRH|KLB~qv` z>qOZoa+`(QVTCp}!sGs~Oyp7&bH?IxE)iriP$?C<9*4tXY6~!9%wFTfNtP}cGBA_oa`Mt;y9b)f&^Y)ZHq6H2`h#iM}Yae^Xn`St>YC}ViU zMRBQQT7c?WbHp9jyg1@~YB^GGLSo_D6MZV1GZn0sGKRN1T+xFzXgR0$q!%#eOvRkHNl} z5yvowueiICh*%Jy99P=fQ3P)N{6yiYVT6aRn!d#37%B^J>eA7H;IE@XM!j9=! zcsOIpP&UPh5DGtJFhpl4!z8*8YXt>I36RSM-6|GJFviy?5mwzqtq33`5l9e<#FWw? z5g2ob!e3fhCz=fO81*O&5rFHa-L&;{e7d_3#1S&G0x*(OyV0ROO{+oGfjp9L9-#rPT= z+J7Wl4^%5ytuTgRZ=^}e2eETjb zHigP>T*IrhTeOO#(&LO%&BU_?O4wL@m<%IHjFVB>9w_63ccd=V_Y3qeRGy)#w(6m4 zN}^+!z%k+suRNkAT}z4pnx`qr7zG)M;U|C@1tg1**k~E&FoOw0Tr-&97=biH;=EKc z76tPJ|CXZ!QMr4Fh4Rm4Mm=GSWk|R$*bU(;GmeC$nilv;2QB9I#wl+ZMdt`cGXe4p zW-yLX+|v1$Gm>%ZqZsA@rfIBf?*0%`90tWF!2&6Xf)bS=EnTA>06b(II4F6DpCQrY zzR*3w?jj>CF%^oPHiJmhOZGlL)i%z3uR;SJ%Efsz6|mON*aENaM3J;gw+N| z#*tcSMy@f%B*BSrOPRlINo0O;ZIc>+;D5-lg=JzvwzU&&GYD72_q5bczy@IxlmRw@ ziPp3?U8-1}TfiZ`xXPkBSyfwV`^m@h0>vm~Bm;s0V!4sZ`@p9>q}&D*OEfs-I=Zmg zgwH~6)vm?MF5406Nx+dRdt;&~HdJdnlafen154Y*?25?`LI)C1&f6|bi=A}FbLT4N-cx1< z^~g(cq(hThz0^ds$94|D4E>fPT7VQkP-Fo2Llt^dab%rq+m9ZB!%uLU#;Eu$@hW}- z0KzmMfSv8_sqt=#rebsJ#j|59UaM+SyqbVZP#WtB>|H=^a`Q{*5O#*Yl`**HH}sQ2YAwmPXTWU+FF2a;cLXzJj? znl&x#iyyX+d=T z<=$ed3eGKXEL1I+v3IGkO}i`isQ;bQ=p(Sl=QWC?8DZHph&t2u(^3EsXd>IoPk%zA@RuFTcUdL;;$;4C%01y=qOr{{no~B63$V%4Xw>J zaj8z=iW7<>1dJOTTioLEhO4+TVb8p>u|)lksUDBrloOwn{`E@*Pas9VZfFGyd<>LTga zJh=LFi!r+D)s{Y{iIedbi17%8voJr5XtjuqQVaKG6Z0OXNO zE`M_xAV^uTW3uPGJw2mn#lTQKM3FEuE^;a^w8>xZ5_zV}RP!C1!>HgI9@Y$cL$cy# zKaMe*Z2=exrz#i{5+j%>l=v!igW`BgA9Trb1g0>xbVuH@fjH-NF{vDsEDY9gRJ4Fr z&b$FAnll?S_y$wwNR!^Kz#}1c-jeW&7vdeAi?73U%Kk3VG1#tzrCS+P+E{>b)=9oX zSUHj$M+0z)C_Bs02!DDRog;>l;=EO1@ulLkHfY2TyFl%7!yoi1#o4T4<3?~s2jHdq z`VlyQGYbB6dj2P1>=ql}#eT84555!Z@c&(IZx6)({!hhLO-K@wB$O9G4@8Skzku-& zD~3gpM`G>Vn7}Lol<`IGhGbX8MVc5x3Who37)B_~kT`R;3HT(B5zIFJ3y>*hfZ~6t z-9H6aDtFYBY(SJ6fSv6h@ayumjxkb{xB&yBdKt7_iXF?(GuQ>{=l`VeX(BYV-twU6V)@y z&{V2h`joQischKu(#-ggarpYl0yCf%JVkGDl7Et0brk$V?oDqcc`S}9{UZ43 z;!qUQ;s@ZQ%~nlqn^~UhQE}NtA5g065GaZ++sp|`&Iw_5OHXJ`ORDq|jinjB#xWYB zXns>=*=2f#V8oYwj^~?lp3m=}x84#6KyDG7=`I}75XSP-#9S2WYA%6s@+C`S)}wVp9}yBjhY2T%@W)i}SjvD)A+j z@BT*)8>z?Nc!&9UT z#BN79TebBA_PL#xr()@OgA+_AC<6aOh7BuOD68y^7|L`NM~2e1!BuCqIZMbB=tA2R zN4{9B4nylidMBPGDUx4}qnD~Yhaco51aI6JUy~;HqlTs#3yMxh>H@fNTy=^(I7!g z9lGknC<;)*GK^@zh*-=K3j+?G$`e`q&p@>#j_?~;Irk%qX?#X9Mtd;De#IjtnQ$hO z6eaF~mc6s1dWgywyg1Z-Sy5i?FhO!2fGHk;zie-BOG(5Fir+i#kxHLp{l}OG#!Ot! z9%uxxq;}p6b1`+i5mpQRyG{K?4V-@mnpu4ouK1t6FJg0~85)sn3c?Aw5ht;VlgjF3 zoH$7AHEG;6+BR2ejTP5a@mfLMQ?Yg*V>*Q_oVfRB8Vs60(wy-Kv6bwX7VuU#SXwl) zl!ek3?s6tc3+PMQAZ_qouhG$>#XGPvTC}>9S<#AV*I-AO>v|jM>&Kc;@5|-F8yU_ys&D>XgIjCUpcyyg4uD3m zKE53PIO4_xn~7*kOkN{UujEBA)&oZ>CI=pYkNV?BAcAqQUS*%~BPAmygRo3s7JXc( zbLu7v?-sho;*g+&orld8ni)5s0RPDd z5K7z}R3zlXVh`vFaXru`G1^4|{8x~`De7v>WVyMBsqJwCH}z&o^c2C$Eh>rIj{9O) zEn?X1ox8i?c8B-d?(}xsUEFOmn02AcY<2OCD!^J_WUGPLajy~?x7n<_ zZ02pV=iAfbjlOHP`}~EtYi3Kuv@WkbdZdCc<(UpfsvR}Ft1-TofhN+7 z4AJWTt@6Ew9B^TW#b2Tg+J9tJ7H^D^(zVX`2iNgzeXOmd!pj|?7|zOAKjIyT_)EPV zV-cVkW@<$al7V=Z0K;V+$(e?8DSs{jNUds@lMK-bi6ihvz5uLv(;gVjLq1_kU>EYm z9AF*mh0iPE8HoXS-T@%BBN_2mHfiKL7cm(k!|gjSJBP~)7W`7!yeRDDbNg$3wZ%BS zE!4TZ-WE^`Zf^^!CBL@?*OKEa;5zo3b@TkrI(c3kCe2fU=$FFwCQdHXo8RiHEXMF{ zAkJm>Hb7c1dK)k;nY<0CmJIHI>X^R=zEC_~?%u9)_s;f;BK?JVPC{O2e`_u`ph#Y# zHSUTg)A3Yuvx$fj=hmdILaweJ9bZK+>A1S>2!_ zFtEDbfb1)rV2DN}Lx5yT4Of`RW!-GTX@BjZP?T+434P*ia?P<$OjOW z`-M3Q_M*saiGMY$RV#?3z44%a1^Z zKTjM^F)nn-X83y(zA!P&6DfD=}9u zGdLRI5TH*fpoZE4 z*x@jS!P)W9ln6C56+Elh3uyjAy>U;mY*BasPDoN7%`IQov=SSHIywW+PmwR9q!+*x zd^Ab>5o{2(K5WUX#6_Hd&9&2(<2FkiuZw(8}Da4DU`WQ>FW%@Cy`&N5^o0svI| zXgBiWwCp{m7E9STrRpOV3jNEB-|2~5D99G5APiYB!Wp`Oaom5DA<8lwvOs|uk<6k& zppYw=LHosOI&183?QHkt|F-+P&wRAB>bW<|G*!_jhOz|4O8lyGY0AWq*MNcYAs?OT zxU0s&_zaC!qoD}+8)!5HaRN;pk&8(MdKG8B)V*YhP=Hh2ZEr6MSzg!i42o&3&Sl8x zvm)3>N~n?gL2}PVLb9n)p@f&exMTlOEomR6^fEGbX!y0XhwYAESS%u(+@TRjMWjt) zRe@>Ec}C=kN3LLyB%ZYlZ`p2QYsmK4X*xh(XvZHBjACve(CSjI>P=LUA{LoLJpH|q zikvDFr>&j>D1~|T;7REt5cyJ*F&8f7PKuNPsb4{B5f}>ZR*4(48^DE*JeOn65ag4d#ZI)yEFkv(wx8 z{=YVjxrV6@O)aAqxnfBRW~d$*6Ld<~L8>H1An9iz}%FD0vZ~EY;I=zUpo>k%s*##EF!?IYpVg5Z@Qy1LwGof$>xg(L3sVV6>na!cr~GB~NRUwp7uK5z55Sf&#jvi;EIf0j4xZS&?5? z{SM6Ja9&No;YAixy;z9^NtO?;Skbiv(h1`1!LutS2N^2opnbf2UHZe=Nm- z2#od7W*wFPOYl^QQ3>W8#WO$>doGprFayJxz5%1|=42V7DM=!khRtRZ3#LfXT*5N* zR#_x8S}=MOk1j;nS1ij>d1f*8CUUD*1N$oTnK=-0?D=|Jh@g;Uk-FJai{Q9O$u*pb zUX?OZH`j!eP~v|i`uu~(U8)CM9{~!SyzCt?+!Adwti^tD_ZR20I27#07*u0<}@aSve(vOJcG z?gS=L%o*q6;w{Kfgfr=d>=|Sdols;7G$p>%v>C$i3MG*d>_n})Qg@;>4m8|K5xFqu z6dAJGHXB9LjU>K|B};OFS(TEjGblx9b^GKIiz}&YH1-8$Cl))3+`?5>q(z2di&F#L zfTrAKTu(P0lTseydXlM_l0q5^t%Tepmh>p}ib9dp`SRU-b&y&qBE>;#ZWmZOk=S)k zmC=)cv%_N`bMVPJV*0ClfH6)GHyFhrL8JFVp%~?v$k36e#sYsd;vyeYZA^*wRXV{}q~|kwY`ld48%xM{*{Dzlvj>T$ScapExckA)ghhB{)CaJ2*b< zO(grq4#o;3Yy>$i!8O z+}eSsl2?hdg+HNL7!!B}u;M|k-XW1!gCsrKzD(~^loWtvZV^6oiBuV=vLKR~KAX8w z!7oCT;Y1RYH@{if?iNuNBjKTP!SQ#hW0B#mv=kyl3mT53#Z2DWZ@WCXq%2O}8@CXC9i)wC|YS~s80P)5Z<5LPZd z=>Wn;38~8#br_KM@4$Wx@pQ4EE|ifBj#0k=&jNMpP{!peTeVklDY>!`QD8iHB4}Ngl^r zAR(2;gnOaTBScEREf7u!DFPkq-Jdc8Yt{o`W1Q{+l7PLRFL)1N62UA2Wfq?wemdOZ zAHko&X^N5y2E(gj3(Z8LvX5g9jR>$Vc32KdvIFr}D9ajPQEmYGL(Dj-WQL+XAFf*P zQrkEt5t0MHC$$gxV$Qg8wWF*qFBb&h9Kq=43^R0^xJhnIj>G>#7N?!dz%eb_lv$y^ z{{h!`YR)x=v-kUL+}zgORH++=d9NH3nNi0vb}w zW>Z2jBTmC-rx!<;r>f~bp#hzsI9>z?4OU@6uW(w61cT$&ka^h+Je}rD46n#Z3Nuv3 zH$%~8tDZ-A%q2(Lc2#lZlD~m7Kqqkb`HKOByCx0|LAxuQoOqjl} z<_Wr>5$4mpxNC3Z*BA9P6{b05V2HpJCNhSe_CzWsD3sBn=4!EOcz;x|fHcF`Pz3gq zRP5^(lvySIHb$&?C+w8jxvKUPnq3tBWAoOXS+%ejY|fe!yKphz;NsB>r9{AlZ;4>Lni(wafC9F2bCmp8)I$~ z3JDeJnK40Nh`9M&C39O?wc~V8c>Uj=Zj&aDIy?wOns-t z#ErkJS3|q0!nQVd0`)N!s=Vt^?s#JJz($!NhzmZFhz4nIl*h3stYbiHyc6G9MhEA{ zbY+ruedQ?-=h>u&FSY|lR_p<2CNnFnz!sUznvgSW%zY6>t8#Lz8gj>^vd0j$So2h{ zUVRjwGZKLVOtW0DJ9wQ(W0`csI8=ZWV5EK))@Z9B+)~rY^2CfeVQN0nP`bFHq2t<$ zhBkAT15}5wVtkjOs{_DcPjRw$4RNfUWq6uTL6T30TmeH_h!O_%_DQ5quJBb>=B*wg z0E_B!C6z~XWK8tJuVSy65ykmkb}hadGxZ0+ln zuk|(-*QZF%_zW{ai%9V$RE3j}GKMV`*cUN5;3bLy`+n^LRsXrdZ>7m`K~d z(Dgmp9p|E0m^MP<%fF;!)u0p>%COiy#fjNsQM)kJ<~A7DBCJ6!-(MmjQA_3&;cl*B436|4kSXpgL_(onNxUsG>G}ikbepzoQbN&T zQq5p$DrBgV!4eChIY@e83WQI}XTMuOOJtnaZD){teU1bxi=2zc<{NnfiWVm>#F)y! z?K-q3PR58T=~fV{0=CGpJ{O~`f(tj=%6Ixi9We=pl1O-1w*;CPMH)NtU0T2ea@jIy zO-MpAwGpXD(tKwf%+^Q#9PCUajJgZSSgI4am?D+S|0EQru;oW7;=B$fE7uIvUdRuC#Z0y)eeY<-rjfR zrIZ5_=EbF=K1^|M8a=8bMDOzLh3t;>nd;6-BcN8LDc_yvG4iW4sa2*&EUVi?}Uuq?>Qi|(|MJW#+BO+34PK{USQ<^D)d{78| z5D0xx^*=DeU=02nY#X)W;;@rJ6?BaLM4B{>&we)qM2wYH1wHWjbB{Nzmabm8`hEV~qt{{2z)Jx?5V`3DO)d%G*0O9mLlH_ChOuxB zNEFZ~(TVfZ)5{OIy=hbUw*kY={nQx1Z1`K?37>W#cZQC^Rc9RUFWzfzKL zgY;GRwiiJLdl?}t$SKM`cfs#q2q}8;3GEV#j;1C|mM4o-q=5rfWMS}6xl#o|HU&Yz*bD@i|3V_)!>cDJd}(`9 z7DLH3I6gW#I{k2Qc>ezI{DZ+~#h>$vmjiG8Y^e6*>BZ%%mR-|eZf^sCM}qPjdOmsY zV{C$rgfQSQW1ZRG4QM-Ngtl?(KF>6gf+jP~~Bg+uLIQMf0_+e#Ad(#tuNq zFH(=`bndFt96!Fy55NWH2D5!%MYvrA*vb_WK_*_iYjvtMrL-mu^*yt4W*VU^WXBaL z6%DNZsa=hq(eT~TrWT}S&>3^q-k>3PcO+)?4=UDx@%7#L+d)BQHyWb0%M`)>PIALF zrhA}T6>=p(H`S&An`9&(Pl^?#+7OE=`21NI!nd~o#T2QZ{Fk7@px-yv5l^^AaUHgkhrvx-k@!T>I{=Tx&4^b%<)BRQ@H=4Sf@ORakkeN! zZCqj0*9 z|6i`t;e>#$%bMqJrT1mf?>{d4sU|~$B;i2!`)v+rP@`X!Bs5x<+}Q2Zuw#*=qzf9E zaW2|ByDxj&z3twPiJg_Z#Y9hIWh}(J2f>JBH!zFZ4JW-0`)!A`4N`6BT1Q8nQKWfF zD^5N+JvjVuc6xs4Fmk(jXRBQ_MWMv*&wJ-519M6ESuP2f>N^%u&#W(3B8P4_ zFiUVUroD{BF;2#paBM{G6&i+KCKst`s31$#uQ>`^fh83lasM1LBrD6o|LQy?|DKQQ z|M@UMaf&k9V`;puHk$oEJ1@6iK6m{;FQ4u__xxMXw*V!lOEW_go1MiP-V1~B9 zQ4;n#7iS0mJ9vvjlu#5L3HQVZqig{7&i3|yJPdYw+nw+FQgZdb1J`&ukdZcUjQAS# zYRZWlPS609#X9GR<(c%!$jm9Gh?G)9#KjU-xG<3y&9p4R(rgOE$BNJrU#Tv%5#f-5 zuK0CM2y-Q8cN~);jLX;Z_hz~3CXr~V1?I{@Fuwzq^|xX-OflZnnKpeXF$Wv|lc2RX zCN}H(TC+^7-0!;OXH^;;hzl1$5>#IWP`4W7zEmSy8doB87pv>4>SKnI2xV3cv%mbO zh@fS2tZ(4w5M`6MEKcfn!Q;&WEgvbQ{al`oD|6a~DC0aJLiFIox`(HHd>dEHL{qH*3HIY*zJZIrtC}m6?@5vG9@#=zf zU9%@e^u3%-gtJtf_EughUdCU*>YM9<5k*HN3(=W!yl$Eh3y$}VrDF181iC(bzAK%+ z8*{CQP0*DL&;>i&p!*Y=bwRgqT6Z@=b&w>MWz5O$9^e%O_4V0m{qaxTdiwc>G^mWJ z_DruZt{Oy(vDL%TIKD-puYQa*WfmIeVnpVQvq{T#V{Pu?sIhAvT1kPr0o4*#EkA)l z{W8R67i_RJZmehueVaHApcW%hC(EjfYL*M0DuSWOdo7;Z8+B@u_^df<0UCMxDbQI0 z`Lp-?wV0RJ&dXcp>e6{*pU&RzTOEQ)RCLN0p2C`zwRhwif53 z6VLHhI@hvvVI{qF%WcM}2C&*ADNwL@!D*(e{;2p=Yk}4B!#F6_s$2 zh?8-Qz!Xsm$4K5e4SB&4#BnWcT`yXp>nb>uE4;#H@P1KS*5$j6MlYQZAr|ki1Wla3 zI>_*~@c*p~Xxsoy--Ib&cB?ew1%D+t0o{KlU887F_+v+9SzQ?v;^Uvm`@OgC4lls_ zy|+gPdzVM2Cxd?`T&NV4eiwt@GpVW941X5|J<;Q}v?3T=CjNMu;iZ&*Y+N+TbQ4X3wWFUGWrqoelbW0wfMo|w4 z(rCKC3^{1PL|zgw(dm^TNSQ;eAmH!#->=b1C4)-1e+TQ!&u0+ zOlH1#)^a?o8B+{PhQyt~eX&FgUJ0YOkW~yaG|FR&SkEe_D@(-AP3V%bg@_vHizq-MC zwF{~REV{nhU6o;tXz`|05xH9UxAF`~TV9Q6t$N2|>Q`mO2TOn7tQLSdBR}Yy&O(XR z{7|XA1u7MkP$@H?pdxj`mWU)F4$|w;>WU2VBzM)rrTn1!u5~3>g1TU*n&5Z@AVrl(#zg*yl{c4x+>!P(0hoR^wlt@yc?Q|EK~ z;^x?y5r|oj=z~OWgpL8{2H7S3)jNN^q#^rRllufx?OZ*o0AHR^cesD@}wFwNQi%kTttz z{|rYt*yNg9My7v<(->@;?p=8*$J>@M0;@FlJGeqKYP9_)|Dl5UR=a)EXy^ zk3Nkzk2tzqIloMyS~=VIc>eg9RGEi`Ck2lm5nryJDlUKY=Jms~^5dTWkSX!x$j{(( zEoVUH-2Zv8{qm)A{^R-coo5f{Kknn<(|J87Ky2rHHRUE380Ph3&-Q-^Q#iyiX4qUR ziaP4x*cDEqfljv9nIZ-w$l#y|Y}ED?zfAgP+$*iEm>3&b;CJv_PMGon7GX3z8~rWy z53lOuss;&8IQ79Z*{t-?80*yvnwjfkt6MmGhK91~U~LBd^=NH{@7Kave6YhXd8k-+ zL!Ou@b{DVZcBlo?I_co0n%a1$DGCQ2>tczAbt@TFD|%m%%}pj4q-ILf!jAd;*_%w% zuZ2|FwD|4Tyk(N_mY!%=Zv{KOWaW32K8?&vqrmDg704*HqOZ)%d(B#jK3RFA=> zIR)~SH$=!ZKk?ml^Fx8 z94Yr&Ebec?dB%7bn>zh2So=snZXW5PZGXmFh0vEZ@Q+&$e9LifkN`5fmhU`COR?V! zxOp9LkaZW+W0*Ftr;9H{g=KFph9mqa_689SEg;8Y<0a(%Z}ZMS2a zo4)qS9H0L0MgByAKa1^E=gaGaElvyp5iGIRnTZr{Z!76-7hH1}nd?Apa3+PSg6IM#Hu20nA(fcii=V=f%_KPaoF*`*_y8{#)m|%Xst)ss;1522vH; z#=kRgMxrv*y^M6f{4T*)t~Jcj29{ZE{RU>Wfffk*o$)6BSUCqoJv%>uu>ksuS8Q0f z0Xv<5Y{Cis?>6G8QgtYOIm@Nc0H#(J*SlUnU;M|cpI`gawEmkXP*>3dn%DnlJ3Bku z75o3$!}@&5Bs@``FLa@KOMtJ?uS z2e0ZQe@Y`f#oQd@1&iooH36fPy}0@XfPaw$&8^7`(RJM!DAOq$1o7uvUQh`%+pf_B zFI16>It{SoLyx9cRg+tcu(32EOwf4Ir9$1{9%1)i@aw7l5@) zyB6d1ed#)@I$%>0ne)Nj0kp5Kn`c5i!T4*>?$kp8Ae^A^issY45pp1q`;?a8+>l4W zANMX5Nqes$MMBzk`&1?G<*HqGQ`oICF*D7lz`7q>Ig#KRQZ_x@g3C%C2W*Wq_xna% zofldlRdB0|;?t|nVGjXlI6+Y!qwK`E9}Ix?+MbgB3KjIL_o)ZIh{C>W*S%V7;Yeha zm>GPj-Yn;GufUx@QnyB|L+!11K?h7R%rw1x94KZYd2mYfqX9 zwq$r+xEY|N$??uK&L>MF3mC*HYiurUXC zp_4roh0M3Bv9krgB}<#=HYYhXj{`R4TCMB-giy8@W07aOJRDcPT&?dW^d-9P;L1ph zGIwz>Uap3#34I;7rX(ig*+rTm810jUvJB#cS(w)pS+yT^EwA3IG{Z#XY%Y!!7bPp7 zY=>v1V&z2UytcDEVR(u>O}k&LmMhij8m{d#iQJsmMo@RXzS_C01q?F9tN{w>Dlpyh zn%HuzhO();U;aY|Lv)5RELtN;WU^aRF^gm^0oLJVXt-QT?`tOnwa+P5;|#jjVLefd z4E5E9UD1PUP*_~4^iDDd>QXwT_u%7FR54-d-TrEjP2(W2P*A-pU~Q<)o_&0c!dxK<+E8!=0Do3=r z;Y4l{5S)9Xv)5E_s0>YS4WY&xyx`|4Uchq3rr8$=g-0I zZBb2v@*D;CY0vlDKMQ9cZZ6VZF7< zAdvg?%o7SA<3+=ZhgN&S37RDDuOL<8R`ncB$+f?TttKI!$!YA|@|Pc$i(Z=cJtLm* zTg)Et8s>Q`u@^GOWU;|(tH?MXQ-AqT5ggI+6df+qW}<>mMIyt=#D9k@N~+Y22?=vuKw zMErnqG7WRl65{z;3wPeovU}`Q!TmYbNl0WI48fz#I#0p@zd=Sj?m=)3_Wp9U6-^Wo zC$@XoMbCXjvg)Oz?$r=r?~?<~B*Hl;^lKzU8Q|>{a)?ljx(}(-_vqNVcx-+RWynyCb7@y~_8W)t9ioBFu_XytxYio~7OxrDZgIMyLkE8RTg9C~N|r{$L$!3t zV;b7L>aSvS=agqs$4n6$iQl@!_O@t|ul?`a&CQF`7f`;rw!c%&0i{@Ryq%eS{ZnV) z`gk3X5A}5|i7V0IV-n;blG8InMtTF=`Uo;<`gAHHuSrpA)U{FR?5nHrX?wwdhT`w! z^3W14w#g~199^K7uP>F2^1%l6B4Qgb-(0!Mh?IduS53M63Nkq{Q~o^XaXOu`KP&SH zHUU+5D5+v@%0`}j#Z$u$CYE}xC&`O@=@%1zu9ynrbo?$UXh3|ojX{v7$4m>yHA}D8 zV5%Iq@TCh%xyf%yi*~8vig?}2=yJ7X;P3Ql`CiyF?pid1>_9gMD17h&koK>9a~U#YdV${ zt58=2*}4EPPR{a@Py(}x?dzOu?ac0^*Gaz2P9C2vfv5C9Nn?r4jmp%1G1Q7!nZaeLRDy*raf!W~b>)xjIp+SlnT-IgvB z@FreSC?aPXVj&2Xs~?T|L|5jP$bo8P6mz?@lOG5Oxb6``+7VyCOes3XlSoCKGDwkY zg)@1rL%b;u5@`Suv^X=qa%CQBlO<{WkOIOMljO*?H`_oB7gi6<{^5Iz2fMb2KB)kt>NOP;`GLmNkr9MHG)(oNmKt&{y_LP=2!%;*YyM62 zCf$0BhVJM3#ui>0kR)1kRlURH05$|0)cX!oeb~Gttkr-<+ILL>RXqUgv{a>~pk|hR z%6hMsN5`}|?=T74bU)Uo#3;J+Bf_I~)7d_2-S~0uX4kN>j)+tQoixw=*lLEQ9U`56 zQfj#piw&hAyt>Bip2(UF4`>&*Y>eqg%y!ym0f!0Zddg#DYc1#wZe*tmfj_txy12h5 zHJ&(S&;?J2a>Isu8wdmCJs-KrdG{`7s^UlpowBFXNVk5)L%<1 z7S^g4?4XiV5-gKROWVJ#H2OykiuW*6A8h|MhL?M(sR*lY9Dm_odah^5n;RBaM&;3^ z!m>2kYZvp0=JR>4)|$2@3fPcE2KRgcnS$EAuVIo3R5Ux*)>yjANe9m+v*?nFE2V zP)sk!1HW}`QOE%va`l*3GgyO6q527Zg(JKIaUZ+-F&ScM;}Ru1}nbOSzK z`<8djX?rDb0d#x)Z+>1Q8fQR)J?QSLSYmRe34=*8OKz@H)lD0zPMdG7M&=Vmv6&&CHHv*&xG`eS+ z{dB1MlJnIc@bk%s`;w5nKLCCYS347bQZC$h-f#hlc(CAjXDr|#S%u;Rt6QeLsi~&! z7`C2(6O^QqKf=e=7)KTEtzlafp^%S`J)LG5c8>v;$2CIpp*zi|n8K@C)sg9Q9ZE%|;|AoO%<^Oi+fADC`P+@eFCM{v7dn zvI;|}6qqB%2ls!o<3?$9xFRVY{K-yt7#BLtRHxmwAls^EtzdaESSDqfYH78BXJ_pW z*Jz=;kH-y+*}0KEkuUtT6OTd6#cST`?r2}=#LcNdIEd;&f-NOk7`oHu+k?zhU?8qV zCG;ZA!qQ2*>9-XQe+rfFOp|3NRyU*OORv?PpDt-+`5pYNw8&(gaYsy=F`#;Y zuaT{ijiis58T{$*%?ZcQ_it{6zqpVsI08qR4e5KNtyL4lh0iJ$>?|@DUXB1yQT^S_ z->LCnEb)6ro3N50VT|POqUGl-u#-5y5guPdz9b+)ff!{yf2bhF&<0^ojAx-n>G2|^ z!GBx%4)Q{-82>V^bm&{vMA4+7SZ`=2APaR%(T{B6qMqW%3nkusCRU-|ufyBYVrV^lCcZbRN{k7PfGUEOI7G1+Ccpz;_xfyc$xj=SrRC}&xX@Q3=T8g2!*#>2{z82JiK~$ACs^KdLD~nok{9(F7ry4ao1Z>!NsC2GSvd$;Z;#LdWSBIZuKm~pU?~$FP&>qM124PR0B&af zJ_QCgE%wtc1;-mYy+dD0$&V!)ThZ|n7(Ev1SkO0Z?{ZKZRh3=Y;zZdY88AQ%-0{hb zR{peh%0Gsz_=q079^- zeQ&v-K!$aH2ThY4Q0S)vB_s5FdNrk9YS8}cy^lO|0&+>7D59HTr)h3H`BP(KYGcoL zAK6)8_v$EB!vrQO>1Cvzr6o`{PI2=-QcNboA$Dm_r0ks^{aUvlkGT_Rl>#z?3qc*z!Oe&! z3FT*k)`weV^?r0S!~wyQwFkk!2Fi>Ki`>xERLS8F9O>9~6;K2V00V>K&HMbWkn{8A z0Q%lM^?sh28u|3SdRU;yupt2A^l-dAA6rI62H=BXLlLg}y88IIIlS)ud$^qYn%e_^ z+1UAlXpdQAts0f-#XctZ2J!{j8fmfV^7VS2IH7lY{1$k=U7&wCO6dV%7nB4C0TLxh zDv?JSU0En0gu=h>^yt(QH455t&AA9A6zU8HO^r0njGRe?ysaRBlm84Hh$y%p0B!kF zlDF<=rA}e(4R;m!USY`T@C8S{h0E`QvdMrT*(`_P<6ss^B0KbZJ*{G@Hijdx1VV}{ zWG>)ekzb?q5LXo2F*16C7%BBva`?;KEz#xC$uzA11L6RY{jsxu$?tpqxq^D*Hp22& z-#x8kvcj-ET~*WK{qJpPR%=jL5RH+d%xbinUKdWwEXYIaUts-r@e&r`ncCA_yb*sli|r;gnjUv^zv z>$T5{>)fU4@@)*qj0-d_wAz_1cUn$gU~2FD>-trvdOmig7=*V^+q2z`(yR(+!)Qf? z1YVVV`=4*B`|*@W!lWMrBXV|46Kcgdia z-3a@mH-K|#1c%q@d0;5PAAuPHilTJ0~v4U)*eB| z+k9>FJ;#Tme1zJCvBh*H#-M7GMVXdPzU79R0Io*K8*mI7r|@@KvXy2=7nE}q>xvBp z4eXzLu*0Pze^M=|3%0}vt)^&Ok7<(d<*5RRrwDhe-1ibjMq_glC0cGcL-H8cMV5bi z6f)Ry!xqANs8(wJTQYW$iPYHs6!M8!`_d6=uukw$`Y`A!FQ#7H9U^Qf3^Ier2X|1STgZ(Eo|9Go{PY2lmLVkv8M`8Y&e7c0{T zcYm;oF65yRTo$)hE;&R?|Lb(CWE>!?G%j}g#rFhO<7D55O@Cg)IAr{OjOV&Nc@&x- zdSBco8Zz|q%v21SS`YUhYRM1<+S(NKQ*}FV_u8$*InO4_r+x5s8HOFs#89JcG3QOl zm)YYo)8(;mY!)kF5QhVv5$aI9ESXB-4xK=eFZq~p9sFGR9(R)5R?^MbQ3~niSx~0G zqB=xp4|T~eq!)Y0`{*d~Od+x>fAwUB5b6h^gbfoLKX%TZoEx;C2r`2+Rq<6@x4<1; z0wh0lB_B-jzJxlqYg=TnUbUvu}`;4nXIavJHqo_caM=~Z$ z|NS=qM)eUD<@Elr_4t*jT$^HWz5@W4?1HhQU(!iL&{aZWvpYXrnCs~AOw}IG8`>!y zL*^l4sdOzdCPG<}P_0yzR(YZ*dpT;Ftx3+fE-6DkcI%^qH1pZg&q#=alL^fv~af&##?^cH)F+aQrkJ#D{k6|CC zEL6Fs(EOoj{rRNYLkZW-00#s@8d9RoZCv+&%O)CpWX?D8;fKH0z3K8Oz8IVJYB|+h zqq7rExZv}c$WtFGdAJjkweVSt&_DT0{L3T?cPHOp4x~ zE%$j8{gs-a+TbP9JetqHbTuhE-QEwSZu3MYF6eohj1L_(h{=xAt}7iWVR&bd0rDPt zl7dNq5Z&2n_DikapIt^SXRvhsb~!=w;eP;1?Y`PWT#GC2U8FVe4z&sx^Y!i=JG1-3 zdLW5cT^2c{Je&Vl4dNV@w;U2f(hT4VJcJL*cvL4E6A5lAn~i7kaf(^zKQsa9NT!O_Ym`JsBw zB-B z)8I!R^Oxgdm>_d)Vf5Zs9P{3#fwmIUPXI!}Vzf_#Q&7a6{N5}+v&R*Vo3~Qf332vflz3dAZZN+uY6QW`o8m6`91!9vcce5 zaraI1b>GE%5&z95q{F!2TdB-J%k{hFOOM8eiM3kx%ZSUQXeJ1vSUr*CP;*tr2_}5@UCCS z#E!K;k77Ks`kHP{Z?Ks-H?T#ElATW%D&Zv)cl~e6MYqSCErbf*3;@OcUQSSHLfrIC zz3J11ejG5(SP#D*?VW0HM59iMUc?*YPHxd^CzH?Wkl&|gUA7|AEdq=-njSj;2x|W}zUHQb8d}#k~=gNs)&B$cLC9Rs$OrcRPg~QCf_+Ee^l(0k07k(_{_zOJem~!B#(k`C5u)?_qH$@z z$E%U^Y~lh;6`VQ00xGcSew~u_-Wg2D?fVs6;1BAveGJbSt1M?adK5r^{G&2+MUkYss?C5F z!BU9nc=i8`yF3-FK*JO4Snm3?;W0m!;2^MpaQBXmyD?AmYPQXytKvn08Lt(ah%xE&y7pJ<`Sew=6Y&vFm zL(ZiB*>*TEUBU#0aLG)S=IEyzujhiWF-JnjF5cBy+{h|zwM~C(+yNwP$Nyj%XsY^r zDp!4la3drG-v0A@qGF?{v4EZ&e*XY@ud=`0UO$em0zX{|X4+@IRrYt1;FhW~zwV*p zkct&3JF(`n`}~dBj0q$iFLEhw2|Py+E9%|4Ypd#=YeeXtrU7n{GrJGGQG~*nw1IF@ zD(zO~KJIMsZ|$-q^~x5#;B?Qgi!a^vI2kRv|1!O-r!k}zlJJs?i`H;pfcC(G)mU?$ zqBi=@iL1ycjdJO4T3yQ|);-~=P~za*m&4z#ierB{fw<=M6_O+F z=a(T`CSG>TgtXd$3^sEit|Z*ebOrI@?18b69CZ0KtkZpi*i1-&s*)Ch1RK!4-f-*} zmFtaBA9<6oOaG$(qc_bgq9|>yCmK*IqzC)|lGXsN2>+w3{Yq~WY8d{bW~NFX0e|$< z0GU0>l6lQ-HdJm;tsUB@hK3jPzw`qZumbP+8)tkiMGcFH%JrD`bn}sXPiX*9}_7G{Vbr%lz?WejHTvVa7FpHgROH!nT9?VTSCDt5)h!g}i z)hdS=o8oRKaY43K6Sk$+aT%M52>Qz(V8o2xO1ksBV-uS;9uf=4eM{L__u{RUBxd(5 zjreN@rn{{pAprU3EuPUevBTpQc!iI*lY70Z*TdfK&0_~arp7_IDxIUCi#TKPF$~2j zlhA;dHYU<@cA(+LR2SFp9sUnHhnM@%9E5KlrXPe62XP1VS$g_KAqTNWnB44?yqPNQ zuWjRy(9%sr#WsR`2c9qQytl5W6T5mzJG&Q?>#dCm#G0MUZzneme&>z8>b@D9yT{kF z8MaMZX=r8~XF)Zq{&_Z5vj0~(0(a!tkxnpTL9-Y%OXUgmJ_tJdhH!o z0CII2N7|$HFVqop>)xl-}J%mZvoZi%a|eh?ChYR?Kgsu|33s1=+9S`^f8KcKWKU)#Qg zPk!E&SrC&oouerY)AG#oG%mb6q-tB!7QdFoA8K_Wv#$7la(dbxex%uU7{-Jm8%%eU zlnOWMvzvlR;0VT7&(_1l= zXa0}$l>_uE_ut+35de5PS{%|ZYJz-P!N?e*J)xp7%$j5iE>>;RUJ^W^ka2-4kbKP) z<2oAF20lo^*;|G`*{Ff(p{e$wm4_8>PW~g|$nnL>ioLt&lq@%plbt0cz%o$A={+Kk zNOu;7iT|#tn#iH_F?qdjJ81)$i($r^f4bf@N1>zpLY$AL=<2C@?~7B?2uxynA~ov! zN!#wZ9Cnlnhhuem{}1a{&WCPK~PdlyiX|v3hZuo2s;;tBf3RaX=TB<*@&tmFUB$=pfGeCkf2yVaT`Bb~S24f-kKg?JnVd3v-(HBhk$v=t<;PUy z0~q^mfB!g(fPDWCN4^Wk98w$_{)08JBGD=o^~@N~9U~AhEW~^p3>9@lfi_m_?z{fae}Oa` zI6f>Lk1RGHZje*3OYVAie*l~W`F*Ae+#fp-FiGuQ&R>F&lJ#LQ@gjUVZ->ev(Ndi3)57H>$b!hmt1Hk~#o;hC% ziNe3%^i89*Z=5NwJSZ$2G13hVP7(-K)r>iqoKjCDH%wB5!k$yOT%H$iKGp(bsuhI; z3ll5=7W>#1QXU+p$(U0?Yb26Pf)s~89vIgYPj=Cz-vEW^63n2&OrWU>TafR|4~ng{ z(i?+{n2YlQKZi<0X)g~Cn2U21Nl##btS=~Fsa z^wVj_Gr?S+D~0Wx)5^x3W|er%?CZw2m*cv{jrG9uV8Dw&;j^<3{#5Gdq63MR#i)+PU#Rawt^UmQ0S68iF9|O=r?ZGJ@%W? z@jafnFX<^^wD7s56!#!Xs8u2z0tU78@8jV_cZZ;p=R6BP%ZrnT?_1B8C*p+Q^ml?0 z!RI6j8uApRC^J(0xCjcC0-iw*7DVJ*Tk^Z#mrvejH-uPS3(;O|i;kmOwPFQua|B-c zE~!a?)UYZ3n<~@gj2lX*(L(;(Ncsux-5MCcdZa?t+ef>moKxaaPxt6WYDZ}z8p`0B z3Rc*%da?H*6>q$brayAI-To|tCp@~jfSn+KFH0|)LInA+hXa4;ECvAuEcv(k%>!S& zx2Qv8kq&LM3K?}7ZE73RXGQ2SGu|BB<|HL}`EdSQy7blBIX8>~$=;{%g>td$r zSRH7UWz~yz-dB$9ImG_z_R?Z&@k>)ou?eBnAh> z@<4cB@Ne3Byo;!{Z5l8?0Rl$A!5H`BE^B!WBnW;ix3W`69H?HS zRoJd2H+;NCUJJqOb64!xM)0e8H@g3d#6+I1D5v79a~qwPtL`Im3SjF39(?YRKU zW|Gn$ZSKWJb=9_&85Kz`Y79Gj{l~0sr5+H>=2dG@$ElO@LR0f1mf+<+Q2}w0QJ*{? zXw3Fhl{)&{$-&(1k=1)%#4N0}K>xo&qQjZ&O9+Hvn<9kug<9Y zV1_FE>$9PldWz$v-`q07r^jD+`O^~P#P;&ZOn=uQ`I{bp+hyL0Agwmn1pUY^FNPYK zv~}&&6x-%4%zhDZF+ML)BtBQShGlEdG1$Sdnljf8SdEFx@UDQ6w`RPxRe?-_7%Ju* zJ=ODrQXmjI>iB*d4U>W#EVH3xT}{umLTIw8&ta=%4F^~|c1BqOC#o?lZe52DCg2|h zjWT5;XNr@e0BLca0In!ZAZQ4T3}^us(m^JgKwIkDkE2F1G9*)$HD>P9`9abD%qvo` zfFsns*O-1(Cf5fCF!zuFd$Uqg-?Ow2B4mUCJ)o(rjL8V5KM2n$prp4tt=cTSwZ0(J zUE0yUrS=g(7B{KrkHXwE0gl&;gh$BEdP2h~M4J9*nwT>w(?BkX(xpRSg;#pFA3p2+ z238ic_m_5%6;K7xI(yKZ;tz~JAk@)Jv^eOeb{|fBjD0s^r$0U0+(qG;_Y z=!4w?G>Vgb+}ay%v=bKwG{^JN-@QO3UR%hQ$qJ2v&>^&=!|UrAl39`X>@2PkKwmxx zYZQ5C1;ryGIElq_Sp~J zEPs??`rjY7)iAS2*aI|WMS32$snhLtB&s>b)S$QZP>jCEB@XLLylLtQxsbm;~pCw9A*=!89Uly$OXce*?AruEkM$73uxGCxQfwsnTJd$0qmjR~|fYnRv6) z$R7U2DL9&hY`$ziqijD$%t?xvY{RJKmjQ;K8bcUwvsQpux!PrnGp776fJK9<@ZG{t zSet`GPswW?GO3(5(hT}}4vO`N#8Fam^Q2aCCyGJ!Y?}FAB(KOIWhbLu(HGS0GtCW3 z!>*2pWuDu!f?e@<=(ZSVum=c`ny=3-E_fuLP zW;I^u$+K^_;3w5pFjco|g`QO9V7xv@GG33C$(khm+n1F3`6bT zS;_WPZOqscT@hE8s$@54x;A@v0;4E+M$vV4ldPedGgCH9(Vnel(rm}imdiNJv8uIE zUw&1_IvID<5FDL|bg_GR`ePLTYkjtb=?F{wXI;NOYrq>BF)OcBIy91ju#e01E1l>(i>6}AXayj*cc$f@$wczS@ z0ga(80wikvxBZ-5ei)hMem2rjW(hLj{8G(vy=gcTFO3(AMlBe)Br?TAYdO;ebN47) zs}pAr+^RkFxZZr>^At3-@PR1ZetfoB-*Yw+)cXQ2bWL>Gy(8XWv*n3(Bm(+%%Z*Zz=r*?< z&_+I&hk6t!M%Cc&Ia1Ue;}DJ7LWIFSBCT%)J8Q&XHm^UoB)p1V2uO-8iFt3xCFzUD z(#9Oe*)ty0Kw%JPm%6fKTgCG^Jb+HoxxFDp91`FQ( zd&J!4qH`-2BC35EcCFu7`=#M1ETBsqTuKd#=~?%Rp18@1*T+W}yWxAQU$yhP4<)Ce zR-hP!Z?g<=LU%c|?Ohy#r^6Pr*I02N!*JFcFhoo1;S>uBcQ=;qb?`O&{BuMS?`kBxXdMZ|{r5^H~Ng7zTzD-p+ zQ=M5u0lPfhKKBA(-~EokZyQ=#8~3l$Fp7>>majIkdBVKz0&uO!J5@swgtq31Ud!ac z{l-vD(bLhpJO=GRLA#z<%0I)9;U@(3()WTX=KLvjSVgD+$MaH}ud2W{FWR=hfX%Ko zoW|9uMuia=(_j;kIXM4T^3!7OY? zJH?(3Jw#o~s@>8?oHLI%0Ryo**{kmSD16Jn1n;spf7D*-=i>NQ1|o3JCtx`vvLeK7 zquhBg5o9vdl*e8G^f?cT4m$6tS#E|$KTXT`2R4`ap3z`*Zr&5~0RZE%z-}=7KWr*~u z0_x7Nw(d>=hV>%s_(wmANVq6ayXqpXK$ z*#gxFuf8@6;>ZKe32B-f*xn%70v7}fWHltk^Xb(C`uVpvO;2q3jX^&@!vRARD*(Zn zfCJ=sK4w@t*r%~mvSs#4cd@&p^Q`{AgXp&Z@4?5MMBWypuiPClt?+fJAF1_c%?G&m z5ku3=-AByybOv|IX{p$oR4!7tCAL62YCB_%e$s_a<*m_66H%hmV) z7pLc#YYax5B-rIU{e+YTFA8n_(=t1u^8f!u3?6dzA4$VP9Yya^?t#~zD7Mn_m!Ez| zHLMux&W>ciIU6U3ChR0gs7+&A^6d3O8g*LF&C_RrDGNiRWf_gQMZDkZVhCaCA7=gc z2c`7;^@Rrc&SBXTxw&7l?u)L}0MBJz{8gu-^GWuGHz<d#K4t ze#*tgwW9jD>hxPAf{F#+i_A1UYH>uhnwU82w@?0g8%189wZlFoglgo9U*2GW}a#{zf?wI zDV z^xl!oihHYDS!7HZn7v07Jk?gr9efpmAFjvwQvnDdc{}#_QXCOj#rdMtFQtg1aQyR> zh;Wb>{9igNKapF{S> ztG=CGrIVT1fr-2Gxy_##|J{EJ#{AEz;-k+45|RP_O-)5D%i&FZr-yRGe{mOYx9|YT zYB3hi1)%}ht-T5JCi|x&OCKE_Lu6sZ)6XhjK?@WatfU%&y z1)&m};lf8Kiy1vhg(hpQPDXyfC;h4%-AePZ$R4=IFFem=0TZ6$_82F|oXczoFLRur z0-3xn$CSITnfSmJ3B_bSRN{&TC!!7X~?KRr_!DlL2dL9?T&Ik(e zN%xcB;iTodh4ZszzY~G;%L1v!rAo$n+&_QSe-_FxflF|Pkm*7tB?n$}UBL9hY-blm~&0Jcwt}7MNst zP3VQ=3M_8h#9QXV8_MVLRmS>B>`Qx_lNwkcCR)ygV%qD&hQGE?PHO!s_E|2X=Vaf z{VaTb2sc=at=8(20GlK5=O^g&)~UNXNBPjs^Ql3Y5tW#}XsSwVSAd({6kLC#S>$gX zgynshl;Hp5B@Kxw@2a~3X(@>0?0#;6hE`B(p{+b|U+K?cVp-Y!TXoc0YryL?jl_h4 zu=j@uQ5wYM06Bb;E=LwEbX5%(mEzb2X0N{DzWv_IWx4o$EPzq#%*WyDsZy^~u0?Wy zML{5hl^D3c{%>Aka~Aq>;hYb#1SfAnL8*yjr%-4nkQ^{Z*4hM+VDP|z*Dxq5pA6d? z`fM=|9Y`A2+=@^)g?@uNo-7eC^qr@wD~sTLHH=oBXmeM~egoBB+KqaEgR{R$99UYQ zi2WM31VVlqtiOT2NvM@( zXednlxZCL5_|(UDK^cWE{+iIe)~m*eS`dE;kZC2F;iZammzZ$39s@+vrEH^Odowf1 z^`~ByqhTFYDv6deBJ0)~piuA@4j=+P1%3TT5C|3D_%C`ND zvh}`!3Oyj>-2*;BW6xn@7ys`Ib|}iay;2qSbsWLoAqkgwVkhP4TGN$v#}rgi|D~+T z|8K147q0&q8xgw*^N;sVzi~P{90j}8IvAsC1(us+FLf11Ud36Dy+%!%ETRP%THbO2C>az?J zLUQa`k4Zl^{Y&2H0_=SxiyZhS%D@7kJw_2=|TWqReH@|0S5x+}-D}d;eB+3=yp$K~Vr5~OvgOGeAh-CGT zLFe{Tk3>MF|6vd~m!1>j;0=9V8Z7h+W;POiX)Nhoianin0*`){^e%{RFWW27GMk~0 zq;VLPjr>{hVdfE}y20Thlf%PUOlUR=jlkO$n7zM@0hgz+I~^*GGXv>?TVVmm+X;TKZ>&m(7$Z5rAR<$7J!+h+?_Ux2VS+)qRhOMJ&Tst$zOrw z%w61>R5m_3n{^KzDFlsol}f+Q7PJ2`Ggs$u!zV)Prp&jnS~>|ku@XdJ2OFgzG0K}B zt=3FWu#M#Up92-5@)F}ykWiE6V1lUZJh>1qSUVe<3JMsGvNt1{O8@N3h`gO{IC;nN%s$COwKfe)Weo{QM76QV(P}G;QBLi0D_xIsW4%5!?1LMY z#G)TXTEY`pTAeZibO?PO?0J$C^*Sg|4)#FxHi(LME}!x0eSz<7IhA3*m$94Z7d;S9 za&@P%sh21&fvj@o8z*4P#5BohPv8R8%KbJ6+6|aZlm<52Xom!1pB{21h__K8o!0!- zYw)Lv2F$%KlQbpx*EdG?-%&DpKf;>qZa&V=TZ9J3F}&08VK zH`Zb8%FrOm9Y@+D6#3lUkDO0rT&vIBqdn;#{z0%T7r_0^nl7_$St`#yq0nn#dCaGTmv7>)&r*Tw$;$7LggZU+77C4_)8Mx{JXJj?0@BzuF#zy#>G24u> z@Gg5QAZid3C>Y*9aSu!0%b|QDVz}#!5*apm+6CR%rlGbaXXeB>#Hy@gR?y3XGbhO` zsK|_sv>gHcEJ<3&HVFA-#Dt6jZO&^~Yds*Ms?aE2ycp_ljI2^`b9)klJk8xLbbWIo zwzZ#jZW{m^5O1c~a&`_PWeK(_CeW`$rP1% zgcKQ4vgvsS{g18$X<1FmToCwr+cjxb1p8Z$PPzz}Ju_6aqFaK@O1la=XU|+j)d?N=4aILQ)SqE6Dr!6 z>M8?SC5g19+>rA-t3Yzy4#Ri%Ou({hT^yCNqw2WVK8Bz=31akQ zw6JHgljhn_XKg||IXOA%4EP~IGxn7l@#aQFimU|m=e`yhj)`Y-GY@MlUU^*_w{!-; zneLN;Xej;i_C9hkQ_?|28f6$F2{c{;a336dJ#N8o9a=Odpy{Ax__g8bW{B;Zt)S#E z1<0DLn}k&tX~iIMl^S_ zIrF&@EW!QMaCFcMIf%Hz9FiL=G7EE!3P#m58|lqj)-pV8%=oKXi5-Fw=2OZxV{1a> zsw5o;LE14$kljbO@A%iZR4ZoPb^oBkYv_Z{4Lj(Mq(jAEFeda@&a!Qz@ z_b5w$!MKG!@>pt>1RrBcyp){?;dff>tANXg^Fc{xr~}fpFds1pr!q5@ATkR87eEjt z3!G9lE>NmL+khyT(%R_uz%}arYj{Nl22b1*HwGYJSE5pO#_bQss?SDaSBZenx&}6j z6}m9eg-hzFw}452AZ40-##zqy70IM{cz5%#g0D<}_|oJ%{#&xW2w&iA5(1fkk&R`rUrkty1 zkGA^{!0iq0d4+$o=C{Cg8tJAwvJ z$71bnViRO=8Fn$k`G>VlzTnEk|NY~Sk@Hl)qG_xn@~G+>WmmC0b4wymBUqu?aC6;Q zFm1;-UJCR!##_)+$iHsVl!_SwWhWaoO$aY12}2w5i{{WbhSk`I)$7z2r$QM(4Kz6^7-UQRA;C$&c(`mIHJwk^$flCe7Ot^j# z5Q%9hw2}VPDbvLB;~6@hOcJRN_V7q#LkgHLJkuu(OeRVm#i8iIWhU?!>~h^uSJmxi z!CO16*0F>P*OIen6wctj%4DKdZi9E4>sd_~R&*XD`e=bfQ_7i1`+GhHg zkxN5?&;pn@rEr7R(xEA4FMu068r=Fy%WWb-M-kjPic%N2O~g3zIfZefX%a?+;{gq+ zR9pg_H$6RlZxnsfL83sIuz<8$uVd)$bS{r-eq=RV&3IG?nshVHt%vlo)JFw2#D0#k7ctYS8`Z0qnrB-WK`mJpbBbQb zlyDrPKUkzFR$5OaVvxOw>GWh8*i^)1t+ah-AM3;YQ!COit|Tf2Of+)6AoO%A zmfh;2m<5i1{XY8hOY58B%hoptp-eMUj7b~N_EB4@-R+73F_zdlM2byjtv(qu#Okf zHy20X4vKZ^u?-s0U9*IV&Jcjnr<2SDTwgZGhIf%h9Z50ev&bj06g_hhrAd&ZbU5nu>@|gur~Jt-;V=>NqdPwBBVN38pzk4%@(qFFBP& z&k&6yLsW?wd4a-C2+b~yXJVWa_Qg5~BI6g01r`h_|(KOfpaCpEV3vl7OOOpWMspis9n4q-`1Tu#cU=_NH9>a2nnA= zm{W#yZ~~YSB>_RG2sl`u;5g1AOJw?whmIpd+*lC3UaNu?auyRVXE~#08aBx3NHfBG zG{wx=R;X>yr0SxsPyr2ltya3MH7^4RG-g6jSPceZ*egL=vao}gF~q)7gs{0(QGn46 zL6Qx0L+N7HcdcW`t)NZSjTB^&+G7Iuia-GqI;_Uqvjx3q*}5r;^c`?D65)Y#`QiL% zUmG&8Kh{Ic250!oe9$Ym3oTbFU^ijw)zT!6W;qwrbdNYLF9svlUPSCti!h!Ng@F&d zO<+ze*U<)XRiNCQ*hGUwqEA2~S$)Uw6EGjlwUtXf+xB~wQvl!S4MH~PO|arnS{g_M z;abr&oFz90JvSE7BNCs>S zKDLG;&A*kVU?TT`r^*@nc>3080IHPBi_&w5%u|y^I-JAa-ma!$?90TQ%-QfJ0fX%n zmYqI@%Eb!Gc1veRrbB1~Y%##oHVZ+bASelpC*7*m<`|}!Ft>5QoS_i)=`F!L((7K! z#T5u`DDCM}O3^j<{b@Anm3I-*>zIAhK}K%x%$SWRIlH?ERI69bTFOo;*31SD<(MTS z8@)w~FcTaFSTa8A!0af{)uJ)Fwb>9<(~6-hji-ygv((@Q-LfM|C3v&>r`7_m)wOQ> zHW@)UbLQC%eWS|0g8*GQ;>tzGnNqB866?0I$o?U{An21Df0Qv)<&{YXtpL@08_EvbX}@RJ+{IZS90+s)9Bk&>a-iFOtC$5L1uvTh>(B;9{QGs zMDs54IW{pGBh>d|GU+3&x~V-(%@yz~Yi8CrAl&wcG$i{OC)e|9U8-~2n_Ej;DNXCS zFa8))B|rB2eI--3zytU7(Rau1(c#hQ`SG{MhX?0J@V52t`1sB9^TWdf`Q7N?^7!?^ z==h%p$N2D)PA|yoXGiZ2w!S+&`~ADKp#ZR|Bkl(t^YnBzI-9S z``78q_dmRtzR;sPdjF<8Hc*M1An=0B_A9|XJv%@rr^i1YoFAbdj($!-K4PQe*9Qkb z93K4Z=wSNxXMdKw9PWyXkm-fUR{5IKF_WBCy0tfv3_noIe2CL_UkbRwB}4B2d#n3~*X7M-&%i z)_0GSFdES*iBSKkR|=L(BFSf-9wZD)jnn0Df~bK=IKiqADg25sb-)ZkTprfa)qS zXpF(Yuo~y;DA}&7=FCZlsm=ZBI~-2HNsJH)I60XeBp;g0xUxBe&)p4D?S0Cd!&pR| zJ<%Oex+^9EkBHs=dXG{**>&3P0EOhLyA)f?iLGVCL=@E8&Vb3W3j<6xkfcj_S=7U# z7HcFXEe<C@#rla^1~wCM{kZ^fBa5!i^7?)+dVetd+%@zsa4ULv)tfDP8IN=I|U30wpk6t z;XAl+QF^aiw~WNh(3wg42(t=zb+go%tya#GpwCweAqDff9eEPDTRI%i#VoMyq2LE^ewJ(Ko7?ds=fwCou$R9@5B$ElrIx z*jKVGa2m~g9oth@N@;2iJ=oq{T2SqF!Q$6dFMt-{r~4^;dy-!6-$w`GC7ucR2Ii~% zmUfM?O{3ySw2Up!(WT}P&4FZFz3tM5#;rt z10@?P+X)Mv2!w~=0X54h0dTMZN6l7w*7RU*Wtu83ZtT1K0pOeifPC*(wf}VC*ffm> z47HjmK?UVjDE{4zSZ3^=sPO z)W6&=wE7CCRw>lZ?LuvM_>|e|lp3_Eoln)Z&{85gR+Y^dqP2VVV-_5k;Xr5#+27PJ zBS}ji7)N~tLE%GA=hBDtV4usjwAAPdrazN`X6UG5zLVeCsWe)6CgIU^~KEeeLM@{TGOJi=iI0tyc zBn;D(fvNtig^(>Tks709W}61AO;8B@!))ta}e#_UpK4~H5&qfQgf8Q0ec zq_)eM(*;&Lu42kP{rZy8yWU*xol$#E_ov zyk#LsU?n9m`y@ln-dEV?F($O9R!poOLrTM;lqQ-*625$R1G>F5pD7;~}-fC{~z+vew1L zAtyW>0>;1u*4L2*e;_k2^}7W9%}}1&|FtHS^T_QhrKYdd(`D*fPhDL<>wCz!PtuQ? zR;*#I($tY`r5KS@J}m1`CRb=p?A?+IwcViLM;KcOY4x?f%c6|Via>W0H=gY z5RaV!XCt7IkOT*?&uCb@Rx2MQ4ogF&n@Y5vQkIBtmfoMYM>%S)?8%DLpPCjF5a?ZPnN~c9y*BOutrHTj!0UwR2M0mFTn(3noj%8og-9KcaMe5N%or2 zwWox-ddlhNHL?CC!st^-2ORU6mb5d`LkY*87;8mVvY7g!XNvx6G`vTuOb3qUm8eLf zfJFYxL+=*);>!LVm}3b8eyu zz90zvJYk`yCNk@So~ckNTr|73O+FJpk=jLRR+bm{G|hhc5TW;MO27?udv{am0$ZC} ztC{YkEVoZWc94KrX1UwQF%S3e9uq(%;8*`>qw~q0q%Bvt$FA}qb z8f$^M`xvB=UhVB{V@88f9@<0i0YTXKgV4xlJZ9Y5)H5&rRI$;iR%m2E-POnACUZt) zJ>XIq0ZJJNlt4kkA>w3&d8)KplpTF|tFinD{p3ce1*tzJbK{Ot#KZqq62Xb(h32Ku z_@KfC7;c|r_lEb;bi0o>?7a|P+D7Kwk%qczn?27@u6ixBkts?Y>Yf6e z;3oW3-=az-0!VR20))eOj0YsW_7NeB#%uyvsnkS(O3XO8qo^jWH*AJRVWwOOkTgh7 z2=XjY({0A}TIr!uYPm7%v{+IzUz}}|EFzA39gwLZWNmlT4mZ&ga7iG*0yML3-lcQ) zINdRH<9eDw62jEC1#IuGR?dh}-CGV~mj{k!YL>HMWKc*~4zTSwplKRb!xr<#okxaA z-UF^dmT!Dw!y)x44t22_Q)v|~Pj`Nu?*2NV##yiTDE(9Es$H2Jg*3VliWvT@!3`=-1PiAG>_R*6-`#G^gzRQR(KFrqhudNkXeuiVLN@B@ zGNh{@(H5!cPFFJX=Wb8CjlZQni3Dl24p}_obTpRefB7t){ioVh_LSm<1D{Q_#3u=# zptgP2)-wbXYu};c$oJHo_ZSByP9y_C1By9?gC)~l;AF@;h_OE=b|9O`22j}Xw$O$u z&^Djio&RiEt7)XKa2jJ31&0@(#8Sssox~x91K4ygFim(Zn?;cgl%NS$FXEZqyi6&C zWvc~9-S71-FE2d|L-ZIQ^+H`l^xhsH9=$(1>h5@3|7f*7MxpkIGP~bkX1!_@3l8xm z9OI3+xra!#A2y9fn@F&syu_Te+zU7vdhD2}$lcI^OMj?+aE6Z0+UWJc+40$C>!;)M z?>~GzM?W2$o*ukEKR!A`A5PKXhxc!e&yPR6KSLkBMF;PHMn4?Cf3t}Q1?w#N9D``8 zCTs$Gwbwc$B-eQw%)%IWQHY~af=2|6*pzS(Qe97Y90e^1N^E#)2^{Y~9`K_LW@eAn z0%0%Pu-4PZ*4Eb6^SwRzcWY~_`0w`C&hCF~?>&3I^WypT?z0#Fv9&4!Gpsn?E zKmSRTO8g&N*Y2wb+yi-X*OL(Pu_PnLXZz?l8geWoPkbe?wh*%1V&8B%#VuNSX|09h zIQ_ZfZSQ&8tso1DxsMLeTcb!h5};a;kTpTAJagm`vJv&sfXGWFCz+kdoO5_Bgq-6} zBMRuFAuAKowtl0lSPsh6B+H*@y}ItvkW|!i%F(>w?TK z84tvMt82#F>Y_0TW5QcqB*`QWu~Z_)Fp1zoaI0%UXeoUxJzus*z(2lIOmh=9oEAa} z53`Zg>US+&*9^d%(5W^T*OarE>?5Q1wWiLDJ@d9(cTJLCpIdyY_`h?paV>o;;Qw1Y z&z~3h|L)$-SN?w+k5U<}u$*Ho4oB!K2GEVmxPFseQ@O^Y}a&Y)PNQ)qL=dDZX zjSisT3Xq4#y~8(1G8Sq(bj+DggivzyqetlfhzlB9uUd#<++s~eTUH`Z7{P}0^X{&|>G+_Wwdtbh^ zTB;Q^rIUTI=PMmni5RaY3c3E6?4zt$>y*fZD{WONi^z3Iasqm_{`?cs$Pbf%ptdGU z&!I&KD&VOG+Gr!7zC`T{GHavuw;w*VQCn|dZL|UTyW6i1PTT6g|K09%Q1{ChJ?KCG z>{@@x1wE)LG1vz<3Esf*$eBMTK@!qvbUcb!`ua#4y;-Dv2jlccn05MtXa`4HOSLk$ zbqBm4vwigEpUAr)GxX(4D~lgyBXTRL+2ocqepDCe3jLli zNs3=pbrJ>k^(9eMv5&S}_CvQkk7LY(Yt5r-;AZDh_n@lSO{w`bsus>ngwJ!rCkEl& zhcuUSX73skm(H15>}}N6tK~*!P*0wQi4GC@9eJu#+oypXzBc0;p3@)+11CN# zb&XuB2H$gVFIfz}Oh1q%Q14XACcu3MSZ<8oTva_@a1L``+%Y9F4m5@+T zvs5Nuy9B-4gyICYiBiGUx7vJ5mXSh4RLi|H?mEeaz7LCaqeyf*l&Uvz$z%f=n#)mG z9?jW2d*(0H>7XkV(MSnUXnQNqrVT@jm_!?puGyL5PO&J8IgR8HwQ(GK`Nf!4+DCtb zL8atS>dx8Ui~G#u3o_e8kAZ8eNh=dWaYT>x1_zs+saLrjl{$7-7F50t$8$?`%Cbui z!fLvMI`@%^9{&}{sLU@O9vP`^QUC4ih}+BU_aG^+ZzIgf&42lgFq7f`r)-4F>nh!9 zR&{sV-Ai}*HfB=SXHgXlYQ@+(dBcpU>5g`1^iZ>LJqUuByIt!?+Y z9pzv5v`aAp5BF+D!b~W$bj0q%ieT*KqTI7=h0eM zwrtc~6;~#tn*qETmQ0w+PEU0C5hlPqZz)kcy->zOOVFai8`ON=r=ZKh%{UJ zHfd|1WW;8uvPIX2o&b{xi$vqKmz8gfqV2s~Cn+4qV!dd}!p%0sQ&!=B6r$V&0?jbx z*0@bn8PM+nN%o#%GX$k!(W;SS_h=ixx&D*WLRzXp5v$+a4Z&7-{P$~jT(#@0WwZK< zwcFm}PhTG#I#J!5ttvji{u2D=`eKppFp*=%=^r|Z`Z6e-SABh`JUo5V6oEbumcZZj zNe{;~Bm1RLS5tF+SUWg5HenkY;tt2uR%njGt#zQ#q<34M{%Y&44~^d|(q@swAv$3J zI!GiFJ`M?Qh}Ch7mk``{mqn+sMR#&Ltis$*30G$1G#d4$J5Xc+a!VEJ(7Lel`ljPY z!gVsXl_q2QbuyNj41pw1VBbE;f`Mq=9TExJOUex`BqH|GDvNOcY&E{3ZA>ug<$*j1 z%-zU*-p1u2#gz>;1O6YcR-wF=pC=fXTK9h)vK)L|v5_ z8x5n`E>}}|eSGyK7wu>1nU3qK-{xG$Ea=*xMj7qh?Zh`6QzHv*qn1|T?mE092}~@7 zEOgASxBHFPI)FGGkbjH#7d53XvA(YAL}JldMr?syZ`a$>m;LiLe$|Y@;3m2pQ-5rO zTZuw+>Gq#rzO)faFYkIbITsH>vxZ8w@o8SIK&507=h?UZ5`~?Ydw8>Zi49RP+Jhm zMCU}7IAo(IIv(02iK=Gf>C=YxE0avk8EbC+IhbkxxiS5;)&2XwJ5N9Tzc2rO`sK^x zHrmLc2VEh_&Lo7-a!%zJZZvm!{@ zxy|!m=<9sUA*m2hRxv=4j`^cqfo!l-VRM4$bg_w$z%B+vm-AY!j{=X#J}jxnQykI& z_S7TQ!PXYqe^qkf$O;K_v&PfG?mTERb!~xf+T$_Ca_mW#hG5;=YNNJ}otpmf9xg+) zAq*5$(M7vkTkUMaD~)jbrbf8E#0a<35tfExSb&Y-mQG7~BraH~+fT)elu^*hyM-!} zI<>clZHGF{u8GQD>rYkKId8UPzQrPZcLqmf8cw5S~(l7s0aF`D$KM3*dj zB9R<(c4@aH)vxtw>!x`^-TqE6!~rvf>Se-3D9x0VBC5cH^fyK$aCI$X!F80vQBYCe zYTw?e&JFJ!i;pIfRoC%9cno7SINg7R+P_3Ll=K-oIz9bxx(`{$VLh6Zoi@*aj@6v4 z-(nOp9flh^Z`XJF%1Cs%m+fC7RD9m2u}H}jqT5Qs5hpfooX%>=!T|YM%wU_qYU`2Ccp0Gn1-aA z&WkB;W=5<4;@=9DjLT-OSeYQN&=AwmA>I2XBK@VG1@a$cGr3{;@5PG>`EUE{{r_8e zZe9L!>?}G9l}RBEDR3&p4?}_QPv(OTKTjEx&czlZ|Hv`XrBPdZ@3o5#fgoVi?alfA zQmM_HpUjj51uo+02t51AEgUmJC95fJKV}t7Ja@)ntKE0{)fo@;?vQUs;*qOxy0-Lc z$4BGKs9UgOw*Km6AYawg=+=2DI)AI~vXKUKM1*vQ;{f~$wf|3HuW@01Rnbrd)P>IT zkd(Ki_TNPBZ$kaAT_{_eJ7=W1ag|I^tuU(bfoAuvzI(2Kd$&$^D z$`PTR_i72j@DxsqE5oG|6L!H}04|QY=`|12#08ClV}aTe9A|d{vJ$y5yn+DbN;r4l zdJtnh-*Aq&mT9ZlPIe2$rKCk-;yrVFj+-TOv1;`YKiH-(rtSL(6v2xy=rC#C>YhUmM#ecyf zuNcqbrEb1j!dtr{;9PEdxEqjonAe<4se0dwIWe{oFxjC0g@!l`2iU(5 z`p^%O38n#X=gCh~d(^a?Is;v_k*CAvHsO}j;+fWC_;8L#O_Yh=Q+)sy>j?4{ab@3O zp+(q0^z^xKZxFIUZ)bP-Y&#&kFY(sP=g<9TWVkgL`g=Qr-QkPfXa0-b?X4Gs7h79B zGeB>|9=+Y$?!MjILn%o4^SA#0+koS@Z#o;lc;>JF?f%(??+4xg#@#=D>Hhm0^DTSP zdD>AmzG+nMao@pJPCK!5vj55)h1V2J6@kEm|F_es-aE*-k^Q8R`|||gov&aZPbURE zNa=09{!pv`FS7sGl-SoX04=cp>^*x?vj05W`Fj8JR-W6x|M?x*ttCNjdC zPX%N=z>*F^lkotDp?g8};N&>XOXD8>m07K!T+>Us-L;z;JC3A>;1!4p8;qkUnG6W;*aQzY z6&*U3I=R|_Ajxqg(k!uAW||qEgeFT9WG%GEUD%w5K}HA2f<+*ee*UQIjY6Dz&UHQ} z>1XTmVVOp%YRq$rDoswhKRNzZ`>z)G6jfcWsdO%79Bq)_bB$MB!|0St)!&)W9XK^7&rzyX_80wcO#ABC!gQZNA;>M0<8gt^`%%ho$&{5|PelG0};a@(!qr z8H4rxIWeuYwJ^DeWXshYLffct{eQW%b6m+gZiquc=DWRVNbWsKC$#G}vv_h<+wXMKY8xOzX3C4xQjPjz`LqN0 zeC=gUuhvUNv#K!`Kad&9HQg>E!VeRrrs$(^uGoB|Y72_zgAmD3bg@4n?T*Xd?zQV5 zJPYK169?)>&wux}_lo&{UhKU1dj5MW&+W_qjxcYN)aoc@m1bx|fVN~7?yxerp{`Vp zMK(X)RH+YV$H7sMt^Y!|o!l4Gnd9kaW3}wRvYfIMyG-wJrR__-7M|HXQ;D{1bK)68 zP)#*!Cd%rS`vvEy$ak7g{lP%etf-GDB8H zv5tKg-X;!!qrP6!950mssromb@I*4gem6%h?PB|*J<9xJ1|o(sWfenWl{@#-N|)7?2m24D#WY1d9-zOcDthyi6ul zk@#bTg^A$diJ17FFtH5X*n~PpsiOm9Iu~1bOPAFClw_jjWI`kku*3#+W@hR&`zj2t zgPkH+%V;B}{>2KX8w-M#cF+~rxPQizu##Wu1w4kgRi)!5g{sg~tB z_g2RJ`qV!QR*AxF2%KtC6wu|!r_U`kq^8al-x9WiZQzu6NT#02rYzXI%nc!S3HgI}eEd+e%uw+QIbYefIv|`KD z7HEWb*M#^uGCshK>D3u$iVodMe$P$EntQwS0E<+ZYfbmN46)4@`4gNkU1xSs_QQ zL^MJ^n+)LgnN7F7cvFUUDt2ZUZrzv5@Zin$cWGR^kwH)dbK}sx4){c5C~CTWRKZ!8 z?ivj*TT@gUwVgEJZ*pl^^qjn%|=P<5tC>_ zj0wzc*HpE`g2b=Oa*+|d?xC3GBEk_{kX*6cMCwj?J~r}*9=PV&0KDS7J}21d70!|;PDeYuzGUrcZqHthdd0sd#(I}7`NQ5f@! z=P&c{lYl0Z6$h}rwX?VM2)3W?KFd->L0IuuZ~|2!uF{jgi6@9gaF5huRm@}1Fhw3vE->Ay%EMEq-jaI63QLRrY);>%Boaf+OXsU~jaxZ#m?4b{_j=`sW zq}6Ebaj)Y7Ztq#cdvk6H9@<*aHTEeukVTL<&JkbJ@O-L>)w5Yd%ub*^3aOQOnf4C0 zv5_`@ON2Cs&nfadMt=4$E-?=>2Yeb*IrCry-_U5t_Ny)cnSeBwfk;kBZ-Qx*eSk@P zWTDsn0!~ZQ;l^;v@OTW4>c&MNoT<(BlAtl3Dj=qWBmibv*#(aWWZW% z7RdRmr&hNL1m&83RkS}CLsz-plBN~w2U4W^Ox%HceI>v1PQm>raxH9j%vC--m8QSi zqV7O53|R21O+`hnb3tZ}n9hZhfpHa{qthW?5D5Ly{>oTxgRv+fxiTEwd*{4S6|(#S zsxDsMFqbKfss{F7ArE?UmuRMo~CmzSdHbC(KhDP zdYlfr{vz+f#b%pWyw=hHevBhdB&TFb6lH-wP{;`mX2=IqZqR5=X5sR*SDSOSD;Mn0 z9+~9VAZnXvb-|DM^rXf3iQ5%16?fVl)DB5BlH)eo-hw$~Y7XHJLH-0M_xIe(V`k}> zC>C{dB>P0q`3=#Nw4Jj8=$9*J{aC0HhtWTr!>Y?g6L0!0C zlyOTnX8pxLIx@5wAdaJeO;W_^X7qHTE_%&aNN|*I>ZdV*h<%bF90W+rCIc1<3-W@d zv(u{zF{dye`VbEoGsI35n3~fVHNRT4v1gAW85rM*Me!+7w-lgKRT*L$eu&% zn9V@J$rIwC;~|Lol4-KvMB;+RI!dOnM=lY$L|}7}th7TJTwl=m_47Rv`3*XTj@+Kr zNH$T#+)W1#W=(9^0T$%>9wL#?XR)-)LG}4B@Ke1`m*D9t(sN)OKnO|B664om*N|Ei zj0X_o(M0Tq6X;k|lI{~>YGzB#o|dO$)lNHDR&?2Bn=vCL7h@uF9%P_O80Pk_r{@ip7!=u%v5O=|?WvNDtQyqdL_2NQ%y-8N zRFh7;KBpsBUbbd+=d-7C?`QEiQu45pZ>jVZ8a&?%h>uEX-*tSN-;tMXg247WRWSoA zA|RhVY_l=(-}j*N>%=tK@@2c}CbSO#YeV zDI^;qyCfWKsGaH{jK>&lcRKp#`(#2m_0e_*Z6tAAE_G$Xr2pEkTQg8z_>`7*g1QQ1 zL_VKtKiq>bd`l&mAKSnD@{@xLh-Z4GZ7de*dYH*RP<#Y9%ZSzlL3jFaIoBn5^x z4^D-b_sOJsG&M@UW3=!bX}!380#C?>ImneNMul}G@RAdii^K))b?sc2zvmj9cRfE5 zL^xs=#I?%DXHmRh6EUUeT~Yxz@CBmMWTDXVoD~y{0@}c4p?A(@EfuDpAI&8u!!;)} z&2b;7RlxB%FO+WW?5D=Vsg>f|&dZw>whEW<+}<{7#4I;ko*8njj8&8< zy!6mv4AED>eh3A;+TXtLOK$wiC( z&Q|Y|)V+wfEwlwXUM~%ob%h6#U+cahAYDAsGXbMZ)pAjOb6;Q0uQd0N9GGUgmie?neg{W@T#;hrU%Sh?WpvQHU)sO4 z+eQ0D!@642sUBG^G+(*;I-dpnKMSmIbN4@Xo;}+x-T(NS|M7O7JK+COKzMrSq0f}k z6QtDdDkgl4W1*Ea;j=i6R%m_*eFY?v^X^<$#05e5z#tX7MoGIyM*O^~=Gy>L8$HHx zJU=jAxx=zbS#mF#S`CZv2=keJv5|dXI_^ou-O2W!f40$vWd9T_G8H>H3%#eOBggP% z9HI>$OI6$Wf<5+5Nr)w#k~1jZ{qiMM*V>u+sog;vCeVw?y z+++`BV^`5~HnpbjdRLg<)7Co}CDwLIonkW0QCg;Eo0Cw@nT-SFnKoihd=h|+0^yG% zn{p5kHzd1RYu9GBjD}& zPx+)CO$pizBcLdSsq zqW0-4>rK^#tZ>Dx@O47N0Fh{lrkHD|AMJ09br_C?6Inoto<%z|lUX;l<}aR_LQ{_2 z8NPr|d>m5PT7>!oQba5D*8uF)fMdl&EXcQ|s<1b9iwTH|eYnbbZEIQnp1KknNFQ)| zs8gXI!_Vxjv$mBQS6!J&;&2#dc6B|23ukVwyGiOjtA8!E#7Yfk)@22aalUb8&}-+< zA*zp9U{{kL2EVBfj|=Vy1u-M*spP`#w9~C{6p3{d4o;?&=)fF`b#im2#fJI{r?#6T z8X+rkJ+AQx$vJ1I2Phl%C?*?Bo9ga8cy@(;>kinEjC}z1h`kRP+R(P_( zUToA-v>^yVkG5a#zIfhQEK&Goz~^SPDPHx6+dUt~G{G^PIWNo9%FU+)!!%2>!`iS( zo(zMsHN4kYkQ2p4K<($K<#yCQ!W6&Vt|4C_wEl z|K*q9o5xq0yY9Dj`pcgVPTwED|85_hX3(R6Na9Nppbe#iIjQ2meA!oTRGBYdI-AJI zn30avts{klp9g2rD4Zcq6qqD3w>Fvyb`NA_; zfIFHpk&IIuiXPlAfxzNj(|T96-Zj`GT+Fwo=7~aKR1hicZl1~nCNz{9a~Qf|>zYxG zjmzX(3QXD>M{u+fqY@SE?y7h9qtAE}htNyeiFTQ8d_hmNOER~Y0k}y&2Y*aim`unC z;S(x^uGy{-T+dT6Ix;tbVSES+kxZ;H8m^JBFl3ib@@LRJw5w6oSTY#W1a+mCr7;%1 zXTKINzzk#7l4{23WNNNf(mab>_tc&Iu4G^*?3Pl89mlA&KV)jdtsRXjuDHeqiwK%v z8aXs(kqld9CzquZIDk>c%)r|jOxn9EUG47*&88OyAf$on!KrI>Cqbl#KEmS7KAxE1 zVpLam7rYXbvo-CZZ*#xVCF2(%!+}WI2;6Y1>>39+HqldOEa7Qg6cG{#4;6SsK3+Uz zpz>MdlNh86B|Ik_M0S&rqMLT;@QU8N@BroM#GL4mmWuXEb1Trsgh5Fhp(W<^@r6;| zzzm=b40ZrN5d^;9zX-_4w`1JwXO2gx)aerSRSmUwZ4{c!eRJ1BTEJNh zh1GCoikMW+ORok~&%4=GQR?M>td2P@kBxP=`SQPWQ>FK-kA=Wd!11!mz@qb??VUpW zr=6YMt*_@lxANS&{BN!b5yizdIc1p<)0;=Y)7AQg8%T3+SX5l5$_O=Wu8R854$(EE)&1IQXjNC&y)-yM){_mJ zghf`DafMdT-gDpA@YafGO_A#uoeSYlDomJJ3#Q3ZV4Ylh=8j;ahRjBkZy^|b6oj8} zGNhjyHFH5`o~~4A$zCaRFB@jY(CpSpq0juix7I;yW3+-YaUu1CQHV5~) zLq@n!T74J1>WKTgc(<1k^?Wadb9XDS5=1I1n6%LMe)YLPESU4+Dyy2#{FkrytseBV zg#I_doZ?`x{87*X{qMz#-NO0L&i0FEU-iFRdG1dCd#A|h&Fi&mf0j(|jqYawt=0VC z&ieJVKHJC5=zJ9@T}tD#^-Xg)k>iz>zCv5oDj(+lm`dWygjage6bIxKFSeA(alPtT zXh&_dszQz0c*>ZpQ60JSsh#V!q8+vUS~pXtjl{fOSbwqlI=}uYi9_lGiPV8pE>Ujv zo~p#fS*lfwa|P>FV?!fdHN|Vzj&mc(Lj!|!31yXdVI_jANsjJZZPgLA6yGk4p;Nx# zx^5$c#dI0TYc)d@@7ucI13BinPup1w?Kw!OSyc7ZS5dwJ5oWb+08Le6nvb#nDTbUT zJK)-EIcpRKnv8n|V~%aMqPTb|@bA!t*2f}sMnY$w`v#@IFt=TZA*6$KCn~B*Ea#pk9FPKr6OIFR8`+ik3+%onb z7LC~Y?LXUF&-RM(AGTk-*!yb#xsB%z?LUf~-n{-_oQ(c+{YD@|tM|tUV^zLW%Mp*5Hj`GVi3x=RbvpEZ^p?tQDeqgXjCcyRc}-3tov)C91fnM_<7shh)Ho3x%cCT!5g2)CYxr{9>GRB#b4TxTs z?+PNjXLlo!w9u?srBk(tI>P%D^eZqy_?PbGP{Q*(X0sGYK#w~OAjfoH+9 zjQtN%E36O*V3GgV^Wy#go$Y5k&%WCKZsWN_``_&BUvJlM_{-)0xO=l70C}UHU(mx1 znfZ#yT+YY`wbx?eb6Z-`<106qmHoZkR=#?Bef9P#YxuCD{|6Yg?%LNY$2sqnRq2jB zy)*%S_4B$LThqclZ+(`gb#45M$GnP$1&uyz8xw%gc(zxyFIBd2UF#Awde3c3jg1)f zqT5ZHFm7gfUE6Y@*VO~}=c*Q?AKYv{o2_uk0srSYbl#Qw09F�o=wQ<>t+l?)d*h7I^;BQ%`h+( zEmfL`QtdJ=@2X#mTUFfNz7?6FV?iH|t~AHHsJgdG!-|*RZ0^vSQZ81B*?Kj9Vm5nuJ3>Vl#rc?n>}3rKbBVLj4BV`FVLoK{$;`{Z(plP>+T^)C89^OZGrltjWMr=Uixyg_5gdewu*5Zws($clbU4@4Jp z5RjG2OLGq0B6p3&C6O`P6~dfX^}Lc%Eoql_q3RxQfRnhw>T0YcFYZ2IDz1cQeca7O z^pc#e*y@6&*39qR-s06+UZrmPfXSs6rUfKZLlSXenY;8buiOpB|K=p1DJK2`K|GuMALsoopgFAS&N>Eiegv@4U zSzWD}MYh)AF4xEfnF%k3vW12q^$_Ot4-%L}cMBVHs(4eI91oHo*4wac2K|l9`3-U) z7T{=CIZ<>L)+$#ZzgL20O@npj_FB2Ri627!@L*Pd?!_LhN0_t66Ua7Z$V9ASL3%`8@VrUvUB{; z3e+~ocg`(YZ`;nZ;M$It_LFmafB1&$MP?|?VCU`C)tka{#;58wuBn;nM(?G`N$+?% zd9+o;H1v%z4Hg-*ao(VgwKgfFe%r5~W?jdfv-zmk*@@Fr7@e6*jUQTkA}mIQmgg)3 z$0n(mkr~iGUZL&1PUD%V6g#d#|CQ}I#x8f~u}nR`eQhiub9MAy*shViR0k$a-->%j zakTTr4?3*t-d(YZycaCSyVk<)?pZ?rcekXatN;u2|GgKxMg4#0`HQdj|8C{EJO3}E z4y!Vt=nqI)*VnQ;l!t|V$fDuamSQd&MUgMf@(-`tb-I4)%wR;M?$(wOlWTh0UT<&P zX>UzLzB)-y=aH?%O%({`)UkzWK(VvgTPUlI9Oq-AMG=$D(vI3Dm$msc4Foeh33Im{ zGi9&Fo|1_bwf2~)i z+5+a-sM>AU?&P&I<)>pWVLEThr`^-iIrrl!PH&8=)jfNuWD-^7zLTT62Y;~+p!x?Lp}DRt}BV^!R60W}I7 z1)kEvGSbLq-+5;dSi;10^_nXA-y4%~LPrtfWGyo00{MUI*|V*@{J;Hdck8SCe=E-; zbb_VgF+x$Lo^-WgL}-xEFi`wA#{LB!5#hBSq4O~nNF;I0xD-f?Nf?5+3YuW)k7+d8 zM4W_J(y7_-viCR&T8~gfM%ur5LmL&0A1V6(bv*PT3TKd_J=Q})G2tkr5%F5yo3mff z)b`YRgbsm9(T|5`D4<-lyb+Z>_^%#*%NzW`d+=ZTVm#`p|Ja{m8uhY<2H3wyV$fPd z>!~L$03Q-qHbA^2VVeiB{_Xefpk+ll<#{Z`h3XYNznTSm&~rET+Ebg}UgkhNvE? zG99p7kN!XQj;^_F8~Ki3u_JXZacfeR-N|&^OFOQUwwk84$8zfFM8Wd)sGMJ%XBkGQj@LVdya0pkg zzI<^h#LdkO<-{V#3U!V;QyBAZii*b(9!Kcd1U-hs^e(+?&&wF6ys^zOm`ojyMiv*! zdD|r8G&k8T+Ekg*EZ`652_@srjCQ6#LA!tse*<+ziDtKq$&;1(sYSmUi(94hV>so1 z?Ej;zM2TKf`b(4ty5CXr&<&T)>!JvU8F?h#K2*dCKrLT-gTRgmw>HN&R~bC!5u9D!nYsVk79toHR4#2(?FB zS>Iz^qEKkfTQ$_^x(7b4Ar4XF!;}Dg_)8CC|%VaT(-ng@|__}O1Z#GWBf*ETT>wQ z@=b-u;JEA(06DtMDz3eb;RV|Xw99)%r6QnIXB8%++Dic7oh+*YkD;?JA$nH$2&&6& zC37#pCu`_KjtV)_3#IRb@N)4O*Z{}NMIX#K9Y0IQNscombuvCk?6V^ws=6pHOrf$z zX=P^58;}9~MfYGg>*B=f$w{%6jeA1nQbz~z>D?9Qd9(cNW(?`0_0Nq|HM2@q%$L?7e z3EpE(*b9$e)EpX9!`jqE4u!f!y5kT5@4S_u^xW7oxQGxJTwh3GSV+2kqCsirrOq${ zo8hq-c52zzxZ#%L-`1BQ@&7&2A3{(3(3gZ5LfCqwi2W|v)dhKd=TT?4v8*@5Y_L)F@6vBC9D*(w`Q6gE&~Vuh=;0?*)Fr|+00M@z50iPTdxK=K z4}COe9I6I`=yP-Bh)xH2!{IV`YYKWwFSaNiBm*I2mZ5V$nj9Y^_k>qMY4Xj1s(#1+0K*sGDIut!c?|AF?DEYvg3PxdwUP8eb#7HB2z|IE zj=B}&P*QJWxos8o=1uezOBucO@w}n&5yF8 z-0yf7R=nP&fdOWP8F`*tY}oU2AfP+Chna3F{XQZB{bt6M+C$6^saQwq5cdgN<+BGXKP|Kek}D?pV~e@jqrw@Kb+)84c|0 z{OaX2^>==&Ci@Em;)8?#?TGkb{3nLQANrlQj~xvB%j05}&16mM#rk<++tgdblF z=NSa~EL9Yo+p#N?1yVVEuast2TogdrFO*H3`Ea9rM^MiPgZ&*|J|7HN5L;r<9>~!bfKVcA^)!|)btcM<$=bt>Kx-jzvKip32683YI%&>cxc%uuD82Hs0 zP2@cv{K5Z!DeYG0X-kmP&fT`U;?DHe?TEExYiEExY6STNpYL3A4Mx>{J7 zQ>MZ$gvSBS9a0x=?(OhZemY8o! z{Dtz%ddAHUQr_4v9Xc<4?GiIj{1TJc73Q9Za!|@&jcwaeRO*EjhK@EI6PRwWpDm?c zpbHI~(959vn@&NrF)k3iA*Wz$WvuieiOtn~jx3frN?%(7mFLK_*Ra*2kU=pNvcs72 za!;c}6?Xv2J1pi@R7so1yrN^-%kx)h^vc&u={wrjXc1Iw>0liD?(*SlAriQ-xZ-Yl zyyyZyle2*3%?sv9*PSOEcsko_x-TEGvy_wXcR5_G}d9*2Z<;>Koe)JT$F%O>Q(6akjl^$L5vv8ZFGq^vpG*u~`0 zRNY#8Fcj5k5^2{Ywi;sQ9M@C)Xu) z1IoD?-G`$LIeN6CsHiSOEv+)-AjoG&NyVm1|LNSIBlNAyYVA?#h6K4GW3vmc6LyTP zzqMdAM7Dc~?rmnoSYmOGwsll*%zUo6>B!4+lhst&u*@Ddp4H(mtD|2^wFm+p4ZB~H z+F_DOhi)&LNxY>OL3r&Ryn)qG)Rxx{=XC*v(zo0_{b!4taHjnxwy(XhN)~Qp(V1d} z36XcmKaY~iIG=1t36dUt)ra^YyLsmWv%)M!VGSm<6ULdW4ij(UuScV=IIP9Pm!fw< z^B^vJdUsONZ$JJf#JLcx$ltr6BDqWy6Y0{+qRk9R%KGSg`}iOj#8w z6ya^~i6Bz(a|B>!Ub4@i&9>1pt^(|#`eC2sU;a{BUY%12bc z65_Qk(78>xoi*)fgnWJ>*FdglVKIaVrD1KA=c%G|1<$<^fiYzpV!!pYgs z@WbTn#Xg`4O~E^IzK#e~B_{`|m?CZ=Z<}SIt*bI9q+Zl=fv_+uw3>(bXiMcnw3Rv+ rg({VgKK0&q(*N6W^~cZ0&&SWl&&SW-^!axH00960e!X+U00spBiNcnn diff --git a/operator/charts/minio-15.0.2.tgz b/operator/charts/minio-15.0.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..593937dd747558514eb1befe6ab86327f9443152 GIT binary patch literal 57569 zcmV)zK#{*6iwFP!00000|LnbMTjV&BC_JC}62ziqaO1RdY$p^wHScdfag!|hk~q25W$-i8McPtG5ekJup@`5pjKie+rw4sj zS6{4t`|_n)U0q%K_T?J>i;w=7{$6|W?aS3y8yhdzUa8f!^|e=Pe^M_Wwp;v6v)oUi zi)-+|S>@6s$!C2pA*JrMlMnZdY5enGJc;}~$R30f<{$qTYcIcj8vn<5%Ht2zh(~^u z#KHZs!u;d^YGd_j{2%2hkN+sl@-!Sw^I&vu3~-C_f4TZ3{~zVy@gJW1Y5p+6|4+9W z|BV+fUOtWgV?56I50mjYiSL~aZn6G&oi zZxzOW^&vV_e*VeF-;d)Y=NZ1apwtki{aKP;Z>qicH1%OGFdgR8G=NXx*gp%hP4yA} zR?1VcKMpn(@ejR`5}Rt23@?JT18g-2b0`&dsnF*7>iWyhdS}BM1%uF!y|r~OU8@4~ zhEW*Ac`KMwR)c=g3_8iY>^z8~o51RFn*hQBw($xoM&U4sGo-=R#2=mq-g;+s!JmXb z2WbWb+*FtA@N;5*YJ?X?!6b-BK|Bnh@`COXOIv`O29qQUb0T{(3^%*oG&sY3*tNIT zsdSNLHB`&}Ga55b$rsN+yfj_teCT|D_OoFcPI7wnHjMWUmyVZJm?=M2$>8^3n5zt$ z2a>2PNTKoyc5VV}F^B?n73Sw^YwZ7##HzQUhEXydK^t}rAk2yy`(Yeit7#UD)M=7Z zfiON()7Y@lNWp62tEFr@JXe0ECg(|>WGm`290l+%(l|L&r(qPp%OD?imOBgQ2@>l( z&nFpBMo{fQ{}#d_;#2db>t|VzlQCm>kuj@u!||Cg4ZZf(*H=HRZ@lPC;IIh(VoT+{$dh&#fxkM{xgg~bOh-FqMgJ4f#k*5zD^T=1U*@Sc{J>(tte8*;n{hf zspEi1Jn8_l(=;mje+Fcp4ygN@8D*&LnU*EfbjVzEW5sTs20<75=gyi1!yaodJFA`b zg-Y*D|N5&}tKYsTt^XS@UcPu*{~zP|kALwzPr<6? ziQr;Ep$>Uj=!uXY_$bw30if06UtxXvcjbA1Sy*`1t_G|(3k&zM@;t=4Q?u$Uyg$6e z27)V7N1}LQ)8^9Z*}6Gz-R{WOdZZISicXJp3&R(MaWqx=yAl zn=*aiXA%ckf1E(c1hgN;3zyNMs4qXi)nved$goodeCPl$$yU$X>mi}TtmCRK77Ypl z2x?rC*WNIuH}87XWCDMuK;dber=X2>%+Q8R35|a+0&-;;sAKZ?G(QKn`UC$KqKwqw zdIgaTVGGQ;$G zrcU<%edl;#q2KQV#4L$|1<+5&&?pElV5af4mj+Sb<6TUeSuZ}k2*=O)q5Gw6F>fA3Oe!xkYi5ThS>*mte70OvIe{rq?0tvg5?z& zDpX^G6v?Q9QOK;w!>YSCWOz)VJs3*ek%a|fQo>UWKx6|Y{0VZ)`?@(=r#dBCn`=^^ zmKEspQF4uwg1A(@|7ki1(m2S2tbl!C-gU5!sEa^lA~zuO{zn+cqCAdjCp%wOu(!BC zqL2L;{z(BzgEkExU>~bNzygnWi`oYnUTPiRbVk8tcbVj()oYvy44#oVRoEA`&G2Dp zrMDSV_$Y;0_P1#Wo0K410M)a=SFLr{H~tK-2*5_?yUr^9I{KMsHL96_bT*w#5*QJg zi^S{EH4-9px0yVi#Mzom)F~L(#IQW^2#qjdk3aPkK#{5X#hmDG&M|Y2ci-&wPL6;5 z?O^NeF8n$=?CqT#>fhF+`HMP8a#$>X1(_EIEdN0EWqFuS^ME=uiTq(8f>-q&$bBMz zzXZR}$e>s|1!~72D_N?hOj<@*Pi_KH>>E4k2Nc#He30X?A_|#@KFfMxpB0kPy1zKv z-F|&vCpqdn`@JJi`W>8hu&<$+3*|H6HCtOqxK9@6=ouls9R;WUG|EwKo`z@Blq3f( zIxtg?{1gTj8S<}7&nD)_GAIEw?LmxYIjakVAw$GMTh}Vjpa(PmH>4_mt>l!vustkVF|4eTLgUUI1|-1(~e$Q8*4^ zgIAv503x{p-0~coO=nc4iH%(?#1?h}R#R)16ceAw3FAcTcTudbo5=d=(vPNrS{j}Q z!;6BLD)&JlTkfcy>6G*Zq-_AZ?KnqqjlC&W1qFNRiwHKt+~b^@&d!r*G{PbANB$%? z$^!@q&{slOK8ZDvcRMue$NmNO650XC&_!quv;ou<3k(JOtb`57Eg+)c1p3d_d5HSo zG*8AbL_=Dp(NIt!f@Uj!I84%!tdFDclxAiQ9YMIDJZuw{7%_Q??ED_#6$=U)Ww@iW zR~}xR2T?L`SDlJk{x{RrPCkjA?XSIrk@+#X3P^!=R%UAqgo!KE0m_a*Lxq>H9*j^u z4s)RTHR(gAQzQ}%Rdt|HmH-ug2yr<{h^K%9#-csO1ydG0Y^^#n@84^k$(9Wuf2LT7 zKsBtXT_}WS79c7oba-LS#xA$x8Du?cU0?3-oP0NdT>-EV2nFWf>P$3Z!!D&jtel2v z#u`RPZGrN4I!#%#Jon?XK;s5{lp;^Sw6N>bVww^$rhs>d3eY8fM1l81LbIQlDwI78 z+h<{6l|Iud3OgW}p;?BeE0}s%4M&)`Z#sdBfj@4dr0hyPjkYE4AO zkoufodoUAV>UqWRi7gE~VZH5~=i_ME?WgG?Q=?e4W7u5r)Kp8bmf?y??|Zx3$Ga!A z(5!&ozI#mK<7lhb`{nR>$5~pJX?bVME;7e3kC4*Xw6t~>z?cKCT0mjvdYUFqdrc}J}^qqmtERb2x~&{0rUge z3(>|g_Gv$80fnv1BngYjD4Xhz+RGWnxqlhRU?Bteq zMXWLpYRZznXK}8md;K1>&)XzMwX`oL9@bLA7I2+0hLr`D{}HIx$qKSQk&x9BGXXNE zK|LS7m#MHDXDGT!55&rKE%vto`(&*3vz_1+C>R;7TGUqTtxS?r(DMqh zR!HI?O_P*&AbId1Ux-ng$w9SZid^8jx#-et5t|YFyjmRdOMnG@kOoOc>~OiZ$a1BY zg&&-^uFj zDW>^UtTV_qMLC$W;aQA&q95yCXDh4ys%L90f9V#EdWU04r*vHYTIZ!?H65V(*sG#7_ITw(ts=pC0osRl{RXq zk-0{jGG!K;diDKxEEYA6Fr$;XDTn-m`zT<~KY(M5)f{^`1`>u7n9HLS^eEVn0*shA zY91P_3k|ULA7m$w;hi+b4Xu}3xGhE2oln$8=^Zz86r=|Tblo*@;VPelvKLuQB0Vei z@n@uOqlN=0zd*rvHie;tvRhUlH-YLyg z){tZ9J(s{03|IdkwUocaRhD6KlcU7<@mUyu@T9U=RKA_I)dY?95byCf^x}4)rSh^7 zPtzP0-ai7_B2|z_qc+M(M%+@TIxr_#(>7GKlzZ0I`vS0Ti^{u)agycY0|i?~D3*o^ z>MeTXhm!Fe%aBcf4DGX4#kS(YqPZ7~OaQ^cHbK)iR>#_XWC;)^`L%O)LJ0ECz%;}L zX9FRRGHb0X*M_M~wNLhYuGw04p3o}<3&UmzJ9i!MtIS7rBYLjF#jr_C@GZ@FMVuizD zxA^7i9MH2_hV~vqA9qTHmV_DvTJ4bIe>^!k>Zy0f`=S|ODO(mXgn)NrHpq?=+Dox@ix^h7NJtjj3)`-KN+4*DMlx;1VHVu{r6cYS!bXdW0v#-j z3?;-QN!uJG)cgIwPh+0Se%ob!@6@AU7Cr)M@L?c~lrqGff zrG}+Vr)nt*F9KMqp{y9j>(}ewp||LW+OfFqcEE2wo_L?bDvE`nK}FzzeX@Nh{B z*a?VeKnKsr6fS)9soE?AJC83OEe*=6on4EK83Nt;0?3A_^J{~ehtKQXH+u(ad-wQc z?}xqZt&?4PyYO~zZ|Bv?_V!l(=4|U~@AcN%-hXcG`P*0FL{zrE@0 z4K{ZEYxni`)w`{?Km7V(`;V>ve0_HC^FpW7S@^v-OfN6O*N3lO{_x_}PhqmX|8M6n z^PS6NJbJh0|826@-G2SY`Q`t_Ys1z5IXV6A+x*Rc9e;Q5)3=x3a_@EzcB*|N&AAN$ zVQ4mM(LL^MsiWh)p8=%$Y4=xy@@{elsBZnVz4c$aTbKL44zH)*oo-|o)8p%RXF+f< z33e`jeZ9RiJp0?9_p@L8$*VsG|NZjxyJY`wlNW^YRr>q-)y`mhXZwfo>EGhsfBt#& z)85AA5Bt&XA1_{HTR(sI`+s*YMlXJS^*<;7bsp^xejR>apjz86Lf1omo23jnG~|gK z1~MDl>}}?-d!UcLfs<=F8Iyw}P&`>B>{}4TX#t3*&wlxwT%EzT5;*yrj#eQ=YV<** z=jnBaJ4xLVX=vn17GOv6AiA#AFyzq5x8*zuL-t77J9u-v+w1-I<6-XvkDxqKEM+|` ze`LP5j=5xsk~6ZAtHV(P1sWqU>?wFK+v>6G0x{Lv*2!w9`IQ&IG2m?h{974#bG1aa$(Za znp&UQ*^MuM_S3A`U$JaPL&t($fWuVS!}#sq!QSC-`-g9S+u!|pcb@`sXp(NKo!!^( z-mtXTifCEI^Gcj?cJsbC-n{iEie`1Mbgo>BynUEdi^TTZzCNdO-ZOM9NVNI{8ubu9 z(x~nsskV)M9LB~rEU?EFlbnrKzT>U~(Dl> zfTxWs&`Ok?oiX>YA9pD$RUS;eQ~?a?%fjuKGEuF;YD%D>L&8`<_YC9+F{#+L>rJf>eq zWWrio-*~~C2AIOeA+@=zm`5}VtiiJ6D}E{l-L{AqIJ;#&5$4UP(>V*7QVMZn>|>PNI9HS8H$z;mSY#S^(I2n&7v$tV4aeaJkjXHIWY32?&Z>rco z<0u&cZn&?4@xOL9RMG(?qSz&PZn4nSRqPh^JNL|GhRxM&-MCp@+@p7upW#~QfsFFd zKHq(&Tl4Vf6c{7)^c&oaY_V0T5b3T!m*YcrpmSM*6*rQF0&j(X*-fxzfDQ@_)`dAh zY&!2P_eGYHVi;*5Gz5|Q=yM0dg+e1+O6jm3ZtmC|=Wv z`2S+4OF&+d19+|6_qN|~F_$vbs|$JUIt6PeG#q%i3wj|gqDeGGJ0bc-NstCP^OZcx z{XF;SgeD;Ep3jJ_GR)NPe-5G`O^N}yq~8=PgZoo!Eg2B5U5!tkB$2Q_o2(1pI59ww zR{?<&H%yp!Wc~W&o&}7GC#ZPVczBGz?N}gQ_j&+^0b9)9w~EeKB28iW&Or{e?ocol zN(>C2l9|+ZOLp;FpUkRyCKoz@b@VJ!kS)=4Iu_bnnf|0ew=>4W%OilO{gK&oS89pB zE-R8dTPIt;?d%=*Yt_C=k2<#N5;a46o}+@BkVy0y=8UXi`1Rx#)l(oz}8vT$QhVM3jve53(oe;vK*!(sxv zgAqs_IcV<`?h$f?$HrKvRom5+n>Z?%ss2O{<&{~gm=E7X$p9LkSg${-1Kiup{d@#9 z)ub?(zxvbD>iMXCCSePI!AN2F>3HFdr&s`DlOC5w$u&iES3jO^k0a zu4I2X)NPVgD-F>b!Mj{nz3uHycr{KgX}`Lay~}W?Mt{CZ6S0JyT7O4km%|uZG@0sC zpfF{lEJlWl)ZW|4I_gNf=kdYMCT$?q636z18jGC$BcNR}ZJU_(tmygj3QB(T41wJ+ zwM-6HNGdVgl0hGe!Pb$sR%%K7lXQim@G_1R_N0$?3pYKI?&ZQN{Mbys6(t zJn$x=3Z8iy)g(;nlZGQ;bLny~Pvsm7=$CWmmP87P_fd!Rs}3F%&{?~V!&Xb=>!tI* z(Wu&aD3&epXH$eal1==f)f>Ab9CBUX2~&06p{ebNM#-W|+m2MJahHxT=zV_>M0y4I zsQ9OGA|*e3ksE04l(U&zKG5jj|IyTuE!*b+q?#M>dcVDC=m=UJC6Q#`l>C9jNbaX+ zAj>S1la9k$vfOKi{-g-33QtL#WI^7nY&H!IOSGK?`MfVBcSKOuWb+tN!CMf*?uZUa zMbl{{OOkW)rb}+ob_doJ=lIb&maJrmnXe z+Q}{#6IX)G!sIbUSd;9MG~@j$CS?iMjLGAQuy(QwrU2=sei2Vk9+Q1L zYW?1gnIDzYUIQkWp0k68)o2Fjmmye~(1A8aMa8!|h`h^#-Nful{l)?gCP$KTsBc3! zD$+frwP-y&8mcXK5hfJt1e+4=MQb3yKq>uEFCwRAnZ_%m4%|3@7OO&nJ984sqg#$^g8`R@sQa8>t8p7%ymP`z*d;F7!$E+zn+2=EFUy~B-^o%KC5(lNF+YkWMI?*Pa}#7Miv_|3_IK@ zC(j|kKKz4i*-HuLVy`CMnW-1FoAF{D|0Ni_+bb9Ti1~tu)2&4jN~(8zvl_nlr`?$3 zk>y2IfgnMuPzdP=ixy{Sb{*y({ArH~o<``9TvuB$fx6|Ct3@zXIRxyJV$!ruiD3_; zGvmqJ1dUN;vJALifZXkM`7vX;xq`*nqtL^Jo3m@GKsJ9^_`qMCkUhwsk5vj;| zlR5u?zlMr1=iZu>Ak{O|2DmmA?X+wWs$I zIQ-ibcBmO=anM&CSoQ3TRG34FuEQpwVI?)8b6vdHRUKl>!RR>fM|?pKMnpk3qxq?* zYii0=sOVJ^r}onCxvjo4oV%|gK|b;4j<=uPPUO!NdMPB z-6kqJ(Ys9+!I^NySZI5sSuoXqCWCuK;}btMhP)~jvnU8AC*eHmH>@sLi8V!urKS6? zkb-Z~0YImdAV2tf$Lnz)AlS=(=~b1A^KWDdBPr_F7vE*Y?gi#BZT2GV=c{?zQqgg1Zw2?rCfX6@-6;|VKL945@@YlISvKQF zxY_{gu;8b)D?iv%W9F?=ahAQh5$+9C{1i6r2YXskkXRXw@Jbk85dn$4$c3YmDkBTOF)|W}dxv5AFORXZX=cgjWo=M6_ zbdi|nX+_1#)vRscYKxeA(Q4)<>7*3f5+}-O_Lg+es}66Cq0EYk{Ww|SM2jmb8$%)Z z6^z2^cm=en^bCr8kbl?tk7c>I4F4x?m*J_Z$BS-D!^WFG+jpqB*9o(`CU(#!%nT~F zpu*{vE>SD`Oi6RMkKUo@)HoQUtNPN-HzI#ZgGEbyk z`=`~6CJ)qpZT)7r78Tip)d8uttxIUaA`39ZFjv~%bzGW0Kc&4r6-$`(Yr$D?IW#mp zEjw&wb}HHmso8PJw2s#y%th}{L*Q0aJi}B7^D(2ti(LP!ozE?)IH+@^y$P;GMXA4{ zgSG)CtgPW_FuWc{u&VxTnqaC;%yEhrhJJa}Zbe0Qhwj$`XoTzf@lnF^FOE8GpH@_y zkXMAAXXVC21ao45TaHSa%&+aKarSRTMadhpO`iERXVk1OQmDdpmIq^&joOp{6Gr+z z$O8o9ob&zSRU0Y-ZHD;_vn^Bc0y9WNI^n3DY@O@V-Gb@q+&ND^x97Gq8eJSBay9Uy zH#JLmg%^1bEvxm{_S}|=GNb#oKnX5qirU+eyBi-h*y6DtJda*ob&jNK*J#GS{TicJ zmyva6#`CXsnQ67UG*U4O_QQDkfsJ6!oaPzb+okU+;R4FOTm5nIeAuVuxl02TP42gT z6|Q5`spCUa`H@h4z~^o=x=5SXufT0bMV6jl`g0FdJV@f>B&h_yI#hgKlcC| zz;idbI7!1xP-f1m3rq_t7L^|l-3NMFc{?@pV&IPs6rOff1^*iCDy~82L`v3vSR!gBUsoY-|Iaeipeut$qpIcCoEQNb< z1NjWxE$cc|DhrzxNwR>Xb@}oOe_GiWYpB@7g9Y3tDstj_Nk_v>D}i4p$wknd z7SDmp>9C}_lKMbH0Du;<&)Jb~?x$&u#{1m2q7d)o?Kjn(4cGD08PPTJApHp9{dD~^ zdYX9AxfMC<_>-_-TfZ4@ZC)8#P0-_R0vuU#RNOjx+-y|$_yEEFZPitE>Zk}mvm}}; z_G)e_ZgU&=jp1WFOvM`e;`|5sCAd$g`n6QN=?J<6_vt*ko{BddL6_h@ok!PF@unl_ z65OZr=vh>3bj>Nj{U`I&Ii&NWw_!H+^Wk~_NiNR+JjuoTc;=UjZD;f^7~A*Lcjm^1 zNg7Zj-|#%SiZR`z$s?g7ufE);X-40|HKzpk$xmkn6`NgiN^qb2bY@Vo*)^vG_sLJ^ zCMw>nI6nF5+)Tw<*PIgECqJDTRBU$5DZzd6)0xGKjjlN*xKDmMGpN|?np1-N^#q*666cA`eDif9y-{iw--bScy0KS#p~5O?u~kI#+I~ z$9)=e-XSmM;jJktR0I&-KLIH}>Rwu}=vMe-6u2a8nW)>qrObgP3R0%&uaJyQyjVlU zi{R!2(-zz!|DuALbWa&t-fp7d7x~OVMdpou9h5q_78SYXS4_x8ZzqG>ZQ<%M`05jZ zs^&HN7D-e~aGx@&!sa@O@G7?3DT@U6q=4|xK*ib_ohOqdO3to(6EwY`BNFUH!dB_- z1n!AIPz*v@Flx2%g2F1}8vZa%vP@kk(^L(kX_jO1%W)E)sZ&3UrfJ}fk}&}M^csA# zFKw96_BjIVZgEpi*?%#6t|}n!4T(?wG_BDoZ?11kMCIn|7HGgx08R`$l<{hCU8VLH z_%u>+{*;R)xSwbK#cImM_E{EZQjxl5k;$dv-1KXr;y+{l#RxB`g03H>$soAJbr8l2 z)B$v_UH^=prV|5~igG>iP7wLm?QRgm+ry}i8et`Ukr;8(*GJfo4YxtKRGiFt0~^_N zsLoeTK6%boUoQsM*uJg}A#o8O2a0?dRVUad#v1_aa@tMt`kjY$+G#UZk7W=&zHGEqQV7MY?H?{%Wb%bT?(1PbatC zMi*G{dql2K4T6Q=if%pT%*4}!UDnEJTP@soPQf#zeaz31}V)VOt@028m>qgt1IuxCaWg!eg5<4u7K zjzgc+p}>U)8i3j^^taiWa_^{L`eb7=nVl@~V>#WQ#)cBwJ<3y)sn2|>V$ztf?_*uc zy~o9-CR?8QWMhIJ;xm#s!iHN`a96p+;n7tkS+&+c_Y;5g+K>Erh|aa~h+N32oXwr> z1#FG?;SHG7j!P3JdUzfIo3@w?8zxhMi8L*q!NjGA5}{ zQ@&D8Fri%s32RjINc#ye$q;2;lL1+ZlXOg*74q4>3iEUNu9eR|ON3kTSKBf1XNM!t z3^>+!JnU1m=Qf{gOwI#;6u~@bK&grel3G{NxIAdw%T1U_hVh#YKg~SR8Od==ktR`O zIkFc+^&p9NYfc|)F@cr+XTC7G7MYLghlHlMAcAYVT(GQ`#A*}{X@-no%P`E@OCE+1 zo#XFiXMU3u)|kk@O>r9^H4fVxiGhOnDvTlw$j~tvAP2&+WF92u(`YaKG#y}?#vDZW zT4(LMKi_u7x55O|hR4m3C%DsMYbfOx*AvBLzt;@*fDgqh#9;zU9}K?JPY08UpPx5i z!C+3H<3~P9)x?rp9rbH6Rb&5J#Q_fsMOOir42TZX&Tgs^$kJ(li5e@`a<=@Zb%tx){~R{UdcpnmPwHrcv2F^7%ZCC2^3@7xy6{Y zT2HbdI_-sLal_*HQElVRJ3v#yB@2dWphXx4TA2~S7%xeMiy*y>VA{iyDH#(Eru#97 z+GXf!iwS9vKLX{NG)R_JJq=JE1%4J3%OD=;jYgc?+@3FfCKIleNn)-sImRn@Y70A3*xbz1 zg6eJh*zUOr6VQS8S}68&YV{9sDalQ;%fe)qV*dqb^%f?x6#FkgtG6(jrPzM~TD^tI zEXDo{(CSN=G%5C9fL3o|GE1@loV5DtVM0ZA%~0&W0IlA_WR_xoTdlrUpxjQepJP3l zrPzM~TD`r-&rs~Y0Ij}^NrPhl1!(nUOd1sXFF>nz=1H?+{{?9ElTi>6&rBxKqus@H2TbgXUO$5ihUdei@xtHF;Ck9Q z=SkD0yI&k8(#eC~Tg;AWrN;iK_=m}yN&LkOC%$l}X);y`V3jIbQYQZW&idHm_l2;l+oM!ArMK%MGRN^B@Of75Sr#Y7OF!Q{^1;_IYV~L+2QV^PtfdlZ|Zyo zD-?3K`t?2_*vUISO>(L_%RYptNSp!xhGP`5I-8>(EB%c+Bqpk*BnJHoc1Re&7?1oY ziGjkXe$BQfwr1+g&C&Z2-9=~@1S%^9SSekC=vDMl!^jm!Y;>%?j^Ilg4yHNE6Ygv? zg-DDu41_ukvy6u4c8=op#Q5aSigeqBu(2JZ+H97$Js=k zBv}YDznQG_5LE+vXoMf*A)+1~_V!K=g{<8q^Rn|Giu$vOItpR(&Q4X_o~R5=I}~4G zqLy=i{pG7o-|xVqj@Y~h%8uCg%xb#AuI~8?pJXOF1{&ey{@Ejuv5a@)A?FR8I+;e% z4VMqMCn^H_daf78v%S-UB&QVFaf$J6Bx>&_4-y^IGD?OQLFyUNDaSKxE5|zpV&$i) z|20rl%`_4<618=*^3OFZ`3#gyp7I;Y%*Ti25}rDKDNGrn5$( zw!T{XpX(0o;<;C%mT%hrsOYlny&cOv$62_((&u9}37hqi?E}ZJx3=$O5xAQTpx8;z zy=}hRM!Bf%1UqfPdH|cc4xK7C#%P<}B%SJ72avw@*AY0inM4XhZC%SVB1ouZ`<4>! z<*3}~jM`cqtZSJ(2=Ol$+(~i~#C?NvcNAuXI~M0HFfO0cBOSTsOILENtn7VgZObzw z0zRs3Hkg&&hAhH1Q=pJ6!tsZ6qSAupAHuq2_`QkUAHw`&V2YJ;G^p@*b#&>BYA4Ln zDdYcoIy%GkUUPdJT!qg~tK%@cTj)~>7{YKo9jkac9t3F@whlw|n9~QvBklPD z44|@HJVbpBL-HFT;{`DM)Gx#1MXUaYcd=iz3$6MeTD1zw^#C1dU>7%y+qOzf_BP1V zaCiq>>!&uY&NOk}P<1Xz{;BPqcW9qkY|KO50gV;@JP)SX*0kO?^`pWssN@cL4xt5~ zB-xRvtCsq|U&&>olj#7q%>8>)dp{bG^H;Soz1iyOERYzZoswgog{Hu|H7+-Fcb3`n zhN?EEvQE8CVzjf>Ax^$wWH_Fn`y&h+`A%gyYzlFc7dto8t+4NOqEIm6zeDYSsr`JV zDWG3FbLj(NY8(yKyv6wAWT=Px-4n8{d`J@EEaZMO- zixcL>^dZJ{QuVF5en4v$w}IwQ1MdqiP4>F{-hh!A4r0pm{JaVh$IFg;J=B;9wG znu2?+k5)j4HB+EVB>yJkWYt6RHUszIkc% z2Dh3z)**pQk{y}YdvVO4fo(fOVB!Sro8#`~+TuLw{{u;+Jjz()6ri0*g8E1(z33RW zrQm|a^E{tqi@?+8!5!`;zOOMYc5N6kQLo{fC@G7L54E~~5~j7gN8dB209^eXs3O4G{1 zLciaatThXEIW@laQeo`>yPy=e=1=qUPMRb+9xHt>(Xk`=x30{QpJi7`I+AjHitkP2 zE!9ve8HStPuH#hHEqlXIeeCGM!e7)uk_Vd#MR}h-%FYYAW zetoZjduttbe&~creP_QHH*V@w*6%DV;6BzLz@(%Te5{jUXk94{G;ZPXs2auvJHU>9 zW-O3PtkKlsxo+J0D|ng>+?j`$L39lr*or71ihqMjs(#&iyRS||GJ=6*k))R5X2|{o zM#>guVl9C<&X6)qhUB(L{HWQU@V*5Pd#BQJ=h`1fPi%Krw)>0v=9`mn^369)6dXGa z{4B1%cyAH>uS=x-0L{+;>FIz}JROn1K)ZPw1YL~XErlvrV3zTWL7k+@6jTb>(kFNV zx3KU-2wfiY=I;~}V3H;VlVXa=DXtLvQ2^^55nTLSf;3H1-fQJdAfejx%%VSeAiU>r zR<~7kHU%y%@B#v69qBk>$6?`77dqhON!PCKA(wj8fEQ*NV7J^M%-&7TQoMELOfsD( zYVAem-#V)}%b^Q8>=ok^fp%7I_fRbcogJ*2xS{>i5ac8(+Q1v#yWZ7wW$;)N{k#{h=wjyRYM-2o7fHB2K- zg#&+d7)RH~FdRRCoXM`UJQ(-2^O3=s%a**YD$rw!p%8s=EGK&yx(1@erJsA1p}5wMmk*A5(O#20-8oihkvo zkMIw16-e0yg-`f0);IN8!6=wS$u;UN9X?!OzcDS^R-{9Yl#%sBXg^7V%P;|j4+bQ& z_-ozbFFlKNF^&bfbyDSLt#WXKqn zUm+8o>%!s?QZU;Dq-)@hQRaZ0&I8O(lqM52KN4~RtV70VEsC`7Q?&u0lkON`v<5g8 z7_QY|2=q(?4!TF;5bxmn(0{vkuy^>|*7o*pulL(eyT6Li=hwa6?c?1OejUV@VVcCG zN?!VDhzvk7k&2dXHo^C&{w0vFXyf?s@Z`65z1?G{33_|9)$9Foc)WvL#Ayc9RX~}h zadKW;x^5g?6|Jwpa7S;tV#rT5tAJtc~<*yNDEpMvX-QSqQ`ra2FH z%OgGG3+2C0f`xU%dFtv-0oO0uKE?cA<|Fe;0loCKKxG=EW{ESywBnYfW^{-ddmw`b z+XwP(!zPx+RfY?Iv`MuOf-7h>>pN4hgiIACy{-bz>L6E?XyMiGTJkF2Zk1q^D9I~X zC|6``X~hBQ`b#iS@Af)&RU97BBT-u&Q5oyo>omE-y@BEG>dg-;gbc$ihML6_+HGO= zM4rR>h-crkc(afvO{{6(P+>7v2J4rMc+G7b+CHeUel-^r%MJ3D8p3PaGy+i9R zS0B}*fJeYMR&3mI+QVT{0Pd1xs3};vm(J{~w~qFTN&IciB(_v`Ob~(y7wcx`>RzBA zPI&U1*eZ={XGYYsvd)GBYUW~pLRSpCC0w>Fe}?Hg!Cfb5GNhrf-qo<;@+n;4r+h2K zRPSC2QoO7o1&1A{BT$bs6Ke$Muz3y$zGr9a=%`;1wniSm`>0->MOL=4N-DJ}N-ECQ z7u2N{CaqCGn|5gj37iuvigl<|xASmO0Ls0S>jf%x&79LWyD8ek_R-k#J_-k^pI-BR zwNO29i`mJ}Nd@WV$pp{UrRZ<68GD9hmMNkJRYg1`j)&KJmzNBuCWoKwr3pn;#-=&# zAw=&V-~dd4vEE}cy4!8_8KYbeOlw%Q^;a1s1)FKxKRZF-&w+9cc~WrE*kQ ziVD2K;)FQ(0BlcdB<@ct`l9Sb-yg>60Ok@pN~*Pu72FG~uCQ(3a$V0+U|uq2@ueHc zNZENXs-*!^TL|zB=0HBpyyVn_u6iKyeg_s=USSHmTM*d*$r38gDss#+GCO2_5G?y3 z>g6_3KvJfWPa5!LJWNvPxG!d_B1Xk*Y&g3b=<F|G0BRJBsP+n$Ck1(?lCPPyNn;_9)0Q=Jfx=)qX3BL_ZdLJo1arL#ld5hg%vk`u`u;~}GStmSJr9uw z0JtFKfkqpRmWiv;u68=Zx<&HIK8~fjxXhlogNv^-4(^IgkmomqCt23MVS}yF2q>#5 z=5LH9=l&qj*>$0!4`O#ri70U(XiJQF?O+K-kYYr$$e78HqXG$=oK)P{T@lE9TSz?| zY`rJ+`4~gyX}Kf|U*FmJTW*NNrozZ<4`olF_&E>-kNZ#ru&{35B=1axt%Yy0A?y&+ zFwxcj-W7J=Eke7XMH<;HL0@Qeqz`^@}_dsPn?#%x)*Rz3j@Y49`-(1*(n;TG6q zo=zhbh4Dp(%M zE`9OpzKHe===ehq;A8d7%ctm=02?_EZEewIK$hEe`tOD}0ad^&&}1(1V73MyXsiAg zyWeeSR$F0!-QzNWhxB6W@#VUgC-Ub8)I{^~K41`M!NS6JGPzE}v-4d2>k$6@cU-$( z;`WXy#`!6ObgUNjyG7;$Vjuku)TvD$w-m>I!yD*u_qgo`F6@MY8Vx-uCW6Z`Xrv0wv$Y5$AuD zH5Np>unY?N$iJcsra>o^T-`9SK#2x+2AwfE&5;Ketb8>Vd32uuPrCq$^H?oz_0(Q( zQN7;k?e$g`e%U+u@$lV=`ep0*ci~}|%ji9s83jk|Cl)nO}apRpMiJ1YT_-u-%!81JCCso*vWCsRVpr}@n z+!b^>e|mbp_@{E#_5f|HuC1=VdhtTRUV81@muvVhKK$?6%Z-h-4Yl^-+n1}aHden~ zf2CH}UTnPh_D^c{0s2yTrf7ip(<=6HZB{w7V$S;RAO-*4YbPJ>K?O}O8hQa(;S~Un zKaTN3hF(x;@BpduO!ba-{@W7~;O&vg6V%LfQ*9k>ZU0EZlvbtxFAMnW>J1%3*^y!J zRbKAU`LoWN;gryuzQV90S@z4hM#`1(TznW!Nx!uBfh)$EP@IfoeLf~*+WgZGZhPrlpZuJ`zYE&VLp|WT7 zSp(GvaLzXh=_==OTgsNJkZm%ko!z73-R-TD-JMMujTxQl1)L>xw@G*Zdhh`KW*fZP!%q{|c{bx+d*r)mP9`&m71Xye%zg zE8ZqKL{$kj<8YqS4ufKL5l+bOyXp==Kx?XQa&k@X-L`!)%!kQVw6S&T$RzS}+=H6V zJ7>xUgW2#7^~tjoXGbvol7Z9^VxHq`wS_Om3AtokWoeXYJ+U}+=HuTB5(Z;~StOdL z={1^S&k4r`F$*7#1}#wEzlJbIY!tTzflNM;#@g ziD5rZo-8{FT^*tCHL{x0vuQ*n z2m!mwrY^uY5m}Jw%wUHIptdM!6^I>9N-or3?=&i4cDTZ-*p3B&mL7X5+4(ix>7>nY zRtd8-kbMoxz=nTQ8EeCIpnU+*o|2Y)@N)kw>sn~JnG)4|bD-%s82+`|evR@{P7vro zt8vM!g{mtvePB5hu$X_YQXF3{h2!xwXR|mUM<+E_N~z^a2PHpV1=xe-&8zgF$V{j9 z%Gu>=3u`rS-o$EE+=IdN%zz2;tPWp9$(bElDUlw?wNwpP^3*70#>14}>haoC4x_<0 zz;DC<6(q=AP-gjJqjX_coKhD~Ls!{a77p%txFneLpa`+-P*mT43&NC=NW}f5>kdG;yF-V(TT|b`;WK#~lQpHzXJp`NyyK z=9hv_pK64m3%IRFly1&ysVX4trb=ScsXM2%w82(orUUsQMdyOmk6Q>Lp=e1Sy_g}7 z3JOqi6AR~zeMIQ>l9P2EbDh|k&6g|esXYk8#LQ`{g2#RR+cX?rkpGNFUg?NFwzjE? z#t?EFZ%3?)A7zpYN{;WJ4aWqO#MZRe1ws4AaFTjR+C@*9KT4Uc3}_pyE?g`DHeA;! z4-b)w^zzmvZ^Obv&v>&hmHZpoQ>N;-XhPw1HcJYm0s5n%e`2|UaC^%g-Fvrh_5Iha z_q6Au!v9~<9e?C_Moj~=I#W!7jQld`m(Eipz8ZLB*L>=tuOM{PoT;xy` zar6NP`4(QP`s&1iRI*YN_vVj`Q>l|qN^ARH*^t|9P32ZJ|3Bc{|~jNs%tb*zpc(ZKY^T*0aT zQtqwL_T`-vvu|BUsM~P>HMLe+Ve0N$k(q|EfF^3uy2jPgXLvc7?UFD{x>yg1XS!BmUA~zuzWmt-Im>ya z>cdG`D4@HgYttw=!J1w+RCsvL0HD?*L3bT9{oh7jWcSA1S9w$FLF)Ro=k z#R?u|r_ElDlKkwtL)W116m4emf$m42(@<1U#k$np=FsjlZrzhsLRnxeQ;OR?ZB4<> z!1g|&Soe2SM82fOvN4bYaeAra%cgPow`pKPcytV-RgZiPF>n%4k zo24$*5Fewdpvi4gwhk!MvPrKzfxrL2eFN_$$~PBUPJy(s=%`*{UPpmXR*AoSuU-_} zV5_xF^`fy?*lK2Vhkv*0hHi`MY^t@!Mn)+tOBu-j0~8BIWBeYrR5?0d(#at2`(iSR z&D9B~4eX37v?zZFntCyf0#vYnyMoC6Qr?*~095~(3|j0<9LQM|1QSf(sCxJpFX0l3 z0>l_negF;|7hymi4#qu1SKm}GXEfqyKz6G9i|?{R2Le))pD0B+i88-j$<=RDaE@b! z`PCwgVnsD-#1r|Yr}O6#lUccHDY7oZZ64o6VZSp?;{?c#?P@yjr{>Pi9%54Rki965Knp{^z7tV8};-L((- zkL)fUQBb4#*s(yD5BVG6mp3#H4en!iQ}`^I9Zq9soDEMyPj0#U(e?(t18SB@$Q9e% z+pO+nk++cAgjJ+_(AHhhY!TlhDdjh*nm) zV~a8{hB4~$xU)q|>X82>{ccK!sFuMYV?zY2HhE;UYw64iD2Bsx>;NuJC~7)7E@_mQ z2&uw$ZmLaV#RDK2*qC4;)S+^$|av+i%E z8=ZU-J=y_kPRd=h)MMJuRmGIBg35xjqm=n!d zTOrGn+U(UdHro2ii=G^8csjVq-cS+hv|AwIW6=kpRLQT*w?#jVH~p(@GuznQ+%yL& zi*8Au9eeBQL%lbF9I@;tyd7MuFSid%#Opfn)dFuxr-hmGZbEFecxQ~d-;^4C#xCBL z09vFMi|V6V+zI0AO8Ff-w=$J5evo1p9l2Ek%DG|y&qLF#L6VlK&_K1F0Qu{X6wrnu zFhVoGBjHPp9iiB2D1J1p2ZvTkTKp?WvH$Hph?L4Fd=Mxs3#Z|S#oF)G@c;Tdj;cPG z{|66fVc?jh$MA`?HLLlBQ$}rDd3rJCQ4|^SlCA*Tbqu~2?LG! zCgr;G9M=${(ZrmiQvv<6D4>1MosBisEQ=l{Ii``p0L;LBEy-fG3J(oTf>79CBthlGZrunrYRkKqCZJ*xA3RCwF;Knguc7>k~i=1oY&{ zu#Kh!Q~PEvDh<529^+Y_drFzwum)5VXqcA?D%w z+cW`jLB@g1OPU-;7Wk#Vf-?1=kqWbi?MYLvgz%nN+@zGk!MO~=Dl(aQElFbqbt z#pz8m3f$&j?_x;3G1Px7WOei6&iTN zWeVdK#{R_79kFGr;}r3Uld9Aurw8}o=WU=BGY^(O-JIQ+#W!dube!Y#(HGDQ#SZL` zFDUC+It^~@Z;9z-_g{3!V!HyCZe_F5#vF`upX4*bswBxnSRhV-`;TbX_wDF7pbXcE zv!PImH-&mbLqFUCjmr%_!G}qhURQRMBOhH{zb(H8c83q@Uk;D|MOlsq)^~C}P>buU z>ucT`{_kXUb(8-0Kb4(woWyu!#EA}esKt%XU_5BWa47PO4Wj3MI+E*<(U@nV)}jy- zmrZlZtfRADkCxFY2&3w!OMh0$7}Jh}p0{knW#uljC7YsBXqdAYGl9MC8nOimDpc2p7q*NwbA=|lJMYOXNFR+r_;|`u&(w6fA%wXym zB1c880|^4>LU%iE)lvNP3Sf4h!I)9<#PS#KG)X<*(K<*ofSeIBGAeqRl{}qGDY`EcGv3YD#B>7M z1EqkA-mns1LW0lLY|VQ<0xACQ-i|rYs+_Y`E3-qCalnvOM5!90Z-Rz_Ne$?`P)s;i zsVaKrlYl}ou)0=Z^Ww1LvtV|YWKEK%Hs^1N@vXGP+4DJOKqL4p*bn3BheNs4;61w_ zti)5!oB3Dbr`|3VGFKl^;Mr0=r=bwrZ3n#_k8Y z%rDyIMEYc%5ep;d^PwACC~I;`dMi0Lr#YECIN1-H8VfH#)2kZr^Y)N*%{|HS|DHVR z{)+dRnrso)y#dCj6zB@X`lw*}O^#2pfO#anNbc?+^>edC4w1&>>5ijIsQsQZn- zgCrQ9i{oYWJC}i(0n&s5B!hT#s}^=SC#>Gr)i!g1k<-{#eE~|(Mz{WMs=c_WjF|A6 zK4Uv2M3`Oe0nqAqdw$q`0Cw2D8#m<16EEC>7j_F)DA<5Zmgr?EH`#2#+6%ue$)*+RQg+0$x7pV;O^p_;c|H~i7a!{bL-GBBAp zZUTdR=pp!w9k%gLPgE6F ztQ1^ogGBa#e)5$`tXO8m<9Pp0Ijp13AoFR=N|tQ8ogHZ=fLmI1X2YD%j58Bf3%gC5 z`tusbz6P2(IMWgCPv4mYYItsd88(OK$rU+jn_ww%oTp%>T2okA;d9MgjYh7riL2In zws=VUuD4-E3rIPXcZMPCQ<}kQgxH{aj9xr zDjSyS%t{SLC1=rT3MF)vC|arRIgF4OrrJEgrIqW>Z zMVxk@ktRdGb#FXBh9AHr=8eYPL9dj4glLn8btJGseHC=5;JHbc_F$(doVbMS{dX4s z>+}j=l)B^?YpdT`n$~rf1jU^PNVel5bQW*w%|&o+g<_-qfHUcXx_CoZ81k<1QXtdA zqD$gn9mw^Ehh7Max@Q+PiT-LjCJtOy--_GfZ_~ZPs3Arn?%P`V#k%gNrm$bG884(2uAhJ67t&1&3}{2ceQLle~#21rtxN1>I&zCf`q_|9wwi zJz<>y|Dw}*5}6wgPprQmX@pTz%4sx7aewDZ}PbPF}eQ$!Q4Vr2|eF!l&_(Z-a z{-o@0HEXwpo65L`KTMM>!zX|E}G<3O#~7|a1x65yo%S&9mO&-0_Zfj$qzC~qHtgsR0M8qRMz-18J z-2hp<*N{D2BSQL%+JNQ7s!VUJfz!2)@I(1z!1>r%Niq=c1d)GTPq70mz!(e09T=fIL0O6$HvIh33!9t5wS4Y=ZLT&Sr?-WA zBd@mw)PmdFf@;a{ZNatV_zJiM_sxCt{Mvo;JVl92C)Cl;h3)M=m6_iD)>LIahHnG$ zMrLmVqy?k50n?Jn+kk4x;3ZHC_HT!|wJE-qyH~5+y|#Ksk^XAcJ~5#@Is5im6K8#OJ{(yWtw|8i zGaY!JT6>718GLWUryYjvawNWbctf4rU6(ePN@VC)sUq*^Ba8<2*^|U{w49dzBt;wT z5F=HS3}tvJ3%`ZD_Q3-oFu{8z*lk6e-%5GF`6VA_l&;G{5GLifIf~e38{*zkEu2Z6 z-`m#Fo&ksjX4D*3{oA(XRRzL=Avn_0_F*e~vDLMQ2IRs^Pv2qaiazYPE+@|ST0ZW> z*8H^}q0Nc!*E!JTY|>>nG_BFCZ(d`5A6>YUZ@s+hK0|pnoHF}p)87>*L}Ba!aU1Ui zCjz=T;WVjVc8d3!#M4AJPm(L8-f5TySI~#Ct&bUz@~vGoiofJywHTKbuPHJ z+Ts7LcGq9j(bB0`ju_We4J24X#IN`b>X;C|NKq{Bz)O;v-;HUx8x84B2v2u|h~sJM z&;_Y-7XbO>Nxl*8kQYug+O=31S>A+r>eI9qZx+6wfRcE@3S?al#@w?Mqp21(C^{Q4 zxpVrmqV-vNEn8g@_>Hvp+c~W`EJBv(p_L$w?lR4*0@IoEdBPs4s9#_n{Fd3t+f8f@ z*&RDg2fr>e_m8j-h;V;k7QJFAmwM+?q#V(tiKoBMq#{z~ywsK(FjRHdDNF=d+XQ&% z^Cy-uC|~H%(TZ1s;w42z7Pt=C)M3|x0N)+&&v#&4Lwe~{mvu}NM`G*U^s;O*(8vr; zI9!33VLIbVuNk@d3Ig3sktC^F3s9=~I)ZK(IBS3eU^I3|yKwa~Um3ytU8t5kF z-{M4b&w9awq@4n+nG%l0OPPj3_j1WfhPT#P`|i)n)?CBW9lpJUvk{id%0ZW0>nL{( zQ*OF(LOkThbU5YoZ|tWRd?t_m(3@Kv0{a~M=2<$3lC$pm>iTMT^+k7ey$krk8pNq@ zG1>!Vrcer`ZwP;T1pp8GZ^8)61Z|`|Mu*USpgM6qMXKo8R-P|rI!moh#Ti@p4*NRz z6MX?4-9!h2R!pdl`W1*f_OIy*szUUIB)6Y;zj=-$L^sRei)kjut|Y9t_Fvab0P7Y3 zx?Qf@*ryW|q?%=@llJC8m)KN$n#V}2$UR}hTCg&=NvG{u>c4de&-FB^L(cDo?o}jn z^YAjzFAGd8utIKcXwB)$?6n1Gu@CiYWa(aMbUW%K5dq=cKZsNPjITL_`YVc)&rxbC zW^gDgH{zt#D;+3rmap(SF=L?6X)(arXJP!oI$9;^ zi^uSs=%!2G-4r;s-)CnmL-bBFo7uP8OS2IWWvbegSZP4OE@KvmX$C*dO7P6cD9>s^ zGlZjB+Do3+CS9qb8H1cPHWg7omn`>1M3on2*%aNM-QS*lV{@%0P~t@lu#v@zuF!N$ zaArl<5=dtf1!3PWi>H1u5F*V>S8|&5Aq_A(?h+5`F`=nXB{S<1MV4FrzyIAs@0&P3 zRg3={#A}o-s?N`x3$`L0|M3rYaU_Wa`kJMfHQfX3vWWxp#~>P8up70c& zo>A>h!qsYOTkgiS2ZF~Q*JC4s(ECFouNpgeW-e`ot|C^2jMUA|>J%yQKVqmPtw=T2 zQa#|>acYPj6M9LSnZ1IS z^N4D4O=DWc@giCf%YOy@I(E?|^4aS|wHBlN*kz1}_)96>p< zLUt@N5fVZsPgCL>O`Cx~ya?ivmBdU|UDlnlEb=tmN)cX|VU4k5wYzPkre~7)Bx06C zfmxN3cV|#oiSE8Xc?P|!WxgEFUjx&ckOlcHU(v}`ZuP}-vZuUl_>W#*}$)dfWeavZJ;OInj=sb~4Pppo1-zs+h;yN__ zB~BB)>u|$JgXCM-lR|MiP3eNQsj+`R^*y|E7U#Zfrl@_vQ*MlMR1GaErm+?tfP_vL ztZyf`r7!Mls6TwYV&!)0nLRi-JgMo03PMC=rCEM!LC75%N!!?+jaM%zeWkQb4U@~H z(G;y))?1g>FYngCAVffAid`fENcCaqKI-56ssuJ1~!Iey?JSNhdmt79a1t<$g`K7Lh{c+?F<05BV_h?bt zI@)_sYmz?+tu!?SPZjTPXH&wY4>#MBtX3Y;q-3@FWL0`>tCB_hhcYZ#O?*zarBb)< z(Y$0qemn~kG}<_qpA1Y-2BuGJV6xcp_BN&(VfDCXraEc)WNB(?X>!EkXJl-$b*m?P zQ%ieOnP^WYr-v{(m8tw>b!u&Oa-_|Z;pxfn^z|E_%F^P=_Vnp(PcySp-<81CoYa`P zqMVPqV32!AK<%24imRP!TX51r^S+-U;zdId3DwCY60OC)JWp=DLsvP@J7L`YNVOg2 z+BK3hzL2os`zVFn+JGl_Qj%*STf#zNK-BF5x+@EG0B)SG?Biktk}nIxL5o>g$Yk#T zYL1xLmMT57l4DcD%VyW^kYhgL-CL^eYDY?Gx*NIW9`bTm=e=v}baF78$yUn1{LIb9 z?G$seBRjLTl6|=}muqt`&j-7dce$nkJL_`gb0z0;O^H%+qVnUponNTUyFGJ&@0Mu0 zI=;KN9bQha{WQ2Y4(@K7v6ay~=)EoIq_da)RmpFiFpK003mSPef5i9alb zo-{Ofl#FUy#I$qK?OR&Nw6VjF)Uhjmv8GsdGWT6sOaA2nx6l>O<8ATX~msQFrMVs zJE3tEZ(i2zmZkT6mlVd^sgs zn(jwgoOP`JSeJR)9WtQIN>#u3@<41Bo7Pe?JuQYsjzU+)Auq6HX}nj8Q!YMJEG#!< z)!$T{-kioSxr!xxku%Oq(zQbNI@4s5gq)45$SACH;Y(UcT9r63$;nl$GHp);bgNx* zhOF|rdZ=$>%obEmm7mRp6o%Bhc=aoY8MFNi$AD^wDN?zESBnCZT&wpY_BPe=?wh^d z$?>nh9c;bb{cCCL1dune2Ad!$4XI_b6A-w0Qfm0Fm?Hwgj+X&p?bG!e#_4sd`cC^6?t)CN@H z0i#Kqns-aEgZM~>15BmvQxZoeVpq3dU%g}vm~-{g`1)9?{S;jHjM-a?7}E91rcal# zZpc$PpGkB6OqFcMdYD|51pA?~RSIDqDqp1--0nGJTHgVUvF)fw?pD{h=-)-0hz~q z?OUjC#go(I;{4P~&?9AP^YqBKjvSxLZiG0=IvuJsSC=A7lY=1Dn3PH_#^tQoT5oZi zGBzChs9F0#WpaY!^O1UJdju6Xgs~i>2D1*jAW~s1)^xw)I%nBZpJ!fI$h7NG0d5aF0L&usk=2z~Z$jc6_ z%wv>i(`;)h{@C~juH8Js#301EN2aJ+>i>Qv7n@9`17L=}_Vd^03H(|gm7>~#4~N478;N0lDTGR|0~59M@8Pvo~r zjN8?kTd)_5AB2=CCwS2vbxWCk@3H98$62J$##s)e=1ry@>ae2i={Q?#w;baOuluSccC*j%Na{U=4vp%s(;5*j=qfvm5BKQd6a=j}swC{O4GO@Gik0&Qb+V2$hsKeBs zu*fLpQ(;ih?w))YF}wZx5}2E=UH2$U6KoH4s7Sk2ls z$xw81Upoh&B)S#Z&b=Uogy{uyg!Yql1{?=y(V5cgwlj!d9|y$BAztPB)_%js7@6@D zqA{gSTBZ}ihG-NQ>1K#k0b6tDctelUN?&k`UA)ttpovW|pcYx!SE!pIdZ2Uf=sTN0 zOy|jwR$+~SO>UpEl;*i+l&Ark7KDF6e@ zzaIrA-qPH47L)fwa(asPZ7HhCF?jqElgW?AK3e(~X8>8WD!}Vu8cx`1JF61i*r)#f z_dfjZAOBGQi>cg^m;d+&zSO#5r4*`%rc|XDrwLuFJ2o$1zmf_Wev{7pMxFUh>i(7k z@{#(BS~Ybd;~rpW5x|hrm4JXDg^*hx&-muvBj4{iOQ&(I{?pSl|HJBQ2O}N$4B`RW zSY2CPef8pnT3uaT`}XA;{)>dt~> zN|3l?+?@mSiId+?b3hsi}SNC z{zw1JF7bLy4QK%PO(zO(-Od)i>10Iwl$=Sm8k6Q^oezUNhOs-+JoagFwn)oA7 z&R5i4Jfusb)iHj^P+0_RAsBTQdPh6|?d^l!5NCn6H$t1~|6}jn_uDp-gwg-`6g{vq z783yysf!aO+FevntR(&(?L5ips=lDR(YWv; zTFwx&8;d|+s;jH3tE=mB8NyA~{^|a~Pe*Rs+h}~f{^?Vr0nLY(WHtCrI?SWS*2(D1 zX%bpeJqrEt2beAN$54)6&2;^t-wFF6groKp!py2U#DjKj!iY-Chq46dmwmYA+?6*t zmge=FAKsKE<`!0xWuVrdqCdEkS6UiqC*Bn^cL%uqg=15nz3Rj{T{~x;b_=r_6=SFik~C{5nr3IsU6e+ z5DZ}G4=@|@ht-d9*z-uepRMcrM6WG2J@n27YfWOj81MdYbtjFQ`)cJ3L)L=pnF5lZICIU z$LvT_mzfl5jA9jIhL9ESLge^(7rYx`;FT`@s!NzcIS~4<@YOD|o0(b)VAUR>dS9mGyHBL-Lg&g?${kd#L ztPlZrzL?xWEYOO)_X=I|H?1oK&LjuKw~MhoSWdjv=juKklSKO zIaZ`-B-XX8kTEnUJS4M1>f71KS!=&0Ntb{-iu*h=nZhBJm$Lz@wmuJ7hcP`c-k%R4 zYa`_TpgVU62D%F51x02ZM^VqSkBV-FF&e)~$2nOt_etZ{`HGsDU8nB^jI0KMrEBwx z)^n~}QO6k{Ew#{6nl3dID;fp_!PxJIXwEImC@*K5e6{sCOgCmy)$At4?TWI$>h_RU z@WH&EE-gI$-SZ(BEz1$n2IZ?_K<2ST!A_LLQ1}td(NDD$yxB4>E2hyy%?69$Qp95; z!RIR6IEin?US<+od52;}_BE4zicQbJjse2t5~-CwjaH`;NF}H2`lEbwH~gh<(fnhKP*CEP|Fr(`%e->V!Sg9oO=XAyF;#|3xbXuad7*T#D{=o)YS z)P56gYVMw?bY8=#`qQUfmHX%Uh;YCB^hw($tX|LB2(A347;QzcQuOh&wjw&U^{$K+ zQRdp9)l)6}^Jn_9X3AkfaUX&(2Xz_~qA+;2IHdrZi#c-uVcs$Y!fj>W&8qR}tD0yz zl1&ok(VQT*f!hlcgG^P|cTo82U(<1ieWRapl||FsN4}udNr<%S2(5S%D8tm^h*^1# z?WkRg!AR~~i-+Wtj|HpU!bBG&4iqlxqSIX+;UuQTm|qUAXP>nB$R4}v!{ z>LQ@cSzrvJTl*q@etdDV|LXX|;nDLqKN?F8f#5rA68Q-|27}R!Lmaf8aSU4S1)cGg zos6^oULBttzy5H3@YB(&qw4OsX%+sfoT~bnL{Y1|7q8C_jy{|mz5DR<(Lc_syS;~# zK4sR*1dK=5-X%ooKMC%B4(`)>9q*qWe>i=8cJbll&8z1}XN5iI7E_kix}YDE=m5TP z8XROA)E997S`OaX>(>__-kcwueRy&FvS2!#^>{ckLYQz}>pI-wx!@t|RCRK?e}4Y% z_1WPp9S!NJ@h(n!P7V>e?yYpBw!UBRIA{99`lfSz7F_1P+AhC@_ELCO=k^2fU>vJ_ zO&BFeY(Jwys>Xl>Rv-JIPWjB)2WDkhma7{S%%6|DH^Hcat`Co1?7w+=@!|QKgP)Hs ziWhvnwhQ3XyL^83`dtBe>AWSryrjGZ?^i|d%s=W~(0OxQkFA`Zy?%9c@zc?p^AG!P zE`IuO@sHDDW-9NAi+zAJ36~K|8RI*4Uyhx z2_V%JS>u3|Bh3Aa{aRq!+nxzr7RoNVed{My5}#H!(b}ykqZCUidA3zDjDuHsbTi}S zSN_n-;R-DlrWq~mUK{Vs)57lQ@?&D$_u&V``=5AFGUB8Pv~q&tnN!q9;|x_YP;S4W zJZuzq~3jQ+S6*GZ6G$NgSOLuOI4 zsY^fXkCUKIQ)baAj{8W;5V$ZbST~9GZ5|89=xv6Tqr+xjItKju z6&)Ku%|ysXThmgq(aa2_Y_v2JEgNmki zw@g>TDl5?@T9-=}d72Rt3stVc+=W*~Aj^+A6}9-ow3R{`m>et$w zkOL@xer`X!&-Ix8pCXa#Y#yKbQ{n%;vyt=v-q~(#Fa19k@xT&zc>hmzZxj?JSnevs z?X=!4Hi`RbGS5)ac7aJW!_xGWlQ_?sXTyfH7;w;T8X&7)WmZ2- zPBa?8_+c8SRc+JInk?8X%Dq$zh?)PJc?ztWpver`Jb1#fQiBs1AHLa^ZiZLXp+;uf zR-A}LnuX4eqEV3|Sao<5sW&Y)g!x+8J}XjkW^#ij+vE(!b9tk45}%>9u~aE?$tpNf ziFD2u><){MiNSBes;qK~0jdk8#mU`E4t)_Aw4i%5bf|YS?C{j4)+Hg@iUuSl-da&~WkX>ORW z{9*Z?Ir)AgwnuHxixb^pM~nlqyRX8>qDhAH=_{5=o2Np{HgIicHb>QL<~oB6+~=5p z+wxH+oky@oeSK$nOt9M1 zOJR9l{;NLb`5%eI1wns)DuAl^Z=3Bc3Sn{B(d-`oCwb9drF}wwLiA7xFAd|5v2@uJ`9 zI^r)|@%^O)L!4xZm;j0`yC26l=ppUp{VLSu zHy;q#Up5ea4(=@wuxsf#0l*rw^zYjdP|95F5d<&9t-nwLlyegVr;avu0>+ZCQ2tpm z0E;5avV3I^ES&pc4A~u^uB3JCgD5W3=N0y1T&Zz{NS)+l6|V!o*QZ?XTyH=@sVFfS zUj05!58jlqYcJ8{*WOnt{9k(8rT;iO?0IDC_-khE%%_zcG&Y1x57l(7Ij#0HZ-f4? zMb}n8?)rV$lN^OO$~V2N9PD!0Tqye)?DeznY0F({xhwsZcBRSBf9Cl=^R|X-3)>~k zo`iRx?!@#clPo>NTqNe@d_FAxQnmkZkGcOV$+y>q@bAKLU; z3mH?0Rjd37{{jlpFfVVaSP}zu;b*z;Wm4Bx@SY=HpB<(R)dP#U2q^Ci00@GPi zO)n^_XU^{mLJGb0CvgE&`z~+;JLg5t3-1Zkdy4w{n8zRweo;z^Mfl$(WZ)mWc_Mi3yj9 z3B~j8mzdCkY8xU~uSTY#tCb7zu&6YL%mZqr7p6DIJy4YZAMBg(efmU;s_L~*pIp!< z@M^3nOCX7&pn8iN-%4RT%!23_%VdtrWR7zU_&ZOokohcDuUPB&K((c>+~R>&EcqN@ z1;J&@vXWIs+$~wZ1$*5x%jGi597o>)y{fX{a#K?B*j^LpFZtqmG7F!poA-c1dEbNGIx; zPUAR$?PP3FO$qJlguuY%)+xwGP_JNThP`r$!rZ`UM88HnS_@KW|s+OmkDN<31+p< zK5K&6X;sII%OY!00zKkYDCrW9JCWnI?w-Xlv0|HqTp~>N%rUfoQE#<8%W^AMb*H3Y z;_>Yjc$Dde`FvWfFl2RfddA#co=tOU;UC$_NINcJiZO#%(rHYD6`>WPH2mFqjaD{q zY0eF;DqKxnwq@;Qy2-NhPmT}B!k%W1fJ(P^;vvpeKkoQ_l!W=ofB<%-R(*JWP7FZ?m%fANq3KJztRNc`{C&SozDH!Z)6 z|Fwt*mhR&6f9U}!cq|iO8)eZyd1-s7rU^n`{I$Y-3LHL;AfJ;#^O!<>)(*#Dj@q57<0rwiys8=YSMll&(`y&?HipW+i2?aRmzT%|&;E5xQ{t6REs24*;NhI=N z@{QKB2BCRvf8<3LmvREp*`Hg?zJd|=CynDbj|g!6zig~U`g0hE@_w7I%;$dh=8htS z9HUFvCQ)AQvBkd;sFt}jWM2fabeO(8jf_A2a>N<|%L{C)% zfwtt!IuKdgm=YfL`Yb>WM)wz`#oQ;Wl~V0?r;1Bd(0XEnH<=F7WL6lhH@U*H8htru z8!T=A039*1it^PY1I^m0Gt9D|_2B+B?jVt}I^tIy0@rJ5T}z4MJRg1+!nD?`P2eP7carQvQm= zv2oWu@h!LQep{1vj5}@fHhc1W?8V;ywwDsXU-T)^|IbwhsM!CvTU+M-zeE3C?*EH; z9(ezsJgeis*G?{$+vB*!{epLJmZ8y-_z+VQgr;z9DNaQ5P@wfAy&i(>+rN%hTe*MHq=<^w$38DS~9CgHD$EPajZJxmn`P2-lY~CwkGjtA4uKZ z(Czj^itk;XapEyktb$QR-Kry$)5OX7tE}^?qNk83J1ebCcY#S$E&P|PFDsZz$7&SQIZQ0@11u`u;ezL}|G+dNsat4X<8i z%ADTSdzJyjyf-b;{3N^9!tdB~_Fuiu!tKA>tya$diyp?8=l=yfi#`7Xb=jSMs}A_X zf|ETr9E*F0VVaDGAj3T$_pX8hcj4uk|M8vq4f>!QY5&#_`=A?Q_0%`IiIlZ?!BwkP z$^ZB!@@2JEJ^Yo~D%T9?mGXe-ZT=~p{#pfKeSTfXgIUSfRdg&(%0Bm#xBo)7^+no$ zwKm(^Is32Ha{ph*^EvImSv*T&0$yM$21S;8`D5P8nd#N*q5s=BXoy*oIsA&FtwN;N z;|E-Ok)@J_vx3vFV$aC=1 z{@DdN*?)D!1logZKN)%8fC&qUeSLd$c7FW&L@l7iqS!w@wUyW(4wXWU!>~v0<1x93 z;yVJDI|1?O{|DeCK1{+i5K%!=5??|A@|*>DCtb=>`tj9&k{48n529yukkmW8vZN_-l=JmjQH|1cPuqfEpKm^!u3XEAx5L0_HQkyS{#Rcjx&@ z65nC859VGGbkp_7U%#a+D^5}o&K@H#3}QNyREa09Rc=ISEtxHH@z4$z#}$@9Chw{<_h46-LLe|DFU_-&0gZP@g%l(9gG_k9QPB z7gcoT2ptpja2dnx12leka*lf{!zIKapcto9E3fNz8x2zXO2LD!&sew-FN-%qKR^ay z_3A{+{|h8_5fggO=Ur!Uz)3QW7zn{f9E42Ly0@}=Gw#q6Pai9?y@a@K7P+Men8KYX z3ou69nEaZ?5d>P;bN=vPBlKz{WBugN&9y^2+}R>-uW7<9a#fv{m*E0PuviG1(#W4S?%n%6no73&^S;!)HPAF3ISH+1|?I%G?JH@PTAS4>TdT+-ZhRz_)p` zbQ_B3E(Z1vEW!(-32HmqplW04E~Mu-VELeu8fhytTWMaSVO&ALkxd<+n$Wi?m@nH# za6u}o_AcmRRqX`Hn_-35UCLb`=Rf;TK|oZraM;BkEnp=_q2N5zjl*P%WDI?S5()S{J&c zWK?lHA_M=PjQkrqP%6IM0YQ$bJdW}J;81Om9G?Ov04YM<=w&y6??63=btn@WjTs^B zlBe4CaoerO58b=EEb%GFH|jN$(e7Tk<;$OR1m`0NgvOUI-}HcE9UmNhI6gIZyt*LQ z<#Uu@%k@O-!2h$$-Bmd0ek2}4pXQz+D1mIiDnOrK{D%<@*sD8i2k&0T#4$;e(mslW zl(<&1aSFSSfFX`J-)=xdyETl5WY3HmokjsUDi-yn#8?S-tNqN|p#N*B&=p$32&j~e z7)Ibyn#P!8wWgEK`+D6etpijYycXe6I$4xskx}x=>qC~h+aTn6>rNNQ;JSoC`OC&X zrGo_}INpC+m+G4)fVp)Rpx=#_JK)Sx9+$N5`z^f)_n8dds^i3-` z#G(I}1Ike^npmdn(q0E~4|K;p#7ow7D1K^pTx`HLgjOJ_9#8>2q9?H1Gv&gfLHaEE zpPc=NGR5wkoIxt?f3`NZ4El1n$i@IcI6aNec=i|%E@FQ_tXL(7rbTYA8o%+L}2ZC8bsTDSw zc%8O8j3YF_X1>BIAjr`x3{;={2!ZJOZk5x&w}m0ZL&Y-HY-A62BB;w zX*!ghdeG-C%BB0z{O8!7AOS6dZ&vScg=~96t%3_ zRVwfH13wxM_b;g!`hsFMy{0QDBYi@vk4F9TfOgwUwNko;d1ad^Yl63#K?%QxenKZE zpy!ssE@?rRoZ<7+hmmO2N|#Kp$jMS)OJ0$W*5q_nB}Gx0(?SDt&8b?_T|uay;^6yg zN>vLsQ4@GdISR9LO?6ZjhmY4_gbW3}aX&~-BwNC+)z`(eR8TwTUB_)2L^!$E(F;H9 zj}sB7Y6SYt2+{OoLV4Y3kc4msL7Lnp8}+9492BqN=>CAA*^-SxFJPbQuA0k+Pq)#s zs^gZgYC<(R6%cVxqogIAG1rF@I)^iY$7*i#hfc$;KC{Ja*x798yoA!fX_yO20 z6yMx+w+l9;$T&QHyM}y(s%IcuYty5Q8%s>@X4~jm6?yD

i(6!Ze<;n0t+z`6#pMG5YUpA1X=!=v-#v!g?^ z{-&iitVFtTB*0YZ7;Q5Oi>zQVDuiJ6sSv^+yn|1r1d%5RHeoh=3y2E|!$ulxS?36* zc**v9;H!~BM4K1oyc&ENL71WBa+Of-;>M@s>Ho^N?|=5bc}nTWGW)E)@MzTQ%eR&F zg?XD^U%svGpD%_FaJOv$!9P_uLN~_`vb5Gl8jMaY&E(pV1OS-BywLf%r{pB?O6iII z5?K0_-)OCi!&nr5Xk-6WutYdTvK3NiWvKj~4JQvcezf&yqf@rnpq`3nSYmrTAR8%O zTXxo023ILULJOv|h46t{fbKa=L@wMvXjg(lX~%!t1Cv6!b1Sdc*7Wfe4^ZouSFa1X zPIVj|yfNB;1qoJfK-q1?o20K^Z>(@Por9l_ULEbOuYZ;9e$}gY$+22-1a9hrunxu< z_d)|$(6l4DC#%lN>JJ5KH?#qrCdCIppt%ukL2gFhZ!gFE*@=7tCSGOYwcxRaFv zB0QW5fDxak1PCS{=M_Zz{8Y;~Fm>v0i9_?H9MdN|CGZe(U6#UCi5_Pj>$FU<8vf#; zO#Pzf+P3xs6r;wf;~jgVjq)D$$ZB>MxAzs8ec*Q;d6W3UNP(N(lDoBi+8~FMj{qBpdn07~5j!mmYcg zl<$2Y&sdKh=Bbsb%S4s@Ou<=${6KzKy$nI!x=y!A5srd;xgx0R4sp@VtxsH-3-k~p zPdzlSd`est6E<>Z!&)o*Dv8I#!ljL0%hoolUc9*RyDAD~k_P)U2nHR-KI$!TR;%V3 zXV6*Um|=ypwx(I)MeyhgJU7G%S2)(6VTrT;)irLssiX%v!m4Gip@l(ZF4c^3joTRTZ`1xhOw*`h%RNdX_30MDCZuV5OC%yveBqC*_` zmA{Osz^P3y6&mS#w@*JfqV3$|@(x4`FuUd}>+}vfIAI)PD07Eb5!jCfoRQ*pjtM@! z63&A27_27Vdq2Dky7%3_1;w;?D%Oy2AOhy-gakgy#vDP4R z-M@*t*RY4!x`%p~^eC9|@#6^nx(QR}JpC$tisxdb!T6H!%?Q3aT4ySl1r#~mnh*_- z{HurFI03FZ7$$zM^9IWdo!*HO2*R=4i-*9n4~k6GXSB z0SmL6Qg06od?7&G#+0*kjCbU)e=|@={VecO0Ua9HE7Gl-)pRKJD+N2WwzDS>NWCrt z$~sk@Xx9Z(b|jQOP7V<^5vE|Iw!U9z*_y<|`u;h%KMOANUu`ju?ScF(Rd0fOTg_Y? z!n#;}?1Rb$D9q1bo;ey64r^in7TBjg6}3xob8vKaasJ`(*gDyoC8FMF$x^ee|2&2b zkeN4YbowZ+nTQFooR!n(0R)S7T1DI!3HLkH5gb*G~kJ5M~DDZZW*;u)(w(T2~?D2 zNj1PamUSlEmUu51h^neHApiAznUWFn!&TV(NY7Ru$}i)LyNx1%mDoC1&1JLTf*}la zWH}X;P9nRkfCCb%Jk4z8PcUy4c4MtPkCQ^ar<%tG%eYMXjQc@iI!!7sXFKnxtxw?{ zSB8CvM<_y>WHr>cb3CePolP+iwkcUWTx`r6-yMbke>RsBvgBIqSjv9-K3U|`Ubs-E z;LUaTGF$IDY}pxLq7y;^&>Gjmi(e+uP0PNfV_h}IsRB3AToi0Sh^O70mz~Zq z1gI&E;b9E`>?R|FlMj)J567K;*v)-bYSKUKHIwkx9|gJZylU4k?DJqhUAOdGYZqMz z-pU72F^p=0DcX1PDO=~fvDMiimXU}S_L%X1{9)*daOd;N0ap?KbEnnbG4lV=|1RVI zEaZXJwYc~{l)8?MVE^u?$r8Z|;w;DnD*_%)oiWa(4L82fz&?1zq(nlQCA_7XvQL>h zr3W^0$OHt6s%A-C9cvs+aewH~BWS3$4QWjl>^PNaY1Oc`%J?}69`yY*#i%Jce+@yT zJiAnStkh7$RLSsxvMo(zT-K*XZ`yvJjQfEekFaDeMM{edA`m>_txb-xSIjnUjNUFc zaS%~7siuS*fPer;dgE|yQG(iQDQDx2d=t47zsuz(JFk*L8^ATW{ucIoH~tT6tk z0(f>RE1K4yD1D_Cie$zCx$Bb(%2Vb$Q?JoM&3mTvHv`&C%f64PycG;6ijYH{Q?^5Q z&@Kn)aZUV6?TN2B?-HW;uP>8!q1m3}DU8^p!s>-%lssh{V3BZH8c9Rb7GZ;McS(dRQZ>g&7C z;~Rv|PBb;$qO$b_A0T*y0f)Abu8rNLH!GSO5^`B#qq!& z&ZY{eIR9^NY?%2!THEdI<@tXR&tlL23yc42O(uUJ?m?EJebs9sV~!qm8V@mPQ~KVN zyL*&7Y3!0e+4jfxe+OksXP5j^eAkq9pjaSVolH1n%t_`qc6+p;9VXUFwfoAcz&Spo zP=PmB*1s2Gg2FYm7;}r_MWvPKA@{Fxz}lAom3QFD8dg2DEN{(T#SCOcgO9^7xz`Ui z&Jnys>Y(uHF?TW-7_$xVM9dwWoJ0DO4-%v|i$$m19H6j|`bKL|^XnE*Jj!kvuC74r6+7O9(^gS#TAmBYI-tc6y)zPD{yBOYq@-vL_$r zV`OJ%t;Ry~54%=W{1~vnWEeGP6cdag78AeQg?w@unHLS8>B!NZ@-0&W$l+h|Qzbi4 zYBr_9H?66^rqtIBgnO5wI44Q)+c->u9+ege)RnfAX% z#)EtU%4H)EjV5b26t!o}Q`~^xg_P43=|S1J=y0ZO&Tp49X~0)6b%4V#1ls zW^BsYl%QA4rV@AYGta2>9<82L0rd1Us~A=DJ1MVxBH6vKGJP5*1I_GN!(XP9rQ@LT zVQEEm4CX{=4b{MHePqbx54N*~c+i|*6+|Ezmki1bFe=(P7oM)o3GkJxT#7Q4RZNHu zxqhlpqPfn_h!)Y-)TqfdPy;>Lx~oQ!*yWQkdPn+v?U1v-JnL7+(%{jgUk zx8dh=&M8c+fzGrPbEY$eW!WK!Qw-?z?Lpya$Z8z*F`6~Ih3G>JxIx@2mf2WE+GcK$ zQZWXasB{!W-9X;$Xb8{>a6BCJ{czAkowq0kU{KyG;c~P~@(Hm)7Xjdb$*&WS8Gy^N z%fd0MLn3vEy}0&bxhF$bs*1cK7Oc-wkue1J0*HJ9p=1yZ5dIa^pCfze5JM_ALN*KR zZU_&79yz|mccK^&37imVOLrkXatak9gvbq99&g*|017>08mH0*Z4>E)o>xR$m=F9e zOoNi$F`s-*6Cbjj(%P#m%mo?IbDcRVXjpa1%F%++jl=(NYByF$4+rsJ2!SJgIv00- z0-Ej=Vv5JWCg~6QiH;zpqS6|!hAtF@NJWLXy@jwv6h}e~68*05cCwg0)-NLDj(lfY z*XZpd3(;tQrq)LB$nPH};VnQuw?_MOY>ZF+b9UER+%DYL#N(0j(#g+77K;0QWNqSlZCaaW=wDSFa`IBFIC-& zOF)xExQI<@6S0CUoyD0PC1Gbgf*VY5=Tvu;dUVR^NFs=md3+~ic}cN)Pii+L+cfa< z^x9ALT~2S2O&S8Si=)7$Dq?*6sfV@`6 zmg~Yh___Q4*rIX zYNSRtz7Ee03yp)Db;`C5-VcZz@Rr5GA3!p0`X}ASvjF$l>I=G%G0ij;nFQ4qP4Qlv z-cJjKP1VU)6Rh!rc_cFn&=W@dV-SI# zJ~xFG^pLB)MsgK6E250F$5eql93vg%8o7_hR8~l15(NQjm^d1kK@!M`JUA;y6;~Z& z@ce6RgMiU5n83p&6zv3S@-6@l_eubwmGowuK7HTJaxOrM12`xs>xwbtdXs2w$L6W9 zYW*sfHlDS~raFK6C&b*O<6?{JO$wW+mT2JDxP$90@OxFbR!&^`X=b@7%!w{Sr{OMb zQB~z>ww`*yQm@`o%k3sL6@gQn)DV(+4&UprOd!A-Tes)##HH*1qd2Pum{_Q?^($Q*Bn{3Rrr(p0v26YDJ+OP zlh8H5txOAV=xk1{{2o$XvgON2SSs%jAtP69Xo|dS4S?*$>cb@95uPYj$jLlb1mabu zYL=peQ8_;kM z+gRHFEaG7*-5>%Z*4>5(f5Y~N1_XW_#%VZ;llxr~cf;NF^@N*0xGk@TW)a|Gz$37A zfs8-`y%oL}ZLj^E*J|{_s{s6W(`&!Iy|cT~+w?n~-j@Ger`P>%yW8@&FSj?gdhPAa zU~}u)<+Ju?@4M}t?RLBU-R5^2?TzoAZT5Pb-L0V2>$NVo8uB!NRSnr{opXO)Pray;o&7~it-6X`! zi?k+r8FmuzGx;g#4+s((W-!1MJR-AQ9Fcx}6?WILeCusXj# zqKvE`-=o5yb5Ft%xcz#K>loM>Mn0#!i?;*vdL!%tK$b7-z4$Kb$9^wer%=SH_~s7$ z!t7@0AHtTF{wWek(?5A5jR8FnGqX8`-PW{`COB@H^v?5Kgk81%wOKVx`V63 z3qSgOOt*DenjFv$>Fi_^t!|J(GzyYo5~e|OjhP@)(1WBK`h5~`m!_Cmc*r?r?XgKc zjz$uYMnl=k`L#jHZj69J#AeF3*A$XrcCTr35$HzgIPton7u*K@cu1n)j#Cf)1h_!j z%~5NUPyyx!E~1&eXF|c!iBIbQog9DpdE5yoKGUqV8~(>i(Sh=nHIF|j zJ~EL9CxcFVIs#7{#K~zAplvIq(;#io?fPfw!%bRVd-EIm3LDt;zV$Y~VRih3k_fbc zKQW3Boq{kLjz=V=BHF;mFHe}|I@ro*v?`VWkQLkC;Yt7Z|DLOqN9KDLxZQ%R)4XuEOYJqcQTYs+wi((1L0+ zEw8oXwcK9N3H=D1CX=1bMq@~q9n0ET)hG+uL;)qz#Gh64p0Z}R`F_@ppCmp+sa0aV zmUZwN|MmO*dy1)D7&q_<2M?+jVF?tR6=>8 z@o9aUpTP7LOxhEo%o;hqJc&n`QX(4BPi*KMB4m@W98NR4yKF)5+mT8ptB^v>N5aGghkCI=d2-uEv;9q zv^-z{fquf{)X8oo&FbOEGqOcNqGFU7Fp}@c#$CKN*ugz-ot|*1zyhM$uGtoUFQqot z<`Aut-~xylbprpE7M{Fk_!ve-Krr~(^=B!vd4O&K>Jy>@`veTpxD_}QQcT(SI|#I>dk-1!kM$}6bN z1hIsh)y8QWVi4PV)-5-F2Pi@b?wq7$IA4grVL%fj5mhE z`c>H!z8?C&(N!RN&t^lpzmhHqf0EA57Ui94@EmQ>yNTTCr$yD6lEwb z=aXlZr6wyxmzW(kV(ucOUy!T$qckIfvfNRYbY@16=vp*khs+&mn7J3xUIBj;yZq`~ zqSaVY`r@xzP2{a=`@$F4$?J=wb8qxLv?9cP@ngjK%fM|^jnc<+{>yfAS4pwA_ zM`!|MR(=MhyN*XLDEk$zaV*9SPsW#}6s7wWB=J_7*;`qK<6L*t$I9Fo$8}|ZFKK3< z(E@Q}0&!gcygla+h(6?d3Kf2GfW6VN>}(OY*KF8O(3%PbEfoc=`JkZn04QjgDBw(k zycu34KG=#f7DC}|c^lqFqw&k@h@8Z?0h*zf9A?gaT7$w88j746)cy8MtZZ|&+ z!Yekx>rdpL;G67rX;*2JFBATW;t(fKjDf;%yUD4At`~ZSplc<%L8a#pqVG}Ay@r0h z4!;^jWh%c1JP) zbCcGD&69`TX((ZP{@$g3eh-`Fmb^^%m|sVb42UD%IgAdFe8f9;=S(SU9egV&X{F;1 zUBV$Hb1<-P@a}qK9HHqyZIl@R2td{dXN08fZID$c;P6jQ^ZN$S_<-_{h&pgzS!b;6JFyVyn(m_7w334FuWIgGA~7ZdelIqQk>r1-FZHO=*7v^ zx-eW=e|daxbaIXXiYO-EM19a-$xWT^C7fhnXX*QQ;56o6CETTf_I#IwK+bUJzZ?M# zHdH(M3_SuSI!?6!>>m+v_Rq=jxkH}spC6yEHQpUx{PgK^)@}mDQ_}K3M75%_m`lz)3Y;BwQzgn%W<^BI69+223 z3I6tk)CvCv+mvBL1h*M#uBh5ncbyGdqfXe0p$@8OpkeSp>UK0eIIX6Ft<|n9t4ahBnqzBQF@id ziWY~rztO|{YY5K*2fHBy3B7{p*?@{3-r@NNxafo1GH$5!_TZd~S4rCNuENne{+EH@ z@H)RI>-b;s;`(YG{v&>-x6yjm5Tr*M4^bpd8((|r-H`sb#~ zRKJbKdg*I7CGs^Q(H-MAM(+u?v7d*VKop&Im0>z=6Q_qU+IK^23oOz68fT?gP1Kt zC}^=|YEU<;z=H9JKfD9A&d*sLPn>4O&6?6)ldQ^6XFP_e{<((V8w6NNLQn-~DnvZ3 z4dWg?E+%8VXzz@BSJp^=wh{Aa?P^L?dHJfDUcYU1f|1`+g0=}aY+Kn$V!M^&o01mz!*k@-!!)mR`UnyJ ztPIkD)I>Uzd{n5eLE9aWd+MQC6rCSxyGb0? zN3SToMDYYD?)d>7e_ESGXXPIinp<0Q=Nh0=pD(JV=~Z1^XBC#no)Fn;tfYF_R%?7| z=;rAA9EcV{6Y3$^mi2zl2wpY9IW(2dWVu{KjC>Kq-e+4M({=n^WydyIXf7hu3?y{+ zeE)#REJZabDe3s#N48F@C07RYcyt{n;qT1&VUk%Wt3JOKeQ}w~Kfw}%xNm)O8u!Tl zcoe5yFeiB5qg-`ddUz#P(TEoL`0{wnuw zJ2Ga%61f<48P@xC>a1& zn5upI5G{jB^})wi7&V2J-0>=>%OLjB>GMG}Y#2qu{KomJK8F105Lm zh)J1?fD=L_5Hzp{j9kX!h;Cj%lEfe#etm)ND@ibjZ^6vtntKa#W9+9X0po+gII_*g z*I(DvK5|Hr((2+5GyK|NZpOuRncSamcEM9*m%Rjy}|+N$PKS zpZgYn`lrJFLwKOhlnuBl|L;!gnPLCYYVYhU?LQXrJOcXVo zi69)l)nCB{RSDb=IAsBiz&7sAPkJf3Xi#a1g)m@l_}_ptT8)r|g@Fa1h|#lt5vRH7 zpzkbrWVXaOdY07Gn^Yx`Lm(iRk~y!l~uenQFaUL-%MwI(aGIP*VT#$AmySeU6d!L!O%HpDH;&WwZQL-V!U} z`_#1B82G5?m8}z_Wy?Z=$~qG1iE?8HV(5d>JN?hD$_7WLu8U*DlYO$3SKCMO@6>mT^*mnSJ3S%`#6Ve$D-joOy2dOiAJ(AuJI^gTXhg{LLBo&(oWXwlbL}B0u?bHu@S%7RN z_6Ti3I_}^XQv^DYe<{;M=?-EE@KUS_WN&;OodkD9!#>OsxWd`lQ{vSjd9M-X+69^d zjC}!PgXo=@K?bsm)?Fvy(LVeH6ehVfWZ??a_pPMfWdUH-R#9BOrsq3Kp_GfqpmAdf z{_;uN8n9kj_BU{aM(q`I<>o=ofr+EC%{MtbFs+tHMD(aEN#1Sf=VTJf{cQ-?W3lyc zQ(L8jgpDF&MJe``MPhlX5A>D33iyuT$q9#`6_!;fdkFywa+VP=oP>){sYxH z=V4#P#4{WPy(S$=8)PW9&q-Y87C<<62k%?DX&?A2Ntr=A6dG| zw3OM%vc4GReHJn2DJ@Xi%}A&L6|{x97GWN`0!<6P6J8|JlnO#^Zm~{j$8SZ*!=IHyDhj*SF_iYsrsojCV1mY?AIIP+>A>ZS zBhI@8dJGvhOjTs?`EFvMFeR(4+L3xNqN@X7R6pY(MLDBn-EY&9GnNnD0-yx$mM}mM& zroy&oWmnFSu%-$K!n3hC*`|u4f(Dd}4}0e@rmP)xk_uWZn4?<#E3;%AdW9S+qF(Zp zmimELvW7jCA6O2yYSWdpz#A9w3r-cbWCoM8uQYKG6$BtcNg^RQ0%%8p-?BK(!@UX4 z5y;dw24RUr2?4IMIF$L38C?yt8RIP-F#%p=LN5SDZ^nd+9RfTa%}Ut`^zfLsMyE~* zJXW4&DmIMi_xM3BM@f__8+G9Cm;*rhMX>UcQJm->_Z z8dHAYd~k>zt(01^M%oR-+~!nV1ui(x==qMa+Wmh2WjI3RxAXq}I|W6=`7a2?2%(+m zaJK6=pDA}xy~FX5l~C3#ZT@& z9p&Z2%7upcl-k>Bfkdd9CvuPr#X-{?%G0Mg-;Q2D<9M8d6tE-Sf|V!epQ=rm?zkpV ziGi6r=J~2RA+596S;?x!{@GUVgw$O{++wr_9nY7B^T(RUY)DjL|Kndmbmf_%zf{J5 z*=lWWoAy7?Hn*4dKZ|%Cf&GtW0qkRNO)ALsf_+AN_iQzzX{3#nDI^ND=&6P_pesI{ z7q4GC{Ct+(>^wD z6yaw-GYN%@U8rd|%<57GC*&>wn%E_+VoPqHP?pl0X&#}0hn+{(15^d~5D;jJcjEdrjZcUQpx^&Zt2QM+Vkz%A3_t+~8 zEs*$VDQ*@rzt|AV>z`)BL8f3dVt(eePJ}#}EeR=Nf;cLFprMH>jn|w_1wm5wl_<(x zl*kWRSp|7&al|$ieYNkhRt|5Lnz=H1?Ht0?CIC~SiCjUwoeaZ;Eht5%-`RC21mDJt zT4J-vnE4rN3T%xw*f$kr6iL!OXKh*sEsihC=sXWjjB9gBmS zNddBeTzc9*4$M%TI?n>ku;9tsYM0XLwYUdj%lt(TTU=w5K*Hg~(Gpg{j-s)FY-YbT zd(RD5d!aBgYX-7OHW;-;GcPJ?Gi+b8Sm!aWqLshGGRpJXxh~5T)Y5v^T^t4h}LB@Bci4*6JS)g-*P6=tQ7<9j1UpR95ygbJU!&EVr-~+wF*%Qq0vcJr?96{ z4R$GeIAin&nY86fs6m8bq>!;ekvQW*;4x=zkHiDIKFrt7W%?s@NM*WY9POuXQaDPn zzxfBlO`DmdN*bVlz6_)BN9M$r>VrJKIsh`vdXx^}v8>tO4n%)5!_Ia@Y`Y+wc&*f;@Sc0!{t9YMWwy&9N{W!{cN zu3-`6to|Cacfdm=7SEq%cQ^woi;%@LdLvy!Fg8dKglXP|pD(4nNTht1%#OKwhPQOX zy$T?4cu&WT0g|VboqRZII4*lkHhVqpy5XQf=*E$5eH-bABql>c6g!>QCgUQpc(x=>a z10*=1NnR;;6gHeyR)yP328>Q2%7?u&Hx%iua_a%8A6MXHSu-8sxq>Z{5`Puu!X$90 zgfP&YnBWl0O7eplE+LEn1#wv-mzSX9^MkpuxvZd2u?tZ%tC2IXiTH*n~`0z2B zg#4C3WWp3&gz-9<|Kz1~DpQM^lRTaGzh}Rv(p|YTa*!N~MGy0;{V#2Cz-$z90I`PC z@c=AcMLb2HPmd!GF>t2w$=A$7`RmMQXq83oe&r9>L|iloCx>U=2rhc)!H=#*=I6Xd zR}nt?&z#pQ2-=s_}-@GK4 zn6V@Q)+&pTEg6)k;XS8}R|60iN2+n`TWxZteUngBl=@YlY$rvLI^DeB5tn9(%s5|DRrLy3AQs0{)?5+O@@oKuJ+ z)ng}5+eVPB1J;9S2oU*ET;W`iZ$c{jE>Q3pgdA|D+Qq?xAP7M)0m#lh+1~hytkOL# z7>-CVybcBs>%j$&S-OMa@ILk-dHQ;r{Y%pD_aJRbkX8hKM9dPpr8C(1c(@&hBf8HF z8;4^$Ou9%0xJeA+1cdii``cF`*dUs)(0AJ#^ixwb$cAS&w{0}{UAwTk_K&VIP zyGdQ3+eR;RE1L!A&1c(MbDQ68)dV^nP^q>i(Ax&4w_C-isR8se0|(D`iYLy%bkGaO zgDIhIZM2J#GX>bK?aku3)8R(?uS?e6hDIP8TeFe1x2+Kf-PCFV{c#4UOS`E<*Lrh1 zt*yFr-Ts_l@9537+U;-ak#=?+B4SDi=E#hqQbHs!yK z?PdOtg*=Z&{`*;)w?Yo`s0U6OjQVWy7^h27GUEwWZwpo_Z>?J{u;uzN;?js%G@j9I zQ~Sa@%aS0h2wj?t8<)548_xJht~~ub(a#+y{a9|Mah(`-#(94yJu}Cp&@M!OR9)jB-Z}K{4qx?n1)BU_1g_0bvc1j=R@jzs91Pdk~=3OS!eb zYP}E2<@C0z7bxK-y5WBrLs8tfOm5P67m!{YJspude#q>{@sPw6FN8J5*&4s#;kwCz z2p}fmOevIL$n!LX)M)o;lh?mzrXV4YT;8Ea!y6^3O}a)>Hg%x;9Cf|MPgKC5)z?@< z;Q+1_Ia~nJT@sGifzx2RO18YD!Ai!gZ zDxF>`+?tw-{?y7Z`5kfzBW;Q7OFAy4 z0CAW_Xw_An(N$)5z}_Q>7)MZAm}*}#XLYsnqB2<{{LQ(&oTF``IxL!X0$6l|HH%gx zv#{3f6x1>&xGlVQ-aD$*jNC`+RAzC5?Vwf3gP(hK{Pmv-{(t8ua1}qB2B;$bV~f5t z`Ty3|^8Rlj&m-Xf2*Nu?XvFV;m&O?EK1dSx`*=L^ugZ)xB#rX&7ygx}!?hqZ=C>A z0z&eKkggz>-I%h4pMw5?CkebmeOek`ML};34JP1U;C0-AjOpSA;BQ8mjN&WGxQ8$D zM0JtZ$CudN0mhsmJ?RsR zolyZBAOnrW8lg<-hK`*L@-p!0Ap>+{P;L;W2)e@Cz*Id1Rb%Qk8s{0l1TPSLcvm&m zG$`Z~i$Q|wPh~nQwVpZ`0!pTc90}7!X%!VNf9h{#JGVqLZEPj#=mTU|S7Umw{GG69jG`?rQs-=w#W4f)n z&Tb8p^isy1QRX>Eeva{T<}4;BA9I8_s;eiJ=D>wO3EVHiCcF*wUS${uiJ7cIYCUi} zS4dUN6)wuA?vE;%IKOr0C~z|L7(6vM#60JgpBw|pH5jwi!Bsu|+K>YG_>xiPFhuu| zL5wB+h)jr`l^bq4j!p>7y+H@%9b6f(JjI+x+FdPJ;u;(Hyhn~|vjmze$CJvnD80<(xisi8NJHPv(-_`)lg0xO+}N>)P2 zysLSF7c2^y7r77W9$Pk;h#I%3gP7uHZ(~jPk_$#haW2O#;ZQFxGC+iTs|tp!VnQu_ zVb!u6Yyo5D;j9*za0w{li^_7mX0GRoWnr5aJ-Uz`Eh>U3ZjAOA0Y?GEr=WX0v)ZJz z30CjIwLKaSI#e>)08RsQGh#WyF|~2TN@ig%G<*qV*p-!T6u9U)EreiP8+o*>f3497 z`40-nmoh0iT#NL<6w_2xf&|s!NU#C{WyZF0xO{*?))=CV8`OzFP#{T5;rRmjH}GzC zpOB+hxw4SXJn{x5$gILCH|^!LsUEk%9638td*p@o8(m+iL?;|q_(2|{8`z{5zuS$I z9$y~!v~!Gi(WfVHTt2B)LY0$IETigYd;OjdPWj;L0_MjlcX}Bo2r;)La3vy?bNKpF zz595d3jHrT_dKZmAN`om|Ff~ZjQ_Qe=dtL2Mf9)i_76!9{l>ip1jfOipy&j_q8C!K zWFb+2&vGwOP+ZWnSj1EeRH*BB{O%1#5@3AWm&Qw;?U>A|9skL$6QxG3M5~-#BkF-> zXw%$a3l(LgRF9{3uXv3z^^%#?I#U&98mQIm>X3cqADU`&LPsSU)Ebfstn7+2fJB5N zmQ~i-RUlKbt+!+7y;c1=2Gr3@s;5q7;il>4)Nb~80o4x8=%`W%Pyn*^dwr_#2jSmfzewX){SDUfP#qWmf~&Ret+nEB z?Pk#uud}2zs1zNz@?Pp@J{jR7%q6WLMAwB-;sPh$!rz3TFRlB$(yYq!TiO8}Qz98OnsY^g zYgyeZx^8!Ii+yr)SzId$0&TGxr)3$FLsJ8ivIY0KInP6&e>VO#?8 z-Bp|fDSr(?e&GE&6>t(}5KU0C^7ry%NttLP{aq$Im`r{EksV1vA3t1BNxf3a=Ni(h z;Ny^4P6$=fRXDmHchENEm7g-{vX`!>!GLzR-l0ryy}fz4-RcFK-})Qh?(B58gUgN1 zWp}IH*}QzVx!rxX+1hy4dA6}3d`!Hn_{qzymiuyROABv_-D4sH@~{70{bj@b?w{W@ zSKoX5um4p4bn*MX`#-+>`+N7F-|%nQi{{r&sPRp$ax4E*aHSm_1f8H?6AZbapp?;j z9{!&rt9q~eUqLXJKf_4XnzHjF{)NM#$*8$9fz?$M-?eN^uuzd$f1Kbm z4wy>O`t=Fo&V^-%f7MzU!bzG~y`+l>xK;c~KYQ0DXby&?=U$pQ&Kp)tirtAUnvaw? z(V0e)h+K<;)Re$_e{v^O>@Y7+vG+Mw%+E$P>4bD6-Gnm&lCSDhk}K;x5}Hy0`U0ry zwRF~=ip&c4{|fn!dH+6a{P(SV{J)K7t!GR5ZxPR9k^hc94&h!GBso-b@o>QGyjr-X zRp)d!E5fcvnQH=GYzYPeC1E8cVGkvoWE^$L&L;jD4$jAym*Gcrl(gS+9iXY1umOUG z(LkObrF|Z!Eyp<&)CmW~R!%44qofs4rm#RQ zylYN1k$Ih8MXw5+nTrdyqQ_j2uxf872GFEJtu@x~B*a#Je_Tm~EXx^{Ywo{DS}c~6 z7&T_YQwURppn+~qSfr7xoQtnT77P6GmdjIudd$ML@4iZ4QWuNTX~~KyEj5Q_BhjOG zRd?xFL#JfG+rG}cl&r1Jdr4t%L2lKbQ7_98!b0E13_Wy;(Kr=d7L-IHif<8Ezf#)h zVBmfxEY{hSdA5<<&YaJ1tuj1(Gy5*>7j9%==`8%JRI}TsX@;V@+lOtO#&j1%_{r9k zXGxKlPubF(2o-hZzY6)EPC}eKu>EIyyR~WRe_QQk{FjA1k465!xK1dyLULn??Z!j! z?Sy5@98B4Tu*mt7YAObR>ae7) z$1)>%6y$An8fU?8<1m4Qz`R2O_KJg)xpA7k(O2STnuwYnd70_hL}E;)6HocJnBZ0a z8v1Er^aMtFAmU+Mzfnf29&;ZR>0OCT^s4lC>Z9MC*z*hbl`51fW=FY!Qet7zf|*|5 zz=EonhXZTAeoi7ePTw#%^jmC%k>eDMf!{}``{(EHUY{MF6CUjNAMu#2NA5_=oKw2v z1hJ5=)w%{ocV=BpER3?D`Q(YaNlfc_j6? zEbaz#v`5p5t001q*X!5uojZ!xM@c*eZ}w}tdASf`l%E<{CfM~S+2CD9e(v2h<j zQGM^Z;jbstdix++A4m8*5WzNh5?aisjVDUr+xFv<|7}5#D zgk7nuMIO_>8C7NH1;pXj4bC9TLtA<0PRTT{FLn#ziv&I56ts0Y+4;)j9c60Hl0BaxY0GII7 z%%L5!%Y&nIpK?@lI?yv({i`&n+gJYZ3Y3Vsqo$?G20UuXmgm^f{*~W+M|&g4`)eXu$$h!8VzPOxq4r(FN9XdKr+sOrawE(9v=e|F6H4_jNy z`0tB(9*h3}EoWUquU}K8AK=*nazZnuez69e8{o~Po>zKn&9}D_Rl7y&uPfOTu4*=w z>l$usL$D~=^=UA*>o`igRvnaSn8%)nj}lM|2VfCDiH`vCWUrCHyP{k3;6DAWFZJC{ zgN0i}XJVzR*F!)76@bvgSlEa0a#`%Xe7`ASN>REMtwR`k*esQfU8$0G`D7sgI7QX{ zvtoQ~92m%pWADN#RJU0sS?u3={XbVtiFwyGGBe*9d2*s9^?H0{f^a=HY>O#tvq*N* zRJM}JgttfOYOfws@%`5T4qv@aMqO1)a&YgeWyc+Eo2UM{Tr`VaG&nYnep~DGPi=Uj zsEqxZ$;I;C5FCY|Ong~Ty^s}Tj~;2guyyNaHQu!fZ`;-l#Ht)Ez89GGBaN^o)!QwnCYFYX?3AiHp`5Vvh# zrJ&==+1{|u8RRf?!gjwXxPb1t%bLeTuQ|3R z4;90bG_u)O-U$TeFj3Bh75Q%h`JXa@a4J)v3i-di{miug-)wI#?f)0@JgEFX$pK)0 z{4wl@z|tA!v1YOm@R=QO~VRbF*QLrhlJQ3q|mxV^JH^mUAT0&nu z&8&_(XB9^7*8zn6xZ|)hlb4>js(|#I45O)I6q1+r*br*Z_LS0| zy^R^AJ=W->l=d<_`$_jYgbYXHB&ffplu8dO>pjr&(!ig7T`A2>w2%tw&1pvA9hGwk ztk>Ez3bH#By1uyC%s{W0$&4G?W=ehkh=sQ~Jd?DGS*lazNss@g_bZ9xAi~41PuBSE0#i#1Fq}Zm_*EZW40BNFu z-V%lNlxfMT+sQU1tqq~Z2gi(4aWADQOT0w+KG+If=(^5RBmW6WPy)-QlzShxSP zK-!NL4JThB->UAbh6cxYQ>9Zz6LZ>|MCM?o`lk5E$%P3mITL!eLQf@oQC(2-<;+*iSaJkrb7@~x#nfjhUxNstTomW^ru1&j4dnu(K!_1PU z%C4>j9L$if%3R|YC}!tTSWn2VKPAP&FAoMG?PO;lP_vVY^Gu;QAR<=eJoFV<>|%3M zA5MwLP}s+$4bNFRSB5wt#Y`uomozk^n66IN^(jJCsCEz z)3Fk@g)f?lt>c*=cT*8PA*ajRT$eUAXMU&lHk_X2S#M3gU~(xOQw7Nski^hf<|;ju zmHTVkb<}+(IRAGk0{y6$_>)?IRQdnxw9Wi)TN}?dm*@XQJdgYQKZmnlMzs?i{ifiX z2coBWu+2)ar%?N5ZT31K1J2=!rFKJeKE`E3nQZQ-JH!>YGozG~HT;Df;n;jngmc*L zS+xh1S{`=wse`DPb90s1rc?j&IVF)v>_6k^Dt-X_&&};kbN}Dm-dXzpEadsi@Be~o z7h_@pogH@OaywW9?rE-md9z=(i3K0T1oJ+viA6yxvzl1&X1|bKzw#np$I@ah;&G`x z|9cW#eg6RKt^RGivY@88jek(f7lVZ?%<|=7r)GBZ7cpfIZ~pSRxA)4YBL5TR>ToqN zTLP%6_>VhO<}>m?wVy5JzlA)HK>lMa@JAkRjCB0&4J;qpZgS6Jcwr{%!H^zA=uXEX zF8dTRCA;JP>9NSeT5b;_2%7hzH~}TMbV%I!hkq5WK_WE%|*(Sb1!+Y?Kh{gkohGyntgw;H9oTa23C4Q9leV*>J z7hYZl7!eBs%JIya0EJ9=(omUC+uye%tY z^ts6q>~zH+h9c)J#NEs*9fp2~?x3SENM$Qo9rJpV?-t-%f`<87;|?uD=^78bx2;Yv z@*y&3t`sG@yEwUl`Mmiyh2Z5`Vdy}a`CYmcy#aa(zJ2Tzl$A2?R%#XpoYF-dZ#JcG-{p(ax6nU37<}n(y#W zATh05y8exwG%qxrvRL0tYzZ0l10R5}MHdtv5oZttk0GEZ=+$5hyli^PTLGu7k^@3< zHHFYt(_lck(*f`>@csCq<+Z;3|EFt!wFB)-vw|Pgk8B&L zqypU;re6w*H+^Uz>np<}R2SJ8!jTIy+ZSRqs2WHu1`Vb_Hzy&Pq=fxeDp)y<pvfYMJFbYP&FaQAJhd8tVm<0g;j6L)K literal 0 HcmV?d00001 diff --git a/operator/charts/minio-13.4.6.tgz.license b/operator/charts/minio-15.0.2.tgz.license similarity index 100% rename from operator/charts/minio-13.4.6.tgz.license rename to operator/charts/minio-15.0.2.tgz.license From 926209df57e717fc8488723f2f34723c2ef6decb Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 6 Feb 2025 12:35:10 +0100 Subject: [PATCH 09/93] Fix warning about deprecated config scanning Signed-off-by: Jannik Hollenbach --- scanners/trivy/integration-tests/trivy.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanners/trivy/integration-tests/trivy.test.js b/scanners/trivy/integration-tests/trivy.test.js index 5364b9cf16..1bb34d86bf 100644 --- a/scanners/trivy/integration-tests/trivy.test.js +++ b/scanners/trivy/integration-tests/trivy.test.js @@ -105,7 +105,7 @@ test.concurrent( "trivy-k8s-test", "trivy-k8s", // scanners is limited to config, and namespace to default to reduce the time of the test - ["--debug","--scanners", "config", "--include-namespaces", "securecodebox-system"], + ["--debug", "--scanners", "misconfig", "--include-namespaces", "securecodebox-system"], 10 * 60 * 1000 ); From ee95de42a316b5f46a74fcc44dc2e2eb5d63252f Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 6 Feb 2025 12:35:41 +0100 Subject: [PATCH 10/93] Fix number of expected findings Cool to see the number going down based after the minio update :) Signed-off-by: Jannik Hollenbach --- scanners/trivy/integration-tests/trivy.test.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scanners/trivy/integration-tests/trivy.test.js b/scanners/trivy/integration-tests/trivy.test.js index 1bb34d86bf..5a5b9a5a3e 100644 --- a/scanners/trivy/integration-tests/trivy.test.js +++ b/scanners/trivy/integration-tests/trivy.test.js @@ -117,8 +117,7 @@ test.concurrent( expect(categoryNames.includes("Misconfiguration")).toBeTruthy(); const severityNames = Object.keys(severities); - expect(severityNames).toHaveLength(3); - expect(severityNames.includes("high")).toBeTruthy(); + expect(severityNames).toHaveLength(2); expect(severityNames.includes("low")).toBeTruthy(); expect(severityNames.includes("medium")).toBeTruthy(); }, From a9a9bdf7beca22b82d7f86523eb26f73bdaa8d32 Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Thu, 6 Feb 2025 15:29:57 +0000 Subject: [PATCH 11/93] Updating Helm Docs Signed-off-by: secureCodeBoxBot --- operator/README.md | 2 +- operator/docs/README.ArtifactHub.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/operator/README.md b/operator/README.md index e7abc98549..ca38ad2b18 100644 --- a/operator/README.md +++ b/operator/README.md @@ -54,7 +54,7 @@ Kubernetes: `>=v1.11.0-0` | Repository | Name | Version | |------------|------|---------| -| https://charts.bitnami.com/bitnami | minio | 13.4.6 | +| https://charts.bitnami.com/bitnami | minio | 15.0.2 | ## Deployment diff --git a/operator/docs/README.ArtifactHub.md b/operator/docs/README.ArtifactHub.md index 4f3e5af023..867b17d65b 100644 --- a/operator/docs/README.ArtifactHub.md +++ b/operator/docs/README.ArtifactHub.md @@ -59,7 +59,7 @@ Kubernetes: `>=v1.11.0-0` | Repository | Name | Version | |------------|------|---------| -| https://charts.bitnami.com/bitnami | minio | 13.4.6 | +| https://charts.bitnami.com/bitnami | minio | 15.0.2 | ## Deployment From bc2ce6a0e3c603f9553ac59a6da5ebba8ed9701b Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Mon, 30 Dec 2024 15:16:05 +0100 Subject: [PATCH 12/93] Use Lombok to Access Redonly Property Signed-off-by: Sven Strittmatter --- .../persistence/config/PersistenceProviderConfig.java | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java index 74a0b07037..e457390f36 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java @@ -57,12 +57,9 @@ public String getFindingUploadUrl() { return findingUploadUrl; } + @Getter final boolean readOnly; - public boolean isReadOnly() { - return readOnly; - } - public boolean isReadAndWrite() { return !readOnly; } From 4a219c2b57464dafe8d6c3a2faf58c35e8cdfd3d Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Mon, 30 Dec 2024 15:16:29 +0100 Subject: [PATCH 13/93] Improves GRammar of Exception Messages Signed-off-by: Sven Strittmatter --- .../persistence/config/PersistenceProviderConfig.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java index e457390f36..70d1bbe313 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java @@ -45,14 +45,14 @@ public class PersistenceProviderConfig { public String getRawResultUploadUrl() { if (isReadOnly()) { - throw new DefectDojoPersistenceException("Cannot Access RawResult Upload URL as the hook is run is ReadOnly mode."); + throw new DefectDojoPersistenceException("Cannot access the RawResult Upload URL because the hook is executed in ReadOnly mode!"); } return rawResultUploadUrl; } public String getFindingUploadUrl() { if (isReadOnly()) { - throw new DefectDojoPersistenceException("Cannot Access Finding Upload URL as the hook is run is ReadOnly mode."); + throw new DefectDojoPersistenceException("Cannot access the Finding Upload URL because the hook is executed in ReadOnly mode!"); } return findingUploadUrl; } From 56bb9042141ff65966d3bc0cb54ef019fffcb806 Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Mon, 30 Dec 2024 15:18:11 +0100 Subject: [PATCH 14/93] Move Property to top of Class to the Others Signed-off-by: Sven Strittmatter --- .../persistence/config/PersistenceProviderConfig.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java index 70d1bbe313..0d130f101a 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java @@ -32,6 +32,8 @@ public class PersistenceProviderConfig { // has to be assumed for DefectDojo. It defaults to the Time Zone of the system clock @Getter ZoneId defectDojoTimezoneId = ZoneId.systemDefault(); + @Getter + final boolean readOnly; // Download Urls @Getter @@ -57,9 +59,6 @@ public String getFindingUploadUrl() { return findingUploadUrl; } - @Getter - final boolean readOnly; - public boolean isReadAndWrite() { return !readOnly; } From c4d90b1895f0a16eb3e7f3d339298b4dca0120b0 Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Mon, 30 Dec 2024 15:31:54 +0100 Subject: [PATCH 15/93] Make PersistenceProviderConfig Final to Prevent Extension Signed-off-by: Sven Strittmatter --- .../persistence/config/PersistenceProviderConfig.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java index 0d130f101a..d62afb5ed1 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java @@ -18,7 +18,7 @@ * the Hook is run in ReadOnly or ReadAndWrite mode based on the number of args. */ @Slf4j -public class PersistenceProviderConfig { +public final class PersistenceProviderConfig { private final EnvConfig env = new EnvConfig(); private static final int RAW_RESULT_DOWNLOAD_ARG_POSITION = 0; From 0186944f4fb57a9084acbadde46f2a01c5ebe90f Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Mon, 30 Dec 2024 15:33:28 +0100 Subject: [PATCH 16/93] Make Time Zone Final Becuase Never Changed Signed-off-by: Sven Strittmatter --- .../persistence/config/PersistenceProviderConfig.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java index d62afb5ed1..245807cf8e 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java @@ -31,7 +31,7 @@ public final class PersistenceProviderConfig { // to guarantee consistent results when converting back and forth a time zone // has to be assumed for DefectDojo. It defaults to the Time Zone of the system clock @Getter - ZoneId defectDojoTimezoneId = ZoneId.systemDefault(); + final ZoneId defectDojoTimezoneId = ZoneId.systemDefault(); @Getter final boolean readOnly; From 2a58e33202e5d1e5696f18360fd63ba35775a7bc Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Mon, 30 Dec 2024 19:57:22 +0100 Subject: [PATCH 17/93] Move Cosntructor Before Methods As Expected Signed-off-by: Sven Strittmatter --- .../config/PersistenceProviderConfig.java | 45 ++++++++++--------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java index 245807cf8e..e0f409a5e3 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java @@ -45,28 +45,6 @@ public final class PersistenceProviderConfig { final String rawResultUploadUrl; final String findingUploadUrl; - public String getRawResultUploadUrl() { - if (isReadOnly()) { - throw new DefectDojoPersistenceException("Cannot access the RawResult Upload URL because the hook is executed in ReadOnly mode!"); - } - return rawResultUploadUrl; - } - - public String getFindingUploadUrl() { - if (isReadOnly()) { - throw new DefectDojoPersistenceException("Cannot access the Finding Upload URL because the hook is executed in ReadOnly mode!"); - } - return findingUploadUrl; - } - - public boolean isReadAndWrite() { - return !readOnly; - } - - public boolean isInLowPrivilegedMode() { - return env.lowPrivilegedMode(); - } - public PersistenceProviderConfig(String[] args) { // Parse Hook Args passed via command line flags if (args == null) { @@ -91,4 +69,27 @@ public PersistenceProviderConfig(String[] args) { throw new DefectDojoPersistenceException("DefectDojo Hook received a unexpected number of command line flags. Expected exactly two (for ReadOnly Mode) or four (for ReadAndWrite mode)"); } } + + public String getRawResultUploadUrl() { + if (isReadOnly()) { + throw new DefectDojoPersistenceException("Cannot access the RawResult Upload URL because the hook is executed in ReadOnly mode!"); + } + return rawResultUploadUrl; + } + + public String getFindingUploadUrl() { + if (isReadOnly()) { + throw new DefectDojoPersistenceException("Cannot access the Finding Upload URL because the hook is executed in ReadOnly mode!"); + } + return findingUploadUrl; + } + + public boolean isReadAndWrite() { + return !readOnly; + } + + public boolean isInLowPrivilegedMode() { + return env.lowPrivilegedMode(); + } + } From 1c94a6a4a4c1a98514cb7cff830442e3afa96f4a Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Mon, 30 Dec 2024 19:59:37 +0100 Subject: [PATCH 18/93] Generate toString Method for Better Debugging Signed-off-by: Sven Strittmatter --- .../persistence/config/PersistenceProviderConfig.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java index e0f409a5e3..b4cafbb3bc 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java @@ -6,6 +6,7 @@ import io.securecodebox.persistence.exceptions.DefectDojoPersistenceException; import lombok.Getter; +import lombok.ToString; import lombok.extern.slf4j.Slf4j; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -18,6 +19,7 @@ * the Hook is run in ReadOnly or ReadAndWrite mode based on the number of args. */ @Slf4j +@ToString public final class PersistenceProviderConfig { private final EnvConfig env = new EnvConfig(); @@ -91,5 +93,5 @@ public boolean isReadAndWrite() { public boolean isInLowPrivilegedMode() { return env.lowPrivilegedMode(); } - + } From de667fac174b0b51f03cf6ef48c27fcf24493ae9 Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Mon, 30 Dec 2024 20:15:29 +0100 Subject: [PATCH 19/93] Use Generated Nullcheck to simplify Code Signed-off-by: Sven Strittmatter --- .../config/PersistenceProviderConfig.java | 15 ++++++++------- .../config/PersistenceProviderConfigTest.java | 12 ++++++++++++ 2 files changed, 20 insertions(+), 7 deletions(-) create mode 100644 hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/config/PersistenceProviderConfigTest.java diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java index b4cafbb3bc..39f8707bfe 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java @@ -6,6 +6,7 @@ import io.securecodebox.persistence.exceptions.DefectDojoPersistenceException; import lombok.Getter; +import lombok.NonNull; import lombok.ToString; import lombok.extern.slf4j.Slf4j; import org.slf4j.Logger; @@ -47,13 +48,14 @@ public final class PersistenceProviderConfig { final String rawResultUploadUrl; final String findingUploadUrl; - public PersistenceProviderConfig(String[] args) { - // Parse Hook Args passed via command line flags - if (args == null) { - throw new DefectDojoPersistenceException("Received `null` as command line flags. Expected exactly four (RawResult & Finding Up/Download Urls)"); - } else if (args.length == 2) { + /** + * Provider configuration + * + * @param args not {@code null}, hook args passed via command line flags + */ + public PersistenceProviderConfig(@NonNull final String[] args) { + if (args.length == 2) { this.readOnly = true; - this.rawResultDownloadUrl = args[RAW_RESULT_DOWNLOAD_ARG_POSITION]; this.findingDownloadUrl = args[FINDING_DOWNLOAD_ARG_POSITION]; // Not set for ReadOnly hooks @@ -61,7 +63,6 @@ public PersistenceProviderConfig(String[] args) { this.findingUploadUrl = null; } else if (args.length == 4) { this.readOnly = false; - this.rawResultDownloadUrl = args[RAW_RESULT_DOWNLOAD_ARG_POSITION]; this.findingDownloadUrl = args[FINDING_DOWNLOAD_ARG_POSITION]; this.rawResultUploadUrl = args[RAW_RESULT_UPLOAD_ARG_POSITION]; diff --git a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/config/PersistenceProviderConfigTest.java b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/config/PersistenceProviderConfigTest.java new file mode 100644 index 0000000000..a722e1f2bb --- /dev/null +++ b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/config/PersistenceProviderConfigTest.java @@ -0,0 +1,12 @@ +package io.securecodebox.persistence.config; + +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.*; + +class PersistenceProviderConfigTest { + @Test + void constructorRequiresNonNullArgument() { + assertThrows(NullPointerException.class, () -> new PersistenceProviderConfig(null)); + } +} From 68d46720de5b88ae538b93428e3b8c5d44c5bd1c Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Mon, 30 Dec 2024 20:45:40 +0100 Subject: [PATCH 20/93] Group Properties Together in Class Signed-off-by: Sven Strittmatter --- .../config/PersistenceProviderConfig.java | 19 +++++++---- .../config/PersistenceProviderConfigTest.java | 32 +++++++++++++++++++ 2 files changed, 45 insertions(+), 6 deletions(-) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java index 39f8707bfe..7cce522fda 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java @@ -22,14 +22,12 @@ @Slf4j @ToString public final class PersistenceProviderConfig { - private final EnvConfig env = new EnvConfig(); - private static final int RAW_RESULT_DOWNLOAD_ARG_POSITION = 0; private static final int FINDING_DOWNLOAD_ARG_POSITION = 1; - private static final int RAW_RESULT_UPLOAD_ARG_POSITION = 2; private static final int FINDING_UPLOAD_ARG_POSITION = 3; + private final EnvConfig env = new EnvConfig(); // DefectDojo does in contrast to secureCodeBox not pay attention to time zones // to guarantee consistent results when converting back and forth a time zone // has to be assumed for DefectDojo. It defaults to the Time Zone of the system clock @@ -38,14 +36,23 @@ public final class PersistenceProviderConfig { @Getter final boolean readOnly; - // Download Urls + /** + * URL where to download the raw result file + */ @Getter final String rawResultDownloadUrl; + /** + * URL where to download the parsed finding file + */ @Getter final String findingDownloadUrl; - - // Upload Urls + /** + * URL where to upload the raw result file, maybe {@code null} + */ final String rawResultUploadUrl; + /** + * URL where to upload the parsed finding file, maybe {@code null} + */ final String findingUploadUrl; /** diff --git a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/config/PersistenceProviderConfigTest.java b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/config/PersistenceProviderConfigTest.java index a722e1f2bb..13bcbecd8f 100644 --- a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/config/PersistenceProviderConfigTest.java +++ b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/config/PersistenceProviderConfigTest.java @@ -1,7 +1,11 @@ package io.securecodebox.persistence.config; +import io.securecodebox.persistence.exceptions.DefectDojoPersistenceException; import org.junit.jupiter.api.Test; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.nullValue; import static org.junit.jupiter.api.Assertions.*; class PersistenceProviderConfigTest { @@ -9,4 +13,32 @@ class PersistenceProviderConfigTest { void constructorRequiresNonNullArgument() { assertThrows(NullPointerException.class, () -> new PersistenceProviderConfig(null)); } + + @Test + void constructorWithTwoArgsCreatesReadOnlyConfig() { + final var sut = new PersistenceProviderConfig(new String[]{"foo", "bar"}); + + assertAll( + () -> assertThat(sut.isReadOnly(), is(true)), + () -> assertThat(sut.isReadAndWrite(), is(false)), + () -> assertThat(sut.getRawResultDownloadUrl(), is("foo")), + () -> assertThat(sut.getFindingDownloadUrl(), is("bar")), + () -> assertThrows(DefectDojoPersistenceException.class, sut::getRawResultUploadUrl), + () -> assertThrows(DefectDojoPersistenceException.class, sut::getFindingUploadUrl) + ); + } + + @Test + void constructorWithFourArgsCreatesReadWriteConfig() { + final var sut = new PersistenceProviderConfig(new String[]{"foo", "bar", "baz", "snafu"}); + + assertAll( + () -> assertThat(sut.isReadOnly(), is(false)), + () -> assertThat(sut.isReadAndWrite(), is(true)), + () -> assertThat(sut.getRawResultDownloadUrl(), is("foo")), + () -> assertThat(sut.getFindingDownloadUrl(), is("bar")), + () -> assertThat(sut.getRawResultUploadUrl(), is("baz")), + () -> assertThat(sut.getFindingUploadUrl(), is("snafu")) + ); + } } From 5a22b054e528b23eaac41e20f7f9db00d3d388bd Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Mon, 30 Dec 2024 21:12:46 +0100 Subject: [PATCH 21/93] Make Inline Comment A Real JavaDoc to be Visible in Intellisense Signed-off-by: Sven Strittmatter --- .../persistence/config/PersistenceProviderConfig.java | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java index 7cce522fda..4afdae6749 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java @@ -28,9 +28,14 @@ public final class PersistenceProviderConfig { private static final int FINDING_UPLOAD_ARG_POSITION = 3; private final EnvConfig env = new EnvConfig(); - // DefectDojo does in contrast to secureCodeBox not pay attention to time zones - // to guarantee consistent results when converting back and forth a time zone - // has to be assumed for DefectDojo. It defaults to the Time Zone of the system clock + /** + * Assumed time zone of DefectDojo + *

+ * DefectDojo does in contrast to secureCodeBox not pay attention to time zones + * to guarantee consistent results when converting back and forth a time zone + * has to be assumed for DefectDojo. It defaults to the Time Zone of the system clock. + *

+ */ @Getter final ZoneId defectDojoTimezoneId = ZoneId.systemDefault(); @Getter From 4141e7245b0ca4132099340ff0f21dfd304e0929 Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Mon, 30 Dec 2024 21:15:44 +0100 Subject: [PATCH 22/93] Docuemnt Unchecked Exception Condition Signed-off-by: Sven Strittmatter --- .../persistence/config/PersistenceProviderConfig.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java index 4afdae6749..d29bd1079a 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java @@ -85,6 +85,9 @@ public PersistenceProviderConfig(@NonNull final String[] args) { } } + /** + * Throws {@link DefectDojoPersistenceException} if {@link #isReadOnly()} is {@code true} + */ public String getRawResultUploadUrl() { if (isReadOnly()) { throw new DefectDojoPersistenceException("Cannot access the RawResult Upload URL because the hook is executed in ReadOnly mode!"); @@ -92,6 +95,9 @@ public String getRawResultUploadUrl() { return rawResultUploadUrl; } + /** + * Throws {@link DefectDojoPersistenceException} if {@link #isReadOnly()} is {@code true} + */ public String getFindingUploadUrl() { if (isReadOnly()) { throw new DefectDojoPersistenceException("Cannot access the Finding Upload URL because the hook is executed in ReadOnly mode!"); From c3bfde3e40f4e48f2fc38e354f43664b34495092 Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Mon, 30 Dec 2024 21:31:27 +0100 Subject: [PATCH 23/93] Improve and Test Wrong Argument Length Check Signed-off-by: Sven Strittmatter --- .../config/PersistenceProviderConfig.java | 13 +++++++------ .../config/PersistenceProviderConfigTest.java | 10 ++++++++++ 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java index d29bd1079a..56a345d3ee 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/PersistenceProviderConfig.java @@ -9,8 +9,6 @@ import lombok.NonNull; import lombok.ToString; import lombok.extern.slf4j.Slf4j; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import java.time.ZoneId; import java.util.List; @@ -26,6 +24,8 @@ public final class PersistenceProviderConfig { private static final int FINDING_DOWNLOAD_ARG_POSITION = 1; private static final int RAW_RESULT_UPLOAD_ARG_POSITION = 2; private static final int FINDING_UPLOAD_ARG_POSITION = 3; + public static final int NUMBER_OF_ARGS_READONLY = 2; + public static final int NUMBER_OF_ARGS_READWRITE = 4; private final EnvConfig env = new EnvConfig(); /** @@ -66,22 +66,23 @@ public final class PersistenceProviderConfig { * @param args not {@code null}, hook args passed via command line flags */ public PersistenceProviderConfig(@NonNull final String[] args) { - if (args.length == 2) { + if (args.length == NUMBER_OF_ARGS_READONLY) { this.readOnly = true; this.rawResultDownloadUrl = args[RAW_RESULT_DOWNLOAD_ARG_POSITION]; this.findingDownloadUrl = args[FINDING_DOWNLOAD_ARG_POSITION]; // Not set for ReadOnly hooks this.rawResultUploadUrl = null; this.findingUploadUrl = null; - } else if (args.length == 4) { + } else if (args.length == NUMBER_OF_ARGS_READWRITE) { this.readOnly = false; this.rawResultDownloadUrl = args[RAW_RESULT_DOWNLOAD_ARG_POSITION]; this.findingDownloadUrl = args[FINDING_DOWNLOAD_ARG_POSITION]; this.rawResultUploadUrl = args[RAW_RESULT_UPLOAD_ARG_POSITION]; this.findingUploadUrl = args[FINDING_UPLOAD_ARG_POSITION]; } else { - log.error("Received unexpected command line arguments: {}", List.of(args)); - throw new DefectDojoPersistenceException("DefectDojo Hook received a unexpected number of command line flags. Expected exactly two (for ReadOnly Mode) or four (for ReadAndWrite mode)"); + final var msg = "Unexpected number of arguments given %d! Expected are either %d or %d arguments in array!"; + throw new DefectDojoPersistenceException( + String.format(msg, args.length, NUMBER_OF_ARGS_READONLY, NUMBER_OF_ARGS_READWRITE)); } } diff --git a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/config/PersistenceProviderConfigTest.java b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/config/PersistenceProviderConfigTest.java index 13bcbecd8f..29fb972296 100644 --- a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/config/PersistenceProviderConfigTest.java +++ b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/config/PersistenceProviderConfigTest.java @@ -41,4 +41,14 @@ void constructorWithFourArgsCreatesReadWriteConfig() { () -> assertThat(sut.getFindingUploadUrl(), is("snafu")) ); } + + @Test + void constructorThrowsExceptionForWrongArgumentLength() { + assertAll( + () -> assertThrows(DefectDojoPersistenceException.class, () -> new PersistenceProviderConfig(new String[0])), + () -> assertThrows(DefectDojoPersistenceException.class, () -> new PersistenceProviderConfig(new String[]{"foo"})), + () -> assertThrows(DefectDojoPersistenceException.class, () -> new PersistenceProviderConfig(new String[]{"foo", "bar", "baz"})), + () -> assertThrows(DefectDojoPersistenceException.class, () -> new PersistenceProviderConfig(new String[]{"foo", "bar", "baz", "snafu", "shtf"})) + ); + } } From 4dd48288fdd738876c12891be41dc4373cb8b144 Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Tue, 7 Jan 2025 14:48:30 +0100 Subject: [PATCH 24/93] Document Constructors of Exception Signed-off-by: Sven Strittmatter --- .../exceptions/DefectDojoPersistenceException.java | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/exceptions/DefectDojoPersistenceException.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/exceptions/DefectDojoPersistenceException.java index 1a2c81346b..dedb3a2d25 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/exceptions/DefectDojoPersistenceException.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/exceptions/DefectDojoPersistenceException.java @@ -7,10 +7,21 @@ * The base error type of this hook */ public class DefectDojoPersistenceException extends RuntimeException { + /** + * Creates an exception with a message + * + * @param message must not be {@code null} ar empty. Should be formatted to be directly printed to STDERR. + */ public DefectDojoPersistenceException(String message) { - super(message); + this(message, null); } + /** + * Dedicated constructor + * + * @param message see {@link #DefectDojoPersistenceException(String} + * @param cause may be {@code null} if context where the exception occurred is unnecessary. + */ public DefectDojoPersistenceException(String message, Throwable cause) { super(message, cause); } From 8d43fc6f2b2ba61db244d70e43756431f373f9ca Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Tue, 7 Jan 2025 14:55:34 +0100 Subject: [PATCH 25/93] Show Helpfull Errormessage When K8s Env Vars Not Set Signed-off-by: Sven Strittmatter --- .../DefectDojoPersistenceProvider.java | 24 ++++++++++++++----- .../service/KubernetesService.java | 11 ++++++++- 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java index 2e2648a40f..2205d06767 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java @@ -8,6 +8,7 @@ import io.securecodebox.persistence.defectdojo.model.Finding; import io.securecodebox.persistence.defectdojo.service.EndpointService; import io.securecodebox.persistence.defectdojo.service.FindingService; +import io.securecodebox.persistence.exceptions.DefectDojoPersistenceException; import io.securecodebox.persistence.mapping.DefectDojoFindingToSecureCodeBoxMapper; import io.securecodebox.persistence.models.Scan; import io.securecodebox.persistence.service.KubernetesService; @@ -20,16 +21,27 @@ @Slf4j public class DefectDojoPersistenceProvider { + private static final String HELP_HINT = "Use option -h or --help to get more details about the arguments."; + private static final int EXIT_CODE_OK = 0; + private static final int EXIT_CODE_ERROR = 1; private final S3Service s3Service = new S3Service(); private final KubernetesService kubernetesService = new KubernetesService(); public static void main(String[] args) { - try { - new DefectDojoPersistenceProvider().execute(args); - } catch (Exception e) { - log.error(e.getMessage(), e); - System.exit(1); - } + try { + new DefectDojoPersistenceProvider().execute(args); + System.exit(EXIT_CODE_OK); + } catch (final DefectDojoPersistenceException e) { + // We do not log stack traces on own errors because the message itself must be helpful enough to fix it! + log.error(e.getMessage()); + log.error(HELP_HINT); + System.exit(EXIT_CODE_ERROR); + } catch (final Exception e) { + // Also log the stack trace as context for unforeseen errors. + log.error(e.getMessage(), e); + log.error(HELP_HINT); + System.exit(EXIT_CODE_ERROR); + } } private void execute(String[] args) throws Exception { diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java index 740b33d3b9..e8189c2a36 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java @@ -6,6 +6,7 @@ import io.kubernetes.client.openapi.ApiClient; import io.kubernetes.client.util.ClientBuilder; +import io.kubernetes.client.util.Config; import io.kubernetes.client.util.KubeConfig; import io.kubernetes.client.util.generic.GenericKubernetesApi; import io.securecodebox.models.V1Scan; @@ -46,7 +47,15 @@ public void init() throws IOException { String kubeConfigPath = System.getProperty("user.home") + "/.kube/config"; clientBuilder = ClientBuilder.kubeconfig(KubeConfig.loadKubeConfig(new FileReader(kubeConfigPath))); } else { - clientBuilder = ClientBuilder.cluster(); + try { + clientBuilder = ClientBuilder.cluster(); + } catch (final IllegalStateException e) { + final var msg = String.format( + "Could not create Kubernetes client config! Maybe the env var '%s' and/or '%s' is not set correct" + + "ly.", + Config.ENV_SERVICE_HOST,Config.ENV_SERVICE_PORT); + throw new DefectDojoPersistenceException(msg); + } } this.client = clientBuilder From 81e7a13f1248d9b5ca015c4aa24e3675d33d03d8 Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Tue, 7 Jan 2025 15:23:38 +0100 Subject: [PATCH 26/93] Implement Help Message for Easier Usage of Final Binary Signed-off-by: Sven Strittmatter --- .../DefectDojoPersistenceProvider.java | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java index 2205d06767..e2ddbe05e0 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java @@ -17,10 +17,37 @@ import io.securecodebox.persistence.strategies.VersionedEngagementsStrategy; import lombok.extern.slf4j.Slf4j; +import java.util.Arrays; import java.util.List; @Slf4j public class DefectDojoPersistenceProvider { + private static final String JAR_FILE = "defectdojo-persistenceprovider-1.0.0-SNAPSHOT.jar"; + private static final String USAGE = "Usage: java -jar " + JAR_FILE + " [ ] [-h|--help]"; + private static final String HELP = """ + This hook imports secureCodeBox findings into DefectDojo. + + This provider supports two modes: + + 1. Read-only Mode: Only imports the findings oneway from secureCodeBox into DefectDojo. + 2. syncFindingBack Mode: Replace the finding in secureCodeBox with the finding modified by DefectDojo. + + This provider uses positional arguments. The first and second argument is required (Read-only Mode). + The third and fourth arguments are optional (syncFindingBack Mode). + + Required arguments + + 1st argument (RAW_RESULT_DOWNLOAD_URL): HTTP URL where the raw finding file (various formats depending on scanner) is available. + 2nd argument (FINDING_DOWNLOAD_URL): HTTP URL where the secureCodeBox finding file (JSON) is available. + + Optional arguments: + + 3rd argument (RAW_RESULT_UPLOAD_URL): HTTP URL where to store modified finding file (various formats depending on scanner). + 4th argument (FINDING_UPLOAD_URL): HTTP URL where to store modified secureCodeBox finding file (JSON). + -h|--help Show this help. + + See the documentation for more details: https://www.securecodebox.io/docs/hooks/defectdojo + """; private static final String HELP_HINT = "Use option -h or --help to get more details about the arguments."; private static final int EXIT_CODE_OK = 0; private static final int EXIT_CODE_ERROR = 1; @@ -34,11 +61,13 @@ public static void main(String[] args) { } catch (final DefectDojoPersistenceException e) { // We do not log stack traces on own errors because the message itself must be helpful enough to fix it! log.error(e.getMessage()); + log.error(USAGE); log.error(HELP_HINT); System.exit(EXIT_CODE_ERROR); } catch (final Exception e) { // Also log the stack trace as context for unforeseen errors. log.error(e.getMessage(), e); + log.error(USAGE); log.error(HELP_HINT); System.exit(EXIT_CODE_ERROR); } @@ -46,6 +75,12 @@ public static void main(String[] args) { private void execute(String[] args) throws Exception { log.info("Starting DefectDojo persistence provider"); + + if (shouldShowHelp(args)) { + showHelp(); + return; // Someone showing the help does not expect that anything more is done. + } + kubernetesService.init(); var scan = new Scan(kubernetesService.getScanFromKubernetes()); @@ -86,4 +121,14 @@ private void overwriteFindingWithDefectDojoFinding(Config config, List kubernetesService.updateScanInKubernetes(findings); } + private boolean shouldShowHelp(String[] args) { + return Arrays.stream(args).anyMatch(arg -> arg.equals("-h") || arg.equals("--help")); + } + + private void showHelp() { + System.out.println(USAGE); + System.out.println(); + System.out.println(HELP); + } + } From 9ff0e45d68a3e6cc9766d1685d3fc7ea59b4b33e Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Tue, 7 Jan 2025 20:42:45 +0100 Subject: [PATCH 27/93] Verify Number of Passed In Arguments With Proper Error Message Signed-off-by: Sven Strittmatter --- .../DefectDojoPersistenceProvider.java | 15 ++++++++ .../DefectDojoPersistenceProviderTest.java | 38 +++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/DefectDojoPersistenceProviderTest.java diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java index e2ddbe05e0..288a368af2 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java @@ -81,6 +81,10 @@ private void execute(String[] args) throws Exception { return; // Someone showing the help does not expect that anything more is done. } + if (!wrongNumberOfArguments(args)) { + throw new DefectDojoPersistenceException("Wrong number of arguments!"); + } + kubernetesService.init(); var scan = new Scan(kubernetesService.getScanFromKubernetes()); @@ -131,4 +135,15 @@ private void showHelp() { System.out.println(HELP); } + boolean wrongNumberOfArguments(String[] args) { + if (args.length == 2) { + return true; + } + + if (args.length == 4) { + return true; + } + + return false; + } } diff --git a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/DefectDojoPersistenceProviderTest.java b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/DefectDojoPersistenceProviderTest.java new file mode 100644 index 0000000000..f9bf8cbfff --- /dev/null +++ b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/DefectDojoPersistenceProviderTest.java @@ -0,0 +1,38 @@ +package io.securecodebox.persistence; + +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.Arguments; +import org.junit.jupiter.params.provider.MethodSource; + +import java.util.stream.Stream; + +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.is; + +class DefectDojoPersistenceProviderTest { + + private final DefectDojoPersistenceProvider sut = new DefectDojoPersistenceProvider(); + + private static Stream provideWrongNumberOfArgumentsFixtures() { + return Stream.of( + Arguments.of(new String[0], false), + Arguments.of(new String[1], false), + Arguments.of(new String[2], true), + Arguments.of(new String[3], false), + Arguments.of(new String[4], true), + Arguments.of(new String[5], false), + Arguments.of(new String[6], false), + Arguments.of(new String[7], false), + Arguments.of(new String[8], false), + Arguments.of(new String[9], false), + Arguments.of(new String[10], false) + ); + } + + @ParameterizedTest + @MethodSource("provideWrongNumberOfArgumentsFixtures") + void wrongNumberOfArguments(final String[] args, final boolean numberOfArgsCorrect) { + assertThat(sut.wrongNumberOfArguments(args), is(numberOfArgsCorrect)); + } + +} From 6ed585bb2396f377082160cc9c3499f15b6618d8 Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Tue, 7 Jan 2025 20:48:36 +0100 Subject: [PATCH 28/93] Tests For Help Flag Signed-off-by: Sven Strittmatter --- .../DefectDojoPersistenceProvider.java | 2 +- .../DefectDojoPersistenceProviderTest.java | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java index 288a368af2..f74c21ad62 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java @@ -125,7 +125,7 @@ private void overwriteFindingWithDefectDojoFinding(Config config, List kubernetesService.updateScanInKubernetes(findings); } - private boolean shouldShowHelp(String[] args) { + boolean shouldShowHelp(String[] args) { return Arrays.stream(args).anyMatch(arg -> arg.equals("-h") || arg.equals("--help")); } diff --git a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/DefectDojoPersistenceProviderTest.java b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/DefectDojoPersistenceProviderTest.java index f9bf8cbfff..bc5f49a808 100644 --- a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/DefectDojoPersistenceProviderTest.java +++ b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/DefectDojoPersistenceProviderTest.java @@ -35,4 +35,23 @@ void wrongNumberOfArguments(final String[] args, final boolean numberOfArgsCorre assertThat(sut.wrongNumberOfArguments(args), is(numberOfArgsCorrect)); } + private static Stream provideShouldShowHelpFixtures() { + return Stream.of( + Arguments.of(new String[]{}, false), + Arguments.of(new String[]{"foo"}, false), + Arguments.of(new String[]{"foo", "bar"}, false), + Arguments.of(new String[]{"foo", "bar", "baz"}, false), + Arguments.of(new String[]{"-h"}, true), + Arguments.of(new String[]{"--help"}, true), + Arguments.of(new String[]{"foo", "-h", "baz"}, true), + Arguments.of(new String[]{"foo", "bar", "--help"}, true) + ); + } + + @ParameterizedTest + @MethodSource("provideShouldShowHelpFixtures") + void shouldShowHelp(final String[] args, final boolean showHelp) { + assertThat(sut.shouldShowHelp(args), is(showHelp)); + } + } From 848dc7b60127122a06af109ade238f7a7f840ada Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Tue, 7 Jan 2025 21:00:28 +0100 Subject: [PATCH 29/93] Log Warning When Running In Dev Mode To PRevent It In Production Signed-off-by: Sven Strittmatter --- .../io/securecodebox/persistence/service/KubernetesService.java | 1 + 1 file changed, 1 insertion(+) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java index e8189c2a36..4eaac07fef 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java @@ -42,6 +42,7 @@ public void init() throws IOException { final ClientBuilder clientBuilder; if (env.isDev()) { + log.warn("Hook is executed in DEV MODE!"); // loading the out-of-cluster config, a kubeconfig from file-system // FIXME: Usage of reading system properties should be encapsulated in own class. String kubeConfigPath = System.getProperty("user.home") + "/.kube/config"; From ce880154f310eb7fd221683b3904e44010a3a0b4 Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Tue, 7 Jan 2025 21:01:38 +0100 Subject: [PATCH 30/93] Close File Reader By Using Try-With-Resource Signed-off-by: Sven Strittmatter --- .../persistence/service/KubernetesService.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java index 4eaac07fef..32e62281fc 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java @@ -45,8 +45,11 @@ public void init() throws IOException { log.warn("Hook is executed in DEV MODE!"); // loading the out-of-cluster config, a kubeconfig from file-system // FIXME: Usage of reading system properties should be encapsulated in own class. - String kubeConfigPath = System.getProperty("user.home") + "/.kube/config"; - clientBuilder = ClientBuilder.kubeconfig(KubeConfig.loadKubeConfig(new FileReader(kubeConfigPath))); + final var kubeConfigPath = System.getProperty("user.home") + "/.kube/config"; + // FIXME: Better error message if file not exists. + try (final var kubeConfigReader = new FileReader(kubeConfigPath)) { + clientBuilder = ClientBuilder.kubeconfig(KubeConfig.loadKubeConfig(kubeConfigReader)); + } } else { try { clientBuilder = ClientBuilder.cluster(); From bb7906ea08cf2c3800775dbab5dcc9f60306a508 Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Tue, 7 Jan 2025 21:02:11 +0100 Subject: [PATCH 31/93] Add Shorthand Script to Execute Jar File Signed-off-by: Sven Strittmatter --- hooks/persistence-defectdojo/hook/run.sh | 5 +++++ 1 file changed, 5 insertions(+) create mode 100755 hooks/persistence-defectdojo/hook/run.sh diff --git a/hooks/persistence-defectdojo/hook/run.sh b/hooks/persistence-defectdojo/hook/run.sh new file mode 100755 index 0000000000..70ec2e274e --- /dev/null +++ b/hooks/persistence-defectdojo/hook/run.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +set -euo pipefail + +java -jar ./build/libs/defectdojo-persistenceprovider-1.0.0-SNAPSHOT.jar "$@" From 43c9a83a9916a4d97c2be04a5d64a6920f32f104 Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Tue, 7 Jan 2025 21:23:53 +0100 Subject: [PATCH 32/93] Improve Error Message If Kubernetes Config Can't Be Read In Dev Mode Signed-off-by: Sven Strittmatter --- .../securecodebox/persistence/service/KubernetesService.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java index 32e62281fc..a3d0db5b8c 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java @@ -21,6 +21,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.io.FileNotFoundException; import java.io.FileReader; import java.io.IOException; import java.util.HashMap; @@ -46,9 +47,11 @@ public void init() throws IOException { // loading the out-of-cluster config, a kubeconfig from file-system // FIXME: Usage of reading system properties should be encapsulated in own class. final var kubeConfigPath = System.getProperty("user.home") + "/.kube/config"; - // FIXME: Better error message if file not exists. try (final var kubeConfigReader = new FileReader(kubeConfigPath)) { clientBuilder = ClientBuilder.kubeconfig(KubeConfig.loadKubeConfig(kubeConfigReader)); + } catch (final IOException e) { + final var msg = String.format("Can't read Kubernetes configuration! Tried file path was '%s'.", kubeConfigPath); + throw new DefectDojoPersistenceException(msg); } } else { try { From 3ba022f883e819fe071696adb256adf39f609610 Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Tue, 7 Jan 2025 21:29:27 +0100 Subject: [PATCH 33/93] Handle Erros Parsing Kubernetes Config Since the error handling of Kubernetes lib and the used YAML parser lib is quite shitty the resulting error message is not very precise. The problem is that e.g. for empty file they just throw an NPE on a underlying Map<>. For bad format it just throw random errors such as class cast excpetions. Signed-off-by: Sven Strittmatter --- .../securecodebox/persistence/service/KubernetesService.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java index a3d0db5b8c..58194eefb5 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java @@ -52,6 +52,9 @@ public void init() throws IOException { } catch (final IOException e) { final var msg = String.format("Can't read Kubernetes configuration! Tried file path was '%s'.", kubeConfigPath); throw new DefectDojoPersistenceException(msg); + } catch (final Exception e) { + final var msg = "Can't parse and create Kubernetes config! Reason: " + e.getMessage(); + throw new DefectDojoPersistenceException(msg, e); } } else { try { From d972e6c7c7023452d9966103808ed0f38194250e Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Tue, 7 Jan 2025 22:00:17 +0100 Subject: [PATCH 34/93] Show Env Vars Also In Help Message Signed-off-by: Sven Strittmatter --- .../DefectDojoPersistenceProvider.java | 11 +++++- .../persistence/config/EnvConfig.java | 34 ++++++------------- 2 files changed, 20 insertions(+), 25 deletions(-) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java index f74c21ad62..f6c853ec93 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceProvider.java @@ -3,6 +3,7 @@ // SPDX-License-Identifier: Apache-2.0 package io.securecodebox.persistence; +import io.securecodebox.persistence.config.EnvConfig; import io.securecodebox.persistence.config.PersistenceProviderConfig; import io.securecodebox.persistence.defectdojo.config.Config; import io.securecodebox.persistence.defectdojo.model.Finding; @@ -19,6 +20,7 @@ import java.util.Arrays; import java.util.List; +import java.util.stream.Collectors; @Slf4j public class DefectDojoPersistenceProvider { @@ -46,6 +48,10 @@ The third and fourth arguments are optional (syncFindingBack Mode). 4th argument (FINDING_UPLOAD_URL): HTTP URL where to store modified secureCodeBox finding file (JSON). -h|--help Show this help. + The hook also looks for various environment variables: + + + See the documentation for more details: https://www.securecodebox.io/docs/hooks/defectdojo """; private static final String HELP_HINT = "Use option -h or --help to get more details about the arguments."; @@ -132,7 +138,10 @@ boolean shouldShowHelp(String[] args) { private void showHelp() { System.out.println(USAGE); System.out.println(); - System.out.println(HELP); + final var envVars = Arrays.stream(EnvConfig.EnvVarNames.values()) + .map(name -> " " + name.getLiteral() + ": " + name.getDescription()) + .collect(Collectors.joining("\n")); + System.out.println(HELP.replace("", envVars)); } boolean wrongNumberOfArguments(String[] args) { diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/EnvConfig.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/EnvConfig.java index deb982dde5..f6c61e5d04 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/EnvConfig.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/config/EnvConfig.java @@ -119,42 +119,28 @@ private String retrieveEnvVar(EnvVarNames name) { * Enumerates all environment variable names used in this hook */ @Getter - enum EnvVarNames { + public enum EnvVarNames { /** - * Enable development mode. - * * @deprecated use {@link #IS_DEV} instead */ @Deprecated - IS_DEV_LEGACY("IS_DEV"), + IS_DEV_LEGACY("IS_DEV", "(deprecated) Enable development mode."), + IS_DEV("DEFECTDOJO_IS_DEV", "Enable development mode."), + SCAN_NAME("SCAN_NAME", "(provided) secureCodeBox wide environment variable populated with name of the scan custom resource."), + NAMESPACE("NAMESPACE", "(provided) secureCodeBox wide environment variable populated with the Kubernetes namespace the scan is running in."), + LOW_PRIVILEGED_MODE("DEFECTDOJO_LOW_PRIVILEGED_MODE", "Whether low privilege mode is enabled."), /** - * Enable development mode. - */ - IS_DEV("DEFECTDOJO_IS_DEV"), - /** - * secureCodeBox wide environment variable populated with name of the scan custom resource - */ - SCAN_NAME("SCAN_NAME"), - /** - * secureCodeBox wide environment variable populated with the Kubernetes namespace the scan is running in - */ - NAMESPACE("NAMESPACE"), - /** - * Whether low privilege mode is enabled - */ - LOW_PRIVILEGED_MODE("DEFECTDOJO_LOW_PRIVILEGED_MODE"), - /** - * Seconds to wait until re-fetching findings from DefectDojo - * * @deprecated see {@link EnvConfig#refetchWaitSeconds()} */ @Deprecated - REFETCH_WAIT_SECONDS("DEFECTDOJO_REFETCH_WAIT_SECONDS"); + REFETCH_WAIT_SECONDS("DEFECTDOJO_REFETCH_WAIT_SECONDS", "(deprecated) Seconds to wait until re-fetching findings from DefectDojo."); private final String literal; + private final String description; - EnvVarNames(String literal) { + EnvVarNames(String literal, String description) { this.literal = literal; + this.description = description; } } } From 7b27f62b8dd908c059a86cc34bb16f7ed176bc5c Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Tue, 7 Jan 2025 22:07:55 +0100 Subject: [PATCH 35/93] Add Missing License Headers Signed-off-by: Sven Strittmatter --- .../persistence/DefectDojoPersistenceProviderTest.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/DefectDojoPersistenceProviderTest.java b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/DefectDojoPersistenceProviderTest.java index bc5f49a808..c6c15de057 100644 --- a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/DefectDojoPersistenceProviderTest.java +++ b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/DefectDojoPersistenceProviderTest.java @@ -1,3 +1,6 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 package io.securecodebox.persistence; import org.junit.jupiter.params.ParameterizedTest; From 53d57799c1e6eaf93f2249e37f4236df170be897 Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Thu, 16 Jan 2025 12:38:23 +0100 Subject: [PATCH 36/93] Add Missing SPDX Headers Signed-off-by: Sven Strittmatter --- hooks/persistence-defectdojo/hook/run.sh | 4 ++++ .../persistence/config/PersistenceProviderConfigTest.java | 3 +++ 2 files changed, 7 insertions(+) diff --git a/hooks/persistence-defectdojo/hook/run.sh b/hooks/persistence-defectdojo/hook/run.sh index 70ec2e274e..3ed8b3a33b 100755 --- a/hooks/persistence-defectdojo/hook/run.sh +++ b/hooks/persistence-defectdojo/hook/run.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + set -euo pipefail java -jar ./build/libs/defectdojo-persistenceprovider-1.0.0-SNAPSHOT.jar "$@" diff --git a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/config/PersistenceProviderConfigTest.java b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/config/PersistenceProviderConfigTest.java index 29fb972296..5d5655f4dd 100644 --- a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/config/PersistenceProviderConfigTest.java +++ b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/config/PersistenceProviderConfigTest.java @@ -1,3 +1,6 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 package io.securecodebox.persistence.config; import io.securecodebox.persistence.exceptions.DefectDojoPersistenceException; From 4745b476393839a83d3ea2574c69577cf68e01f3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Feb 2025 09:41:50 +0000 Subject: [PATCH 37/93] Bump the gradle-version-updates group across 1 directory with 3 updates Bumps the gradle-version-updates group with 3 updates in the /hooks/persistence-defectdojo/hook directory: [org.springframework:spring-web](https://github.com/spring-projects/spring-framework), [io.freefair.lombok](https://github.com/freefair/gradle-plugins) and com.github.ben-manes.versions. Updates `org.springframework:spring-web` from 6.2.1 to 6.2.2 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.1...v6.2.2) Updates `io.freefair.lombok` from 8.11 to 8.12 - [Release notes](https://github.com/freefair/gradle-plugins/releases) - [Commits](https://github.com/freefair/gradle-plugins/compare/8.11...8.12) Updates `com.github.ben-manes.versions` from 0.51.0 to 0.52.0 --- updated-dependencies: - dependency-name: org.springframework:spring-web dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-version-updates - dependency-name: io.freefair.lombok dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle-version-updates - dependency-name: com.github.ben-manes.versions dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle-version-updates ... Signed-off-by: dependabot[bot] --- hooks/persistence-defectdojo/hook/build.gradle | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hooks/persistence-defectdojo/hook/build.gradle b/hooks/persistence-defectdojo/hook/build.gradle index ecc28d4fc0..cb99042c88 100644 --- a/hooks/persistence-defectdojo/hook/build.gradle +++ b/hooks/persistence-defectdojo/hook/build.gradle @@ -4,10 +4,10 @@ plugins { id "java" - id "io.freefair.lombok" version "8.11" + id "io.freefair.lombok" version "8.12" // https://github.com/ben-manes/gradle-versions-plugin // Run: ./gradlew dependencyUpdates -Drevision=release - id "com.github.ben-manes.versions" version "0.51.0" + id "com.github.ben-manes.versions" version "0.52.0" id "org.sonarqube" version "6.0.1.5171" } @@ -25,7 +25,7 @@ repositories { dependencies { implementation group: "io.securecodebox", name: "defectdojo-client", version: "2.0.1" implementation group: "io.kubernetes", name: "client-java", version: "20.0.1" - implementation group: "org.springframework", name: "spring-web", version: "6.2.1" + implementation group: "org.springframework", name: "spring-web", version: "6.2.2" implementation group: "com.fasterxml.jackson.core", name: "jackson-core", version: "2.18.2" implementation group: "com.fasterxml.jackson.core", name: "jackson-annotations", version: "2.18.2" implementation group: "com.fasterxml.jackson.core", name: "jackson-databind", version: "2.18.2" From 34fb23947452d06562c572b969f6ad6df55f3b0f Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Fri, 7 Feb 2025 12:35:10 +0100 Subject: [PATCH 38/93] #1452 Remove Vagrant All-in-One Setup Since Apple Silicon Vagrant is not really usable on macOS. Also this feature was used seldom. So we remove this instead of fixing it. Signed-off-by: Sven Strittmatter --- .gitignore | 1 - Vagrantfile | 58 ------------- bin/install-minikube.sh | 87 ------------------- bin/npm-ci-all.sh | 1 - .../docs/getting-started/installation.md | 20 +---- 5 files changed, 1 insertion(+), 166 deletions(-) delete mode 100644 Vagrantfile delete mode 100755 bin/install-minikube.sh diff --git a/.gitignore b/.gitignore index d72e14a3d0..319b8baa31 100644 --- a/.gitignore +++ b/.gitignore @@ -11,7 +11,6 @@ megalinter-reports/ **/__pycache__ **/.pytest_cache **/.asciinema -.vagrant **/*.log **/*.monopic .s3_credentials diff --git a/Vagrantfile b/Vagrantfile deleted file mode 100644 index 75a6648ff2..0000000000 --- a/Vagrantfile +++ /dev/null @@ -1,58 +0,0 @@ -# SPDX-FileCopyrightText: the secureCodeBox authors -# -# SPDX-License-Identifier: Apache-2.0 - -# -# All in one Vagrant box for the secureCodeBox. -# - -Vagrant.configure("2") do |config| - base_dir = File.dirname(__FILE__) - - config.vm.box = "debian/bullseye64" - config.vm.hostname = "securecodebox" - - # We use the same defaults like Docker Desktop. - memory = 2048 - cpus = 2 - - config.vm.provider :virtualbox do |c| - # https://www.vagrantup.com/docs/providers/virtualbox/configuration - c.memory = memory - c.cpus = cpus - end - - config.vm.provider :vmware_desktop do |c| - # https://www.vagrantup.com/docs/providers/vmware/configuration - c.vmx["memsize"] = memory - c.vmx["numvcpus"] = cpus - end - - config.vm.provider :hyperv do |c| - # https://www.vagrantup.com/docs/providers/hyperv/configuration - c.memory = memory - c.cpus = cpus - end - - config.vm.provider :libvirt do |c| - # https://github.com/vagrant-libvirt/vagrant-libvirt - c.memory = memory - c.cpus = cpus - end - - config.vm.provision :shell, path: "#{base_dir}/bin/install-minikube.sh" - # Using sudo -g to run the command w/ newly created group from installation w/o the need of relogin. - # Redirecting STDERR to /dev/null because Minikube print download progress - # for the images to STDERR which clutters up the Vagrant output w/ error output! - config.vm.provision :shell, privileged: false, inline: "sudo -g docker minikube start 2>/dev/null" - # Install everything from secureCodeBox via install script. - # Hint: The directory where the Vagrantfile lives is mapped into the box under the path /vagrant. - config.vm.provision :shell, privileged: false, inline: "sudo -g docker /vagrant/bin/install.sh --all" - - # Do not automatically install VirtualBox guest additions, if available. - # Because this would take lot of time with additional reboot. - # Necessary for environments w/ guest additions available. - if Vagrant.has_plugin?("vagrant-vbguest") - config.vbguest.no_install = true - end -end diff --git a/bin/install-minikube.sh b/bin/install-minikube.sh deleted file mode 100755 index 4588fbcf6b..0000000000 --- a/bin/install-minikube.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/usr/bin/env bash - -# SPDX-FileCopyrightText: the secureCodeBox authors -# -# SPDX-License-Identifier: Apache-2.0 - -# -# Install the Minikube setup in the all-in-one Vagrant box. -# -# IMPORTANT: This script must be executed as root. -# - -set -eu - -export DEBIAN_FRONTEND="noninteractive" -MINIKUBE_DEB_FILE="minikube_latest_amd64.deb" -MINIKUBE_DEB_PATH="${HOME}/${MINIKUBE_DEB_FILE}" - -cleanup() { - rm -rfv "${MINIKUBE_DEB_PATH}" -} - -# Cleanup stuff on normal exit and interuption. -trap cleanup EXIT -trap cleanup INT - -update_system() { - apt-get update - apt-get upgrade -y - apt-get install -y \ - apt-transport-https \ - ca-certificates \ - gnupg2 \ - curl \ - software-properties-common -} - -# Install Docker as minikube provider (https://docs.docker.com/engine/install/debian/) -add_docker_apt_source() { - add_apt_key "https://download.docker.com/linux/debian/gpg" - add_apt_source "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" "docker" -} - -# Install kubectl (https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-using-native-package-management) -add_kubectl_apt_source() { - add_apt_key "https://packages.cloud.google.com/apt/doc/apt-key.gpg" - add_apt_source "deb https://apt.kubernetes.io/ kubernetes-xenial main" "kubernetes" -} - -# https://helm.sh/docs/intro/install/ -add_helm_apt_source() { - add_apt_key "https://baltocdn.com/helm/signing.asc" - add_apt_source "deb https://baltocdn.com/helm/stable/debian/ all main" "helm" -} - -add_apt_key() { - local url="${1}" - curl -fsSL "${url}" | apt-key add - -} - -add_apt_source() { - local src="${1}" - local destination="${2}" - echo "${src}" >"/etc/apt/sources.list.d/${destination}.list" -} - -# Install minikube (https://minikube.sigs.k8s.io/docs/start/) -download_and_install_minikube() { - curl -sSLo "${MINIKUBE_DEB_PATH}" "https://storage.googleapis.com/minikube/releases/latest/${MINIKUBE_DEB_FILE}" - dpkg -i "${MINIKUBE_DEB_PATH}" -} - -update_system -add_docker_apt_source -add_kubectl_apt_source -add_helm_apt_source - -apt-get -y update -apt-get install -y \ - docker-ce \ - kubectl \ - helm - -download_and_install_minikube - -systemctl start docker -usermod -a -G docker vagrant diff --git a/bin/npm-ci-all.sh b/bin/npm-ci-all.sh index 09948500f8..c2ecefdf54 100755 --- a/bin/npm-ci-all.sh +++ b/bin/npm-ci-all.sh @@ -25,7 +25,6 @@ PACKAGE_JSON_LIST=$(find "$PROJECT_DIR" \( \ -name .github -o \ -name .idea -o \ -name .reuse -o \ - -name .vagrant -o \ -name .vscode -o \ -name bin -o \ -name docs -o \ diff --git a/documentation/docs/getting-started/installation.md b/documentation/docs/getting-started/installation.md index f34e3d25a9..e711537f15 100644 --- a/documentation/docs/getting-started/installation.md +++ b/documentation/docs/getting-started/installation.md @@ -9,7 +9,7 @@ sidebar_position: 1 path: "docs/getting-started/installation" --- -The secureCodeBox is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. For your first steps Kubernetes from [Docker Desktop](https://www.docker.com/products/docker-desktop), [Minikube](https://minikube.sigs.k8s.io/docs/) or [KIND](https://kind.sigs.k8s.io/) is sufficient. We also provide a [Vagrant](https://www.vagrantup.com/) based all-in-one installation (see [below](#vagrant-all-in-one-installation)). +The secureCodeBox is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. For your first steps Kubernetes from [Docker Desktop](https://www.docker.com/products/docker-desktop), [Minikube](https://minikube.sigs.k8s.io/docs/) or [KIND](https://kind.sigs.k8s.io/) is sufficient. First of all you need to install the secureCodeBox Operator which is responsible for starting all security scans. @@ -153,24 +153,6 @@ helm upgrade --install swagger-petstore oci://ghcr.io/securecodebox/helm/swagger These charts will be installed in the `default` namespace, but you can choose the namespace of your choice by adding `--namespace YOURNAMESPACE` to each helm command. ::: -## Vagrant All-in-one Installation - -We provide a [Vagrant](https://www.vagrantup.com/) setup with everything installed (Kubernetes cluster, operator, scanners, hooks, demo applications, etc.). You only need [Vagrant installed](https://www.vagrantup.com/docs/installation) and our main repository to play around with secureCodeBox: - -```bash -git clone https://github.com/secureCodeBox/secureCodeBox.git -cd secureCodeBox -vagrant up -``` - -After this setup has finished just ssh into the vagrant box: - -```bash -vagrant ssh -``` - -Now you can [start with your first scan](/docs/getting-started/first-scans). - ## Troubleshooting ### MinIO Startup Problems From 3eb53528d1e30423be9fbe88b16f73c53706a2a6 Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Fri, 7 Feb 2025 12:59:41 +0100 Subject: [PATCH 39/93] #1452 Adds Blog Post About Vagrant Removal Signed-off-by: Sven Strittmatter --- .../2025-02-07-we-remove-vagrant-all-setup.md | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 documentation/blog/2025-02-07-we-remove-vagrant-all-setup.md diff --git a/documentation/blog/2025-02-07-we-remove-vagrant-all-setup.md b/documentation/blog/2025-02-07-we-remove-vagrant-all-setup.md new file mode 100644 index 0000000000..3695d5dab5 --- /dev/null +++ b/documentation/blog/2025-02-07-we-remove-vagrant-all-setup.md @@ -0,0 +1,32 @@ +--- +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + +title: We Remove Vagrant Setup +author: Sven Strittmatter +author_title: Core Developer +author_url: https://github.com/Weltraumschaf +author_image_url: https://www.gravatar.com/avatar/3fe213284598b5cb69009665902c77a1 +tags: + - eol + - macos +description: We remove the Vagrant All-in-One Setup completely. +--- + +**TL;DR** We remove the Vagrant All-in-One Setup completely. + + + +Since the introduction of Apple Silicon CPUs we couldn't run [Vagrant][vagrant] with [Virtualbox][virtualbox] anymore because Virtualbox is not ported on ARM at the moment. This may change in the future. I've also tried to get Vagrant up and running with other hypervisors (e.g. VMWare, QEMU), but didn't worked out well 😫 + +Since the setup of _secureCodeBox_ with [Minikube][minikube], [Kind][kind] or [Colima][colima] is quite easy we drop Vagrant completely. With Colima, you can also run x86 images easily on arm hist as described in [Run x86 Images With Kubernetes on Apple Silicon][colima-setup]. + +To be honest, using VMs is so 20th century like 😬 + +[vagrant]: https://www.vagrantup.com/ +[virtualbox]: https://www.virtualbox.org/ +[colima]: https://github.com/abiosoft/colima +[colima-setup]: /blog/2024/10/25/run-x86-images-with-kubernetes-on-apple-silicon +[minikube]: https://minikube.sigs.k8s.io/docs/start/?arch=%2Fmacos%2Fx86-64%2Fstable%2Fbinary+download +[kind]: https://kind.sigs.k8s.io/ From a92e56d119af680eb93977e15bdd4f71b8c7a595 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 6 Feb 2025 11:20:35 +0100 Subject: [PATCH 40/93] Update to latest kubebuilder dependency Signed-off-by: Jannik Hollenbach --- operator/Makefile | 6 +- ...ading.securecodebox.io_cascadingrules.yaml | 284 ++++---- ...urecodebox.io_clusterparsedefinitions.yaml | 187 ++++-- ...codebox.io_clusterscancompletionhooks.yaml | 187 ++++-- ...ion.securecodebox.io_clusterscantypes.yaml | 628 ++++++++++-------- ...ion.securecodebox.io_parsedefinitions.yaml | 187 ++++-- ....securecodebox.io_scancompletionhooks.yaml | 187 ++++-- .../execution.securecodebox.io_scans.yaml | 272 ++++---- .../execution.securecodebox.io_scantypes.yaml | 628 ++++++++++-------- ...ution.securecodebox.io_scheduledscans.yaml | 284 ++++---- operator/go.mod | 91 ++- operator/go.sum | 207 +++--- operator/templates/rbac/role.yaml | 44 +- operator/utils/hash_test.go | 3 +- 14 files changed, 1813 insertions(+), 1382 deletions(-) diff --git a/operator/Makefile b/operator/Makefile index 91c231954c..94089d8754 100644 --- a/operator/Makefile +++ b/operator/Makefile @@ -11,7 +11,7 @@ PROJECT_DIR=.. IMG_NS ?= securecodebox # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -ENVTEST_K8S_VERSION = 1.30.0 +ENVTEST_K8S_VERSION = 1.32.0 # Image URL to use all building/pushing image targets for the operator OPERATOR_IMG ?= operator @@ -178,8 +178,8 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION) ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION) ## Tool Versions -CONTROLLER_TOOLS_VERSION ?= v0.15.0 -ENVTEST_VERSION ?= release-0.18 +CONTROLLER_TOOLS_VERSION ?= v0.17.1 +ENVTEST_VERSION ?= release-0.20 .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. diff --git a/operator/crds/cascading.securecodebox.io_cascadingrules.yaml b/operator/crds/cascading.securecodebox.io_cascadingrules.yaml index 45b88803c8..8ffcdb12e8 100644 --- a/operator/crds/cascading.securecodebox.io_cascadingrules.yaml +++ b/operator/crds/cascading.securecodebox.io_cascadingrules.yaml @@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.1 name: cascadingrules.cascading.securecodebox.io spec: group: cascading.securecodebox.io @@ -435,13 +435,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching\nthe labelSelector - in the specified namespaces, where co-located - is defined as running on a node\nwhose value - of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -470,7 +467,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -597,12 +594,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching\nthe labelSelector in the specified namespaces, - where co-located is defined as running on a node\nwhose - value of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -754,13 +749,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching\nthe labelSelector - in the specified namespaces, where co-located - is defined as running on a node\nwhose value - of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -789,7 +781,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -916,12 +908,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching\nthe labelSelector in the specified namespaces, - where co-located is defined as running on a node\nwhose - value of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -1145,7 +1135,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap or its @@ -1211,7 +1201,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret or its key @@ -1335,7 +1325,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap @@ -1401,7 +1391,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret or @@ -1438,7 +1428,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap must @@ -1460,7 +1450,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret must be @@ -1499,7 +1489,8 @@ spec: More info: https://kubernetes. properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute + in the container. properties: command: description: |- @@ -1511,7 +1502,7 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -1561,8 +1552,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. + description: Sleep represents a duration that the + container should sleep. properties: seconds: description: Seconds is the number of seconds @@ -1575,8 +1566,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect @@ -1603,7 +1594,8 @@ spec: container crashes or exits. properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute + in the container. properties: command: description: |- @@ -1615,7 +1607,7 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -1665,8 +1657,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. + description: Sleep represents a duration that the + container should sleep. properties: seconds: description: Seconds is the number of seconds @@ -1679,8 +1671,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect @@ -1708,7 +1700,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in + the container. properties: command: description: |- @@ -1726,8 +1719,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC - port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number @@ -1735,18 +1727,19 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to + perform. properties: host: description: |- @@ -1813,8 +1806,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: TCPSocket specifies a connection to a TCP + port. properties: host: description: 'Optional: Host name to connect to, @@ -1907,7 +1900,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in + the container. properties: command: description: |- @@ -1925,8 +1919,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC - port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number @@ -1934,18 +1927,19 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to + perform. properties: host: description: |- @@ -2012,8 +2006,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: TCPSocket specifies a connection to a TCP + port. properties: host: description: 'Optional: Host name to connect to, @@ -2077,11 +2071,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -2093,6 +2085,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -2198,7 +2196,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string @@ -2270,7 +2268,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. type: string @@ -2314,7 +2311,8 @@ spec: If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in + the container. properties: command: description: |- @@ -2332,8 +2330,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC - port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number @@ -2341,18 +2338,19 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to + perform. properties: host: description: |- @@ -2419,8 +2417,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: TCPSocket specifies a connection to a TCP + port. properties: host: description: 'Optional: Host name to connect to, @@ -2535,7 +2533,6 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. type: string subPath: @@ -2596,11 +2593,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -2611,6 +2606,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -2723,7 +2724,6 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. type: string subPath: @@ -2752,7 +2752,7 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + Deprecated: AWSElasticBlockStore is deprecated. properties: fsType: description: |- @@ -2781,8 +2781,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching mode: @@ -2797,6 +2799,7 @@ spec: blob storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -2810,6 +2813,7 @@ spec: to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -2819,8 +2823,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -2839,8 +2845,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host - that shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -2877,7 +2884,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2892,7 +2899,9 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. + More info: https://examples.k8s. properties: fsType: description: |- @@ -2919,7 +2928,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2980,7 +2989,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify whether the ConfigMap @@ -2991,7 +3000,7 @@ spec: csi: description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external - CSI drivers (Beta feature). + CSI drivers. properties: driver: description: |- @@ -3018,7 +3027,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -3366,6 +3375,7 @@ spec: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver to use @@ -3401,7 +3411,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -3409,9 +3419,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -3427,7 +3437,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi. properties: fsType: description: |- @@ -3460,7 +3471,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. + Deprecated: GitRepo is deprecated. properties: directory: description: |- @@ -3482,6 +3493,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -3526,6 +3538,23 @@ spec: required: - path type: object + image: + description: image represents an OCI object (a container + image or artifact) pulled and mounted on the kubelet's + host machine. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -3556,6 +3585,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -3588,7 +3618,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -3653,9 +3683,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -3671,8 +3701,10 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume - attached and mounted on kubelets host machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx. properties: fsType: description: |- @@ -3704,17 +3736,19 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along - with other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. properties: labelSelector: @@ -3835,7 +3869,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify whether the @@ -3964,7 +3998,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional field specify whether @@ -4003,8 +4037,9 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -4043,6 +4078,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -4057,6 +4093,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -4071,6 +4108,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -4096,11 +4134,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -4111,10 +4150,12 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -4146,7 +4187,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -4155,6 +4196,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -4231,8 +4273,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -4257,7 +4300,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -4274,8 +4317,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- @@ -4302,6 +4347,9 @@ spec: - name type: object type: array + required: + - parameters + - scanType type: object required: - matches diff --git a/operator/crds/execution.securecodebox.io_clusterparsedefinitions.yaml b/operator/crds/execution.securecodebox.io_clusterparsedefinitions.yaml index de3094184e..81cc48bf09 100644 --- a/operator/crds/execution.securecodebox.io_clusterparsedefinitions.yaml +++ b/operator/crds/execution.securecodebox.io_clusterparsedefinitions.yaml @@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.1 name: clusterparsedefinitions.execution.securecodebox.io spec: group: execution.securecodebox.io @@ -378,12 +378,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching\nthe labelSelector in the specified namespaces, - where co-located is defined as running on a node\nwhose - value of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -412,7 +410,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -537,11 +535,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching\nthe - labelSelector in the specified namespaces, where co-located - is defined as running on a node\nwhose value of the - label with key topologyKey matches that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -692,12 +689,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching\nthe labelSelector in the specified namespaces, - where co-located is defined as running on a node\nwhose - value of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -726,7 +721,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -851,11 +846,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching\nthe - labelSelector in the specified namespaces, where co-located - is defined as running on a node\nwhose value of the - label with key topologyKey matches that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -909,7 +903,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap or its key @@ -974,7 +968,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret or its key must @@ -1012,7 +1006,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1039,11 +1033,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1054,6 +1046,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -1166,7 +1164,6 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. type: string subPath: @@ -1195,7 +1192,7 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + Deprecated: AWSElasticBlockStore is deprecated. properties: fsType: description: |- @@ -1224,8 +1221,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching mode: None, @@ -1240,6 +1239,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -1252,6 +1252,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -1261,8 +1262,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -1281,8 +1284,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -1319,7 +1323,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1334,7 +1338,9 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. + More info: https://examples.k8s. properties: fsType: description: |- @@ -1361,7 +1367,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1421,7 +1427,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify whether the ConfigMap or its @@ -1431,8 +1437,7 @@ spec: x-kubernetes-map-type: atomic csi: description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). + storage that is handled by certain external CSI drivers. properties: driver: description: |- @@ -1459,7 +1464,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1806,6 +1811,7 @@ spec: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver to use for @@ -1841,7 +1847,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1849,9 +1855,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -1867,7 +1873,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi. properties: fsType: description: |- @@ -1900,7 +1907,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. + Deprecated: GitRepo is deprecated. properties: directory: description: |- @@ -1922,6 +1929,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -1966,6 +1974,22 @@ spec: required: - path type: object + image: + description: image represents an OCI object (a container image + or artifact) pulled and mounted on the kubelet's host machine. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -1996,6 +2020,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -2028,7 +2053,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2093,8 +2118,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -2110,8 +2136,10 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx. properties: fsType: description: |- @@ -2142,17 +2170,19 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. properties: labelSelector: @@ -2273,7 +2303,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify whether the ConfigMap @@ -2401,7 +2431,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional field specify whether the @@ -2440,8 +2470,9 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -2480,6 +2511,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -2494,6 +2526,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -2508,6 +2541,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -2533,11 +2567,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -2548,10 +2583,12 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -2583,7 +2620,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2592,6 +2629,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -2667,8 +2705,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -2693,7 +2732,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2710,8 +2749,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- diff --git a/operator/crds/execution.securecodebox.io_clusterscancompletionhooks.yaml b/operator/crds/execution.securecodebox.io_clusterscancompletionhooks.yaml index 7d8fa96ac8..011b5704a7 100644 --- a/operator/crds/execution.securecodebox.io_clusterscancompletionhooks.yaml +++ b/operator/crds/execution.securecodebox.io_clusterscancompletionhooks.yaml @@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.1 name: clusterscancompletionhooks.execution.securecodebox.io spec: group: execution.securecodebox.io @@ -386,12 +386,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching\nthe labelSelector in the specified namespaces, - where co-located is defined as running on a node\nwhose - value of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -420,7 +418,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -545,11 +543,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching\nthe - labelSelector in the specified namespaces, where co-located - is defined as running on a node\nwhose value of the - label with key topologyKey matches that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -700,12 +697,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching\nthe labelSelector in the specified namespaces, - where co-located is defined as running on a node\nwhose - value of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -734,7 +729,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -859,11 +854,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching\nthe - labelSelector in the specified namespaces, where co-located - is defined as running on a node\nwhose value of the - label with key topologyKey matches that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -906,7 +900,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap or its key @@ -971,7 +965,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret or its key must @@ -1009,7 +1003,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1043,11 +1037,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1058,6 +1050,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -1176,7 +1174,6 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. type: string subPath: @@ -1205,7 +1202,7 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + Deprecated: AWSElasticBlockStore is deprecated. properties: fsType: description: |- @@ -1234,8 +1231,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching mode: None, @@ -1250,6 +1249,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -1262,6 +1262,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -1271,8 +1272,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -1291,8 +1294,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -1329,7 +1333,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1344,7 +1348,9 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. + More info: https://examples.k8s. properties: fsType: description: |- @@ -1371,7 +1377,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1431,7 +1437,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify whether the ConfigMap or its @@ -1441,8 +1447,7 @@ spec: x-kubernetes-map-type: atomic csi: description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). + storage that is handled by certain external CSI drivers. properties: driver: description: |- @@ -1469,7 +1474,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1816,6 +1821,7 @@ spec: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver to use for @@ -1851,7 +1857,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1859,9 +1865,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -1877,7 +1883,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi. properties: fsType: description: |- @@ -1910,7 +1917,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. + Deprecated: GitRepo is deprecated. properties: directory: description: |- @@ -1932,6 +1939,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -1976,6 +1984,22 @@ spec: required: - path type: object + image: + description: image represents an OCI object (a container image + or artifact) pulled and mounted on the kubelet's host machine. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -2006,6 +2030,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -2038,7 +2063,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2103,8 +2128,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -2120,8 +2146,10 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx. properties: fsType: description: |- @@ -2152,17 +2180,19 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. properties: labelSelector: @@ -2283,7 +2313,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify whether the ConfigMap @@ -2411,7 +2441,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional field specify whether the @@ -2450,8 +2480,9 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -2490,6 +2521,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -2504,6 +2536,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -2518,6 +2551,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -2543,11 +2577,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -2558,10 +2593,12 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -2593,7 +2630,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2602,6 +2639,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -2677,8 +2715,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -2703,7 +2742,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2720,8 +2759,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- diff --git a/operator/crds/execution.securecodebox.io_clusterscantypes.yaml b/operator/crds/execution.securecodebox.io_clusterscantypes.yaml index f991983f6d..cf4cf5b6cf 100644 --- a/operator/crds/execution.securecodebox.io_clusterscantypes.yaml +++ b/operator/crds/execution.securecodebox.io_clusterscantypes.yaml @@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.1 name: clusterscantypes.execution.securecodebox.io spec: group: execution.securecodebox.io @@ -116,7 +116,6 @@ spec: completionMode specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`. - `NonIndexed` means that the Job is considered complete when there have been .spec.completions successfully completed Pods. type: string @@ -177,7 +176,6 @@ spec: Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are: - - FailJob: indicates that the pod's job is marked as Failed and all running pods are terminated. type: string @@ -710,15 +708,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be - co-located (affinity) or not co-located - (anti-affinity) with the pods - matching\nthe labelSelector in - the specified namespaces, where - co-located is defined as running - on a node\nwhose value of the - label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -747,7 +740,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -876,13 +869,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching\nthe labelSelector - in the specified namespaces, where - co-located is defined as running on - a node\nwhose value of the label with - key topologyKey matches that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -1039,15 +1029,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be - co-located (affinity) or not co-located - (anti-affinity) with the pods - matching\nthe labelSelector in - the specified namespaces, where - co-located is defined as running - on a node\nwhose value of the - label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -1076,7 +1061,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -1205,13 +1190,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching\nthe labelSelector - in the specified namespaces, where - co-located is defined as running on - a node\nwhose value of the label with - key topologyKey matches that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -1291,7 +1273,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the @@ -1364,7 +1346,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the @@ -1401,7 +1383,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap @@ -1424,7 +1406,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret @@ -1463,8 +1445,8 @@ spec: More info: https://kubernetes. properties: exec: - description: Exec specifies the action - to take. + description: Exec specifies a command + to execute in the container. properties: command: description: |- @@ -1476,8 +1458,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. + description: HTTPGet specifies an HTTP + GET request to perform. properties: host: description: |- @@ -1530,9 +1512,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. + description: Sleep represents a duration + that the container should sleep. properties: seconds: description: Seconds is the number @@ -1545,8 +1526,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name @@ -1574,8 +1555,8 @@ spec: container crashes or exits. properties: exec: - description: Exec specifies the action - to take. + description: Exec specifies a command + to execute in the container. properties: command: description: |- @@ -1587,8 +1568,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. + description: HTTPGet specifies an HTTP + GET request to perform. properties: host: description: |- @@ -1641,9 +1622,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. + description: Sleep represents a duration + that the container should sleep. properties: seconds: description: Seconds is the number @@ -1656,8 +1636,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name @@ -1686,8 +1666,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -1705,8 +1685,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -1715,18 +1694,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -1798,8 +1777,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -1893,8 +1872,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -1912,8 +1891,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -1922,18 +1900,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -2005,8 +1983,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -2072,11 +2050,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references @@ -2088,6 +2064,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -2193,7 +2175,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string @@ -2265,7 +2247,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. type: string @@ -2310,8 +2291,8 @@ spec: If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -2329,8 +2310,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -2339,18 +2319,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -2422,8 +2402,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -2541,7 +2521,6 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. type: string subPath: @@ -2603,9 +2582,13 @@ spec: resolver options of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver + option's value. type: string type: object type: array @@ -2699,7 +2682,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the @@ -2772,7 +2755,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the @@ -2809,7 +2792,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap @@ -2832,7 +2815,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret @@ -2868,8 +2851,8 @@ spec: More info: https://kubernetes. properties: exec: - description: Exec specifies the action - to take. + description: Exec specifies a command + to execute in the container. properties: command: description: |- @@ -2881,8 +2864,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. + description: HTTPGet specifies an HTTP + GET request to perform. properties: host: description: |- @@ -2935,9 +2918,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. + description: Sleep represents a duration + that the container should sleep. properties: seconds: description: Seconds is the number @@ -2950,8 +2932,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name @@ -2979,8 +2961,8 @@ spec: container crashes or exits. properties: exec: - description: Exec specifies the action - to take. + description: Exec specifies a command + to execute in the container. properties: command: description: |- @@ -2992,8 +2974,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. + description: HTTPGet specifies an HTTP + GET request to perform. properties: host: description: |- @@ -3046,9 +3028,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. + description: Sleep represents a duration + that the container should sleep. properties: seconds: description: Seconds is the number @@ -3061,8 +3042,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name @@ -3088,8 +3069,8 @@ spec: containers. properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -3107,8 +3088,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -3117,18 +3097,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -3200,8 +3180,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -3288,8 +3268,8 @@ spec: containers. properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -3307,8 +3287,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -3317,18 +3296,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -3400,8 +3379,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -3466,11 +3445,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references @@ -3482,6 +3459,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -3588,7 +3571,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string @@ -3660,7 +3643,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. type: string @@ -3703,8 +3685,8 @@ spec: containers. properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -3722,8 +3704,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -3732,18 +3713,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -3815,8 +3796,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -3939,7 +3920,6 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. type: string subPath: @@ -4042,7 +4022,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -4116,7 +4096,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the @@ -4189,7 +4169,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the @@ -4226,7 +4206,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap @@ -4249,7 +4229,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret @@ -4288,8 +4268,8 @@ spec: More info: https://kubernetes. properties: exec: - description: Exec specifies the action - to take. + description: Exec specifies a command + to execute in the container. properties: command: description: |- @@ -4301,8 +4281,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. + description: HTTPGet specifies an HTTP + GET request to perform. properties: host: description: |- @@ -4355,9 +4335,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. + description: Sleep represents a duration + that the container should sleep. properties: seconds: description: Seconds is the number @@ -4370,8 +4349,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name @@ -4399,8 +4378,8 @@ spec: container crashes or exits. properties: exec: - description: Exec specifies the action - to take. + description: Exec specifies a command + to execute in the container. properties: command: description: |- @@ -4412,8 +4391,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. + description: HTTPGet specifies an HTTP + GET request to perform. properties: host: description: |- @@ -4466,9 +4445,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. + description: Sleep represents a duration + that the container should sleep. properties: seconds: description: Seconds is the number @@ -4481,8 +4459,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name @@ -4511,8 +4489,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -4530,8 +4508,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -4540,18 +4517,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -4623,8 +4600,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -4718,8 +4695,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -4737,8 +4714,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -4747,18 +4723,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -4830,8 +4806,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -4897,11 +4873,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references @@ -4913,6 +4887,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -5018,7 +4998,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string @@ -5090,7 +5070,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. type: string @@ -5135,8 +5114,8 @@ spec: If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -5154,8 +5133,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -5164,18 +5142,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -5247,8 +5225,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -5366,7 +5344,6 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. type: string subPath: @@ -5404,9 +5381,9 @@ spec: x-kubernetes-list-type: map nodeName: description: |- - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - the scheduler simply schedules this pod onto that node, assuming that it fits resource - requirements. + NodeName indicates in which node this pod is scheduled. + If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. type: string nodeSelector: additionalProperties: @@ -5422,7 +5399,6 @@ spec: Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. - If the OS field is set to linux, the following fields must be unset: -securityContext. properties: @@ -5494,34 +5470,33 @@ spec: by name. items: description: |- - PodResourceClaim references exactly one ResourceClaim through a ClaimSource. + PodResourceClaim references exactly one ResourceClaim, either directly + or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim + for the pod. + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. - Containers that need access to the ResourceClaim reference it with this name. properties: name: description: |- Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL. type: string - source: - description: Source describes where to find - the ResourceClaim. - properties: - resourceClaimName: - description: |- - ResourceClaimName is the name of a ResourceClaim object in the same - namespace as this pod. - type: string - resourceClaimTemplateName: - description: |- - ResourceClaimTemplateName is the name of a ResourceClaimTemplate - object in the same namespace as this pod. + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + Exactly one of ResourceClaimName and ResourceClaimTemplateName must + be set. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. - The template will be used to create a new ResourceClaim, which will - be bound to this pod. - type: string - type: object + The template will be used to create a new ResourceClaim, which will + be bound to this pod. + type: string required: - name type: object @@ -5529,6 +5504,68 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + resources: + description: |- + Resources is the total amount of CPU and Memory resources required by all + containers in the pod. It supports specifying Requests and Limits for + "cpu" and "memory" resource names only. ResourceClaims are not supported. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + type: object + type: object restartPolicy: description: |- Restart policy for all containers within the pod. @@ -5601,7 +5638,6 @@ spec: Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. format: int64 @@ -5634,6 +5670,12 @@ spec: May also be set in SecurityContext. format: int64 type: integer + seLinuxChangePolicy: + description: |- + seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. + It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. + Valid values are "MountOption" and "Recursive". + type: string seLinuxOptions: description: |- The SELinux context to be applied to all containers. @@ -5673,7 +5715,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. type: string @@ -5682,14 +5723,18 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). items: format: int64 type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -5943,7 +5988,7 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + Deprecated: AWSElasticBlockStore is deprecated. properties: fsType: description: |- @@ -5972,9 +6017,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data - Disk mount on the host and bind mount to the - pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching @@ -5989,6 +6035,7 @@ spec: disk in the blob storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -6002,6 +6049,7 @@ spec: availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -6011,9 +6059,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File - Service mount on the host and bind mount to - the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -6034,8 +6083,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount - on the host that shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -6073,7 +6123,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -6088,7 +6138,9 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. + More info: https://examples.k8s. properties: fsType: description: |- @@ -6115,7 +6167,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -6176,7 +6228,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify whether the @@ -6187,7 +6239,7 @@ spec: csi: description: csi (Container Storage Interface) represents ephemeral storage that is handled - by certain external CSI drivers (Beta feature). + by certain external CSI drivers. properties: driver: description: |- @@ -6214,7 +6266,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -6578,6 +6630,7 @@ spec: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver @@ -6613,7 +6666,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -6621,10 +6674,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume - attached to a kubelet's host machine. This - depends on the Flocker control service being - running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -6641,7 +6693,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi. properties: fsType: description: |- @@ -6674,7 +6727,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. + Deprecated: GitRepo is deprecated. properties: directory: description: |- @@ -6696,6 +6749,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -6740,6 +6794,23 @@ spec: required: - path type: object + image: + description: image represents an OCI object + (a container image or artifact) pulled and + mounted on the kubelet's host machine. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -6771,6 +6842,7 @@ spec: Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -6804,7 +6876,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -6869,9 +6941,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -6887,9 +6959,10 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host - machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx. properties: fsType: description: |- @@ -6922,18 +6995,19 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume - projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected - along with other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. properties: labelSelector: @@ -7059,7 +7133,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify @@ -7203,7 +7277,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional field specify @@ -7244,8 +7318,9 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount - on the host that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -7284,6 +7359,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -7298,6 +7374,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -7312,6 +7389,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -7337,11 +7415,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -7352,11 +7431,12 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes - nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -7389,7 +7469,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -7399,6 +7479,7 @@ spec: false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -7476,9 +7557,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -7503,7 +7584,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -7520,9 +7601,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets host - machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- @@ -7646,7 +7728,9 @@ spec: separated by commas. type: string ready: - description: The number of pods which have a Ready condition. + description: |- + The number of active pods which have a Ready condition and are not + terminating (without a deletionTimestamp). format: int32 type: integer startTime: @@ -7669,7 +7753,6 @@ spec: The number of pods which are terminating (in phase Pending or Running and have a deletionTimestamp). - This field is beta-level. The job controller populates the field when the feature gate JobPodReplacementPolicy is enabled (enabled by default). format: int32 @@ -7679,7 +7762,6 @@ spec: uncountedTerminatedPods holds the UIDs of Pods that have terminated but the job controller hasn't yet accounted for in the status counters. - The job controller creates pods with a finalizer. properties: failed: diff --git a/operator/crds/execution.securecodebox.io_parsedefinitions.yaml b/operator/crds/execution.securecodebox.io_parsedefinitions.yaml index 8fa743e3d8..1ab0e66dad 100644 --- a/operator/crds/execution.securecodebox.io_parsedefinitions.yaml +++ b/operator/crds/execution.securecodebox.io_parsedefinitions.yaml @@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.1 name: parsedefinitions.execution.securecodebox.io spec: group: execution.securecodebox.io @@ -377,12 +377,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching\nthe labelSelector in the specified namespaces, - where co-located is defined as running on a node\nwhose - value of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -411,7 +409,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -536,11 +534,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching\nthe - labelSelector in the specified namespaces, where co-located - is defined as running on a node\nwhose value of the - label with key topologyKey matches that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -691,12 +688,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching\nthe labelSelector in the specified namespaces, - where co-located is defined as running on a node\nwhose - value of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -725,7 +720,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -850,11 +845,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching\nthe - labelSelector in the specified namespaces, where co-located - is defined as running on a node\nwhose value of the - label with key topologyKey matches that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -908,7 +902,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap or its key @@ -973,7 +967,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret or its key must @@ -1011,7 +1005,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1038,11 +1032,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1053,6 +1045,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -1165,7 +1163,6 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. type: string subPath: @@ -1194,7 +1191,7 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + Deprecated: AWSElasticBlockStore is deprecated. properties: fsType: description: |- @@ -1223,8 +1220,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching mode: None, @@ -1239,6 +1238,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -1251,6 +1251,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -1260,8 +1261,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -1280,8 +1283,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -1318,7 +1322,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1333,7 +1337,9 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. + More info: https://examples.k8s. properties: fsType: description: |- @@ -1360,7 +1366,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1420,7 +1426,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify whether the ConfigMap or its @@ -1430,8 +1436,7 @@ spec: x-kubernetes-map-type: atomic csi: description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). + storage that is handled by certain external CSI drivers. properties: driver: description: |- @@ -1458,7 +1463,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1805,6 +1810,7 @@ spec: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver to use for @@ -1840,7 +1846,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1848,9 +1854,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -1866,7 +1872,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi. properties: fsType: description: |- @@ -1899,7 +1906,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. + Deprecated: GitRepo is deprecated. properties: directory: description: |- @@ -1921,6 +1928,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -1965,6 +1973,22 @@ spec: required: - path type: object + image: + description: image represents an OCI object (a container image + or artifact) pulled and mounted on the kubelet's host machine. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -1995,6 +2019,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -2027,7 +2052,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2092,8 +2117,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -2109,8 +2135,10 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx. properties: fsType: description: |- @@ -2141,17 +2169,19 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. properties: labelSelector: @@ -2272,7 +2302,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify whether the ConfigMap @@ -2400,7 +2430,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional field specify whether the @@ -2439,8 +2469,9 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -2479,6 +2510,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -2493,6 +2525,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -2507,6 +2540,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -2532,11 +2566,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -2547,10 +2582,12 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -2582,7 +2619,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2591,6 +2628,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -2666,8 +2704,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -2692,7 +2731,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2709,8 +2748,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- diff --git a/operator/crds/execution.securecodebox.io_scancompletionhooks.yaml b/operator/crds/execution.securecodebox.io_scancompletionhooks.yaml index 2f2dfc4d88..a186322f36 100644 --- a/operator/crds/execution.securecodebox.io_scancompletionhooks.yaml +++ b/operator/crds/execution.securecodebox.io_scancompletionhooks.yaml @@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.1 name: scancompletionhooks.execution.securecodebox.io spec: group: execution.securecodebox.io @@ -386,12 +386,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching\nthe labelSelector in the specified namespaces, - where co-located is defined as running on a node\nwhose - value of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -420,7 +418,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -545,11 +543,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching\nthe - labelSelector in the specified namespaces, where co-located - is defined as running on a node\nwhose value of the - label with key topologyKey matches that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -700,12 +697,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching\nthe labelSelector in the specified namespaces, - where co-located is defined as running on a node\nwhose - value of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -734,7 +729,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -859,11 +854,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching\nthe - labelSelector in the specified namespaces, where co-located - is defined as running on a node\nwhose value of the - label with key topologyKey matches that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -906,7 +900,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap or its key @@ -971,7 +965,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret or its key must @@ -1009,7 +1003,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1043,11 +1037,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1058,6 +1050,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -1176,7 +1174,6 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. type: string subPath: @@ -1205,7 +1202,7 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + Deprecated: AWSElasticBlockStore is deprecated. properties: fsType: description: |- @@ -1234,8 +1231,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching mode: None, @@ -1250,6 +1249,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -1262,6 +1262,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -1271,8 +1272,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -1291,8 +1294,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -1329,7 +1333,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1344,7 +1348,9 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. + More info: https://examples.k8s. properties: fsType: description: |- @@ -1371,7 +1377,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1431,7 +1437,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify whether the ConfigMap or its @@ -1441,8 +1447,7 @@ spec: x-kubernetes-map-type: atomic csi: description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). + storage that is handled by certain external CSI drivers. properties: driver: description: |- @@ -1469,7 +1474,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1816,6 +1821,7 @@ spec: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver to use for @@ -1851,7 +1857,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -1859,9 +1865,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -1877,7 +1883,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi. properties: fsType: description: |- @@ -1910,7 +1917,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. + Deprecated: GitRepo is deprecated. properties: directory: description: |- @@ -1932,6 +1939,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -1976,6 +1984,22 @@ spec: required: - path type: object + image: + description: image represents an OCI object (a container image + or artifact) pulled and mounted on the kubelet's host machine. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -2006,6 +2030,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -2038,7 +2063,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2103,8 +2128,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -2120,8 +2146,10 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx. properties: fsType: description: |- @@ -2152,17 +2180,19 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. properties: labelSelector: @@ -2283,7 +2313,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify whether the ConfigMap @@ -2411,7 +2441,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional field specify whether the @@ -2450,8 +2480,9 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -2490,6 +2521,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -2504,6 +2536,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -2518,6 +2551,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -2543,11 +2577,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -2558,10 +2593,12 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -2593,7 +2630,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2602,6 +2639,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -2677,8 +2715,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -2703,7 +2742,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2720,8 +2759,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- diff --git a/operator/crds/execution.securecodebox.io_scans.yaml b/operator/crds/execution.securecodebox.io_scans.yaml index be953384b4..fabd0e79e3 100644 --- a/operator/crds/execution.securecodebox.io_scans.yaml +++ b/operator/crds/execution.securecodebox.io_scans.yaml @@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.1 name: scans.execution.securecodebox.io spec: group: execution.securecodebox.io @@ -395,12 +395,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching\nthe labelSelector in the specified namespaces, - where co-located is defined as running on a node\nwhose - value of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -429,7 +427,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -554,11 +552,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching\nthe - labelSelector in the specified namespaces, where co-located - is defined as running on a node\nwhose value of the - label with key topologyKey matches that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -709,12 +706,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching\nthe labelSelector in the specified namespaces, - where co-located is defined as running on a node\nwhose - value of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -743,7 +738,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -868,11 +863,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching\nthe - labelSelector in the specified namespaces, where co-located - is defined as running on a node\nwhose value of the - label with key topologyKey matches that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -1093,7 +1087,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap or its key @@ -1158,7 +1152,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret or its key must @@ -1282,7 +1276,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap or @@ -1348,7 +1342,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret or its @@ -1385,7 +1379,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap must be @@ -1407,7 +1401,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret must be defined @@ -1445,7 +1439,8 @@ spec: More info: https://kubernetes. properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in + the container. properties: command: description: |- @@ -1457,7 +1452,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to + perform. properties: host: description: |- @@ -1506,8 +1502,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. + description: Sleep represents a duration that the container + should sleep. properties: seconds: description: Seconds is the number of seconds to @@ -1520,8 +1516,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect to, @@ -1548,7 +1544,8 @@ spec: container crashes or exits. properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in + the container. properties: command: description: |- @@ -1560,7 +1557,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to + perform. properties: host: description: |- @@ -1609,8 +1607,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that the - container should sleep before being terminated. + description: Sleep represents a duration that the container + should sleep. properties: seconds: description: Seconds is the number of seconds to @@ -1623,8 +1621,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect to, @@ -1652,7 +1650,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the + container. properties: command: description: |- @@ -1670,7 +1669,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number @@ -1678,18 +1677,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -1756,8 +1755,7 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. + description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults @@ -1849,7 +1847,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the + container. properties: command: description: |- @@ -1867,7 +1866,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number @@ -1875,18 +1874,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -1953,8 +1952,7 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. + description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults @@ -2018,11 +2016,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -2033,6 +2029,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -2138,7 +2140,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string @@ -2210,7 +2212,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. type: string @@ -2254,7 +2255,8 @@ spec: If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the + container. properties: command: description: |- @@ -2272,7 +2274,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number @@ -2280,18 +2282,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -2358,8 +2360,7 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. + description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults @@ -2474,7 +2475,6 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. type: string subPath: @@ -2535,11 +2535,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -2550,6 +2548,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -2662,7 +2666,6 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. type: string subPath: @@ -2691,7 +2694,7 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + Deprecated: AWSElasticBlockStore is deprecated. properties: fsType: description: |- @@ -2720,8 +2723,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching mode: None, @@ -2736,6 +2741,7 @@ spec: storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -2748,6 +2754,7 @@ spec: disk (only in managed availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -2757,8 +2764,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -2777,8 +2786,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -2815,7 +2825,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2830,7 +2840,9 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. + More info: https://examples.k8s. properties: fsType: description: |- @@ -2857,7 +2869,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2917,7 +2929,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify whether the ConfigMap or its @@ -2927,8 +2939,7 @@ spec: x-kubernetes-map-type: atomic csi: description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). + storage that is handled by certain external CSI drivers. properties: driver: description: |- @@ -2955,7 +2966,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -3302,6 +3313,7 @@ spec: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver to use for @@ -3337,7 +3349,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -3345,9 +3357,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -3363,7 +3375,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi. properties: fsType: description: |- @@ -3396,7 +3409,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. + Deprecated: GitRepo is deprecated. properties: directory: description: |- @@ -3418,6 +3431,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -3462,6 +3476,22 @@ spec: required: - path type: object + image: + description: image represents an OCI object (a container image + or artifact) pulled and mounted on the kubelet's host machine. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -3492,6 +3522,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -3524,7 +3555,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -3589,8 +3620,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -3606,8 +3638,10 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx. properties: fsType: description: |- @@ -3638,17 +3672,19 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along with - other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. properties: labelSelector: @@ -3769,7 +3805,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify whether the ConfigMap @@ -3897,7 +3933,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional field specify whether the @@ -3936,8 +3972,9 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -3976,6 +4013,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -3990,6 +4028,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -4004,6 +4043,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -4029,11 +4069,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -4044,10 +4085,12 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -4079,7 +4122,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -4088,6 +4131,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -4163,8 +4207,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -4189,7 +4234,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -4206,8 +4251,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- @@ -4234,6 +4281,9 @@ spec: - name type: object type: array + required: + - parameters + - scanType type: object status: description: ScanStatus defines the observed state of Scan diff --git a/operator/crds/execution.securecodebox.io_scantypes.yaml b/operator/crds/execution.securecodebox.io_scantypes.yaml index a0021ad153..a524e0d876 100644 --- a/operator/crds/execution.securecodebox.io_scantypes.yaml +++ b/operator/crds/execution.securecodebox.io_scantypes.yaml @@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.1 name: scantypes.execution.securecodebox.io spec: group: execution.securecodebox.io @@ -116,7 +116,6 @@ spec: completionMode specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`. - `NonIndexed` means that the Job is considered complete when there have been .spec.completions successfully completed Pods. type: string @@ -177,7 +176,6 @@ spec: Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are: - - FailJob: indicates that the pod's job is marked as Failed and all running pods are terminated. type: string @@ -710,15 +708,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be - co-located (affinity) or not co-located - (anti-affinity) with the pods - matching\nthe labelSelector in - the specified namespaces, where - co-located is defined as running - on a node\nwhose value of the - label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -747,7 +740,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -876,13 +869,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching\nthe labelSelector - in the specified namespaces, where - co-located is defined as running on - a node\nwhose value of the label with - key topologyKey matches that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -1039,15 +1029,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be - co-located (affinity) or not co-located - (anti-affinity) with the pods - matching\nthe labelSelector in - the specified namespaces, where - co-located is defined as running - on a node\nwhose value of the - label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -1076,7 +1061,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -1205,13 +1190,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching\nthe labelSelector - in the specified namespaces, where - co-located is defined as running on - a node\nwhose value of the label with - key topologyKey matches that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -1291,7 +1273,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the @@ -1364,7 +1346,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the @@ -1401,7 +1383,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap @@ -1424,7 +1406,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret @@ -1463,8 +1445,8 @@ spec: More info: https://kubernetes. properties: exec: - description: Exec specifies the action - to take. + description: Exec specifies a command + to execute in the container. properties: command: description: |- @@ -1476,8 +1458,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. + description: HTTPGet specifies an HTTP + GET request to perform. properties: host: description: |- @@ -1530,9 +1512,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. + description: Sleep represents a duration + that the container should sleep. properties: seconds: description: Seconds is the number @@ -1545,8 +1526,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name @@ -1574,8 +1555,8 @@ spec: container crashes or exits. properties: exec: - description: Exec specifies the action - to take. + description: Exec specifies a command + to execute in the container. properties: command: description: |- @@ -1587,8 +1568,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. + description: HTTPGet specifies an HTTP + GET request to perform. properties: host: description: |- @@ -1641,9 +1622,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. + description: Sleep represents a duration + that the container should sleep. properties: seconds: description: Seconds is the number @@ -1656,8 +1636,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name @@ -1686,8 +1666,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -1705,8 +1685,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -1715,18 +1694,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -1798,8 +1777,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -1893,8 +1872,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -1912,8 +1891,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -1922,18 +1900,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -2005,8 +1983,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -2072,11 +2050,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references @@ -2088,6 +2064,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -2193,7 +2175,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string @@ -2265,7 +2247,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. type: string @@ -2310,8 +2291,8 @@ spec: If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -2329,8 +2310,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -2339,18 +2319,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -2422,8 +2402,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -2541,7 +2521,6 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. type: string subPath: @@ -2603,9 +2582,13 @@ spec: resolver options of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver + option's value. type: string type: object type: array @@ -2699,7 +2682,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the @@ -2772,7 +2755,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the @@ -2809,7 +2792,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap @@ -2832,7 +2815,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret @@ -2868,8 +2851,8 @@ spec: More info: https://kubernetes. properties: exec: - description: Exec specifies the action - to take. + description: Exec specifies a command + to execute in the container. properties: command: description: |- @@ -2881,8 +2864,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. + description: HTTPGet specifies an HTTP + GET request to perform. properties: host: description: |- @@ -2935,9 +2918,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. + description: Sleep represents a duration + that the container should sleep. properties: seconds: description: Seconds is the number @@ -2950,8 +2932,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name @@ -2979,8 +2961,8 @@ spec: container crashes or exits. properties: exec: - description: Exec specifies the action - to take. + description: Exec specifies a command + to execute in the container. properties: command: description: |- @@ -2992,8 +2974,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. + description: HTTPGet specifies an HTTP + GET request to perform. properties: host: description: |- @@ -3046,9 +3028,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. + description: Sleep represents a duration + that the container should sleep. properties: seconds: description: Seconds is the number @@ -3061,8 +3042,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name @@ -3088,8 +3069,8 @@ spec: containers. properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -3107,8 +3088,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -3117,18 +3097,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -3200,8 +3180,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -3288,8 +3268,8 @@ spec: containers. properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -3307,8 +3287,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -3317,18 +3296,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -3400,8 +3379,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -3466,11 +3445,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references @@ -3482,6 +3459,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -3588,7 +3571,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string @@ -3660,7 +3643,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. type: string @@ -3703,8 +3685,8 @@ spec: containers. properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -3722,8 +3704,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -3732,18 +3713,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -3815,8 +3796,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -3939,7 +3920,6 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. type: string subPath: @@ -4042,7 +4022,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -4116,7 +4096,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the @@ -4189,7 +4169,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the @@ -4226,7 +4206,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap @@ -4249,7 +4229,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret @@ -4288,8 +4268,8 @@ spec: More info: https://kubernetes. properties: exec: - description: Exec specifies the action - to take. + description: Exec specifies a command + to execute in the container. properties: command: description: |- @@ -4301,8 +4281,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. + description: HTTPGet specifies an HTTP + GET request to perform. properties: host: description: |- @@ -4355,9 +4335,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. + description: Sleep represents a duration + that the container should sleep. properties: seconds: description: Seconds is the number @@ -4370,8 +4349,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name @@ -4399,8 +4378,8 @@ spec: container crashes or exits. properties: exec: - description: Exec specifies the action - to take. + description: Exec specifies a command + to execute in the container. properties: command: description: |- @@ -4412,8 +4391,8 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http - request to perform. + description: HTTPGet specifies an HTTP + GET request to perform. properties: host: description: |- @@ -4466,9 +4445,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration - that the container should sleep before - being terminated. + description: Sleep represents a duration + that the container should sleep. properties: seconds: description: Seconds is the number @@ -4481,8 +4459,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name @@ -4511,8 +4489,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -4530,8 +4508,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -4540,18 +4517,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -4623,8 +4600,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -4718,8 +4695,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -4737,8 +4714,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -4747,18 +4723,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -4830,8 +4806,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -4897,11 +4873,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references @@ -4913,6 +4887,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -5018,7 +4998,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string @@ -5090,7 +5070,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. type: string @@ -5135,8 +5114,8 @@ spec: If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. properties: exec: - description: Exec specifies the action to - take. + description: Exec specifies a command to + execute in the container. properties: command: description: |- @@ -5154,8 +5133,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC @@ -5164,18 +5142,18 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -5247,8 +5225,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action - involving a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to @@ -5366,7 +5344,6 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. type: string subPath: @@ -5404,9 +5381,9 @@ spec: x-kubernetes-list-type: map nodeName: description: |- - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - the scheduler simply schedules this pod onto that node, assuming that it fits resource - requirements. + NodeName indicates in which node this pod is scheduled. + If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. type: string nodeSelector: additionalProperties: @@ -5422,7 +5399,6 @@ spec: Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. - If the OS field is set to linux, the following fields must be unset: -securityContext. properties: @@ -5494,34 +5470,33 @@ spec: by name. items: description: |- - PodResourceClaim references exactly one ResourceClaim through a ClaimSource. + PodResourceClaim references exactly one ResourceClaim, either directly + or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim + for the pod. + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. - Containers that need access to the ResourceClaim reference it with this name. properties: name: description: |- Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL. type: string - source: - description: Source describes where to find - the ResourceClaim. - properties: - resourceClaimName: - description: |- - ResourceClaimName is the name of a ResourceClaim object in the same - namespace as this pod. - type: string - resourceClaimTemplateName: - description: |- - ResourceClaimTemplateName is the name of a ResourceClaimTemplate - object in the same namespace as this pod. + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + Exactly one of ResourceClaimName and ResourceClaimTemplateName must + be set. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. - The template will be used to create a new ResourceClaim, which will - be bound to this pod. - type: string - type: object + The template will be used to create a new ResourceClaim, which will + be bound to this pod. + type: string required: - name type: object @@ -5529,6 +5504,68 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + resources: + description: |- + Resources is the total amount of CPU and Memory resources required by all + containers in the pod. It supports specifying Requests and Limits for + "cpu" and "memory" resource names only. ResourceClaims are not supported. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + type: object + type: object restartPolicy: description: |- Restart policy for all containers within the pod. @@ -5601,7 +5638,6 @@ spec: Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. format: int64 @@ -5634,6 +5670,12 @@ spec: May also be set in SecurityContext. format: int64 type: integer + seLinuxChangePolicy: + description: |- + seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. + It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. + Valid values are "MountOption" and "Recursive". + type: string seLinuxOptions: description: |- The SELinux context to be applied to all containers. @@ -5673,7 +5715,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. type: string @@ -5682,14 +5723,18 @@ spec: type: object supplementalGroups: description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). items: format: int64 type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported @@ -5943,7 +5988,7 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + Deprecated: AWSElasticBlockStore is deprecated. properties: fsType: description: |- @@ -5972,9 +6017,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data - Disk mount on the host and bind mount to the - pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching @@ -5989,6 +6035,7 @@ spec: disk in the blob storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -6002,6 +6049,7 @@ spec: availability set). defaults to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -6011,9 +6059,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File - Service mount on the host and bind mount to - the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -6034,8 +6083,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount - on the host that shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -6073,7 +6123,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -6088,7 +6138,9 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. + More info: https://examples.k8s. properties: fsType: description: |- @@ -6115,7 +6167,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -6176,7 +6228,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify whether the @@ -6187,7 +6239,7 @@ spec: csi: description: csi (Container Storage Interface) represents ephemeral storage that is handled - by certain external CSI drivers (Beta feature). + by certain external CSI drivers. properties: driver: description: |- @@ -6214,7 +6266,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -6578,6 +6630,7 @@ spec: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver @@ -6613,7 +6666,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -6621,10 +6674,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume - attached to a kubelet's host machine. This - depends on the Flocker control service being - running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -6641,7 +6693,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi. properties: fsType: description: |- @@ -6674,7 +6727,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. + Deprecated: GitRepo is deprecated. properties: directory: description: |- @@ -6696,6 +6749,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -6740,6 +6794,23 @@ spec: required: - path type: object + image: + description: image represents an OCI object + (a container image or artifact) pulled and + mounted on the kubelet's host machine. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -6771,6 +6842,7 @@ spec: Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -6804,7 +6876,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -6869,9 +6941,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -6887,9 +6959,10 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host - machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx. properties: fsType: description: |- @@ -6922,18 +6995,19 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume - projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected - along with other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. properties: labelSelector: @@ -7059,7 +7133,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify @@ -7203,7 +7277,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional field specify @@ -7244,8 +7318,9 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount - on the host that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -7284,6 +7359,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -7298,6 +7374,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -7312,6 +7389,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -7337,11 +7415,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -7352,11 +7431,12 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes - nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -7389,7 +7469,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -7399,6 +7479,7 @@ spec: false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -7476,9 +7557,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -7503,7 +7584,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -7520,9 +7601,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets host - machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- @@ -7646,7 +7728,9 @@ spec: separated by commas. type: string ready: - description: The number of pods which have a Ready condition. + description: |- + The number of active pods which have a Ready condition and are not + terminating (without a deletionTimestamp). format: int32 type: integer startTime: @@ -7669,7 +7753,6 @@ spec: The number of pods which are terminating (in phase Pending or Running and have a deletionTimestamp). - This field is beta-level. The job controller populates the field when the feature gate JobPodReplacementPolicy is enabled (enabled by default). format: int32 @@ -7679,7 +7762,6 @@ spec: uncountedTerminatedPods holds the UIDs of Pods that have terminated but the job controller hasn't yet accounted for in the status counters. - The job controller creates pods with a finalizer. properties: failed: diff --git a/operator/crds/execution.securecodebox.io_scheduledscans.yaml b/operator/crds/execution.securecodebox.io_scheduledscans.yaml index 9b871e7393..1bfa19a4bc 100644 --- a/operator/crds/execution.securecodebox.io_scheduledscans.yaml +++ b/operator/crds/execution.securecodebox.io_scheduledscans.yaml @@ -6,7 +6,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.1 name: scheduledscans.execution.securecodebox.io spec: group: execution.securecodebox.io @@ -429,13 +429,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching\nthe labelSelector - in the specified namespaces, where co-located - is defined as running on a node\nwhose value - of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -464,7 +461,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -591,12 +588,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching\nthe labelSelector in the specified namespaces, - where co-located is defined as running on a node\nwhose - value of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -748,13 +743,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching\nthe labelSelector - in the specified namespaces, where co-located - is defined as running on a node\nwhose value - of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -783,7 +775,7 @@ spec: relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of - the lab + the... properties: labelSelector: description: |- @@ -910,12 +902,10 @@ spec: type: array x-kubernetes-list-type: atomic topologyKey: - description: "This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching\nthe labelSelector in the specified namespaces, - where co-located is defined as running on a node\nwhose - value of the label with key topologyKey matches - that of " + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of... type: string required: - topologyKey @@ -1139,7 +1129,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap or its @@ -1205,7 +1195,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret or its key @@ -1329,7 +1319,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap @@ -1395,7 +1385,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret or @@ -1432,7 +1422,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the ConfigMap must @@ -1454,7 +1444,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: Specify whether the Secret must be @@ -1493,7 +1483,8 @@ spec: More info: https://kubernetes. properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute + in the container. properties: command: description: |- @@ -1505,7 +1496,7 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -1555,8 +1546,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. + description: Sleep represents a duration that the + container should sleep. properties: seconds: description: Seconds is the number of seconds @@ -1569,8 +1560,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect @@ -1597,7 +1588,8 @@ spec: container crashes or exits. properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute + in the container. properties: command: description: |- @@ -1609,7 +1601,7 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -1659,8 +1651,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. + description: Sleep represents a duration that the + container should sleep. properties: seconds: description: Seconds is the number of seconds @@ -1673,8 +1665,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect @@ -1702,7 +1694,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in + the container. properties: command: description: |- @@ -1720,8 +1713,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC - port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number @@ -1729,18 +1721,19 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to + perform. properties: host: description: |- @@ -1807,8 +1800,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: TCPSocket specifies a connection to a TCP + port. properties: host: description: 'Optional: Host name to connect to, @@ -1901,7 +1894,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in + the container. properties: command: description: |- @@ -1919,8 +1913,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC - port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number @@ -1928,18 +1921,19 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to + perform. properties: host: description: |- @@ -2006,8 +2000,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: TCPSocket specifies a connection to a TCP + port. properties: host: description: 'Optional: Host name to connect to, @@ -2071,11 +2065,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -2087,6 +2079,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -2192,7 +2190,7 @@ spec: procMount: description: |- procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for + The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string @@ -2264,7 +2262,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. type: string @@ -2308,7 +2305,8 @@ spec: If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in + the container. properties: command: description: |- @@ -2326,8 +2324,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC - port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number @@ -2335,18 +2332,19 @@ spec: format: int32 type: integer service: + default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to + perform. properties: host: description: |- @@ -2413,8 +2411,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: TCPSocket specifies a connection to a TCP + port. properties: host: description: 'Optional: Host name to connect to, @@ -2529,7 +2527,6 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. type: string subPath: @@ -2590,11 +2587,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -2605,6 +2600,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -2717,7 +2718,6 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. type: string subPath: @@ -2746,7 +2746,7 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + Deprecated: AWSElasticBlockStore is deprecated. properties: fsType: description: |- @@ -2775,8 +2775,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching mode: @@ -2791,6 +2793,7 @@ spec: blob storage type: string fsType: + default: ext4 description: |- fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -2804,6 +2807,7 @@ spec: to shared' type: string readOnly: + default: false description: |- readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. @@ -2813,8 +2817,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -2833,8 +2839,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host - that shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -2871,7 +2878,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2886,7 +2893,9 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. + More info: https://examples.k8s. properties: fsType: description: |- @@ -2913,7 +2922,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -2974,7 +2983,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify whether the ConfigMap @@ -2985,7 +2994,7 @@ spec: csi: description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external - CSI drivers (Beta feature). + CSI drivers. properties: driver: description: |- @@ -3012,7 +3021,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -3360,6 +3369,7 @@ spec: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver to use @@ -3395,7 +3405,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -3403,9 +3413,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -3421,7 +3431,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi. properties: fsType: description: |- @@ -3454,7 +3465,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. + Deprecated: GitRepo is deprecated. properties: directory: description: |- @@ -3476,6 +3487,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -3520,6 +3532,23 @@ spec: required: - path type: object + image: + description: image represents an OCI object (a container + image or artifact) pulled and mounted on the kubelet's + host machine. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + type: string + type: object iscsi: description: |- iscsi represents an ISCSI Disk resource that is attached to a @@ -3550,6 +3579,7 @@ spec: description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + default: default description: |- iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). @@ -3582,7 +3612,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -3647,9 +3677,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -3665,8 +3695,10 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume - attached and mounted on kubelets host machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx. properties: fsType: description: |- @@ -3698,17 +3730,19 @@ spec: format: int32 type: integer sources: - description: sources is the list of volume projections + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. items: - description: Projection that may be projected along - with other supported volume types + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. properties: clusterTrustBundle: description: |- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. properties: labelSelector: @@ -3829,7 +3863,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional specify whether the @@ -3958,7 +3992,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string optional: description: optional field specify whether @@ -3997,8 +4031,9 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -4037,6 +4072,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -4051,6 +4087,7 @@ spec: More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it type: string keyring: + default: /etc/ceph/keyring description: |- keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. @@ -4065,6 +4102,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd description: |- pool is the rados pool name. Default is rbd. @@ -4090,11 +4128,12 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic user: + default: admin description: |- user is the rados user name. Default is admin. @@ -4105,10 +4144,12 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: + default: xfs description: |- fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. @@ -4140,7 +4181,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -4149,6 +4190,7 @@ spec: with Gateway, default false type: boolean storageMode: + default: ThinProvisioned description: |- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. @@ -4225,8 +4267,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -4251,7 +4294,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes. type: string type: object x-kubernetes-map-type: atomic @@ -4268,8 +4311,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- @@ -4296,6 +4341,9 @@ spec: - name type: object type: array + required: + - parameters + - scanType type: object schedule: description: The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. diff --git a/operator/go.mod b/operator/go.mod index 1a2f8c114b..c2989ca92f 100644 --- a/operator/go.mod +++ b/operator/go.mod @@ -4,91 +4,88 @@ module github.com/secureCodeBox/secureCodeBox/operator -go 1.22.0 +go 1.23.0 -toolchain go1.22.4 +toolchain go1.23.5 require ( - github.com/go-logr/logr v1.4.1 - github.com/minio/minio-go/v7 v7.0.26 + github.com/go-logr/logr v1.4.2 + github.com/minio/minio-go/v7 v7.0.84 github.com/mitchellh/hashstructure/v2 v2.0.2 github.com/onsi/ginkgo v1.16.5 - github.com/onsi/gomega v1.32.0 - k8s.io/api v0.30.2 - k8s.io/apimachinery v0.30.2 - k8s.io/client-go v0.30.2 - sigs.k8s.io/controller-runtime v0.18.2 + github.com/onsi/gomega v1.36.2 + k8s.io/api v0.32.1 + k8s.io/apimachinery v0.32.1 + k8s.io/client-go v0.32.1 + sigs.k8s.io/controller-runtime v0.20.1 ) require ( github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/go-ini/ini v1.67.0 // indirect + github.com/goccy/go-json v0.10.4 // indirect + github.com/google/btree v1.1.3 // indirect github.com/google/gnostic-models v0.6.8 // indirect - golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect + github.com/x448/float16 v0.8.4 // indirect + golang.org/x/sync v0.10.0 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect ) require ( github.com/beorn7/perks v1.0.1 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/dustin/go-humanize v1.0.1 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-logr/zapr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/uuid v1.3.0 // indirect - github.com/imdario/mergo v0.3.12 // indirect + github.com/google/uuid v1.6.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.15.4 // indirect - github.com/klauspost/cpuid/v2 v2.0.12 // indirect + github.com/klauspost/compress v1.17.11 // indirect + github.com/klauspost/cpuid/v2 v2.2.9 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/minio/md5-simd v1.1.2 // indirect - github.com/minio/sha256-simd v1.0.0 // indirect - github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/nxadm/tail v1.4.8 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.16.0 // indirect - github.com/prometheus/client_model v0.4.0 // indirect - github.com/prometheus/common v0.44.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/prometheus/client_golang v1.19.1 + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect github.com/robfig/cron v1.2.0 - github.com/rs/xid v1.4.0 // indirect - github.com/sirupsen/logrus v1.9.0 // indirect + github.com/rs/xid v1.6.0 // indirect github.com/spf13/pflag v1.0.5 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.26.0 // indirect - golang.org/x/crypto v0.21.0 // indirect - golang.org/x/net v0.23.0 // indirect - golang.org/x/oauth2 v0.12.0 // indirect - golang.org/x/sys v0.18.0 // indirect - golang.org/x/term v0.18.0 // indirect - golang.org/x/text v0.14.0 // indirect - golang.org/x/time v0.3.0 // indirect + go.uber.org/zap v1.27.0 // indirect + golang.org/x/crypto v0.31.0 // indirect + golang.org/x/net v0.33.0 // indirect + golang.org/x/oauth2 v0.23.0 // indirect + golang.org/x/sys v0.28.0 // indirect + golang.org/x/term v0.27.0 // indirect + golang.org/x/text v0.21.0 // indirect + golang.org/x/time v0.7.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.33.0 // indirect + google.golang.org/protobuf v1.36.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/ini.v1 v1.66.4 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.30.0 // indirect - k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect - sigs.k8s.io/yaml v1.3.0 // indirect + k8s.io/apiextensions-apiserver v0.32.0 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect + k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect + sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/operator/go.sum b/operator/go.sum index 6eb776a410..9dfb98830f 100644 --- a/operator/go.sum +++ b/operator/go.sum @@ -1,11 +1,12 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= @@ -18,25 +19,31 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= +github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/goccy/go-json v0.10.4 h1:JSwxQzIqKfmFX1swYPpUThQZp/Ka4wzJdK0LWVytLPM= +github.com/goccy/go-json v0.10.4/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= @@ -45,6 +52,8 @@ github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvq github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= +github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -56,25 +65,22 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= -github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= -github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.15.4 h1:1kn4/7MepF/CHmYub99/nNX8az0IJjfSOU/jbnTVfqQ= -github.com/klauspost/compress v1.15.4/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= +github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= +github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.0.12 h1:p9dKCg8i4gmOxtv35DvrYoWqYzQrvEVdjQ762Y0OqZE= -github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= +github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY= +github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -84,16 +90,10 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= -github.com/minio/minio-go/v7 v7.0.26 h1:D0HK+8793etZfRY/vHhDmFaP+vmT41K3K4JV9vmZCBQ= -github.com/minio/minio-go/v7 v7.0.26/go.mod h1:x81+AX5gHSfCSqw7jxRKHvxUXMlE5uKX0Vb75Xk5yYg= -github.com/minio/sha256-simd v1.0.0 h1:v1ta+49hkWZyvaKwrQB8elexRqm6Y0aMLjCNsrYxo6g= -github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM= -github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/minio/minio-go/v7 v7.0.84 h1:D1HVmAF8JF8Bpi6IU4V9vIEj+8pc+xU88EWMs2yed0E= +github.com/minio/minio-go/v7 v7.0.84/go.mod h1:57YXpvc5l3rjPdhqNrDsvVlY0qPI6UTk1bflAe+9doY= github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4= github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -110,32 +110,31 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= -github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/ginkgo/v2 v2.22.1 h1:QW7tbJAUDyVDVOM5dFa7qaybo+CRfR7bemlQUN6Z8aM= +github.com/onsi/ginkgo/v2 v2.22.1/go.mod h1:S6aTpoRsSq2cZOd+pssHAlKW/Q/jZt6cPrPlnj4a1xM= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= -github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= +github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= +github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= -github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= -github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= -github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= -github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= -github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= +github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/robfig/cron v1.2.0 h1:ZjScXvvxeQ63Dbyxy76Fj3AT3Ut0aKsyd2/tl3DTMuQ= github.com/robfig/cron v1.2.0/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= -github.com/rs/xid v1.4.0 h1:qd7wPTDkN6KQx2VmMBLrpHkiyQwgFXRnkOLacUiaSNY= -github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= -github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= -github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU= +github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -143,45 +142,44 @@ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSS github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA= -golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= -golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -191,79 +189,72 @@ golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= -golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= +golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= +golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.66.4 h1:SsAcf+mM7mRZo2nJNGt8mZCjG8ZRaNGMURJw7BsIST4= -gopkg.in/ini.v1 v1.66.4/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= -k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= -k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= -k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= -k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= -k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= -k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= -k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= -k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= -sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc= +k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k= +k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0= +k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw= +k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs= +k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU= +k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.20.1 h1:JbGMAG/X94NeM3xvjenVUaBjy6Ui4Ogd/J5ZtjZnHaE= +sigs.k8s.io/controller-runtime v0.20.1/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/operator/templates/rbac/role.yaml b/operator/templates/rbac/role.yaml index 5b9e3dd9fd..619041856e 100644 --- a/operator/templates/rbac/role.yaml +++ b/operator/templates/rbac/role.yaml @@ -14,18 +14,6 @@ rules: verbs: - create - patch -- apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - "" resources: @@ -42,25 +30,9 @@ rules: - list - watch - apiGroups: - - execution.securecodebox.io - resources: - - parsedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - execution.securecodebox.io - resources: - - scancompletionhooks - verbs: - - get - - list - - watch -- apiGroups: - - execution.securecodebox.io + - batch resources: - - scans + - jobs verbs: - create - delete @@ -72,14 +44,8 @@ rules: - apiGroups: - execution.securecodebox.io resources: - - scans/status - verbs: - - get - - patch - - update -- apiGroups: - - execution.securecodebox.io - resources: + - parsedefinitions + - scancompletionhooks - scantypes verbs: - get @@ -88,6 +54,7 @@ rules: - apiGroups: - execution.securecodebox.io resources: + - scans - scheduledscans verbs: - create @@ -100,6 +67,7 @@ rules: - apiGroups: - execution.securecodebox.io resources: + - scans/status - scheduledscans/status verbs: - get diff --git a/operator/utils/hash_test.go b/operator/utils/hash_test.go index 110e6b2021..fabd7b3287 100644 --- a/operator/utils/hash_test.go +++ b/operator/utils/hash_test.go @@ -53,7 +53,8 @@ var _ = Describe("ScanType Hashing", func() { It("should hash scantype consistently", func() { hashValues := HashScanType(scanType) - Expect(hashValues).To(Equal(uint64(0xc1cee52ba3736175)), "Should hash scantype consistently") + // note: this hash changes with every kubernetes release as kubernetes adds new field to their objects which causes the hashes to change. + Expect(hashValues).To(Equal(uint64(0xba4b605a6550aca3)), "Should hash scantype consistently") }) It("should ignore non-scb annotations on the scantypes", func() { From 5b9d86a7ef3cb29b3ddf91b5a37cc7390fbdc519 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 6 Feb 2025 11:23:18 +0100 Subject: [PATCH 41/93] Fix new lint errors triggered by update Signed-off-by: Jannik Hollenbach --- operator/utils/hash_test.go | 3 +-- operator/utils/orderedhookgroups.go | 10 +++++----- operator/utils/orderedhookgroups_test.go | 10 +++++----- operator/utils/retrigger_scheduled_scan.go | 2 +- 4 files changed, 12 insertions(+), 13 deletions(-) diff --git a/operator/utils/hash_test.go b/operator/utils/hash_test.go index fabd7b3287..049591fa0c 100644 --- a/operator/utils/hash_test.go +++ b/operator/utils/hash_test.go @@ -11,7 +11,6 @@ import ( executionv1 "github.com/secureCodeBox/secureCodeBox/operator/apis/execution/v1" batchv1 "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" - v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -27,7 +26,7 @@ var scanType executionv1.ScanType = executionv1.ScanType{ }, JobTemplate: batchv1.Job{ Spec: batchv1.JobSpec{ - Template: v1.PodTemplateSpec{ + Template: corev1.PodTemplateSpec{ Spec: corev1.PodSpec{ Containers: []corev1.Container{ { diff --git a/operator/utils/orderedhookgroups.go b/operator/utils/orderedhookgroups.go index 59f0ea4e27..0ea1548edc 100644 --- a/operator/utils/orderedhookgroups.go +++ b/operator/utils/orderedhookgroups.go @@ -11,18 +11,18 @@ import ( executionv1 "github.com/secureCodeBox/secureCodeBox/operator/apis/execution/v1" ) -func CurrentHookGroup(orderedHookGroup [][]*executionv1.HookStatus) (error, []*executionv1.HookStatus) { +func CurrentHookGroup(orderedHookGroup [][]*executionv1.HookStatus) ([]*executionv1.HookStatus, error) { for _, group := range orderedHookGroup { for _, hookStatus := range group { switch hookStatus.State { case executionv1.Pending: - return nil, group + return group, nil case executionv1.InProgress: - return nil, group + return group, nil case executionv1.Failed: - return fmt.Errorf("Hook %s failed to be executed.", hookStatus.HookName), nil + return nil, fmt.Errorf("hook %s failed to be executed", hookStatus.HookName) case executionv1.Cancelled: - return fmt.Errorf("Hook %s was cancelled while it was executed.", hookStatus.HookName), nil + return nil, fmt.Errorf("hook %s was cancelled while it was executed", hookStatus.HookName) case executionv1.Completed: // continue to next group } diff --git a/operator/utils/orderedhookgroups_test.go b/operator/utils/orderedhookgroups_test.go index 07a00dbd66..d758f51463 100644 --- a/operator/utils/orderedhookgroups_test.go +++ b/operator/utils/orderedhookgroups_test.go @@ -189,7 +189,7 @@ var _ = Describe("HookOrderingGroup Creation", func() { var _ = Describe("HookOrderingGroup Retrival", func() { Context("Current() should return the group of hooks which should be executed at the moment", func() { It("Should return the first if all hooks are pending", func() { - err, currentHookGroup := CurrentHookGroup([][]*executionv1.HookStatus{ + currentHookGroup, err := CurrentHookGroup([][]*executionv1.HookStatus{ { {HookName: "rw-1", State: "Pending", JobName: "", Priority: 4, Type: "ReadAndWrite"}, }, @@ -208,7 +208,7 @@ var _ = Describe("HookOrderingGroup Retrival", func() { }) It("Should return the first group if it consists of hooks currently in progress", func() { - err, currentHookGroup := CurrentHookGroup([][]*executionv1.HookStatus{ + currentHookGroup, err := CurrentHookGroup([][]*executionv1.HookStatus{ { {HookName: "rw-1", State: "InProgress", JobName: "", Priority: 4, Type: "ReadAndWrite"}, }, @@ -227,7 +227,7 @@ var _ = Describe("HookOrderingGroup Retrival", func() { }) It("Should return the second group if the first group is completed", func() { - err, currentHookGroup := CurrentHookGroup([][]*executionv1.HookStatus{ + currentHookGroup, err := CurrentHookGroup([][]*executionv1.HookStatus{ { {HookName: "rw-1", State: "Completed", JobName: "", Priority: 4, Type: "ReadAndWrite"}, }, @@ -247,7 +247,7 @@ var _ = Describe("HookOrderingGroup Retrival", func() { }) It("Should return nil if the first group failed", func() { - err, currentHookGroup := CurrentHookGroup([][]*executionv1.HookStatus{ + currentHookGroup, err := CurrentHookGroup([][]*executionv1.HookStatus{ { {HookName: "rw-1", State: "Failed", JobName: "", Priority: 4, Type: "ReadAndWrite"}, }, @@ -262,7 +262,7 @@ var _ = Describe("HookOrderingGroup Retrival", func() { }) It("Should return nil if no hooks are configured", func() { - err, currentHookGroup := CurrentHookGroup([][]*executionv1.HookStatus{}) + currentHookGroup, err := CurrentHookGroup([][]*executionv1.HookStatus{}) Expect(err).To(BeNil()) Expect(currentHookGroup).To(BeNil()) diff --git a/operator/utils/retrigger_scheduled_scan.go b/operator/utils/retrigger_scheduled_scan.go index d2e89d0bd9..1124ded426 100644 --- a/operator/utils/retrigger_scheduled_scan.go +++ b/operator/utils/retrigger_scheduled_scan.go @@ -21,7 +21,7 @@ func RetriggerScheduledScan(ctx context.Context, statusWriter client.StatusWrite scheduledScan.Status.LastScheduleTime = &fakedLastSchedule err := statusWriter.Update(ctx, &scheduledScan) if err != nil { - return fmt.Errorf("Failed to restart ScheduledScan: %w", err) + return fmt.Errorf("failed to restart ScheduledScan: %w", err) } return nil From f01c1c1192ccc3563f7676ad266d6cb185e984e1 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 6 Feb 2025 11:23:41 +0100 Subject: [PATCH 42/93] Update go version used to build operator Signed-off-by: Jannik Hollenbach --- operator/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operator/Dockerfile b/operator/Dockerfile index f65c25c45a..220e33b1f7 100644 --- a/operator/Dockerfile +++ b/operator/Dockerfile @@ -3,7 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 # Build the manager binary -FROM golang:1.22 AS builder +FROM golang:1.23 AS builder WORKDIR /workspace # Copy the Go Modules manifests From f3bfe48778b2e1c061aecd91ad6bda587dc29095 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 6 Feb 2025 11:41:06 +0100 Subject: [PATCH 43/93] Update auto-discovery dependencies Signed-off-by: Jannik Hollenbach --- auto-discovery/kubernetes/Dockerfile | 2 +- auto-discovery/kubernetes/Makefile | 6 +- auto-discovery/kubernetes/go.mod | 67 +++---- auto-discovery/kubernetes/go.sum | 165 ++++++++---------- .../kubernetes/templates/rbac/role.yaml | 21 +-- 5 files changed, 114 insertions(+), 147 deletions(-) diff --git a/auto-discovery/kubernetes/Dockerfile b/auto-discovery/kubernetes/Dockerfile index ca22943a73..788063d005 100644 --- a/auto-discovery/kubernetes/Dockerfile +++ b/auto-discovery/kubernetes/Dockerfile @@ -3,7 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 # Build the manager binary -FROM golang:1.22 AS builder +FROM golang:1.23 AS builder WORKDIR /workspace # Copy the Go Modules manifests diff --git a/auto-discovery/kubernetes/Makefile b/auto-discovery/kubernetes/Makefile index 228ee062c6..7bf07b6c58 100644 --- a/auto-discovery/kubernetes/Makefile +++ b/auto-discovery/kubernetes/Makefile @@ -13,7 +13,7 @@ IMG ?= auto-discovery-kubernetes IMG_TAG ?= sha-$$(git rev-parse --short HEAD) # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -ENVTEST_K8S_VERSION = 1.30.0 +ENVTEST_K8S_VERSION = 1.32.0 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set). # IMPORTANT: The body of conditionals MUST not be indented! Indentation result in @@ -145,8 +145,8 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION) ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION) ## Tool Versions -CONTROLLER_TOOLS_VERSION ?= v0.15.0 -ENVTEST_VERSION ?= release-0.18 +CONTROLLER_TOOLS_VERSION ?= v0.17.1 +ENVTEST_VERSION ?= release-0.20 .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. diff --git a/auto-discovery/kubernetes/go.mod b/auto-discovery/kubernetes/go.mod index 170b211dd8..4a534f1fc3 100644 --- a/auto-discovery/kubernetes/go.mod +++ b/auto-discovery/kubernetes/go.mod @@ -4,44 +4,45 @@ module github.com/secureCodeBox/secureCodeBox/auto-discovery/kubernetes -go 1.22.0 +go 1.23.0 -toolchain go1.22.4 +toolchain go1.23.5 require ( github.com/Masterminds/sprig v2.22.0+incompatible - github.com/go-logr/logr v1.4.1 + github.com/go-logr/logr v1.4.2 github.com/onsi/ginkgo v1.16.5 - github.com/onsi/gomega v1.32.0 - github.com/secureCodeBox/secureCodeBox/operator v0.0.0-20220516151324-e6d879a9eb4f + github.com/onsi/gomega v1.36.2 + github.com/secureCodeBox/secureCodeBox/operator v0.0.0-20250205102456-17a7b640bc5e github.com/spf13/viper v1.19.0 - k8s.io/api v0.30.2 - k8s.io/apimachinery v0.30.2 - k8s.io/client-go v0.30.2 - k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 - sigs.k8s.io/controller-runtime v0.18.2 + k8s.io/api v0.32.1 + k8s.io/apimachinery v0.32.1 + k8s.io/client-go v0.32.1 + k8s.io/utils v0.0.0-20241210054802-24370beab758 + sigs.k8s.io/controller-runtime v0.20.1 ) require ( github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver v1.5.0 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/go-logr/zapr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect + github.com/google/btree v1.1.3 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/uuid v1.4.0 // indirect + github.com/google/uuid v1.6.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/huandu/xstrings v1.3.2 // indirect github.com/imdario/mergo v0.3.12 // indirect @@ -49,7 +50,6 @@ require ( github.com/json-iterator/go v1.1.12 // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect @@ -59,10 +59,10 @@ require ( github.com/nxadm/tail v1.4.8 // indirect github.com/pelletier/go-toml/v2 v2.2.2 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.16.0 // indirect - github.com/prometheus/client_model v0.4.0 // indirect - github.com/prometheus/common v0.44.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/prometheus/client_golang v1.19.1 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect github.com/sagikazarmark/locafero v0.4.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/sourcegraph/conc v0.3.0 // indirect @@ -70,28 +70,29 @@ require ( github.com/spf13/cast v1.6.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/subosito/gotenv v1.6.0 // indirect + github.com/x448/float16 v0.8.4 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.26.0 // indirect + go.uber.org/zap v1.27.0 // indirect golang.org/x/crypto v0.31.0 // indirect - golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect golang.org/x/net v0.33.0 // indirect - golang.org/x/oauth2 v0.18.0 // indirect + golang.org/x/oauth2 v0.23.0 // indirect + golang.org/x/sync v0.10.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/term v0.27.0 // indirect golang.org/x/text v0.21.0 // indirect - golang.org/x/time v0.5.0 // indirect + golang.org/x/time v0.7.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/appengine v1.6.8 // indirect - google.golang.org/protobuf v1.33.0 // indirect + google.golang.org/protobuf v1.36.1 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.30.0 // indirect - k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect - sigs.k8s.io/yaml v1.3.0 // indirect + k8s.io/apiextensions-apiserver v0.32.0 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect + sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/auto-discovery/kubernetes/go.sum b/auto-discovery/kubernetes/go.sum index 73a292a154..6698b38b26 100644 --- a/auto-discovery/kubernetes/go.sum +++ b/auto-discovery/kubernetes/go.sum @@ -6,8 +6,8 @@ github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZC github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -25,23 +25,26 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= @@ -49,26 +52,25 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= +github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= -github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= @@ -93,8 +95,6 @@ github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0V github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= @@ -115,12 +115,12 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= -github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/ginkgo/v2 v2.22.1 h1:QW7tbJAUDyVDVOM5dFa7qaybo+CRfR7bemlQUN6Z8aM= +github.com/onsi/ginkgo/v2 v2.22.1/go.mod h1:S6aTpoRsSq2cZOd+pssHAlKW/Q/jZt6cPrPlnj4a1xM= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= -github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= +github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= +github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -128,22 +128,22 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= -github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= -github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= -github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= -github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= -github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= +github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ= github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4= github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= -github.com/secureCodeBox/secureCodeBox/operator v0.0.0-20220516151324-e6d879a9eb4f h1:VUrBB1Ms58S3R7cs0L4AWRow3OfdcOGM887xR2y/gwc= -github.com/secureCodeBox/secureCodeBox/operator v0.0.0-20220516151324-e6d879a9eb4f/go.mod h1:bhBQ5yyZlWIu3YYBbohQuSGPWXeHtGfLp9fogx0p4Hg= +github.com/secureCodeBox/secureCodeBox/operator v0.0.0-20250205102456-17a7b640bc5e h1:hP8UQ9JQEwaMHtX2u1ecJy5qMXNyP5yG/f3zt5fE0qI= +github.com/secureCodeBox/secureCodeBox/operator v0.0.0-20250205102456-17a7b640bc5e/go.mod h1:jmmowH/Q4f+WLU5027SGuHa8OznKTF2c9aA+3+UzwCk= github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= @@ -168,44 +168,41 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= -golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= -golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= -golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= -golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -214,54 +211,43 @@ golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= +golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= @@ -271,32 +257,31 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkep gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= -k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= -k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= -k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= -k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= -k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= -k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= -k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= -k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= -sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc= +k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k= +k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0= +k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw= +k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs= +k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU= +k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= +k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.20.1 h1:JbGMAG/X94NeM3xvjenVUaBjy6Ui4Ogd/J5ZtjZnHaE= +sigs.k8s.io/controller-runtime v0.20.1/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/auto-discovery/kubernetes/templates/rbac/role.yaml b/auto-discovery/kubernetes/templates/rbac/role.yaml index 6ca2877f7e..5fd982d941 100644 --- a/auto-discovery/kubernetes/templates/rbac/role.yaml +++ b/auto-discovery/kubernetes/templates/rbac/role.yaml @@ -18,27 +18,7 @@ rules: - "" resources: - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods/status - verbs: - - get -- apiGroups: - - "" - resources: - services verbs: - get @@ -47,6 +27,7 @@ rules: - apiGroups: - "" resources: + - pods/status - services/status verbs: - get From 381e81fc81daba41b86ea0d5cbc8b640e4c2d21f Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 6 Feb 2025 11:44:03 +0100 Subject: [PATCH 44/93] Update test and build dependencies in the pipeline Signed-off-by: Jannik Hollenbach --- .github/workflows/ci.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a00a2059c2..6a0bb4181d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -16,12 +16,12 @@ on: env: # ---- Language Versions ---- - GO_VERSION: "1.22" + GO_VERSION: "1.23" PYTHON_VERSION: "3.9.16" - KIND_NODE_IMAGE: "kindest/node:v1.30.0@sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e" - KUBECTL_VERSION: "v1.30.0" - KIND_BINARY_VERSION: "v0.23.0" - HELM_VERSION: "v3.15.2" + KIND_NODE_IMAGE: "kindest/node:v1.32.1@sha256:6afef2b7f69d627ea7bf27ee6696b6868d18e03bf98167c420df486da4662db6" + KUBECTL_VERSION: "v1.32.1" + KIND_BINARY_VERSION: "v0.26.0" + HELM_VERSION: "v3.17.0" HELM_PLUGIN_UNITTEST: "0.5.1" jobs: From e1c96e0f5ea56d80d771858c462f22f0d5c53e61 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 6 Feb 2025 11:59:11 +0100 Subject: [PATCH 45/93] Update expected roles Newer kubebuilder / controller-gen now grouped these role together to share entries. The still end up with the same permission, just defined slightly differently Signed-off-by: Jannik Hollenbach --- .../auto-discovery_test.yaml.snap | 21 +---- .../__snapshot__/operator_test.yaml.snap | 88 +++---------------- 2 files changed, 13 insertions(+), 96 deletions(-) diff --git a/auto-discovery/kubernetes/tests/__snapshot__/auto-discovery_test.yaml.snap b/auto-discovery/kubernetes/tests/__snapshot__/auto-discovery_test.yaml.snap index 447d69b0e8..a17f466ffb 100644 --- a/auto-discovery/kubernetes/tests/__snapshot__/auto-discovery_test.yaml.snap +++ b/auto-discovery/kubernetes/tests/__snapshot__/auto-discovery_test.yaml.snap @@ -217,27 +217,7 @@ matches the snapshot: - "" resources: - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - pods - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - pods/status - verbs: - - get - - apiGroups: - - "" - resources: - services verbs: - get @@ -246,6 +226,7 @@ matches the snapshot: - apiGroups: - "" resources: + - pods/status - services/status verbs: - get diff --git a/operator/tests/__snapshot__/operator_test.yaml.snap b/operator/tests/__snapshot__/operator_test.yaml.snap index 4efc9e1876..38f5f4deda 100644 --- a/operator/tests/__snapshot__/operator_test.yaml.snap +++ b/operator/tests/__snapshot__/operator_test.yaml.snap @@ -280,18 +280,6 @@ matches the snapshot: verbs: - create - patch - - apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - "" resources: @@ -308,25 +296,9 @@ matches the snapshot: - list - watch - apiGroups: - - execution.securecodebox.io - resources: - - parsedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - execution.securecodebox.io - resources: - - scancompletionhooks - verbs: - - get - - list - - watch - - apiGroups: - - execution.securecodebox.io + - batch resources: - - scans + - jobs verbs: - create - delete @@ -338,14 +310,8 @@ matches the snapshot: - apiGroups: - execution.securecodebox.io resources: - - scans/status - verbs: - - get - - patch - - update - - apiGroups: - - execution.securecodebox.io - resources: + - parsedefinitions + - scancompletionhooks - scantypes verbs: - get @@ -354,6 +320,7 @@ matches the snapshot: - apiGroups: - execution.securecodebox.io resources: + - scans - scheduledscans verbs: - create @@ -366,6 +333,7 @@ matches the snapshot: - apiGroups: - execution.securecodebox.io resources: + - scans/status - scheduledscans/status verbs: - get @@ -889,18 +857,6 @@ properly-renders-the-service-monitor-when-enabled: verbs: - create - patch - - apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - "" resources: @@ -917,25 +873,9 @@ properly-renders-the-service-monitor-when-enabled: - list - watch - apiGroups: - - execution.securecodebox.io - resources: - - parsedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - execution.securecodebox.io - resources: - - scancompletionhooks - verbs: - - get - - list - - watch - - apiGroups: - - execution.securecodebox.io + - batch resources: - - scans + - jobs verbs: - create - delete @@ -947,14 +887,8 @@ properly-renders-the-service-monitor-when-enabled: - apiGroups: - execution.securecodebox.io resources: - - scans/status - verbs: - - get - - patch - - update - - apiGroups: - - execution.securecodebox.io - resources: + - parsedefinitions + - scancompletionhooks - scantypes verbs: - get @@ -963,6 +897,7 @@ properly-renders-the-service-monitor-when-enabled: - apiGroups: - execution.securecodebox.io resources: + - scans - scheduledscans verbs: - create @@ -975,6 +910,7 @@ properly-renders-the-service-monitor-when-enabled: - apiGroups: - execution.securecodebox.io resources: + - scans/status - scheduledscans/status verbs: - get From 91ea9071569e310cfd8b85c4a0374e43a041d1cf Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 6 Feb 2025 12:04:30 +0100 Subject: [PATCH 46/93] Fix missed usage of changed function Signed-off-by: Jannik Hollenbach --- operator/controllers/execution/scans/hook_reconciler.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operator/controllers/execution/scans/hook_reconciler.go b/operator/controllers/execution/scans/hook_reconciler.go index a95e1c6e65..8c6dc5b444 100644 --- a/operator/controllers/execution/scans/hook_reconciler.go +++ b/operator/controllers/execution/scans/hook_reconciler.go @@ -136,7 +136,7 @@ func (r *ScanReconciler) migrateHookStatus(scan *executionv1.Scan) error { func (r *ScanReconciler) executeHooks(scan *executionv1.Scan) error { ctx := context.Background() - err, currentHooks := utils.CurrentHookGroup(scan.Status.OrderedHookStatuses) + currentHooks, err := utils.CurrentHookGroup(scan.Status.OrderedHookStatuses) if err != nil && scan.Status.State == executionv1.ScanStateErrored { r.Log.V(8).Info("Skipping hook execution as it already contains failed hooks.") From adf8c229ec46300088d0d1fe01dfd797f458bc85 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 6 Feb 2025 12:06:10 +0100 Subject: [PATCH 47/93] Fix outdated expected error message Signed-off-by: Jannik Hollenbach --- operator/utils/orderedhookgroups_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operator/utils/orderedhookgroups_test.go b/operator/utils/orderedhookgroups_test.go index d758f51463..32ebd1ef79 100644 --- a/operator/utils/orderedhookgroups_test.go +++ b/operator/utils/orderedhookgroups_test.go @@ -257,7 +257,7 @@ var _ = Describe("HookOrderingGroup Retrival", func() { }, }) - Expect(err).To(MatchError("Hook rw-1 failed to be executed.")) + Expect(err).To(MatchError("hook rw-1 failed to be executed")) Expect(currentHookGroup).To(BeNil()) }) From 16c8ae83264a757e082de486e78338339992e33a Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 6 Feb 2025 12:08:12 +0100 Subject: [PATCH 48/93] More lint fixes Signed-off-by: Jannik Hollenbach --- operator/controllers/execution/scans/scan_reconciler.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/operator/controllers/execution/scans/scan_reconciler.go b/operator/controllers/execution/scans/scan_reconciler.go index e283321bdc..b1ac4c36cf 100644 --- a/operator/controllers/execution/scans/scan_reconciler.go +++ b/operator/controllers/execution/scans/scan_reconciler.go @@ -243,7 +243,7 @@ func (r *ScanReconciler) constructJobForScan(scan *executionv1.Scan, scanTypeSpe } // merging volume definition from ScanType (if existing) with standard results volume - if job.Spec.Template.Spec.Containers[0].VolumeMounts == nil || len(job.Spec.Template.Spec.Containers[0].VolumeMounts) == 0 { + if len(job.Spec.Template.Spec.Containers[0].VolumeMounts) == 0 { job.Spec.Template.Spec.Volumes = []corev1.Volume{} } job.Spec.Template.Spec.Volumes = append(job.Spec.Template.Spec.Volumes, corev1.Volume{ @@ -254,7 +254,7 @@ func (r *ScanReconciler) constructJobForScan(scan *executionv1.Scan, scanTypeSpe }) // merging volume mounts (for the primary scanner container) from ScanType (if existing) with standard results volume mount - if job.Spec.Template.Spec.Containers[0].VolumeMounts == nil || len(job.Spec.Template.Spec.Containers[0].VolumeMounts) == 0 { + if len(job.Spec.Template.Spec.Containers[0].VolumeMounts) == 0 { job.Spec.Template.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{} } job.Spec.Template.Spec.Containers[0].VolumeMounts = append( From d710d77480904b79e2a5a7b56598d3419bd49f06 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 6 Feb 2025 12:15:25 +0100 Subject: [PATCH 49/93] Switch to kind node image version build for kind 0.26.0 Signed-off-by: Jannik Hollenbach --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 6a0bb4181d..b763361442 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -18,7 +18,7 @@ env: GO_VERSION: "1.23" PYTHON_VERSION: "3.9.16" - KIND_NODE_IMAGE: "kindest/node:v1.32.1@sha256:6afef2b7f69d627ea7bf27ee6696b6868d18e03bf98167c420df486da4662db6" + KIND_NODE_IMAGE: "kindest/node:v1.32.0@sha256:c48c62eac5da28cdadcf560d1d8616cfa6783b58f0d94cf63ad1bf49600cb027" KUBECTL_VERSION: "v1.32.1" KIND_BINARY_VERSION: "v0.26.0" HELM_VERSION: "v3.17.0" From d5bfd6ef25b12afae31732a1fd5c3607bb150bdd Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 6 Feb 2025 13:47:31 +0100 Subject: [PATCH 50/93] Update lurker dependencies Signed-off-by: Jannik Hollenbach --- lurker/Dockerfile | 2 +- lurker/go.mod | 68 ++--- lurker/go.sum | 675 +++++++--------------------------------------- lurker/main.go | 9 +- 4 files changed, 131 insertions(+), 623 deletions(-) diff --git a/lurker/Dockerfile b/lurker/Dockerfile index 2caaf6d0c6..e4a109c529 100644 --- a/lurker/Dockerfile +++ b/lurker/Dockerfile @@ -3,7 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 # Build the manager binary -FROM golang:1.22 AS builder +FROM golang:1.23 AS builder WORKDIR /workspace # Copy the Go Modules manifests diff --git a/lurker/go.mod b/lurker/go.mod index 6be3c60f72..9ea7b46358 100644 --- a/lurker/go.mod +++ b/lurker/go.mod @@ -4,50 +4,52 @@ module github.com/secureCodeBox/secureCodeBox/lurker -go 1.22 +go 1.23.0 + +toolchain go1.23.5 require ( - github.com/pkg/errors v0.9.1 - k8s.io/api v0.24.2 - k8s.io/apimachinery v0.24.2 - k8s.io/client-go v0.24.2 + k8s.io/api v0.32.1 + k8s.io/apimachinery v0.32.1 + k8s.io/client-go v0.32.1 ) require ( - github.com/PuerkitoBio/purell v1.1.1 // indirect - github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect - github.com/emicklei/go-restful v2.16.0+incompatible // indirect - github.com/go-logr/logr v1.2.2 // indirect - github.com/go-openapi/jsonpointer v0.19.5 // indirect - github.com/go-openapi/jsonreference v0.19.5 // indirect - github.com/go-openapi/swag v0.19.14 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/go-logr/logr v1.4.2 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/protobuf v1.5.2 // indirect - github.com/google/gnostic v0.5.7-v3refs // indirect - github.com/google/go-cmp v0.5.6 // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect + github.com/google/uuid v1.6.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/mailru/easyjson v0.7.6 // indirect + github.com/mailru/easyjson v0.7.7 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - golang.org/x/net v0.17.0 // indirect - golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect - golang.org/x/sys v0.13.0 // indirect - golang.org/x/term v0.13.0 // indirect - golang.org/x/text v0.13.0 // indirect - golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.33.0 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/x448/float16 v0.8.4 // indirect + golang.org/x/net v0.30.0 // indirect + golang.org/x/oauth2 v0.23.0 // indirect + golang.org/x/sys v0.26.0 // indirect + golang.org/x/term v0.25.0 // indirect + golang.org/x/text v0.19.0 // indirect + golang.org/x/time v0.7.0 // indirect + google.golang.org/protobuf v1.35.1 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.0 // indirect - k8s.io/klog/v2 v2.60.1 // indirect - k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 // indirect - k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect - sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect - sigs.k8s.io/yaml v1.3.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect + k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect + sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/lurker/go.sum b/lurker/go.sum index 009b8a793f..3d20cf1790 100644 --- a/lurker/go.sum +++ b/lurker/go.sum @@ -1,647 +1,154 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= -cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= -cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= -github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= -github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= -github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI= -github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.16.0+incompatible h1:rgqiKNjTnFQA6kkhFe16D8epTksy9HQ1MyrbDXSdYhM= -github.com/emicklei/go-restful v2.16.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= -github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= -github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.2 h1:ahHml/yUpnlb96Rp8HCvtYVPY8ZYpxq3g7UYchIYwbs= -github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= -github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= -github.com/go-openapi/jsonreference v0.19.5 h1:1WJP/wi4OjB4iV8KVbH73rQaoialJrqv8gitZLxGLtM= -github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= -github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= -github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= -github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= -github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= -github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= -github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA= -github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE= -github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= +github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= +github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg= -golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= +golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= -golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= +golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= +golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= -google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= +google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0 h1:hjy8E9ON/egN1tAYqKb61G10WtihqetD4sz2H+8nIeA= -gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.24.2 h1:g518dPU/L7VRLxWfcadQn2OnsiGWVOadTLpdnqgY2OI= -k8s.io/api v0.24.2/go.mod h1:AHqbSkTm6YrQ0ObxjO3Pmp/ubFF/KuM7jU+3khoBsOg= -k8s.io/apimachinery v0.24.2 h1:5QlH9SL2C8KMcrNJPor+LbXVTaZRReml7svPEh4OKDM= -k8s.io/apimachinery v0.24.2/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM= -k8s.io/client-go v0.24.2 h1:CoXFSf8if+bLEbinDqN9ePIDGzcLtqhfd6jpfnwGOFA= -k8s.io/client-go v0.24.2/go.mod h1:zg4Xaoo+umDsfCWr4fCnmLEtQXyCNXCvJuSsglNcV30= -k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= -k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.60.1 h1:VW25q3bZx9uE3vvdL6M8ezOX79vA2Aq1nEWLqNQclHc= -k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 h1:Gii5eqf+GmIEwGNKQYQClCayuJCe2/4fZUvF7VG99sU= -k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk= -k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19Vz2GdbOCyI4qqhc= -k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y= -sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY= -sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y= -sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= -sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc= +k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k= +k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs= +k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU= +k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/lurker/main.go b/lurker/main.go index 715b30d750..2332777a36 100644 --- a/lurker/main.go +++ b/lurker/main.go @@ -15,9 +15,8 @@ import ( "os" "time" - "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" - kerrors "k8s.io/apimachinery/pkg/api/errors" + errors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" @@ -112,7 +111,7 @@ func uploadFile(path, url string) error { // Dump response for debugging purposes resultBytes, err := httputil.DumpResponse(res, true) if err != nil { - log.Fatal(errors.Wrap(err, "Failed to dump out failed requests to upload scan report to the s3 bucket")) + log.Fatal(fmt.Errorf("failed to dump out failed requests to upload scan report to the s3 bucket: %w", err)) } log.Println("Response of Failed Request:") @@ -141,9 +140,9 @@ func waitForMainContainerToEnd(container, pod, namespace string) { func keepWaitingForMainContainerToExit(context context.Context, container string, podName string, namespace string, clientset *kubernetes.Clientset) bool { pod, err := clientset.CoreV1().Pods(namespace).Get(context, podName, metav1.GetOptions{}) - if kerrors.IsNotFound(err) { + if errors.IsNotFound(err) { log.Printf("Pod %s not found in namespace %s", pod, namespace) - } else if statusError, isStatus := err.(*kerrors.StatusError); isStatus { + } else if statusError, isStatus := err.(*errors.StatusError); isStatus { log.Printf("Error getting pod %v", statusError.ErrStatus.Message) } else if err != nil { panic(err.Error()) From 5f084e7d9e4f31fb6f60e59719cbbdc9946ad709 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 6 Feb 2025 14:42:54 +0100 Subject: [PATCH 51/93] Set writable volume mount as home dir to ensure that test-scan is actually allowed to write file with it's cat command Signed-off-by: Jannik Hollenbach --- scanners/test-scan/scanner/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/scanners/test-scan/scanner/Dockerfile b/scanners/test-scan/scanner/Dockerfile index 0d460b7030..f88199498e 100644 --- a/scanners/test-scan/scanner/Dockerfile +++ b/scanners/test-scan/scanner/Dockerfile @@ -4,5 +4,6 @@ FROM alpine:3.11 RUN addgroup --system --gid 1001 test && adduser test --system --uid 1001 --ingroup test +WORKDIR /home/securecodebox/ USER 1001 CMD [cat] From 28dca56895368aa46fe33ed04a604c965761230d Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 6 Feb 2025 14:44:08 +0100 Subject: [PATCH 52/93] Add a placeholder parameter to the test scan to get around validation Signed-off-by: Jannik Hollenbach --- tests/integration/generic/findings-validation.test.js | 5 +++-- .../integration/generic/no-scan-definition-error.test.js | 9 +++++++-- tests/integration/generic/read-only-hook.test.js | 4 ++-- tests/integration/generic/read-write-hook.test.js | 4 ++-- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/tests/integration/generic/findings-validation.test.js b/tests/integration/generic/findings-validation.test.js index 2bfdc62b90..a27f04582b 100644 --- a/tests/integration/generic/findings-validation.test.js +++ b/tests/integration/generic/findings-validation.test.js @@ -2,7 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 -const {scan} = require("../helpers"); +const { scan } = require("../helpers"); jest.retryTimes(3); @@ -10,7 +10,8 @@ test( "Parser must fail on invalid findings", async () => { await expect( - scan("invalid-findings-test-scan", "test-scan", [], 90) + // passing hello-world as args, as at least one parameter is required + scan("invalid-findings-test-scan", "test-scan", ["hello-world"], 90) ).rejects.toThrow( `Scan failed with description "Failed to run the Parser. This is likely a Bug, we would like to know about. Please open up a Issue on GitHub."` ); diff --git a/tests/integration/generic/no-scan-definition-error.test.js b/tests/integration/generic/no-scan-definition-error.test.js index 120a24f170..c24fd34687 100644 --- a/tests/integration/generic/no-scan-definition-error.test.js +++ b/tests/integration/generic/no-scan-definition-error.test.js @@ -2,7 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 -const {scan} = require("../helpers"); +const { scan } = require("../helpers"); jest.retryTimes(3); @@ -10,7 +10,12 @@ test( "scan without a matching ScanType should be marked as errored", async () => { await expect( - scan("scan-type-not-found", "this-type-does-not-exists", [], 30) + scan( + "scan-type-not-found", + "this-type-does-not-exists", + ["hello-world"], + 30 + ) ).rejects.toThrow( `Scan failed with description "Configured ScanType 'this-type-does-not-exists' not found in 'integration-tests' namespace. You'll likely need to deploy the ScanType."` ); diff --git a/tests/integration/generic/read-only-hook.test.js b/tests/integration/generic/read-only-hook.test.js index c6a1d7453a..20f4ff9375 100644 --- a/tests/integration/generic/read-only-hook.test.js +++ b/tests/integration/generic/read-only-hook.test.js @@ -2,7 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 -const {scan} = require("../helpers"); +const { scan } = require("../helpers"); const k8s = require("@kubernetes/client-node"); jest.retryTimes(3); @@ -10,7 +10,7 @@ jest.retryTimes(3); test( "should trigger a webhook", async () => { - await scan("test-scan-read-only-hook", "test-scan", [], 90); + await scan("test-scan-read-only-hook", "test-scan", ["hello-world"], 90); const WEBHOOK = "http-webhook"; const NAMESPACE = "integration-tests"; diff --git a/tests/integration/generic/read-write-hook.test.js b/tests/integration/generic/read-write-hook.test.js index 7f845ffa58..0529edb848 100644 --- a/tests/integration/generic/read-write-hook.test.js +++ b/tests/integration/generic/read-write-hook.test.js @@ -2,7 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 -const {scan} = require("../helpers"); +const { scan } = require("../helpers"); jest.retryTimes(3); @@ -12,7 +12,7 @@ test( const { categories, severities, count } = await scan( "test-scan-read-write-hook", "test-scan", - [], + ["hello-world"], 90 ); From 456eeabef453310f4cc92054b4eb1f9d903fb5da Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Fri, 7 Feb 2025 15:27:14 +0100 Subject: [PATCH 53/93] Require at least go1.23.5 Signed-off-by: Jannik Hollenbach --- auto-discovery/kubernetes/go.mod | 4 +--- lurker/go.mod | 4 +--- operator/go.mod | 4 +--- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/auto-discovery/kubernetes/go.mod b/auto-discovery/kubernetes/go.mod index 4a534f1fc3..e770b9f2e3 100644 --- a/auto-discovery/kubernetes/go.mod +++ b/auto-discovery/kubernetes/go.mod @@ -4,9 +4,7 @@ module github.com/secureCodeBox/secureCodeBox/auto-discovery/kubernetes -go 1.23.0 - -toolchain go1.23.5 +go 1.23.6 require ( github.com/Masterminds/sprig v2.22.0+incompatible diff --git a/lurker/go.mod b/lurker/go.mod index 9ea7b46358..39257a0ac7 100644 --- a/lurker/go.mod +++ b/lurker/go.mod @@ -4,9 +4,7 @@ module github.com/secureCodeBox/secureCodeBox/lurker -go 1.23.0 - -toolchain go1.23.5 +go 1.23.6 require ( k8s.io/api v0.32.1 diff --git a/operator/go.mod b/operator/go.mod index c2989ca92f..8833927ead 100644 --- a/operator/go.mod +++ b/operator/go.mod @@ -4,9 +4,7 @@ module github.com/secureCodeBox/secureCodeBox/operator -go 1.23.0 - -toolchain go1.23.5 +go 1.23.6 require ( github.com/go-logr/logr v1.4.2 From 8765911448e4c78581bd92ba05261654a36dae8b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 10:03:19 +0000 Subject: [PATCH 54/93] Bump the npm-version-updates group in /documentation with 2 updates Bumps the npm-version-updates group in /documentation with 2 updates: [sass](https://github.com/sass/dart-sass) and [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Updates `sass` from 1.83.4 to 1.84.0 - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.83.4...1.84.0) Updates `@types/node` from 22.13.0 to 22.13.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-version-updates - dependency-name: "@types/node" dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-version-updates ... Signed-off-by: dependabot[bot] --- documentation/package-lock.json | 16 ++++++++-------- documentation/package.json | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/documentation/package-lock.json b/documentation/package-lock.json index 65105e09c9..34e6751b99 100644 --- a/documentation/package-lock.json +++ b/documentation/package-lock.json @@ -24,13 +24,13 @@ "react": "^19.0.0", "react-dom": "^19.0.0", "rimraf": "^6.0.1", - "sass": "1.83" + "sass": "1.84" }, "devDependencies": { "@docusaurus/module-type-aliases": "^3.6.0", "@docusaurus/tsconfig": "^3.7.0", "@docusaurus/types": "^3.6.0", - "@types/node": "^22.13.0", + "@types/node": "^22.13.1", "@types/react": "^19.0.8", "@types/react-helmet": "^6.1.11", "@types/react-router-dom": "^5.1.8", @@ -5404,9 +5404,9 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "22.13.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.0.tgz", - "integrity": "sha512-ClIbNe36lawluuvq3+YYhnIN2CELi+6q8NpnM7PYp4hBn/TatfboPgVSm2rwKRfnV2M+Ty9GWDFI64KEe+kysA==", + "version": "22.13.1", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.1.tgz", + "integrity": "sha512-jK8uzQlrvXqEU91UxiK5J7pKHyzgnI1Qnl0QDHIgVGuolJhRb9EEl28Cj9b3rGR8B2lhFCtvIm5os8lFnO/1Ew==", "license": "MIT", "dependencies": { "undici-types": "~6.20.0" @@ -16241,9 +16241,9 @@ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, "node_modules/sass": { - "version": "1.83.4", - "resolved": "https://registry.npmjs.org/sass/-/sass-1.83.4.tgz", - "integrity": "sha512-B1bozCeNQiOgDcLd33e2Cs2U60wZwjUUXzh900ZyQF5qUasvMdDZYbQ566LJu7cqR+sAHlAfO6RMkaID5s6qpA==", + "version": "1.84.0", + "resolved": "https://registry.npmjs.org/sass/-/sass-1.84.0.tgz", + "integrity": "sha512-XDAbhEPJRxi7H0SxrnOpiXFQoUJHwkR2u3Zc4el+fK/Tt5Hpzw5kkQ59qVDfvdaUq6gCrEZIbySFBM2T9DNKHg==", "license": "MIT", "dependencies": { "chokidar": "^4.0.0", diff --git a/documentation/package.json b/documentation/package.json index 76b6a5d053..df207e74e8 100644 --- a/documentation/package.json +++ b/documentation/package.json @@ -34,7 +34,7 @@ "react": "^19.0.0", "react-dom": "^19.0.0", "rimraf": "^6.0.1", - "sass": "1.83" + "sass": "1.84" }, "browserslist": { "production": [ @@ -52,7 +52,7 @@ "@docusaurus/module-type-aliases": "^3.6.0", "@docusaurus/tsconfig": "^3.7.0", "@docusaurus/types": "^3.6.0", - "@types/node": "^22.13.0", + "@types/node": "^22.13.1", "@types/react": "^19.0.8", "@types/react-helmet": "^6.1.11", "@types/react-router-dom": "^5.1.8", From 35655f93ebcfa58191dd1912c5c7665d43d5ff13 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 09:15:46 +0000 Subject: [PATCH 55/93] Bump io.freefair.lombok Bumps the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 1 update: [io.freefair.lombok](https://github.com/freefair/gradle-plugins). Updates `io.freefair.lombok` from 8.12 to 8.12.1 - [Release notes](https://github.com/freefair/gradle-plugins/releases) - [Commits](https://github.com/freefair/gradle-plugins/compare/8.12...8.12.1) --- updated-dependencies: - dependency-name: io.freefair.lombok dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-version-updates ... Signed-off-by: dependabot[bot] --- hooks/persistence-defectdojo/hook/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hooks/persistence-defectdojo/hook/build.gradle b/hooks/persistence-defectdojo/hook/build.gradle index cb99042c88..161a4f838f 100644 --- a/hooks/persistence-defectdojo/hook/build.gradle +++ b/hooks/persistence-defectdojo/hook/build.gradle @@ -4,7 +4,7 @@ plugins { id "java" - id "io.freefair.lombok" version "8.12" + id "io.freefair.lombok" version "8.12.1" // https://github.com/ben-manes/gradle-versions-plugin // Run: ./gradlew dependencyUpdates -Drevision=release id "com.github.ben-manes.versions" version "0.52.0" From 05124a7d7de4a0f94ea99de0cc3313ae89a4728f Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 11 Feb 2025 11:26:11 +0100 Subject: [PATCH 56/93] Handle conflict errors when updating Scan status log level 4 instead of an error since it is expected to happen Signed-off-by: Ilyes Ben Dlala --- .../controllers/execution/scans/scan_controller.go | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/operator/controllers/execution/scans/scan_controller.go b/operator/controllers/execution/scans/scan_controller.go index 2347346f99..18b251fddd 100644 --- a/operator/controllers/execution/scans/scan_controller.go +++ b/operator/controllers/execution/scans/scan_controller.go @@ -17,6 +17,7 @@ import ( "github.com/go-logr/logr" "github.com/prometheus/client_golang/prometheus" batch "k8s.io/api/batch/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" @@ -263,8 +264,17 @@ func (r *ScanReconciler) updateScanStatus(ctx context.Context, scan *executionv1 } if err := r.Status().Update(ctx, scan); err != nil { - r.Log.Error(err, "unable to update Scan status") - return err + if apierrors.IsConflict(err) { + r.Log.V(4).Info( + "Conflict while updating Scan status", + "scan", scan.Name, + "namespace", scan.Namespace, + ) + } else { + r.Log.Error(err, "unable to update Scan status") + return err + } + } return nil } From 62d4a9d8816a474d800f8044d9d466ce6c2f7880 Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Thu, 13 Feb 2025 09:23:28 +0000 Subject: [PATCH 57/93] Upgrading semgrep from 1.107.0 to 1.108.0 Signed-off-by: secureCodeBoxBot --- scanners/semgrep/Chart.yaml | 2 +- scanners/semgrep/README.md | 2 +- scanners/semgrep/docs/README.DockerHub-Parser.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/semgrep/Chart.yaml b/scanners/semgrep/Chart.yaml index 5eb6d9332b..a25f8c9a6d 100644 --- a/scanners/semgrep/Chart.yaml +++ b/scanners/semgrep/Chart.yaml @@ -22,7 +22,7 @@ version: "v3.1.0-alpha1" # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.107.0" +appVersion: "1.108.0" annotations: versionApi: https://api.github.com/repos/semgrep/semgrep/releases/latest supported-platforms: linux/amd64,linux/arm64 diff --git a/scanners/semgrep/README.md b/scanners/semgrep/README.md index ef1e3d2866..9d485acc8e 100644 --- a/scanners/semgrep/README.md +++ b/scanners/semgrep/README.md @@ -3,7 +3,7 @@ title: "Semgrep" category: "scanner" type: "Repository" state: "released" -appVersion: "1.107.0" +appVersion: "1.108.0" usecase: "Static Code Analysis" --- diff --git a/scanners/semgrep/docs/README.DockerHub-Parser.md b/scanners/semgrep/docs/README.DockerHub-Parser.md index 74f0cc31dd..16d9cb043c 100644 --- a/scanners/semgrep/docs/README.DockerHub-Parser.md +++ b/scanners/semgrep/docs/README.DockerHub-Parser.md @@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht ## Supported Tags - `latest` (represents the latest stable release build) -- tagged releases, e.g. `1.107.0` +- tagged releases, e.g. `1.108.0` ## How to use this image This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/scanners/semgrep. From e9fd97698c9da16dbef990ec3344e0aa9589056e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Feb 2025 10:08:05 +0000 Subject: [PATCH 58/93] Bump the npm-version-updates group in /documentation with 4 updates Bumps the npm-version-updates group in /documentation with 4 updates: [sass](https://github.com/sass/dart-sass), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) and [sass-loader](https://github.com/webpack-contrib/sass-loader). Updates `sass` from 1.84.0 to 1.85.0 - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.84.0...1.85.0) Updates `@types/node` from 22.13.1 to 22.13.4 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@types/react` from 19.0.8 to 19.0.10 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) Updates `sass-loader` from 16.0.4 to 16.0.5 - [Release notes](https://github.com/webpack-contrib/sass-loader/releases) - [Changelog](https://github.com/webpack-contrib/sass-loader/blob/master/CHANGELOG.md) - [Commits](https://github.com/webpack-contrib/sass-loader/compare/v16.0.4...v16.0.5) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-version-updates - dependency-name: "@types/node" dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-version-updates - dependency-name: "@types/react" dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-version-updates - dependency-name: sass-loader dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-version-updates ... Signed-off-by: dependabot[bot] --- documentation/package-lock.json | 33 +++++++++++++++++---------------- documentation/package.json | 8 ++++---- 2 files changed, 21 insertions(+), 20 deletions(-) diff --git a/documentation/package-lock.json b/documentation/package-lock.json index 34e6751b99..4edce42c24 100644 --- a/documentation/package-lock.json +++ b/documentation/package-lock.json @@ -24,17 +24,17 @@ "react": "^19.0.0", "react-dom": "^19.0.0", "rimraf": "^6.0.1", - "sass": "1.84" + "sass": "1.85" }, "devDependencies": { "@docusaurus/module-type-aliases": "^3.6.0", "@docusaurus/tsconfig": "^3.7.0", "@docusaurus/types": "^3.6.0", - "@types/node": "^22.13.1", - "@types/react": "^19.0.8", + "@types/node": "^22.13.4", + "@types/react": "^19.0.10", "@types/react-helmet": "^6.1.11", "@types/react-router-dom": "^5.1.8", - "sass-loader": "^16.0.4", + "sass-loader": "^16.0.5", "typescript": "^5.7.3" }, "engines": { @@ -5404,9 +5404,9 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "22.13.1", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.1.tgz", - "integrity": "sha512-jK8uzQlrvXqEU91UxiK5J7pKHyzgnI1Qnl0QDHIgVGuolJhRb9EEl28Cj9b3rGR8B2lhFCtvIm5os8lFnO/1Ew==", + "version": "22.13.4", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.4.tgz", + "integrity": "sha512-ywP2X0DYtX3y08eFVx5fNIw7/uIv8hYUKgXoK8oayJlLnKcRfEYCxWMVE1XagUdVtCJlZT1AU4LXEABW+L1Peg==", "license": "MIT", "dependencies": { "undici-types": "~6.20.0" @@ -5448,9 +5448,9 @@ "integrity": "sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==" }, "node_modules/@types/react": { - "version": "19.0.8", - "resolved": "https://registry.npmjs.org/@types/react/-/react-19.0.8.tgz", - "integrity": "sha512-9P/o1IGdfmQxrujGbIMDyYaaCykhLKc0NGCtYcECNUr9UAaDe4gwvV9bR6tvd5Br1SG0j+PBpbKr2UYY8CwqSw==", + "version": "19.0.10", + "resolved": "https://registry.npmjs.org/@types/react/-/react-19.0.10.tgz", + "integrity": "sha512-JuRQ9KXLEjaUNjTWpzuR231Z2WpIwczOkBEIvbHNCzQefFIT0L8IqE6NV6ULLyC1SI/i234JnDoMkfg+RjQj2g==", "license": "MIT", "dependencies": { "csstype": "^3.0.2" @@ -16241,9 +16241,9 @@ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, "node_modules/sass": { - "version": "1.84.0", - "resolved": "https://registry.npmjs.org/sass/-/sass-1.84.0.tgz", - "integrity": "sha512-XDAbhEPJRxi7H0SxrnOpiXFQoUJHwkR2u3Zc4el+fK/Tt5Hpzw5kkQ59qVDfvdaUq6gCrEZIbySFBM2T9DNKHg==", + "version": "1.85.0", + "resolved": "https://registry.npmjs.org/sass/-/sass-1.85.0.tgz", + "integrity": "sha512-3ToiC1xZ1Y8aU7+CkgCI/tqyuPXEmYGJXO7H4uqp0xkLXUqp88rQQ4j1HmP37xSJLbCJPaIiv+cT1y+grssrww==", "license": "MIT", "dependencies": { "chokidar": "^4.0.0", @@ -16261,9 +16261,10 @@ } }, "node_modules/sass-loader": { - "version": "16.0.4", - "resolved": "https://registry.npmjs.org/sass-loader/-/sass-loader-16.0.4.tgz", - "integrity": "sha512-LavLbgbBGUt3wCiYzhuLLu65+fWXaXLmq7YxivLhEqmiupCFZ5sKUAipK3do6V80YSU0jvSxNhEdT13IXNr3rg==", + "version": "16.0.5", + "resolved": "https://registry.npmjs.org/sass-loader/-/sass-loader-16.0.5.tgz", + "integrity": "sha512-oL+CMBXrj6BZ/zOq4os+UECPL+bWqt6OAC6DWS8Ln8GZRcMDjlJ4JC3FBDuHJdYaFWIdKNIBYmtZtK2MaMkNIw==", + "license": "MIT", "dependencies": { "neo-async": "^2.6.2" }, diff --git a/documentation/package.json b/documentation/package.json index df207e74e8..b1d2a19fb1 100644 --- a/documentation/package.json +++ b/documentation/package.json @@ -34,7 +34,7 @@ "react": "^19.0.0", "react-dom": "^19.0.0", "rimraf": "^6.0.1", - "sass": "1.84" + "sass": "1.85" }, "browserslist": { "production": [ @@ -52,11 +52,11 @@ "@docusaurus/module-type-aliases": "^3.6.0", "@docusaurus/tsconfig": "^3.7.0", "@docusaurus/types": "^3.6.0", - "@types/node": "^22.13.1", - "@types/react": "^19.0.8", + "@types/node": "^22.13.4", + "@types/react": "^19.0.10", "@types/react-helmet": "^6.1.11", "@types/react-router-dom": "^5.1.8", - "sass-loader": "^16.0.4", + "sass-loader": "^16.0.5", "typescript": "^5.7.3" }, "engines": { From ef714369b2a2953e4084b20fea1134a5c5418f7d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Feb 2025 09:58:01 +0000 Subject: [PATCH 59/93] Bump org.springframework:spring-web Bumps the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 1 update: [org.springframework:spring-web](https://github.com/spring-projects/spring-framework). Updates `org.springframework:spring-web` from 6.2.2 to 6.2.3 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.2...v6.2.3) --- updated-dependencies: - dependency-name: org.springframework:spring-web dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-version-updates ... Signed-off-by: dependabot[bot] --- hooks/persistence-defectdojo/hook/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hooks/persistence-defectdojo/hook/build.gradle b/hooks/persistence-defectdojo/hook/build.gradle index 161a4f838f..f5546ae33d 100644 --- a/hooks/persistence-defectdojo/hook/build.gradle +++ b/hooks/persistence-defectdojo/hook/build.gradle @@ -25,7 +25,7 @@ repositories { dependencies { implementation group: "io.securecodebox", name: "defectdojo-client", version: "2.0.1" implementation group: "io.kubernetes", name: "client-java", version: "20.0.1" - implementation group: "org.springframework", name: "spring-web", version: "6.2.2" + implementation group: "org.springframework", name: "spring-web", version: "6.2.3" implementation group: "com.fasterxml.jackson.core", name: "jackson-core", version: "2.18.2" implementation group: "com.fasterxml.jackson.core", name: "jackson-annotations", version: "2.18.2" implementation group: "com.fasterxml.jackson.core", name: "jackson-databind", version: "2.18.2" From fc1b9d22b264a180eaafa7c6aeb03002fcc2803a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Feb 2025 12:09:09 +0000 Subject: [PATCH 60/93] Bump serialize-javascript Bumps the npm-security-updates group in /documentation with 1 update: [serialize-javascript](https://github.com/yahoo/serialize-javascript). Updates `serialize-javascript` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](https://github.com/yahoo/serialize-javascript/compare/v6.0.1...v6.0.2) --- updated-dependencies: - dependency-name: serialize-javascript dependency-type: indirect dependency-group: npm-security-updates ... Signed-off-by: dependabot[bot] --- documentation/package-lock.json | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/documentation/package-lock.json b/documentation/package-lock.json index 4edce42c24..bb584d4e2f 100644 --- a/documentation/package-lock.json +++ b/documentation/package-lock.json @@ -16503,9 +16503,10 @@ } }, "node_modules/serialize-javascript": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.1.tgz", - "integrity": "sha512-owoXEFjWRllis8/M1Q+Cw5k8ZH40e3zhp/ovX+Xr/vi1qj6QesbyXXViFbpNvWvPNAD62SutwEXavefrLJWj7w==", + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz", + "integrity": "sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==", + "license": "BSD-3-Clause", "dependencies": { "randombytes": "^2.1.0" } From 6a7cccecf37899fdf32bcbd683ea9834f0a7ff43 Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 18 Feb 2025 12:38:21 +0100 Subject: [PATCH 61/93] Insert link for defining environment variables in Kubernetes documentation Signed-off-by: Ilyes Ben Dlala --- documentation/docs/contributing/integrating-a-hook/hook.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/docs/contributing/integrating-a-hook/hook.md b/documentation/docs/contributing/integrating-a-hook/hook.md index 19bdd2eafc..542e0c8538 100644 --- a/documentation/docs/contributing/integrating-a-hook/hook.md +++ b/documentation/docs/contributing/integrating-a-hook/hook.md @@ -154,7 +154,7 @@ This is fine because the other parameters are not needed. :::info Maybe you notice that in line 5 ENVs are used. -If you also need ENVs or Volumes see INSERT-LINK-HERE. +If you also need ENVs or Volumes see [Define Environment Variables for a Container | Kubernetes](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) ::: :::info From e20ec9fa98fcf412d03e7d51d1440830f703b6f0 Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 18 Feb 2025 12:19:06 +0100 Subject: [PATCH 62/93] Handle conflict errors during ScheduledScan status updates with retry logic Signed-off-by: Ilyes Ben Dlala --- .../execution/scheduledscan_controller.go | 27 ++++++++++++++++--- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/operator/controllers/execution/scheduledscan_controller.go b/operator/controllers/execution/scheduledscan_controller.go index 51fcc014aa..8206d97a6c 100644 --- a/operator/controllers/execution/scheduledscan_controller.go +++ b/operator/controllers/execution/scheduledscan_controller.go @@ -14,6 +14,7 @@ import ( "github.com/go-logr/logr" "github.com/robfig/cron" + apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" @@ -76,8 +77,17 @@ func (r *ScheduledScanReconciler) Reconcile(ctx context.Context, req ctrl.Reques log.V(4).Info("Updating ScheduledScans Findings as they appear to have changed") scheduledScan.Status.Findings = *lastFindings.DeepCopy() if err := r.Status().Update(ctx, &scheduledScan); err != nil { - log.Error(err, "unable to update ScheduledScan status") - return ctrl.Result{}, err + if apierrors.IsConflict(err) { + r.Log.V(4).Info( + "Conflict while updating ScheduledScan status, retrying", + "scheduledScan", scheduledScan.Name, + "namespace", scheduledScan.Namespace, + ) + return ctrl.Result{RequeueAfter: 10 * time.Second}, nil + } else { + log.Error(err, "unable to update ScheduledScan status") + return ctrl.Result{}, err + } } } } @@ -178,8 +188,17 @@ func (r *ScheduledScanReconciler) Reconcile(ctx context.Context, req ctrl.Reques var now metav1.Time = metav1.Now() scheduledScan.Status.LastScheduleTime = &now if err := r.Status().Update(ctx, &scheduledScan); err != nil { - log.Error(err, "Unable to update ScheduledScan status") - return ctrl.Result{}, err + if apierrors.IsConflict(err) { + r.Log.V(4).Info( + "Conflict while updating ScheduledScan status, retrying", + "scheduledScan", scheduledScan.Name, + "namespace", scheduledScan.Namespace, + ) + return ctrl.Result{RequeueAfter: 10 * time.Second}, nil + } else { + log.Error(err, "Unable to update ScheduledScan status") + return ctrl.Result{}, err + } } // Recalculate next schedule From 31feb92de471605e9279ff6b72c1d24d04b150ad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Feb 2025 23:13:17 +0000 Subject: [PATCH 63/93] Bump jsonpath-plus from 10.2.0 to 10.3.0 in /hooks Bumps [jsonpath-plus](https://github.com/s3u/JSONPath) from 10.2.0 to 10.3.0. - [Release notes](https://github.com/s3u/JSONPath/releases) - [Changelog](https://github.com/JSONPath-Plus/JSONPath/blob/main/CHANGES.md) - [Commits](https://github.com/s3u/JSONPath/compare/v10.2.0...v10.3.0) --- updated-dependencies: - dependency-name: jsonpath-plus dependency-type: indirect ... Signed-off-by: dependabot[bot] --- hooks/package-lock.json | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/hooks/package-lock.json b/hooks/package-lock.json index 580f7a6cc0..5d2ddbff08 100644 --- a/hooks/package-lock.json +++ b/hooks/package-lock.json @@ -3100,9 +3100,10 @@ } }, "node_modules/jsonpath-plus": { - "version": "10.2.0", - "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.2.0.tgz", - "integrity": "sha512-T9V+8iNYKFL2n2rF+w02LBOT2JjDnTjioaNFrxRy0Bv1y/hNsqR/EBK7Ojy2ythRHwmz2cRIls+9JitQGZC/sw==", + "version": "10.3.0", + "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.3.0.tgz", + "integrity": "sha512-8TNmfeTCk2Le33A3vRRwtuworG/L5RrgMvdjhKZxvyShO+mBu2fP50OWUjRLNtvw344DdDarFh9buFAZs5ujeA==", + "license": "MIT", "dependencies": { "@jsep-plugin/assignment": "^1.3.0", "@jsep-plugin/regex": "^1.0.4", @@ -6794,9 +6795,9 @@ "dev": true }, "jsonpath-plus": { - "version": "10.2.0", - "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.2.0.tgz", - "integrity": "sha512-T9V+8iNYKFL2n2rF+w02LBOT2JjDnTjioaNFrxRy0Bv1y/hNsqR/EBK7Ojy2ythRHwmz2cRIls+9JitQGZC/sw==", + "version": "10.3.0", + "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.3.0.tgz", + "integrity": "sha512-8TNmfeTCk2Le33A3vRRwtuworG/L5RrgMvdjhKZxvyShO+mBu2fP50OWUjRLNtvw344DdDarFh9buFAZs5ujeA==", "requires": { "@jsep-plugin/assignment": "^1.3.0", "@jsep-plugin/regex": "^1.0.4", From 72dcdd8b87c276676f6100fe7823f714e6a8450c Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Thu, 20 Feb 2025 09:23:17 +0000 Subject: [PATCH 64/93] Upgrading semgrep from 1.108.0 to 1.109.0 Signed-off-by: secureCodeBoxBot --- scanners/semgrep/Chart.yaml | 2 +- scanners/semgrep/README.md | 2 +- scanners/semgrep/docs/README.DockerHub-Parser.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/semgrep/Chart.yaml b/scanners/semgrep/Chart.yaml index a25f8c9a6d..d91be6112d 100644 --- a/scanners/semgrep/Chart.yaml +++ b/scanners/semgrep/Chart.yaml @@ -22,7 +22,7 @@ version: "v3.1.0-alpha1" # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.108.0" +appVersion: "1.109.0" annotations: versionApi: https://api.github.com/repos/semgrep/semgrep/releases/latest supported-platforms: linux/amd64,linux/arm64 diff --git a/scanners/semgrep/README.md b/scanners/semgrep/README.md index 9d485acc8e..f7ff3d2f6b 100644 --- a/scanners/semgrep/README.md +++ b/scanners/semgrep/README.md @@ -3,7 +3,7 @@ title: "Semgrep" category: "scanner" type: "Repository" state: "released" -appVersion: "1.108.0" +appVersion: "1.109.0" usecase: "Static Code Analysis" --- diff --git a/scanners/semgrep/docs/README.DockerHub-Parser.md b/scanners/semgrep/docs/README.DockerHub-Parser.md index 16d9cb043c..944fc66196 100644 --- a/scanners/semgrep/docs/README.DockerHub-Parser.md +++ b/scanners/semgrep/docs/README.DockerHub-Parser.md @@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht ## Supported Tags - `latest` (represents the latest stable release build) -- tagged releases, e.g. `1.108.0` +- tagged releases, e.g. `1.109.0` ## How to use this image This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/scanners/semgrep. From d42a3f599c1d867f57ec678924fb6c5a5e641321 Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 18 Feb 2025 11:12:23 +0100 Subject: [PATCH 65/93] Add scan metadata to findings in parser-wrapper.js Signed-off-by: Ilyes Ben Dlala --- parser-sdk/nodejs/parser-wrapper.js | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/parser-sdk/nodejs/parser-wrapper.js b/parser-sdk/nodejs/parser-wrapper.js index 50a789e305..0077f720f3 100644 --- a/parser-sdk/nodejs/parser-wrapper.js +++ b/parser-sdk/nodejs/parser-wrapper.js @@ -129,8 +129,19 @@ async function extractParseDefinition(scan) { } } - - +function addScanMetadata(findings, scan) { + const scanMetadata = { + created_at: scan.metadata.creationTimestamp, + name: scan.metadata.name, + namespace: scan.metadata.namespace, + scan_type: scan.spec.scanType, + }; + + return findings.map((finding) => ({ + ...finding, + scan: scanMetadata, + })); +} async function main() { console.log("Starting Parser"); @@ -162,11 +173,13 @@ async function main() { console.log("Adding UUIDs and Dates to the findings"); const findingsWithIdsAndDates = addIdsAndDates(findings); + console.log("Adding scan metadata to the findings"); + const findingsWithMetadata = addScanMetadata(findingsWithIdsAndDates, scan); const crash_on_failed_validation = process.env["CRASH_ON_FAILED_VALIDATION"] === "true" console.log("Validating Findings. Environment variable CRASH_ON_FAILED_VALIDATION is set to %s", crash_on_failed_validation); try { - await validate(findingsWithIdsAndDates); + await validate(findingsWithMetadata); console.log("The Findings were successfully validated") } catch (error) { console.error("The Findings Validation failed with error(s):"); @@ -182,7 +195,7 @@ async function main() { await uploadResultToFileStorageService( resultUploadUrl, - findingsWithIdsAndDates + findingsWithMetadata ); console.log(`Completed parser`); From 3ac81880d9ebd999dc270f44f6378f3be46f0108 Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 18 Feb 2025 11:34:03 +0100 Subject: [PATCH 66/93] Add scan metadata to findings schema Did not set scan to required, since the unit tests can not generate Scan Metadata Signed-off-by: Ilyes Ben Dlala --- parser-sdk/nodejs/findings-schema.json | 29 ++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/parser-sdk/nodejs/findings-schema.json b/parser-sdk/nodejs/findings-schema.json index 27860b6237..eae75ca33b 100644 --- a/parser-sdk/nodejs/findings-schema.json +++ b/parser-sdk/nodejs/findings-schema.json @@ -78,6 +78,35 @@ "description": "Full URL with protocol, port, and path if existing.", "type": "string", "nullable": true + }, + "scan": { + "description": "Contains information about the scan that identified the finding. This will always be present", + "type": "object", + "properties": { + "created_at": { + "description": "Date-Time when the scan was created according to ISO8601", + "type": "string", + "format": "date-time" + }, + "name": { + "description": "Name of the scan.", + "type": "string" + }, + "namespace": { + "description": "Namespace in which the scan was run.", + "type": "string" + }, + "scan_type": { + "description": "Type of the scan.", + "type": "string" + } + }, + "required": [ + "created_at", + "name", + "namespace", + "scan_type" + ] } }, "required": [ From 492711e9c120f26bb195c8e9f1f9224923a045bb Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 18 Feb 2025 13:59:55 +0100 Subject: [PATCH 67/93] Add sample scan metadata for use in tests Signed-off-by: Ilyes Ben Dlala --- parser-sdk/nodejs/parser-utils.js | 27 ++++++++++++++++++++++++++- parser-sdk/nodejs/parser-wrapper.js | 14 -------------- 2 files changed, 26 insertions(+), 15 deletions(-) diff --git a/parser-sdk/nodejs/parser-utils.js b/parser-sdk/nodejs/parser-utils.js index 6fd601de41..a02f71222a 100644 --- a/parser-sdk/nodejs/parser-utils.js +++ b/parser-sdk/nodejs/parser-utils.js @@ -21,6 +21,20 @@ function addIdsAndDates(findings) { }); } +function addScanMetadata(findings, scan) { + const scanMetadata = { + created_at: scan.metadata.creationTimestamp, + name: scan.metadata.name, + namespace: scan.metadata.namespace, + scan_type: scan.spec.scanType, + }; + + return findings.map((finding) => ({ + ...finding, + scan: scanMetadata, + })); +} + async function validateAgainstJsonSchema(jsonData) { const jsonSchemaString = await readFile( __dirname + "/findings-schema.json", @@ -36,8 +50,18 @@ async function validateAgainstJsonSchema(jsonData) { } async function addSampleIdsAndDatesAndValidate(jsonData) { + const sampleScan = { + metadata: { + creationTimestamp: new Date().toISOString(), + name: "sample-scan-name", + namespace: "sample-namespace", + }, + spec: { + scanType: "sample-scan-type", + }, + } // add sample IDs and Dates only if the jsonData Array is not empty - const extendedData = addIdsAndDates(jsonData); + const extendedData = addScanMetadata(addIdsAndDates(jsonData),sampleScan); return validateAgainstJsonSchema(extendedData); } @@ -52,5 +76,6 @@ function generateErrorMessage(errors, jsonData) { } module.exports.addIdsAndDates = addIdsAndDates; +module.exports.addScanMetadata = addScanMetadata; module.exports.validate = validateAgainstJsonSchema; module.exports.validateParser = addSampleIdsAndDatesAndValidate; diff --git a/parser-sdk/nodejs/parser-wrapper.js b/parser-sdk/nodejs/parser-wrapper.js index 0077f720f3..cae1c8a33b 100644 --- a/parser-sdk/nodejs/parser-wrapper.js +++ b/parser-sdk/nodejs/parser-wrapper.js @@ -129,20 +129,6 @@ async function extractParseDefinition(scan) { } } -function addScanMetadata(findings, scan) { - const scanMetadata = { - created_at: scan.metadata.creationTimestamp, - name: scan.metadata.name, - namespace: scan.metadata.namespace, - scan_type: scan.spec.scanType, - }; - - return findings.map((finding) => ({ - ...finding, - scan: scanMetadata, - })); -} - async function main() { console.log("Starting Parser"); let scan = await extractScan(); From 9a59aef8f344fc653a81679677be5e69eca93cd5 Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 18 Feb 2025 14:00:08 +0100 Subject: [PATCH 68/93] make scan field required to findings schema Signed-off-by: Ilyes Ben Dlala --- parser-sdk/nodejs/findings-schema.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/parser-sdk/nodejs/findings-schema.json b/parser-sdk/nodejs/findings-schema.json index eae75ca33b..4c4b6ff5fc 100644 --- a/parser-sdk/nodejs/findings-schema.json +++ b/parser-sdk/nodejs/findings-schema.json @@ -114,7 +114,8 @@ "parsed_at", "severity", "category", - "name" + "name", + "scan" ] } } From 865d467301e8ce282dd10c361e61737d19e9b89e Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 18 Feb 2025 14:02:18 +0100 Subject: [PATCH 69/93] Rename 'jsonData' to 'findings' parameter instead it is more descriptive of the variable Signed-off-by: Ilyes Ben Dlala --- parser-sdk/nodejs/parser-utils.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/parser-sdk/nodejs/parser-utils.js b/parser-sdk/nodejs/parser-utils.js index a02f71222a..655b436fe3 100644 --- a/parser-sdk/nodejs/parser-utils.js +++ b/parser-sdk/nodejs/parser-utils.js @@ -35,21 +35,21 @@ function addScanMetadata(findings, scan) { })); } -async function validateAgainstJsonSchema(jsonData) { +async function validateAgainstJsonSchema(findings) { const jsonSchemaString = await readFile( __dirname + "/findings-schema.json", "utf8" ); const jsonSchema = JSON.parse(jsonSchemaString); const validator = ajv.compile(jsonSchema); - const valid = validator(jsonData); + const valid = validator(findings); if (!valid) { - const errorMessage = generateErrorMessage(validator.errors, jsonData); + const errorMessage = generateErrorMessage(validator.errors, findings); throw new Error(errorMessage); } } -async function addSampleIdsAndDatesAndValidate(jsonData) { +async function addSampleIdsAndDatesAndValidate(findings) { const sampleScan = { metadata: { creationTimestamp: new Date().toISOString(), @@ -60,16 +60,16 @@ async function addSampleIdsAndDatesAndValidate(jsonData) { scanType: "sample-scan-type", }, } - // add sample IDs and Dates only if the jsonData Array is not empty - const extendedData = addScanMetadata(addIdsAndDates(jsonData),sampleScan); + // add sample IDs and Dates only if the findings Array is not empty + const extendedData = addScanMetadata(addIdsAndDates(findings),sampleScan); return validateAgainstJsonSchema(extendedData); } -function generateErrorMessage(errors, jsonData) { +function generateErrorMessage(errors, findings) { errors = errors.map((error) => { return { ...error, - invalidValue: jsonpointer.get(jsonData, error.instancePath), + invalidValue: jsonpointer.get(findings, error.instancePath), }; }); return JSON.stringify(errors, null, 2); From ec265f5045ce1d1dbff99409b43abb9c356585dd Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 18 Feb 2025 14:42:44 +0100 Subject: [PATCH 70/93] Add missing exporting of addScanMetadata function to parser-utils Signed-off-by: Ilyes Ben Dlala --- parser-sdk/nodejs/parser-wrapper.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/parser-sdk/nodejs/parser-wrapper.js b/parser-sdk/nodejs/parser-wrapper.js index cae1c8a33b..7f645dc30b 100644 --- a/parser-sdk/nodejs/parser-wrapper.js +++ b/parser-sdk/nodejs/parser-wrapper.js @@ -4,7 +4,7 @@ const axios = require("axios"); const { parse } = require("./parser/parser"); -const { validate, addIdsAndDates } = require("./parser-utils"); +const { validate, addIdsAndDates, addScanMetadata } = require("./parser-utils"); const k8s = require("@kubernetes/client-node"); const kc = new k8s.KubeConfig(); @@ -190,3 +190,4 @@ async function main() { main(); module.exports.addIdsAndDates = addIdsAndDates; +module.exports.addScanMetadata = addScanMetadata; From b3ccf3d31ba337c055523ad1f2568a84285785b9 Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Thu, 20 Feb 2025 09:23:20 +0000 Subject: [PATCH 71/93] Upgrading gitleaks from v8.23.3 to v8.24.0 Signed-off-by: secureCodeBoxBot --- scanners/gitleaks/Chart.yaml | 2 +- scanners/gitleaks/README.md | 2 +- scanners/gitleaks/docs/README.DockerHub-Parser.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/gitleaks/Chart.yaml b/scanners/gitleaks/Chart.yaml index 85a0d91e01..9f40fbdbe8 100644 --- a/scanners/gitleaks/Chart.yaml +++ b/scanners/gitleaks/Chart.yaml @@ -8,7 +8,7 @@ description: A Helm chart for the gitleaks repository scanner that integrates wi type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v3.1.0-alpha1 -appVersion: "v8.23.3" +appVersion: "v8.24.0" kubeVersion: ">=v1.11.0-0" annotations: versionApi: https://api.github.com/repos/zricethezav/gitleaks/releases/latest diff --git a/scanners/gitleaks/README.md b/scanners/gitleaks/README.md index 8a2ab50df6..90ca52ee72 100644 --- a/scanners/gitleaks/README.md +++ b/scanners/gitleaks/README.md @@ -3,7 +3,7 @@ title: "Gitleaks" category: "scanner" type: "Repository" state: "released" -appVersion: "v8.23.3" +appVersion: "v8.24.0" usecase: "Find potential secrets in repositories" --- diff --git a/scanners/gitleaks/docs/README.DockerHub-Parser.md b/scanners/gitleaks/docs/README.DockerHub-Parser.md index b51307fa9e..86e440aeed 100644 --- a/scanners/gitleaks/docs/README.DockerHub-Parser.md +++ b/scanners/gitleaks/docs/README.DockerHub-Parser.md @@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht ## Supported Tags - `latest` (represents the latest stable release build) -- tagged releases, e.g. `v8.23.3` +- tagged releases, e.g. `v8.24.0` ## How to use this image This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/scanners/gitleaks. From f0644efa70f6472ca81578fc4f08a7b1fc2a7cb0 Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Fri, 21 Feb 2025 13:28:02 +0100 Subject: [PATCH 72/93] included an actual ssh key in the gitleaks dummy test file gitleaks improved their false positive detection. Signed-off-by: Ilyes Ben Dlala --- scanners/gitleaks/integration-tests/gitleaks.test.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scanners/gitleaks/integration-tests/gitleaks.test.js b/scanners/gitleaks/integration-tests/gitleaks.test.js index 69826aac94..ba9dbd404e 100644 --- a/scanners/gitleaks/integration-tests/gitleaks.test.js +++ b/scanners/gitleaks/integration-tests/gitleaks.test.js @@ -37,7 +37,13 @@ test( // Bash script to create a git repo with a demo file `cd /repo && \\ git init && \\ - echo '-----BEGIN PRIVATE KEY----------END PRIVATE KEY-----' > secret.pem && \\ + echo '-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACBRQBYv0zGpMgMubh1XmkIZOrzi0WYXu8a1WMt3dBVJhgAAAKDyr4Ls8q+C +7AAAAAtzc2gtZWQyNTUxOQAAACBRQBYv0zGpMgMubh1XmkIZOrzi0WYXu8a1WMt3dBVJhg +AAAECvUx42+sMhjrgkMBXvanXL7LsJHj/QUX6NBSLN8hRj/FFAFi/TMakyAy5uHVeaQhk6 +vOLRZhe7xrVYy3d0FUmGAAAAFnlvdXJfZW1haWxAZXhhbXBsZS5jb20BAgMEBQYH +-----END OPENSSH PRIVATE KEY-----' > secret.pem && \\ git config --global user.name test && \\ git config --global user.email user@example.com && \\ git add secret.pem && \\ From 296f994694a89c10e1ffbe146105a8847b038d2a Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Fri, 21 Feb 2025 14:57:00 +0100 Subject: [PATCH 73/93] Moved Upgrading.md to be in the documentation website Signed-off-by: Ilyes Ben Dlala --- .../docs/getting-started/upgrading.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) rename UPGRADING.md => documentation/docs/getting-started/upgrading.md (97%) diff --git a/UPGRADING.md b/documentation/docs/getting-started/upgrading.md similarity index 97% rename from UPGRADING.md rename to documentation/docs/getting-started/upgrading.md index e1e1dad8c1..2e210f6a49 100644 --- a/UPGRADING.md +++ b/documentation/docs/getting-started/upgrading.md @@ -1,11 +1,15 @@ - -# Upgrading +title: "Upgrading secureCodeBox" +sidebar_label: Upgrading +path: "docs/getting-started/uninstallation" +sidebar_position: 3 +--- ## From 2.X to 3.X ### Upgraded Kubebuilder Version to v3 @@ -81,7 +85,7 @@ scanner: ➡️ [Reference: #484](https://github.com/secureCodeBox/secureCodeBox/pull/484) ### Added scanner.appendName to chart values -Using {{ .Release.name }} in the `nmap` HelmChart Name for `scanTypes` causes issues when using this chart as a dependency of another chart. All scanners HelmCharts already used a fixed name for the `scanType` they introduce, with one exception: the `nmap` scanner HelmChart. +Using `{{ .Release.name }}` in the `nmap` HelmChart Name for `scanTypes` causes issues when using this chart as a dependency of another chart. All scanners HelmCharts already used a fixed name for the `scanType` they introduce, with one exception: the `nmap` scanner HelmChart. The nmap exception was originally introduced to make it possible configure yourself an `nmap-privilidged` scanType, which is capable of running operating system scans which requires some higher privileges: https://www.securecodebox.io/docs/scanners/nmap#operating-system-scans From dcd64c7035f42c806544e9ed5e549667c0d0224c Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Fri, 21 Feb 2025 14:59:03 +0100 Subject: [PATCH 74/93] Fix path in upgrading documentation for correct navigation Signed-off-by: Ilyes Ben Dlala --- documentation/docs/getting-started/upgrading.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/docs/getting-started/upgrading.md b/documentation/docs/getting-started/upgrading.md index 2e210f6a49..3d9fc30acd 100644 --- a/documentation/docs/getting-started/upgrading.md +++ b/documentation/docs/getting-started/upgrading.md @@ -6,7 +6,7 @@ title: "Upgrading secureCodeBox" sidebar_label: Upgrading -path: "docs/getting-started/uninstallation" +path: "docs/getting-started/upgrading" sidebar_position: 3 --- From e2c481064a8dc3cc18e181cdd84a169170e42de4 Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Fri, 21 Feb 2025 15:42:06 +0100 Subject: [PATCH 75/93] Update links in label-commenter-config and README for upgrading documentation Signed-off-by: Ilyes Ben Dlala --- .github/label-commenter-config.yml | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/label-commenter-config.yml b/.github/label-commenter-config.yml index 34e9e954f7..01a66faef9 100644 --- a/.github/label-commenter-config.yml +++ b/.github/label-commenter-config.yml @@ -7,5 +7,5 @@ labels: labeled: pr: body: | - This pull request includes breaking changes. **Please make sure that you included the breaking changes and the steps required to upgrade in [UPGRADING.md](https://github.com/secureCodeBox/secureCodeBox/blob/main/UPGRADING.md)**. + This pull request includes breaking changes. **Please make sure that you included the breaking changes and the steps required to upgrade in [Upgrading](https://www.securecodebox.io/docs/getting-started/upgrading)**. :sparkles: Thank you for your contribution! :sparkles: diff --git a/README.md b/README.md index 351236d844..3e0dfd4cc4 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ You can find resources to help you get started on our [documentation website](ht ## Upgrading -For the steps required for upgrading your secureCodeBox installation, see [Upgrading](./UPGRADING.md). +For the steps required for upgrading your secureCodeBox installation, see [Upgrading](https://www.securecodebox.io/docs/getting-started/upgrading). ## License From 2a7e75a1f622e886a93a59c54b1657ff96074a26 Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Tue, 25 Feb 2025 09:23:33 +0000 Subject: [PATCH 76/93] Upgrading wpscan from v3.8.27 to v3.8.28 Signed-off-by: secureCodeBoxBot --- scanners/wpscan/Chart.yaml | 2 +- scanners/wpscan/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scanners/wpscan/Chart.yaml b/scanners/wpscan/Chart.yaml index 34992fa798..1baf31d5f5 100644 --- a/scanners/wpscan/Chart.yaml +++ b/scanners/wpscan/Chart.yaml @@ -8,7 +8,7 @@ description: A Helm chart for the WordPress security scanner that integrates wit type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v3.1.0-alpha1 -appVersion: "v3.8.27" +appVersion: "v3.8.28" kubeVersion: ">=v1.11.0-0" annotations: versionApi: https://api.github.com/repos/wpscanteam/wpscan/releases/latest diff --git a/scanners/wpscan/README.md b/scanners/wpscan/README.md index 73a28447d8..9a999bf9d9 100644 --- a/scanners/wpscan/README.md +++ b/scanners/wpscan/README.md @@ -3,7 +3,7 @@ title: 'WPScan' category: 'scanner' type: "CMS" state: "released" -appVersion: "v3.8.27" +appVersion: "v3.8.28" usecase: "Wordpress Vulnerability Scanner" --- From 2e186d104a48b4e6c90f2f3d7ba4ab5f2c81c6bc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Feb 2025 09:59:19 +0000 Subject: [PATCH 77/93] Bump @types/node in /documentation in the npm-version-updates group Bumps the npm-version-updates group in /documentation with 1 update: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Updates `@types/node` from 22.13.4 to 22.13.5 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-version-updates ... Signed-off-by: dependabot[bot] --- documentation/package-lock.json | 8 ++++---- documentation/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/documentation/package-lock.json b/documentation/package-lock.json index bb584d4e2f..6df7617818 100644 --- a/documentation/package-lock.json +++ b/documentation/package-lock.json @@ -30,7 +30,7 @@ "@docusaurus/module-type-aliases": "^3.6.0", "@docusaurus/tsconfig": "^3.7.0", "@docusaurus/types": "^3.6.0", - "@types/node": "^22.13.4", + "@types/node": "^22.13.5", "@types/react": "^19.0.10", "@types/react-helmet": "^6.1.11", "@types/react-router-dom": "^5.1.8", @@ -5404,9 +5404,9 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "22.13.4", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.4.tgz", - "integrity": "sha512-ywP2X0DYtX3y08eFVx5fNIw7/uIv8hYUKgXoK8oayJlLnKcRfEYCxWMVE1XagUdVtCJlZT1AU4LXEABW+L1Peg==", + "version": "22.13.5", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.5.tgz", + "integrity": "sha512-+lTU0PxZXn0Dr1NBtC7Y8cR21AJr87dLLU953CWA6pMxxv/UDc7jYAY90upcrie1nRcD6XNG5HOYEDtgW5TxAg==", "license": "MIT", "dependencies": { "undici-types": "~6.20.0" diff --git a/documentation/package.json b/documentation/package.json index b1d2a19fb1..0a444b5beb 100644 --- a/documentation/package.json +++ b/documentation/package.json @@ -52,7 +52,7 @@ "@docusaurus/module-type-aliases": "^3.6.0", "@docusaurus/tsconfig": "^3.7.0", "@docusaurus/types": "^3.6.0", - "@types/node": "^22.13.4", + "@types/node": "^22.13.5", "@types/react": "^19.0.10", "@types/react-helmet": "^6.1.11", "@types/react-router-dom": "^5.1.8", From 91dbf07b8dbb4732173fff5794ee04b87af99c39 Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Thu, 27 Feb 2025 09:23:23 +0000 Subject: [PATCH 78/93] Upgrading semgrep from 1.109.0 to 1.110.0 Signed-off-by: secureCodeBoxBot --- scanners/semgrep/Chart.yaml | 2 +- scanners/semgrep/README.md | 2 +- scanners/semgrep/docs/README.DockerHub-Parser.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/semgrep/Chart.yaml b/scanners/semgrep/Chart.yaml index d91be6112d..e404a683d1 100644 --- a/scanners/semgrep/Chart.yaml +++ b/scanners/semgrep/Chart.yaml @@ -22,7 +22,7 @@ version: "v3.1.0-alpha1" # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.109.0" +appVersion: "1.110.0" annotations: versionApi: https://api.github.com/repos/semgrep/semgrep/releases/latest supported-platforms: linux/amd64,linux/arm64 diff --git a/scanners/semgrep/README.md b/scanners/semgrep/README.md index f7ff3d2f6b..bd9a307282 100644 --- a/scanners/semgrep/README.md +++ b/scanners/semgrep/README.md @@ -3,7 +3,7 @@ title: "Semgrep" category: "scanner" type: "Repository" state: "released" -appVersion: "1.109.0" +appVersion: "1.110.0" usecase: "Static Code Analysis" --- diff --git a/scanners/semgrep/docs/README.DockerHub-Parser.md b/scanners/semgrep/docs/README.DockerHub-Parser.md index 944fc66196..fbb4a3a1c6 100644 --- a/scanners/semgrep/docs/README.DockerHub-Parser.md +++ b/scanners/semgrep/docs/README.DockerHub-Parser.md @@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht ## Supported Tags - `latest` (represents the latest stable release build) -- tagged releases, e.g. `1.109.0` +- tagged releases, e.g. `1.110.0` ## How to use this image This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/scanners/semgrep. From e8310d191c9221ecb15ff59cccc558e29ccfcbf1 Mon Sep 17 00:00:00 2001 From: Boris Shek Date: Fri, 28 Feb 2025 14:35:17 +0100 Subject: [PATCH 79/93] Update AutoDiscovery documentation Add information indicating that the `trivy-image-autodiscovery` ScanType is required for Container AutoDiscovery to function. Make it clear that Container AutoDiscovery is disabled by default and must be enabled manually. Correct a minor grammar issue in the Service AutoDiscovery documentation. Signed-off-by: Boris Shek --- .../docs/auto-discovery/container-auto-discovery.md | 12 ++++++------ .../docs/auto-discovery/service-auto-discovery.md | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/documentation/docs/auto-discovery/container-auto-discovery.md b/documentation/docs/auto-discovery/container-auto-discovery.md index 35b993ccc1..3081ced126 100644 --- a/documentation/docs/auto-discovery/container-auto-discovery.md +++ b/documentation/docs/auto-discovery/container-auto-discovery.md @@ -9,7 +9,7 @@ path: "docs/auto-discovery/container-auto-discovery" sidebar_position: 3 --- -The Container AutoDiscovery will create a scheduled scan with the given parameters (see [readme](https://github.com/secureCodeBox/secureCodeBox/blob/main/auto-discovery/kubernetes/README.md) for config options) for each unique container image in a Kubernetes namespace. Currently it is only possible to scan public container images. +The Container AutoDiscovery will create a `ScheduledScan` with the given parameters (see [readme](https://github.com/secureCodeBox/secureCodeBox/blob/main/auto-discovery/kubernetes/README.md) for config options) for each unique container image in a Kubernetes namespace. Currently it is only possible to scan public container images. It is currently disabled by default and must be enabled manually. Assume that a namespace contains two pods that run a `nginx v1.5` container. The Container AutoDiscovery will only create a single scheduled scan for the _nginx_ containers, as both are identical. @@ -22,15 +22,15 @@ If a pod consists of multiple containers, the above described logic will be appl ### Setup -[Trivy](/docs/scanners/trivy) is a container image scanner that is used by the Container AutoDiscovery. It has to be installed in the same namespace as the containers that you wish to scan. The following steps will install trivy in the `default` namespace: +[Trivy](/docs/scanners/trivy) is a container image scanner that is used by the Container AutoDiscovery. It must be installed in the same namespace as the containers you wish to scan. It also uses a special `ScanType` called `trivy-image-autodiscovery` that should be set manually by installing. The following steps will install `Trivy` with the corresponding `ScanType` in the `default` namespace: ```bash -helm upgrade --install trivy oci://ghcr.io/securecodebox/helm/trivy +helm upgrade --install trivy oci://ghcr.io/securecodebox/helm/trivy --set createAutoDiscoveryScanType=true ``` -#### Deactivation +#### Activation -The Container AutoDiscovery is enabled by default but can be disabled manually. +The Container AutoDiscovery is disabled by default and must be enabled manually. ```bash -helm upgrade --namespace securecodebox-system --install auto-discovery-kubernetes oci://ghcr.io/securecodebox/helm/auto-discovery-kubernetes --set config.containerAutoDiscovery.enabled=false +helm upgrade --namespace securecodebox-system --install auto-discovery-kubernetes oci://ghcr.io/securecodebox/helm/auto-discovery-kubernetes --set config.containerAutoDiscovery.enabled=true ``` diff --git a/documentation/docs/auto-discovery/service-auto-discovery.md b/documentation/docs/auto-discovery/service-auto-discovery.md index 80d63a58b8..fd78da0661 100644 --- a/documentation/docs/auto-discovery/service-auto-discovery.md +++ b/documentation/docs/auto-discovery/service-auto-discovery.md @@ -18,7 +18,7 @@ By default the Service AutoDiscovery creates [ZAP Advanced](../scanners/zap-adva ### Setup -By default the Service AutoDiscovery creates ScheduledScans using the [ZAP Advanced](/docs/scanners/zap-advanced) ScanType. It has to be installed in the same namespace as the containers that you wish to scan. The following steps will install zap-advanced in the `default` namespace: +By default the Service AutoDiscovery creates ScheduledScans using the [ZAP Advanced](/docs/scanners/zap-advanced) `ScanType`. It must be installed in the same namespace as the containers you wish to scan. The following steps will install `zap-advanced` in the `default` namespace: ```bash helm upgrade --install zap-advanced oci://ghcr.io/securecodebox/helm/zap-advanced From 370e1784106915c3c223a9bddc513fd39e6478be Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Wed, 5 Mar 2025 09:23:42 +0000 Subject: [PATCH 80/93] Upgrading semgrep from 1.110.0 to 1.111.0 Signed-off-by: secureCodeBoxBot --- scanners/semgrep/Chart.yaml | 2 +- scanners/semgrep/README.md | 2 +- scanners/semgrep/docs/README.DockerHub-Parser.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/semgrep/Chart.yaml b/scanners/semgrep/Chart.yaml index e404a683d1..c275dac215 100644 --- a/scanners/semgrep/Chart.yaml +++ b/scanners/semgrep/Chart.yaml @@ -22,7 +22,7 @@ version: "v3.1.0-alpha1" # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.110.0" +appVersion: "1.111.0" annotations: versionApi: https://api.github.com/repos/semgrep/semgrep/releases/latest supported-platforms: linux/amd64,linux/arm64 diff --git a/scanners/semgrep/README.md b/scanners/semgrep/README.md index bd9a307282..033002ac48 100644 --- a/scanners/semgrep/README.md +++ b/scanners/semgrep/README.md @@ -3,7 +3,7 @@ title: "Semgrep" category: "scanner" type: "Repository" state: "released" -appVersion: "1.110.0" +appVersion: "1.111.0" usecase: "Static Code Analysis" --- diff --git a/scanners/semgrep/docs/README.DockerHub-Parser.md b/scanners/semgrep/docs/README.DockerHub-Parser.md index fbb4a3a1c6..db001b6990 100644 --- a/scanners/semgrep/docs/README.DockerHub-Parser.md +++ b/scanners/semgrep/docs/README.DockerHub-Parser.md @@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht ## Supported Tags - `latest` (represents the latest stable release build) -- tagged releases, e.g. `1.110.0` +- tagged releases, e.g. `1.111.0` ## How to use this image This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/scanners/semgrep. From a3a1c1ea312c991e14e24bc4215cbb536792fd31 Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Thu, 6 Mar 2025 09:23:28 +0000 Subject: [PATCH 81/93] Upgrading trivy from 0.59.1 to 0.60.0 Signed-off-by: secureCodeBoxBot --- scanners/trivy/Chart.yaml | 2 +- scanners/trivy/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scanners/trivy/Chart.yaml b/scanners/trivy/Chart.yaml index 261b2d528b..fab473767c 100644 --- a/scanners/trivy/Chart.yaml +++ b/scanners/trivy/Chart.yaml @@ -8,7 +8,7 @@ description: A Helm chart for the trivy security scanner that integrates with th type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v3.1.0-alpha1 -appVersion: "0.59.1" +appVersion: "0.60.0" kubeVersion: ">=v1.11.0-0" annotations: versionApi: https://api.github.com/repos/aquasecurity/trivy/releases/latest diff --git a/scanners/trivy/README.md b/scanners/trivy/README.md index c1a431fda1..9c531605cd 100644 --- a/scanners/trivy/README.md +++ b/scanners/trivy/README.md @@ -3,7 +3,7 @@ title: "Trivy" category: "scanner" type: "Container" state: "released" -appVersion: "0.59.1" +appVersion: "0.60.0" usecase: "Container Vulnerability Scanner" --- From bf7366856061a9d881843db603eaca1d55065d7d Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Thu, 6 Mar 2025 09:23:33 +0000 Subject: [PATCH 82/93] Upgrading trivy-sbom from 0.59.1 to 0.60.0 Signed-off-by: secureCodeBoxBot --- scanners/trivy-sbom/Chart.yaml | 2 +- scanners/trivy-sbom/README.md | 2 +- scanners/trivy-sbom/docs/README.DockerHub-Parser.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/trivy-sbom/Chart.yaml b/scanners/trivy-sbom/Chart.yaml index 00f38ddd2f..6d0417f45e 100644 --- a/scanners/trivy-sbom/Chart.yaml +++ b/scanners/trivy-sbom/Chart.yaml @@ -8,7 +8,7 @@ description: A Helm chart for the trivy-sbom security scanner that integrates wi type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v3.1.0-alpha1 -appVersion: "0.59.1" +appVersion: "0.60.0" kubeVersion: ">=v1.11.0-0" annotations: versionApi: https://api.github.com/repos/aquasecurity/trivy/releases/latest diff --git a/scanners/trivy-sbom/README.md b/scanners/trivy-sbom/README.md index ed68986e9f..549242b03b 100644 --- a/scanners/trivy-sbom/README.md +++ b/scanners/trivy-sbom/README.md @@ -3,7 +3,7 @@ title: "Trivy SBOM" category: "scanner" type: "Container" state: "released" -appVersion: "0.59.1" +appVersion: "0.60.0" usecase: "Container Dependency Scanner" --- diff --git a/scanners/trivy-sbom/docs/README.DockerHub-Parser.md b/scanners/trivy-sbom/docs/README.DockerHub-Parser.md index 70d3c2099e..f16b70c8ff 100644 --- a/scanners/trivy-sbom/docs/README.DockerHub-Parser.md +++ b/scanners/trivy-sbom/docs/README.DockerHub-Parser.md @@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht ## Supported Tags - `latest` (represents the latest stable release build) -- tagged releases, e.g. `0.59.1` +- tagged releases, e.g. `0.60.0` ## How to use this image This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/scanners/trivy-sbom. From 7164cf206a7d5110741701643c4a791b8c048a68 Mon Sep 17 00:00:00 2001 From: Samreet Singh Date: Thu, 13 Feb 2025 14:48:29 +0100 Subject: [PATCH 83/93] #2706 Remove underscore in container name since it is allowed in image names Container and images follow different naming conventions and for a valid image with an underscore a scheduledscan could not be created Signed-off-by: Samreet Singh --- .../kubernetes/controllers/container_scan_controller.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/auto-discovery/kubernetes/controllers/container_scan_controller.go b/auto-discovery/kubernetes/controllers/container_scan_controller.go index b77b7d4c73..b17f3adf09 100644 --- a/auto-discovery/kubernetes/controllers/container_scan_controller.go +++ b/auto-discovery/kubernetes/controllers/container_scan_controller.go @@ -180,6 +180,8 @@ func getScanName(imageID string, scanConfig config.ScanConfig) string { result = strings.ReplaceAll(result, ".", "-") result = strings.ReplaceAll(result, "/", "-") + result = strings.ReplaceAll(result, "_", "-") + //limit scan name length to kubernetes limits return result[:62] From 343662378de83d80455d227da8a5c85078b77360 Mon Sep 17 00:00:00 2001 From: Samreet Singh Date: Thu, 6 Mar 2025 13:27:30 +0100 Subject: [PATCH 84/93] Add unit-test for image with underscore Signed-off-by: Samreet Singh --- .../controllers/container_scan_controller.go | 1 - .../container_scan_controller_test.go | 24 +++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/auto-discovery/kubernetes/controllers/container_scan_controller.go b/auto-discovery/kubernetes/controllers/container_scan_controller.go index b17f3adf09..b997889dcb 100644 --- a/auto-discovery/kubernetes/controllers/container_scan_controller.go +++ b/auto-discovery/kubernetes/controllers/container_scan_controller.go @@ -182,7 +182,6 @@ func getScanName(imageID string, scanConfig config.ScanConfig) string { result = strings.ReplaceAll(result, "/", "-") result = strings.ReplaceAll(result, "_", "-") - //limit scan name length to kubernetes limits return result[:62] } diff --git a/auto-discovery/kubernetes/controllers/container_scan_controller_test.go b/auto-discovery/kubernetes/controllers/container_scan_controller_test.go index 055757414a..85ac789723 100644 --- a/auto-discovery/kubernetes/controllers/container_scan_controller_test.go +++ b/auto-discovery/kubernetes/controllers/container_scan_controller_test.go @@ -141,6 +141,30 @@ var _ = Describe("ContainerScan controller", func() { !checkIfScanExists(ctx, juiceShopScanName2, namespace, juiceShopScanGoTemplate) }, timeout, interval).Should(BeTrue()) }) + + It("Should create a scan for an image with underscores", func() { + fakeDeployment2 := map[string]string{"test_image": "1237b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31"} + + createPodWithMultipleContainers(ctx, "fake-deployment-pod3", namespace, fakeDeployment2) + testScanName1 := "test-image-test-scan-at-1237b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31" + testScanName1 = testScanName1[:62] + + testScanGoTemplate := scanGoTemplate{ + map[string]string{"testAnnotation": namespace}, + map[string]string{ + "testLabel": namespace, + "app.kubernetes.io/managed-by": "securecodebox-autodiscovery", + }, + []string{"-p", namespace}, + nil, + nil, + nil, + } + Eventually(func() bool { + return checkIfScanExists(ctx, testScanName1, namespace, testScanGoTemplate) + }, timeout, interval).Should(BeTrue()) + }) + }) Context("Container autodiscovery with imagePullSecrets", func() { namespace := "container-autodiscovery-imagepullsecrets" From 3631d7a6dc174b634e32bd84ff2097d997f96774 Mon Sep 17 00:00:00 2001 From: Boris Shek Date: Thu, 6 Mar 2025 15:48:33 +0100 Subject: [PATCH 85/93] Adjust logs for container auto-discovery Add log for discovering new unscanned containers. Add log for discovering orphaned 'Trivy' scans. Remove repeated "Scan was already deleted" log messages. Signed-off-by: Boris Shek --- .../controllers/container_scan_controller.go | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/auto-discovery/kubernetes/controllers/container_scan_controller.go b/auto-discovery/kubernetes/controllers/container_scan_controller.go index b997889dcb..b91be41331 100644 --- a/auto-discovery/kubernetes/controllers/container_scan_controller.go +++ b/auto-discovery/kubernetes/controllers/container_scan_controller.go @@ -114,6 +114,10 @@ func podNotReady(pod corev1.Pod) bool { func (r *ContainerScanReconciler) checkIfNewScansNeedToBeCreated(ctx context.Context, pod corev1.Pod) { r.Log.V(8).Info("Pod is running", "pod", pod.Name, "namespace", pod.Namespace) nonScannedImageIDs := r.getNonScannedImageIDs(ctx, pod) + //log if there are any unscanned containers + if len(nonScannedImageIDs) > 0 { + r.Log.Info("Discovered one or more new unscanned containers; scanning them now", "pod", pod.Name, "namespace", pod.Namespace) + } r.createScheduledScans(ctx, pod, nonScannedImageIDs) } @@ -413,6 +417,10 @@ func (r *ContainerScanReconciler) checkIfScansNeedToBeDeleted(ctx context.Contex r.Log.V(8).Info("Pod will be deleted", "pod", pod.Name, "namespace", pod.Namespace, "timestamp", pod.DeletionTimestamp) allImageIDs := getImageIDsForPod(pod) imageIDsToBeDeleted := r.getOrphanedScanImageIDs(ctx, pod, allImageIDs) + //log if there are any orphaned scans + if len(imageIDsToBeDeleted) > 0 { + r.Log.Info("Discovered one or more 'Trivy' scans related to a non-active container; deleting them now", "pod", pod.Name, "namespace", pod.Namespace) + } r.deleteScans(ctx, pod, imageIDsToBeDeleted) } @@ -428,9 +436,7 @@ func (r *ContainerScanReconciler) getOrphanedScanImageIDs(ctx context.Context, p var scan executionv1.ScheduledScan err := r.Client.Get(ctx, types.NamespacedName{Name: scanName, Namespace: pod.Namespace}, &scan) if err != nil { - if k8sErrors.IsNotFound(err) { - r.Log.Info("Scan was already deleted, nothing to do", "name", scanName) - } else { + if !k8sErrors.IsNotFound(err) { r.Log.Error(err, "Unable to fetch scan", "name", scanName) } } else if !r.containerIDInUse(ctx, pod, imageID) { From 0442a315b6d9c02b0a733b68dc018dbab769e4c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Mar 2025 10:03:55 +0000 Subject: [PATCH 86/93] Bump the npm-version-updates group in /documentation with 3 updates Bumps the npm-version-updates group in /documentation with 3 updates: [sass](https://github.com/sass/dart-sass), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [typescript](https://github.com/microsoft/TypeScript). Updates `sass` from 1.85.0 to 1.85.1 - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.85.0...1.85.1) Updates `@types/node` from 22.13.5 to 22.13.8 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `typescript` from 5.7.3 to 5.8.2 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml) - [Commits](https://github.com/microsoft/TypeScript/compare/v5.7.3...v5.8.2) --- updated-dependencies: - dependency-name: sass dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-version-updates - dependency-name: "@types/node" dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-version-updates - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-version-updates ... Signed-off-by: dependabot[bot] --- documentation/package-lock.json | 23 ++++++++++++----------- documentation/package.json | 4 ++-- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/documentation/package-lock.json b/documentation/package-lock.json index 6df7617818..224559f38b 100644 --- a/documentation/package-lock.json +++ b/documentation/package-lock.json @@ -30,12 +30,12 @@ "@docusaurus/module-type-aliases": "^3.6.0", "@docusaurus/tsconfig": "^3.7.0", "@docusaurus/types": "^3.6.0", - "@types/node": "^22.13.5", + "@types/node": "^22.13.8", "@types/react": "^19.0.10", "@types/react-helmet": "^6.1.11", "@types/react-router-dom": "^5.1.8", "sass-loader": "^16.0.5", - "typescript": "^5.7.3" + "typescript": "^5.8.2" }, "engines": { "node": ">=18.0" @@ -5404,9 +5404,9 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "22.13.5", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.5.tgz", - "integrity": "sha512-+lTU0PxZXn0Dr1NBtC7Y8cR21AJr87dLLU953CWA6pMxxv/UDc7jYAY90upcrie1nRcD6XNG5HOYEDtgW5TxAg==", + "version": "22.13.8", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.8.tgz", + "integrity": "sha512-G3EfaZS+iOGYWLLRCEAXdWK9my08oHNZ+FHluRiggIYJPOXzhOiDgpVCUHaUvyIC5/fj7C/p637jdzC666AOKQ==", "license": "MIT", "dependencies": { "undici-types": "~6.20.0" @@ -16241,9 +16241,9 @@ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, "node_modules/sass": { - "version": "1.85.0", - "resolved": "https://registry.npmjs.org/sass/-/sass-1.85.0.tgz", - "integrity": "sha512-3ToiC1xZ1Y8aU7+CkgCI/tqyuPXEmYGJXO7H4uqp0xkLXUqp88rQQ4j1HmP37xSJLbCJPaIiv+cT1y+grssrww==", + "version": "1.85.1", + "resolved": "https://registry.npmjs.org/sass/-/sass-1.85.1.tgz", + "integrity": "sha512-Uk8WpxM5v+0cMR0XjX9KfRIacmSG86RH4DCCZjLU2rFh5tyutt9siAXJ7G+YfxQ99Q6wrRMbMlVl6KqUms71ag==", "license": "MIT", "dependencies": { "chokidar": "^4.0.0", @@ -17547,9 +17547,10 @@ } }, "node_modules/typescript": { - "version": "5.7.3", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.7.3.tgz", - "integrity": "sha512-84MVSjMEHP+FQRPy3pX9sTVV/INIex71s9TL2Gm5FG/WG1SqXeKyZ0k7/blY/4FdOzI12CBy1vGc4og/eus0fw==", + "version": "5.8.2", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.8.2.tgz", + "integrity": "sha512-aJn6wq13/afZp/jT9QZmwEjDqqvSGp1VT5GVg+f/t6/oVyrgXM6BY1h9BRh/O5p3PlUPAe+WuiEZOmb/49RqoQ==", + "license": "Apache-2.0", "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" diff --git a/documentation/package.json b/documentation/package.json index 0a444b5beb..c9f3786663 100644 --- a/documentation/package.json +++ b/documentation/package.json @@ -52,12 +52,12 @@ "@docusaurus/module-type-aliases": "^3.6.0", "@docusaurus/tsconfig": "^3.7.0", "@docusaurus/types": "^3.6.0", - "@types/node": "^22.13.5", + "@types/node": "^22.13.8", "@types/react": "^19.0.10", "@types/react-helmet": "^6.1.11", "@types/react-router-dom": "^5.1.8", "sass-loader": "^16.0.5", - "typescript": "^5.7.3" + "typescript": "^5.8.2" }, "engines": { "node": ">=18.0" From 5f3c9d08646ef673150095b5d577ce08ac2a8c79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kai=20Sch=C3=A4fer?= Date: Wed, 5 Mar 2025 12:55:09 +0100 Subject: [PATCH 87/93] Allow configuration of imagePullSecret for all trivy components MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In order to use private registries which require authentication it is needed to configure imagePullSecrets for all parts. Signed-off-by: Kai Schäfer --- CONTRIBUTORS.md | 3 ++- scanners/trivy/templates/trivy-database-cache.yaml | 4 ++++ scanners/trivy/templates/trivy-scan-type.yaml | 12 ++++++++++++ 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index a187be1967..0105bd80dc 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -57,4 +57,5 @@ Committing with `git commit -s` will add the sign-off at the end of the commit m - Tobias Stenby Brixen - Eline Henriksen - Michael Kruggel -- Ochi Daiki \ No newline at end of file +- Ochi Daiki +- Kai Schäfer \ No newline at end of file diff --git a/scanners/trivy/templates/trivy-database-cache.yaml b/scanners/trivy/templates/trivy-database-cache.yaml index e0e8c10204..5e8e2bbaed 100644 --- a/scanners/trivy/templates/trivy-database-cache.yaml +++ b/scanners/trivy/templates/trivy-database-cache.yaml @@ -37,6 +37,10 @@ spec: labels: app: trivy-database spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: trivy-database image: "{{ .Values.scanner.image.repository }}:{{ .Values.scanner.image.tag | default .Chart.AppVersion }}" diff --git a/scanners/trivy/templates/trivy-scan-type.yaml b/scanners/trivy/templates/trivy-scan-type.yaml index ebe8d61d11..a5f5d000ec 100644 --- a/scanners/trivy/templates/trivy-scan-type.yaml +++ b/scanners/trivy/templates/trivy-scan-type.yaml @@ -154,6 +154,10 @@ spec: {{- end }} template: spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 12 }} + {{- end }} restartPolicy: OnFailure affinity: {{- toYaml .Values.scanner.affinity | nindent 12 }} @@ -216,6 +220,10 @@ spec: {{- toYaml .Values.scanner.affinity | nindent 12 }} tolerations: {{- toYaml .Values.scanner.tolerations | nindent 12 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 12 }} + {{- end }} containers: - name: trivy image: "{{ .Values.scanner.image.repository }}:{{ .Values.scanner.image.tag | default .Chart.AppVersion }}" @@ -267,6 +275,10 @@ spec: {{- end }} template: spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 12 }} + {{- end }} restartPolicy: OnFailure affinity: {{- toYaml .Values.scanner.affinity | nindent 12 }} From 8e10e4d9a390afdce76d2dcf63d3b931c0e715f5 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Fri, 7 Mar 2025 15:21:36 +0100 Subject: [PATCH 88/93] Update helm snapshot with the now expected image pull secrets Signed-off-by: Jannik Hollenbach --- scanners/trivy/tests/__snapshot__/scanner_test.yaml.snap | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scanners/trivy/tests/__snapshot__/scanner_test.yaml.snap b/scanners/trivy/tests/__snapshot__/scanner_test.yaml.snap index 4f0a017906..6cccc2d109 100644 --- a/scanners/trivy/tests/__snapshot__/scanner_test.yaml.snap +++ b/scanners/trivy/tests/__snapshot__/scanner_test.yaml.snap @@ -61,6 +61,8 @@ matches the snapshot: initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 + imagePullSecrets: + - name: foo 3: | apiVersion: execution.securecodebox.io/v1 kind: ParseDefinition @@ -256,6 +258,8 @@ matches the snapshot: volumeMounts: [] - image: bar name: foo + imagePullSecrets: + - name: foo restartPolicy: OnFailure tolerations: - foo: bar @@ -307,6 +311,8 @@ matches the snapshot: volumeMounts: [] - image: bar name: foo + imagePullSecrets: + - name: foo restartPolicy: OnFailure tolerations: - foo: bar @@ -357,6 +363,8 @@ matches the snapshot: volumeMounts: [] - image: bar name: foo + imagePullSecrets: + - name: foo restartPolicy: OnFailure serviceAccountName: trivy-k8s tolerations: From 0516d1bdb0ebcbe57557c53544d40146c5a2db84 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Mar 2025 22:23:08 +0000 Subject: [PATCH 89/93] Bump prismjs in /documentation in the npm-security-updates group Bumps the npm-security-updates group in /documentation with 1 update: [prismjs](https://github.com/PrismJS/prism). Updates `prismjs` from 1.29.0 to 1.30.0 - [Release notes](https://github.com/PrismJS/prism/releases) - [Changelog](https://github.com/PrismJS/prism/blob/master/CHANGELOG.md) - [Commits](https://github.com/PrismJS/prism/compare/v1.29.0...v1.30.0) --- updated-dependencies: - dependency-name: prismjs dependency-type: indirect dependency-group: npm-security-updates ... Signed-off-by: dependabot[bot] --- documentation/package-lock.json | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/documentation/package-lock.json b/documentation/package-lock.json index 224559f38b..69b0dfcb4f 100644 --- a/documentation/package-lock.json +++ b/documentation/package-lock.json @@ -15076,9 +15076,10 @@ } }, "node_modules/prismjs": { - "version": "1.29.0", - "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.29.0.tgz", - "integrity": "sha512-Kx/1w86q/epKcmte75LNrEoT+lX8pBpavuAbvJWRXar7Hz8jrtF+e3vY751p0R8H9HdArwaCTNDDzHg/ScJK1Q==", + "version": "1.30.0", + "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.30.0.tgz", + "integrity": "sha512-DEvV2ZF2r2/63V+tK8hQvrR2ZGn10srHbXviTlcv7Kpzw8jWiNTqbVgjO3IY8RxrrOUF8VPMQQFysYYYv0YZxw==", + "license": "MIT", "engines": { "node": ">=6" } From 12664851b124cebc7a0c752443ce7fcde012c24b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Mar 2025 00:29:59 +0000 Subject: [PATCH 90/93] Bump golang.org/x/net from 0.30.0 to 0.36.0 in /lurker Bumps [golang.org/x/net](https://github.com/golang/net) from 0.30.0 to 0.36.0. - [Commits](https://github.com/golang/net/compare/v0.30.0...v0.36.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] --- lurker/go.mod | 8 ++++---- lurker/go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lurker/go.mod b/lurker/go.mod index 39257a0ac7..cbdef8a25c 100644 --- a/lurker/go.mod +++ b/lurker/go.mod @@ -34,11 +34,11 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/x448/float16 v0.8.4 // indirect - golang.org/x/net v0.30.0 // indirect + golang.org/x/net v0.36.0 // indirect golang.org/x/oauth2 v0.23.0 // indirect - golang.org/x/sys v0.26.0 // indirect - golang.org/x/term v0.25.0 // indirect - golang.org/x/text v0.19.0 // indirect + golang.org/x/sys v0.30.0 // indirect + golang.org/x/term v0.29.0 // indirect + golang.org/x/text v0.22.0 // indirect golang.org/x/time v0.7.0 // indirect google.golang.org/protobuf v1.35.1 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect diff --git a/lurker/go.sum b/lurker/go.sum index 3d20cf1790..da1338ac0b 100644 --- a/lurker/go.sum +++ b/lurker/go.sum @@ -92,8 +92,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= -golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= +golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA= +golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I= golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -102,14 +102,14 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= -golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU= +golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= +golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= From 57dfce4f47abcab6accdb146c5a7f29bd69570e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Mar 2025 16:31:04 +0000 Subject: [PATCH 91/93] Bump @babel/helpers from 7.26.0 to 7.26.10 in /hooks Bumps [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) from 7.26.0 to 7.26.10. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-helpers) --- updated-dependencies: - dependency-name: "@babel/helpers" dependency-type: indirect ... Signed-off-by: dependabot[bot] --- hooks/package-lock.json | 76 ++++++++++++++++++++++------------------- 1 file changed, 40 insertions(+), 36 deletions(-) diff --git a/hooks/package-lock.json b/hooks/package-lock.json index 5d2ddbff08..44fd2439ca 100644 --- a/hooks/package-lock.json +++ b/hooks/package-lock.json @@ -210,25 +210,27 @@ } }, "node_modules/@babel/helpers": { - "version": "7.26.0", - "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.0.tgz", - "integrity": "sha512-tbhNuIxNcVb21pInl3ZSjksLCvgdZy9KwJ8brv993QtIVKJBBkYXz4q4ZbAv31GdnC+R90np23L5FbEBlthAEw==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.10.tgz", + "integrity": "sha512-UPYc3SauzZ3JGgj87GgZ89JVdC5dj0AoetR5Bw6wj4niittNyFh6+eOGonYvJ1ao6B8lEa3Q3klS7ADZ53bc5g==", "dev": true, + "license": "MIT", "dependencies": { - "@babel/template": "^7.25.9", - "@babel/types": "^7.26.0" + "@babel/template": "^7.26.9", + "@babel/types": "^7.26.10" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/parser": { - "version": "7.26.2", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.2.tgz", - "integrity": "sha512-DWMCZH9WA4Maitz2q21SRKHo9QXZxkDsbNZoVD62gusNtNBBqDg9i7uOhASfTfIGNzW+O+r7+jAlM8dwphcJKQ==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.10.tgz", + "integrity": "sha512-6aQR2zGE/QFi8JpDLjUZEPYOs7+mhKXm86VaKFiLP35JQwQb6bwUE+XbvkH0EptsYhbNBSUGaUBLKqxH1xSgsA==", "dev": true, + "license": "MIT", "dependencies": { - "@babel/types": "^7.26.0" + "@babel/types": "^7.26.10" }, "bin": { "parser": "bin/babel-parser.js" @@ -460,14 +462,15 @@ } }, "node_modules/@babel/template": { - "version": "7.25.9", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.25.9.tgz", - "integrity": "sha512-9DGttpmPvIxBb/2uwpVo3dqJ+O6RooAFOS+lB+xDqoE2PVCE8nfoHMdZLpfCQRLwvohzXISPZcgxt80xLfsuwg==", + "version": "7.26.9", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.26.9.tgz", + "integrity": "sha512-qyRplbeIpNZhmzOysF/wFMuP9sctmh2cFzRAZOn1YapxBsE1i9bJIY586R/WBLfLcmcBlM8ROBiQURnnNy+zfA==", "dev": true, + "license": "MIT", "dependencies": { - "@babel/code-frame": "^7.25.9", - "@babel/parser": "^7.25.9", - "@babel/types": "^7.25.9" + "@babel/code-frame": "^7.26.2", + "@babel/parser": "^7.26.9", + "@babel/types": "^7.26.9" }, "engines": { "node": ">=6.9.0" @@ -492,10 +495,11 @@ } }, "node_modules/@babel/types": { - "version": "7.26.0", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.0.tgz", - "integrity": "sha512-Z/yiTPj+lDVnF7lWeKCIJzaIkI0vYO87dMpZ4bg4TDrFe4XXLFWL1TbXU27gBP3QccxV9mZICCrnjnYlJjXHOA==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.10.tgz", + "integrity": "sha512-emqcG3vHrpxUKTrxcblR36dcrcoRDvKmnL/dCL6ZsHaShW80qxCAcNhzQZrpeM765VzEos+xOi4s+r4IXzTwdQ==", "dev": true, + "license": "MIT", "dependencies": { "@babel/helper-string-parser": "^7.25.9", "@babel/helper-validator-identifier": "^7.25.9" @@ -4613,22 +4617,22 @@ "dev": true }, "@babel/helpers": { - "version": "7.26.0", - "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.0.tgz", - "integrity": "sha512-tbhNuIxNcVb21pInl3ZSjksLCvgdZy9KwJ8brv993QtIVKJBBkYXz4q4ZbAv31GdnC+R90np23L5FbEBlthAEw==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.10.tgz", + "integrity": "sha512-UPYc3SauzZ3JGgj87GgZ89JVdC5dj0AoetR5Bw6wj4niittNyFh6+eOGonYvJ1ao6B8lEa3Q3klS7ADZ53bc5g==", "dev": true, "requires": { - "@babel/template": "^7.25.9", - "@babel/types": "^7.26.0" + "@babel/template": "^7.26.9", + "@babel/types": "^7.26.10" } }, "@babel/parser": { - "version": "7.26.2", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.2.tgz", - "integrity": "sha512-DWMCZH9WA4Maitz2q21SRKHo9QXZxkDsbNZoVD62gusNtNBBqDg9i7uOhASfTfIGNzW+O+r7+jAlM8dwphcJKQ==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.10.tgz", + "integrity": "sha512-6aQR2zGE/QFi8JpDLjUZEPYOs7+mhKXm86VaKFiLP35JQwQb6bwUE+XbvkH0EptsYhbNBSUGaUBLKqxH1xSgsA==", "dev": true, "requires": { - "@babel/types": "^7.26.0" + "@babel/types": "^7.26.10" } }, "@babel/plugin-syntax-async-generators": { @@ -4785,14 +4789,14 @@ } }, "@babel/template": { - "version": "7.25.9", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.25.9.tgz", - "integrity": "sha512-9DGttpmPvIxBb/2uwpVo3dqJ+O6RooAFOS+lB+xDqoE2PVCE8nfoHMdZLpfCQRLwvohzXISPZcgxt80xLfsuwg==", + "version": "7.26.9", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.26.9.tgz", + "integrity": "sha512-qyRplbeIpNZhmzOysF/wFMuP9sctmh2cFzRAZOn1YapxBsE1i9bJIY586R/WBLfLcmcBlM8ROBiQURnnNy+zfA==", "dev": true, "requires": { - "@babel/code-frame": "^7.25.9", - "@babel/parser": "^7.25.9", - "@babel/types": "^7.25.9" + "@babel/code-frame": "^7.26.2", + "@babel/parser": "^7.26.9", + "@babel/types": "^7.26.9" } }, "@babel/traverse": { @@ -4811,9 +4815,9 @@ } }, "@babel/types": { - "version": "7.26.0", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.0.tgz", - "integrity": "sha512-Z/yiTPj+lDVnF7lWeKCIJzaIkI0vYO87dMpZ4bg4TDrFe4XXLFWL1TbXU27gBP3QccxV9mZICCrnjnYlJjXHOA==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.10.tgz", + "integrity": "sha512-emqcG3vHrpxUKTrxcblR36dcrcoRDvKmnL/dCL6ZsHaShW80qxCAcNhzQZrpeM765VzEos+xOi4s+r4IXzTwdQ==", "dev": true, "requires": { "@babel/helper-string-parser": "^7.25.9", From e4612187c0597af1d786dacd86383cf64ad3aa0f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Mar 2025 16:31:22 +0000 Subject: [PATCH 92/93] Bump the npm-security-updates group in /documentation with 2 updates Bumps the npm-security-updates group in /documentation with 2 updates: [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) and [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime). Updates `@babel/helpers` from 7.26.0 to 7.26.10 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-helpers) Updates `@babel/runtime` from 7.26.0 to 7.26.10 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-runtime) --- updated-dependencies: - dependency-name: "@babel/helpers" dependency-type: indirect dependency-group: npm-security-updates - dependency-name: "@babel/runtime" dependency-type: indirect dependency-group: npm-security-updates ... Signed-off-by: dependabot[bot] --- documentation/package-lock.json | 42 ++++++++++++++++----------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/documentation/package-lock.json b/documentation/package-lock.json index 69b0dfcb4f..b66888ef18 100644 --- a/documentation/package-lock.json +++ b/documentation/package-lock.json @@ -885,25 +885,25 @@ } }, "node_modules/@babel/helpers": { - "version": "7.26.0", - "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.0.tgz", - "integrity": "sha512-tbhNuIxNcVb21pInl3ZSjksLCvgdZy9KwJ8brv993QtIVKJBBkYXz4q4ZbAv31GdnC+R90np23L5FbEBlthAEw==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.10.tgz", + "integrity": "sha512-UPYc3SauzZ3JGgj87GgZ89JVdC5dj0AoetR5Bw6wj4niittNyFh6+eOGonYvJ1ao6B8lEa3Q3klS7ADZ53bc5g==", "license": "MIT", "dependencies": { - "@babel/template": "^7.25.9", - "@babel/types": "^7.26.0" + "@babel/template": "^7.26.9", + "@babel/types": "^7.26.10" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/parser": { - "version": "7.26.2", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.2.tgz", - "integrity": "sha512-DWMCZH9WA4Maitz2q21SRKHo9QXZxkDsbNZoVD62gusNtNBBqDg9i7uOhASfTfIGNzW+O+r7+jAlM8dwphcJKQ==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.10.tgz", + "integrity": "sha512-6aQR2zGE/QFi8JpDLjUZEPYOs7+mhKXm86VaKFiLP35JQwQb6bwUE+XbvkH0EptsYhbNBSUGaUBLKqxH1xSgsA==", "license": "MIT", "dependencies": { - "@babel/types": "^7.26.0" + "@babel/types": "^7.26.10" }, "bin": { "parser": "bin/babel-parser.js" @@ -2150,9 +2150,9 @@ } }, "node_modules/@babel/runtime": { - "version": "7.26.0", - "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.26.0.tgz", - "integrity": "sha512-FDSOghenHTiToteC/QRlv2q3DhPZ/oOXTBoirfWNx1Cx3TMVcGWQtMMmQcSvb/JjpNeGzx8Pq/b4fKEJuWm1sw==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.26.10.tgz", + "integrity": "sha512-2WJMeRQPHKSPemqk/awGrAiuFfzBmOIPXKizAsVhWH9YJqLZ0H+HS4c8loHGgW6utJ3E/ejXQUsiGaQy2NZ9Fw==", "license": "MIT", "dependencies": { "regenerator-runtime": "^0.14.0" @@ -2174,14 +2174,14 @@ } }, "node_modules/@babel/template": { - "version": "7.25.9", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.25.9.tgz", - "integrity": "sha512-9DGttpmPvIxBb/2uwpVo3dqJ+O6RooAFOS+lB+xDqoE2PVCE8nfoHMdZLpfCQRLwvohzXISPZcgxt80xLfsuwg==", + "version": "7.26.9", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.26.9.tgz", + "integrity": "sha512-qyRplbeIpNZhmzOysF/wFMuP9sctmh2cFzRAZOn1YapxBsE1i9bJIY586R/WBLfLcmcBlM8ROBiQURnnNy+zfA==", "license": "MIT", "dependencies": { - "@babel/code-frame": "^7.25.9", - "@babel/parser": "^7.25.9", - "@babel/types": "^7.25.9" + "@babel/code-frame": "^7.26.2", + "@babel/parser": "^7.26.9", + "@babel/types": "^7.26.9" }, "engines": { "node": ">=6.9.0" @@ -2206,9 +2206,9 @@ } }, "node_modules/@babel/types": { - "version": "7.26.0", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.0.tgz", - "integrity": "sha512-Z/yiTPj+lDVnF7lWeKCIJzaIkI0vYO87dMpZ4bg4TDrFe4XXLFWL1TbXU27gBP3QccxV9mZICCrnjnYlJjXHOA==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.10.tgz", + "integrity": "sha512-emqcG3vHrpxUKTrxcblR36dcrcoRDvKmnL/dCL6ZsHaShW80qxCAcNhzQZrpeM765VzEos+xOi4s+r4IXzTwdQ==", "license": "MIT", "dependencies": { "@babel/helper-string-parser": "^7.25.9", From 7c80f8d4230f09ff4c482f37a8724685ade5911f Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Tue, 18 Mar 2025 09:23:45 +0000 Subject: [PATCH 93/93] Upgrading semgrep from 1.111.0 to 1.113.0 Signed-off-by: secureCodeBoxBot --- scanners/semgrep/Chart.yaml | 2 +- scanners/semgrep/README.md | 2 +- scanners/semgrep/docs/README.DockerHub-Parser.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/semgrep/Chart.yaml b/scanners/semgrep/Chart.yaml index c275dac215..c9c41af6c0 100644 --- a/scanners/semgrep/Chart.yaml +++ b/scanners/semgrep/Chart.yaml @@ -22,7 +22,7 @@ version: "v3.1.0-alpha1" # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.111.0" +appVersion: "1.113.0" annotations: versionApi: https://api.github.com/repos/semgrep/semgrep/releases/latest supported-platforms: linux/amd64,linux/arm64 diff --git a/scanners/semgrep/README.md b/scanners/semgrep/README.md index 033002ac48..d41aa228f0 100644 --- a/scanners/semgrep/README.md +++ b/scanners/semgrep/README.md @@ -3,7 +3,7 @@ title: "Semgrep" category: "scanner" type: "Repository" state: "released" -appVersion: "1.111.0" +appVersion: "1.113.0" usecase: "Static Code Analysis" --- diff --git a/scanners/semgrep/docs/README.DockerHub-Parser.md b/scanners/semgrep/docs/README.DockerHub-Parser.md index db001b6990..f859670163 100644 --- a/scanners/semgrep/docs/README.DockerHub-Parser.md +++ b/scanners/semgrep/docs/README.DockerHub-Parser.md @@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht ## Supported Tags - `latest` (represents the latest stable release build) -- tagged releases, e.g. `1.111.0` +- tagged releases, e.g. `1.113.0` ## How to use this image This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/scanners/semgrep.