diff --git a/inputhandler/clihandler/flaghandler.go b/inputhandler/clihandler/flaghandler.go index cdd52ab5..8a82e2fe 100644 --- a/inputhandler/clihandler/flaghandler.go +++ b/inputhandler/clihandler/flaghandler.go @@ -41,7 +41,7 @@ func (flagHandler *FlagHandler) ParseFlag() { } func (flagHandler *FlagHandler) Help() { - fmt.Println("Run: ./kube-escape scan framework nsa") + fmt.Println("Run: kube-escape scan framework nsa") } func (flagHandler *FlagHandler) Version() { diff --git a/vendor/github.com/armosec/capacketsgo/README.md b/vendor/github.com/armosec/capacketsgo/README.md deleted file mode 100644 index c570b98f..00000000 --- a/vendor/github.com/armosec/capacketsgo/README.md +++ /dev/null @@ -1,34 +0,0 @@ -# ARMO Golang Utilities Repository - -This is ARMO Golang repository for common data structures, functions and etc. - -**Please keep everything organized** - -Guideline: If you KNOW a datastructure/function will appear in two components or more this is where it belongs! - - -Each subfolder contains it's own readme - -### Clone `capacketsgo` to you repository - -``` -git submodule add git@github.com:armosec/capacketsgo.git ./vendor/github.com/armosec/capacketsgo -``` - -Update your project `go.mod`: -``` -replace github.com/armosec/capacketsgo => ./vendor/github.com/armosec/capacketsgo - -require ( - github.com/armosec/capacketsgo v0.0.0 -) -``` - -When vendor is angry on u run build with the following command: -``` -go build -mod=mod . -``` -every project must do: - -git config --global url."ssh://git@github.com/armosec/".insteadOf "https://github.com/armosec/" -go env -w GOPRIVATE=github.com/armosec diff --git a/vendor/github.com/armosec/capacketsgo/apis/backendconnector.go b/vendor/github.com/armosec/capacketsgo/apis/backendconnector.go deleted file mode 100644 index 0c466366..00000000 --- a/vendor/github.com/armosec/capacketsgo/apis/backendconnector.go +++ /dev/null @@ -1,101 +0,0 @@ -package apis - -import ( - "bytes" - "fmt" - "io/ioutil" - "net/http" -) - -// HTTPReqFunc allows you to insert query params and more to aggregation message while using update aggregator -type HTTPReqFunc func(req *http.Request, qryData interface{}) - -func BasicBEQuery(req *http.Request, qryData interface{}) { - - q := req.URL.Query() - - if notificationData, isok := qryData.(*LoginObject); isok { - q.Add("customerGUID", notificationData.GUID) - } - - req.URL.RawQuery = q.Encode() -} - -func EmptyQuery(req *http.Request, qryData interface{}) { - q := req.URL.Query() - req.URL.RawQuery = q.Encode() -} - -func MapQuery(req *http.Request, qryData interface{}) { - q := req.URL.Query() - if qryMap, isok := qryData.(map[string]string); isok { - for k, v := range qryMap { - q.Add(k, v) - } - - } - req.URL.RawQuery = q.Encode() -} - -func BEHttpRequest(loginobj *LoginObject, beURL, - httpverb string, - endpoint string, - payload []byte, - f HTTPReqFunc, - qryData interface{}) ([]byte, error) { - client := &http.Client{} - - beURL = fmt.Sprintf("%v/%v", beURL, endpoint) - req, err := http.NewRequest(httpverb, beURL, bytes.NewReader(payload)) - if err != nil { - return nil, err - } - - req.Header.Set("Authorization", loginobj.Authorization) - f(req, qryData) - - for _, cookie := range loginobj.Cookies { - req.AddCookie(cookie) - } - resp, err := client.Do(req) - if err != nil { - return nil, err - } - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - fmt.Printf("req:\n%v\nresp:%v\n", req, resp) - return nil, fmt.Errorf("Error #%v Due to: %v", resp.StatusCode, resp.Status) - } - defer resp.Body.Close() - body, err := ioutil.ReadAll(resp.Body) - if err != nil { - return nil, err - } - return body, nil -} - -type BELoginResponse struct { - Name string `json:"name"` - PreferredUsername string `json:"preferred_username"` - Email string `json:"email"` - CustomerGuid string `json:"customerGuid"` - Expires string `json:"expires"` - Authorization string `json:"authorization"` - Cookies []*http.Cookie -} - -func (r *BELoginResponse) ToLoginObject() *LoginObject { - l := &LoginObject{} - l.Authorization = r.Authorization - l.Cookies = r.Cookies - l.Expires = r.Expires - l.GUID = r.CustomerGuid - - return l -} - -type BackendConnector struct { - BaseURL string - BELoginResponse *BELoginResponse - Credentials *CustomerLoginDetails - HTTPClient *http.Client -} diff --git a/vendor/github.com/armosec/capacketsgo/apis/backendconnectormethods.go b/vendor/github.com/armosec/capacketsgo/apis/backendconnectormethods.go deleted file mode 100644 index cfb3bc99..00000000 --- a/vendor/github.com/armosec/capacketsgo/apis/backendconnectormethods.go +++ /dev/null @@ -1,128 +0,0 @@ -package apis - -import ( - "bytes" - "encoding/json" - "fmt" - "io/ioutil" - "net/http" - "strings" -) - -func MakeBackendConnector(client *http.Client, baseURL string, loginDetails *CustomerLoginDetails) (*BackendConnector, error) { - if err := ValidateBEConnectorMakerInput(client, baseURL, loginDetails); err != nil { - return nil, err - } - conn := &BackendConnector{BaseURL: baseURL, Credentials: loginDetails, HTTPClient: client} - err := conn.Login() - - return conn, err -} - -func ValidateBEConnectorMakerInput(client *http.Client, baseURL string, loginDetails *CustomerLoginDetails) error { - if client == nil { - fmt.Errorf("You must provide an initialized httpclient") - } - if len(baseURL) == 0 { - return fmt.Errorf("you must provide a valid backend url") - } - - if loginDetails == nil || (len(loginDetails.Email) == 0 && len(loginDetails.Password) == 0) { - return fmt.Errorf("you must provide valid login details") - } - return nil - -} - -func (r *BackendConnector) Login() error { - if !r.IsExpired() { - return nil - } - - loginInfoBytes, err := json.Marshal(r.Credentials) - if err != nil { - return fmt.Errorf("unable to marshal credentials properly") - } - - beURL := fmt.Sprintf("%v/%v", r.BaseURL, "login") - - req, err := http.NewRequest("POST", beURL, bytes.NewReader(loginInfoBytes)) - if err != nil { - return err - } - - req.Header.Set("Referer", strings.Replace(beURL, "dashbe", "cpanel", 1)) - resp, err := r.HTTPClient.Do(req) - if err != nil { - return err - } - defer resp.Body.Close() - body, err := ioutil.ReadAll(resp.Body) - if err != nil { - return fmt.Errorf("unable to read login response") - } - - loginS := &BELoginResponse{} - json.Unmarshal(body, &loginS) - - loginS.Cookies = resp.Cookies() - r.BELoginResponse = loginS - - return nil -} - -func (r *BackendConnector) IsExpired() bool { - return r.BELoginResponse == nil || r.BELoginResponse.ToLoginObject().IsExpired() -} - -func (r *BackendConnector) GetBaseURL() string { - return r.BaseURL -} -func (r *BackendConnector) GetLoginObj() *LoginObject { - return r.BELoginResponse.ToLoginObject() -} -func (r *BackendConnector) GetClient() *http.Client { - return r.HTTPClient -} - -func (r *BackendConnector) HTTPSend(httpverb string, - endpoint string, - payload []byte, - f HTTPReqFunc, - qryData interface{}) ([]byte, error) { - - beURL := fmt.Sprintf("%v/%v", r.GetBaseURL(), endpoint) - req, err := http.NewRequest(httpverb, beURL, bytes.NewReader(payload)) - if err != nil { - return nil, err - } - - if r.IsExpired() { - r.Login() - } - - loginobj := r.GetLoginObj() - req.Header.Set("Authorization", loginobj.Authorization) - f(req, qryData) - q := req.URL.Query() - q.Set("customerGUID", loginobj.GUID) - req.URL.RawQuery = q.Encode() - - for _, cookie := range loginobj.Cookies { - req.AddCookie(cookie) - } - resp, err := r.GetClient().Do(req) - if err != nil { - return nil, err - } - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - fmt.Printf("req:\n%v\nresp:%v\n", req, resp) - return nil, fmt.Errorf("Error #%v Due to: %v", resp.StatusCode, resp.Status) - } - defer resp.Body.Close() - body, err := ioutil.ReadAll(resp.Body) - if err != nil { - return nil, err - } - return body, nil -} diff --git a/vendor/github.com/armosec/capacketsgo/apis/clusterapis.go b/vendor/github.com/armosec/capacketsgo/apis/clusterapis.go deleted file mode 100644 index 38dcf6bb..00000000 --- a/vendor/github.com/armosec/capacketsgo/apis/clusterapis.go +++ /dev/null @@ -1,25 +0,0 @@ -package apis - -// WebsocketScanCommand api -const ( - WebsocketScanCommandVersion string = "v1" - WebsocketScanCommandPath string = "scanImage" -) - -// commands send via websocket -const ( - UPDATE string = "update" - ATTACH string = "Attach" - REMOVE string = "remove" - DETACH string = "Detach" - INCOMPATIBLE string = "Incompatible" - REPLACE_HEADERS string = "ReplaceHeaders" - IMAGE_UNREACHABLE string = "ImageUnreachable" - SIGN string = "sign" - UNREGISTERED string = "unregistered" - INJECT string = "inject" - RESTART string = "restart" - ENCRYPT string = "encryptSecret" - DECRYPT string = "decryptSecret" - SCAN string = "scan" -) diff --git a/vendor/github.com/armosec/capacketsgo/apis/datastructures.go b/vendor/github.com/armosec/capacketsgo/apis/datastructures.go deleted file mode 100644 index 012ec8dc..00000000 --- a/vendor/github.com/armosec/capacketsgo/apis/datastructures.go +++ /dev/null @@ -1,78 +0,0 @@ -package apis - -import ( - "encoding/json" - "fmt" - "net/http" - - "github.com/docker/docker/api/types" -) - -// WebsocketScanCommand trigger scan thru the websocket -type WebsocketScanCommand struct { - // CustomerGUID string `json:"customerGUID"` - ImageTag string `json:"imageTag"` - Wlid string `json:"wlid"` - IsScanned bool `json:"isScanned"` - ContainerName string `json:"containerName"` - JobID string `json:"jobID,omitempty"` - LastAction int `json:"actionIDN"` - // ImageHash string `json:"imageHash"` - Credentials *types.AuthConfig `json:"credentials,omitempty"` -} - -//taken from BE -// ElasticRespTotal holds the total struct in Elastic array response -type ElasticRespTotal struct { - Value int `json:"value"` - Relation string `json:"relation"` -} - -// V2ListResponse holds the response of some list request with some metadata -type V2ListResponse struct { - Total ElasticRespTotal `json:"total"` - Response interface{} `json:"response"` - // Cursor for quick access to the next page. Not supported yet - Cursor string `json:"cursor"` -} - -// Oauth2Customer returns inside the "ca_groups" field in claims section of -// Oauth2 verification process -type Oauth2Customer struct { - CustomerName string `json:"customerName"` - CustomerGUID string `json:"customerGUID"` -} - -type LoginObject struct { - Authorization string `json:"authorization"` - GUID string - Cookies []*http.Cookie - Expires string -} - -type SafeMode struct { - Reporter string `json:"reporter"` // "Agent" - Action string `json:"action,omitempty"` // "action" - Wlid string `json:"wlid"` // CAA_WLID - PodName string `json:"podName"` // CAA_POD_NAME - InstanceID string `json:"instanceID"` // CAA_POD_NAME - ContainerName string `json:"containerName,omitempty"` // CAA_CONTAINER_NAME - ProcessName string `json:"processName,omitempty"` - ProcessID int `json:"processID,omitempty"` - ProcessCMD string `json:"processCMD,omitempty"` - ComponentGUID string `json:"componentGUID,omitempty"` // CAA_GUID - StatusCode int `json:"statusCode"` // 0/1/2 - ProcessExitCode int `json:"processExitCode"` // 0 + - Timestamp int64 `json:"timestamp"` - Message string `json:"message,omitempty"` // any string - JobID string `json:"jobID,omitempty"` // any string - Compatible *bool `json:"compatible,omitempty"` -} - -func (safeMode *SafeMode) Json() string { - b, err := json.Marshal(*safeMode) - if err != nil { - return "" - } - return fmt.Sprintf("%s", b) -} diff --git a/vendor/github.com/armosec/capacketsgo/apis/datastructures_test.go b/vendor/github.com/armosec/capacketsgo/apis/datastructures_test.go deleted file mode 100644 index 15a252aa..00000000 --- a/vendor/github.com/armosec/capacketsgo/apis/datastructures_test.go +++ /dev/null @@ -1,26 +0,0 @@ -package apis - -// import ( -// "fmt" -// "net/http" -// "testing" -// ) - -// func TestAuditStructure(t *testing.T) { -// c := http.Client{} -// be, err := MakeBackendConnector(&c, "https://dashbe.eudev3.cyberarmorsoft.com", &CustomerLoginDetails{Email: "lalafi@cyberarmor.io", Password: "*", CustomerName: "CyberArmorTests"}) -// if err != nil { -// t.Errorf("sad1") - -// } - -// b, err := be.HTTPSend("GET", "v1/microservicesOverview", nil, MapQuery, map[string]string{"wlid": "wlid://cluster-childrenofbodom/namespace-default/deployment-pos"}) -// if err != nil { -// t.Errorf("sad2") - -// } -// fmt.Printf("%v", string(b)) - -// t.Errorf("sad") - -// } diff --git a/vendor/github.com/armosec/capacketsgo/apis/interfaces.go b/vendor/github.com/armosec/capacketsgo/apis/interfaces.go deleted file mode 100644 index 87b463ac..00000000 --- a/vendor/github.com/armosec/capacketsgo/apis/interfaces.go +++ /dev/null @@ -1,21 +0,0 @@ -package apis - -import "net/http" - -// Connector - interface for any connector (BE/Portal and so on) -type Connector interface { - - //may used for a more generic httpsend interface based method - GetBaseURL() string - GetLoginObj() *LoginObject - GetClient() *http.Client - - Login() error - IsExpired() bool - - HTTPSend(httpverb string, - endpoint string, - payload []byte, - f HTTPReqFunc, - qryData interface{}) ([]byte, error) -} diff --git a/vendor/github.com/armosec/capacketsgo/apis/login.go b/vendor/github.com/armosec/capacketsgo/apis/login.go deleted file mode 100644 index 9bc7e535..00000000 --- a/vendor/github.com/armosec/capacketsgo/apis/login.go +++ /dev/null @@ -1,256 +0,0 @@ -package apis - -import ( - "bytes" - "net/http" - "time" - - "io/ioutil" - - oidc "github.com/coreos/go-oidc" - uuid "github.com/satori/go.uuid" - - // "go.uber.org/zap" - "context" - "encoding/json" - "fmt" - "strings" - - "golang.org/x/oauth2" -) - -func GetOauth2TokenURL() string { - return "https://idens.eudev3.cyberarmorsoft.com/auth/realms/CyberArmorSites" -} - -func GetLoginStruct() (LoginAux, error) { - - return LoginAux{Referer: "https://cpanel.eudev3.cyberarmorsoft.com/login", Url: "https://cpanel.eudev3.cyberarmorsoft.com/login"}, nil -} - -func LoginWithKeycloak(loginDetails CustomerLoginDetails) ([]uuid.UUID, *oidc.IDToken, error) { - // var custGUID uuid.UUID - // config.Oauth2TokenURL - if GetOauth2TokenURL() == "" { - return nil, nil, fmt.Errorf("missing oauth2 token URL") - } - urlaux, _ := GetLoginStruct() - conf, err := getOauth2Config(urlaux) - if err != nil { - return nil, nil, err - } - ctx := context.Background() - provider, err := oidc.NewProvider(ctx, GetOauth2TokenURL()) - if err != nil { - return nil, nil, err - } - - // "Oauth2ClientID": "golang-client" - oidcConfig := &oidc.Config{ - ClientID: "golang-client", - SkipClientIDCheck: true, - } - - verifier := provider.Verifier(oidcConfig) - ouToken, err := conf.PasswordCredentialsToken(ctx, loginDetails.Email, loginDetails.Password) - if err != nil { - return nil, nil, err - } - // "Authorization", - authorization := fmt.Sprintf("%s %s", ouToken.Type(), ouToken.AccessToken) - // oidc.IDTokenVerifier - tkn, err := verifier.Verify(ctx, ouToken.AccessToken) - if err != nil { - return nil, tkn, err - } - tkn.Nonce = authorization - if loginDetails.CustomerName == "" { - customers, err := getCustomersNames(tkn) - if err != nil { - return nil, tkn, err - } - if len(customers) == 1 { - loginDetails.CustomerName = customers[0] - } else { - return nil, tkn, fmt.Errorf("login with one of the following customers: %v", customers) - } - } - custGUID, err := getCustomerGUID(tkn, &loginDetails) - if err != nil { - return nil, tkn, err - } - return []uuid.UUID{custGUID}, tkn, nil -} - -func getOauth2Config(urlaux LoginAux) (*oauth2.Config, error) { - reURLSlices := strings.Split(urlaux.Referer, "/") - if len(reURLSlices) == 0 { - reURLSlices = strings.Split(urlaux.Url, "/") - } - // zapLogger.With(zap.Strings("referer", reURLSlices)).Info("Searching oauth2Config for") - if len(reURLSlices) < 3 { - reURLSlices = []string{reURLSlices[0], reURLSlices[0], reURLSlices[0]} - } - lg, _ := GetLoginStruct() - provider, _ := oidc.NewProvider(context.Background(), GetOauth2TokenURL()) - //provider.Endpoint {"AuthURL":"https://idens.eudev3.cyberarmorsoft.com/auth/realms/CyberArmorSites/protocol/openid-connect/auth","TokenURL":"https://idens.eudev3.cyberarmorsoft.com/auth/realms/CyberArmorSites/protocol/openid-connect/token","AuthStyle":0} - conf := oauth2.Config{ - ClientID: "golang-client", - ClientSecret: "4e33bad2-3491-41a6-b486-93c492cfb4a2", - RedirectURL: lg.Referer, - // Discovery returns the OAuth2 endpoints. - Endpoint: provider.Endpoint(), - // "openid" is a required scope for OpenID Connect flows. - Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, - } - return &conf, nil - // return nil, fmt.Errorf("canno't find oauth2Config for referer '%+v'.\nPlease set referer or origin headers", reURLSlices) -} - -func getCustomersNames(oauth2Details *oidc.IDToken) ([]string, error) { - var claimsJSON Oauth2Claims - if err := oauth2Details.Claims(&claimsJSON); err != nil { - return nil, err - } - - customersList := make([]string, 0, len(claimsJSON.CAGroups)) - for _, v := range claimsJSON.CAGroups { - var caCustomer Oauth2Customer - if err := json.Unmarshal([]byte(v), &caCustomer); err == nil { - customersList = append(customersList, caCustomer.CustomerName) - } - } - return customersList, nil -} - -func getCustomerGUID(tkn *oidc.IDToken, loginDetails *CustomerLoginDetails) (uuid.UUID, error) { - - customers, err := getCustomersList(tkn) - if err != nil { - return uuid.UUID{}, err - } - - // if customer name not provided - use default customer - if loginDetails.CustomerName == "" && len(customers) > 0 { - return uuid.FromString(customers[0].CustomerGUID) - } - - for _, i := range customers { - if i.CustomerName == loginDetails.CustomerName { - return uuid.FromString(i.CustomerGUID) - } - } - return uuid.UUID{}, fmt.Errorf("customer name not found in customer list") -} - -func getCustomersList(oauth2Details *oidc.IDToken) ([]Oauth2Customer, error) { - var claimsJSON Oauth2Claims - if err := oauth2Details.Claims(&claimsJSON); err != nil { - return nil, err - } - - customersList := make([]Oauth2Customer, 0, len(claimsJSON.CAGroups)) - for _, v := range claimsJSON.CAGroups { - var caCustomer Oauth2Customer - if err := json.Unmarshal([]byte(v), &caCustomer); err == nil { - customersList = append(customersList, caCustomer) - } - } - return customersList, nil -} - -// func MakeAuthCookies(custGUID uuid.UUID, ouToken *oidc.IDToken) (*http.Cookie, error) { -// var ccc http.Cookie -// var responseData AuthenticationCookie -// expireDate := time.Now().UTC().Add(time.Duration(config.CookieExpirationHours) * time.Hour) -// if ouToken != nil { -// expireDate = ouToken.Expiry -// } -// ccc.Expires = expireDate -// responseData.CustomerGUID = custGUID -// responseData.Expires = ccc.Expires -// responseData.Version = 0 -// authorizationStr := "" -// if ouToken != nil { -// authorizationStr = ouToken.Nonce -// if err := ouToken.Claims(&responseData.Oauth2Claims); err != nil { -// errStr := fmt.Sprintf("failed to get claims from JWT") -// return nil, fmt.Errorf("%v", errStr) -// } -// } -// jsonBytes, err := json.Marshal(responseData) -// if err != nil { -// errStr := fmt.Sprintf("failed to get claims from JWT") -// return nil, fmt.Errorf("%v", errStr) -// } -// ccc.Name = "auth" -// ccc.Value = hex.EncodeToString(jsonBytes) + "." + cacheaccess.CalcHmac256(jsonBytes) -// // TODO: HttpOnly for security... -// ccc.HttpOnly = false -// ccc.Path = "/" -// ccc.Secure = true -// ccc.SameSite = http.SameSiteNoneMode -// http.SetCookie(w, &ccc) -// responseData.Authorization = authorizationStr -// jsonBytes, err = json.Marshal(responseData) -// if err != nil { -// w.WriteHeader(http.StatusInternalServerError) -// fmt.Fprintf(w, "error while marshaling response(2) %s", err) -// return -// } -// w.Write(jsonBytes) -// } - -func Login(loginDetails CustomerLoginDetails) (*LoginObject, error) { - - return nil, nil -} - -func GetBEInfo(cfgFile string) string { - return "https://dashbe.eudev3.cyberarmorsoft.com" -} - -func BELogin(loginDetails *CustomerLoginDetails, login string, cfg string) (*BELoginResponse, error) { - client := &http.Client{} - - basebeURL := GetBEInfo(cfg) - beURL := fmt.Sprintf("%v/%v", basebeURL, login) - - loginInfoBytes, err := json.Marshal(loginDetails) - if err != nil { - return nil, err - } - req, err := http.NewRequest("POST", beURL, bytes.NewReader(loginInfoBytes)) - if err != nil { - return nil, err - } - - req.Header.Set("Referer", strings.Replace(beURL, "dashbe", "cpanel", 1)) - resp, err := client.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - body, err := ioutil.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - loginS := &BELoginResponse{} - json.Unmarshal(body, &loginS) - - loginS.Cookies = resp.Cookies() - return loginS, nil -} - -func (r *LoginObject) IsExpired() bool { - if r == nil { - return true - } - t, err := time.Parse(time.RFC3339, r.Expires) - if err != nil { - return true - } - - return t.UTC().Before(time.Now().UTC()) -} diff --git a/vendor/github.com/armosec/capacketsgo/apis/login_test.go b/vendor/github.com/armosec/capacketsgo/apis/login_test.go deleted file mode 100644 index bf980e56..00000000 --- a/vendor/github.com/armosec/capacketsgo/apis/login_test.go +++ /dev/null @@ -1,41 +0,0 @@ -package apis - -// func TestLogin2BE(t *testing.T) { - -// loginDetails := CustomerLoginDetails{Email: "lalafi@cyberarmor.io", Password: "***", CustomerName: "CyberArmorTests"} -// res, err := BELogin(loginDetails, "login") -// if err != nil { -// t.Errorf("failed to get raw audit is different ") -// } -// k := res.ToLoginObject() - -// fmt.Printf("%v\n", k) - -// } - -// func TestGetMicroserviceOverview(t *testing.T) { -// // client := &http.Client{} -// loginDetails := CustomerLoginDetails{Email: "lalafi@cyberarmor.io", Password: "***", CustomerName: "CyberArmorTests"} -// loginobj, err := BELogin(loginDetails, "login") -// if err != nil { -// t.Errorf("failed to get raw audit is different ") -// } -// k := loginobj.ToLoginObject() -// beURL := GetBEInfo("") - -// res, err := BEHttpRequest(k, beURL, -// "GET", -// "v1/microservicesOverview", -// nil, -// BasicBEQuery, -// k) - -// if err != nil { -// t.Errorf("failed to get raw audit is different ") -// } - -// s := string(res) - -// fmt.Printf("%v\n", s) - -// } diff --git a/vendor/github.com/armosec/capacketsgo/apis/logindatastructures.go b/vendor/github.com/armosec/capacketsgo/apis/logindatastructures.go deleted file mode 100644 index 49dae06e..00000000 --- a/vendor/github.com/armosec/capacketsgo/apis/logindatastructures.go +++ /dev/null @@ -1,38 +0,0 @@ -package apis - -import ( - "time" - - "github.com/gofrs/uuid" -) - -// AuthenticationCookie is what it is -type AuthenticationCookie struct { - Oauth2Claims `json:",inline"` - CustomerGUID uuid.UUID `json:"customerGuid"` - Expires time.Time `json:"expires"` - Version int `json:"version"` - Authorization string `json:"authorization,omitempty"` -} - -type LoginAux struct { - Referer string - Url string -} - -// CustomerLoginDetails is what it is -type CustomerLoginDetails struct { - Email string `json:"email"` - Password string `json:"password"` - CustomerName string `json:"customer,omitempty"` - CustomerGUID uuid.UUID `json:"customerGuid,omitempty"` -} - -// Oauth2Claims returns in claims section of Oauth2 verification process -type Oauth2Claims struct { - Sub string `json:"sub"` - Name string `json:"name"` - PreferredUserName string `json:"preferred_username"` - CAGroups []string `json:"ca_groups"` - Email string `json:"email"` -} diff --git a/vendor/github.com/armosec/capacketsgo/apis/websocketdatastructures.go b/vendor/github.com/armosec/capacketsgo/apis/websocketdatastructures.go deleted file mode 100644 index 0fc825a2..00000000 --- a/vendor/github.com/armosec/capacketsgo/apis/websocketdatastructures.go +++ /dev/null @@ -1,132 +0,0 @@ -package apis - -import ( - "encoding/json" - "fmt" -) - -// Commands list of commands received from websocket -type Commands struct { - Commands []Command `json:"commands"` -} - -// Command structure of command received from websocket -type Command struct { - CommandName string `json:"commandName"` - ResponseID string `json:"responseID"` - Wlid string `json:"wlid,omitempty"` - WildWlid string `json:"wildWlid,omitempty"` - Sid string `json:"sid,omitempty"` - WildSid string `json:"wildSid,omitempty"` - JobTracking JobTracking `json:"jobTracking"` - Args map[string]interface{} `json:"args,omitempty"` -} - -type JobTracking struct { - JobID string `json:"jobID,omitempty"` - ParentID string `json:"parentAction,omitempty"` - LastActionNumber int `json:"numSeq,omitempty"` -} - -func (c *Command) DeepCopy() *Command { - newCommand := &Command{} - newCommand.CommandName = c.CommandName - newCommand.ResponseID = c.ResponseID - newCommand.Wlid = c.Wlid - newCommand.WildWlid = c.WildWlid - if c.Args != nil { - newCommand.Args = make(map[string]interface{}) - for i, j := range c.Args { - newCommand.Args[i] = j - } - } - return newCommand -} - -func (c *Command) GetLabels() map[string]string { - if c.Args != nil { - if ilabels, ok := c.Args["labels"]; ok { - labels := map[string]string{} - if b, e := json.Marshal(ilabels); e == nil { - if e = json.Unmarshal(b, &labels); e == nil { - return labels - } - } - } - } - return map[string]string{} -} - -func (c *Command) SetLabels(labels map[string]string) { - if c.Args == nil { - c.Args = make(map[string]interface{}) - } - c.Args["labels"] = labels -} - -func (c *Command) GetFieldSelector() map[string]string { - if c.Args != nil { - if ilabels, ok := c.Args["fieldSelector"]; ok { - labels := map[string]string{} - if b, e := json.Marshal(ilabels); e == nil { - if e = json.Unmarshal(b, &labels); e == nil { - return labels - } - } - } - } - return map[string]string{} -} - -func (c *Command) SetFieldSelector(labels map[string]string) { - if c.Args == nil { - c.Args = make(map[string]interface{}) - } - c.Args["fieldSelector"] = labels -} - -func (c *Command) GetID() string { - if c.WildWlid != "" { - return c.WildWlid - } - if c.WildSid != "" { - return c.WildSid - } - if c.Wlid != "" { - return c.Wlid - } - if c.Sid != "" { - return c.Sid - } - return "" -} - -func (c *Command) Json() string { - b, _ := json.Marshal(*c) - return fmt.Sprintf("%s", b) -} - -func SIDFallback(c *Command) { - if c.GetID() == "" { - sid, err := getSIDFromArgs(c.Args) - if err != nil || sid == "" { - return - } - c.Sid = sid - } -} - -func getSIDFromArgs(args map[string]interface{}) (string, error) { - sidInterface, ok := args["sid"] - if !ok { - return "", nil - } - sid, ok := sidInterface.(string) - if !ok || sid == "" { - return "", fmt.Errorf("sid found in args but empty") - } - // if _, err := secrethandling.SplitSecretID(sid); err != nil { - // return "", err - // } - return sid, nil -} diff --git a/vendor/github.com/armosec/capacketsgo/armotypes/executionpolicytypes.go b/vendor/github.com/armosec/capacketsgo/armotypes/executionpolicytypes.go deleted file mode 100644 index 3307de44..00000000 --- a/vendor/github.com/armosec/capacketsgo/armotypes/executionpolicytypes.go +++ /dev/null @@ -1,16 +0,0 @@ -package armotypes - -type EnforcmentsRule struct { - MonitoredObject []string `json:"monitoredObject"` - MonitoredObjectExistence []string `json:"objectExistence"` - MonitoredObjectEvent []string `json:"event"` - Action []string `json:"action"` -} - -type ExecutionPolicy struct { - PortalBase `json:",inline"` - Designators []PortalDesignator `json:"designators"` - PolicyType string `json:"policyType"` - CreationTime string `json:"creation_time"` - ExecutionEnforcmentsRules []EnforcmentsRule `json:"enforcementRules"` -} diff --git a/vendor/github.com/armosec/capacketsgo/armotypes/portaltypes.go b/vendor/github.com/armosec/capacketsgo/armotypes/portaltypes.go deleted file mode 100644 index ab611b6a..00000000 --- a/vendor/github.com/armosec/capacketsgo/armotypes/portaltypes.go +++ /dev/null @@ -1,57 +0,0 @@ -package armotypes - -const ( - CostumerGuidQuery = "costumerGUID" - ClusterNameQuery = "cluster" - DatacenterNameQuery = "datacenter" - NamespaceQuery = "namespace" - ProjectQuery = "project" - WlidQuery = "wlid" - SidQuery = "sid" -) - -// PortalBase holds basic items data from portal BE -type PortalBase struct { - GUID string `json:"guid"` - Name string `json:"name"` - Attributes map[string]interface{} `json:"attributes,omitempty"` // could be string -} - -type DesignatorType string - -// Supported designators -const ( - DesignatorAttributes DesignatorType = "Attributes" - /* - WorkloadID format. - k8s format: wlid://cluster-/namespace-/- - native format: wlid://datacenter-/project-/native- - */ - DesignatorWlid DesignatorType = "Wlid" - /* - Wild card - subset of wlid. e.g. - 1. Include cluster: - wlid://cluster-/ - 2. Include cluster and namespace (filter out all other namespaces): - wlid://cluster-/namespace-/ - */ - DesignatorWildWlid DesignatorType = "WildWlid" - DesignatorWlidContainer DesignatorType = "WlidContainer" - DesignatorWlidProcess DesignatorType = "WlidProcess" - DesignatorSid DesignatorType = "Sid" // secret id -) - -// attributes -const ( - AttributeCluster = "cluster" - AttributeNamespace = "namespace" -) - -// PortalDesignator represented single designation options -type PortalDesignator struct { - DesignatorType DesignatorType `json:"designatorType"` - WLID string `json:"wlid"` - WildWLID string `json:"wildwlid"` - SID string `json:"sid"` - Attributes map[string]string `json:"attributes"` -} diff --git a/vendor/github.com/armosec/capacketsgo/armotypes/portaltypes_mock.go b/vendor/github.com/armosec/capacketsgo/armotypes/portaltypes_mock.go deleted file mode 100644 index 3b860bec..00000000 --- a/vendor/github.com/armosec/capacketsgo/armotypes/portaltypes_mock.go +++ /dev/null @@ -1,18 +0,0 @@ -package armotypes - -func MockPortalBase(customerGUID, name string, attributes map[string]interface{}) *PortalBase { - if customerGUID == "" { - customerGUID = "36b6f9e1-3b63-4628-994d-cbe16f81e9c7" - } - if name == "" { - name = "portalbase-a" - } - if attributes == nil { - attributes = make(map[string]interface{}) - } - return &PortalBase{ - GUID: customerGUID, - Name: name, - Attributes: attributes, - } -} diff --git a/vendor/github.com/armosec/capacketsgo/armotypes/portaltypesutils.go b/vendor/github.com/armosec/capacketsgo/armotypes/portaltypesutils.go deleted file mode 100644 index a7b875e8..00000000 --- a/vendor/github.com/armosec/capacketsgo/armotypes/portaltypesutils.go +++ /dev/null @@ -1,39 +0,0 @@ -package armotypes - -import "github.com/golang/glog" - -var IgnoreLabels = []string{AttributeCluster, AttributeNamespace} - -// DigestPortalDesignator - get cluster namespace and labels from designator -func DigestPortalDesignator(designator *PortalDesignator) (string, string, map[string]string) { - switch designator.DesignatorType { - case DesignatorAttributes: - return DigestAttributesDesignator(designator.Attributes) - // case DesignatorWlid: TODO - // case DesignatorWildWlid: TODO - default: - glog.Warningf("in 'digestPortalDesignator' designator type: '%v' not yet supported. please contact Armo team", designator.DesignatorType) - } - return "", "", nil -} - -func DigestAttributesDesignator(attributes map[string]string) (string, string, map[string]string) { - cluster := "" - namespace := "" - labels := map[string]string{} - if attributes == nil || len(attributes) == 0 { - return cluster, namespace, labels - } - for k, v := range attributes { - labels[k] = v - } - if v, ok := attributes[AttributeNamespace]; ok { - namespace = v - delete(labels, AttributeNamespace) - } - if v, ok := attributes[AttributeCluster]; ok { - cluster = v - delete(labels, AttributeCluster) - } - return cluster, namespace, labels -} diff --git a/vendor/github.com/armosec/capacketsgo/audit-connector/README.md b/vendor/github.com/armosec/capacketsgo/audit-connector/README.md deleted file mode 100644 index cb6c750c..00000000 --- a/vendor/github.com/armosec/capacketsgo/audit-connector/README.md +++ /dev/null @@ -1,16 +0,0 @@ -# Audit-logs connector -## Example -=== -Define this *ELASTICSEARCH_URL* -Or use pre-defined elastic client by calling ReinitElastic function - -``` -AuditReportAction(&AuditReport{ - Source: AuditSourceTest, - Details: "here is some test detail", - Subject: "the go compiler", - Action: "ran in test mode", - User: "ben", - Customer: "35d5509a-e81a-492b-a4c6-55264de33e0b", - }) -``` \ No newline at end of file diff --git a/vendor/github.com/armosec/capacketsgo/audit-connector/auditlog.go b/vendor/github.com/armosec/capacketsgo/audit-connector/auditlog.go deleted file mode 100644 index 3247a2dc..00000000 --- a/vendor/github.com/armosec/capacketsgo/audit-connector/auditlog.go +++ /dev/null @@ -1,69 +0,0 @@ -package auditconnector - -import ( - "context" - "encoding/json" - "fmt" - "strings" - "time" - - "github.com/elastic/go-elasticsearch/v7/esapi" - "github.com/elastic/go-elasticsearch/v7/esutil" - "go.uber.org/zap" -) - -func (audit *AuditReport) getIndexName() string { - return "v1-audit-" + audit.CustomerGUID -} - -func (audit *AuditReport) doReportAuditReport() error { - indexName := audit.getIndexName() - esRequest := esapi.IndexRequest{ - Index: indexName, - Body: esutil.NewJSONReader(*audit), - } - err := validateResponse(esRequest.Do(context.Background(), elasticClient)) - if err != nil { - if strings.Contains(err.Error(), "index_not_found_exception") { - if err = validateResponse(elasticClient.Indices.Create(indexName, elasticClient.API.Indices.Create.WithBody(strings.NewReader(indexMapping)))); err == nil { - esRequest := esapi.IndexRequest{ - Index: indexName, - Body: esutil.NewJSONReader(*audit), - } - err = validateResponse(esRequest.Do(context.Background(), elasticClient)) - } - } - return err - } - return err -} - -func validateResponse(res *esapi.Response, err error) error { - if err != nil { - return fmt.Errorf("In validateRespons. Primary error. Error: '%v', ", err) - } - defer res.Body.Close() - dec := json.NewDecoder(res.Body) - elErr := make(map[string]interface{}) - if err := dec.Decode(&elErr); err != nil { - return fmt.Errorf("In validateResponse failed to decode error body: %v", err) - } - if res.IsError() { - return fmt.Errorf("In validateResponse error returned (%s): %v, ", res.Status(), elErr) - } - zap.L().Info("In validateResponse", zap.Any("result", elErr)) - return nil -} - -// AuditReportAction stores the audit report in elastic -func AuditReportAction(action *AuditReport) { - action.TimeStamp = time.Now() - if elasticClient != nil { - go func() { - if err := action.doReportAuditReport(); err != nil { - zap.L().Error("In AuditReportAction, failed to doReportAuditReport", - zap.Any("report", action), zap.Error(err)) - } - }() - } -} diff --git a/vendor/github.com/armosec/capacketsgo/audit-connector/auditlog_test.go b/vendor/github.com/armosec/capacketsgo/audit-connector/auditlog_test.go deleted file mode 100644 index ab371bf3..00000000 --- a/vendor/github.com/armosec/capacketsgo/audit-connector/auditlog_test.go +++ /dev/null @@ -1,48 +0,0 @@ -package auditconnector - -import ( - "fmt" - "io/ioutil" - "testing" -) - -func TestAuditReportBasic(t *testing.T) { - report := AuditReport{ - Source: AuditSourceTest, - Details: "here is some test detail", - Subject: "the go compiler", - Action: "ran in test mode", - User: "ben", - CustomerGUID: "35d5509a-e81a-492b-a4c6-55264de33e0b", - } - err := report.doReportAuditReport() - if err != nil { - t.Errorf("error reporting %s", err) - return - } - - res, err := elasticClient.Search(elasticClient.Search.WithIndex(report.getIndexName())) - if err != nil { - t.Errorf("error retrieving results %s", err) - return - } - defer res.Body.Close() - if res.IsError() { - t.Errorf("error retrieving results at ES level %s", res.Status()) - return - } - if b, err := ioutil.ReadAll(res.Body); err == nil { - fmt.Print(string(b)) - } -} - -func TestAuditReportGoRutined(t *testing.T) { - AuditReportAction(&AuditReport{ - Source: AuditSourceTest, - Details: "here is some test detail", - Subject: "the go compiler", - Action: "ran in test mode", - User: "ben", - CustomerGUID: "35d5509a-e81a-492b-a4c6-55264de33e0b", - }) -} diff --git a/vendor/github.com/armosec/capacketsgo/audit-connector/init.go b/vendor/github.com/armosec/capacketsgo/audit-connector/init.go deleted file mode 100644 index d9d35980..00000000 --- a/vendor/github.com/armosec/capacketsgo/audit-connector/init.go +++ /dev/null @@ -1,26 +0,0 @@ -package auditconnector - -import ( - "log" - - elasticsearch "github.com/elastic/go-elasticsearch/v7" -) - -var elasticClient *elasticsearch.Client = nil - -func init() { - var err error - elasticClient, err = elasticsearch.NewDefaultClient() - if err != nil { - log.Print(err) - log.Print("Error: audit elasticsearch client could not be created") - elasticClient = nil - } -} - -// ReinitElastic inits the underlying elastic client with well-configured one instead of the default one -func ReinitElastic(client *elasticsearch.Client) { - if client != nil { - elasticClient = client - } -} diff --git a/vendor/github.com/armosec/capacketsgo/audit-connector/types.go b/vendor/github.com/armosec/capacketsgo/audit-connector/types.go deleted file mode 100644 index 507eae6f..00000000 --- a/vendor/github.com/armosec/capacketsgo/audit-connector/types.go +++ /dev/null @@ -1,83 +0,0 @@ -package auditconnector - -import ( - "time" -) - -// available sources for audit logs -const ( - AuditSourceControlPanel = "ControlPanel" - AuditSourceAggregator = "Aggregator" - AuditSourceEventReceiver = "EventReceiver" - AuditSourceTest = "Test" -) - -// type Marshaler interface { -// MarshalJSON() ([]byte, error) -// } - -// AuditTime wraps the golang time object -type AuditTime time.Time - -// AuditReport represents single audit log entry -type AuditReport struct { - Source string `json:"source"` - TimeStamp time.Time `json:"time"` - Action string `json:"action"` - Subject string `json:"subject"` - Details string `json:"details"` - User string `json:"user"` - CustomerGUID string `json:"-"` -} - -// func (t AuditTime) MarshalJSON() ([]byte, error) { -// stamp := fmt.Sprintf("\"%s\"", time.Time(t).String()) -// return []byte(stamp), nil -// } - -const indexMapping = ` -{ - "mappings": { - "properties": { - "source": { - "type": "keyword", - "ignore_above": 256 - }, - "time": { - "type": "date", - "ignore_malformed": true, - "format": "strict_date_optional_time_nanos" - }, - "action": { - "type": "keyword", - "ignore_above": 256 - }, - "subject": { - "type": "text", - "fields": { - "keyword": { - "type": "keyword", - "ignore_above": 8000 - } - } - }, - "details": { - "type": "text" - }, - "user": { - "type": "text", - "fields": { - "keyword": { - "type": "keyword", - "ignore_above": 256 - } - } - }, - "customerGUID": { - "type": "keyword", - "ignore_above": 64 - } - } - } -} -` diff --git a/vendor/github.com/armosec/capacketsgo/cacli/cacliinterface.go b/vendor/github.com/armosec/capacketsgo/cacli/cacliinterface.go deleted file mode 100644 index 082096cc..00000000 --- a/vendor/github.com/armosec/capacketsgo/cacli/cacliinterface.go +++ /dev/null @@ -1,83 +0,0 @@ -package cacli - -import ( - "github.com/armosec/capacketsgo/opapolicy" - "github.com/armosec/capacketsgo/secrethandling" -) - -/* -Please follow the convention: -cacli -The function name should look like: -GROUP1GROUP2Command (groups should be upper-case. command - first leeter upper case) - -Examples: -cacli wt get -> WTGet -cacli wt Triplet -> WTTriplet -cacli secp list -> SECPList -cacli secp encrypt -> SECPEncrypt -cacli k8s attach -> K8SAttach -cacli opa framework get -> OPAFRAMEWORKGet -*/ -type ICacli interface { - // basic commands - Login() error - Status() (*Status, error) - Sign(wlid, user, password, ociImageURL string) error - - // wt - WTCreate(*WorkloadTemplate, string) (string, error) - WTApply(*WorkloadTemplate, string) (string, error) - WTUpdate(*WorkloadTemplate, string) (string, error) - WTDelete(string) error - WTTriplet(string) (*GUIDTriplet, error) - WTGet(string) (*WorkloadTemplate, error) - WTDownload(wlid, containerName, output string) error - WTSign(wlid, user, password, ociImageURL string) error - - // sp - // SPGet(name string) (*SigningProfile, error) - // SPCreate(sp *SigningProfile) (string, error) - // SPDelete(name string) error - // SPGenarate(name string) (*SigningProfile, error) - - // k8s - K8SAttach(_, _, _ string, injectLabel bool) error - - // OPA FRAMEWORK - OPAFRAMEWORKCreate(*opapolicy.Framework, string) (*opapolicy.Framework, error) - OPAFRAMEWORKUpdate(*opapolicy.Framework, string) (*opapolicy.Framework, error) - OPAFRAMEWORKGet(string, bool) ([]opapolicy.Framework, error) - OPAFRAMEWORKList(bool) ([]string, error) - OPAFRAMEWORKDelete(string) error - - // OPA CONTROL - OPACONTROLCreate(*opapolicy.Control, string) (*opapolicy.Control, error) - OPACONTROLUpdate(*opapolicy.Control, string) (*opapolicy.Control, error) - OPACONTROLGet(string) ([]opapolicy.Control, error) - OPACONTROLList() ([]string, error) - OPACONTROLDelete(string) error - - // OPA RULE - OPARULECreate(*opapolicy.PolicyRule, string) (*opapolicy.PolicyRule, error) - OPARULEUpdate(*opapolicy.PolicyRule, string) (*opapolicy.PolicyRule, error) - OPARULEGet(string) ([]opapolicy.PolicyRule, error) - OPARULEList() ([]string, error) - OPARULEDelete(string) error - - // // key - // KEYGet(string) (*Key, error) - - // secret policy - - SECPGet(sid, name, cluster, namespace string) ([]secrethandling.SecretAccessPolicy, error) - SECPEncrypt(message, inputFile, outputFile, keyID string, base64Enc bool) ([]byte, error) - SECPDecrypt(message, inputFile, outputFile string, base64Enc bool) ([]byte, error) - // SECPMetadata(string, bool) (*SecretMetadata, error) - // SECPCreate(*secrethandling.SecretAccessPolicy) (*secrethandling.SecretAccessPolicy, error) - // SECPUpdate(*secrethandling.SecretAccessPolicy) (*secrethandling.SecretAccessPolicy, error) - // SECPList() ([]string, error) - - // Utils - UTILSCleanup(string, bool) error -} diff --git a/vendor/github.com/armosec/capacketsgo/cacli/datastructures.go b/vendor/github.com/armosec/capacketsgo/cacli/datastructures.go deleted file mode 100644 index 9bde49ae..00000000 --- a/vendor/github.com/armosec/capacketsgo/cacli/datastructures.go +++ /dev/null @@ -1,183 +0,0 @@ -package cacli - -import ( - "encoding/json" - "fmt" -) - -const ( - DefaultCredentialsPath = "/etc/credentials" - DefaultCredentialsPathEnv = "CACLI_CREDENTAILS" -) - -//WorkloadTemplate sent -type WorkloadTemplate struct { - Kind string `json:"kind"` - Name string `json:"name"` - Cluster string `json:"cluster,omitempty"` - Datacenter string `json:"datacenter,omitempty"` - Namespace string `json:"namespace,omitempty"` - Project string `json:"project,omitempty"` - GroupingLevel0 string `json:"groupingLevel0"` - GroupingLevel1 string `json:"groupingLevel1"` - Wlid string `json:"wlid"` - MetaInfo WorkloadTemplateMetaInfo `json:"metainfo,omitempty"` - AutoAccessTokenUpdate bool `json:"autoAccessTokenUpdate"` - Containers []DockerContainers `json:"containers"` - WorkloadTemplateAttributes map[string]string `json:"attributes,omitempty"` -} - -// WorkloadTemplateMetaInfo attributes in workload -type WorkloadTemplateMetaInfo struct { - CreationDate string `json:"creationDate"` - LastEdited string `json:"lastEdited"` - WorkloadKind string `json:"workloadKind"` - Instances WorkloadTemplateInstances `json:"instances"` - Categories []string `json:"categories"` -} - -//WorkloadTemplateInstances list of active and inactive -type WorkloadTemplateInstances struct { - Active []string `json:"active"` - Inactive []string `json:"inactive"` -} - -// DockerContainers - -type DockerContainers struct { - Name string `json:"name"` - Os string `json:"os,omitempty"` - Architecture string `json:"architecture,omitempty"` - ImageHash string `json:"imageHash,omitempty"` - ImageTag string `json:"imageTag,omitempty"` - EnableVisiblity []map[string]bool `json:"enableVisiblity,omitempty"` - SigningProfileName string `json:"signingProfileName,omitempty"` -} - -// ModulesInformation holds data of specific module in signing profile -type ModulesInformation struct { - FullPath string `json:"fullPath"` - Name string `json:"name"` - Mandatory int `json:"mandatory"` - Version string `json:"version,omitempty"` - SignatureMismatchAction int `json:"signatureMismatchAction,omitempty"` - Type int `json:"type,omitempty"` -} - -// GUIDTriplet CyberArmor IDs of given microservice -type GUIDTriplet struct { - CustomerGUID string `json:"customerGUID"` - SolutionGUID string `json:"solutionGUID"` - ComponentGUID string `json:"componentGUID"` - ContainersComponentGUIDs []ContainerCAGUIDs `json:"containers"` -} - -// ContainerCAGUIDs CyberArmor component IDs of given container -type ContainerCAGUIDs struct { - ContainerName string `json:"containerName"` - ComponentGUID string `json:"componentGUID"` - ProcessesComponentGUIDs []ProcessGUIDs `json:"processes"` -} - -// ProcessGUIDs CyberArmor component ID of single process -type ProcessGUIDs struct { - ProcessName string `json:"name"` - ComponentGUID string `json:"componentGUID"` -} - -// CredStruct holds the various credentials needed to do login into CA BE -type CredStruct struct { - User string `json:"user"` - Password string `json:"password"` - Customer string `json:"customer"` -} - -// Key portal key structure -type Key struct { - GUID string `json:"guid"` - Name string `json:"name"` - CustomID string `json:"custom_id"` - Key string `json:"key"` - Algorithm string `json:"algorithm"` - Description string `json:"description"` - DliveryFlags string `json:"delivery_flags"` - BackupInDB bool `json:"backup_in_ca_db"` - BusinessRulePackage interface{} `json:"business_rule_package"` - Attributes map[string]string `json:"attributes"` -} - -// SecretPolicy portal SecretPolicy structure -type SecretPolicy struct { - AccessPolicy int `json:"guid"` - AccessSet string `json:"name"` - EncryptionStatus string `json:"custom_id"` - KeyID string `json:"key"` - Type string `json:"algorithm"` -} - -// SecretAccessSetPolicy portal SecretPolicy structure -type SecretAccessSetPolicy struct { - Wlids []string `json:"wlids"` - Attributes map[string]string `json:"attributes"` -} - -// Status cacli status -type Status struct { - CacliVersion string `json:"cacli-version"` - CacsignerVersion string `json:"casigner-version"` - Server string `json:"server"` - Customer string `json:"customer"` - UserName string `json:"user-name"` - LoggedIn bool `json:"logged-in"` -} - -// SecretMetadata cacli secret metadata -type SecretMetadata struct { - Version int `json:"version"` - Algorithm string `json:"algorithm"` - KeyID string `json:"keyID"` -} - -// SigningProfile signingProfile configuration -type SigningProfile struct { - Name string `json:"name"` - GUID string `json:"guid"` - Platform int64 `json:"platform"` - Architecture int64 `json:"architecture"` - CreationTime string `json:"creation_time"` - LastEditTime string `json:"last_edit_time"` - Attributes SignigProfileAttributes `json:"attributes"` - ExecutableList []ExecutablesList `json:"executablesList"` // Use structs from catypes - FullPathMap map[string]bool `json:"-"` -} - -// SignigProfileAttributes - -type SignigProfileAttributes struct { - IsStockProfile bool `json:"isStockProfile,omitempty"` - ContainerName string `json:"containerName,omitempty"` - DockerImageTag string `json:"dockerImageTag,omitempty"` - DockerImageSHA256 string `json:"dockerImageSHA256,omitempty"` - GeneratedFor string `json:"generatedFor,omitempty"` - GeneratedFrom string `json:"generatedFrom,omitempty"` -} - -// ExecutablesList holds the list of executables in this signing profile -type ExecutablesList struct { - MainProcess string `json:"mainProcess"` - FullProcessCommandLine string `json:"fullProcessCommandLine,omitempty"` - FullProcessEnvironmentVariables map[string]string `json:"fullProcessEnvironmentVariables,omitempty"` - ModulesInfo []ModulesInformation `json:"modulesInfo"` - Filters FiltersSection `json:"filter,omitempty"` -} - -// FiltersSection holds the filter section of ExecutablesList -type FiltersSection struct { - IncludePaths []string `json:"includePaths,omitempty"` - IncludeExtensions []string `json:"includeExtensions,omitempty"` -} - -func (wt *WorkloadTemplate) Json() string { - if b, err := json.Marshal(*wt); err == nil { - return fmt.Sprintf("%s", b) - } - return "" -} diff --git a/vendor/github.com/armosec/capacketsgo/cacli/execute.go b/vendor/github.com/armosec/capacketsgo/cacli/execute.go deleted file mode 100644 index ec54d5aa..00000000 --- a/vendor/github.com/armosec/capacketsgo/cacli/execute.go +++ /dev/null @@ -1,171 +0,0 @@ -package cacli - -import ( - "bytes" - "context" - "encoding/json" - "fmt" - "os/exec" - "strings" - "time" - - "github.com/golang/glog" -) - -// RunCommand - -func runCacliCommand(arg []string, display bool) ([]byte, error) { - cmd := &exec.Cmd{} - command := "cacli" - displayCommand := "" - if display { - displayCommand = fmt.Sprintf("command: %s %v", command, arg) - } - if display { - glog.Infof("Running: %s", displayCommand) - } - var outb, errb bytes.Buffer - cmd = exec.Command(command, arg...) - cmd.Stdout = &outb - cmd.Stderr = &errb - err := cmd.Run() - if err != nil { - e := fmt.Sprintf("error: %v, exit code: %s. %s", cmd.Stdout, err.Error(), displayCommand) - glog.Errorf(e) - return nil, fmt.Errorf(e) - } - glog.Infof("command executed successfully. %s", displayCommand) - return cmd.Stdout.(*bytes.Buffer).Bytes(), err -} - -// runCacliCommandWithTimeout - -func runCacliCommandWithTimeout(arg []string, display bool, timeout time.Duration) ([]byte, error) { - var outb, errb bytes.Buffer - var cancel context.CancelFunc - - // adding timeout - ctx := context.Background() - ctx, cancel = context.WithTimeout(context.Background(), timeout) - defer cancel() - command := "cacli" - if display { - glog.Infof("Running: %s %v", command, arg) - } - - cmd := exec.CommandContext(ctx, command, arg...) - - cmd.Stdout = &outb - cmd.Stderr = &errb - err := cmd.Run() - if err != nil { - err = fmt.Errorf(fmt.Sprintf("stdout: %v. stderr:%v. err: %v", cmd.Stdout, cmd.Stderr, err)) - glog.Errorf("error running command, reason: %v", err.Error()) - return nil, err - } - return cmd.Stdout.(*bytes.Buffer).Bytes(), err -} - -// RunCommand - -func RunCommand(command string, arg []string, display bool, timeout time.Duration) ([]byte, error) { - var outb, errb bytes.Buffer - var cancel context.CancelFunc - - // adding timeout - ctx := context.Background() - ctx, cancel = context.WithTimeout(context.Background(), timeout) - defer cancel() - - if display { - glog.Infof("Running: %s %v", command, arg) - } - - cmd := exec.CommandContext(ctx, command, arg...) - - cmd.Stdout = &outb - cmd.Stderr = &errb - err := cmd.Run() - if err != nil { - err = fmt.Errorf(fmt.Sprintf("stdout: %v. stderr:%v. err: %v", cmd.Stdout, cmd.Stderr, err)) - glog.Errorf("error running command, reason: %v", err.Error()) - return nil, err - } - return cmd.Stdout.(*bytes.Buffer).Bytes(), err -} - -func (cacli *Cacli) runCacliCommandRepeat(arg []string, display bool, timeout time.Duration) ([]byte, error) { - rep, err := runCacliCommandWithTimeout(arg, display, timeout) - if err != nil { - if strings.Contains(err.Error(), "Name or service not known") { - return nil, fmt.Errorf("failed to connect to Armo backend, please restart network. error: %s", err.Error()) - } - status, _ := cacli.Status() - if !status.LoggedIn { - glog.Infof("logging in again and retrying %d times", 3) - if err := cacli.cacliLogin(0); err != nil { - return nil, err - } - } - i := 0 - for i < 3 { // retry - rep, err = runCacliCommandWithTimeout(arg, display, timeout) - if err == nil { - return rep, nil - } - i++ - time.Sleep(3 * time.Second) - } - // glog.Errorf("stdout: %v. stderr:%v. err: %v", cmd.Stdout, cmd.Stderr, err) - return nil, err - } - return rep, nil -} - -// LoginCacli - -func (cacli *Cacli) cacliLogin(retries int) error { - if cacli.credentials.User == "" || cacli.credentials.Password == "" { - return fmt.Errorf("Missing cacli username or password") - } - if err := cacli.cacliLoginRetry(retries); err != nil { - return fmt.Errorf("failed to login, url: '%s', reason: %s", cacli.backendURL, err.Error()) - } - - status, err := cacli.Status() - if err != nil { - return err - } - s, err := json.Marshal(status) - if err != nil { - return err - } - if !status.LoggedIn { - return fmt.Errorf("Status logged-in is false, please check your credentials") - } - glog.Infof("%s", string(s)) - return nil -} - -// LoginCacli - -func (cacli *Cacli) cacliLoginRetry(retries int) error { - if retries == 0 { - retries = 1 - } - - var err error - for i := 0; i < retries; i++ { - if err = cacli.Login(); err == nil { - return nil - } - if i != retries-1 { - time.Sleep(3 * time.Second) - } - } - return err -} - -// IsLoggedIn - -func (cacli *Cacli) IsLoggedIn() (bool, error) { - status, err := cacli.Status() - if err != nil { - return false, err - } - return status.LoggedIn, nil -} diff --git a/vendor/github.com/armosec/capacketsgo/cacli/mothods.go b/vendor/github.com/armosec/capacketsgo/cacli/mothods.go deleted file mode 100644 index dc6cf6bc..00000000 --- a/vendor/github.com/armosec/capacketsgo/cacli/mothods.go +++ /dev/null @@ -1,769 +0,0 @@ -package cacli - -import ( - "encoding/json" - "fmt" - "os" - "time" - - "github.com/armosec/capacketsgo/opapolicy" - "github.com/armosec/capacketsgo/secrethandling" - "github.com/golang/glog" -) - -// Cacli commands -type Cacli struct { - backendURL string - credentials CredStruct -} - -// NewCacli - -func NewCacli(backendURL string, setCredInEnv bool) *Cacli { - // Load credentials from mounted secret - credentials, err := LoadCredentials() - if err != nil { - glog.Error(err) - os.Exit(1) - } - cacliObj := &Cacli{ - backendURL: backendURL, - credentials: *credentials, - } - - // login cacli - if err := cacliObj.cacliLogin(3); err != nil { - glog.Error(err) - os.Exit(1) - } - - if setCredInEnv { - if err := cacliObj.setCredentialsInEnv(); err != nil { - glog.Error(err) - os.Exit(1) - } - } - - return cacliObj -} - -// NewCacliWithoutLogin - -func NewCacliWithoutLogin() *Cacli { - - cacliObj := &Cacli{} - // loggedin, err := cacliObj.IsLoggedIn() - // if err != nil || !loggedin { - // glog.Errorf("Please run `cacli login`\n") - // os.Exit(1) - // } - return cacliObj -} - -// ================================================================================================ -// ================================ BASIC ========================================================= -// ================================================================================================ - -// Login command -func (cacli *Cacli) Login() error { - args := []string{} - args = append(args, "login") - args = append(args, "-u") - args = append(args, cacli.credentials.User) - if cacli.credentials.Customer != "" { - args = append(args, "-c") - args = append(args, cacli.credentials.Customer) - } - args = append(args, "--dashboard") - args = append(args, cacli.backendURL) - - // must be last argument - args = append(args, "-p") - args = append(args, cacli.credentials.Password) - - glog.Infof("Running: cacli %v", args[:len(args)-1]) - - _, err := runCacliCommandWithTimeout(args, false, time.Duration(2)*time.Minute) - return err -} - -// Status - -func (cacli *Cacli) Status() (*Status, error) { - status := &Status{} - args := []string{} - args = append(args, "--status") - statusReceive, err := runCacliCommand(args, true) - if err == nil { - err = json.Unmarshal(statusReceive, status) - } - return status, err -} - -// Sign command -func (cacli *Cacli) Sign(wlid, user, password, ociImageURL string) error { - args := []string{} - display := true - args = append(args, "--debug") - args = append(args, "sign") - args = append(args, "-wlid") - args = append(args, wlid) - - if ociImageURL != "" { - args = append(args, "--dockerless-service-url") - args = append(args, ociImageURL) - } - - if user != "" && password != "" { - display = false - args = append(args, "--docker-registry-user") - args = append(args, user) - args = append(args, "--docker-registry-password") - args = append(args, password) - } - - _, err := runCacliCommandWithTimeout(args, display, time.Duration(8)*time.Minute) - return err -} - -// ================================================================================================ -// ================================== vulnscan ========================================================== -// ================================================================================================ -func (cacli *Cacli) VulnerabilityScan(cluster, namespace, wlid string, attributes map[string]interface{}) error { - - args := []string{} - args = append(args, "k8s") - args = append(args, "scan") - if wlid != "" { - args = append(args, "-wlid") - args = append(args, wlid) - } else if attributes == nil { - if cluster == "" { - return fmt.Errorf("invalid vulnerability scan request- missing cluster") - } - args = append(args, "--cluster") - args = append(args, cluster) - if namespace != "" { - args = append(args, "--namespace") - args = append(args, namespace) - } - } - - b, err := cacli.runCacliCommandRepeat(args, true, time.Duration(5)*time.Minute) - if err != nil { - return err - } - glog.Infof("%v", string(b)) - return nil -} - -// ================================================================================================ -// ================================== WT ========================================================== -// ================================================================================================ - -// Create command -func (cacli *Cacli) WTCreate(wt *WorkloadTemplate, fileName string) (string, error) { - if fileName == "" { - var err error - if fileName, err = ConvertObjectTOFile(*wt); err != nil { - return "", err - } - } - - args := []string{} - args = append(args, "wt") - args = append(args, "create") - args = append(args, "-i") - args = append(args, fileName) - wlid, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - if err != nil { - return "", err - } - DeleteObjTmpFile(fileName) - wlidMap := make(map[string]string) - json.Unmarshal(wlid, &wlidMap) - return wlidMap["wlid"], err -} - -// Apply command -func (cacli *Cacli) WTApply(wt *WorkloadTemplate, fileName string) (string, error) { - if fileName == "" { - if wt == nil { - return "", fmt.Errorf("missing wt and fileName, you must provide one of them") - } - f, err := StoreObjTmpFile(wt) - if err != nil { - return "", err - } - fileName = f - } - args := []string{} - args = append(args, "wt") - args = append(args, "apply") - args = append(args, "-i") - args = append(args, fileName) - wlid, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - if err != nil { - return "", err - } - DeleteObjTmpFile(fileName) - wlidMap := make(map[string]string) - json.Unmarshal(wlid, &wlidMap) - return wlidMap["wlid"], err -} - -// Update command -func (cacli *Cacli) WTUpdate(wt *WorkloadTemplate, fileName string) (string, error) { - if fileName == "" { - if wt == nil { - return "", fmt.Errorf("missing wt and fileName, you must provide one of them") - } - f, err := StoreObjTmpFile(wt) - if err != nil { - return "", err - } - fileName = f - } - args := []string{} - args = append(args, "wt") - args = append(args, "update") - args = append(args, "-i") - args = append(args, fileName) - wlid, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - if err != nil { - return "", err - } - DeleteObjTmpFile(fileName) - wlidMap := make(map[string]string) - json.Unmarshal(wlid, &wlidMap) - return wlidMap["wlid"], err -} - -// Triplet command -func (cacli *Cacli) WTTriplet(wlid string) (*GUIDTriplet, error) { - triplet := GUIDTriplet{} - args := []string{} - args = append(args, "wt") - args = append(args, "triplet") - args = append(args, "-wlid") - args = append(args, wlid) - tripletReceive, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - if err == nil { - json.Unmarshal(tripletReceive, &triplet) - } - return &triplet, err -} - -// Get command -// func (cacli *Cacli) Get(wlid string) error { -func (cacli *Cacli) WTGet(wlid string) (*WorkloadTemplate, error) { - wt := WorkloadTemplate{} - args := []string{} - args = append(args, "wt") - args = append(args, "get") - args = append(args, "-wlid") - args = append(args, wlid) - wtReceive, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - if err == nil { - json.Unmarshal(wtReceive, &wt) - } - return &wt, err -} - -// Get command -func (cacli *Cacli) WTDelete(wlid string) error { - args := []string{} - args = append(args, "wt") - args = append(args, "delete") - args = append(args, "-wlid") - args = append(args, wlid) - _, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - return err -} - -// Download command -func (cacli *Cacli) WTDownload(wlid, containerName, output string) error { - args := []string{} - args = append(args, "wt") - args = append(args, "download") - args = append(args, "-wlid") - args = append(args, wlid) - args = append(args, "-o") - args = append(args, output) - - if containerName != "" { - args = append(args, "-n") - args = append(args, containerName) - } - _, err := cacli.runCacliCommandRepeat(args, true, time.Duration(6)*time.Minute) - return err -} - -// Sign command -func (cacli *Cacli) WTSign(wlid, user, password, ociImageURL string) error { - args := []string{} - display := true - args = append(args, "--debug") - args = append(args, "wt") - args = append(args, "sign") - args = append(args, "-wlid") - args = append(args, wlid) - - if ociImageURL != "" { - args = append(args, "--dockerless-service-url") - args = append(args, ociImageURL) - } - - if user != "" && password != "" { - display = false - args = append(args, "--docker-registry-user") - args = append(args, user) - args = append(args, "--docker-registry-password") - args = append(args, password) - } - - _, err := runCacliCommandWithTimeout(args, display, time.Duration(8)*time.Minute) - return err -} - -// ================================================================================================ -// ================================= K8S ========================================================== -// ================================================================================================ - -// AttachNameSpace command attach workloads -func (cacli *Cacli) K8SAttach(cluster, ns, wlid string, injectLabel bool) error { - args := []string{} - args = append(args, "attach") - args = append(args, SetArgs(cluster, ns, wlid, nil)...) - if injectLabel { - args = append(args, "--attach-future") - } - _, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - return err -} - -func (cacli *Cacli) RunPostureScan(framework, cluster string) error { - args := []string{} - // cacli k8s posture create --framework "MITRE" --cluster childrenofbodom - - args = append(args, "k8s") - args = append(args, "posture") - args = append(args, "create") - args = append(args, "--cluster") - args = append(args, cluster) - args = append(args, "--framework") - args = append(args, framework) - res, err := cacli.runCacliCommandRepeat(args, false, time.Duration(3)*time.Minute) - if err != nil { - return err - } - glog.Infof("%v", string(res)) - return nil - -} - -// ================================================================================================ -// ============================ OPA FRAMEWORK ===================================================== -// ================================================================================================ - -// OPAFRAMEWORKGet cacli opa get -func (cacli *Cacli) OPAFRAMEWORKGet(name string, public bool) ([]opapolicy.Framework, error) { - args := []string{} - opaList := []opapolicy.Framework{} - args = append(args, "opa") - args = append(args, "framework") - args = append(args, "get") - if name != "" { - args = append(args, "--name") - args = append(args, name) - } - if public { - args = append(args, "--public") - } - args = append(args, "--expand") - - opaReceive, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - if err == nil { - if name == "" { - err = json.Unmarshal(opaReceive, &opaList) - } else { - opaSingle := opapolicy.Framework{} - err = json.Unmarshal(opaReceive, &opaSingle) - opaList = append(opaList, opaSingle) - } - } - return opaList, err -} - -// OPAFRAMEWORKList - cacli opa list -func (cacli *Cacli) OPAFRAMEWORKList(public bool) ([]string, error) { - args := []string{} - opaList := []string{} - args = append(args, "opa") - args = append(args, "framework") - args = append(args, "list") - if public { - args = append(args, "--public") - } - opaReceive, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - if err == nil { - json.Unmarshal(opaReceive, &opaList) - } - return opaList, err -} - -// OPAFRAMEWORKCreate - cacli opa create -func (cacli *Cacli) OPAFRAMEWORKCreate(framework *opapolicy.Framework, fileName string) (*opapolicy.Framework, error) { - if fileName == "" { - var err error - if fileName, err = ConvertObjectTOFile(*framework); err != nil { - return nil, err - } - } - args := []string{} - args = append(args, "opa") - args = append(args, "framework") - args = append(args, "create") - args = append(args, "--input") - args = append(args, fileName) - _, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - // if err == nil { - // json.Unmarshal(opaReceive, &opaList) - // } - return nil, err -} - -// OPAFRAMEWORKUpdate - cacli opa update -func (cacli *Cacli) OPAFRAMEWORKUpdate(framework *opapolicy.Framework, fileName string) (*opapolicy.Framework, error) { - if fileName == "" { - var err error - if fileName, err = ConvertObjectTOFile(*framework); err != nil { - return nil, err - } - } - args := []string{} - args = append(args, "opa") - args = append(args, "framework") - args = append(args, "update") - args = append(args, "--input") - args = append(args, fileName) - _, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - // if err == nil { - // json.Unmarshal(opaReceive, &opaList) - // } - return nil, err -} - -// OPAFRAMEWORKDelete cacli opa delete -func (cacli *Cacli) OPAFRAMEWORKDelete(name string) error { - args := []string{} - args = append(args, "opa") - args = append(args, "framework") - args = append(args, "delete") - args = append(args, "--name") - args = append(args, name) - _, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - return err -} - -// ================================================================================================ -// ============================ OPA CONTROL ======================================================= -// ================================================================================================ - -// OPACONTROLGet cacli opa get -func (cacli *Cacli) OPACONTROLGet(name string) ([]opapolicy.Control, error) { - args := []string{} - opaList := []opapolicy.Control{} - args = append(args, "opa") - args = append(args, "control") - args = append(args, "get") - if name != "" { - args = append(args, "--name") - args = append(args, name) - } - args = append(args, "--expand") - - opaReceive, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - if err == nil { - if name == "" { - err = json.Unmarshal(opaReceive, &opaList) - } else { - opaSingle := opapolicy.Control{} - err = json.Unmarshal(opaReceive, &opaSingle) - opaList = append(opaList, opaSingle) - } - } - return opaList, err -} - -// OPAFRAMEWORKList - cacli opa list -func (cacli *Cacli) OPACONTROLList() ([]string, error) { - args := []string{} - opaList := []string{} - args = append(args, "opa") - args = append(args, "control") - args = append(args, "list") - opaReceive, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - if err == nil { - json.Unmarshal(opaReceive, &opaList) - } - return opaList, err -} - -// OPAFRAMEWORKCreate - cacli opa create -func (cacli *Cacli) OPACONTROLCreate(control *opapolicy.Control, fileName string) (*opapolicy.Control, error) { - if fileName == "" { - var err error - if fileName, err = ConvertObjectTOFile(*control); err != nil { - return nil, err - } - } - args := []string{} - args = append(args, "opa") - args = append(args, "control") - args = append(args, "create") - args = append(args, "--input") - args = append(args, fileName) - _, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - // if err == nil { - // json.Unmarshal(opaReceive, &opaList) - // } - return nil, err -} - -// OPAFRAMEWORKUpdate - cacli opa update -func (cacli *Cacli) OPACONTROLUpdate(control *opapolicy.Control, fileName string) (*opapolicy.Control, error) { - if fileName == "" { - var err error - if fileName, err = ConvertObjectTOFile(*control); err != nil { - return nil, err - } - } - args := []string{} - args = append(args, "opa") - args = append(args, "control") - args = append(args, "update") - args = append(args, "--input") - args = append(args, fileName) - _, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - // if err == nil { - // json.Unmarshal(opaReceive, &opaList) - // } - return nil, err -} - -// OPACONTROLDelete cacli opa delete -func (cacli *Cacli) OPACONTROLDelete(name string) error { - args := []string{} - args = append(args, "opa") - args = append(args, "control") - args = append(args, "delete") - args = append(args, "--name") - args = append(args, name) - _, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - return err -} - -// ================================================================================================ -// ============================== OPA RULE ======================================================== -// ================================================================================================ - -// OPARULEGet cacli opa get -func (cacli *Cacli) OPARULEGet(name string) ([]opapolicy.PolicyRule, error) { - args := []string{} - opaList := []opapolicy.PolicyRule{} - args = append(args, "opa") - args = append(args, "rule") - args = append(args, "get") - if name != "" { - args = append(args, "--name") - args = append(args, name) - } - opaReceive, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - if err == nil { - if name == "" { - err = json.Unmarshal(opaReceive, &opaList) - } else { - opaSingle := opapolicy.PolicyRule{} - err = json.Unmarshal(opaReceive, &opaSingle) - opaList = append(opaList, opaSingle) - } - } - return opaList, err -} - -// OPAFRAMEWORKList - cacli opa list -func (cacli *Cacli) OPARULEList() ([]string, error) { - args := []string{} - opaList := []string{} - args = append(args, "opa") - args = append(args, "rule") - args = append(args, "list") - opaReceive, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - if err == nil { - json.Unmarshal(opaReceive, &opaList) - } - return opaList, err -} - -// OPAFRAMEWORKCreate - cacli opa create -func (cacli *Cacli) OPARULECreate(rule *opapolicy.PolicyRule, fileName string) (*opapolicy.PolicyRule, error) { - if fileName == "" { - var err error - if fileName, err = ConvertObjectTOFile(*rule); err != nil { - return nil, err - } - } - args := []string{} - args = append(args, "opa") - args = append(args, "rule") - args = append(args, "create") - args = append(args, "--input") - args = append(args, fileName) - _, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - // if err == nil { - // json.Unmarshal(opaReceive, &opaList) - // } - return nil, err -} - -// OPAFRAMEWORKUpdate - cacli opa update -func (cacli *Cacli) OPARULEUpdate(rule *opapolicy.PolicyRule, fileName string) (*opapolicy.PolicyRule, error) { - if fileName == "" { - var err error - if fileName, err = ConvertObjectTOFile(*rule); err != nil { - return nil, err - } - } - args := []string{} - args = append(args, "opa") - args = append(args, "rule") - args = append(args, "update") - args = append(args, "--input") - args = append(args, fileName) - _, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - // if err == nil { - // json.Unmarshal(opaReceive, &opaList) - // } - return nil, err -} - -// OPARULEDelete cacli opa delete -func (cacli *Cacli) OPARULEDelete(name string) error { - args := []string{} - args = append(args, "opa") - args = append(args, "rule") - args = append(args, "delete") - args = append(args, "--name") - args = append(args, name) - _, err := cacli.runCacliCommandRepeat(args, true, time.Duration(2)*time.Minute) - return err -} - -// ================================================================================================ -// ================================ SECP ========================================================== -// ================================================================================================ - -// SecretEncrypt - -func (cacli *Cacli) SECPEncrypt(message, inputFile, outputFile, keyID string, base64Enc bool) ([]byte, error) { - args := []string{} - args = append(args, "secret-policy") - args = append(args, "encrypt") - if message != "" { - args = append(args, "--message") - args = append(args, message) - } - if inputFile != "" { - args = append(args, "--input") - args = append(args, inputFile) - } - if keyID != "" { - args = append(args, "-kid") - args = append(args, keyID) - } - if outputFile != "" { - args = append(args, "--output") - args = append(args, outputFile) - } - if base64Enc { - args = append(args, "--base64") - } - - messageByte, err := runCacliCommand(args, false) - return messageByte, err -} - -// SecretDecrypt - -func (cacli *Cacli) SECPDecrypt(message, inputFile, outputFile string, base64Enc bool) ([]byte, error) { - args := []string{} - args = append(args, "secret-policy") - args = append(args, "decrypt") - if message != "" { - args = append(args, "--message") - args = append(args, message) - } - if inputFile != "" { - args = append(args, "--input") - args = append(args, inputFile) - } - if outputFile != "" { - args = append(args, "--output") - args = append(args, outputFile) - } - if base64Enc { - args = append(args, "--base64") - } - - messageByte, err := runCacliCommand(args, true) - - return messageByte, err -} - -// GetSecretAccessPolicy - -func (cacli *Cacli) SECPGet(sid, name, cluster, namespace string) ([]secrethandling.SecretAccessPolicy, error) { - secretAccessPolicy := []secrethandling.SecretAccessPolicy{} - args := []string{} - args = append(args, "secret-policy") - args = append(args, "get") - if sid != "" { - args = append(args, "-sid") - args = append(args, sid) - } else if name != "" { - args = append(args, "--name") - args = append(args, name) - } else { - if cluster != "" { - args = append(args, "--cluster") - args = append(args, cluster) - if namespace != "" { - args = append(args, "--namespace") - args = append(args, namespace) - } - } - } - sReceive, err := cacli.runCacliCommandRepeat(args, true, time.Duration(3)*time.Minute) - if err == nil { - if err = json.Unmarshal(sReceive, &secretAccessPolicy); err != nil { - tmpSecretAccessPolicy := secrethandling.SecretAccessPolicy{} - if err = json.Unmarshal(sReceive, &tmpSecretAccessPolicy); err == nil { - secretAccessPolicy = []secrethandling.SecretAccessPolicy{tmpSecretAccessPolicy} - } - } - err = nil // if received and empty list - } - return secretAccessPolicy, err -} - -// ================================================================================================ -// ================================ UTILS ========================================================= -// ================================================================================================ - -func (cacli *Cacli) UTILSCleanup(wlid string, discoveryOnly bool) error { - args := []string{} - args = append(args, "utils") - args = append(args, "cleanup") - args = append(args, "--workload-id") - args = append(args, wlid) - if discoveryOnly { - args = append(args, "--discovery") - } - _, err := cacli.runCacliCommandRepeat(args, true, time.Duration(3)*time.Minute) - return err -} diff --git a/vendor/github.com/armosec/capacketsgo/cacli/mothods_mock.go b/vendor/github.com/armosec/capacketsgo/cacli/mothods_mock.go deleted file mode 100644 index 5be975fc..00000000 --- a/vendor/github.com/armosec/capacketsgo/cacli/mothods_mock.go +++ /dev/null @@ -1,211 +0,0 @@ -package cacli - -import ( - "github.com/armosec/capacketsgo/opapolicy" - "github.com/armosec/capacketsgo/secrethandling" -) - -// Cacli commands -type CacliMock struct { - backendURL string - credentials CredStruct -} - -// NewCacli - -func NewCacliMock(backendURL string) *CacliMock { - // Load credentials from mounted secret - return &CacliMock{ - backendURL: backendURL, - credentials: CredStruct{}, - } -} - -// ================================================================================================ -// ================================ BASIC ========================================================= -// ================================================================================================ - -// Login cacli login -func (cacli *CacliMock) Login() error { - return nil -} - -// Status cacli --status -func (caclim *CacliMock) Status() (*Status, error) { - return &Status{}, nil -} - -// Sign command -func (caclim *CacliMock) Sign(wlid, user, password, ociImageURL string) error { - return nil -} - -// ================================================================================================ -// ================================== WT ========================================================== -// ================================================================================================ - -// Create command -func (caclim *CacliMock) WTCreate(wt *WorkloadTemplate, fileName string) (string, error) { - return "", nil -} - -// Apply command -func (caclim *CacliMock) WTApply(wt *WorkloadTemplate, fileName string) (string, error) { - return "", nil - -} - -// Update command -func (caclim *CacliMock) WTUpdate(wt *WorkloadTemplate, fileName string) (string, error) { - return "", nil - -} - -// Triplet command -func (caclim *CacliMock) WTTriplet(wlid string) (*GUIDTriplet, error) { - return &GUIDTriplet{}, nil -} - -// Get command -// func (caclim *CacliMock) Get(wlid string) error { -func (caclim *CacliMock) WTGet(wlid string) (*WorkloadTemplate, error) { - return &WorkloadTemplate{}, nil -} - -// Get command -func (caclim *CacliMock) WTDelete(wlid string) error { - return nil -} - -// Download command -func (caclim *CacliMock) WTDownload(wlid, containerName, output string) error { - return nil -} - -// Sign command -func (caclim *CacliMock) WTSign(wlid, user, password, ociImageURL string) error { - return nil -} - -// ================================================================================================ -// ================================= K8S ========================================================== -// ================================================================================================ - -// AttachNameSpace command attach all workloads in namespace -func (caclim *CacliMock) K8SAttach(cluster, ns, wlid string, _ bool) error { - return nil -} - -// ================================================================================================ -// ============================ OPA FRAMEWORK ===================================================== -// ================================================================================================ - -// OPAFRAMEWORKGet cacli opa get -func (caclim *CacliMock) OPAFRAMEWORKGet(name string) ([]opapolicy.Framework, error) { - return []opapolicy.Framework{}, nil -} - -// OPAFRAMEWORKDelete cacli opa delete -func (caclim *CacliMock) OPAFRAMEWORKDelete(name string) error { - return nil -} - -// OPAFRAMEWORKList - cacli opa list -func (caclim *CacliMock) OPAFRAMEWORKList() ([]string, error) { - return []string{}, nil -} - -// OPAFRAMEWORKCreate - cacli opa create -func (caclim *CacliMock) OPAFRAMEWORKCreate(framework *opapolicy.Framework, fileName string) (*opapolicy.Framework, error) { - return nil, nil -} - -// OPAFRAMEWORKUpdate - cacli opa update -func (caclim *CacliMock) OPAFRAMEWORKUpdate(framework *opapolicy.Framework, fileName string) (*opapolicy.Framework, error) { - return nil, nil -} - -// ================================================================================================ -// ============================ OPA CONTROL ======================================================= -// ================================================================================================ - -// OPAFRAMEWORKGet cacli opa get -func (caclim *CacliMock) OPACONTROLGet(name string) ([]opapolicy.Control, error) { - return []opapolicy.Control{}, nil -} - -// OPAFRAMEWORKGet cacli opa get -func (caclim *CacliMock) OPACONTROLDelete(name string) error { - return nil -} - -// OPAFRAMEWORKList - cacli opa list -func (caclim *CacliMock) OPACONTROLList() ([]string, error) { - return []string{}, nil -} - -// OPAFRAMEWORKCreate - cacli opa create -func (caclim *CacliMock) OPACONTROLCreate(control *opapolicy.Control, fileName string) (*opapolicy.Control, error) { - return nil, nil -} - -// OPAFRAMEWORKUpdate - cacli opa update -func (caclim *CacliMock) OPACONTROLUpdate(control *opapolicy.Control, fileName string) (*opapolicy.Control, error) { - return nil, nil -} - -// ================================================================================================ -// ============================== OPA RULE ======================================================== -// ================================================================================================ - -// OPAFRAMEWORKGet cacli opa get -func (caclim *CacliMock) OPARULEGet(name string) ([]opapolicy.PolicyRule, error) { - return []opapolicy.PolicyRule{}, nil -} - -// OPAFRAMEWORKGet cacli opa get -func (caclim *CacliMock) OPARULEDelete(name string) error { - return nil -} - -// OPAFRAMEWORKList - cacli opa list -func (caclim *CacliMock) OPARULEList() ([]string, error) { - return []string{}, nil -} - -// OPAFRAMEWORKCreate - cacli opa create -func (caclim *CacliMock) OPARULECreate(rule *opapolicy.PolicyRule, fileName string) (*opapolicy.PolicyRule, error) { - return nil, nil -} - -// OPAFRAMEWORKUpdate - cacli opa update -func (caclim *CacliMock) OPARULEUpdate(rule *opapolicy.PolicyRule, fileName string) (*opapolicy.PolicyRule, error) { - return nil, nil -} - -// ================================================================================================ -// ================================ SECP ========================================================== -// ================================================================================================ - -// SecretEncrypt - -func (caclim *CacliMock) SECPEncrypt(message, inputFile, outputFile, keyID string, base64Enc bool) ([]byte, error) { - return []byte{}, nil -} - -// SecretDecrypt - -func (caclim *CacliMock) SECPDecrypt(message, inputFile, outputFile string, base64Enc bool) ([]byte, error) { - return []byte{}, nil - -} - -// GetSecretAccessPolicy - -func (caclim *CacliMock) SECPGet(sid, name, cluster, namespace string) ([]secrethandling.SecretAccessPolicy, error) { - return []secrethandling.SecretAccessPolicy{}, nil -} - -// ================================================================================================ -// ================================ UTILS ========================================================= -// ================================================================================================ - -func (caclim *CacliMock) UTILSCleanup(wlid string, _ bool) error { - return nil -} diff --git a/vendor/github.com/armosec/capacketsgo/cacli/utils.go b/vendor/github.com/armosec/capacketsgo/cacli/utils.go deleted file mode 100644 index 112fd68f..00000000 --- a/vendor/github.com/armosec/capacketsgo/cacli/utils.go +++ /dev/null @@ -1,106 +0,0 @@ -package cacli - -import ( - "encoding/json" - "fmt" - "io/ioutil" - "math/rand" - "os" - "path/filepath" - - "github.com/golang/glog" -) - -func StoreObjTmpFile(obj interface{}) (string, error) { - - bet, err := json.Marshal(obj) - if err != nil { - return "", err - } - file := fmt.Sprintf("/tmp/%d.json", rand.Int()) - if err := ioutil.WriteFile(file, bet, 0644); err != nil { - return "", err - } - return file, nil -} - -func DeleteObjTmpFile(path string) { - // delete file - var err = os.Remove(path) - if err != nil { - glog.Error(err) - } -} - -func SetArgs(wlid, cluster, namespace string, attributes map[string]string) []string { - args := []string{} - if wlid != "" { - args = append(args, "--workload-id") - args = append(args, wlid) - } - if cluster != "" { - args = append(args, "--cluster") - args = append(args, cluster) - } - if namespace != "" { - args = append(args, "--namespace") - args = append(args, namespace) - } - return args -} - -func ConvertObjectTOFile(obj interface{}) (string, error) { - if obj == nil { - return "", fmt.Errorf("missing wt and fileName, you must provide one of them") - } - f, err := StoreObjTmpFile(obj) - if err != nil { - return "", err - } - return f, nil -} - -func LoadCredentials() (*CredStruct, error) { - credentials := CredStruct{} - credentialsPath := getCredentialsPath() - customer, err := ioutil.ReadFile(filepath.Join(credentialsPath, "customer")) - if err != nil || len(customer) == 0 { - glog.Warningf("'customer' not found in credentials secret. path: %s", filepath.Join(credentialsPath, "customer")) - } - credentials.Customer = string(customer) - - username, err := ioutil.ReadFile(filepath.Join(credentialsPath, "username")) - if err != nil || len(username) == 0 { - return nil, fmt.Errorf("'username' not found in credentials secret. path: %s", filepath.Join(credentialsPath, "username")) - } - credentials.User = string(username) - - password, err := ioutil.ReadFile(filepath.Join(credentialsPath, "password")) - if err != nil || len(password) == 0 { - return nil, fmt.Errorf("'password' not found in credentials secret. path: %s", filepath.Join(credentialsPath, "password")) - } - credentials.Password = string(password) - - return &credentials, nil -} -func getCredentialsPath() string { - if credentialsPath := os.Getenv(DefaultCredentialsPathEnv); credentialsPath != "" { - return credentialsPath - } - return DefaultCredentialsPath -} - -func (cacli *Cacli) setCredentialsInEnv() error { - if err := os.Setenv("CA_USERNAME", cacli.credentials.User); err != nil { - return err - } - if err := os.Setenv("CA_PASSWORD", cacli.credentials.Password); err != nil { - return err - } - if cacli.credentials.Customer != "" { - if err := os.Setenv("CA_CUSTOMER", cacli.credentials.Customer); err != nil { - return err - } - } - return nil -} diff --git a/vendor/github.com/armosec/capacketsgo/cautils/armometadata.go b/vendor/github.com/armosec/capacketsgo/cautils/armometadata.go deleted file mode 100644 index b5e77ee1..00000000 --- a/vendor/github.com/armosec/capacketsgo/cautils/armometadata.go +++ /dev/null @@ -1,197 +0,0 @@ -package cautils - -import ( - "encoding/json" - "fmt" - "io/ioutil" - "os" - "strings" - - "github.com/golang/glog" -) - -// labels added to the workload -const ( - ArmoPrefix string = "armo" - ArmoAttach string = ArmoPrefix + ".attach" - ArmoInitialSecret string = ArmoPrefix + ".initial" - ArmoSecretStatus string = ArmoPrefix + ".secret" - ArmoCompatibleLabel string = ArmoPrefix + ".compatible" - - ArmoSecretProtectStatus string = "protect" - ArmoSecretClearStatus string = "clear" -) - -// annotations added to the workload -const ( - ArmoUpdate string = ArmoPrefix + ".last-update" - ArmoWlid string = ArmoPrefix + ".wlid" - ArmoSid string = ArmoPrefix + ".sid" - ArmoJobID string = ArmoPrefix + ".job" - ArmoJobIDPath string = ArmoJobID + "/id" - ArmoJobParentPath string = ArmoJobID + "/parent" - ArmoJobActionPath string = ArmoJobID + "/action" - ArmoCompatibleAnnotation string = ArmoAttach + "/compatible" - ArmoReplaceheaders string = ArmoAttach + "/replaceheaders" -) - -const ( // DEPRECATED - - CAAttachLabel string = "cyberarmor" - Patched string = "Patched" - Done string = "Done" - Encrypted string = "Protected" - - CAInjectOld = "injectCyberArmor" - - CAPrefix string = "cyberarmor" - CAProtectedSecret string = CAPrefix + ".secret" - CAInitialSecret string = CAPrefix + ".initial" - CAInject string = CAPrefix + ".inject" - CAIgnore string = CAPrefix + ".ignore" - CAReplaceHeaders string = CAPrefix + ".removeSecurityHeaders" -) - -const ( // DEPRECATED - CAUpdate string = CAPrefix + ".last-update" - CAStatus string = CAPrefix + ".status" - CAWlid string = CAPrefix + ".wlid" -) - -type ClusterConfig struct { - EventReceiverREST string `json:"eventReceiverREST"` - EventReceiverWS string `json:"eventReceiverWS"` - MaserNotificationServer string `json:"maserNotificationServer"` - Postman string `json:"postman"` - Dashboard string `json:"dashboard"` - Portal string `json:"portal"` - CustomerGUID string `json:"customerGUID"` - ClusterGUID string `json:"clusterGUID"` - ClusterName string `json:"clusterName"` - OciImageURL string `json:"ociImageURL"` - NotificationWSURL string `json:"notificationWSURL"` - NotificationRestURL string `json:"notificationRestURL"` - VulnScanURL string `json:"vulnScanURL"` - OracleURL string `json:"oracleURL"` - ClairURL string `json:"clairURL"` -} - -// represents workload basic info -type SpiffeBasicInfo struct { - //cluster/datacenter - Level0 string `json:"level0"` - Level0Type string `json:"level0Type"` - - //namespace/project - Level1 string `json:"level0"` - Level1Type string `json:"level0Type"` - - Kind string `json:"kind"` - Name string `json:"name"` -} - -type ImageInfo struct { - Registry string `json:"registry"` - VersionImage string `json:"versionImage"` -} - -func IsAttached(labels map[string]string) *bool { - attach := false - if labels == nil { - return nil - } - if attached, ok := labels[ArmoAttach]; ok { - if strings.ToLower(attached) == "true" { - attach = true - return &attach - } else { - return &attach - } - } - - // deprecated - if _, ok := labels[CAAttachLabel]; ok { - attach = true - return &attach - } - - // deprecated - if inject, ok := labels[CAInject]; ok { - if strings.ToLower(inject) == "true" { - attach = true - return &attach - } - } - - // deprecated - if ignore, ok := labels[CAIgnore]; ok { - if strings.ToLower(ignore) == "true" { - return &attach - } - } - - return nil -} - -func IsSecretProtected(labels map[string]string) *bool { - protect := false - if labels == nil { - return nil - } - if protected, ok := labels[ArmoSecretStatus]; ok { - if strings.ToLower(protected) == ArmoSecretProtectStatus { - protect = true - return &protect - } else { - return &protect - } - } - return nil -} - -func LoadConfig(configPath string, loadToEnv bool) (*ClusterConfig, error) { - if configPath == "" { - configPath = "/etc/config/clusterData.json" - } - - dat, err := ioutil.ReadFile(configPath) - if err != nil || len(dat) == 0 { - return nil, fmt.Errorf("Config empty or not found. path: %s", configPath) - } - componentConfig := &ClusterConfig{} - if err := json.Unmarshal(dat, componentConfig); err != nil { - return componentConfig, fmt.Errorf("Failed to read component config, path: %s, reason: %s", configPath, err.Error()) - } - if loadToEnv { - componentConfig.LoadConfigToEnv() - } - return componentConfig, nil -} - -func (clusterConfig *ClusterConfig) LoadConfigToEnv() { - - SetEnv("CA_CLUSTER_NAME", clusterConfig.ClusterName) - SetEnv("CA_CLUSTER_GUID", clusterConfig.ClusterGUID) - SetEnv("CA_ORACLE_SERVER", clusterConfig.OracleURL) - SetEnv("CA_CUSTOMER_GUID", clusterConfig.CustomerGUID) - SetEnv("CA_DASHBOARD_BACKEND", clusterConfig.Dashboard) - SetEnv("CA_NOTIFICATION_SERVER_REST", clusterConfig.NotificationWSURL) - SetEnv("CA_NOTIFICATION_SERVER_WS", clusterConfig.NotificationWSURL) - SetEnv("CA_NOTIFICATION_SERVER_REST", clusterConfig.NotificationRestURL) - SetEnv("CA_OCIMAGE_URL", clusterConfig.OciImageURL) - SetEnv("CA_K8S_REPORT_URL", clusterConfig.EventReceiverWS) - SetEnv("CA_EVENT_RECEIVER_HTTP", clusterConfig.EventReceiverREST) - SetEnv("CA_VULNSCAN", clusterConfig.VulnScanURL) - SetEnv("CA_POSTMAN", clusterConfig.Postman) - SetEnv("MASTER_NOTIFICATION_SERVER_HOST", clusterConfig.MaserNotificationServer) - SetEnv("CLAIR_URL", clusterConfig.ClairURL) - -} - -func SetEnv(key, value string) { - if e := os.Getenv(key); e == "" { - if err := os.Setenv(key, value); err != nil { - glog.Warning("%s: %s", key, err.Error()) - } - } -} diff --git a/vendor/github.com/armosec/capacketsgo/cautils/cautils_test.go b/vendor/github.com/armosec/capacketsgo/cautils/cautils_test.go deleted file mode 100644 index f7728e7d..00000000 --- a/vendor/github.com/armosec/capacketsgo/cautils/cautils_test.go +++ /dev/null @@ -1,29 +0,0 @@ -package cautils - -import ( - "testing" -) - -// tests wlid parse - -func TestSpiffeWLIDToInfoSuccess(t *testing.T) { - - WLID := "wlid://cluster-HipsterShopCluster2/namespace-prod/deployment-cartservice" - ms, er := SpiffeToSpiffeInfo(WLID) - - if er != nil || ms.Level0 != "HipsterShopCluster2" || ms.Level0Type != "cluster" || ms.Level1 != "prod" || ms.Level1Type != "namespace" || - ms.Kind != "deployment" || ms.Name != "cartservice" { - t.Errorf("TestSpiffeWLIDToInfoSuccess failed to parse %v", WLID) - } -} - -func TestSpiffeSIDInfoSuccess(t *testing.T) { - - SID := "sid://cluster-HipsterShopCluster2/namespace-dev/secret-caregcred" - ms, er := SpiffeToSpiffeInfo(SID) - - if er != nil || ms.Level0 != "HipsterShopCluster2" || ms.Level0Type != "cluster" || ms.Level1 != "dev" || ms.Level1Type != "namespace" || - ms.Kind != "secret" || ms.Name != "caregcred" { - t.Errorf("TestSpiffeSIDInfoSuccess failed to parse %v", SID) - } -} diff --git a/vendor/github.com/armosec/capacketsgo/cautils/genericutils.go b/vendor/github.com/armosec/capacketsgo/cautils/genericutils.go deleted file mode 100644 index ae1487ba..00000000 --- a/vendor/github.com/armosec/capacketsgo/cautils/genericutils.go +++ /dev/null @@ -1,118 +0,0 @@ -package cautils - -import ( - "crypto/sha256" - "fmt" - "strings" -) - -// wlid/ sid utils -const ( - SpiffePrefix = "://" -) - -// wlid/ sid utils -const ( - PackagePath = "vendor/github.com/armosec/capacketsgo" -) - -//AsSHA256 takes anything turns it into string :) https://blog.8bitzen.com/posts/22-08-2019-how-to-hash-a-struct-in-go -func AsSHA256(v interface{}) string { - h := sha256.New() - h.Write([]byte(fmt.Sprintf("%v", v))) - - return fmt.Sprintf("%x", h.Sum(nil)) -} - -func SpiffeToSpiffeInfo(spiffe string) (*SpiffeBasicInfo, error) { - basicInfo := &SpiffeBasicInfo{} - - pos := strings.Index(spiffe, SpiffePrefix) - if pos < 0 { - return nil, fmt.Errorf("invalid spiffe %s", spiffe) - } - - pos += len(SpiffePrefix) - spiffeNoPrefix := spiffe[pos:] - splits := strings.Split(spiffeNoPrefix, "/") - if len(splits) < 3 { - return nil, fmt.Errorf("invalid spiffe %s", spiffe) - } - - p0 := strings.Index(splits[0], "-") - p1 := strings.Index(splits[1], "-") - p2 := strings.Index(splits[2], "-") - if p0 == -1 || p1 == -1 || p2 == -1 { - return nil, fmt.Errorf("invalid spiffe %s", spiffe) - } - basicInfo.Level0Type = splits[0][:p0] - basicInfo.Level0 = splits[0][p0+1:] - basicInfo.Level1Type = splits[1][:p1] - basicInfo.Level1 = splits[1][p1+1:] - basicInfo.Kind = splits[2][:p2] - basicInfo.Name = splits[2][p2+1:] - - return basicInfo, nil -} - -func ImageTagToImageInfo(imageTag string) (*ImageInfo, error) { - ImageInfo := &ImageInfo{} - spDelimiter := "/" - pos := strings.Index(imageTag, spDelimiter) - if pos < 0 { - ImageInfo.Registry = "" - ImageInfo.VersionImage = imageTag - return ImageInfo, nil - } - - splits := strings.Split(imageTag, spDelimiter) - if len(splits) == 0 { - - return nil, fmt.Errorf("Invalid image info %s", imageTag) - } - - ImageInfo.Registry = splits[0] - if len(splits) > 1 { - ImageInfo.VersionImage = splits[len(splits)-1] - } else { - ImageInfo.VersionImage = "" - } - - return ImageInfo, nil -} - -func BoolPointer(b bool) *bool { return &b } - -func BoolToString(b bool) string { - if b { - return "true" - } - return "false" -} - -func BoolPointerToString(b *bool) string { - if b == nil { - return "" - } - if *b { - return "true" - } - return "false" -} - -func StringToBool(s string) bool { - if strings.ToLower(s) == "true" || strings.ToLower(s) == "1" { - return true - } - return false -} - -func StringToBoolPointer(s string) *bool { - if strings.ToLower(s) == "true" || strings.ToLower(s) == "1" { - return BoolPointer(true) - } - if strings.ToLower(s) == "false" || strings.ToLower(s) == "0" { - return BoolPointer(false) - } - return nil -} diff --git a/vendor/github.com/armosec/capacketsgo/cautils/k8sutils.go b/vendor/github.com/armosec/capacketsgo/cautils/k8sutils.go deleted file mode 100644 index bbb2013a..00000000 --- a/vendor/github.com/armosec/capacketsgo/cautils/k8sutils.go +++ /dev/null @@ -1,52 +0,0 @@ -package cautils - -import ( - "fmt" - "hash/fnv" - "strings" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -var NamespacesListToIgnore = make([]string, 0) -var KubeNamespaces = []string{metav1.NamespaceSystem, metav1.NamespacePublic} - -// NamespacesListToIgnore namespaces to ignore if a pod -func InitNamespacesListToIgnore(caNamespace string) { - if len(NamespacesListToIgnore) > 0 { - return - } - NamespacesListToIgnore = append(NamespacesListToIgnore, KubeNamespaces...) - NamespacesListToIgnore = append(NamespacesListToIgnore, caNamespace) -} - -func IfIgnoreNamespace(ns string) bool { - for i := range NamespacesListToIgnore { - if NamespacesListToIgnore[i] == ns { - return true - } - } - return false -} - -func IfKubeNamespace(ns string) bool { - for i := range KubeNamespaces { - if NamespacesListToIgnore[i] == ns { - return true - } - } - return false -} - -func hash(s string) string { - h := fnv.New32a() - h.Write([]byte(s)) - return fmt.Sprintf("%d", h.Sum32()) -} -func GenarateConfigMapName(wlid string) string { - name := strings.ToLower(fmt.Sprintf("ca-%s-%s-%s", GetNamespaceFromWlid(wlid), GetKindFromWlid(wlid), GetNameFromWlid(wlid))) - if len(name) >= 63 { - name = hash(name) - } - return name -} diff --git a/vendor/github.com/armosec/capacketsgo/cautils/wlid.go b/vendor/github.com/armosec/capacketsgo/cautils/wlid.go deleted file mode 100644 index c44a89c6..00000000 --- a/vendor/github.com/armosec/capacketsgo/cautils/wlid.go +++ /dev/null @@ -1,238 +0,0 @@ -package cautils - -import ( - "fmt" - "strings" -) - -// API fields -var ( - WlidPrefix = "wlid://" - SidPrefix = "sid://" - ClusterWlidPrefix = "cluster-" - NamespaceWlidPrefix = "namespace-" - DataCenterWlidPrefix = "datacenter-" - ProjectWlidPrefix = "project-" - SecretSIDPrefix = "secret-" - SubSecretSIDPrefix = "subsecret-" - K8SKindsList = []string{"ComponentStatus", "ConfigMap", "ControllerRevision", "CronJob", - "CustomResourceDefinition", "DaemonSet", "Deployment", "Endpoints", "Event", "HorizontalPodAutoscaler", - "Ingress", "Job", "Lease", "LimitRange", "LocalSubjectAccessReview", "MutatingWebhookConfiguration", - "Namespace", "NetworkPolicy", "Node", "PersistentVolume", "PersistentVolumeClaim", "Pod", - "PodDisruptionBudget", "PodSecurityPolicy", "PodTemplate", "PriorityClass", "ReplicaSet", - "ReplicationController", "ResourceQuota", "Role", "RoleBinding", "Secret", "SelfSubjectAccessReview", - "SelfSubjectRulesReview", "Service", "ServiceAccount", "StatefulSet", "StorageClass", - "SubjectAccessReview", "TokenReview", "ValidatingWebhookConfiguration", "VolumeAttachment"} - NativeKindsList = []string{"Dockerized", "Native"} - KindReverseMap = map[string]string{} - dataImagesList = []string{} -) - -func IsWlid(id string) bool { - return strings.HasPrefix(id, WlidPrefix) -} - -func IsSid(id string) bool { - return strings.HasPrefix(id, SidPrefix) -} - -// GetK8SKindFronList get the calculated wlid -func GetK8SKindFronList(kind string) string { // TODO GetK8SKindFromList - for i := range K8SKindsList { - if strings.ToLower(kind) == strings.ToLower(K8SKindsList[i]) { - return K8SKindsList[i] - } - } - return kind -} - -// IsK8SKindInList Check if the kind is a known kind -func IsK8SKindInList(kind string) bool { - for i := range K8SKindsList { - if strings.ToLower(kind) == strings.ToLower(K8SKindsList[i]) { - return true - } - } - return false -} - -// generateWLID -func generateWLID(pLevel0, level0, pLevel1, level1, k, name string) string { - kind := strings.ToLower(k) - kind = strings.Replace(kind, "-", "", -1) - - wlid := WlidPrefix - wlid += fmt.Sprintf("%s%s", pLevel0, level0) - if level1 == "" { - return wlid - } - wlid += fmt.Sprintf("/%s%s", pLevel1, level1) - - if kind == "" { - return wlid - } - wlid += fmt.Sprintf("/%s", kind) - - if name == "" { - return wlid - } - wlid += fmt.Sprintf("-%s", name) - - return wlid -} - -// GetWLID get the calculated wlid -func GetWLID(level0, level1, k, name string) string { - return generateWLID(ClusterWlidPrefix, level0, NamespaceWlidPrefix, level1, k, name) -} - -// GetK8sWLID get the k8s calculated wlid -func GetK8sWLID(level0, level1, k, name string) string { - return generateWLID(ClusterWlidPrefix, level0, NamespaceWlidPrefix, level1, k, name) -} - -// GetNativeWLID get the native calculated wlid -func GetNativeWLID(level0, level1, k, name string) string { - return generateWLID(DataCenterWlidPrefix, level0, ProjectWlidPrefix, level1, k, name) -} - -// WildWlidContainsWlid does WildWlid contains Wlid -func WildWlidContainsWlid(wildWlid, wlid string) bool { // TODO- test - if wildWlid == wlid { - return true - } - wildWlidR, _ := RestoreMicroserviceIDsFromSpiffe(wildWlid) - wlidR, _ := RestoreMicroserviceIDsFromSpiffe(wlid) - if len(wildWlidR) > len(wildWlidR) { - // invalid wlid - return false - } - - for i := range wildWlidR { - if wildWlidR[i] != wlidR[i] { - return false - } - } - return true -} - -func restoreInnerIdentifiersFromID(spiffeSlices []string) []string { - if len(spiffeSlices) >= 1 && strings.HasPrefix(spiffeSlices[0], ClusterWlidPrefix) { - spiffeSlices[0] = spiffeSlices[0][len(ClusterWlidPrefix):] - } - if len(spiffeSlices) >= 2 && strings.HasPrefix(spiffeSlices[1], NamespaceWlidPrefix) { - spiffeSlices[1] = spiffeSlices[1][len(NamespaceWlidPrefix):] - } - if len(spiffeSlices) >= 3 && strings.Contains(spiffeSlices[2], "-") { - dashIdx := strings.Index(spiffeSlices[2], "-") - spiffeSlices = append(spiffeSlices, spiffeSlices[2][dashIdx+1:]) - spiffeSlices[2] = spiffeSlices[2][:dashIdx] - if val, ok := KindReverseMap[spiffeSlices[2]]; ok { - spiffeSlices[2] = val - } - } - return spiffeSlices -} - -// RestoreMicroserviceIDsFromSpiffe - -func RestoreMicroserviceIDsFromSpiffe(spiffe string) ([]string, error) { - if spiffe == "" { - return nil, fmt.Errorf("in RestoreMicroserviceIDsFromSpiffe, expecting valid wlid recieved empty string") - } - - if StringHasWhitespace(spiffe) { - return nil, fmt.Errorf("wlid %s invalid. whitespace found", spiffe) - } - - if strings.HasPrefix(spiffe, WlidPrefix) { - spiffe = spiffe[len(WlidPrefix):] - } else if strings.HasPrefix(spiffe, SidPrefix) { - spiffe = spiffe[len(SidPrefix):] - } - spiffeSlices := strings.Split(spiffe, "/") - // The documented WLID format (https://cyberarmorio.sharepoint.com/sites/development2/Shared%20Documents/kubernetes_design1.docx?web=1) - if len(spiffeSlices) <= 3 { - spiffeSlices = restoreInnerIdentifiersFromID(spiffeSlices) - } - if len(spiffeSlices) != 4 { // first used WLID, deprecated since 24.10.2019 - return spiffeSlices, fmt.Errorf("invalid WLID format. format received: %v", spiffeSlices) - } - - for i := range spiffeSlices { - if spiffeSlices[i] == "" { - return spiffeSlices, fmt.Errorf("one or more entities are empty, spiffeSlices: %v", spiffeSlices) - } - } - - return spiffeSlices, nil -} - -// RestoreMicroserviceIDsFromSpiffe - -func RestoreMicroserviceIDs(spiffe string) []string { - if spiffe == "" { - return []string{} - } - - if StringHasWhitespace(spiffe) { - return []string{} - } - - if strings.HasPrefix(spiffe, WlidPrefix) { - spiffe = spiffe[len(WlidPrefix):] - } else if strings.HasPrefix(spiffe, SidPrefix) { - spiffe = spiffe[len(SidPrefix):] - } - spiffeSlices := strings.Split(spiffe, "/") - - return restoreInnerIdentifiersFromID(spiffeSlices) -} - -// GetClusterFromWlid parse wlid and get cluster -func GetClusterFromWlid(wlid string) string { - r := RestoreMicroserviceIDs(wlid) - if len(r) >= 1 { - return r[0] - } - return "" -} - -// GetNamespaceFromWlid parse wlid and get Namespace -func GetNamespaceFromWlid(wlid string) string { - r := RestoreMicroserviceIDs(wlid) - if len(r) >= 2 { - return r[1] - } - return "" -} - -// GetKindFromWlid parse wlid and get kind -func GetKindFromWlid(wlid string) string { - r := RestoreMicroserviceIDs(wlid) - if len(r) >= 3 { - return GetK8SKindFronList(r[2]) - } - return "" -} - -// GetNameFromWlid parse wlid and get name -func GetNameFromWlid(wlid string) string { - r := RestoreMicroserviceIDs(wlid) - if len(r) >= 4 { - return GetK8SKindFronList(r[3]) - } - return "" -} - -// IsWlidValid test if wlid is a valid wlid -func IsWlidValid(wlid string) error { - _, err := RestoreMicroserviceIDsFromSpiffe(wlid) - return err -} - -// StringHasWhitespace check if a string has whitespace -func StringHasWhitespace(str string) bool { - if whitespace := strings.Index(str, " "); whitespace != -1 { - return true - } - return false -} diff --git a/vendor/github.com/armosec/capacketsgo/containerscan/containerscan_mock.go b/vendor/github.com/armosec/capacketsgo/containerscan/containerscan_mock.go deleted file mode 100644 index cac3471e..00000000 --- a/vendor/github.com/armosec/capacketsgo/containerscan/containerscan_mock.go +++ /dev/null @@ -1,90 +0,0 @@ -package containerscan - -import ( - "bytes" - "math/rand" - "time" - - "github.com/francoispqt/gojay" -) - -// GenerateContainerScanReportMock - generate a scan result -func GenerateContainerScanReportMock() ScanResultReport { - ds := ScanResultReport{ - WLID: "wlid://cluster-k8s-geriatrix-k8s-demo3/namespace-whisky-app/deployment-whisky4all-shipping", - CustomerGUID: "1231bcb1-49ce-4a67-bdd3-5da7a393ae08", - ImgTag: "dreg.armo.cloud:443/demoservice:v16", - ImgHash: "docker-pullable://dreg.armo.cloud:443/demoservice@sha256:754f3cfca915a07ed10655a301dd7a8dc5526a06f9bd06e7c932f4d4108a8296", - Timestamp: time.Now().UnixNano(), - } - - ds.Layers = make(LayersList, 0) - layer := ScanResultLayer{} - GenerateContainerScanLayer(&layer) - ds.Layers = append(ds.Layers, layer) - return ds -} - -// GenerateContainerScanReportMock - generate a scan result -func GenerateContainerScanReportNoVulMock() ScanResultReport { - ds := ScanResultReport{ - WLID: "wlid://cluster-k8s-geriatrix-k8s-demo3/namespace-whisky-app/deployment-whisky4all-shipping", - CustomerGUID: "1231bcb1-49ce-4a67-bdd3-5da7a393ae08", - ImgTag: "dreg.armo.cloud:443/demoservice:v16", - ImgHash: "docker-pullable://dreg.armo.cloud:443/demoservice@sha256:754f3cfca915a07ed10655a301dd7a8dc5526a06f9bd06e7c932f4d4108a8296", - Timestamp: time.Now().UnixNano(), - ContainerName: "shipping", - } - - ds.Layers = make(LayersList, 0) - layer := ScanResultLayer{LayerHash: "aaa"} - ds.Layers = append(ds.Layers, layer) - return ds -} - -var hash = []rune("abcdef0123456789") -var nums = []rune("0123456789") - -func randSeq(n int, bank []rune) string { - rand.Seed(time.Now().UnixNano()) - - b := make([]rune, n) - for i := range b { - b[i] = bank[rand.Intn(len(bank))] - } - return string(b) -} - -// GenerateContainerScanLayer - generate a layer with random vuls -func GenerateContainerScanLayer(layer *ScanResultLayer) { - layer.LayerHash = randSeq(32, hash) - layer.Vulnerabilities = make(VulnerabilitiesList, 0) - layer.Packages = make(LinuxPkgs, 0) - vuls := rand.Intn(10) + 1 - - for i := 0; i < vuls; i++ { - v := Vulnerability{} - GenerateVulnerability(&v) - layer.Vulnerabilities = append(layer.Vulnerabilities, v) - } - - pkg := LinuxPackage{PackageName: "coreutils"} - pkg.Files = make(PkgFiles, 0) - pf := PackageFile{Filename: "aa"} - pkg.Files = append(pkg.Files, pf) - layer.Packages = append(layer.Packages, pkg) -} - -// GenerateVulnerability - generate a vul (just diff "cve"'s) -func GenerateVulnerability(v *Vulnerability) error { - baseVul := " { \"name\": \"CVE-2014-9471\", \"imageTag\": \"debian:8\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2014-9471\", \"description\": \"The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the sdf\", \"severity\": \"Low\", \"metadata\": { \"NVD\": { \"CVSSv2\": { \"Score\": 7.5, \"Vectors\": \"AV:N/AC:L/Au:N/C:P/I:P\" } } }, \"fixedIn\": [ { \"name\": \"coreutils\", \"imageTag\": \"debian:8\", \"version\": \"8.23-1\" } ] }" - b := []byte(baseVul) - r := bytes.NewReader(b) - er := gojay.NewDecoder(r).DecodeObject(v) - v.RelatedPackageName = "coreutils" - v.Severity = HighSeverity - v.Relevancy = Irelevant - v.Name = "CVE-" + randSeq(4, nums) + "-" + randSeq(4, nums) - return er - -} diff --git a/vendor/github.com/armosec/capacketsgo/containerscan/containerscan_test.go b/vendor/github.com/armosec/capacketsgo/containerscan/containerscan_test.go deleted file mode 100644 index f923419f..00000000 --- a/vendor/github.com/armosec/capacketsgo/containerscan/containerscan_test.go +++ /dev/null @@ -1,80 +0,0 @@ -package containerscan - -import ( - "bytes" - "encoding/json" - "fmt" - "testing" - - "github.com/francoispqt/gojay" -) - -func TestUnmarshalScanReport(t *testing.T) { - ds := GenerateContainerScanReportMock() - str1 := ds.AsSha256() - rhs := &ScanResultReport{} - - bolB, _ := json.Marshal(ds) - r := bytes.NewReader(bolB) - - er := gojay.NewDecoder(r).DecodeObject(rhs) - if er != nil { - t.Errorf("marshalling failed due to: %v", er.Error()) - } - - if rhs.AsSha256() != str1 { - t.Errorf("marshalling failed different values after marshal:\nOriginal:\n%v\nParsed:\n%v\n\n===\n", string(bolB), rhs) - } -} - -func TestConvScanReport2ESvul(t *testing.T) { - // ds := GenerateContainerScanReportMock() - // res := ds.ToFlatVulnerabilities() - // vulsBytes, _ := json.Marshal(res) - - // summary := ds.Summerize() - // summaryBytes, _ := json.Marshal(summary) - - // fmt.Printf("summary:\n%v\n\nvulnerabilities:\n%v\n\n", string(summaryBytes), string(vulsBytes)) - // t.Errorf("%v\n", string(vulsBytes)) - -} - -func TestConvScanReport2ESWithNoVul(t *testing.T) { - // ds := GenerateContainerScanReportNoVulMock() - // res := ds.ToFlatVulnerabilities() - // vulsBytes, _ := json.Marshal(res) - - // summary := ds.Summerize() - // summaryBytes, _ := json.Marshal(summary) - - // fmt.Printf("summary:\n%v\n\nvulnerabilities:\n%v\n\n", string(summaryBytes), string(vulsBytes)) - // t.Errorf("%v\n", string(vulsBytes)) - -} -func TestUnmarshalScanReport1(t *testing.T) { - ds := Vulnerability{} - if err := GenerateVulnerability(&ds); err != nil { - t.Errorf("%v\n%v\n", ds, err) - } -} - -func TestGetByPkgNameSuccess(t *testing.T) { - ds := GenerateContainerScanReportMock() - a := ds.Layers[0].GetFilesByPackage("coreutils") - if a != nil { - - fmt.Printf("%+v\n", *a) - } - -} - -func TestGetByPkgNameMissing(t *testing.T) { - ds := GenerateContainerScanReportMock() - a := ds.Layers[0].GetFilesByPackage("s") - if a != nil { - - t.Errorf("expected - no such package should be in that layer %v\n\n", ds) - } - -} diff --git a/vendor/github.com/armosec/capacketsgo/containerscan/datastructures.go b/vendor/github.com/armosec/capacketsgo/containerscan/datastructures.go deleted file mode 100644 index ffffe96b..00000000 --- a/vendor/github.com/armosec/capacketsgo/containerscan/datastructures.go +++ /dev/null @@ -1,113 +0,0 @@ -package containerscan - -import ( - "crypto/sha256" - "fmt" -) - -//!!!!!!!!!!!!EVERY CHANGE IN THESE STRUCTURES => CHANGE gojayunmarshaller ASWELL!!!!!!!!!!!!!!!!!!!!!!!! - -// ScanResultReport - the report given from scanner to event receiver -type ScanResultReport struct { - CustomerGUID string `json:"customerGUID"` - ImgTag string `json:"imageTag",omitempty` - ImgHash string `json:"imageHash"` - WLID string `json:"wlid"` - ContainerName string `json:"containerName"` - Timestamp int64 `json:"timestamp"` - Layers LayersList `json:"layers"` - ListOfDangerousArtifcats []string `json:"listOfDangerousArtifcats"` -} - -// ScanResultLayer - represents a single layer from container scan result -type ScanResultLayer struct { - LayerHash string `json:"layerHash"` - ParentLayerHash string `json:"parentLayerHash"` - Vulnerabilities VulnerabilitiesList `json:"vulnerabilities"` - Packages LinuxPkgs `json:"packageToFile"` -} - -// Vulnerability - a vul object -type Vulnerability struct { - Name string `json:"name"` - ImgHash string `json:"imageHash"` - ImgTag string `json:"imageTag",omitempty` - RelatedPackageName string `json:"packageName"` - PackageVersion string `json:"packageVersion"` - Link string `json:"link"` - Description string `json:"description"` - Severity string `json:"severity"` - Metadata interface{} `json:"metadata",omitempty` - Fixes VulFixes `json:"fixedIn",omitempty` - Relevancy string `json:"relevant"` // use the related enum -} - -// FixedIn when and which pkg was fixed (which version as well) -type FixedIn struct { - Name string `json:"name"` - ImgTag string `json:"imageTag"` - Version string `json:"version"` -} - -// LinuxPackage- Linux package representation -type LinuxPackage struct { - PackageName string `json:"packageName"` - Files PkgFiles `json:"files"` - PackageVersion string `json:"version"` -} - -// PackageFile - s.e -type PackageFile struct { - Filename string `json:"name"` -} - -// types to provide unmarshalling: - -//VulnerabilitiesList -s.e -type LayersList []ScanResultLayer - -//VulnerabilitiesList -s.e -type VulnerabilitiesList []Vulnerability - -//LinuxPkgs - slice of linux pkgs -type LinuxPkgs []LinuxPackage - -//VulFixes - information bout when/how this vul was fixed -type VulFixes []FixedIn - -//PkgFiles - slice of files belong to specific pkg -type PkgFiles []PackageFile - -func (v *ScanResultReport) AsSha256() string { - h := sha256.New() - h.Write([]byte(fmt.Sprintf("%v", *v))) - - return fmt.Sprintf("%x", h.Sum(nil)) -} - -const ( - //defines Relevancy as enum-like - Unknown = "Unknown" - Relevant = "Relevant" - Irelevant = "Irelevant" - NoSP = "No signature profile to compare" - - //Clair Severities - UnknownSeverity = "Unknown" - NegligibleSeverity = "Negligible" - LowSeverity = "Low" - MediumSeverity = "Medium" - HighSeverity = "High" - CriticalSeverity = "Critical" - - ContainerScanRedisPrefix = "_containerscan" -) - -func CalculateFixed(Fixes []FixedIn) int { - for _, fix := range Fixes { - if fix.Version != "None" { - return 1 - } - } - return 0 -} diff --git a/vendor/github.com/armosec/capacketsgo/containerscan/datastructuresmethods.go b/vendor/github.com/armosec/capacketsgo/containerscan/datastructuresmethods.go deleted file mode 100644 index 0c314db6..00000000 --- a/vendor/github.com/armosec/capacketsgo/containerscan/datastructuresmethods.go +++ /dev/null @@ -1,39 +0,0 @@ -package containerscan - -import "strings" - -func (layer *ScanResultLayer) GetFilesByPackage(pkgname string) (files *PkgFiles) { - for _, pkg := range layer.Packages { - if pkg.PackageName == pkgname { - return &pkg.Files - } - } - - return &PkgFiles{} -} - -func (layer *ScanResultLayer) GetPackagesNames() []string { - pkgsNames := []string{} - for _, pkg := range layer.Packages { - pkgsNames = append(pkgsNames, pkg.PackageName) - } - return pkgsNames -} - -func (scanresult *ScanResultReport) Validate() bool { - if scanresult.CustomerGUID == "" || (scanresult.ImgHash == "" && scanresult.ImgTag == "") || scanresult.Timestamp <= 0 { - return false - } - - //TODO validate layers & vuls - - return true -} - -func (v *Vulnerability) IsRCE() bool { - desc := strings.ToLower(v.Description) - - isRCE := strings.Contains(v.Description, "RCE") - - return isRCE || strings.Contains(desc, "remote code execution") || strings.Contains(desc, "remote command execution") || strings.Contains(desc, "arbitrary code") || strings.Contains(desc, "code execution") || strings.Contains(desc, "code injection") || strings.Contains(desc, "command injection") || strings.Contains(desc, "inject arbitrary commands") -} diff --git a/vendor/github.com/armosec/capacketsgo/containerscan/elasticadapters.go b/vendor/github.com/armosec/capacketsgo/containerscan/elasticadapters.go deleted file mode 100644 index 4668f0e1..00000000 --- a/vendor/github.com/armosec/capacketsgo/containerscan/elasticadapters.go +++ /dev/null @@ -1,265 +0,0 @@ -package containerscan - -import "github.com/armosec/capacketsgo/cautils" - -// ToFlatVulnerabilities - returnsgit p -func (scanresult *ScanResultReport) ToFlatVulnerabilities() []*ElasticContainerVulnerabilityResult { - vuls := make([]*ElasticContainerVulnerabilityResult, 0) - vul2indx := make(map[string]int, 0) - for _, layer := range scanresult.Layers { - for _, vul := range layer.Vulnerabilities { - esLayer := ESLayer{LayerHash: layer.LayerHash, ParentLayerHash: layer.ParentLayerHash} - if indx, isOk := vul2indx[vul.Name]; isOk { - vuls[indx].Layers = append(vuls[indx].Layers, esLayer) - continue - } - result := &ElasticContainerVulnerabilityResult{WLID: scanresult.WLID, Timestamp: scanresult.Timestamp} - result.Vulnerability = vul - result.Layers = make([]ESLayer, 0) - result.Layers = append(result.Layers, esLayer) - result.ContainerScanID = scanresult.AsSha256() - - result.IsFixed = CalculateFixed(vul.Fixes) - result.RelevantLinks = append(result.RelevantLinks, "https://nvd.nist.gov/vuln/detail/"+vul.Name) - result.RelevantLinks = append(result.RelevantLinks, vul.Link) - result.Vulnerability.Link = "https://nvd.nist.gov/vuln/detail/" + vul.Name - vuls = append(vuls, result) - vul2indx[vul.Name] = len(vuls) - 1 - } - } - // find first introduced - for i, v := range vuls { - earlyLayer := "" - for _, layer := range v.Layers { - if layer.ParentLayerHash == earlyLayer { - earlyLayer = layer.LayerHash - } - } - vuls[i].IntroducedInLayer = earlyLayer - - } - - return vuls -} - -func (scanresult *ScanResultReport) Summerize() *ElasticContainerScanSummaryResult { - summary := &ElasticContainerScanSummaryResult{ - CustomerGUID: scanresult.CustomerGUID, - ImgTag: scanresult.ImgTag, - ImgHash: scanresult.ImgHash, - WLID: scanresult.WLID, - Timestamp: scanresult.Timestamp, - ContainerName: scanresult.ContainerName, - ContainerScanID: scanresult.AsSha256(), - ListOfDangerousArtifcats: scanresult.ListOfDangerousArtifcats, - RCESummary: make(map[string]int64), - } - - obj, e := cautils.SpiffeToSpiffeInfo(scanresult.WLID) - - if e == nil { - summary.Cluster = obj.Level0 - summary.Namespace = obj.Level1 - } - - imageInfo, e2 := cautils.ImageTagToImageInfo(scanresult.ImgTag) - if e2 == nil { - summary.Registry = imageInfo.Registry - summary.VersionImage = imageInfo.VersionImage - } - - summary.PackagesName = make([]string, 0) - - summary.Severity = make([]string, 0) - summary.Relevancy = make([]string, 0) - summary.FixAvailble = make([]string, 0) - - summary.SeveritiesSum = make([]RelevanciesSum, 0) - summary.RelevanciesSum = make([]RelevanciesSum, 0) - summary.FixAvailbleSum = make([]RelevanciesSum, 0) - - uniqueVulsMap := make(map[string]bool, 0) - for _, layer := range scanresult.Layers { - summary.PackagesName = append(summary.PackagesName, (layer.GetPackagesNames())...) - for _, vul := range layer.Vulnerabilities { - - if _, isOk := uniqueVulsMap[vul.Name]; isOk { - continue - } - uniqueVulsMap[vul.Name] = true - - if vul.IsRCE() { - summary.RCESummary[vul.Severity]++ - } - - switch vul.Relevancy { - case Relevant: - summary.NumOfRelevantIssues++ - case Irelevant: - summary.NumOfIrelevantIssues++ - default: //includes unknown as well - summary.NumOfUnknownIssues++ - } - - switch vul.Severity { - case NegligibleSeverity: - summary.NumOfNegligibleSeverity++ - if vul.Relevancy == Relevant { - summary.NumOfRelevantNegligibleSeverity++ - } - - if CalculateFixed(vul.Fixes) > 0 { - summary.NumOfFixAvailableNegligibleSeverity++ - } - case LowSeverity: - summary.NumOfLowSeverity++ - - if vul.Relevancy == Relevant { - summary.NumOfRelevantLowSeverity++ - } - - if CalculateFixed(vul.Fixes) > 0 { - summary.NumOfFixAvailableLowSeverity++ - } - case MediumSeverity: - summary.NumOfMediumSeverity++ - - if vul.Relevancy == Relevant { - summary.NumOfRelevantMediumSeverity++ - } - - if CalculateFixed(vul.Fixes) > 0 { - summary.NumOfFixAvailableMediumSeverity++ - } - case HighSeverity: - summary.NumOfHighSeverity++ - - if vul.Relevancy == Relevant { - summary.NumOfRelevantHighSeverity++ - } - - if CalculateFixed(vul.Fixes) > 0 { - summary.NumOfFixAvailableHighSeverity++ - } - case CriticalSeverity: - summary.NumOfCriticalSeverity++ - - if vul.Relevancy == Relevant { - summary.NumOfRelevantCriticalSeverity++ - } - - if CalculateFixed(vul.Fixes) > 0 { - summary.NumOfFixAvailableCriticalSeverity++ - } - default: //includes unknown as well - summary.NumOfUnknownSeverity++ - if vul.Relevancy == Relevant { - summary.NumOfRelevantUnknownSeverity++ - } - - if CalculateFixed(vul.Fixes) > 0 { - summary.NumOfFixAvailableUnknownSeverity++ - } - } - - } - } - if summary.NumOfCriticalSeverity > 0 || summary.NumOfRelevantHighSeverity > 3 { - summary.Status = "Fail" - } else { - summary.Status = "Success" - } - - //Negligible - if summary.NumOfNegligibleSeverity > 0 { - summary.Severity = append(summary.Severity, "Negligible") - summary.SeveritiesSum = append(summary.SeveritiesSum, RelevanciesSum{Relevancy: "Negligible", Sum: summary.NumOfNegligibleSeverity}) - - if summary.NumOfRelevantNegligibleSeverity > 0 { - summary.Relevancy = append(summary.Relevancy, "Negligible") - summary.RelevanciesSum = append(summary.RelevanciesSum, RelevanciesSum{Relevancy: "Negligible", Sum: summary.NumOfRelevantNegligibleSeverity}) - } - - if summary.NumOfFixAvailableNegligibleSeverity > 0 { - summary.FixAvailble = append(summary.FixAvailble, "Negligible") - summary.FixAvailbleSum = append(summary.FixAvailbleSum, RelevanciesSum{Relevancy: "Negligible", Sum: summary.NumOfFixAvailableNegligibleSeverity}) - } - } - - if summary.NumOfLowSeverity > 0 { - summary.Severity = append(summary.Severity, "Low") - summary.SeveritiesSum = append(summary.SeveritiesSum, RelevanciesSum{Relevancy: "Low", Sum: summary.NumOfLowSeverity}) - - if summary.NumOfRelevantLowSeverity > 0 { - summary.Relevancy = append(summary.Relevancy, "Low") - summary.RelevanciesSum = append(summary.RelevanciesSum, RelevanciesSum{Relevancy: "Low", Sum: summary.NumOfRelevantLowSeverity}) - } - - if summary.NumOfFixAvailableLowSeverity > 0 { - summary.FixAvailble = append(summary.FixAvailble, "Low") - summary.FixAvailbleSum = append(summary.FixAvailbleSum, RelevanciesSum{Relevancy: "Low", Sum: summary.NumOfFixAvailableLowSeverity}) - } - } - - if summary.NumOfMediumSeverity > 0 { - summary.Severity = append(summary.Severity, "Medium") - summary.SeveritiesSum = append(summary.SeveritiesSum, RelevanciesSum{Relevancy: "Medium", Sum: summary.NumOfMediumSeverity}) - - if summary.NumOfRelevantMediumSeverity > 0 { - summary.Relevancy = append(summary.Relevancy, "Medium") - summary.RelevanciesSum = append(summary.RelevanciesSum, RelevanciesSum{Relevancy: "Medium", Sum: summary.NumOfRelevantMediumSeverity}) - } - - if summary.NumOfFixAvailableMediumSeverity > 0 { - summary.FixAvailble = append(summary.FixAvailble, "Medium") - summary.FixAvailbleSum = append(summary.FixAvailbleSum, RelevanciesSum{Relevancy: "Medium", Sum: summary.NumOfFixAvailableMediumSeverity}) - } - } - - if summary.NumOfHighSeverity > 0 { - summary.Severity = append(summary.Severity, "High") - summary.SeveritiesSum = append(summary.SeveritiesSum, RelevanciesSum{Relevancy: "High", Sum: summary.NumOfHighSeverity}) - - if summary.NumOfRelevantHighSeverity > 0 { - summary.Relevancy = append(summary.Relevancy, "High") - summary.RelevanciesSum = append(summary.RelevanciesSum, RelevanciesSum{Relevancy: "High", Sum: summary.NumOfRelevantHighSeverity}) - } - - if summary.NumOfFixAvailableHighSeverity > 0 { - summary.FixAvailble = append(summary.FixAvailble, "High") - summary.FixAvailbleSum = append(summary.FixAvailbleSum, RelevanciesSum{Relevancy: "High", Sum: summary.NumOfFixAvailableHighSeverity}) - } - } - - if summary.NumOfCriticalSeverity > 0 { - summary.Severity = append(summary.Severity, "Critical") - summary.SeveritiesSum = append(summary.SeveritiesSum, RelevanciesSum{Relevancy: "Critical", Sum: summary.NumOfCriticalSeverity}) - - if summary.NumOfRelevantCriticalSeverity > 0 { - summary.Relevancy = append(summary.Relevancy, "Critical") - summary.RelevanciesSum = append(summary.RelevanciesSum, RelevanciesSum{Relevancy: "Critical", Sum: summary.NumOfRelevantCriticalSeverity}) - } - - if summary.NumOfFixAvailableCriticalSeverity > 0 { - summary.FixAvailble = append(summary.FixAvailble, "Critical") - summary.FixAvailbleSum = append(summary.FixAvailbleSum, RelevanciesSum{Relevancy: "Critical", Sum: summary.NumOfFixAvailableCriticalSeverity}) - } - } - - if summary.NumOfUnknownSeverity > 0 { - summary.Severity = append(summary.Severity, "Unknown") - summary.SeveritiesSum = append(summary.SeveritiesSum, RelevanciesSum{Relevancy: "Unknown", Sum: summary.NumOfUnknownSeverity}) - - if summary.NumOfRelevantUnknownSeverity > 0 { - summary.Relevancy = append(summary.Relevancy, "Unknown") - summary.RelevanciesSum = append(summary.RelevanciesSum, RelevanciesSum{Relevancy: "Unknown", Sum: summary.NumOfRelevantUnknownSeverity}) - } - - if summary.NumOfFixAvailableUnknownSeverity > 0 { - summary.FixAvailble = append(summary.FixAvailble, "Unknown") - summary.FixAvailbleSum = append(summary.FixAvailbleSum, RelevanciesSum{Relevancy: "Unknown", Sum: summary.NumOfFixAvailableUnknownSeverity}) - } - } - - return summary -} diff --git a/vendor/github.com/armosec/capacketsgo/containerscan/elasticdatastructures.go b/vendor/github.com/armosec/capacketsgo/containerscan/elasticdatastructures.go deleted file mode 100644 index bdac7b06..00000000 --- a/vendor/github.com/armosec/capacketsgo/containerscan/elasticdatastructures.go +++ /dev/null @@ -1,91 +0,0 @@ -package containerscan - -type ElasticContainerVulnerabilityResult struct { - WLID string `json:"wlid"` - ContainerScanID string `json:"containersScanID"` - Layers []ESLayer `json:"layers"` - Timestamp int64 `json:"timestamp"` - IsFixed int `json:"isFixed"` - IntroducedInLayer string `json:LayerHash` - RelevantLinks []string `json:"links"` // shitty SE practice - // - - Vulnerability `json:",inline"` -} - -type ESLayer struct { - LayerHash string `json:"layerHash"` - ParentLayerHash string `json:"parentLayerHash"` -} -type ElasticContainerScanSummaryResult struct { - CustomerGUID string `json:"customerGUID"` - ContainerScanID string `json:"containersScanID"` - - Timestamp int64 `json:"timestamp"` - WLID string `json:"wlid"` - ImgTag string `json:"imageTag",omitempty` - ImgHash string `json:"imageHash"` - Cluster string `json:"cluster"` - Namespace string `json:"namespace"` - ContainerName string `json:"containerName"` - PackagesName []string `json:"packages"` - - Severity []string `json:"severities"` - Relevancy []string `json:"relevancies"` - FixAvailble []string `json:"fixes"` - ListOfDangerousArtifcats []string `json:"listOfDangerousArtifcats"` - - SeveritiesSum []RelevanciesSum `json:"severitiesSum"` - RelevanciesSum []RelevanciesSum `json:"relevanciesSum"` - FixAvailbleSum []RelevanciesSum `json:"fixAvailbleSum"` - - Status string `json:"status"` - - Registry string `json:"registry"` - VersionImage string `json:"versionImage"` - - RCESummary map[string]int64 `json:"RCE,omitempty"` - NumOfUnknownSeverity int64 `json:"numOfUnknownSeverity"` - NumOfNegligibleSeverity int64 `json:"numOfNegligibleSeverity"` - NumOfLowSeverity int64 `json:"numOfLowSeverity"` - NumOfMediumSeverity int64 `json:"numOfMeduiumSeverity"` - NumOfHighSeverity int64 `json:"numOfHighSeverity"` - NumOfCriticalSeverity int64 `json:"numOfCriticalSeverity"` - - NumOfRelevantUnknownSeverity int64 `json:"numOfRelevantUnknownSeverity"` - NumOfRelevantNegligibleSeverity int64 `json:"numOfRelevantNegligibleSeverity"` - NumOfRelevantLowSeverity int64 `json:"numOfRelevantLowSeverity"` - NumOfRelevantMediumSeverity int64 `json:"numOfRelevantMediumSeverity"` - NumOfRelevantHighSeverity int64 `json:"numOfHighRelevantSeverity"` - NumOfRelevantCriticalSeverity int64 `json:"numOfRelevantCriticalSeverity"` - - NumOfFixAvailableUnknownSeverity int64 `json:"numOfFixAvailableUnknownSeverity"` - NumOfFixAvailableNegligibleSeverity int64 `json:"numOfFixAvailableNegligibleSeverity"` - NumOfFixAvailableLowSeverity int64 `json:"numOfFixAvailableLowSeverity"` - NumOfFixAvailableMediumSeverity int64 `json:"numOfFixAvailableMediumSeverity"` - NumOfFixAvailableHighSeverity int64 `json:"numOfFixAvailableHighSeverity"` - NumOfFixAvailableCriticalSeverity int64 `json:"numOfFixAvailableCriticalSeverity"` - - NumOfRelevantIssues int64 `json:"numOfRelevantIssues"` - NumOfIrelevantIssues int64 `json:"numOfIrelevantIssues"` - NumOfUnknownIssues int64 `json:"numOfUnknownIssues"` - - NumOfLeakedSecrets int64 `json:"numOfLeakedSecrets"` - Version string `json:"version"` - - History []ContainerScanHistoryEntry `json:"history",omitempty` -} - -type RelevanciesSum struct { - Relevancy string `json:"relevancy"` - Sum int64 `json:"sum"` -} - -type ContainerScanHistoryEntry struct { - ContainerScanID string `json:"containerScanID"` - Timestamp int64 `json:"timestamp"` -} - -func (summary *ElasticContainerScanSummaryResult) Validate() bool { - return summary.CustomerGUID != "" && summary.ContainerScanID != "" && (summary.ImgTag != "" || summary.ImgHash != "") && summary.Timestamp > 0 -} diff --git a/vendor/github.com/armosec/capacketsgo/containerscan/gojayunmarshaller.go b/vendor/github.com/armosec/capacketsgo/containerscan/gojayunmarshaller.go deleted file mode 100644 index 1f636d75..00000000 --- a/vendor/github.com/armosec/capacketsgo/containerscan/gojayunmarshaller.go +++ /dev/null @@ -1,271 +0,0 @@ -package containerscan - -import ( - "github.com/francoispqt/gojay" -) - -/* - responsible on fast unmarshaling of various COMMON containerscan structures and substructures - -*/ - -// //VulnerabilitiesList -s.e -// type LayersList []ScanResultLayer - -// //VulnerabilitiesList -s.e -// type VulnerabilitiesList []Vulnerability - -// //LinuxPkgs - slice of linux pkgs -// type LinuxPkgs []LinuxPackage - -// //VulFixes - information bout when/how this vul was fixed -// type VulFixes []FixedIn - -// //PkgFiles - slice of files belong to specific pkg -// type PkgFiles []PackageFile - -// UnmarshalJSONObject - File inside a pkg -func (file *PackageFile) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error) { - - switch key { - case "name": - err = dec.String(&(file.Filename)) - } - return err - -} - -func (files *PkgFiles) UnmarshalJSONArray(dec *gojay.Decoder) error { - lae := PackageFile{} - if err := dec.Object(&lae); err != nil { - return err - } - - *files = append(*files, lae) - return nil -} - -func (file *PackageFile) NKeys() int { - return 0 -} - -// UnmarshalJSONObject--- Package -func (pkgnx *LinuxPackage) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error) { - - switch key { - case "packageName": - err = dec.String(&(pkgnx.PackageName)) - - case "version": - err = dec.String(&(pkgnx.PackageVersion)) - - case "files": - err = dec.Array(&(pkgnx.Files)) - } - return err -} - -func (file *LinuxPackage) NKeys() int { - return 0 -} - -func (pkgs *LinuxPkgs) UnmarshalJSONArray(dec *gojay.Decoder) error { - lae := LinuxPackage{} - if err := dec.Object(&lae); err != nil { - return err - } - - *pkgs = append(*pkgs, lae) - return nil -} - -//--------Vul fixed in---------------------------------- -func (fx *FixedIn) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error) { - - switch key { - case "name": - err = dec.String(&(fx.Name)) - - case "imageTag": - err = dec.String(&(fx.ImgTag)) - case "version": - err = dec.String(&(fx.Version)) - } - return err -} - -func (t *VulFixes) UnmarshalJSONArray(dec *gojay.Decoder) error { - lae := FixedIn{} - if err := dec.Object(&lae); err != nil { - return err - } - - *t = append(*t, lae) - return nil -} - -func (file *FixedIn) NKeys() int { - return 0 -} - -//------ VULNERABIlITy --------------------- - -// Name string `json:"name"` -// ImgHash string `json:"imageHash"` -// ImgTag string `json:"imageTag",omitempty` -// RelatedPackageName string `json:"packageName"` -// PackageVersion string `json:"packageVersion"` -// Link string `json:"link"` -// Description string `json:"description"` -// Severity string `json:"severity"` -// Metadata interface{} `json:"metadata",omitempty` -// Fixes VulFixes `json:"fixedIn",omitempty` -// Relevancy string `json:"relevant"` // use the related enum - -func (v *Vulnerability) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error) { - - switch key { - case "name": - err = dec.String(&(v.Name)) - - case "imageTag": - err = dec.String(&(v.ImgTag)) - case "imageHash": - err = dec.String(&(v.ImgHash)) - - case "packageName": - err = dec.String(&(v.RelatedPackageName)) - - case "packageVersion": - err = dec.String(&(v.PackageVersion)) - - case "link": - err = dec.String(&(v.Link)) - - case "description": - err = dec.String(&(v.Description)) - - case "severity": - err = dec.String(&(v.Severity)) - - case "relevant": - err = dec.String(&(v.Relevancy)) - - case "fixedIn": - err = dec.Array(&(v.Fixes)) - - case "metadata": - err = dec.Interface(&(v.Metadata)) - } - - return err -} - -func (t *VulnerabilitiesList) UnmarshalJSONArray(dec *gojay.Decoder) error { - lae := Vulnerability{} - if err := dec.Object(&lae); err != nil { - return err - } - - *t = append(*t, lae) - return nil -} - -func (v *Vulnerability) NKeys() int { - return 0 -} - -//---------Layer Object---------------------------------- -// type ScanResultLayer struct { -// LayerHash string `json:layerHash` -// Vulnerabilities []Vulnerability `json:vulnerabilities` -// Packages []LinuxPackage `json:packageToFile` -// } - -func (scan *ScanResultLayer) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error) { - - switch key { - // case "timestamp": - // err = dec.Time(&(reporter.Timestamp), time.RFC3339) - // reporter.Timestamp = reporter.Timestamp.Local() - case "layerHash": - err = dec.String(&(scan.LayerHash)) - - case "parentLayerHash": - err = dec.String(&(scan.ParentLayerHash)) - - case "vulnerabilities": - err = dec.Array(&(scan.Vulnerabilities)) - case "packageToFile": - err = dec.Array(&(scan.Packages)) - } - return err -} - -func (t *LayersList) UnmarshalJSONArray(dec *gojay.Decoder) error { - lae := ScanResultLayer{} - if err := dec.Object(&lae); err != nil { - return err - } - - *t = append(*t, lae) - return nil -} - -func (scan *ScanResultLayer) NKeys() int { - return 0 -} - -//---------------------SCAN RESULT-------------------------------------------------------------------------- - -// type ScanResultReport struct { -// CustomerGUID string `json:customerGuid` -// ImgTag string `json:imageTag,omitempty` -// ImgHash string `json:imageHash` -// WLID string `json:wlid` -// Timestamp int `json:customerGuid` -// Layers []ScanResultLayer `json:layers` -// ContainerName -// } - -func (scan *ScanResultReport) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error) { - - switch key { - // case "timestamp": - // err = dec.Time(&(reporter.Timestamp), time.RFC3339) - // reporter.Timestamp = reporter.Timestamp.Local() - case "customerGUID": - err = dec.String(&(scan.CustomerGUID)) - case "imageTag": - err = dec.String(&(scan.ImgTag)) - case "imageHash": - err = dec.String(&(scan.ImgHash)) - case "wlid": - err = dec.String(&(scan.WLID)) - case "containerName": - err = dec.String(&(scan.ContainerName)) - case "timestamp": - err = dec.Int64(&(scan.Timestamp)) - case "layers": - err = dec.Array(&(scan.Layers)) - - case "listOfDangerousArtifcats": - err = dec.SliceString(&(scan.ListOfDangerousArtifcats)) - - } - return err -} - -// func (errors *[]string) UnmarshalJSONArray(dec *gojay.Decoder) error { -// lae := "" -// if err := dec.String(&lae); err != nil { -// return err -// } - -// *t = append(*t, lae) -// return nil -// } - -func (scan *ScanResultReport) NKeys() int { - return 0 -} diff --git a/vendor/github.com/armosec/capacketsgo/go.mod b/vendor/github.com/armosec/capacketsgo/go.mod deleted file mode 100644 index d2bf6a29..00000000 --- a/vendor/github.com/armosec/capacketsgo/go.mod +++ /dev/null @@ -1,29 +0,0 @@ -module github.com/armosec/capacketsgo - -go 1.16 - -require ( - github.com/armosec/armopa v0.0.4 - github.com/aws/aws-sdk-go v1.40.18 - github.com/coreos/go-oidc v2.2.1+incompatible - github.com/docker/docker v20.10.8+incompatible - github.com/docker/go-connections v0.4.0 // indirect - github.com/docker/go-units v0.4.0 // indirect - // github.com/elastic/go-elasticsearch v0.0.0 - github.com/elastic/go-elasticsearch/v7 v7.14.0 - github.com/francoispqt/gojay v1.2.13 - github.com/gofrs/uuid v4.0.0+incompatible - github.com/golang/glog v0.0.0-20210429001901-424d2337a529 - github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.0.1 // indirect - //github.com/open-policy-agent/opa v0.27.1 - github.com/satori/go.uuid v1.2.0 - go.uber.org/zap v1.19.0 - golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 // indirect - golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a - gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 - k8s.io/api v0.22.0 - k8s.io/apimachinery v0.22.0 - k8s.io/apiserver v0.22.0 - k8s.io/client-go v0.22.0 -) diff --git a/vendor/github.com/armosec/capacketsgo/go.sum b/vendor/github.com/armosec/capacketsgo/go.sum deleted file mode 100644 index d2cb5ddc..00000000 --- a/vendor/github.com/armosec/capacketsgo/go.sum +++ /dev/null @@ -1,1142 +0,0 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.37.0/go.mod h1:TS1dMSSfndXH133OKGwekG838Om/cQT0BUHV3HcBgoo= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU= -dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4= -dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU= -git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= -github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= -github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= -github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= -github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= -github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= -github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= -github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= -github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= -github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= -github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= -github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= -github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= -github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= -github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= -github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= -github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= -github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armosec/armopa v0.0.2/go.mod h1:/DB/y9ePSlME0zONeEuTft+CMDT4d90vxrEEgB1ZKZ4= -github.com/armosec/armopa v0.0.4 h1:okN3MEhXYocPo+6OWvI36gu2xKkmLdVNcei8qOta5zQ= -github.com/armosec/armopa v0.0.4/go.mod h1:fgRCoRy4SqI/5DSu0yDY2dK4B5uu5Qq9lCuf2njDDR0= -github.com/armosec/capacketsgo v0.0.0-20210425063635-bcd2cb990f5a/go.mod h1:Qy/LJCtUPR2uCqu0KG5zK2J9YPSecnkMuhGGmk8Rss8= -github.com/armosec/capacketsgo v0.0.3/go.mod h1:8lEbeFhHsj2x0Q6kOEL+mfau0evbdn6gd1NoAeScU+g= -github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= -github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= -github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.37.15/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= -github.com/aws/aws-sdk-go v1.40.18 h1:ifWmCucvV20Kyx2t/l9+8gGqNzZ4CW+HO5uz8bCOK/o= -github.com/aws/aws-sdk-go v1.40.18/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= -github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= -github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= -github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= -github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= -github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= -github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/bytecodealliance/wasmtime-go v0.26.0 h1:wHOt9u+irLBCUjotanqDwVbnNmTJ1gWQxY2+q+XeMp4= -github.com/bytecodealliance/wasmtime-go v0.26.0/go.mod h1:q320gUxqyI8yB+ZqRuaJOEnGkAnHh6WtJjMaT2CW4wI= -github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= -github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= -github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= -github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= -github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= -github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= -github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= -github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk= -github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= -github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= -github.com/docker/docker v20.10.8+incompatible h1:RVqD337BgQicVCzYrrlhLDWhq6OAD2PJDUg2LsEUvKM= -github.com/docker/docker v20.10.8+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= -github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= -github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= -github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= -github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= -github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= -github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= -github.com/elastic/go-elasticsearch/v7 v7.10.0/go.mod h1:OJ4wdbtDNk5g503kvlHLyErCgQwwzmDtaFC4XyOxXA4= -github.com/elastic/go-elasticsearch/v7 v7.14.0 h1:extp3jos/rwJn3J+lgbaGlwAgs0TVsIHme00GyNAyX4= -github.com/elastic/go-elasticsearch/v7 v7.14.0/go.mod h1:OJ4wdbtDNk5g503kvlHLyErCgQwwzmDtaFC4XyOxXA4= -github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch v4.11.0+incompatible h1:glyUF9yIYtMHzn8xaKw5rMhdWcwsYV8dZHIq5567/xs= -github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= -github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= -github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk= -github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= -github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= -github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= -github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= -github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= -github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= -github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= -github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= -github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v0.4.0 h1:K7/B1jt6fIBQVd4Owv2MqGQClcgf0R266+7C/QjRcLc= -github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= -github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= -github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= -github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= -github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= -github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= -github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= -github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= -github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw= -github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= -github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v0.0.0-20210429001901-424d2337a529 h1:2voWjNECnrZRbfwXxHB1/j8wa6xdKn85B5NzgVL/pTU= -github.com/golang/glog v0.0.0-20210429001901-424d2337a529/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= -github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= -github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= -github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= -github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= -github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= -github.com/googleapis/gnostic v0.5.5 h1:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw= -github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= -github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= -github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= -github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= -github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= -github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= -github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= -github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= -github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.5 h1:JboBksRwiiAJWvIYJVo46AfV+IAIKZpfrSzVKj42R4Q= -github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= -github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= -github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= -github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= -github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.11 h1:uVUAXhF2To8cbw/3xN3pxj6kk7TYKs98NIrTqPlMWAQ= -github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= -github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= -github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= -github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= -github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= -github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= -github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= -github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= -github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= -github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= -github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= -github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= -github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= -github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= -github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= -github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= -github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= -github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= -github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA= -github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE= -github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= -github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= -github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI= -github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= -github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= -github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= -github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= -github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= -github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= -github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= -github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= -github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/peterh/liner v0.0.0-20170211195444-bf27d3ba8e1d/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc= -github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= -github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021 h1:0XM1XL/OFFJjXsYXlG30spTkV/E9+gmd5GD1w2HE8xM= -github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= -github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= -github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= -github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= -github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= -github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= -github.com/prometheus/common v0.14.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= -github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= -github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 h1:MkV+77GLUNo5oJ0jf870itWm3D0Sjh7+Za9gazKc5LQ= -github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= -github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww= -github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= -github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY= -github.com/shurcooL/events v0.0.0-20181021180414-410e4ca65f48/go.mod h1:5u70Mqkb5O5cxEA8nxTsgrgLehJeAw6Oc4Ab1c/P1HM= -github.com/shurcooL/github_flavored_markdown v0.0.0-20181002035957-2122de532470/go.mod h1:2dOwnU2uBioM+SGy2aZoq1f/Sd1l9OkAeAUvjSyvgU0= -github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= -github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ= -github.com/shurcooL/gofontwoff v0.0.0-20180329035133-29b52fc0a18d/go.mod h1:05UtEgK5zq39gLST6uB0cf3NEHjETfB4Fgr3Gx5R9Vw= -github.com/shurcooL/gopherjslib v0.0.0-20160914041154-feb6d3990c2c/go.mod h1:8d3azKNyqcHP1GaQE/c6dDgjkgSx2BZ4IoEi4F1reUI= -github.com/shurcooL/highlight_diff v0.0.0-20170515013008-09bb4053de1b/go.mod h1:ZpfEhSmds4ytuByIcDnOLkTHGUI6KNqRNPDLHDk+mUU= -github.com/shurcooL/highlight_go v0.0.0-20181028180052-98c3abbbae20/go.mod h1:UDKB5a1T23gOMUJrI+uSuH0VRDStOiUVSjBTRDVBVag= -github.com/shurcooL/home v0.0.0-20181020052607-80b7ffcb30f9/go.mod h1:+rgNQw2P9ARFAs37qieuu7ohDNQ3gds9msbT2yn85sg= -github.com/shurcooL/htmlg v0.0.0-20170918183704-d01228ac9e50/go.mod h1:zPn1wHpTIePGnXSHpsVPWEktKXHr6+SS6x/IKRb7cpw= -github.com/shurcooL/httperror v0.0.0-20170206035902-86b7830d14cc/go.mod h1:aYMfkZ6DWSJPJ6c4Wwz3QtW22G7mf/PEgaB9k/ik5+Y= -github.com/shurcooL/httpfs v0.0.0-20171119174359-809beceb2371/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg= -github.com/shurcooL/httpgzip v0.0.0-20180522190206-b1c53ac65af9/go.mod h1:919LwcH0M7/W4fcZ0/jy0qGght1GIhqyS/EgWGH2j5Q= -github.com/shurcooL/issues v0.0.0-20181008053335-6292fdc1e191/go.mod h1:e2qWDig5bLteJ4fwvDAc2NHzqFEthkqn7aOZAOpj+PQ= -github.com/shurcooL/issuesapp v0.0.0-20180602232740-048589ce2241/go.mod h1:NPpHK2TI7iSaM0buivtFUc9offApnI0Alt/K8hcHy0I= -github.com/shurcooL/notifications v0.0.0-20181007000457-627ab5aea122/go.mod h1:b5uSkrEVM1jQUspwbixRBhaIjIzL2xazXp6kntxYle0= -github.com/shurcooL/octicon v0.0.0-20181028054416-fa4f57f9efb2/go.mod h1:eWdoE5JD4R5UVWDucdOPg1g2fqQRq78IQa9zlOV1vpQ= -github.com/shurcooL/reactions v0.0.0-20181006231557-f2e0b4ca5b82/go.mod h1:TCR1lToEk4d2s07G3XGfz2QrgHXg4RJBvjrOozvoWfk= -github.com/shurcooL/sanitized_anchor_name v0.0.0-20170918181015-86672fcb3f95/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/shurcooL/users v0.0.0-20180125191416-49c67e49c537/go.mod h1:QJTqeLYEDaXHZDBsXlPCDqdhQuJkuw4NOtaxYe3xii4= -github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5kWdCj2z2KEozexVbfEZIWiTjhE0+UjmZgPqehw= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= -github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= -github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= -github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= -github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= -github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= -github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= -github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= -github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= -github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b h1:vVRagRXf67ESqAb72hG2C/ZwI8NtJF2u2V76EsuOHGY= -github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b/go.mod h1:HptNXiXVDcJjXe9SqMd0v2FsL9f8dz4GnXgltU6q/co= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= -go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= -go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= -go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg= -go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= -go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= -go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= -go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= -go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= -go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= -go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= -go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= -go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= -go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= -go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= -go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= -go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= -go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= -go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= -go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= -go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= -go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= -go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= -go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/automaxprocs v1.4.0/go.mod h1:/mTEdr7LvHhs0v7mjdxDreTz1OG5zdZGqgOnhWiR/+Q= -go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0= -go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= -go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= -go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= -go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= -go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.19.0 h1:mZQZefskPPCMIBCSEH0v2/iUqqLrYtaeqwD6FUGUnFE= -go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= -go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= -golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= -golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI= -golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q= -golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a h1:4Kd8OPUx1xgUwrHDaviWZO8MsgoZTZYC3g+8m16RBww= -golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 h1:RqytpXGR1iVNX7psjB3ff8y7sNFinVFvkx1c8SjBkio= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d h1:SZxvLBoTP5yHO3Frd4z4vrF+DBX9vMVanchswa69toE= -golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac h1:7zkz7BUtwNFFqcowJ+RIgu2MaV/MapERkDIy+mwPyjs= -golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.2 h1:kRBLX7v7Af8W7Gdbbc908OJcdgtK8bOz9Uaj8/F1ACA= -golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= -google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= -google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y= -google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg= -google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= -google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= -google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 h1:VpOs+IwYnYBaFnrNAeB8UUWtL3vEUnzSCL1nVjPhqrw= -gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA= -gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= -gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/square/go-jose.v2 v2.2.2 h1:orlkJ3myw8CN1nVQHBFfloD+L3egixIa4FvUP6RosSA= -gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= -gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= -gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= -gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= -gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= -grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o= -honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= -k8s.io/api v0.22.0 h1:elCpMZ9UE8dLdYxr55E06TmSeji9I3KH494qH70/y+c= -k8s.io/api v0.22.0/go.mod h1:0AoXXqst47OI/L0oGKq9DG61dvGRPXs7X4/B7KyjBCU= -k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= -k8s.io/apimachinery v0.22.0 h1:CqH/BdNAzZl+sr3tc0D3VsK3u6ARVSo3GWyLmfIjbP0= -k8s.io/apimachinery v0.22.0/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= -k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM= -k8s.io/apiserver v0.22.0 h1:KZh2asnRBjawLLfPOi6qiD+A2jaNt31HCnZG6AX3Qcs= -k8s.io/apiserver v0.22.0/go.mod h1:04kaIEzIQrTGJ5syLppQWvpkLJXQtJECHmae+ZGc/nc= -k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k= -k8s.io/client-go v0.22.0 h1:sD6o9O6tCwUKCENw8v+HFsuAbq2jCu8cWC61/ydwA50= -k8s.io/client-go v0.22.0/go.mod h1:GUjIuXR5PiEv/RVK5OODUsm6eZk7wtSWZSaSJbpFdGg= -k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI= -k8s.io/component-base v0.22.0/go.mod h1:SXj6Z+V6P6GsBhHZVbWCw9hFjUdUYnJerlhhPnYCBCg= -k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= -k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.9.0 h1:D7HV+n1V57XeZ0m6tdRkfknthUaM06VFbWldOFh8kzM= -k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= -k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= -k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e h1:KLHHjkdQFomZy8+06csTWZ0m1343QqxZhR2LJ1OxCYM= -k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= -k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9 h1:imL9YgXQ9p7xmPzHFm/vVd/cF78jad+n4wK1ABwYtMM= -k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= -sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.1.2 h1:Hr/htKFmJEbtMgS/UD0N+gtgctAqz81t3nu+sPzynno= -sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= -sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= -sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q= -sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= -sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= -sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= diff --git a/vendor/github.com/armosec/capacketsgo/k8sinterface/cloudvendorregistrycreds.go b/vendor/github.com/armosec/capacketsgo/k8sinterface/cloudvendorregistrycreds.go deleted file mode 100644 index 690680b7..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sinterface/cloudvendorregistrycreds.go +++ /dev/null @@ -1,265 +0,0 @@ -package k8sinterface - -import ( - "bytes" - "encoding/base64" - "encoding/json" - "fmt" - "io/ioutil" - "net/http" - "net/url" - "strings" - "time" - - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/ecr" - "github.com/docker/docker/api/types" -) - -// For GCR there are some permissions one need to assign in order to allow ARMO to pull images: -// https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity -// gcloud iam service-accounts create armo-controller-sa -// gcloud projects add-iam-policy-binding --role roles/storage.objectViewer --member "serviceAccount:armo-controller-sa@.iam.gserviceaccount.com" -// gcloud iam service-accounts add-iam-policy-binding --role roles/iam.workloadIdentityUser --member "serviceAccount:.svc.id.goog[cyberarmor-system/ca-controller-service-account]" armo-controller-sa@.iam.gserviceaccount.com -// kubectl annotate serviceaccount --overwrite --namespace cyberarmor-system ca-controller-service-account iam.gke.io/gcp-service-account=armo-controller-sa@.iam.gserviceaccount.com - -const ( - gcrDefaultServiceAccountName = "default" - // armoServiceAccountName = "ca-controller-service-account" -) - -var ( - httpClient = http.Client{Timeout: 5 * time.Second} -) - -// CheckIsECRImage check if this image is suspected as ECR hosted image -func CheckIsECRImage(imageTag string) bool { - return strings.Contains(imageTag, "dkr.ecr") -} - -// GetLoginDetailsForECR return user name + password using the default iam-role OR ~/.aws/config of the machine -func GetLoginDetailsForECR(imageTag string) (string, string, error) { - // imageTag := "015253967648.dkr.ecr.eu-central-1.amazonaws.com/armo:1" - imageTagSlices := strings.Split(imageTag, ".") - repo := imageTagSlices[0] - region := imageTagSlices[3] - mySession := session.Must(session.NewSession()) - ecrClient := ecr.New(mySession, aws.NewConfig().WithRegion(region)) - input := &ecr.GetAuthorizationTokenInput{ - RegistryIds: []*string{&repo}, - } - res, err := ecrClient.GetAuthorizationToken(input) - if err != nil { - return "", "", fmt.Errorf("in PullFromECR, failed to GetAuthorizationToken: %v", err) - } - res64 := (*res.AuthorizationData[0].AuthorizationToken) - resB, err := base64.StdEncoding.DecodeString(res64) - if err != nil { - return "", "", fmt.Errorf("in PullFromECR, failed to DecodeString: %v", err) - } - delimiterIdx := bytes.IndexByte(resB, ':') - // userName := resB[:delimiterIdx] - // resB = resB[delimiterIdx+1:] - // resB, err = base64.StdEncoding.DecodeString(string(resB)) - // if err != nil { - // t.Errorf("failed to DecodeString #2: %v\n\n", err) - // } - return string(resB[:delimiterIdx]), string(resB[delimiterIdx+1:]), nil -} - -func CheckIsACRImage(imageTag string) bool { - // atest1.azurecr.io/go-inf:1 - return strings.Contains(imageTag, ".azurecr.io/") -} - -type azureADDResponseJson struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn string `json:"expires_in"` - ExpiresOn string `json:"expires_on"` - NotBefore string `json:"not_before"` - Resource string `json:"resource"` - TokenType string `json:"token_type"` -} - -func getAzureAADAccessToken() (string, error) { - msi_endpoint, err := url.Parse("http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01") - if err != nil { - return "", fmt.Errorf("creating URL : %v", err) - } - msi_parameters := url.Values{} - msi_parameters.Add("resource", "https://management.azure.com/") - msi_parameters.Add("api-version", "2018-02-01") - msi_endpoint.RawQuery = msi_parameters.Encode() - req, err := http.NewRequest("GET", msi_endpoint.String(), nil) - if err != nil { - return "", fmt.Errorf("creating HTTP request : %v", err) - } - req.Header.Add("Metadata", "true") - - // Call managed services for Azure resources token endpoint - resp, err := httpClient.Do(req) - if err != nil { - return "", fmt.Errorf("calling token endpoint : %v", err) - } - - // Pull out response body - responseBytes, err := ioutil.ReadAll(resp.Body) - defer resp.Body.Close() - if err != nil { - return "", fmt.Errorf("reading response body : %v", err) - } - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - return "", fmt.Errorf("azure ActiveDirectory AT resp: %v, %v", resp.Status, string(responseBytes)) - } - - // Unmarshall response body into struct - var r azureADDResponseJson - err = json.Unmarshal(responseBytes, &r) - if err != nil { - return "", fmt.Errorf("unmarshalling the response: %v", err) - } - return r.AccessToken, nil -} - -// GetLoginDetailsForAzurCR return user name + password to use -func GetLoginDetailsForAzurCR(imageTag string) (string, string, error) { - // imageTag := "atest1.azurecr.io/go-inf:1" - imageTagSlices := strings.Split(imageTag, "/") - azureIdensAT, err := getAzureAADAccessToken() - if err != nil { - return "", "", err - } - atMap := make(map[string]interface{}) - azureIdensATSlices := strings.Split(azureIdensAT, ".") - if len(azureIdensATSlices) < 2 { - return "", "", fmt.Errorf("len(azureIdensATSlices) < 2") - } - resB, err := base64.RawStdEncoding.DecodeString(azureIdensATSlices[1]) - if err != nil { - return "", "", fmt.Errorf("in GetLoginDetailsForAzurCR, failed to DecodeString: %v, %s", err, azureIdensATSlices[1]) - } - if err := json.Unmarshal(resB, &atMap); err != nil { - return "", "", fmt.Errorf("failed to unmarshal azureIdensAT: %v, %s", err, string(resB)) - } - // excahnging AAD for ACR refresh token - refreshToken, err := excahngeAzureAADAccessTokenForACRRefreshToken(imageTagSlices[0], fmt.Sprintf("%v", atMap["tid"]), azureIdensAT) - if err != nil { - return "", "", fmt.Errorf("failed to excahngeAzureAADAccessTokenForACRRefreshToken: %v, registry: %s, tenantID: %s, azureAADAT: %s", err, imageTagSlices[0], fmt.Sprintf("%v", atMap["tid"]), azureIdensAT) - } - - return "00000000-0000-0000-0000-000000000000", refreshToken, nil -} - -func excahngeAzureAADAccessTokenForACRRefreshToken(registry, tenantID, azureAADAT string) (string, error) { - msi_parameters := url.Values{} - msi_parameters.Add("service", registry) - msi_parameters.Add("grant_type", "access_token") - msi_parameters.Add("tenant", tenantID) - msi_parameters.Add("access_token", azureAADAT) - postBodyStr := msi_parameters.Encode() - req, err := http.NewRequest("POST", fmt.Sprintf("https://%v/oauth2/exchange", registry), strings.NewReader(postBodyStr)) - if err != nil { - return "", fmt.Errorf("creating HTTP request : %v", err) - } - req.Header.Add("Metadata", "true") - req.Header.Add("Content-Type", "application/x-www-form-urlencoded") - - // Call managed services for Azure resources token endpoint - resp, err := httpClient.Do(req) - if err != nil { - return "", fmt.Errorf("calling token endpoint : %v", err) - } - - // Pull out response body - responseBytes, err := ioutil.ReadAll(resp.Body) - defer resp.Body.Close() - if err != nil { - return "", fmt.Errorf("reading response body : %v", err) - } - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - return "", fmt.Errorf("azure exchange AT resp: %v, %v", resp.Status, string(responseBytes)) - } - resultMap := make(map[string]string) - err = json.Unmarshal(responseBytes, &resultMap) - if err != nil { - return "", fmt.Errorf("unmarshalling the response: %v", err) - } - return resultMap["refresh_token"], nil -} - -func CheckIsGCRImage(imageTag string) bool { - // gcr.io/elated-pottery-310110/golang-inf:2 - return strings.Contains(imageTag, "gcr.io/") -} - -// GetLoginDetailsForGCR return user name + password to use -func GetLoginDetailsForGCR(imageTag string) (string, string, error) { - msi_endpoint, err := url.Parse(fmt.Sprintf("http://169.254.169.254/computeMetadata/v1/instance/service-accounts/%s/token", gcrDefaultServiceAccountName)) - if err != nil { - return "", "", fmt.Errorf("creating URL : %v", err) - } - req, err := http.NewRequest("GET", msi_endpoint.String(), nil) - if err != nil { - return "", "", fmt.Errorf("creating HTTP request : %v", err) - } - req.Header.Add("Metadata-Flavor", "Google") - - // Call managed services for Azure resources token endpoint - resp, err := httpClient.Do(req) - if err != nil { - return "", "", fmt.Errorf("calling token endpoint : %v", err) - } - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - return "", "", fmt.Errorf("HTTP Status : %v, make sure the '%s' service account is configured for ARMO pod", resp.Status, gcrDefaultServiceAccountName) - } - defer resp.Body.Close() - respMap := make(map[string]interface{}) - if err := json.NewDecoder(resp.Body).Decode(&respMap); err != nil { - return "", "", fmt.Errorf("json Decode : %v", err) - } - return "oauth2accesstoken", fmt.Sprintf("%v", respMap["access_token"]), nil -} - -func GetCloudVendorRegistryCredentials(imageTag string) (map[string]types.AuthConfig, error) { - secrets := map[string]types.AuthConfig{} - var errRes error - if CheckIsACRImage(imageTag) { - userName, password, err := GetLoginDetailsForAzurCR(imageTag) - if err != nil { - errRes = fmt.Errorf("failed to GetLoginDetailsForACR(%s): %v", imageTag, err) - } else { - secrets[imageTag] = types.AuthConfig{ - Username: userName, - Password: password, - } - } - } - - if CheckIsECRImage(imageTag) { - userName, password, err := GetLoginDetailsForECR(imageTag) - if err != nil { - errRes = fmt.Errorf("failed to GetLoginDetailsForECR(%s): %v", imageTag, err) - } else { - secrets[imageTag] = types.AuthConfig{ - Username: userName, - Password: password, - } - } - } - - if CheckIsGCRImage(imageTag) { - userName, password, err := GetLoginDetailsForGCR(imageTag) - if err != nil { - errRes = fmt.Errorf("failed to GetLoginDetailsForGCR(%s): %v", imageTag, err) - } else { - secrets[imageTag] = types.AuthConfig{ - Username: userName, - Password: password, - } - } - } - - return secrets, errRes -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sinterface/dockerregistrycredsutils.go b/vendor/github.com/armosec/capacketsgo/k8sinterface/dockerregistrycredsutils.go deleted file mode 100644 index b42c02bd..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sinterface/dockerregistrycredsutils.go +++ /dev/null @@ -1,109 +0,0 @@ -package k8sinterface - -import ( - "context" - "fmt" - - "github.com/armosec/capacketsgo/secrethandling" - "github.com/docker/docker/api/types" - "github.com/golang/glog" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -func listPodImagePullSecrets(pod *corev1.Pod) ([]string, error) { - if pod == nil { - return []string{}, fmt.Errorf("in listPodImagePullSecrets pod is nil") - } - secrets := []string{} - for _, i := range pod.Spec.ImagePullSecrets { - secrets = append(secrets, i.Name) - } - return secrets, nil -} - -func listServiceAccountImagePullSecrets(k8sAPI *KubernetesApi, pod *corev1.Pod) ([]string, error) { - if pod == nil { - return []string{}, fmt.Errorf("in listServiceAccountImagePullSecrets pod is nil") - } - secrets := []string{} - serviceAccountName := pod.Spec.ServiceAccountName - if serviceAccountName == "" { - return secrets, nil - } - - serviceAccount, err := k8sAPI.KubernetesClient.CoreV1().ServiceAccounts(pod.ObjectMeta.Namespace).Get(k8sAPI.Context, serviceAccountName, metav1.GetOptions{}) - if err != nil { - return secrets, fmt.Errorf("in listServiceAccountImagePullSecrets failed to get ServiceAccounts: %v", err) - } - for i := range serviceAccount.ImagePullSecrets { - secrets = append(secrets, serviceAccount.ImagePullSecrets[i].Name) - } - return secrets, nil -} - -func getImagePullSecret(k8sAPI *KubernetesApi, secrets []string, namespace string) map[string]types.AuthConfig { - - secretsAuthConfig := make(map[string]types.AuthConfig) - - for i := range secrets { - res, err := k8sAPI.KubernetesClient.CoreV1().Secrets(namespace).Get(context.Background(), secrets[i], metav1.GetOptions{}) - if err != nil { - glog.Errorf("%s", err.Error()) - continue - } - sec, err := secrethandling.ParseSecret(res, secrets[i]) - if err == nil { - secretsAuthConfig[secrets[i]] = *sec - } else { - glog.Errorf("unable to get secret: %s", err.Error()) - } - - } - - // glog.Infof("secrets array: %v", secretsAuthConfig) - return secretsAuthConfig -} - -// GetImageRegistryCredentials returns various credentials for images in the pod -// imageTag empty means returns all of the credentials for all images in pod spec containers -// pod.ObjectMeta.Namespace must be well setted -func GetImageRegistryCredentials(imageTag string, pod *corev1.Pod) (map[string]types.AuthConfig, error) { - k8sAPI := NewKubernetesApi() - listSecret, _ := listPodImagePullSecrets(pod) - listServiceSecret, _ := listServiceAccountImagePullSecrets(k8sAPI, pod) - listSecret = append(listSecret, listServiceSecret...) - secrets := getImagePullSecret(k8sAPI, listSecret, pod.ObjectMeta.Namespace) - - if len(secrets) == 0 { - secrets = make(map[string]types.AuthConfig) - } - - if imageTag != "" { - cloudVendorSecrets, err := GetCloudVendorRegistryCredentials(imageTag) - if err != nil { - glog.Errorf("Failed to GetCloudVendorRegistryCredentials(%s): %v", imageTag, err) - - } else if len(cloudVendorSecrets) > 0 { - for secName := range cloudVendorSecrets { - secrets[secName] = cloudVendorSecrets[secName] - } - } - } else { - for contIdx := range pod.Spec.Containers { - imageTag := pod.Spec.Containers[contIdx].Image - glog.Infof("GetCloudVendorRegistryCredentials for image: %v", imageTag) - cloudVendorSecrets, err := GetCloudVendorRegistryCredentials(imageTag) - if err != nil { - glog.Errorf("Failed to GetCloudVendorRegistryCredentials(%s): %v", imageTag, err) - - } else if len(cloudVendorSecrets) > 0 { - for secName := range cloudVendorSecrets { - secrets[secName] = cloudVendorSecrets[secName] - } - } - } - } - - return secrets, nil -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sconfig.go b/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sconfig.go deleted file mode 100644 index 5ac1ef9d..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sconfig.go +++ /dev/null @@ -1,73 +0,0 @@ -package k8sinterface - -import ( - "context" - "fmt" - "os" - "path/filepath" - - "k8s.io/client-go/dynamic" - "k8s.io/client-go/kubernetes" - restclient "k8s.io/client-go/rest" - "k8s.io/client-go/tools/clientcmd" - - // DO NOT REMOVE - load cloud providers auth - _ "k8s.io/client-go/plugin/pkg/client/auth" -) - -// K8SConfig pointer to k8s config -var K8SConfig *restclient.Config - -// KubernetesApi - -type KubernetesApi struct { - KubernetesClient kubernetes.Interface - DynamicClient dynamic.Interface - Context context.Context -} - -// NewKubernetesApi - -func NewKubernetesApi() *KubernetesApi { - kubernetesClient, err := kubernetes.NewForConfig(GetK8sConfig()) - if err != nil { - panic(fmt.Sprintf("kubernetes.NewForConfig - Failed to load config file, reason: %s", err.Error())) - } - dynamicClient, err := dynamic.NewForConfig(GetK8sConfig()) - if err != nil { - panic(fmt.Sprintf("dynamic.NewForConfig - Failed to load config file, reason: %s", err.Error())) - } - - return &KubernetesApi{ - KubernetesClient: kubernetesClient, - DynamicClient: dynamicClient, - Context: context.Background(), - } -} - -var ConfigPath = filepath.Join(os.Getenv("HOME"), ".kube", "config") -var RunningIncluster bool - -// LoadK8sConfig load config from local file or from cluster -func LoadK8sConfig() error { - kubeconfig, err := clientcmd.BuildConfigFromFlags("", ConfigPath) - if err != nil { - kubeconfig, err = restclient.InClusterConfig() - if err != nil { - return fmt.Errorf("Failed to load kubernetes config from file: '%s', err: %v", ConfigPath, err) - } - RunningIncluster = true - } else { - RunningIncluster = false - } - K8SConfig = kubeconfig - return nil -} - -// GetK8sConfig get config. load if not loaded yer -func GetK8sConfig() *restclient.Config { - if K8SConfig == nil { - if err := LoadK8sConfig(); err != nil { - return nil - } - } - return K8SConfig -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sconfig_test.go b/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sconfig_test.go deleted file mode 100644 index cd658a98..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sconfig_test.go +++ /dev/null @@ -1,26 +0,0 @@ -package k8sinterface - -import ( - "testing" - - "github.com/armosec/capacketsgo/cautils" -) - -func TestGetGroupVersionResource(t *testing.T) { - wlid := "wlid://cluster-david-v1/namespace-default/deployment-nginx-deployment" - r, err := GetGroupVersionResource(cautils.GetKindFromWlid(wlid)) - if err != nil { - t.Error(err) - return - } - if r.Group != "apps" { - t.Errorf("wrong group") - } - if r.Version != "v1" { - t.Errorf("wrong Version") - } - if r.Resource != "deployments" { - t.Errorf("wrong Resource") - } - -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sdynamic.go b/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sdynamic.go deleted file mode 100644 index 51463ae1..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sdynamic.go +++ /dev/null @@ -1,144 +0,0 @@ -package k8sinterface - -import ( - "fmt" - "strings" - - "github.com/armosec/capacketsgo/cautils" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/client-go/dynamic" - // - // Uncomment to load all auth plugins - // _ "k8s.io/client-go/plugin/pkg/client/auth - // - // Or uncomment to load specific auth plugins - // _ "k8s.io/client-go/plugin/pkg/client/auth/azure" - // _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" - // _ "k8s.io/client-go/plugin/pkg/client/auth/oidc" - // _ "k8s.io/client-go/plugin/pkg/client/auth/openstack" -) - -func (k8sAPI *KubernetesApi) GetWorkloadByWlid(wlid string) (*Workload, error) { - return k8sAPI.GetWorkload(cautils.GetNamespaceFromWlid(wlid), cautils.GetKindFromWlid(wlid), cautils.GetNameFromWlid(wlid)) -} - -func (k8sAPI *KubernetesApi) GetWorkload(namespace, kind, name string) (*Workload, error) { - groupVersionResource, err := GetGroupVersionResource(kind) - if err != nil { - return nil, err - } - - w, err := k8sAPI.ResourceInterface(&groupVersionResource, namespace).Get(k8sAPI.Context, name, metav1.GetOptions{}) - if err != nil { - return nil, fmt.Errorf("failed to GET resource, kind: '%s', namespace: '%s', name: '%s', reason: %s", kind, namespace, name, err.Error()) - } - return NewWorkloadObj(w.Object), nil -} - -func (k8sAPI *KubernetesApi) ListWorkloads(groupVersionResource *schema.GroupVersionResource, namespace string, podLabels, fieldSelector map[string]string) ([]Workload, error) { - listOptions := metav1.ListOptions{} - if podLabels != nil && len(podLabels) > 0 { - set := labels.Set(podLabels) - listOptions.LabelSelector = SelectorToString(set) - } - if fieldSelector != nil && len(fieldSelector) > 0 { - set := labels.Set(fieldSelector) - listOptions.FieldSelector = SelectorToString(set) - } - uList, err := k8sAPI.ResourceInterface(groupVersionResource, namespace).List(k8sAPI.Context, listOptions) - if err != nil { - return nil, fmt.Errorf("failed to LIST resources, reason: %s", err.Error()) - } - workloads := make([]Workload, len(uList.Items)) - for i := range uList.Items { - workloads[i] = *NewWorkloadObj(uList.Items[i].Object) - } - return workloads, nil -} - -func (k8sAPI *KubernetesApi) DeleteWorkloadByWlid(wlid string) error { - groupVersionResource, err := GetGroupVersionResource(cautils.GetKindFromWlid(wlid)) - if err != nil { - return err - } - err = k8sAPI.ResourceInterface(&groupVersionResource, cautils.GetNamespaceFromWlid(wlid)).Delete(k8sAPI.Context, cautils.GetNameFromWlid(wlid), metav1.DeleteOptions{}) - if err != nil { - return fmt.Errorf("failed to DELETE resource, workloadID: '%s', reason: %s", wlid, err.Error()) - } - return nil -} - -func (k8sAPI *KubernetesApi) CreateWorkload(workload *Workload) (*Workload, error) { - groupVersionResource, err := GetGroupVersionResource(workload.GetKind()) - if err != nil { - return nil, err - } - obj, err := workload.ToUnstructured() - if err != nil { - return nil, err - } - w, err := k8sAPI.ResourceInterface(&groupVersionResource, workload.GetNamespace()).Create(k8sAPI.Context, obj, metav1.CreateOptions{}) - if err != nil { - return nil, fmt.Errorf("failed to CREATE resource, workload: '%s', reason: %s", workload.Json(), err.Error()) - } - return NewWorkloadObj(w.Object), nil -} - -func (k8sAPI *KubernetesApi) UpdateWorkload(workload *Workload) (*Workload, error) { - groupVersionResource, err := GetGroupVersionResource(workload.GetKind()) - if err != nil { - return nil, err - } - - obj, err := workload.ToUnstructured() - if err != nil { - return nil, err - } - - w, err := k8sAPI.ResourceInterface(&groupVersionResource, workload.GetNamespace()).Update(k8sAPI.Context, obj, metav1.UpdateOptions{}) - if err != nil { - return nil, fmt.Errorf("failed to UPDATE resource, workload: '%s', reason: %s", workload.Json(), err.Error()) - } - return NewWorkloadObj(w.Object), nil -} - -func (k8sAPI *KubernetesApi) GetNamespace(ns string) (*Workload, error) { - groupVersionResource, err := GetGroupVersionResource("namespace") - if err != nil { - return nil, err - } - w, err := k8sAPI.DynamicClient.Resource(groupVersionResource).Get(k8sAPI.Context, ns, metav1.GetOptions{}) - if err != nil { - return nil, fmt.Errorf("failed to get namespace: '%s', reason: %s", ns, err.Error()) - } - return NewWorkloadObj(w.Object), nil -} - -func (k8sAPI *KubernetesApi) ResourceInterface(resource *schema.GroupVersionResource, namespace string) dynamic.ResourceInterface { - if IsNamespaceScope(resource.Group, resource.Resource) { - return k8sAPI.DynamicClient.Resource(*resource).Namespace(namespace) - } - return k8sAPI.DynamicClient.Resource(*resource) -} - -func (k8sAPI *KubernetesApi) CalculateWorkloadParentRecursive(workload *Workload) (string, string, error) { - ownerReferences, err := workload.GetOwnerReferences() // OwnerReferences in workload - if err != nil { - return workload.GetKind(), workload.GetName(), err - } - if len(ownerReferences) == 0 { - return workload.GetKind(), workload.GetName(), nil // parent found - } - ownerReference := ownerReferences[0] - - parentWorkload, err := k8sAPI.GetWorkload(workload.GetNamespace(), ownerReference.Kind, ownerReference.Name) - if err != nil { - if strings.Contains(err.Error(), "not found in resourceMap") { // if parent is RCD - return workload.GetKind(), workload.GetName(), nil // parent found - } - return workload.GetKind(), workload.GetName(), err - } - return k8sAPI.CalculateWorkloadParentRecursive(parentWorkload) -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sdynamic_test.go b/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sdynamic_test.go deleted file mode 100644 index 6be23ad5..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sdynamic_test.go +++ /dev/null @@ -1,43 +0,0 @@ -package k8sinterface - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - dynamicfake "k8s.io/client-go/dynamic/fake" - kubernetesfake "k8s.io/client-go/kubernetes/fake" - // - // metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - // Uncomment to load all auth plugins - // _ "k8s.io/client-go/plugin/pkg/client/auth - // - // Or uncomment to load specific auth plugins - // _ "k8s.io/client-go/plugin/pkg/client/auth/azure" - // _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" - // _ "k8s.io/client-go/plugin/pkg/client/auth/oidc" - // _ "k8s.io/client-go/plugin/pkg/client/auth/openstack" -) - -// NewKubernetesApi - -func NewKubernetesApiMock() *KubernetesApi { - - return &KubernetesApi{ - KubernetesClient: kubernetesfake.NewSimpleClientset(), - DynamicClient: dynamicfake.NewSimpleDynamicClient(&runtime.Scheme{}), - Context: context.Background(), - } -} - -// func TestListDynamic(t *testing.T) { -// k8s := NewKubernetesApi() -// resource := schema.GroupVersionResource{Group: "", Version: "v1", Resource: "pods"} -// clientResource, err := k8s.DynamicClient.Resource(resource).Namespace("default").List(k8s.Context, metav1.ListOptions{}) -// if err != nil { -// t.Errorf("err: %v", err) -// } else { -// bla, _ := json.Marshal(clientResource) -// // t.Errorf("BearerToken: %v", *K8SConfig) -// // ioutil.WriteFile("bla.json", bla, 777) -// t.Errorf("clientResource: %s", string(bla)) -// } -// } diff --git a/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sdynamicutils.go b/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sdynamicutils.go deleted file mode 100644 index 25f099ac..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sdynamicutils.go +++ /dev/null @@ -1,66 +0,0 @@ -package k8sinterface - -import ( - "sort" - "strings" - - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/labels" -) - -// -// Uncomment to load all auth plugins -// _ "k8s.io/client-go/plugin/pkg/client/auth -// -// Or uncomment to load specific auth plugins -// _ "k8s.io/client-go/plugin/pkg/client/auth/azure" -// _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" -// _ "k8s.io/client-go/plugin/pkg/client/auth/oidc" -// _ "k8s.io/client-go/plugin/pkg/client/auth/openstack" - -func ConvertUnstructuredSliceToMap(unstructuredSlice []unstructured.Unstructured) []map[string]interface{} { - converted := make([]map[string]interface{}, len(unstructuredSlice)) - for i := range unstructuredSlice { - converted[i] = unstructuredSlice[i].Object - } - return converted -} - -func FilterOutOwneredResources(result []unstructured.Unstructured) []unstructured.Unstructured { - response := []unstructured.Unstructured{} - recognizedOwners := []string{"Deployment", "ReplicaSet", "DaemonSet", "StatefulSet", "Job", "CronJob"} - for i := range result { - ownerReferences := result[i].GetOwnerReferences() - if len(ownerReferences) == 0 { - response = append(response, result[i]) - } else if !IsStringInSlice(recognizedOwners, ownerReferences[0].Kind) { - response = append(response, result[i]) - } - } - return response -} - -func IsStringInSlice(slice []string, val string) bool { - for _, item := range slice { - if item == val { - return true - } - } - return false -} - -// String returns all labels listed as a human readable string. -// Conveniently, exactly the format that ParseSelector takes. -func SelectorToString(ls labels.Set) string { - selector := make([]string, 0, len(ls)) - for key, value := range ls { - if value != "" { - selector = append(selector, key+"="+value) - } else { - selector = append(selector, key) - } - } - // Sort for determinism. - sort.StringSlice(selector).Sort() - return strings.Join(selector, ",") -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sdynamicutils_test.go b/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sdynamicutils_test.go deleted file mode 100644 index 97dc9048..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sdynamicutils_test.go +++ /dev/null @@ -1,10 +0,0 @@ -package k8sinterface - -import "testing" - -func TestConvertUnstructuredSliceToMap(t *testing.T) { - converted := ConvertUnstructuredSliceToMap(V1KubeSystemNamespaceMock().Items) - if len(converted) == 0 { // != 7 - t.Errorf("len(converted) == 0") - } -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sstatic.go b/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sstatic.go deleted file mode 100644 index 1d3746f6..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sinterface/k8sstatic.go +++ /dev/null @@ -1,70 +0,0 @@ -package k8sinterface - -import ( - "context" - - "github.com/armosec/capacketsgo/cautils" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" -) - -func IsAttached(labels map[string]string) *bool { - return IsLabel(labels, cautils.ArmoAttach) -} - -func IsAgentCompatibleLabel(labels map[string]string) *bool { - return IsLabel(labels, cautils.ArmoCompatibleLabel) -} -func IsAgentCompatibleAnnotation(annotations map[string]string) *bool { - return IsLabel(annotations, cautils.ArmoCompatibleAnnotation) -} -func SetAgentCompatibleLabel(labels map[string]string, val bool) { - SetLabel(labels, cautils.ArmoCompatibleLabel, val) -} -func SetAgentCompatibleAnnotation(annotations map[string]string, val bool) { - SetLabel(annotations, cautils.ArmoCompatibleAnnotation, val) -} -func IsLabel(labels map[string]string, key string) *bool { - if labels == nil || len(labels) == 0 { - return nil - } - var k bool - if l, ok := labels[key]; ok { - if l == "true" { - k = true - } else if l == "false" { - k = false - } - return &k - } - return nil -} -func SetLabel(labels map[string]string, key string, val bool) { - if labels == nil { - return - } - v := "" - if val { - v = "true" - } else { - v = "false" - } - labels[key] = v -} -func (k8sAPI *KubernetesApi) ListAttachedPods(namespace string) ([]corev1.Pod, error) { - return k8sAPI.ListPods(namespace, map[string]string{cautils.ArmoAttach: cautils.BoolToString(true)}) -} - -func (k8sAPI *KubernetesApi) ListPods(namespace string, podLabels map[string]string) ([]corev1.Pod, error) { - listOptions := metav1.ListOptions{} - if podLabels != nil && len(podLabels) > 0 { - set := labels.Set(podLabels) - listOptions.LabelSelector = set.AsSelector().String() - } - pods, err := k8sAPI.KubernetesClient.CoreV1().Pods(namespace).List(context.Background(), listOptions) - if err != nil { - return []corev1.Pod{}, err - } - return pods.Items, nil -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sinterface/mockdynamicobjects.go b/vendor/github.com/armosec/capacketsgo/k8sinterface/mockdynamicobjects.go deleted file mode 100644 index 658c4fcc..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sinterface/mockdynamicobjects.go +++ /dev/null @@ -1,1963 +0,0 @@ -package k8sinterface - -import ( - "encoding/json" - - "github.com/golang/glog" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" -) - -func V1KubeSystemNamespaceMock() *unstructured.UnstructuredList { - podsList := ` - {"apiVersion":"v1","items":[{"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{"cyberarmor.jobs":"{\"jobID\":\"\",\"parentJobID\":\"\",\"actionID\":\"4\"}","cyberarmor.last-update":"07-04-2021 19:17:56","cyberarmor.status":"Patched","cyberarmor.wlid":"wlid://cluster-openrasty_seal-7fvz/namespace-default/deployment-nginx-deployment","wlid":"wlid://cluster-openrasty_seal-7fvz/namespace-default/deployment-nginx-deployment"},"creationTimestamp":"2021-04-08T06:18:15Z","generateName":"nginx-deployment-dd485bc9-","labels":{"app":"nginx","cyberarmor":"Patched","pod-template-hash":"dd485bc9"},"managedFields":[{"apiVersion":"v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:cyberarmor.jobs":{},"f:cyberarmor.last-update":{},"f:cyberarmor.status":{},"f:cyberarmor.wlid":{},"f:wlid":{}},"f:generateName":{},"f:labels":{".":{},"f:app":{},"f:cyberarmor":{},"f:pod-template-hash":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\"b223826d-3aa9-4a9d-b057-2736a8800d71\"}":{".":{},"f:apiVersion":{},"f:blockOwnerDeletion":{},"f:controller":{},"f:kind":{},"f:name":{},"f:uid":{}}}},"f:spec":{"f:containers":{"k:{\"name\":\"nginx\"}":{".":{},"f:env":{".":{},"k:{\"name\":\"CAA_CONTAINER_IMAGE_NAME\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"CAA_CONTAINER_NAME\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"CAA_ENABLE_DISCOVERY\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"CAA_HOME\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"CAA_LOADNAMES\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"CAA_NOTIFICATION_SERVER\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"CAA_ORACLE_SERVER\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"CAA_POD_NAME\"}":{".":{},"f:name":{},"f:valueFrom":{".":{},"f:fieldRef":{".":{},"f:apiVersion":{},"f:fieldPath":{}}}},"k:{\"name\":\"CAA_POD_NAMESPACE\"}":{".":{},"f:name":{},"f:valueFrom":{".":{},"f:fieldRef":{".":{},"f:apiVersion":{},"f:fieldPath":{}}}},"k:{\"name\":\"LD_PRELOAD\"}":{".":{},"f:name":{},"f:value":{}}},"f:image":{},"f:imagePullPolicy":{},"f:name":{},"f:ports":{".":{},"k:{\"containerPort\":80,\"protocol\":\"TCP\"}":{".":{},"f:containerPort":{},"f:protocol":{}}},"f:resources":{},"f:terminationMessagePath":{},"f:terminationMessagePolicy":{}}},"f:dnsPolicy":{},"f:enableServiceLinks":{},"f:restartPolicy":{},"f:schedulerName":{},"f:securityContext":{},"f:terminationGracePeriodSeconds":{},"f:volumes":{".":{},"k:{\"name\":\"caa-home-vol\"}":{".":{},"f:emptyDir":{},"f:name":{}}}}},"manager":"kube-controller-manager","operation":"Update","time":"2021-04-09T09:29:24Z"},{"apiVersion":"v1","fieldsType":"FieldsV1","fieldsV1":{"f:status":{"f:conditions":{"k:{\"type\":\"ContainersReady\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Initialized\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Ready\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}}},"f:containerStatuses":{},"f:hostIP":{},"f:initContainerStatuses":{},"f:phase":{},"f:podIP":{},"f:podIPs":{".":{},"k:{\"ip\":\"172.17.0.13\"}":{".":{},"f:ip":{}}},"f:startTime":{}}},"manager":"kubelet","operation":"Update","time":"2021-04-12T04:44:06Z"}],"name":"nginx-deployment-dd485bc9-bfgnh","namespace":"default","ownerReferences":[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"ReplicaSet","name":"nginx-deployment-dd485bc9","uid":"b223826d-3aa9-4a9d-b057-2736a8800d71"}],"resourceVersion":"612143","uid":"8966bf5a-80e8-4b3a-9c0b-ab9091d3f478"},"spec":{"containers":[{"env":[{"name":"CAA_NOTIFICATION_SERVER","value":"http://10.110.208.9:8001"},{"name":"CAA_CONTAINER_NAME","value":"nginx"},{"name":"LD_PRELOAD","value":"/etc/cyberarmor/libcaa.so"},{"name":"CAA_POD_NAME","valueFrom":{"fieldRef":{"apiVersion":"v1","fieldPath":"metadata.name"}}},{"name":"CAA_HOME","value":"/etc/cyberarmor"},{"name":"CAA_ORACLE_SERVER","value":"http://10.102.233.40:4000"},{"name":"CAA_ENABLE_DISCOVERY","value":"true"},{"name":"CAA_CONTAINER_IMAGE_NAME","value":"nginx:1.14.2"},{"name":"CAA_POD_NAMESPACE","valueFrom":{"fieldRef":{"apiVersion":"v1","fieldPath":"metadata.namespace"}}},{"name":"CAA_LOADNAMES","value":"*"},{"name":"CAA_GUID","value":"37ad7bc4-dbdf-48fc-86b5-6d4fdae784ad"}],"image":"debian:10.9","imagePullPolicy":"IfNotPresent","name":"nginx","ports":[{"containerPort":80,"protocol":"TCP"}],"resources":{},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","volumeMounts":[{"mountPath":"/var/run/secrets/kubernetes.io/serviceaccount","name":"default-token-gpl5r","readOnly":true},{"mountPath":"/etc/cyberarmor","name":"caa-home-vol","subPath":"nginx"},{"mountPath":"/etc/ld.so.preload","name":"caa-home-vol","subPath":"ld.so.preload"}]}],"dnsPolicy":"ClusterFirst","enableServiceLinks":true,"initContainers":[{"args":["-c","set -e; wget --tries=2 --no-check-certificate https://10.97.200.72:443/cazips/4394352308852781232 -O /etc/cyberarmor/1617862695.zip; unzip -o /etc/cyberarmor/1617862695.zip -d /etc/cyberarmor; rm -rf /etc/cyberarmor/1617862695.zip; echo \"/etc/cyberarmor/libcaa.so\" \u003e\u003e/etc/cyberarmor/ld.so.preload; env | grep \"CAA_\"\u003e\u003e/etc/cyberarmor/nginx/caa_envs; chmod -R 777 /etc/cyberarmor/*; set +e; wget -O/dev/null http://10.102.233.40:4000/v1/getiptable?name=pod.${CAA_POD_NAMESPACE}.${CAA_POD_NAME}"],"command":["/bin/sh"],"env":[{"name":"CAA_NOTIFICATION_SERVER","value":"http://10.110.208.9:8001"},{"name":"CAA_POD_NAME","valueFrom":{"fieldRef":{"apiVersion":"v1","fieldPath":"metadata.name"}}},{"name":"CAA_HOME","value":"/etc/cyberarmor"},{"name":"CAA_ORACLE_SERVER","value":"http://10.102.233.40:4000"},{"name":"CAA_POD_NAMESPACE","valueFrom":{"fieldRef":{"apiVersion":"v1","fieldPath":"metadata.namespace"}}}],"image":"alpine:3.9.4","imagePullPolicy":"IfNotPresent","name":"ca-init-container","resources":{},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","volumeMounts":[{"mountPath":"/etc/cyberarmor","name":"caa-home-vol"},{"mountPath":"/var/run/secrets/kubernetes.io/serviceaccount","name":"default-token-gpl5r","readOnly":true}]}],"nodeName":"david-virtualbox","preemptionPolicy":"PreemptLowerPriority","priority":0,"restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"serviceAccount":"default","serviceAccountName":"default","terminationGracePeriodSeconds":30,"tolerations":[{"effect":"NoExecute","key":"node.kubernetes.io/not-ready","operator":"Exists","tolerationSeconds":300},{"effect":"NoExecute","key":"node.kubernetes.io/unreachable","operator":"Exists","tolerationSeconds":300}],"volumes":[{"emptyDir":{},"name":"caa-home-vol"},{"name":"default-token-gpl5r","secret":{"defaultMode":420,"secretName":"default-token-gpl5r"}}]},"status":{"conditions":[{"lastProbeTime":null,"lastTransitionTime":"2021-04-12T04:44:05Z","status":"True","type":"Initialized"},{"lastProbeTime":null,"lastTransitionTime":"2021-04-12T04:44:06Z","status":"True","type":"Ready"},{"lastProbeTime":null,"lastTransitionTime":"2021-04-12T04:44:06Z","status":"True","type":"ContainersReady"},{"lastProbeTime":null,"lastTransitionTime":"2021-04-08T06:18:15Z","status":"True","type":"PodScheduled"}],"containerStatuses":[{"containerID":"docker://eee0a1d5c21fd3cad86a397de785c22c41b0a7cefd696a0eaba46ee135ce2212","image":"nginx:1.14.2","imageID":"docker-pullable://nginx@sha256:f7988fb6c02e0ce69257d9bd9cf37ae20a60f1df7563c3a2a6abe24160306b8d","lastState":{"terminated":{"containerID":"docker://a969c4d02d5f54749e1496519437e851b86c7b88f73af970a396bfa5bcf55def","exitCode":0,"finishedAt":"2021-04-11T17:58:57Z","reason":"Completed","startedAt":"2021-04-11T10:54:49Z"}},"name":"nginx","ready":true,"restartCount":3,"started":true,"state":{"running":{"startedAt":"2021-04-12T04:44:06Z"}}}],"hostIP":"10.0.2.15","initContainerStatuses":[{"containerID":"docker://f5a678979671ec4dcc7768322239186c69ae5d5ff04e980603deb514e590a3ef","image":"alpine:3.9.4","imageID":"docker-pullable://alpine@sha256:7746df395af22f04212cd25a92c1d6dbc5a06a0ca9579a229ef43008d4d1302a","lastState":{},"name":"ca-init-container","ready":true,"restartCount":11,"state":{"terminated":{"containerID":"docker://f5a678979671ec4dcc7768322239186c69ae5d5ff04e980603deb514e590a3ef","exitCode":0,"finishedAt":"2021-04-12T04:44:05Z","reason":"Completed","startedAt":"2021-04-12T04:44:04Z"}}}],"phase":"Running","podIP":"172.17.0.13","podIPs":[{"ip":"172.17.0.13"}],"qosClass":"BestEffort","startTime":"2021-04-08T06:18:15Z"}},{"apiVersion":"v1","kind":"Pod","metadata":{"creationTimestamp":"2021-04-08T10:59:58Z","generateName":"nginx-external-666b749977-","labels":{"app":"nginx-external","pod-template-hash":"666b749977"},"managedFields":[{"apiVersion":"v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:generateName":{},"f:labels":{".":{},"f:app":{},"f:pod-template-hash":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\"8845ed17-b259-4b6f-b83b-960875cb218e\"}":{".":{},"f:apiVersion":{},"f:blockOwnerDeletion":{},"f:controller":{},"f:kind":{},"f:name":{},"f:uid":{}}}},"f:spec":{"f:containers":{"k:{\"name\":\"nginx-external\"}":{".":{},"f:image":{},"f:imagePullPolicy":{},"f:name":{},"f:ports":{".":{},"k:{\"containerPort\":80,\"protocol\":\"TCP\"}":{".":{},"f:containerPort":{},"f:protocol":{}}},"f:resources":{},"f:terminationMessagePath":{},"f:terminationMessagePolicy":{}}},"f:dnsPolicy":{},"f:enableServiceLinks":{},"f:restartPolicy":{},"f:schedulerName":{},"f:securityContext":{},"f:terminationGracePeriodSeconds":{}}},"manager":"kube-controller-manager","operation":"Update","time":"2021-04-09T09:29:24Z"},{"apiVersion":"v1","fieldsType":"FieldsV1","fieldsV1":{"f:status":{"f:conditions":{"k:{\"type\":\"ContainersReady\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Initialized\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Ready\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}}},"f:containerStatuses":{},"f:hostIP":{},"f:phase":{},"f:podIP":{},"f:podIPs":{".":{},"k:{\"ip\":\"172.17.0.10\"}":{".":{},"f:ip":{}}},"f:startTime":{}}},"manager":"kubelet","operation":"Update","time":"2021-04-12T04:42:30Z"}],"name":"nginx-external-666b749977-qmkbp","namespace":"default","ownerReferences":[{"apiVersion":"apps/v1","blockOwnerDeletion":true,"controller":true,"kind":"ReplicaSet","name":"nginx-external-666b749977","uid":"8845ed17-b259-4b6f-b83b-960875cb218e"}],"resourceVersion":"611874","uid":"10e7197a-4ca3-4ffa-b2de-258b88087bb3"},"spec":{"containers":[{"image":"nginx:1.14.2","imagePullPolicy":"IfNotPresent","name":"nginx-external","ports":[{"containerPort":80,"protocol":"TCP"}],"resources":{},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","volumeMounts":[{"mountPath":"/var/run/secrets/kubernetes.io/serviceaccount","name":"default-token-gpl5r","readOnly":true}]}],"dnsPolicy":"ClusterFirst","enableServiceLinks":true,"nodeName":"david-virtualbox","preemptionPolicy":"PreemptLowerPriority","priority":0,"restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"serviceAccount":"default","serviceAccountName":"default","terminationGracePeriodSeconds":30,"tolerations":[{"effect":"NoExecute","key":"node.kubernetes.io/not-ready","operator":"Exists","tolerationSeconds":300},{"effect":"NoExecute","key":"node.kubernetes.io/unreachable","operator":"Exists","tolerationSeconds":300}],"volumes":[{"name":"default-token-gpl5r","secret":{"defaultMode":420,"secretName":"default-token-gpl5r"}}]},"status":{"conditions":[{"lastProbeTime":null,"lastTransitionTime":"2021-04-08T10:59:58Z","status":"True","type":"Initialized"},{"lastProbeTime":null,"lastTransitionTime":"2021-04-12T04:42:23Z","status":"True","type":"Ready"},{"lastProbeTime":null,"lastTransitionTime":"2021-04-12T04:42:23Z","status":"True","type":"ContainersReady"},{"lastProbeTime":null,"lastTransitionTime":"2021-04-08T10:59:58Z","status":"True","type":"PodScheduled"}],"containerStatuses":[{"containerID":"docker://0f7155f130cc50f1a3f7bb42c6fa990d6a05c59ca5de6c1cc920c352244e3fb8","image":"nginx:1.14.2","imageID":"docker-pullable://nginx@sha256:f7988fb6c02e0ce69257d9bd9cf37ae20a60f1df7563c3a2a6abe24160306b8d","lastState":{"terminated":{"containerID":"docker://2f72ec2807284ba31c555988833a00569224bc3e9ef1459e2a972f478947ad82","exitCode":0,"finishedAt":"2021-04-11T17:58:51Z","reason":"Completed","startedAt":"2021-04-11T10:53:50Z"}},"name":"nginx-external","ready":true,"restartCount":3,"started":true,"state":{"running":{"startedAt":"2021-04-12T04:42:23Z"}}}],"hostIP":"10.0.2.15","phase":"Running","podIP":"172.17.0.10","podIPs":[{"ip":"172.17.0.10"}],"qosClass":"BestEffort","startTime":"2021-04-08T10:59:58Z"}},{"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"v1\",\"kind\":\"Pod\",\"metadata\":{\"annotations\":{},\"name\":\"privileged\",\"namespace\":\"default\"},\"spec\":{\"containers\":[{\"image\":\"k8s.gcr.io/pause\",\"name\":\"pause\",\"securityContext\":{\"privileged\":true}}]}}\n"},"creationTimestamp":"2021-04-08T06:20:36Z","managedFields":[{"apiVersion":"v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:kubectl.kubernetes.io/last-applied-configuration":{}}},"f:spec":{"f:containers":{"k:{\"name\":\"pause\"}":{".":{},"f:image":{},"f:imagePullPolicy":{},"f:name":{},"f:resources":{},"f:securityContext":{".":{},"f:privileged":{}},"f:terminationMessagePath":{},"f:terminationMessagePolicy":{}}},"f:dnsPolicy":{},"f:enableServiceLinks":{},"f:restartPolicy":{},"f:schedulerName":{},"f:securityContext":{},"f:terminationGracePeriodSeconds":{}}},"manager":"kubectl-client-side-apply","operation":"Update","time":"2021-04-08T06:20:35Z"},{"apiVersion":"v1","fieldsType":"FieldsV1","fieldsV1":{"f:status":{"f:conditions":{"k:{\"type\":\"ContainersReady\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Initialized\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Ready\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}}},"f:containerStatuses":{},"f:hostIP":{},"f:phase":{},"f:podIP":{},"f:podIPs":{".":{},"k:{\"ip\":\"172.17.0.11\"}":{".":{},"f:ip":{}}},"f:startTime":{}}},"manager":"kubelet","operation":"Update","time":"2021-04-12T04:42:55Z"}],"name":"privileged","namespace":"default","resourceVersion":"612034","uid":"aeb4d71a-e99f-4927-a725-9a42661ed173"},"spec":{"containers":[{"image":"k8s.gcr.io/pause","imagePullPolicy":"Always","name":"pause","resources":{},"securityContext":{"privileged":true},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","volumeMounts":[{"mountPath":"/var/run/secrets/kubernetes.io/serviceaccount","name":"default-token-gpl5r","readOnly":true}]}],"dnsPolicy":"ClusterFirst","enableServiceLinks":true,"nodeName":"david-virtualbox","preemptionPolicy":"PreemptLowerPriority","priority":0,"restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"serviceAccount":"default","serviceAccountName":"default","terminationGracePeriodSeconds":30,"tolerations":[{"effect":"NoExecute","key":"node.kubernetes.io/not-ready","operator":"Exists","tolerationSeconds":300},{"effect":"NoExecute","key":"node.kubernetes.io/unreachable","operator":"Exists","tolerationSeconds":300}],"volumes":[{"name":"default-token-gpl5r","secret":{"defaultMode":420,"secretName":"default-token-gpl5r"}}]},"status":{"conditions":[{"lastProbeTime":null,"lastTransitionTime":"2021-04-08T06:20:36Z","status":"True","type":"Initialized"},{"lastProbeTime":null,"lastTransitionTime":"2021-04-12T04:42:55Z","status":"True","type":"Ready"},{"lastProbeTime":null,"lastTransitionTime":"2021-04-12T04:42:55Z","status":"True","type":"ContainersReady"},{"lastProbeTime":null,"lastTransitionTime":"2021-04-08T06:20:36Z","status":"True","type":"PodScheduled"}],"containerStatuses":[{"containerID":"docker://5ff07dda633a0fca12b02d5fb87ea3bbf5bfaaec6f8634c0fe83f076f798b777","image":"k8s.gcr.io/pause:latest","imageID":"docker-pullable://k8s.gcr.io/pause@sha256:a78c2d6208eff9b672de43f880093100050983047b7b0afe0217d3656e1b0d5f","lastState":{"terminated":{"containerID":"docker://dcb0accc4283112478d94e44ad5dcf4e1b6fa08c336fc98121d860f66e756fa3","exitCode":2,"finishedAt":"2021-04-11T17:58:51Z","reason":"Error","startedAt":"2021-04-11T10:54:03Z"}},"name":"pause","ready":true,"restartCount":3,"started":true,"state":{"running":{"startedAt":"2021-04-12T04:42:54Z"}}}],"hostIP":"10.0.2.15","phase":"Running","podIP":"172.17.0.11","podIPs":[{"ip":"172.17.0.11"}],"qosClass":"BestEffort","startTime":"2021-04-08T06:20:36Z"}}],"kind":"PodList","metadata":{"resourceVersion":"630469"}} - ` - unstructuredList := unstructured.UnstructuredList{} - if err := json.Unmarshal([]byte(podsList), &unstructuredList); err != nil { - glog.Error(err) - } - return &unstructuredList -} - -func V1AllClusterWithCompromisedRegistriesMock() *unstructured.UnstructuredList { - podsList := ` - { - "apiVersion": "v1", - "items": [ - { - "apiVersion": "v1", - "kind": "Pod", - "metadata": { - "creationTimestamp": "2021-04-06T10:55:58Z", - "generateName": "coredns-569467d7c-", - "name": "coredns-569467d7c-4f4sz", - "namespace": "kube-system", - "ownerReferences": [ - { - "apiVersion": "apps/v1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ReplicaSet", - "name": "coredns-569467d7c", - "uid": "033d590d-a773-402c-8c41-c9ccbc1b4ebf" - } - ], - "resourceVersion": "6776216", - "selfLink": "/api/v1/namespaces/kube-system/pods/coredns-569467d7c-4f4sz", - "uid": "a8f5b268-2ced-4172-a404-88281141e829" - }, - "spec": { - "containers": [ - { - "args": [ - "-conf", - "/etc/coredns/Corefile" - ], - "image": "quay.io/keycloak/coredns:1.3.1", - "imagePullPolicy": "IfNotPresent", - "livenessProbe": { - "failureThreshold": 5, - "httpGet": { - "path": "/health", - "port": 8080, - "scheme": "HTTP" - }, - "initialDelaySeconds": 60, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 5 - }, - "name": "coredns", - "ports": [ - { - "containerPort": 53, - "name": "dns", - "protocol": "UDP" - }, - { - "containerPort": 53, - "name": "dns-tcp", - "protocol": "TCP" - }, - { - "containerPort": 9153, - "name": "metrics", - "protocol": "TCP" - } - ], - "readinessProbe": { - "failureThreshold": 3, - "httpGet": { - "path": "/health", - "port": 8080, - "scheme": "HTTP" - }, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 1 - }, - "resources": { - "limits": { - "memory": "170Mi" - }, - "requests": { - "cpu": "100m", - "memory": "70Mi" - } - }, - "securityContext": { - "allowPrivilegeEscalation": false, - "capabilities": { - "add": [ - "NET_BIND_SERVICE" - ], - "drop": [ - "all" - ] - }, - "readOnlyRootFilesystem": true - }, - "terminationMessagePath": "/dev/termination-log", - "terminationMessagePolicy": "File", - "volumeMounts": [ - { - "mountPath": "/etc/coredns", - "name": "config-volume", - "readOnly": true - }, - { - "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount", - "name": "coredns-token-pc89n", - "readOnly": true - } - ] - } - ], - "dnsPolicy": "Default", - "enableServiceLinks": true, - "nodeName": "minikube", - "nodeSelector": { - "beta.kubernetes.io/os": "linux" - }, - "priority": 2000000000, - "priorityClassName": "system-cluster-critical", - "restartPolicy": "Always", - "schedulerName": "default-scheduler", - "securityContext": {}, - "serviceAccount": "coredns", - "serviceAccountName": "coredns", - "terminationGracePeriodSeconds": 30, - "tolerations": [ - { - "key": "CriticalAddonsOnly", - "operator": "Exists" - }, - { - "effect": "NoSchedule", - "key": "node-role.kubernetes.io/master" - }, - { - "effect": "NoExecute", - "key": "node.kubernetes.io/not-ready", - "operator": "Exists", - "tolerationSeconds": 300 - }, - { - "effect": "NoExecute", - "key": "node.kubernetes.io/unreachable", - "operator": "Exists", - "tolerationSeconds": 300 - } - ], - "volumes": [ - { - "configMap": { - "defaultMode": 420, - "items": [ - { - "key": "Corefile", - "path": "Corefile" - } - ], - "name": "coredns" - }, - "name": "config-volume" - }, - { - "name": "coredns-token-pc89n", - "secret": { - "defaultMode": 420, - "secretName": "coredns-token-pc89n" - } - } - ] - }, - "status": { - "conditions": [ - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-06T10:55:59Z", - "status": "True", - "type": "Initialized" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:21Z", - "status": "True", - "type": "Ready" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:21Z", - "status": "True", - "type": "ContainersReady" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-06T10:55:58Z", - "status": "True", - "type": "PodScheduled" - } - ], - "containerStatuses": [ - { - "containerID": "docker://b2193a2366bd66183ca9ae791ec83e2c7539215bc6df8c72d209eea219c33ee9", - "image": "k8s.gcr.io/coredns:1.3.1", - "imageID": "docker-pullable://k8s.gcr.io/coredns@sha256:02382353821b12c21b062c59184e227e001079bb13ebd01f9d3270ba0fcbf1e4", - "lastState": { - "terminated": { - "containerID": "docker://230f6e53c7573be85855d6b458d690b8624e30a0404e44279655384ef3b47651", - "exitCode": 2, - "finishedAt": "2021-04-21T08:11:17Z", - "reason": "Error", - "startedAt": "2021-04-21T07:06:46Z" - } - }, - "name": "coredns", - "ready": true, - "restartCount": 26, - "state": { - "running": { - "startedAt": "2021-04-21T08:12:14Z" - } - } - } - ], - "hostIP": "10.0.2.15", - "phase": "Running", - "podIP": "172.17.0.3", - "qosClass": "Burstable", - "startTime": "2021-04-06T10:55:59Z" - } - }, - { - "apiVersion": "v1", - "kind": "Pod", - "metadata": { - "annotations": { - "cyberarmor.jobs": "{\"jobID\":\"684c562a-e80e-45a4-ac79-dd6a0c3c5dfd\",\"parentJobID\":\"\",\"actionID\":\"3\"}", - "cyberarmor.last-update": "06-04-2021 10:55:58", - "cyberarmor.wlid": "wlid://cluster-decrypt_secret-tadl/namespace-kube-system/deployment-coredns", - "latets-catriger-update": "23-07-2020 06:49:56", - "wlid": "wlid://cluster-decrypt_secret-tadl/namespace-kube-system/deployment-coredns" - }, - "creationTimestamp": "2021-04-06T10:55:58Z", - "generateName": "coredns-569467d7c-", - "labels": { - "cyberarmor.inject": "add", - "injectCyberArmor": "add", - "k8s-app": "kube-dns", - "pod-template-hash": "569467d7c" - }, - "name": "coredns-569467d7c-6q4mq", - "namespace": "kube-system", - "ownerReferences": [ - { - "apiVersion": "apps/v1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ReplicaSet", - "name": "coredns-569467d7c", - "uid": "033d590d-a773-402c-8c41-c9ccbc1b4ebf" - } - ], - "resourceVersion": "6776210", - "selfLink": "/api/v1/namespaces/kube-system/pods/coredns-569467d7c-6q4mq", - "uid": "198305ea-82b4-4c14-9b40-ca01b2caafe8" - }, - "spec": { - "containers": [ - { - "args": [ - "-conf", - "/etc/coredns/Corefile" - ], - "image": "015253967648.dkr.ecr.eu-central-1.amazonaws.com/coredns:1.3.1", - "imagePullPolicy": "IfNotPresent", - "livenessProbe": { - "failureThreshold": 5, - "httpGet": { - "path": "/health", - "port": 8080, - "scheme": "HTTP" - }, - "initialDelaySeconds": 60, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 5 - }, - "name": "coredns", - "ports": [ - { - "containerPort": 53, - "name": "dns", - "protocol": "UDP" - }, - { - "containerPort": 53, - "name": "dns-tcp", - "protocol": "TCP" - }, - { - "containerPort": 9153, - "name": "metrics", - "protocol": "TCP" - } - ], - "readinessProbe": { - "failureThreshold": 3, - "httpGet": { - "path": "/health", - "port": 8080, - "scheme": "HTTP" - }, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 1 - }, - "resources": { - "limits": { - "memory": "170Mi" - }, - "requests": { - "cpu": "100m", - "memory": "70Mi" - } - }, - "securityContext": { - "allowPrivilegeEscalation": false, - "capabilities": { - "add": [ - "NET_BIND_SERVICE" - ], - "drop": [ - "all" - ] - }, - "readOnlyRootFilesystem": true - }, - "terminationMessagePath": "/dev/termination-log", - "terminationMessagePolicy": "File", - "volumeMounts": [ - { - "mountPath": "/etc/coredns", - "name": "config-volume", - "readOnly": true - }, - { - "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount", - "name": "coredns-token-pc89n", - "readOnly": true - } - ] - } - ], - "dnsPolicy": "Default", - "enableServiceLinks": true, - "nodeName": "minikube", - "nodeSelector": { - "beta.kubernetes.io/os": "linux" - }, - "priority": 2000000000, - "priorityClassName": "system-cluster-critical", - "restartPolicy": "Always", - "schedulerName": "default-scheduler", - "securityContext": {}, - "serviceAccount": "coredns", - "serviceAccountName": "coredns", - "terminationGracePeriodSeconds": 30, - "tolerations": [ - { - "key": "CriticalAddonsOnly", - "operator": "Exists" - }, - { - "effect": "NoSchedule", - "key": "node-role.kubernetes.io/master" - }, - { - "effect": "NoExecute", - "key": "node.kubernetes.io/not-ready", - "operator": "Exists", - "tolerationSeconds": 300 - }, - { - "effect": "NoExecute", - "key": "node.kubernetes.io/unreachable", - "operator": "Exists", - "tolerationSeconds": 300 - } - ], - "volumes": [ - { - "configMap": { - "defaultMode": 420, - "items": [ - { - "key": "Corefile", - "path": "Corefile" - } - ], - "name": "coredns" - }, - "name": "config-volume" - }, - { - "name": "coredns-token-pc89n", - "secret": { - "defaultMode": 420, - "secretName": "coredns-token-pc89n" - } - } - ] - }, - "status": { - "conditions": [ - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-06T10:55:58Z", - "status": "True", - "type": "Initialized" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:20Z", - "status": "True", - "type": "Ready" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:20Z", - "status": "True", - "type": "ContainersReady" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-06T10:55:58Z", - "status": "True", - "type": "PodScheduled" - } - ], - "containerStatuses": [ - { - "containerID": "docker://d7ea4c43607c7ab2b6f70e45b60eaf8d83a328e1372126dda2e7cb8238492d7f", - "image": "k8s.gcr.io/coredns:1.3.1", - "imageID": "docker-pullable://k8s.gcr.io/coredns@sha256:02382353821b12c21b062c59184e227e001079bb13ebd01f9d3270ba0fcbf1e4", - "lastState": { - "terminated": { - "containerID": "docker://6cbec2cca5ed9194e59ba56d64d93a62fbc09601f54db7986d00a52baf1897c8", - "exitCode": 2, - "finishedAt": "2021-04-21T08:11:17Z", - "reason": "Error", - "startedAt": "2021-04-21T07:05:39Z" - } - }, - "name": "coredns", - "ready": true, - "restartCount": 25, - "state": { - "running": { - "startedAt": "2021-04-21T08:12:14Z" - } - } - } - ], - "hostIP": "10.0.2.15", - "phase": "Running", - "podIP": "172.17.0.4", - "qosClass": "Burstable", - "startTime": "2021-04-06T10:55:58Z" - } - }, - { - "apiVersion": "v1", - "kind": "Pod", - "metadata": { - "creationTimestamp": "2020-07-23T06:50:09Z", - "labels": { - "component": "etcd", - "tier": "control-plane" - }, - "name": "etcd-minikube", - "namespace": "kube-system", - "resourceVersion": "6776159", - "selfLink": "/api/v1/namespaces/kube-system/pods/etcd-minikube", - "uid": "1ff6c452-3487-4866-8c5c-920b0d67fc12" - }, - "spec": { - "containers": [ - { - "command": [ - "etcd", - "--advertise-client-urls=https://10.0.2.15:2379", - "--cert-file=/var/lib/minikube/certs/etcd/server.crt", - "--client-cert-auth=true", - "--data-dir=/data/minikube", - "--initial-advertise-peer-urls=https://10.0.2.15:2380", - "--initial-cluster=minikube=https://10.0.2.15:2380", - "--key-file=/var/lib/minikube/certs/etcd/server.key", - "--listen-client-urls=https://127.0.0.1:2379,https://10.0.2.15:2379", - "--listen-peer-urls=https://10.0.2.15:2380", - "--name=minikube", - "--peer-cert-file=/var/lib/minikube/certs/etcd/peer.crt", - "--peer-client-cert-auth=true", - "--peer-key-file=/var/lib/minikube/certs/etcd/peer.key", - "--peer-trusted-ca-file=/var/lib/minikube/certs/etcd/ca.crt", - "--snapshot-count=10000", - "--trusted-ca-file=/var/lib/minikube/certs/etcd/ca.crt" - ], - "image": "k8s.gcr.io/etcd:3.3.10", - "imagePullPolicy": "IfNotPresent", - "livenessProbe": { - "exec": { - "command": [ - "/bin/sh", - "-ec", - "ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 --cacert=/var/lib/minikube/certs//etcd/ca.crt --cert=/var/lib/minikube/certs//etcd/healthcheck-client.crt --key=/var/lib/minikube/certs//etcd/healthcheck-client.key get foo" - ] - }, - "failureThreshold": 8, - "initialDelaySeconds": 15, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 15 - }, - "name": "etcd", - "resources": {}, - "terminationMessagePath": "/dev/termination-log", - "terminationMessagePolicy": "File", - "volumeMounts": [ - { - "mountPath": "/data/minikube", - "name": "etcd-data" - }, - { - "mountPath": "/var/lib/minikube/certs//etcd", - "name": "etcd-certs" - } - ] - } - ], - "dnsPolicy": "ClusterFirst", - "enableServiceLinks": true, - "hostNetwork": true, - "nodeName": "minikube", - "priority": 2000000000, - "priorityClassName": "system-cluster-critical", - "restartPolicy": "Always", - "schedulerName": "default-scheduler", - "securityContext": {}, - "terminationGracePeriodSeconds": 30, - "tolerations": [ - { - "effect": "NoExecute", - "operator": "Exists" - } - ], - "volumes": [ - { - "hostPath": { - "path": "/var/lib/minikube/certs//etcd", - "type": "DirectoryOrCreate" - }, - "name": "etcd-certs" - }, - { - "hostPath": { - "path": "/data/minikube", - "type": "DirectoryOrCreate" - }, - "name": "etcd-data" - } - ] - }, - "status": { - "conditions": [ - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:11:58Z", - "status": "True", - "type": "Initialized" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:01Z", - "status": "True", - "type": "Ready" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:01Z", - "status": "True", - "type": "ContainersReady" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:11:58Z", - "status": "True", - "type": "PodScheduled" - } - ], - "containerStatuses": [ - { - "containerID": "docker://1ac15d2e60fa674f5395701798dd78730ec95d4e91c849907bd4c6482f6cfec9", - "image": "k8s.gcr.io/etcd:3.3.10", - "imageID": "docker-pullable://k8s.gcr.io/etcd@sha256:17da501f5d2a675be46040422a27b7cc21b8a43895ac998b171db1c346f361f7", - "lastState": { - "terminated": { - "containerID": "docker://6103b7f8f27245b801e7a61afdb78f548a98f8c33d46701333c92857010355aa", - "exitCode": 0, - "finishedAt": "2021-04-21T08:11:18Z", - "reason": "Completed", - "startedAt": "2021-04-21T06:43:56Z" - } - }, - "name": "etcd", - "ready": true, - "restartCount": 64, - "state": { - "running": { - "startedAt": "2021-04-21T08:12:00Z" - } - } - } - ], - "hostIP": "10.0.2.15", - "phase": "Running", - "podIP": "10.0.2.15", - "qosClass": "BestEffort", - "startTime": "2021-04-21T08:11:58Z" - } - }, - { - "apiVersion": "v1", - "kind": "Pod", - "metadata": { - "creationTimestamp": "2020-07-23T06:49:45Z", - "labels": { - "component": "kube-addon-manager", - "kubernetes.io/minikube-addons": "addon-manager", - "version": "v9.0" - }, - "name": "kube-addon-manager-minikube", - "namespace": "kube-system", - "resourceVersion": "6776138", - "selfLink": "/api/v1/namespaces/kube-system/pods/kube-addon-manager-minikube", - "uid": "73d0e5b3-4dfe-48ff-9ebd-2a1510896130" - }, - "spec": { - "containers": [ - { - "env": [ - { - "name": "KUBECONFIG", - "value": "/var/lib/minikube/kubeconfig" - } - ], - "image": "k8s.gcr.io/kube-addon-manager:v9.0", - "imagePullPolicy": "IfNotPresent", - "name": "kube-addon-manager", - "resources": { - "requests": { - "cpu": "5m", - "memory": "50Mi" - } - }, - "terminationMessagePath": "/dev/termination-log", - "terminationMessagePolicy": "File", - "volumeMounts": [ - { - "mountPath": "/etc/kubernetes/", - "name": "addons", - "readOnly": true - }, - { - "mountPath": "/var/lib/minikube/", - "name": "kubeconfig", - "readOnly": true - } - ] - } - ], - "dnsPolicy": "ClusterFirst", - "enableServiceLinks": true, - "hostNetwork": true, - "nodeName": "minikube", - "priority": 0, - "restartPolicy": "Always", - "schedulerName": "default-scheduler", - "securityContext": {}, - "terminationGracePeriodSeconds": 30, - "tolerations": [ - { - "effect": "NoExecute", - "operator": "Exists" - } - ], - "volumes": [ - { - "hostPath": { - "path": "/etc/kubernetes/", - "type": "" - }, - "name": "addons" - }, - { - "hostPath": { - "path": "/var/lib/minikube/", - "type": "" - }, - "name": "kubeconfig" - } - ] - }, - "status": { - "conditions": [ - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:11:58Z", - "status": "True", - "type": "Initialized" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:01Z", - "status": "True", - "type": "Ready" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:01Z", - "status": "True", - "type": "ContainersReady" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:11:58Z", - "status": "True", - "type": "PodScheduled" - } - ], - "containerStatuses": [ - { - "containerID": "docker://89a166c6ebb9d58bbf6c26497c4bc7cde22f2da8c3fbf2ce2370699f78cb367f", - "image": "k8s.gcr.io/kube-addon-manager:v9.0", - "imageID": "docker-pullable://k8s.gcr.io/kube-addon-manager@sha256:672794ee3582521eb8bc4f257d0f70c92893f1989f39a200f9c84bcfe1aea7c9", - "lastState": { - "terminated": { - "containerID": "docker://d520fe96ad1956ac0bdad37b1f614c932ec57e0dc55a4c7a3c2484a3d3d2ea2f", - "exitCode": 137, - "finishedAt": "2021-04-21T08:11:27Z", - "reason": "Error", - "startedAt": "2021-04-21T06:43:56Z" - } - }, - "name": "kube-addon-manager", - "ready": true, - "restartCount": 63, - "state": { - "running": { - "startedAt": "2021-04-21T08:12:00Z" - } - } - } - ], - "hostIP": "10.0.2.15", - "phase": "Running", - "podIP": "10.0.2.15", - "qosClass": "Burstable", - "startTime": "2021-04-21T08:11:58Z" - } - }, - { - "apiVersion": "v1", - "kind": "Pod", - "metadata": { - "annotations": { - "kubernetes.io/config.hash": "ced911db87a00e7b4e0cb9c620003f19", - "kubernetes.io/config.mirror": "ced911db87a00e7b4e0cb9c620003f19", - "kubernetes.io/config.seen": "2020-07-23T09:22:31.141864724+03:00", - "kubernetes.io/config.source": "file" - }, - "creationTimestamp": "2021-04-06T10:56:03Z", - "labels": { - "component": "kube-apiserver", - "cyberarmor.inject": "add", - "injectCyberArmor": "add", - "tier": "control-plane" - }, - "name": "kube-apiserver-minikube", - "namespace": "kube-system", - "resourceVersion": "6776162", - "selfLink": "/api/v1/namespaces/kube-system/pods/kube-apiserver-minikube", - "uid": "41bb3ea6-cb73-493a-81c8-f5075e3670e0" - }, - "spec": { - "containers": [ - { - "command": [ - "kube-apiserver", - "--advertise-address=10.0.2.15", - "--allow-privileged=true", - "--authorization-mode=Node,RBAC", - "--client-ca-file=/var/lib/minikube/certs/ca.crt", - "--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota", - "--enable-bootstrap-token-auth=true", - "--etcd-cafile=/var/lib/minikube/certs/etcd/ca.crt", - "--etcd-certfile=/var/lib/minikube/certs/apiserver-etcd-client.crt", - "--etcd-keyfile=/var/lib/minikube/certs/apiserver-etcd-client.key", - "--etcd-servers=https://127.0.0.1:2379", - "--insecure-port=0", - "--kubelet-client-certificate=/var/lib/minikube/certs/apiserver-kubelet-client.crt", - "--kubelet-client-key=/var/lib/minikube/certs/apiserver-kubelet-client.key", - "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname", - "--proxy-client-cert-file=/var/lib/minikube/certs/front-proxy-client.crt", - "--proxy-client-key-file=/var/lib/minikube/certs/front-proxy-client.key", - "--requestheader-allowed-names=front-proxy-client", - "--requestheader-client-ca-file=/var/lib/minikube/certs/front-proxy-ca.crt", - "--requestheader-extra-headers-prefix=X-Remote-Extra-", - "--requestheader-group-headers=X-Remote-Group", - "--requestheader-username-headers=X-Remote-User", - "--secure-port=8443", - "--service-account-key-file=/var/lib/minikube/certs/sa.pub", - "--service-cluster-ip-range=10.96.0.0/12", - "--tls-cert-file=/var/lib/minikube/certs/apiserver.crt", - "--tls-private-key-file=/var/lib/minikube/certs/apiserver.key" - ], - "image": "k8s.gcr.io/kube-apiserver:v1.15.2", - "imagePullPolicy": "IfNotPresent", - "livenessProbe": { - "failureThreshold": 8, - "httpGet": { - "host": "10.0.2.15", - "path": "/healthz", - "port": 8443, - "scheme": "HTTPS" - }, - "initialDelaySeconds": 15, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 15 - }, - "name": "kube-apiserver", - "resources": { - "requests": { - "cpu": "250m" - } - }, - "terminationMessagePath": "/dev/termination-log", - "terminationMessagePolicy": "File", - "volumeMounts": [ - { - "mountPath": "/etc/ssl/certs", - "name": "ca-certs", - "readOnly": true - }, - { - "mountPath": "/etc/ca-certificates", - "name": "etc-ca-certificates", - "readOnly": true - }, - { - "mountPath": "/etc/pki", - "name": "etc-pki", - "readOnly": true - }, - { - "mountPath": "/var/lib/minikube/certs/", - "name": "k8s-certs", - "readOnly": true - }, - { - "mountPath": "/usr/local/share/ca-certificates", - "name": "usr-local-share-ca-certificates", - "readOnly": true - }, - { - "mountPath": "/usr/share/ca-certificates", - "name": "usr-share-ca-certificates", - "readOnly": true - } - ] - } - ], - "dnsPolicy": "ClusterFirst", - "enableServiceLinks": true, - "hostNetwork": true, - "nodeName": "minikube", - "priority": 2000000000, - "priorityClassName": "system-cluster-critical", - "restartPolicy": "Always", - "schedulerName": "default-scheduler", - "securityContext": {}, - "terminationGracePeriodSeconds": 30, - "tolerations": [ - { - "effect": "NoExecute", - "operator": "Exists" - } - ], - "volumes": [ - { - "hostPath": { - "path": "/etc/ssl/certs", - "type": "DirectoryOrCreate" - }, - "name": "ca-certs" - }, - { - "hostPath": { - "path": "/etc/ca-certificates", - "type": "DirectoryOrCreate" - }, - "name": "etc-ca-certificates" - }, - { - "hostPath": { - "path": "/etc/pki", - "type": "DirectoryOrCreate" - }, - "name": "etc-pki" - }, - { - "hostPath": { - "path": "/var/lib/minikube/certs/", - "type": "DirectoryOrCreate" - }, - "name": "k8s-certs" - }, - { - "hostPath": { - "path": "/usr/local/share/ca-certificates", - "type": "DirectoryOrCreate" - }, - "name": "usr-local-share-ca-certificates" - }, - { - "hostPath": { - "path": "/usr/share/ca-certificates", - "type": "DirectoryOrCreate" - }, - "name": "usr-share-ca-certificates" - } - ] - }, - "status": { - "conditions": [ - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:11:58Z", - "status": "True", - "type": "Initialized" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:01Z", - "status": "True", - "type": "Ready" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:01Z", - "status": "True", - "type": "ContainersReady" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:11:58Z", - "status": "True", - "type": "PodScheduled" - } - ], - "containerStatuses": [ - { - "containerID": "docker://6b8e96abe51bcda9a71b21291670dd8b6e6d8e564b0acef38356c2947afd7106", - "image": "k8s.gcr.io/kube-apiserver:v1.15.2", - "imageID": "docker-pullable://k8s.gcr.io/kube-apiserver@sha256:5fae387bacf1def6c3915b4a3035cf8c8a4d06158b2e676721776d3d4afc05a2", - "lastState": { - "terminated": { - "containerID": "docker://5118904be7098415ae0a3441b08390b059c06129a9310ff7f3427358e7d91fd6", - "exitCode": 0, - "finishedAt": "2021-04-21T08:11:17Z", - "reason": "Completed", - "startedAt": "2021-04-21T07:05:10Z" - } - }, - "name": "kube-apiserver", - "ready": true, - "restartCount": 74, - "state": { - "running": { - "startedAt": "2021-04-21T08:12:00Z" - } - } - } - ], - "hostIP": "10.0.2.15", - "phase": "Running", - "podIP": "10.0.2.15", - "qosClass": "Burstable", - "startTime": "2021-04-21T08:11:58Z" - } - }, - { - "apiVersion": "v1", - "kind": "Pod", - "metadata": { - "annotations": { - "kubernetes.io/config.hash": "05f404ddde6cbb3d8fd2bf0bfa77e509", - "kubernetes.io/config.mirror": "05f404ddde6cbb3d8fd2bf0bfa77e509", - "kubernetes.io/config.seen": "2020-07-23T09:22:31.141870113+03:00", - "kubernetes.io/config.source": "file" - }, - "creationTimestamp": "2020-07-23T06:49:50Z", - "labels": { - "component": "kube-controller-manager", - "tier": "control-plane" - }, - "name": "kube-controller-manager-minikube", - "namespace": "kube-system", - "resourceVersion": "6776125", - "selfLink": "/api/v1/namespaces/kube-system/pods/kube-controller-manager-minikube", - "uid": "01587a51-1fb0-4fe1-a9e5-cd1332b3138d" - }, - "spec": { - "containers": [ - { - "command": [ - "kube-controller-manager", - "--authentication-kubeconfig=/etc/kubernetes/controller-manager.conf", - "--authorization-kubeconfig=/etc/kubernetes/controller-manager.conf", - "--bind-address=127.0.0.1", - "--client-ca-file=/var/lib/minikube/certs/ca.crt", - "--cluster-signing-cert-file=/var/lib/minikube/certs/ca.crt", - "--cluster-signing-key-file=/var/lib/minikube/certs/ca.key", - "--controllers=*,bootstrapsigner,tokencleaner", - "--kubeconfig=/etc/kubernetes/controller-manager.conf", - "--leader-elect=true", - "--requestheader-client-ca-file=/var/lib/minikube/certs/front-proxy-ca.crt", - "--root-ca-file=/var/lib/minikube/certs/ca.crt", - "--service-account-private-key-file=/var/lib/minikube/certs/sa.key", - "--use-service-account-credentials=true" - ], - "image": "k8s.gcr.io/kube-controller-manager:v1.15.2", - "imagePullPolicy": "IfNotPresent", - "livenessProbe": { - "failureThreshold": 8, - "httpGet": { - "host": "127.0.0.1", - "path": "/healthz", - "port": 10252, - "scheme": "HTTP" - }, - "initialDelaySeconds": 15, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 15 - }, - "name": "kube-controller-manager", - "resources": { - "requests": { - "cpu": "200m" - } - }, - "terminationMessagePath": "/dev/termination-log", - "terminationMessagePolicy": "File", - "volumeMounts": [ - { - "mountPath": "/etc/ssl/certs", - "name": "ca-certs", - "readOnly": true - }, - { - "mountPath": "/etc/ca-certificates", - "name": "etc-ca-certificates", - "readOnly": true - }, - { - "mountPath": "/etc/pki", - "name": "etc-pki", - "readOnly": true - }, - { - "mountPath": "/usr/libexec/kubernetes/kubelet-plugins/volume/exec", - "name": "flexvolume-dir" - }, - { - "mountPath": "/var/lib/minikube/certs/", - "name": "k8s-certs", - "readOnly": true - }, - { - "mountPath": "/etc/kubernetes/controller-manager.conf", - "name": "kubeconfig", - "readOnly": true - }, - { - "mountPath": "/usr/local/share/ca-certificates", - "name": "usr-local-share-ca-certificates", - "readOnly": true - }, - { - "mountPath": "/usr/share/ca-certificates", - "name": "usr-share-ca-certificates", - "readOnly": true - } - ] - } - ], - "dnsPolicy": "ClusterFirst", - "enableServiceLinks": true, - "hostNetwork": true, - "nodeName": "minikube", - "priority": 2000000000, - "priorityClassName": "system-cluster-critical", - "restartPolicy": "Always", - "schedulerName": "default-scheduler", - "securityContext": {}, - "terminationGracePeriodSeconds": 30, - "tolerations": [ - { - "effect": "NoExecute", - "operator": "Exists" - } - ], - "volumes": [ - { - "hostPath": { - "path": "/etc/ssl/certs", - "type": "DirectoryOrCreate" - }, - "name": "ca-certs" - }, - { - "hostPath": { - "path": "/etc/ca-certificates", - "type": "DirectoryOrCreate" - }, - "name": "etc-ca-certificates" - }, - { - "hostPath": { - "path": "/etc/pki", - "type": "DirectoryOrCreate" - }, - "name": "etc-pki" - }, - { - "hostPath": { - "path": "/usr/libexec/kubernetes/kubelet-plugins/volume/exec", - "type": "DirectoryOrCreate" - }, - "name": "flexvolume-dir" - }, - { - "hostPath": { - "path": "/var/lib/minikube/certs/", - "type": "DirectoryOrCreate" - }, - "name": "k8s-certs" - }, - { - "hostPath": { - "path": "/etc/kubernetes/controller-manager.conf", - "type": "FileOrCreate" - }, - "name": "kubeconfig" - }, - { - "hostPath": { - "path": "/usr/local/share/ca-certificates", - "type": "DirectoryOrCreate" - }, - "name": "usr-local-share-ca-certificates" - }, - { - "hostPath": { - "path": "/usr/share/ca-certificates", - "type": "DirectoryOrCreate" - }, - "name": "usr-share-ca-certificates" - } - ] - }, - "status": { - "conditions": [ - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:11:58Z", - "status": "True", - "type": "Initialized" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:01Z", - "status": "True", - "type": "Ready" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:01Z", - "status": "True", - "type": "ContainersReady" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:11:58Z", - "status": "True", - "type": "PodScheduled" - } - ], - "containerStatuses": [ - { - "containerID": "docker://e214d647667783e111dc70ff5c0d83327474c8c5ce3526661cf8ad03bcf2fb76", - "image": "k8s.gcr.io/kube-controller-manager:v1.15.2", - "imageID": "docker-pullable://k8s.gcr.io/kube-controller-manager@sha256:7d3fc48cf83aa0a7b8f129fa4255bb5530908e1a5b194be269ea8329b48e9598", - "lastState": { - "terminated": { - "containerID": "docker://5f6f6bea6b2bb4041784d3c01f973928c421d511ae5a09a0d794d224170b9405", - "exitCode": 2, - "finishedAt": "2021-04-21T08:11:17Z", - "reason": "Error", - "startedAt": "2021-04-21T07:25:56Z" - } - }, - "name": "kube-controller-manager", - "ready": true, - "restartCount": 84, - "state": { - "running": { - "startedAt": "2021-04-21T08:12:00Z" - } - } - } - ], - "hostIP": "10.0.2.15", - "phase": "Running", - "podIP": "10.0.2.15", - "qosClass": "Burstable", - "startTime": "2021-04-21T08:11:58Z" - } - }, - { - "apiVersion": "v1", - "kind": "Pod", - "metadata": { - "creationTimestamp": "2021-04-06T10:56:07Z", - "generateName": "kube-proxy-", - "labels": { - "controller-revision-hash": "7ccdf4749c", - "k8s-app": "kube-proxy", - "pod-template-generation": "3" - }, - "name": "kube-proxy-6p8h4", - "namespace": "kube-system", - "ownerReferences": [ - { - "apiVersion": "apps/v1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "DaemonSet", - "name": "kube-proxy", - "uid": "85df40d3-2970-490e-8cfb-2559f09a5fe5" - } - ], - "resourceVersion": "6776181", - "selfLink": "/api/v1/namespaces/kube-system/pods/kube-proxy-6p8h4", - "uid": "f7d6c813-525d-4fdd-a340-127c74de5c83" - }, - "spec": { - "affinity": { - "nodeAffinity": { - "requiredDuringSchedulingIgnoredDuringExecution": { - "nodeSelectorTerms": [ - { - "matchFields": [ - { - "key": "metadata.name", - "operator": "In", - "values": [ - "minikube" - ] - } - ] - } - ] - } - } - }, - "containers": [ - { - "command": [ - "/usr/local/bin/kube-proxy", - "--config=/var/lib/kube-proxy/config.conf", - "--hostname-override=$(NODE_NAME)" - ], - "env": [ - { - "name": "NODE_NAME", - "valueFrom": { - "fieldRef": { - "apiVersion": "v1", - "fieldPath": "spec.nodeName" - } - } - } - ], - "image": "k8s.gcr.io/kube-proxy:v1.15.2", - "imagePullPolicy": "IfNotPresent", - "name": "kube-proxy", - "resources": {}, - "securityContext": { - "privileged": true - }, - "terminationMessagePath": "/dev/termination-log", - "terminationMessagePolicy": "File", - "volumeMounts": [ - { - "mountPath": "/var/lib/kube-proxy", - "name": "kube-proxy" - }, - { - "mountPath": "/run/xtables.lock", - "name": "xtables-lock" - }, - { - "mountPath": "/lib/modules", - "name": "lib-modules", - "readOnly": true - }, - { - "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount", - "name": "kube-proxy-token-874bk", - "readOnly": true - } - ] - } - ], - "dnsPolicy": "ClusterFirst", - "enableServiceLinks": true, - "hostNetwork": true, - "nodeName": "minikube", - "nodeSelector": { - "beta.kubernetes.io/os": "linux" - }, - "priority": 2000001000, - "priorityClassName": "system-node-critical", - "restartPolicy": "Always", - "schedulerName": "default-scheduler", - "securityContext": {}, - "serviceAccount": "kube-proxy", - "serviceAccountName": "kube-proxy", - "terminationGracePeriodSeconds": 30, - "tolerations": [ - { - "key": "CriticalAddonsOnly", - "operator": "Exists" - }, - { - "operator": "Exists" - }, - { - "effect": "NoExecute", - "key": "node.kubernetes.io/not-ready", - "operator": "Exists" - }, - { - "effect": "NoExecute", - "key": "node.kubernetes.io/unreachable", - "operator": "Exists" - }, - { - "effect": "NoSchedule", - "key": "node.kubernetes.io/disk-pressure", - "operator": "Exists" - }, - { - "effect": "NoSchedule", - "key": "node.kubernetes.io/memory-pressure", - "operator": "Exists" - }, - { - "effect": "NoSchedule", - "key": "node.kubernetes.io/pid-pressure", - "operator": "Exists" - }, - { - "effect": "NoSchedule", - "key": "node.kubernetes.io/unschedulable", - "operator": "Exists" - }, - { - "effect": "NoSchedule", - "key": "node.kubernetes.io/network-unavailable", - "operator": "Exists" - } - ], - "volumes": [ - { - "configMap": { - "defaultMode": 420, - "name": "kube-proxy" - }, - "name": "kube-proxy" - }, - { - "hostPath": { - "path": "/run/xtables.lock", - "type": "FileOrCreate" - }, - "name": "xtables-lock" - }, - { - "hostPath": { - "path": "/lib/modules", - "type": "" - }, - "name": "lib-modules" - }, - { - "name": "kube-proxy-token-874bk", - "secret": { - "defaultMode": 420, - "secretName": "kube-proxy-token-874bk" - } - } - ] - }, - "status": { - "conditions": [ - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-06T10:56:07Z", - "status": "True", - "type": "Initialized" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:12Z", - "status": "True", - "type": "Ready" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:12Z", - "status": "True", - "type": "ContainersReady" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-06T10:56:07Z", - "status": "True", - "type": "PodScheduled" - } - ], - "containerStatuses": [ - { - "containerID": "docker://842c5b82f53dc777468f64834061a13173fcbfe68a06839cff58f5a29a7ca349", - "image": "k8s.gcr.io/kube-proxy:v1.15.2", - "imageID": "docker-pullable://k8s.gcr.io/kube-proxy@sha256:626f983f25f8b7799ca7ab001fd0985a72c2643c0acb877d2888c0aa4fcbdf56", - "lastState": { - "terminated": { - "containerID": "docker://b4a6059146f53c35c48f411e8203dd0f55680be8700171f67d9e35590d3252c8", - "exitCode": 2, - "finishedAt": "2021-04-21T08:11:17Z", - "reason": "Error", - "startedAt": "2021-04-21T06:44:16Z" - } - }, - "name": "kube-proxy", - "ready": true, - "restartCount": 5, - "state": { - "running": { - "startedAt": "2021-04-21T08:12:11Z" - } - } - } - ], - "hostIP": "10.0.2.15", - "phase": "Running", - "podIP": "10.0.2.15", - "qosClass": "BestEffort", - "startTime": "2021-04-06T10:56:07Z" - } - }, - { - "apiVersion": "v1", - "kind": "Pod", - "metadata": { - "annotations": { - "kubernetes.io/config.hash": "abfcb4f52e957b11256c1f6841d49700", - "kubernetes.io/config.mirror": "abfcb4f52e957b11256c1f6841d49700", - "kubernetes.io/config.seen": "2020-07-23T09:22:31.141872438+03:00", - "kubernetes.io/config.source": "file" - }, - "creationTimestamp": "2020-07-23T06:50:03Z", - "labels": { - "component": "kube-scheduler", - "tier": "control-plane" - }, - "name": "kube-scheduler-minikube", - "namespace": "kube-system", - "resourceVersion": "6776144", - "selfLink": "/api/v1/namespaces/kube-system/pods/kube-scheduler-minikube", - "uid": "a7efef08-ac8b-4871-821c-d760ae910dc7" - }, - "spec": { - "containers": [ - { - "command": [ - "kube-scheduler", - "--bind-address=127.0.0.1", - "--kubeconfig=/etc/kubernetes/scheduler.conf", - "--leader-elect=true" - ], - "image": "k8s.gcr.io/kube-scheduler:v1.15.2", - "imagePullPolicy": "IfNotPresent", - "livenessProbe": { - "failureThreshold": 8, - "httpGet": { - "host": "127.0.0.1", - "path": "/healthz", - "port": 10251, - "scheme": "HTTP" - }, - "initialDelaySeconds": 15, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 15 - }, - "name": "kube-scheduler", - "resources": { - "requests": { - "cpu": "100m" - } - }, - "terminationMessagePath": "/dev/termination-log", - "terminationMessagePolicy": "File", - "volumeMounts": [ - { - "mountPath": "/etc/kubernetes/scheduler.conf", - "name": "kubeconfig", - "readOnly": true - } - ] - } - ], - "dnsPolicy": "ClusterFirst", - "enableServiceLinks": true, - "hostNetwork": true, - "nodeName": "minikube", - "priority": 2000000000, - "priorityClassName": "system-cluster-critical", - "restartPolicy": "Always", - "schedulerName": "default-scheduler", - "securityContext": {}, - "terminationGracePeriodSeconds": 30, - "tolerations": [ - { - "effect": "NoExecute", - "operator": "Exists" - } - ], - "volumes": [ - { - "hostPath": { - "path": "/etc/kubernetes/scheduler.conf", - "type": "FileOrCreate" - }, - "name": "kubeconfig" - } - ] - }, - "status": { - "conditions": [ - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:11:59Z", - "status": "True", - "type": "Initialized" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:01Z", - "status": "True", - "type": "Ready" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:01Z", - "status": "True", - "type": "ContainersReady" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:11:59Z", - "status": "True", - "type": "PodScheduled" - } - ], - "containerStatuses": [ - { - "containerID": "docker://533a3bb256738e9a6cb32efd6a77b726126937f7debc8cbda149dfa17bbbaeaf", - "image": "k8s.gcr.io/kube-scheduler:v1.15.2", - "imageID": "docker-pullable://k8s.gcr.io/kube-scheduler@sha256:8fd3c3251f07234a234469e201900e4274726f1fe0d5dc6fb7da911f1c851a1a", - "lastState": { - "terminated": { - "containerID": "docker://5a595b656ee2b84e1260b03dd95d6daef49d4a29e65a8a9e848727dab3a8b7e5", - "exitCode": 2, - "finishedAt": "2021-04-21T08:11:17Z", - "reason": "Error", - "startedAt": "2021-04-21T07:25:48Z" - } - }, - "name": "kube-scheduler", - "ready": true, - "restartCount": 84, - "state": { - "running": { - "startedAt": "2021-04-21T08:12:00Z" - } - } - } - ], - "hostIP": "10.0.2.15", - "phase": "Running", - "podIP": "10.0.2.15", - "qosClass": "Burstable", - "startTime": "2021-04-21T08:11:59Z" - } - }, - { - "apiVersion": "v1", - "kind": "Pod", - "metadata": { - "creationTimestamp": "2021-04-06T10:55:57Z", - "generateName": "kubernetes-dashboard-679fb79dd5-", - "labels": { - "addonmanager.kubernetes.io/mode": "Reconcile", - "app": "kubernetes-dashboard", - "pod-template-hash": "679fb79dd5", - "version": "v1.8.1" - }, - "name": "kubernetes-dashboard-679fb79dd5-8gbz9", - "namespace": "kube-system", - "ownerReferences": [ - { - "apiVersion": "apps/v1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ReplicaSet", - "name": "kubernetes-dashboard-679fb79dd5", - "uid": "acb36534-dc63-45a0-8ffe-8124b10c99aa" - } - ], - "resourceVersion": "6776193", - "selfLink": "/api/v1/namespaces/kube-system/pods/kubernetes-dashboard-679fb79dd5-8gbz9", - "uid": "39ec8419-37f2-4b43-a3e3-33bad14d0524" - }, - "spec": { - "containers": [ - { - "image": "k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.1", - "imagePullPolicy": "IfNotPresent", - "livenessProbe": { - "failureThreshold": 3, - "httpGet": { - "path": "/", - "port": 9090, - "scheme": "HTTP" - }, - "initialDelaySeconds": 30, - "periodSeconds": 10, - "successThreshold": 1, - "timeoutSeconds": 30 - }, - "name": "kubernetes-dashboard", - "ports": [ - { - "containerPort": 9090, - "protocol": "TCP" - } - ], - "resources": {}, - "terminationMessagePath": "/dev/termination-log", - "terminationMessagePolicy": "File", - "volumeMounts": [ - { - "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount", - "name": "default-token-rptf5", - "readOnly": true - } - ] - } - ], - "dnsPolicy": "ClusterFirst", - "enableServiceLinks": true, - "nodeName": "minikube", - "priority": 0, - "restartPolicy": "Always", - "schedulerName": "default-scheduler", - "securityContext": {}, - "serviceAccount": "default", - "serviceAccountName": "default", - "terminationGracePeriodSeconds": 30, - "tolerations": [ - { - "effect": "NoExecute", - "key": "node.kubernetes.io/not-ready", - "operator": "Exists", - "tolerationSeconds": 300 - }, - { - "effect": "NoExecute", - "key": "node.kubernetes.io/unreachable", - "operator": "Exists", - "tolerationSeconds": 300 - } - ], - "volumes": [ - { - "name": "default-token-rptf5", - "secret": { - "defaultMode": 420, - "secretName": "default-token-rptf5" - } - } - ] - }, - "status": { - "conditions": [ - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-06T10:55:57Z", - "status": "True", - "type": "Initialized" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:14Z", - "status": "True", - "type": "Ready" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:14Z", - "status": "True", - "type": "ContainersReady" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-06T10:55:57Z", - "status": "True", - "type": "PodScheduled" - } - ], - "containerStatuses": [ - { - "containerID": "docker://2efb0756b6d1c56d2ebb0aaa968fd131f8ecbc13018f4c97e4539d9241cea8eb", - "image": "k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.1", - "imageID": "docker-pullable://k8s.gcr.io/kubernetes-dashboard-amd64@sha256:3861695e962972965a4c611bcabc2032f885d8cbdb0bccc9bf513ef16335fe33", - "lastState": { - "terminated": { - "containerID": "docker://5720642be28f36e18048f2dc9b7a4174c69191cbad388aa2d7b5e0916fd67b28", - "exitCode": 2, - "finishedAt": "2021-04-21T08:11:17Z", - "reason": "Error", - "startedAt": "2021-04-21T07:25:48Z" - } - }, - "name": "kubernetes-dashboard", - "ready": true, - "restartCount": 15, - "state": { - "running": { - "startedAt": "2021-04-21T08:12:13Z" - } - } - } - ], - "hostIP": "10.0.2.15", - "phase": "Running", - "podIP": "172.17.0.2", - "qosClass": "BestEffort", - "startTime": "2021-04-06T10:55:57Z" - } - }, - { - "apiVersion": "v1", - "kind": "Pod", - "metadata": { - "annotations": { - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"kind\":\"Pod\",\"metadata\":{\"annotations\":{},\"labels\":{\"addonmanager.kubernetes.io/mode\":\"Reconcile\",\"integration-test\":\"storage-provisioner\"},\"name\":\"storage-provisioner\",\"namespace\":\"kube-system\"},\"spec\":{\"containers\":[{\"command\":[\"/storage-provisioner\"],\"image\":\"gcr.io/k8s-minikube/storage-provisioner:v1.8.1\",\"imagePullPolicy\":\"IfNotPresent\",\"name\":\"storage-provisioner\",\"volumeMounts\":[{\"mountPath\":\"/tmp\",\"name\":\"tmp\"}]}],\"hostNetwork\":true,\"serviceAccountName\":\"storage-provisioner\",\"volumes\":[{\"hostPath\":{\"path\":\"/tmp\",\"type\":\"Directory\"},\"name\":\"tmp\"}]}}\n" - }, - "creationTimestamp": "2020-07-23T06:50:07Z", - "labels": { - "addonmanager.kubernetes.io/mode": "Reconcile", - "integration-test": "storage-provisioner" - }, - "name": "storage-provisioner", - "namespace": "kube-system", - "resourceVersion": "6776184", - "selfLink": "/api/v1/namespaces/kube-system/pods/storage-provisioner", - "uid": "9dccc712-4040-4436-868e-cb5a1575f136" - }, - "spec": { - "containers": [ - { - "command": [ - "/storage-provisioner" - ], - "image": "gcr.io/k8s-minikube/storage-provisioner:v1.8.1", - "imagePullPolicy": "IfNotPresent", - "name": "storage-provisioner", - "resources": {}, - "terminationMessagePath": "/dev/termination-log", - "terminationMessagePolicy": "File", - "volumeMounts": [ - { - "mountPath": "/tmp", - "name": "tmp" - }, - { - "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount", - "name": "storage-provisioner-token-srzhq", - "readOnly": true - } - ] - } - ], - "dnsPolicy": "ClusterFirst", - "enableServiceLinks": true, - "hostNetwork": true, - "nodeName": "minikube", - "priority": 0, - "restartPolicy": "Always", - "schedulerName": "default-scheduler", - "securityContext": {}, - "serviceAccount": "storage-provisioner", - "serviceAccountName": "storage-provisioner", - "terminationGracePeriodSeconds": 30, - "tolerations": [ - { - "effect": "NoExecute", - "key": "node.kubernetes.io/not-ready", - "operator": "Exists", - "tolerationSeconds": 300 - }, - { - "effect": "NoExecute", - "key": "node.kubernetes.io/unreachable", - "operator": "Exists", - "tolerationSeconds": 300 - } - ], - "volumes": [ - { - "hostPath": { - "path": "/tmp", - "type": "Directory" - }, - "name": "tmp" - }, - { - "name": "storage-provisioner-token-srzhq", - "secret": { - "defaultMode": 420, - "secretName": "storage-provisioner-token-srzhq" - } - } - ] - }, - "status": { - "conditions": [ - { - "lastProbeTime": null, - "lastTransitionTime": "2020-07-23T06:50:07Z", - "status": "True", - "type": "Initialized" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:13Z", - "status": "True", - "type": "Ready" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2021-04-21T08:12:13Z", - "status": "True", - "type": "ContainersReady" - }, - { - "lastProbeTime": null, - "lastTransitionTime": "2020-07-23T06:50:07Z", - "status": "True", - "type": "PodScheduled" - } - ], - "containerStatuses": [ - { - "containerID": "docker://36c5c504d7351db670f96ff0ad200072706f5db80317163fc360851c9c548944", - "image": "gcr.io/k8s-minikube/storage-provisioner:v1.8.1", - "imageID": "docker://sha256:4689081edb103a9e8174bf23a255bfbe0b2d9ed82edc907abab6989d1c60f02c", - "lastState": { - "terminated": { - "containerID": "docker://8c489dfc8785a84d3c936c5b810bdcec373b3dd9dcd99143294ddf72241b0ea2", - "exitCode": 2, - "finishedAt": "2021-04-21T08:11:17Z", - "reason": "Error", - "startedAt": "2021-04-21T06:44:16Z" - } - }, - "name": "storage-provisioner", - "ready": true, - "restartCount": 81, - "state": { - "running": { - "startedAt": "2021-04-21T08:12:12Z" - } - } - } - ], - "hostIP": "10.0.2.15", - "phase": "Running", - "podIP": "10.0.2.15", - "qosClass": "BestEffort", - "startTime": "2020-07-23T06:50:07Z" - } - } - ], - "kind": "PodList", - "metadata": { - "resourceVersion": "6777343", - "selfLink": "/api/v1/pods" - } - } - ` - unstructuredList := unstructured.UnstructuredList{} - if err := json.Unmarshal([]byte(podsList), &unstructuredList); err != nil { - glog.Error(err) - } - return &unstructuredList -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sinterface/resourcegroupmapping.go b/vendor/github.com/armosec/capacketsgo/k8sinterface/resourcegroupmapping.go deleted file mode 100644 index 5fc2e706..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sinterface/resourcegroupmapping.go +++ /dev/null @@ -1,132 +0,0 @@ -package k8sinterface - -import ( - "fmt" - "strings" - - "github.com/golang/glog" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -const ValueNotFound = -1 - -// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#-strong-api-groups-strong- -var ResourceGroupMapping = map[string]string{ - "services": "/v1", - "pods": "/v1", - "replicationcontrollers": "/v1", - "podtemplates": "/v1", - "namespaces": "/v1", - "nodes": "/v1", - "configmaps": "/v1", - "secrets": "/v1", - "serviceaccounts": "/v1", - "persistentvolumeclaims": "/v1", - "daemonsets": "apps/v1", - "deployments": "apps/v1", - "replicasets": "apps/v1", - "statefulsets": "apps/v1", - "controllerrevisions": "apps/v1", - "jobs": "batch/v1", - "cronjobs": "batch/v1beta1", - "horizontalpodautoscalers": "autoscaling/v1", - "ingresses": "extensions/v1beta1", - "networkpolicies": "networking.k8s.io/v1", - "clusterroles": "rbac.authorization.k8s.io/v1", - "clusterrolebindings": "rbac.authorization.k8s.io/v1", - "roles": "rbac.authorization.k8s.io/v1", - "rolebindings": "rbac.authorization.k8s.io/v1", - "mutatingwebhookconfigurations": "admissionregistration.k8s.io/v1", - "validatingwebhookconfigurations": "admissionregistration.k8s.io/v1", -} - -var GroupsClusterScope = []string{} -var ResourceClusterScope = []string{"nodes", "namespaces", "clusterroles", "clusterrolebindings"} - -func GetGroupVersionResource(resource string) (schema.GroupVersionResource, error) { - resource = strings.ToLower(resource) - if resource != "" && !strings.HasSuffix(resource, "s") { - resource = fmt.Sprintf("%ss", resource) // add 's' at the end of a resource - } - if r, ok := ResourceGroupMapping[resource]; ok { - gv := strings.Split(r, "/") - return schema.GroupVersionResource{Group: gv[0], Version: gv[1], Resource: resource}, nil - } - return schema.GroupVersionResource{}, fmt.Errorf("resource '%s' not found in resourceMap", resource) -} - -func IsNamespaceScope(apiGroup, resource string) bool { - return StringInSlice(GroupsClusterScope, apiGroup) == ValueNotFound && - StringInSlice(ResourceClusterScope, resource) == ValueNotFound -} - -func StringInSlice(strSlice []string, str string) int { - for i := range strSlice { - if strSlice[i] == str { - return i - } - } - return ValueNotFound -} - -func JoinResourceTriplets(group, version, resource string) string { - return fmt.Sprintf("%s/%s/%s", group, version, resource) -} -func GetResourceTriplets(group, version, resource string) []string { - resourceTriplets := []string{} - if resource == "" { - // load full map - for k, v := range ResourceGroupMapping { - g := strings.Split(v, "/") - resourceTriplets = append(resourceTriplets, JoinResourceTriplets(g[0], g[1], k)) - } - } else if version == "" { - // load by resource - if v, ok := ResourceGroupMapping[resource]; ok { - g := strings.Split(v, "/") - if group == "" { - group = g[0] - } - resourceTriplets = append(resourceTriplets, JoinResourceTriplets(group, g[1], resource)) - } else { - glog.Errorf("Resource '%s' unknown", resource) - } - } else if group == "" { - // load by resource and version - if v, ok := ResourceGroupMapping[resource]; ok { - g := strings.Split(v, "/") - resourceTriplets = append(resourceTriplets, JoinResourceTriplets(g[0], version, resource)) - } else { - glog.Errorf("Resource '%s' unknown", resource) - } - } else { - resourceTriplets = append(resourceTriplets, JoinResourceTriplets(group, version, resource)) - } - return resourceTriplets -} -func ResourceGroupToString(group, version, resource string) []string { - if group == "*" { - group = "" - } - if version == "*" { - version = "" - } - if resource == "*" { - resource = "" - } - resource = strings.ToLower(resource) - if resource != "" && !strings.HasSuffix(resource, "s") { - resource = fmt.Sprintf("%ss", resource) // add 's' at the end of a resource - } - return GetResourceTriplets(group, version, resource) -} - -func StringToResourceGroup(str string) (string, string, string) { - splitted := strings.Split(str, "/") - for i := range splitted { - if splitted[i] == "*" { - splitted[i] = "" - } - } - return splitted[0], splitted[1], splitted[2] -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sinterface/resourcegroupmapping_test.go b/vendor/github.com/armosec/capacketsgo/k8sinterface/resourcegroupmapping_test.go deleted file mode 100644 index bb96f69f..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sinterface/resourcegroupmapping_test.go +++ /dev/null @@ -1,22 +0,0 @@ -package k8sinterface - -import "testing" - -func TestResourceGroupToString(t *testing.T) { - allResources := ResourceGroupToString("*", "*", "*") - if len(allResources) != len(ResourceGroupMapping) { - t.Errorf("Expected len: %d, received: %d", len(ResourceGroupMapping), len(allResources)) - } - pod := ResourceGroupToString("*", "*", "Pod") - if len(pod) == 0 || pod[0] != "/v1/pods" { - t.Errorf("pod: %v", pod) - } - deployments := ResourceGroupToString("*", "*", "Deployment") - if len(deployments) == 0 || deployments[0] != "apps/v1/deployments" { - t.Errorf("deployments: %v", deployments) - } - cronjobs := ResourceGroupToString("*", "*", "cronjobs") - if len(cronjobs) == 0 || cronjobs[0] != "batch/v1beta1/cronjobs" { - t.Errorf("cronjobs: %v", cronjobs) - } -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sinterface/workload.go b/vendor/github.com/armosec/capacketsgo/k8sinterface/workload.go deleted file mode 100644 index a94aa8a9..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sinterface/workload.go +++ /dev/null @@ -1,147 +0,0 @@ -package k8sinterface - -import ( - "encoding/json" - "fmt" - - "github.com/armosec/capacketsgo/apis" - corev1 "k8s.io/api/core/v1" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" -) - -type IWorkload interface { - IBasicWorkload - - // GET - GetWlid() string - GetJobID() *apis.JobTracking - - // SET - SetWlid(string) - SetInject() - SetIgnore() - SetUpdateTime() - SetJobID(apis.JobTracking) - SetCompatible() - SetIncompatible() - - // EXIST - IsIgnore() bool - IsInject() bool - IsAttached() bool - IsCompatible() bool - IsIncompatible() bool - - // REMOVE - RemoveWlid() - RemoveInject() - RemoveIgnore() - RemoveUpdateTime() - RemoveJobID() - RemoveCompatible() - RemoveArmoMetadata() - RemoveArmoLabels() - RemoveArmoAnnotations() -} -type IBasicWorkload interface { - - // Set - SetKind(string) - SetWorkload(map[string]interface{}) - SetLabel(key, value string) - SetAnnotation(key, value string) - SetNamespace(string) - SetName(string) - - // Get - GetNamespace() string - GetName() string - GetGenerateName() string - GetKind() string - GetInnerAnnotation() (string, bool) - GetPodAnnotation() (string, bool) - GetAnnotation(string) (string, bool) - GetLabel(string) (string, bool) - GetAnnotations() map[string]string - GetInnerAnnotations() map[string]string - GetPodAnnotations() map[string]string - GetLabels() map[string]string - GetInnerLabels() map[string]string - GetPodLabels() map[string]string - GetJobLabels() map[string]string - GetVolumes() []corev1.Volume - GetContainers() []corev1.Container - GetInitContainers() []corev1.Container - GetOwnerReferences() ([]metav1.OwnerReference, error) - GetImagePullSecret() ([]corev1.LocalObjectReference, error) - GetServiceAccountName() string - GetSelector() (*metav1.LabelSelector, error) - GetResourceVersion() string - GetUID() string - - GetWorkload() map[string]interface{} - - // REMOVE - RemoveLabel(string) - RemoveAnnotation(string) - RemovePodStatus() - RemoveResourceVersion() -} - -type Workload struct { - workload map[string]interface{} -} - -func NewWorkload(bWorkload []byte) (*Workload, error) { - workload := make(map[string]interface{}) - if bWorkload != nil { - if err := json.Unmarshal(bWorkload, &workload); err != nil { - return nil, err - } - } - return &Workload{ - workload: workload, - }, nil -} - -func NewWorkloadObj(workload map[string]interface{}) *Workload { - return &Workload{ - workload: workload, - } -} - -func (w *Workload) Json() string { - if w.workload == nil { - return "" - } - bWorkload, err := json.Marshal(w.workload) - if err != nil { - return err.Error() - } - return fmt.Sprintf("%s", bWorkload) -} - -func (workload *Workload) DeepCopy(w map[string]interface{}) { - workload.workload = make(map[string]interface{}) - byt, _ := json.Marshal(w) - json.Unmarshal(byt, &workload.workload) -} - -func (w *Workload) ToUnstructured() (*unstructured.Unstructured, error) { - obj := &unstructured.Unstructured{} - if w.workload == nil { - return obj, nil - } - bWorkload, err := json.Marshal(w.workload) - if err != nil { - return obj, err - } - if err := json.Unmarshal(bWorkload, obj); err != nil { - return obj, err - - } - - return obj, nil -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sinterface/workloadmethods.go b/vendor/github.com/armosec/capacketsgo/k8sinterface/workloadmethods.go deleted file mode 100644 index 5613ea14..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sinterface/workloadmethods.go +++ /dev/null @@ -1,649 +0,0 @@ -package k8sinterface - -import ( - "encoding/json" - "fmt" - "strconv" - "strings" - "time" - - "github.com/armosec/capacketsgo/apis" - "github.com/armosec/capacketsgo/cautils" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// ======================================= DELETE ======================================== - -func (w *Workload) RemoveInject() { - w.RemovePodLabel(cautils.CAInject) // DEPRECATED - w.RemovePodLabel(cautils.CAAttachLabel) // DEPRECATED - w.RemovePodLabel(cautils.ArmoAttach) - - w.RemoveLabel(cautils.CAInject) // DEPRECATED - w.RemoveLabel(cautils.CAAttachLabel) // DEPRECATED - w.RemoveLabel(cautils.ArmoAttach) -} - -func (w *Workload) RemoveIgnore() { - w.RemovePodLabel(cautils.CAIgnore) // DEPRECATED - w.RemovePodLabel(cautils.ArmoAttach) - - w.RemoveLabel(cautils.CAIgnore) // DEPRECATED - w.RemoveLabel(cautils.ArmoAttach) -} - -func (w *Workload) RemoveWlid() { - w.RemovePodAnnotation(cautils.CAWlid) // DEPRECATED - w.RemovePodAnnotation(cautils.ArmoWlid) - - w.RemoveAnnotation(cautils.CAWlid) // DEPRECATED - w.RemoveAnnotation(cautils.ArmoWlid) -} - -func (w *Workload) RemoveCompatible() { - w.RemovePodAnnotation(cautils.ArmoCompatibleAnnotation) -} -func (w *Workload) RemoveJobID() { - w.RemovePodAnnotation(cautils.ArmoJobIDPath) - w.RemovePodAnnotation(cautils.ArmoJobParentPath) - w.RemovePodAnnotation(cautils.ArmoJobActionPath) - - w.RemoveAnnotation(cautils.ArmoJobIDPath) - w.RemoveAnnotation(cautils.ArmoJobParentPath) - w.RemoveAnnotation(cautils.ArmoJobActionPath) -} -func (w *Workload) RemoveArmoMetadata() { - w.RemoveArmoLabels() - w.RemoveArmoAnnotations() -} - -func (w *Workload) RemoveArmoAnnotations() { - l := w.GetAnnotations() - if l != nil { - for k := range l { - if strings.HasPrefix(k, cautils.ArmoPrefix) { - w.RemoveAnnotation(k) - } - if strings.HasPrefix(k, cautils.CAPrefix) { // DEPRECATED - w.RemoveAnnotation(k) - } - } - } - lp := w.GetPodAnnotations() - if lp != nil { - for k := range lp { - if strings.HasPrefix(k, cautils.ArmoPrefix) { - w.RemovePodAnnotation(k) - } - if strings.HasPrefix(k, cautils.CAPrefix) { // DEPRECATED - w.RemovePodAnnotation(k) - } - } - } -} -func (w *Workload) RemoveArmoLabels() { - l := w.GetLabels() - if l != nil { - for k := range l { - if strings.HasPrefix(k, cautils.ArmoPrefix) { - w.RemoveLabel(k) - } - if strings.HasPrefix(k, cautils.CAPrefix) { // DEPRECATED - w.RemoveLabel(k) - } - } - } - lp := w.GetPodLabels() - if lp != nil { - for k := range lp { - if strings.HasPrefix(k, cautils.ArmoPrefix) { - w.RemovePodLabel(k) - } - if strings.HasPrefix(k, cautils.CAPrefix) { // DEPRECATED - w.RemovePodLabel(k) - } - } - } -} -func (w *Workload) RemoveUpdateTime() { - - // remove from pod - w.RemovePodAnnotation(cautils.CAUpdate) // DEPRECATED - w.RemovePodAnnotation(cautils.ArmoUpdate) - - // remove from workload - w.RemoveAnnotation(cautils.CAUpdate) // DEPRECATED - w.RemoveAnnotation(cautils.ArmoUpdate) -} - -func (w *Workload) RemovePodStatus() { - delete(w.workload, "status") -} - -func (w *Workload) RemoveResourceVersion() { - if _, ok := w.workload["metadata"]; !ok { - return - } - meta, _ := w.workload["metadata"].(map[string]interface{}) - delete(meta, "resourceVersion") -} - -func (w *Workload) RemoveLabel(key string) { - w.RemoveMetadata([]string{"metadata"}, "labels", key) -} - -func (w *Workload) RemoveAnnotation(key string) { - w.RemoveMetadata([]string{"metadata"}, "annotations", key) -} - -func (w *Workload) RemovePodAnnotation(key string) { - w.RemoveMetadata(PodMetadata(w.GetKind()), "annotations", key) -} - -func (w *Workload) RemovePodLabel(key string) { - w.RemoveMetadata(PodMetadata(w.GetKind()), "labels", key) -} - -func (w *Workload) RemoveMetadata(scope []string, metadata, key string) { - - workload := w.workload - for i := range scope { - if _, ok := workload[scope[i]]; !ok { - return - } - workload, _ = workload[scope[i]].(map[string]interface{}) - } - - if _, ok := workload[metadata]; !ok { - return - } - - labels, _ := workload[metadata].(map[string]interface{}) - delete(labels, key) - -} - -// ========================================= SET ========================================= - -func (w *Workload) SetWorkload(workload map[string]interface{}) { - w.workload = workload -} - -func (w *Workload) SetKind(kind string) { - w.workload["kind"] = kind -} - -func (w *Workload) SetInject() { - w.SetPodLabel(cautils.ArmoAttach, cautils.BoolToString(true)) -} - -func (w *Workload) SetJobID(jobTracking apis.JobTracking) { - w.SetPodAnnotation(cautils.ArmoJobIDPath, jobTracking.JobID) - w.SetPodAnnotation(cautils.ArmoJobParentPath, jobTracking.ParentID) - w.SetPodAnnotation(cautils.ArmoJobActionPath, fmt.Sprintf("%d", jobTracking.LastActionNumber)) -} - -func (w *Workload) SetIgnore() { - w.SetPodLabel(cautils.ArmoAttach, cautils.BoolToString(false)) -} - -func (w *Workload) SetCompatible() { - w.SetPodAnnotation(cautils.ArmoCompatibleAnnotation, cautils.BoolToString(true)) -} - -func (w *Workload) SetIncompatible() { - w.SetPodAnnotation(cautils.ArmoCompatibleAnnotation, cautils.BoolToString(false)) -} - -func (w *Workload) SetReplaceheaders() { - w.SetPodAnnotation(cautils.ArmoReplaceheaders, cautils.BoolToString(true)) -} - -func (w *Workload) SetWlid(wlid string) { - w.SetPodAnnotation(cautils.ArmoWlid, wlid) -} - -func (w *Workload) SetUpdateTime() { - w.SetPodAnnotation(cautils.ArmoUpdate, string(time.Now().UTC().Format("02-01-2006 15:04:05"))) -} - -func (w *Workload) SetNamespace(namespace string) { - w.SetMetadata([]string{"metadata"}, "namespace", namespace) -} - -func (w *Workload) SetName(name string) { - w.SetMetadata([]string{"metadata"}, "name", name) -} - -func (w *Workload) SetLabel(key, value string) { - w.SetMetadata([]string{"metadata", "labels"}, key, value) -} - -func (w *Workload) SetPodLabel(key, value string) { - w.SetMetadata(append(PodMetadata(w.GetKind()), "labels"), key, value) -} -func (w *Workload) SetAnnotation(key, value string) { - w.SetMetadata([]string{"metadata", "annotations"}, key, value) -} -func (w *Workload) SetPodAnnotation(key, value string) { - w.SetMetadata(append(PodMetadata(w.GetKind()), "annotations"), key, value) -} - -func (w *Workload) SetMetadata(scope []string, key string, val interface{}) { - workload := w.workload - for i := range scope { - if _, ok := workload[scope[i]]; !ok { - workload[scope[i]] = make(map[string]interface{}) - } - workload, _ = workload[scope[i]].(map[string]interface{}) - } - - workload[key] = val -} - -// ========================================= GET ========================================= -func (w *Workload) GetWorkload() map[string]interface{} { - return w.workload -} -func (w *Workload) GetNamespace() string { - if v, ok := InspectWorkload(w.workload, "metadata", "namespace"); ok { - return v.(string) - } - return "" -} - -func (w *Workload) GetName() string { - if v, ok := InspectWorkload(w.workload, "metadata", "name"); ok { - return v.(string) - } - return "" -} - -func (w *Workload) GetGenerateName() string { - if v, ok := InspectWorkload(w.workload, "metadata", "generateName"); ok { - return v.(string) - } - return "" -} - -func (w *Workload) GetKind() string { - if v, ok := InspectWorkload(w.workload, "kind"); ok { - return v.(string) - } - return "" -} -func (w *Workload) GetSelector() (*metav1.LabelSelector, error) { - selector := &metav1.LabelSelector{} - if v, ok := InspectWorkload(w.workload, "spec", "selector", "matchLabels"); ok && v != nil { - b, err := json.Marshal(v) - if err != nil { - return selector, err - } - if err := json.Unmarshal(b, selector); err != nil { - return selector, err - } - return selector, nil - } - return selector, nil -} - -func (w *Workload) GetAnnotation(annotation string) (string, bool) { - if v, ok := InspectWorkload(w.workload, "metadata", "annotations", annotation); ok { - return v.(string), ok - } - return "", false -} -func (w *Workload) GetLabel(label string) (string, bool) { - if v, ok := InspectWorkload(w.workload, "metadata", "labels", label); ok { - return v.(string), ok - } - return "", false -} - -func (w *Workload) GetPodLabel(label string) (string, bool) { - if v, ok := InspectWorkload(w.workload, append(PodMetadata(w.GetKind()), "labels", label)...); ok && v != nil { - return v.(string), ok - } - return "", false -} - -func (w *Workload) GetLabels() map[string]string { - if v, ok := InspectWorkload(w.workload, "metadata", "labels"); ok && v != nil { - labels := make(map[string]string) - for k, i := range v.(map[string]interface{}) { - labels[k] = i.(string) - } - return labels - } - return nil -} - -// GetInnerLabels - DEPRECATED -func (w *Workload) GetInnerLabels() map[string]string { - return w.GetPodLabels() -} - -func (w *Workload) GetPodLabels() map[string]string { - if v, ok := InspectWorkload(w.workload, append(PodMetadata(w.GetKind()), "labels")...); ok && v != nil { - labels := make(map[string]string) - for k, i := range v.(map[string]interface{}) { - labels[k] = i.(string) - } - return labels - } - return nil -} - -// GetInnerAnnotations - DEPRECATED -func (w *Workload) GetInnerAnnotations() map[string]string { - return w.GetPodAnnotations() -} - -// GetPodAnnotations -func (w *Workload) GetPodAnnotations() map[string]string { - if v, ok := InspectWorkload(w.workload, append(PodMetadata(w.GetKind()), "annotations")...); ok && v != nil { - annotations := make(map[string]string) - for k, i := range v.(map[string]interface{}) { - annotations[k] = fmt.Sprintf("%v", i) - } - return annotations - } - return nil -} - -// GetInnerAnnotation DEPRECATED -func (w *Workload) GetInnerAnnotation(annotation string) (string, bool) { - return w.GetPodAnnotation(annotation) -} - -func (w *Workload) GetPodAnnotation(annotation string) (string, bool) { - if v, ok := InspectWorkload(w.workload, append(PodMetadata(w.GetKind()), "annotations", annotation)...); ok && v != nil { - return v.(string), ok - } - return "", false -} - -func (w *Workload) GetAnnotations() map[string]string { - if v, ok := InspectWorkload(w.workload, "metadata", "annotations"); ok && v != nil { - annotations := make(map[string]string) - for k, i := range v.(map[string]interface{}) { - annotations[k] = fmt.Sprintf("%v", i) - } - return annotations - } - return nil -} - -// GetVolumes - -func (w *Workload) GetVolumes() ([]corev1.Volume, error) { - volumes := []corev1.Volume{} - - interVolumes, _ := InspectWorkload(w.workload, append(PodSpec(w.GetKind()), "volumes")...) - if interVolumes == nil { - return volumes, nil - } - volumesBytes, err := json.Marshal(interVolumes) - if err != nil { - return volumes, err - } - err = json.Unmarshal(volumesBytes, &volumes) - - return volumes, err -} - -func (w *Workload) GetServiceAccountName() string { - - if v, ok := InspectWorkload(w.workload, append(PodSpec(w.GetKind()), "serviceAccountName")...); ok && v != nil { - return v.(string) - } - return "" -} - -func (w *Workload) GetPodSpec() (*corev1.PodSpec, error) { - podSpec := &corev1.PodSpec{} - podSepcRaw, _ := InspectWorkload(w.workload, PodSpec(w.GetKind())...) - if podSepcRaw == nil { - return podSpec, fmt.Errorf("no PodSpec for workload: %v", w) - } - b, err := json.Marshal(podSepcRaw) - if err != nil { - return podSpec, err - } - err = json.Unmarshal(b, podSpec) - - return podSpec, err -} - -func (w *Workload) GetImagePullSecret() ([]corev1.LocalObjectReference, error) { - imgPullSecrets := []corev1.LocalObjectReference{} - - iImgPullSecrets, _ := InspectWorkload(w.workload, append(PodSpec(w.GetKind()), "imagePullSecrets")...) - b, err := json.Marshal(iImgPullSecrets) - if err != nil { - return imgPullSecrets, err - } - err = json.Unmarshal(b, &imgPullSecrets) - - return imgPullSecrets, err -} - -// GetContainers - -func (w *Workload) GetContainers() ([]corev1.Container, error) { - containers := []corev1.Container{} - - interContainers, _ := InspectWorkload(w.workload, append(PodSpec(w.GetKind()), "containers")...) - if interContainers == nil { - return containers, nil - } - containersBytes, err := json.Marshal(interContainers) - if err != nil { - return containers, err - } - err = json.Unmarshal(containersBytes, &containers) - - return containers, err -} - -// GetContainers - -func (w *Workload) GetInitContainers() ([]corev1.Container, error) { - containers := []corev1.Container{} - - interContainers, _ := InspectWorkload(w.workload, append(PodSpec(w.GetKind()), "initContainers")...) - if interContainers == nil { - return containers, nil - } - containersBytes, err := json.Marshal(interContainers) - if err != nil { - return containers, err - } - err = json.Unmarshal(containersBytes, &containers) - - return containers, err -} - -// GetOwnerReferences - -func (w *Workload) GetOwnerReferences() ([]metav1.OwnerReference, error) { - ownerReferences := []metav1.OwnerReference{} - interOwnerReferences, ok := InspectWorkload(w.workload, "metadata", "ownerReferences") - if !ok { - return ownerReferences, nil - } - - ownerReferencesBytes, err := json.Marshal(interOwnerReferences) - if err != nil { - return ownerReferences, err - } - err = json.Unmarshal(ownerReferencesBytes, &ownerReferences) - if err != nil { - return ownerReferences, err - - } - return ownerReferences, nil -} -func (w *Workload) GetResourceVersion() string { - if v, ok := InspectWorkload(w.workload, "metadata", "resourceVersion"); ok { - return v.(string) - } - return "" -} -func (w *Workload) GetUID() string { - if v, ok := InspectWorkload(w.workload, "metadata", "uid"); ok { - return v.(string) - } - return "" -} -func (w *Workload) GetWlid() string { - if wlid, ok := w.GetAnnotation(cautils.ArmoWlid); ok { - return wlid - } - return "" -} - -func (w *Workload) GetJobID() *apis.JobTracking { - jobTracking := apis.JobTracking{} - if job, ok := w.GetPodAnnotation(cautils.ArmoJobIDPath); ok { - jobTracking.JobID = job - } - if parent, ok := w.GetPodAnnotation(cautils.ArmoJobParentPath); ok { - jobTracking.ParentID = parent - } - if action, ok := w.GetPodAnnotation(cautils.ArmoJobActionPath); ok { - if i, err := strconv.Atoi(action); err == nil { - jobTracking.LastActionNumber = i - } - } - if jobTracking.LastActionNumber == 0 { // start the counter at 1 - jobTracking.LastActionNumber = 1 - } - return &jobTracking -} - -// func (w *Workload) GetJobID() string { -// if status, ok := w.GetAnnotation(cautils.ArmoJobID); ok { -// return status -// } -// return "" -// } - -// ========================================= IS ========================================= - -func (w *Workload) IsInject() bool { - return w.IsAttached() -} - -func (w *Workload) IsIgnore() bool { - if attach := cautils.IsAttached(w.GetPodLabels()); attach != nil { - return !(*attach) - } - if attach := cautils.IsAttached(w.GetLabels()); attach != nil { - return !(*attach) - } - return false -} - -func (w *Workload) IsCompatible() bool { - if c, ok := w.GetPodAnnotation(cautils.ArmoCompatibleAnnotation); ok { - return cautils.StringToBool(c) - - } - if c, ok := w.GetAnnotation(cautils.ArmoCompatibleAnnotation); ok { - return cautils.StringToBool(c) - - } - return false -} - -func (w *Workload) IsIncompatible() bool { - if c, ok := w.GetPodAnnotation(cautils.ArmoCompatibleAnnotation); ok { - return !cautils.StringToBool(c) - } - if c, ok := w.GetAnnotation(cautils.ArmoCompatibleAnnotation); ok { - return !cautils.StringToBool(c) - } - return false -} -func (w *Workload) IsAttached() bool { - if attach := cautils.IsAttached(w.GetPodLabels()); attach != nil { - return *attach - } - if attach := cautils.IsAttached(w.GetLabels()); attach != nil { - return *attach - } - return false -} - -func (w *Workload) IsReplaceheaders() bool { - if c, ok := w.GetPodAnnotation(cautils.ArmoReplaceheaders); ok { - return cautils.StringToBool(c) - } - return false -} - -// ======================================= UTILS ========================================= - -// InspectWorkload - -func InspectWorkload(workload interface{}, scopes ...string) (val interface{}, k bool) { - - val, k = nil, false - if len(scopes) == 0 { - if workload != nil { - return workload, true - } - return nil, false - } - if data, ok := workload.(map[string]interface{}); ok { - val, k = InspectWorkload(data[scopes[0]], scopes[1:]...) - } - return val, k - -} - -// // InspectWorkload - -// func InjectWorkload(workload interface{}, scopes []string, val string) { - -// if len(scopes) == 0 { - -// } -// if data, ok := workload.(map[string]interface{}); ok { -// InjectWorkload(data[scopes[0]], scopes[1:], val) -// } else { - -// } - -// } - -// InjectWorkload - -// func InjectWorkload(workload interface{}, scopes []string, val string) { - -// if len(scopes) == 0 { -// workload = "" -// } -// if data, ok := workload.(map[string]interface{}); ok { -// d := InjectWorkload(data[scopes[0]], scopes[1:], val) -// data[scopes[0]] = d -// return data -// } else { - -// } - -// } -// func (w *Workload) SetNamespace(ns string) { - -// if v, k := w.workload["metadata"]; k { -// if vv, kk := v.(map[string]interface{}); kk { -// vv["namespace"] = "" -// // if v3, k3 := w.workload["namespace"]; k3 { -// // if v4, k4 := v.(map[string]interface{}); kk { - -// // } -// // } -// v = vv -// } -// w.workload = v -// } -// // if data, ok := w.workload.(map[string]interface{}); ok { -// // val, k = InspectWorkload(data[scopes[0]], scopes[1:]...) -// // } - -// } diff --git a/vendor/github.com/armosec/capacketsgo/k8sinterface/workloadmethods_test.go b/vendor/github.com/armosec/capacketsgo/k8sinterface/workloadmethods_test.go deleted file mode 100644 index 7136b449..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sinterface/workloadmethods_test.go +++ /dev/null @@ -1,155 +0,0 @@ -package k8sinterface - -import ( - "testing" -) - -// ========================================= IS ========================================= - -func TestLabels(t *testing.T) { - w := `{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"deployment.kubernetes.io/revision":"1"},"creationTimestamp":"2021-05-03T13:10:32Z","generation":1,"labels":{"app":"demoservice-server","cyberarmor.inject":"true"},"managedFields":[{"apiVersion":"apps/v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:labels":{".":{},"f:app":{},"f:cyberarmor.inject":{}}},"f:spec":{"f:progressDeadlineSeconds":{},"f:replicas":{},"f:revisionHistoryLimit":{},"f:selector":{},"f:strategy":{"f:rollingUpdate":{".":{},"f:maxSurge":{},"f:maxUnavailable":{}},"f:type":{}},"f:template":{"f:metadata":{"f:labels":{".":{},"f:app":{}}},"f:spec":{"f:containers":{"k:{\"name\":\"demoservice\"}":{".":{},"f:env":{".":{},"k:{\"name\":\"ARMO_TEST_NAME\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"CAA_ENABLE_CRASH_REPORTER\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"DEMO_FOLDERS\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"SERVER_PORT\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"SLEEP_DURATION\"}":{".":{},"f:name":{},"f:value":{}}},"f:image":{},"f:imagePullPolicy":{},"f:name":{},"f:ports":{".":{},"k:{\"containerPort\":8089,\"protocol\":\"TCP\"}":{".":{},"f:containerPort":{},"f:protocol":{}}},"f:resources":{},"f:terminationMessagePath":{},"f:terminationMessagePolicy":{}}},"f:dnsPolicy":{},"f:restartPolicy":{},"f:schedulerName":{},"f:securityContext":{},"f:terminationGracePeriodSeconds":{}}}}},"manager":"OpenAPI-Generator","operation":"Update","time":"2021-05-03T13:10:32Z"},{"apiVersion":"apps/v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:deployment.kubernetes.io/revision":{}}},"f:status":{"f:availableReplicas":{},"f:conditions":{".":{},"k:{\"type\":\"Available\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:message":{},"f:reason":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Progressing\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:message":{},"f:reason":{},"f:status":{},"f:type":{}}},"f:observedGeneration":{},"f:readyReplicas":{},"f:replicas":{},"f:updatedReplicas":{}}},"manager":"kube-controller-manager","operation":"Update","time":"2021-05-03T13:52:58Z"}],"name":"demoservice-server","namespace":"default","resourceVersion":"1016043","uid":"e9e8a3e9-6cb4-4301-ace1-2c0cef3bd61e"},"spec":{"progressDeadlineSeconds":600,"replicas":1,"revisionHistoryLimit":10,"selector":{"matchLabels":{"app":"demoservice-server"}},"strategy":{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"},"template":{"metadata":{"creationTimestamp":null,"labels":{"app":"demoservice-server"}},"spec":{"containers":[{"env":[{"name":"SERVER_PORT","value":"8089"},{"name":"SLEEP_DURATION","value":"1"},{"name":"DEMO_FOLDERS","value":"/app"},{"name":"ARMO_TEST_NAME","value":"auto_attach_deployment"},{"name":"CAA_ENABLE_CRASH_REPORTER","value":"1"}],"image":"quay.io/armosec/demoservice:v25","imagePullPolicy":"IfNotPresent","name":"demoservice","ports":[{"containerPort":8089,"protocol":"TCP"}],"resources":{},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"terminationGracePeriodSeconds":30}}},"status":{"availableReplicas":1,"conditions":[{"lastTransitionTime":"2021-05-03T13:10:32Z","lastUpdateTime":"2021-05-03T13:10:37Z","message":"ReplicaSet \"demoservice-server-7d478b6998\" has successfully progressed.","reason":"NewReplicaSetAvailable","status":"True","type":"Progressing"},{"lastTransitionTime":"2021-05-03T13:52:58Z","lastUpdateTime":"2021-05-03T13:52:58Z","message":"Deployment has minimum availability.","reason":"MinimumReplicasAvailable","status":"True","type":"Available"}],"observedGeneration":1,"readyReplicas":1,"replicas":1,"updatedReplicas":1}}` - workload, err := NewWorkload([]byte(w)) - if err != nil { - t.Errorf(err.Error()) - } - if workload.GetKind() != "Deployment" { - t.Errorf("wrong kind") - } - if workload.GetNamespace() != "default" { - t.Errorf("wrong namespace") - } - if workload.GetName() != "demoservice-server" { - t.Errorf("wrong name") - } - if !workload.IsInject() { - t.Errorf("expect to find inject label") - } - if workload.IsIgnore() { - t.Errorf("expect to find ignore label") - } -} - -func TestSetNamespace(t *testing.T) { - w := `{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"name":"demoservice-server"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"demoservice-server"}},"template":{"metadata":{"creationTimestamp":null,"labels":{"app":"demoservice-server"}},"spec":{"containers":[{"env":[{"name":"SERVER_PORT","value":"8089"},{"name":"SLEEP_DURATION","value":"1"},{"name":"DEMO_FOLDERS","value":"/app"},{"name":"ARMO_TEST_NAME","value":"auto_attach_deployment"},{"name":"CAA_ENABLE_CRASH_REPORTER","value":"1"}],"image":"quay.io/armosec/demoservice:v25","imagePullPolicy":"IfNotPresent","name":"demoservice","ports":[{"containerPort":8089,"protocol":"TCP"}],"resources":{},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"terminationGracePeriodSeconds":30}}}}` - workload, err := NewWorkload([]byte(w)) - if err != nil { - t.Errorf(err.Error()) - } - workload.SetNamespace("default") - if workload.GetNamespace() != "default" { - t.Errorf("wrong namespace") - } -} -func TestSetLabels(t *testing.T) { - w := `{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"deployment.kubernetes.io/revision":"1"},"creationTimestamp":"2021-05-03T13:10:32Z","generation":1,"managedFields":[{"apiVersion":"apps/v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:labels":{".":{},"f:app":{},"f:cyberarmor.inject":{}}},"f:spec":{"f:progressDeadlineSeconds":{},"f:replicas":{},"f:revisionHistoryLimit":{},"f:selector":{},"f:strategy":{"f:rollingUpdate":{".":{},"f:maxSurge":{},"f:maxUnavailable":{}},"f:type":{}},"f:template":{"f:metadata":{"f:labels":{".":{},"f:app":{}}},"f:spec":{"f:containers":{"k:{\"name\":\"demoservice\"}":{".":{},"f:env":{".":{},"k:{\"name\":\"ARMO_TEST_NAME\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"CAA_ENABLE_CRASH_REPORTER\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"DEMO_FOLDERS\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"SERVER_PORT\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"SLEEP_DURATION\"}":{".":{},"f:name":{},"f:value":{}}},"f:image":{},"f:imagePullPolicy":{},"f:name":{},"f:ports":{".":{},"k:{\"containerPort\":8089,\"protocol\":\"TCP\"}":{".":{},"f:containerPort":{},"f:protocol":{}}},"f:resources":{},"f:terminationMessagePath":{},"f:terminationMessagePolicy":{}}},"f:dnsPolicy":{},"f:restartPolicy":{},"f:schedulerName":{},"f:securityContext":{},"f:terminationGracePeriodSeconds":{}}}}},"manager":"OpenAPI-Generator","operation":"Update","time":"2021-05-03T13:10:32Z"},{"apiVersion":"apps/v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:deployment.kubernetes.io/revision":{}}},"f:status":{"f:availableReplicas":{},"f:conditions":{".":{},"k:{\"type\":\"Available\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:message":{},"f:reason":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Progressing\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:message":{},"f:reason":{},"f:status":{},"f:type":{}}},"f:observedGeneration":{},"f:readyReplicas":{},"f:replicas":{},"f:updatedReplicas":{}}},"manager":"kube-controller-manager","operation":"Update","time":"2021-05-03T13:52:58Z"}],"name":"demoservice-server","namespace":"default","resourceVersion":"1016043","uid":"e9e8a3e9-6cb4-4301-ace1-2c0cef3bd61e"},"spec":{"progressDeadlineSeconds":600,"replicas":1,"revisionHistoryLimit":10,"selector":{"matchLabels":{"app":"demoservice-server"}},"strategy":{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"},"template":{"metadata":{"creationTimestamp":null,"labels":{"app":"demoservice-server"}},"spec":{"containers":[{"env":[{"name":"SERVER_PORT","value":"8089"},{"name":"SLEEP_DURATION","value":"1"},{"name":"DEMO_FOLDERS","value":"/app"},{"name":"ARMO_TEST_NAME","value":"auto_attach_deployment"},{"name":"CAA_ENABLE_CRASH_REPORTER","value":"1"}],"image":"quay.io/armosec/demoservice:v25","imagePullPolicy":"IfNotPresent","name":"demoservice","ports":[{"containerPort":8089,"protocol":"TCP"}],"resources":{},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"terminationGracePeriodSeconds":30}}},"status":{"availableReplicas":1,"conditions":[{"lastTransitionTime":"2021-05-03T13:10:32Z","lastUpdateTime":"2021-05-03T13:10:37Z","message":"ReplicaSet \"demoservice-server-7d478b6998\" has successfully progressed.","reason":"NewReplicaSetAvailable","status":"True","type":"Progressing"},{"lastTransitionTime":"2021-05-03T13:52:58Z","lastUpdateTime":"2021-05-03T13:52:58Z","message":"Deployment has minimum availability.","reason":"MinimumReplicasAvailable","status":"True","type":"Available"}],"observedGeneration":1,"readyReplicas":1,"replicas":1,"updatedReplicas":1}}` - workload, err := NewWorkload([]byte(w)) - if err != nil { - t.Errorf(err.Error()) - } - workload.SetLabel("bla", "daa") - v, ok := workload.GetLabel("bla") - if !ok || v != "daa" { - t.Errorf("expect to find label") - } - workload.RemoveLabel("bla") - v2, ok2 := workload.GetLabel("bla") - if ok2 || v2 == "daa" { - t.Errorf("label not deleted") - } -} - -func TestSetAnnotations(t *testing.T) { - w := `{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"deployment.kubernetes.io/revision":"1"},"creationTimestamp":"2021-05-03T13:10:32Z","generation":1,"managedFields":[{"apiVersion":"apps/v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:labels":{".":{},"f:app":{},"f:cyberarmor.inject":{}}},"f:spec":{"f:progressDeadlineSeconds":{},"f:replicas":{},"f:revisionHistoryLimit":{},"f:selector":{},"f:strategy":{"f:rollingUpdate":{".":{},"f:maxSurge":{},"f:maxUnavailable":{}},"f:type":{}},"f:template":{"f:metadata":{"f:labels":{".":{},"f:app":{}}},"f:spec":{"f:containers":{"k:{\"name\":\"demoservice\"}":{".":{},"f:env":{".":{},"k:{\"name\":\"ARMO_TEST_NAME\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"CAA_ENABLE_CRASH_REPORTER\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"DEMO_FOLDERS\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"SERVER_PORT\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"SLEEP_DURATION\"}":{".":{},"f:name":{},"f:value":{}}},"f:image":{},"f:imagePullPolicy":{},"f:name":{},"f:ports":{".":{},"k:{\"containerPort\":8089,\"protocol\":\"TCP\"}":{".":{},"f:containerPort":{},"f:protocol":{}}},"f:resources":{},"f:terminationMessagePath":{},"f:terminationMessagePolicy":{}}},"f:dnsPolicy":{},"f:restartPolicy":{},"f:schedulerName":{},"f:securityContext":{},"f:terminationGracePeriodSeconds":{}}}}},"manager":"OpenAPI-Generator","operation":"Update","time":"2021-05-03T13:10:32Z"},{"apiVersion":"apps/v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:deployment.kubernetes.io/revision":{}}},"f:status":{"f:availableReplicas":{},"f:conditions":{".":{},"k:{\"type\":\"Available\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:message":{},"f:reason":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Progressing\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:message":{},"f:reason":{},"f:status":{},"f:type":{}}},"f:observedGeneration":{},"f:readyReplicas":{},"f:replicas":{},"f:updatedReplicas":{}}},"manager":"kube-controller-manager","operation":"Update","time":"2021-05-03T13:52:58Z"}],"name":"demoservice-server","namespace":"default","resourceVersion":"1016043","uid":"e9e8a3e9-6cb4-4301-ace1-2c0cef3bd61e"},"spec":{"progressDeadlineSeconds":600,"replicas":1,"revisionHistoryLimit":10,"selector":{"matchLabels":{"app":"demoservice-server"}},"strategy":{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"},"template":{"metadata":{"creationTimestamp":null,"labels":{"app":"demoservice-server"}},"spec":{"containers":[{"env":[{"name":"SERVER_PORT","value":"8089"},{"name":"SLEEP_DURATION","value":"1"},{"name":"DEMO_FOLDERS","value":"/app"},{"name":"ARMO_TEST_NAME","value":"auto_attach_deployment"},{"name":"CAA_ENABLE_CRASH_REPORTER","value":"1"}],"image":"quay.io/armosec/demoservice:v25","imagePullPolicy":"IfNotPresent","name":"demoservice","ports":[{"containerPort":8089,"protocol":"TCP"}],"resources":{},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"terminationGracePeriodSeconds":30}}},"status":{"availableReplicas":1,"conditions":[{"lastTransitionTime":"2021-05-03T13:10:32Z","lastUpdateTime":"2021-05-03T13:10:37Z","message":"ReplicaSet \"demoservice-server-7d478b6998\" has successfully progressed.","reason":"NewReplicaSetAvailable","status":"True","type":"Progressing"},{"lastTransitionTime":"2021-05-03T13:52:58Z","lastUpdateTime":"2021-05-03T13:52:58Z","message":"Deployment has minimum availability.","reason":"MinimumReplicasAvailable","status":"True","type":"Available"}],"observedGeneration":1,"readyReplicas":1,"replicas":1,"updatedReplicas":1}}` - workload, err := NewWorkload([]byte(w)) - if err != nil { - t.Errorf(err.Error()) - } - workload.SetAnnotation("bla", "daa") - v, ok := workload.GetAnnotation("bla") - if !ok || v != "daa" { - t.Errorf("expect to find annotation") - } - workload.RemoveAnnotation("bla") - v2, ok2 := workload.GetAnnotation("bla") - if ok2 || v2 == "daa" { - t.Errorf("annotation not deleted") - } -} -func TestSetPodLabels(t *testing.T) { - w := `{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"deployment.kubernetes.io/revision":"1"},"creationTimestamp":"2021-05-03T13:10:32Z","generation":1,"managedFields":[{"apiVersion":"apps/v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:labels":{".":{},"f:app":{},"f:cyberarmor.inject":{}}},"f:spec":{"f:progressDeadlineSeconds":{},"f:replicas":{},"f:revisionHistoryLimit":{},"f:selector":{},"f:strategy":{"f:rollingUpdate":{".":{},"f:maxSurge":{},"f:maxUnavailable":{}},"f:type":{}},"f:template":{"f:metadata":{"f:labels":{".":{},"f:app":{}}},"f:spec":{"f:containers":{"k:{\"name\":\"demoservice\"}":{".":{},"f:env":{".":{},"k:{\"name\":\"ARMO_TEST_NAME\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"CAA_ENABLE_CRASH_REPORTER\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"DEMO_FOLDERS\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"SERVER_PORT\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"SLEEP_DURATION\"}":{".":{},"f:name":{},"f:value":{}}},"f:image":{},"f:imagePullPolicy":{},"f:name":{},"f:ports":{".":{},"k:{\"containerPort\":8089,\"protocol\":\"TCP\"}":{".":{},"f:containerPort":{},"f:protocol":{}}},"f:resources":{},"f:terminationMessagePath":{},"f:terminationMessagePolicy":{}}},"f:dnsPolicy":{},"f:restartPolicy":{},"f:schedulerName":{},"f:securityContext":{},"f:terminationGracePeriodSeconds":{}}}}},"manager":"OpenAPI-Generator","operation":"Update","time":"2021-05-03T13:10:32Z"},{"apiVersion":"apps/v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:deployment.kubernetes.io/revision":{}}},"f:status":{"f:availableReplicas":{},"f:conditions":{".":{},"k:{\"type\":\"Available\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:message":{},"f:reason":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Progressing\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:message":{},"f:reason":{},"f:status":{},"f:type":{}}},"f:observedGeneration":{},"f:readyReplicas":{},"f:replicas":{},"f:updatedReplicas":{}}},"manager":"kube-controller-manager","operation":"Update","time":"2021-05-03T13:52:58Z"}],"name":"demoservice-server","namespace":"default","resourceVersion":"1016043","uid":"e9e8a3e9-6cb4-4301-ace1-2c0cef3bd61e"},"spec":{"progressDeadlineSeconds":600,"replicas":1,"revisionHistoryLimit":10,"selector":{"matchLabels":{"app":"demoservice-server"}},"strategy":{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"},"template":{"metadata":{"creationTimestamp":null,"labels":{"app":"demoservice-server"}},"spec":{"containers":[{"env":[{"name":"SERVER_PORT","value":"8089"},{"name":"SLEEP_DURATION","value":"1"},{"name":"DEMO_FOLDERS","value":"/app"},{"name":"ARMO_TEST_NAME","value":"auto_attach_deployment"},{"name":"CAA_ENABLE_CRASH_REPORTER","value":"1"}],"image":"quay.io/armosec/demoservice:v25","imagePullPolicy":"IfNotPresent","name":"demoservice","ports":[{"containerPort":8089,"protocol":"TCP"}],"resources":{},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"terminationGracePeriodSeconds":30}}},"status":{"availableReplicas":1,"conditions":[{"lastTransitionTime":"2021-05-03T13:10:32Z","lastUpdateTime":"2021-05-03T13:10:37Z","message":"ReplicaSet \"demoservice-server-7d478b6998\" has successfully progressed.","reason":"NewReplicaSetAvailable","status":"True","type":"Progressing"},{"lastTransitionTime":"2021-05-03T13:52:58Z","lastUpdateTime":"2021-05-03T13:52:58Z","message":"Deployment has minimum availability.","reason":"MinimumReplicasAvailable","status":"True","type":"Available"}],"observedGeneration":1,"readyReplicas":1,"replicas":1,"updatedReplicas":1}}` - workload, err := NewWorkload([]byte(w)) - if err != nil { - t.Errorf(err.Error()) - } - workload.SetPodLabel("bla", "daa") - v, ok := workload.GetPodLabel("bla") - if !ok || v != "daa" { - t.Errorf("expect to find label") - } - workload.RemovePodLabel("bla") - v2, ok2 := workload.GetPodLabel("bla") - if ok2 || v2 == "daa" { - t.Errorf("label not deleted") - } -} -func TestRemoveArmo(t *testing.T) { - w := `{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"deployment.kubernetes.io/revision":"1"},"creationTimestamp":"2021-05-03T13:10:32Z","generation":1,"managedFields":[{"apiVersion":"apps/v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:labels":{".":{},"f:app":{},"f:cyberarmor.inject":{}}},"f:spec":{"f:progressDeadlineSeconds":{},"f:replicas":{},"f:revisionHistoryLimit":{},"f:selector":{},"f:strategy":{"f:rollingUpdate":{".":{},"f:maxSurge":{},"f:maxUnavailable":{}},"f:type":{}},"f:template":{"f:metadata":{"f:labels":{".":{},"f:app":{}}},"f:spec":{"f:containers":{"k:{\"name\":\"demoservice\"}":{".":{},"f:env":{".":{},"k:{\"name\":\"ARMO_TEST_NAME\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"CAA_ENABLE_CRASH_REPORTER\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"DEMO_FOLDERS\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"SERVER_PORT\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"SLEEP_DURATION\"}":{".":{},"f:name":{},"f:value":{}}},"f:image":{},"f:imagePullPolicy":{},"f:name":{},"f:ports":{".":{},"k:{\"containerPort\":8089,\"protocol\":\"TCP\"}":{".":{},"f:containerPort":{},"f:protocol":{}}},"f:resources":{},"f:terminationMessagePath":{},"f:terminationMessagePolicy":{}}},"f:dnsPolicy":{},"f:restartPolicy":{},"f:schedulerName":{},"f:securityContext":{},"f:terminationGracePeriodSeconds":{}}}}},"manager":"OpenAPI-Generator","operation":"Update","time":"2021-05-03T13:10:32Z"},{"apiVersion":"apps/v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:deployment.kubernetes.io/revision":{}}},"f:status":{"f:availableReplicas":{},"f:conditions":{".":{},"k:{\"type\":\"Available\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:message":{},"f:reason":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Progressing\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:message":{},"f:reason":{},"f:status":{},"f:type":{}}},"f:observedGeneration":{},"f:readyReplicas":{},"f:replicas":{},"f:updatedReplicas":{}}},"manager":"kube-controller-manager","operation":"Update","time":"2021-05-03T13:52:58Z"}],"name":"demoservice-server","namespace":"default","resourceVersion":"1016043","uid":"e9e8a3e9-6cb4-4301-ace1-2c0cef3bd61e"},"spec":{"progressDeadlineSeconds":600,"replicas":1,"revisionHistoryLimit":10,"selector":{"matchLabels":{"app":"demoservice-server"}},"strategy":{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"},"template":{"metadata":{"creationTimestamp":null,"labels":{"app":"demoservice-server", "armo.attach": "true"}},"spec":{"containers":[{"env":[{"name":"SERVER_PORT","value":"8089"},{"name":"SLEEP_DURATION","value":"1"},{"name":"DEMO_FOLDERS","value":"/app"},{"name":"ARMO_TEST_NAME","value":"auto_attach_deployment"},{"name":"CAA_ENABLE_CRASH_REPORTER","value":"1"}],"image":"quay.io/armosec/demoservice:v25","imagePullPolicy":"IfNotPresent","name":"demoservice","ports":[{"containerPort":8089,"protocol":"TCP"}],"resources":{},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"terminationGracePeriodSeconds":30}}},"status":{"availableReplicas":1,"conditions":[{"lastTransitionTime":"2021-05-03T13:10:32Z","lastUpdateTime":"2021-05-03T13:10:37Z","message":"ReplicaSet \"demoservice-server-7d478b6998\" has successfully progressed.","reason":"NewReplicaSetAvailable","status":"True","type":"Progressing"},{"lastTransitionTime":"2021-05-03T13:52:58Z","lastUpdateTime":"2021-05-03T13:52:58Z","message":"Deployment has minimum availability.","reason":"MinimumReplicasAvailable","status":"True","type":"Available"}],"observedGeneration":1,"readyReplicas":1,"replicas":1,"updatedReplicas":1}}` - workload, err := NewWorkload([]byte(w)) - if err != nil { - t.Errorf(err.Error()) - } - if !workload.IsAttached() { - t.Errorf("expect to be attached") - } - workload.RemoveArmoMetadata() - if workload.IsAttached() { - t.Errorf("expect to be clear") - } - -} - -func TestSetWlid(t *testing.T) { - w := `{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"deployment.kubernetes.io/revision":"1"},"creationTimestamp":"2021-05-03T13:10:32Z","generation":1,"managedFields":[{"apiVersion":"apps/v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:labels":{".":{},"f:app":{},"f:cyberarmor.inject":{}}},"f:spec":{"f:progressDeadlineSeconds":{},"f:replicas":{},"f:revisionHistoryLimit":{},"f:selector":{},"f:strategy":{"f:rollingUpdate":{".":{},"f:maxSurge":{},"f:maxUnavailable":{}},"f:type":{}},"f:template":{"f:metadata":{"f:labels":{".":{},"f:app":{}}},"f:spec":{"f:containers":{"k:{\"name\":\"demoservice\"}":{".":{},"f:env":{".":{},"k:{\"name\":\"ARMO_TEST_NAME\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"CAA_ENABLE_CRASH_REPORTER\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"DEMO_FOLDERS\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"SERVER_PORT\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"SLEEP_DURATION\"}":{".":{},"f:name":{},"f:value":{}}},"f:image":{},"f:imagePullPolicy":{},"f:name":{},"f:ports":{".":{},"k:{\"containerPort\":8089,\"protocol\":\"TCP\"}":{".":{},"f:containerPort":{},"f:protocol":{}}},"f:resources":{},"f:terminationMessagePath":{},"f:terminationMessagePolicy":{}}},"f:dnsPolicy":{},"f:restartPolicy":{},"f:schedulerName":{},"f:securityContext":{},"f:terminationGracePeriodSeconds":{}}}}},"manager":"OpenAPI-Generator","operation":"Update","time":"2021-05-03T13:10:32Z"},{"apiVersion":"apps/v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:deployment.kubernetes.io/revision":{}}},"f:status":{"f:availableReplicas":{},"f:conditions":{".":{},"k:{\"type\":\"Available\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:message":{},"f:reason":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Progressing\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:message":{},"f:reason":{},"f:status":{},"f:type":{}}},"f:observedGeneration":{},"f:readyReplicas":{},"f:replicas":{},"f:updatedReplicas":{}}},"manager":"kube-controller-manager","operation":"Update","time":"2021-05-03T13:52:58Z"}],"name":"demoservice-server","namespace":"default","resourceVersion":"1016043","uid":"e9e8a3e9-6cb4-4301-ace1-2c0cef3bd61e"},"spec":{"progressDeadlineSeconds":600,"replicas":1,"revisionHistoryLimit":10,"selector":{"matchLabels":{"app":"demoservice-server"}},"strategy":{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"},"template":{"metadata":{"creationTimestamp":null,"labels":{"app":"demoservice-server"}},"spec":{"containers":[{"env":[{"name":"SERVER_PORT","value":"8089"},{"name":"SLEEP_DURATION","value":"1"},{"name":"DEMO_FOLDERS","value":"/app"},{"name":"ARMO_TEST_NAME","value":"auto_attach_deployment"},{"name":"CAA_ENABLE_CRASH_REPORTER","value":"1"}],"image":"quay.io/armosec/demoservice:v25","imagePullPolicy":"IfNotPresent","name":"demoservice","ports":[{"containerPort":8089,"protocol":"TCP"}],"resources":{},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"terminationGracePeriodSeconds":30}}},"status":{"availableReplicas":1,"conditions":[{"lastTransitionTime":"2021-05-03T13:10:32Z","lastUpdateTime":"2021-05-03T13:10:37Z","message":"ReplicaSet \"demoservice-server-7d478b6998\" has successfully progressed.","reason":"NewReplicaSetAvailable","status":"True","type":"Progressing"},{"lastTransitionTime":"2021-05-03T13:52:58Z","lastUpdateTime":"2021-05-03T13:52:58Z","message":"Deployment has minimum availability.","reason":"MinimumReplicasAvailable","status":"True","type":"Available"}],"observedGeneration":1,"readyReplicas":1,"replicas":1,"updatedReplicas":1}}` - workload, err := NewWorkload([]byte(w)) - if err != nil { - t.Errorf(err.Error()) - } - workload.SetWlid("wlid://bla") - // t.Errorf(workload.Json()) - -} - -func TestGetResourceVersion(t *testing.T) { - w := `{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"deployment.kubernetes.io/revision":"1"},"creationTimestamp":"2021-05-03T13:10:32Z","generation":1,"managedFields":[{"apiVersion":"apps/v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:labels":{".":{},"f:app":{},"f:cyberarmor.inject":{}}},"f:spec":{"f:progressDeadlineSeconds":{},"f:replicas":{},"f:revisionHistoryLimit":{},"f:selector":{},"f:strategy":{"f:rollingUpdate":{".":{},"f:maxSurge":{},"f:maxUnavailable":{}},"f:type":{}},"f:template":{"f:metadata":{"f:labels":{".":{},"f:app":{}}},"f:spec":{"f:containers":{"k:{\"name\":\"demoservice\"}":{".":{},"f:env":{".":{},"k:{\"name\":\"ARMO_TEST_NAME\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"CAA_ENABLE_CRASH_REPORTER\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"DEMO_FOLDERS\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"SERVER_PORT\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"SLEEP_DURATION\"}":{".":{},"f:name":{},"f:value":{}}},"f:image":{},"f:imagePullPolicy":{},"f:name":{},"f:ports":{".":{},"k:{\"containerPort\":8089,\"protocol\":\"TCP\"}":{".":{},"f:containerPort":{},"f:protocol":{}}},"f:resources":{},"f:terminationMessagePath":{},"f:terminationMessagePolicy":{}}},"f:dnsPolicy":{},"f:restartPolicy":{},"f:schedulerName":{},"f:securityContext":{},"f:terminationGracePeriodSeconds":{}}}}},"manager":"OpenAPI-Generator","operation":"Update","time":"2021-05-03T13:10:32Z"},{"apiVersion":"apps/v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:deployment.kubernetes.io/revision":{}}},"f:status":{"f:availableReplicas":{},"f:conditions":{".":{},"k:{\"type\":\"Available\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:message":{},"f:reason":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Progressing\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:message":{},"f:reason":{},"f:status":{},"f:type":{}}},"f:observedGeneration":{},"f:readyReplicas":{},"f:replicas":{},"f:updatedReplicas":{}}},"manager":"kube-controller-manager","operation":"Update","time":"2021-05-03T13:52:58Z"}],"name":"demoservice-server","namespace":"default","resourceVersion":"1016043","uid":"e9e8a3e9-6cb4-4301-ace1-2c0cef3bd61e"},"spec":{"progressDeadlineSeconds":600,"replicas":1,"revisionHistoryLimit":10,"selector":{"matchLabels":{"app":"demoservice-server"}},"strategy":{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"},"template":{"metadata":{"creationTimestamp":null,"labels":{"app":"demoservice-server"}},"spec":{"containers":[{"env":[{"name":"SERVER_PORT","value":"8089"},{"name":"SLEEP_DURATION","value":"1"},{"name":"DEMO_FOLDERS","value":"/app"},{"name":"ARMO_TEST_NAME","value":"auto_attach_deployment"},{"name":"CAA_ENABLE_CRASH_REPORTER","value":"1"}],"image":"quay.io/armosec/demoservice:v25","imagePullPolicy":"IfNotPresent","name":"demoservice","ports":[{"containerPort":8089,"protocol":"TCP"}],"resources":{},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"terminationGracePeriodSeconds":30}}},"status":{"availableReplicas":1,"conditions":[{"lastTransitionTime":"2021-05-03T13:10:32Z","lastUpdateTime":"2021-05-03T13:10:37Z","message":"ReplicaSet \"demoservice-server-7d478b6998\" has successfully progressed.","reason":"NewReplicaSetAvailable","status":"True","type":"Progressing"},{"lastTransitionTime":"2021-05-03T13:52:58Z","lastUpdateTime":"2021-05-03T13:52:58Z","message":"Deployment has minimum availability.","reason":"MinimumReplicasAvailable","status":"True","type":"Available"}],"observedGeneration":1,"readyReplicas":1,"replicas":1,"updatedReplicas":1}}` - workload, err := NewWorkload([]byte(w)) - if err != nil { - t.Errorf(err.Error()) - } - if workload.GetResourceVersion() != "1016043" { - t.Errorf("wrong resourceVersion") - } - -} -func TestGetUID(t *testing.T) { - w := `{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"deployment.kubernetes.io/revision":"1"},"creationTimestamp":"2021-05-03T13:10:32Z","generation":1,"managedFields":[{"apiVersion":"apps/v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:labels":{".":{},"f:app":{},"f:cyberarmor.inject":{}}},"f:spec":{"f:progressDeadlineSeconds":{},"f:replicas":{},"f:revisionHistoryLimit":{},"f:selector":{},"f:strategy":{"f:rollingUpdate":{".":{},"f:maxSurge":{},"f:maxUnavailable":{}},"f:type":{}},"f:template":{"f:metadata":{"f:labels":{".":{},"f:app":{}}},"f:spec":{"f:containers":{"k:{\"name\":\"demoservice\"}":{".":{},"f:env":{".":{},"k:{\"name\":\"ARMO_TEST_NAME\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"CAA_ENABLE_CRASH_REPORTER\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"DEMO_FOLDERS\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"SERVER_PORT\"}":{".":{},"f:name":{},"f:value":{}},"k:{\"name\":\"SLEEP_DURATION\"}":{".":{},"f:name":{},"f:value":{}}},"f:image":{},"f:imagePullPolicy":{},"f:name":{},"f:ports":{".":{},"k:{\"containerPort\":8089,\"protocol\":\"TCP\"}":{".":{},"f:containerPort":{},"f:protocol":{}}},"f:resources":{},"f:terminationMessagePath":{},"f:terminationMessagePolicy":{}}},"f:dnsPolicy":{},"f:restartPolicy":{},"f:schedulerName":{},"f:securityContext":{},"f:terminationGracePeriodSeconds":{}}}}},"manager":"OpenAPI-Generator","operation":"Update","time":"2021-05-03T13:10:32Z"},{"apiVersion":"apps/v1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:deployment.kubernetes.io/revision":{}}},"f:status":{"f:availableReplicas":{},"f:conditions":{".":{},"k:{\"type\":\"Available\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:message":{},"f:reason":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Progressing\"}":{".":{},"f:lastTransitionTime":{},"f:lastUpdateTime":{},"f:message":{},"f:reason":{},"f:status":{},"f:type":{}}},"f:observedGeneration":{},"f:readyReplicas":{},"f:replicas":{},"f:updatedReplicas":{}}},"manager":"kube-controller-manager","operation":"Update","time":"2021-05-03T13:52:58Z"}],"name":"demoservice-server","namespace":"default","resourceVersion":"1016043","uid":"e9e8a3e9-6cb4-4301-ace1-2c0cef3bd61e"},"spec":{"progressDeadlineSeconds":600,"replicas":1,"revisionHistoryLimit":10,"selector":{"matchLabels":{"app":"demoservice-server"}},"strategy":{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"},"template":{"metadata":{"creationTimestamp":null,"labels":{"app":"demoservice-server"}},"spec":{"containers":[{"env":[{"name":"SERVER_PORT","value":"8089"},{"name":"SLEEP_DURATION","value":"1"},{"name":"DEMO_FOLDERS","value":"/app"},{"name":"ARMO_TEST_NAME","value":"auto_attach_deployment"},{"name":"CAA_ENABLE_CRASH_REPORTER","value":"1"}],"image":"quay.io/armosec/demoservice:v25","imagePullPolicy":"IfNotPresent","name":"demoservice","ports":[{"containerPort":8089,"protocol":"TCP"}],"resources":{},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"terminationGracePeriodSeconds":30}}},"status":{"availableReplicas":1,"conditions":[{"lastTransitionTime":"2021-05-03T13:10:32Z","lastUpdateTime":"2021-05-03T13:10:37Z","message":"ReplicaSet \"demoservice-server-7d478b6998\" has successfully progressed.","reason":"NewReplicaSetAvailable","status":"True","type":"Progressing"},{"lastTransitionTime":"2021-05-03T13:52:58Z","lastUpdateTime":"2021-05-03T13:52:58Z","message":"Deployment has minimum availability.","reason":"MinimumReplicasAvailable","status":"True","type":"Available"}],"observedGeneration":1,"readyReplicas":1,"replicas":1,"updatedReplicas":1}}` - workload, err := NewWorkload([]byte(w)) - if err != nil { - t.Errorf(err.Error()) - } - if workload.GetUID() != "e9e8a3e9-6cb4-4301-ace1-2c0cef3bd61e" { - t.Errorf("wrong UID") - } - -} - -func TestIsAttached(t *testing.T) { - w := `{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"deployment.kubernetes.io/revision":"3"},"creationTimestamp":"2021-06-21T04:52:05Z","generation":3,"name":"emailservice","namespace":"default"},"spec":{"progressDeadlineSeconds":600,"replicas":1,"revisionHistoryLimit":10,"selector":{"matchLabels":{"app":"emailservice"}},"strategy":{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"},"template":{"metadata":{"annotations":{"armo.last-update":"21-06-2021 06:40:42","armo.wlid":"wlid://cluster-david-demo/namespace-default/deployment-emailservice"},"creationTimestamp":null,"labels":{"app":"emailservice","armo.attach":"true"}},"spec":{"containers":[{"env":[{"name":"PORT","value":"8080"},{"name":"DISABLE_PROFILER","value":"1"}],"image":"gcr.io/google-samples/microservices-demo/emailservice:v0.2.3","imagePullPolicy":"IfNotPresent","livenessProbe":{"exec":{"command":["/bin/grpc_health_probe","-addr=:8080"]},"failureThreshold":3,"periodSeconds":5,"successThreshold":1,"timeoutSeconds":1},"name":"server","ports":[{"containerPort":8080,"protocol":"TCP"}],"readinessProbe":{"exec":{"command":["/bin/grpc_health_probe","-addr=:8080"]},"failureThreshold":3,"periodSeconds":5,"successThreshold":1,"timeoutSeconds":1},"resources":{"limits":{"cpu":"200m","memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"serviceAccount":"default","serviceAccountName":"default","terminationGracePeriodSeconds":5}}}}` - workload, err := NewWorkload([]byte(w)) - if err != nil { - t.Errorf(err.Error()) - } - if !workload.IsAttached() { - t.Errorf("expected attached") - } - -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sinterface/workloadmethodsutils.go b/vendor/github.com/armosec/capacketsgo/k8sinterface/workloadmethodsutils.go deleted file mode 100644 index 51dbf4cb..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sinterface/workloadmethodsutils.go +++ /dev/null @@ -1,23 +0,0 @@ -package k8sinterface - -func PodSpec(kind string) []string { - switch kind { - case "Pod", "Namespace": - return []string{"spec"} - case "CronJob": - return []string{"spec", "jobTemplate", "spec", "template", "spec"} - default: - return []string{"spec", "template", "spec"} - } -} - -func PodMetadata(kind string) []string { - switch kind { - case "Pod", "Namespace", "Secret": - return []string{"metadata"} - case "CronJob": - return []string{"spec", "jobTemplate", "spec", "template", "metadata"} - default: - return []string{"spec", "template", "metadata"} - } -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sshared/README.md b/vendor/github.com/armosec/capacketsgo/k8sshared/README.md deleted file mode 100644 index 57f04ca7..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sshared/README.md +++ /dev/null @@ -1 +0,0 @@ -hold all shared k8s wrappers or k8s related utilities that are shared across projects diff --git a/vendor/github.com/armosec/capacketsgo/k8sshared/gojayunmarshaller.go b/vendor/github.com/armosec/capacketsgo/k8sshared/gojayunmarshaller.go deleted file mode 100644 index 42d54620..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sshared/gojayunmarshaller.go +++ /dev/null @@ -1,59 +0,0 @@ -package k8sshared - -import ( - "fmt" - - "github.com/francoispqt/gojay" -) - -// CAClusterName string `json:"caClusterName"` -// CANamespace string `json:"caNamespace"` -// Event json.RawMessage `json:"k8sV1Event"` - -// UnmarshalJSONObject - File inside a pkg -func (l *K8sAuditLog) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error) { - - switch key { - case "caClusterName": - err = dec.String(&(l.CAClusterName)) - - case "caNamespace": - err = dec.String(&(l.CANamespace)) - - case "k8sV1Event": - var tmp gojay.EmbeddedJSON - - if err = dec.AddEmbeddedJSON(&tmp); err != nil { - return fmt.Errorf("failed to UnmarshalJSONObject k8sV1Event, error: %v", err) - } - l.Event = []byte(tmp) - return nil - } - - return err - -} - -func (logs *K8sAuditLogs) UnmarshalJSONArray(dec *gojay.Decoder) error { - lae := K8sAuditLog{} - if err := dec.Object(&lae); err != nil { - return err - } - - *logs = append(*logs, lae) - return nil -} - -// func (logs []K8sAuditLog) UnmarshalJSONArray(dec *gojay.Decoder) error { -// lae := K8sAuditLog{} -// if err := dec.Object(&lae); err != nil { -// return err -// } - -// logs = append(logs, lae) -// return nil -// } - -func (file *K8sAuditLog) NKeys() int { - return 0 -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sshared/k8sshared_mock.go b/vendor/github.com/armosec/capacketsgo/k8sshared/k8sshared_mock.go deleted file mode 100644 index e6979bd4..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sshared/k8sshared_mock.go +++ /dev/null @@ -1,51 +0,0 @@ -package k8sshared - -import ( - "encoding/json" - - audit "k8s.io/apiserver/pkg/apis/audit" -) - -func GetEventAuditMockAsString() string { - return `{ - "kind": "Event", - "apiVersion": "audit.k8s.io/v1", - "level": "Metadata", - "auditID": "1847e1e1-d66b-4661-b458-4dc553cd8539", - "stage": "ResponseComplete", - "requestURI": "/apis/storage.k8s.io/v1?timeout=32s", - "verb": "get", - "user": { - "username": "system:serviceaccount:kube-system:generic-garbage-collector", - "uid": "83093a4c-3f5f-433e-8fd4-4a2cc23eead8", - "groups": [ - "system:serviceaccounts", - "system:serviceaccounts:kube-system", - "system:authenticated" - ] - }, - "sourceIPs": [ - "192.168.49.2" - ], - "userAgent": "kube-controller-manager/v1.20.0 (linux/amd64) kubernetes/af46c47/system:serviceaccount:kube-system:generic-garbage-collector", - "responseStatus": { - "metadata": {}, - "code": 200 - }, - "requestReceivedTimestamp": "2021-02-18T08:28:43.237861Z", - "stageTimestamp": "2021-02-18T08:28:43.238551Z", - "annotations": { - "authentication.k8s.io/legacy-token": "system:serviceaccount:kube-system:generic-garbage-collector", - "authorization.k8s.io/decision": "allow", - "authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"system:discovery\" of ClusterRole \"system:discovery\" to Group \"system:authenticated\"" - } -}` -} - -func GetK8sAuditEventMock() (audit.Event, error) { - tmp := audit.Event{} - a := []byte(GetEventAuditMockAsString()) - err := json.Unmarshal(a, &tmp) - - return tmp, err -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sshared/k8sshared_test.go b/vendor/github.com/armosec/capacketsgo/k8sshared/k8sshared_test.go deleted file mode 100644 index 3c4694a7..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sshared/k8sshared_test.go +++ /dev/null @@ -1,44 +0,0 @@ -package k8sshared - -import ( - "encoding/json" - "fmt" - "testing" - - "github.com/armosec/capacketsgo/cautils" -) - -func TestAuditStructure(t *testing.T) { - auditRAW, err := GetK8sAuditEventMock() - - if err != nil { - t.Errorf("failed to get unmarshald mock %v", err.Error()) - } - - audit, err := Newk8sAuditLog("testcluster", "", &auditRAW) - if err != nil { - t.Errorf("failed to create ca-k8s-audit object due to : %v", err.Error()) - } - - res, err := json.Marshal(audit) - if err != nil { - t.Errorf("failed to get marshal audit wrapper %v", err.Error()) - } - - fmt.Printf("\n\nres: %v\n\n", string(res)) - - audit2 := K8sAuditLog{} - - json.Unmarshal(res, &audit2) - - if cautils.AsSHA256(audit2) != cautils.AsSHA256(*audit) { - t.Errorf("failed to get umarshal(marshal audit wrapper)\n========audit2=======\n%v\n\noriginal:\n:%v", audit2, audit) - } - - auditRAW2 := audit2.GetRawK8sEvent() - - if cautils.AsSHA256(*auditRAW2) != cautils.AsSHA256(auditRAW) { - t.Errorf("failed to get raw audit is different from k8s original audit:\nreplacement:\n%v\n\noriginal: %v", *auditRAW2, auditRAW) - } - -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sshared/prefixs.go b/vendor/github.com/armosec/capacketsgo/k8sshared/prefixs.go deleted file mode 100644 index 1ced3c34..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sshared/prefixs.go +++ /dev/null @@ -1,5 +0,0 @@ -package k8sshared - -const ( - K8sAuditLogPrefix = "_k8sAuditLogs" -) diff --git a/vendor/github.com/armosec/capacketsgo/k8sshared/probes/readinessprobe.go b/vendor/github.com/armosec/capacketsgo/k8sshared/probes/readinessprobe.go deleted file mode 100644 index 7902b4a8..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sshared/probes/readinessprobe.go +++ /dev/null @@ -1,25 +0,0 @@ -package probes - -import ( - "fmt" - "net/http" -) - -// server initialization -const ( - ReadinessPath = "readiness" - ReadinessPort = "8000" -) - -// InitReadinessV1 initialize readiness handler -func InitReadinessV1(isReadinessReady *bool) { - http.HandleFunc(fmt.Sprintf("/v1/%s", ReadinessPath), func(w http.ResponseWriter, _ *http.Request) { - if *isReadinessReady { - w.WriteHeader(http.StatusOK) - } else { - w.WriteHeader(http.StatusServiceUnavailable) - } - }, - ) - http.ListenAndServe(":8000", nil) -} diff --git a/vendor/github.com/armosec/capacketsgo/k8sshared/wrappers.go b/vendor/github.com/armosec/capacketsgo/k8sshared/wrappers.go deleted file mode 100644 index 7b0faa25..00000000 --- a/vendor/github.com/armosec/capacketsgo/k8sshared/wrappers.go +++ /dev/null @@ -1,41 +0,0 @@ -package k8sshared - -import ( - "encoding/json" - "fmt" - - k8saudit "k8s.io/apiserver/pkg/apis/audit" -) - -// K8sAuditLog - ARMO audit event wrapper -type K8sAuditLog struct { - CAClusterName string `json:"caClusterName"` - CANamespace string `json:"caNamespace"` - Event json.RawMessage `json:"k8sV1Event"` -} - -//K8sAuditLogs - slice of K8sAuditLog -type K8sAuditLogs []K8sAuditLog - -func (v *K8sAuditLog) Validate() bool { - return len(v.CAClusterName) > 0 -} - -func (v *K8sAuditLog) GetRawK8sEvent() *k8saudit.Event { - tmp := &k8saudit.Event{} - - json.Unmarshal(v.Event, &tmp) - return tmp -} - -func Newk8sAuditLog(cluster, namespace string, auditRAW *k8saudit.Event) (*K8sAuditLog, error) { - - audit := &K8sAuditLog{CAClusterName: cluster, CANamespace: namespace} - b, err := json.Marshal(*auditRAW) - if err != nil { - return nil, fmt.Errorf("failed to marshal audit event, reason: %s", err.Error()) - } - audit.Event = b - - return audit, nil -} diff --git a/vendor/github.com/armosec/capacketsgo/notificationserver/apis.go b/vendor/github.com/armosec/capacketsgo/notificationserver/apis.go deleted file mode 100644 index 232137ce..00000000 --- a/vendor/github.com/armosec/capacketsgo/notificationserver/apis.go +++ /dev/null @@ -1,18 +0,0 @@ -package notificationserver - -// server paths -const ( - PathWebsocketV1 = "/v1/waitfornotification" - PathRESTV1 = "/v1/sendnotification" -) - -const ( - TargetCustomer = "customerGUID" - TargetCluster = "clusterName" - TargetComponent = "clusterComponent" -) - -const ( - TargetComponentPostureValue = "PolicyValidator" - TargetComponentLoggerValue = "Logger" -) diff --git a/vendor/github.com/armosec/capacketsgo/notificationserver/datastructures.go b/vendor/github.com/armosec/capacketsgo/notificationserver/datastructures.go deleted file mode 100644 index 32fd135f..00000000 --- a/vendor/github.com/armosec/capacketsgo/notificationserver/datastructures.go +++ /dev/null @@ -1,8 +0,0 @@ -package notificationserver - -// Notification passed between servers -type Notification struct { - Target map[string]string `json:"target"` - SendSynchronicity bool `json:"sendSynchronicity"` - Notification interface{} `json:"notification"` -} diff --git a/vendor/github.com/armosec/capacketsgo/notificationserver/datastructures_mock.go b/vendor/github.com/armosec/capacketsgo/notificationserver/datastructures_mock.go deleted file mode 100644 index 3492a2d6..00000000 --- a/vendor/github.com/armosec/capacketsgo/notificationserver/datastructures_mock.go +++ /dev/null @@ -1,12 +0,0 @@ -package notificationserver - -func MockNotificationA() *Notification { - return &Notification{ - Target: map[string]string{ - TargetCluster: "", - TargetCustomer: "", - TargetComponent: TargetComponentPostureValue, - }, - Notification: nil, - } -} diff --git a/vendor/github.com/armosec/capacketsgo/notificationserver/edge.go b/vendor/github.com/armosec/capacketsgo/notificationserver/edge.go deleted file mode 100644 index 680723b9..00000000 --- a/vendor/github.com/armosec/capacketsgo/notificationserver/edge.go +++ /dev/null @@ -1,105 +0,0 @@ -package notificationserver - -import ( - "bytes" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - "time" - - "github.com/golang/glog" - "gopkg.in/mgo.v2/bson" -) - -// PushNotificationServer push notification to rest api server. if jsonFormat is set to false, will Marshal useing bson -func PushNotificationServer(edgeURL string, targetMap map[string]string, message interface{}, jsonFormat bool) error { - var err error - - glog.Infof("Pushing notification to: '%s'", edgeURL) - - // setup notification - notf, err := setNotification(targetMap, message, jsonFormat) - if err != nil { - return err - } - - // push notification - client := http.Client{} - for i := 0; i < 3; i++ { - if err = sendCommandToEdge(&client, edgeURL, notf); err == nil { - return nil - } - time.Sleep(1 * time.Second) - err = fmt.Errorf("error sending url: '%s', reason: %s", edgeURL, err.Error()) - } - return err - -} - -// sendCommandToEdge sends the HTTP request -func sendCommandToEdge(client *http.Client, edgeURL string, message []byte) error { - defer func() { - if err := recover(); err != nil { - glog.Errorf("In sendCommandToEdge, recover, reason: %v", err) - } - }() - - req, err := http.NewRequest("POST", edgeURL, bytes.NewReader(message)) - req.Close = true - if err != nil { - return fmt.Errorf("failed to SendCommandToCluster, url: %s, data: %s, reason: %s", edgeURL, string(message), err.Error()) - } - - resp, err := client.Do(req) - if err != nil { - return fmt.Errorf("failed to SendCommandToCluster, url: %s, data: %s, reason: %s", edgeURL, string(message), err.Error()) - } - defer resp.Body.Close() - respStr, err := httpRespToString(resp) - if err != nil { - return fmt.Errorf("failed to SendCommandToCluster, url: %s, data: %s, reason: %s, response: %s", edgeURL, string(message), err.Error(), respStr) - } - return nil -} - -func setNotification(targetMap map[string]string, message interface{}, jsonFormat bool) ([]byte, error) { - notification := Notification{ - Target: targetMap, - Notification: message, - } - - var err error - var m []byte - if jsonFormat { - if m, err = json.Marshal(notification); err != nil { - err = fmt.Errorf("failed marshling message to bson. message: '%v', reason: '%s'", notification, err.Error()) - } - } else { - - if m, err = bson.Marshal(notification); err != nil { - err = fmt.Errorf("failed marshling message to bson. message: '%v', reason: '%s'", notification, err.Error()) - } - } - return m, err -} - -// HTTPRespToString parses the body as string and checks the HTTP status code -func httpRespToString(resp *http.Response) (string, error) { - if resp == nil { - return "", fmt.Errorf("empty response") - } - strBuilder := strings.Builder{} - if resp.ContentLength > 0 { - strBuilder.Grow(int(resp.ContentLength)) - } - _, err := io.Copy(&strBuilder, resp.Body) - if err != nil { - return strBuilder.String(), err - } - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - err = fmt.Errorf("Response status: %d. content: %s", resp.StatusCode, strBuilder.String()) - } - return strBuilder.String(), err -} diff --git a/vendor/github.com/armosec/capacketsgo/ocimage/oaimageapiutils.go b/vendor/github.com/armosec/capacketsgo/ocimage/oaimageapiutils.go deleted file mode 100644 index cf350d0a..00000000 --- a/vendor/github.com/armosec/capacketsgo/ocimage/oaimageapiutils.go +++ /dev/null @@ -1,58 +0,0 @@ -package ocimage - -import ( - "fmt" - "net/url" - "strings" - - "github.com/docker/docker/api/types" - "github.com/golang/glog" -) - -// URLEncoder encode url -func URLEncoder(oldURL string) string { - fullURL := strings.Split(oldURL, "?") - baseURL, err := url.Parse(fullURL[0]) - if err != nil { - return "" - } - - // Prepare Query Parameters - if len(fullURL) > 1 { - params := url.Values{} - queryParams := strings.Split(fullURL[1], "&") - for _, i := range queryParams { - queryParam := strings.Split(i, "=") - val := "" - if len(queryParam) > 1 { - val = queryParam[1] - } - params.Add(queryParam[0], val) - } - baseURL.RawQuery = params.Encode() - } - - return baseURL.String() -} - -// GetSecuredImageID - gets imagename+tag or with full repo, secrets map and returns the imageid -func (ocimg *OCImage) GetSecuredImageID(imageName string, secrets map[string]types.AuthConfig) (string, error) { - glog.Infof("trying to get Img: %v using secrets", imageName) - - for secretName, regAuth := range secrets { - // If server address is known, then try pulling image based on sever address, otherwise try using all secretes - if regAuth.ServerAddress == "" || strings.HasPrefix(imageName, regAuth.ServerAddress) { - glog.Infof("Pulling image '%s' using '%s' secret", imageName, secretName) - - // Pulling image with credentials - imageid, err := ocimg.GetImage(imageName, regAuth.Username, regAuth.Password) - if err == nil { - glog.Infof("Pulling image '%s' using secret succeeded, image id: %s", imageName, imageid) - return imageid, nil - } - - } - } - - return "", fmt.Errorf("failed to pull image '%s' using secrets, secrets: '%v'", imageName, secrets) -} diff --git a/vendor/github.com/armosec/capacketsgo/ocimage/ocimage_test.go b/vendor/github.com/armosec/capacketsgo/ocimage/ocimage_test.go deleted file mode 100644 index 1336320a..00000000 --- a/vendor/github.com/armosec/capacketsgo/ocimage/ocimage_test.go +++ /dev/null @@ -1,109 +0,0 @@ -package ocimage - -// import ( -// "fmt" -// "io" -// "os" -// "testing" -// ) - -// func base(img, usr, pass string) (*OCImage, string, error) { -// baseURL := "http://10.107.26.199:8080" -// oci := MakeOCImage(baseURL) -// imgid, err := oci.GetImage(img, usr, pass) - -// return oci, imgid, err -// } -// func TestGetSingleFile(t *testing.T) { -// fmt.Printf("do nothing") -// oci, imgid, err := base("nginx:latest", "", "") -// if err != nil { -// t.Errorf("can't get image ") -// } -// os, s, err := oci.GetSingleFile(imgid, "/etc/os-release", true) -// if err != nil { -// t.Errorf("couldnt get file %s", err.Error()) -// } -// fmt.Printf("file content: %s\n%s\n", string(os), s) -// t.Errorf("f") -// } - -// func TestManifest(t *testing.T) { -// fmt.Printf("do nothing") -// oci, imgid, err := base("nginx:latest", "", "") -// if err != nil { -// t.Errorf("can't get image ") -// } -// manifest, err := oci.GetManifest(imgid) -// if err != nil { -// t.Errorf("couldnt get file %s", err.Error()) -// } -// fmt.Printf("manifest content: %v\n\n", manifest) -// t.Errorf("f") -// } - -// //gets 404 when no files are found -// func TestMultipleFilesNonExisting(t *testing.T) { -// fmt.Printf("do nothing") -// oci, imgid, err := base("nginx:latest", "", "") -// if err != nil { -// t.Errorf("can't get image ") -// } -// filestar, err := oci.GetMultipleFiles(imgid, []string{"/ethhhc/os-release", "ngjjjinx"}, true, false) -// if err != nil { -// t.Errorf("couldnt get file %s", err.Error()) -// return -// } - -// for { -// tarHdr, err := filestar.Next() -// if err == io.EOF { -// break -// } -// if err != nil { -// t.Errorf("error: %s", err.Error()) -// continue -// } - -// fmt.Printf("Contents of %s:\n", tarHdr.Name) -// if _, err := io.Copy(os.Stdout, filestar); err != nil { -// t.Errorf("error: %s", err.Error()) -// } -// fmt.Printf("%v\n", tarHdr) -// } - -// t.Errorf("f") -// } - -// //gets Symlink mapper as usual (missing files has no key) -// func TestMultipleFilesPartialExisting(t *testing.T) { -// fmt.Printf("do nothing") -// oci, imgid, err := base("nginx:latest", "", "") -// if err != nil { -// t.Errorf("can't get image ") -// } -// filestar, err := oci.GetMultipleFiles(imgid, []string{"/etc/os-release", "ngjjjinx"}, true, false) -// if err != nil { -// t.Errorf("couldnt get file %s", err.Error()) -// return -// } - -// for { -// tarHdr, err := filestar.Next() -// if err == io.EOF { -// break -// } -// if err != nil { -// t.Errorf("error: %s", err.Error()) -// continue -// } - -// fmt.Printf("Contents of %s:\n", tarHdr.Name) -// if _, err := io.Copy(os.Stdout, filestar); err != nil { -// t.Errorf("error: %s", err.Error()) -// } -// fmt.Printf("%v\n", tarHdr) -// } - -// t.Errorf("f") -// } diff --git a/vendor/github.com/armosec/capacketsgo/ocimage/ocimageapi.go b/vendor/github.com/armosec/capacketsgo/ocimage/ocimageapi.go deleted file mode 100644 index ee81dffb..00000000 --- a/vendor/github.com/armosec/capacketsgo/ocimage/ocimageapi.go +++ /dev/null @@ -1,284 +0,0 @@ -package ocimage - -import ( - "archive/tar" - "bytes" - "encoding/json" - "fmt" - "io/ioutil" - "net/http" - "strconv" - "strings" - "time" - - "github.com/golang/glog" -) - -var MAX_RETRIES int = 3 - -// IOCImage - ocimage interface - https://asterix.cyberarmor.io/cyberarmor/ocimage -type IOCImage interface { - GetImage(imageTag, user, password string) (string, error) - GetSingleFile(fileName string, followSymLink bool) ([]byte, string, error) - GetMultipleFiles(fileNames []string, followSymLink, doesExist bool) ([]byte, error) - GetClient() *http.Client - FileList(imageid string, dir string, from int, to int, recursive bool, noDir bool) ([]FileMetadata, error) - Describe(imageID string) (*ImageMetadata, error) -} - -// OCImage - structure, holds url and api version -type OCImage struct { - url string - apiVer string - client *http.Client -} - -func (oci *OCImage) GetClient() *http.Client { - return oci.client -} - -// Init - init -func MakeOCImage(ociURL string) *OCImage { - oci := &OCImage{url: ociURL, apiVer: "v1", client: &http.Client{}} - - return oci -} - -func (oci *OCImage) GetManifest(imageid string) (*OciImageManifest, error) { - - newurl := fmt.Sprintf("%s/%s/images/id/%s/manifest", oci.url, oci.apiVer, imageid) - req, _ := http.NewRequest("GET", newurl, nil) - req.Header.Set("Content-Type", "application/json") - - resp, err := oci.GetClient().Do(req) - if err != nil { - return nil, fmt.Errorf("getting manifest for imageid: %s failed due to: %s", imageid, err.Error()) - } - - defer resp.Body.Close() - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - return nil, fmt.Errorf("getting manifest for imageid: %s failed due to: status code %v %v", imageid, resp.StatusCode, resp.Status) - } - jsonRaw, err := ioutil.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - manifest := OciImageManifest{} - if err := json.Unmarshal(jsonRaw, &manifest); err != nil { - return nil, err - } - - return &manifest, nil -} - -// GetImage - -func (oci *OCImage) GetImage(imageTag, user, password string) (string, error) { - newurl := oci.url + "/" + oci.apiVer + "/images/id" - values := map[string]string{"image": imageTag} - - if len(user) != 0 && len(password) != 0 { - values["username"] = user - values["password"] = password - } - - jsonValue, err := json.Marshal(values) - if err != nil { - return "", fmt.Errorf("failed to marshal getImage request, reason: %s", err.Error()) - } - glog.Infof("OCI GetImage, url: '%s'", newurl) - for i := 0; i < MAX_RETRIES; i++ { - resp, err := http.Post(newurl, "application/json", bytes.NewBuffer(jsonValue)) - if err != nil { - glog.Infof("In GetImage oci, url: '%s', failed. retry: %d, reason: %s", newurl, i, err.Error()) - time.Sleep(1 * time.Second) - continue - } - defer resp.Body.Close() - body, err := ioutil.ReadAll(resp.Body) - if err != nil { - return "", err - } - bodyString := string(body) - if resp.StatusCode >= 200 && resp.StatusCode < 300 { - return bodyString, nil - } else { - glog.Errorf("requesting: %v - will retry error (%s): %s", newurl, resp.Status, bodyString) - } - } - - return "", fmt.Errorf("request '%s' failed, reason: max retries exceeded", newurl) -} - -// FileList - ls = the containerized version -func (oci *OCImage) FileList(imageid string, dir string, from int, to int, recursive bool, noDir bool) ([]FileMetadata, error) { - newurl := oci.url + "/" + oci.apiVer + "/images/id/" + imageid + "/list" - fmt.Printf("%v %v %v %v %v %v $v", newurl, dir, from, to, recursive, noDir) - var slashwrist []FileMetadata - - req, _ := http.NewRequest("GET", newurl, nil) - req.Header.Add("Accept", "application/json") - q := req.URL.Query() - if len(dir) > 0 { - q.Add("dir", dir) - } - if from < to || to == -1 { - fromstr := strconv.Itoa(from) - tostr := strconv.Itoa(to) - q.Add("from", fromstr) - q.Add("to", tostr) - } - - q.Add("recursive", strconv.FormatBool(recursive)) - q.Add("no_dir", strconv.FormatBool(noDir)) - req.URL.RawQuery = q.Encode() - - glog.Infof("OCI FileList, url: '%s'", req.URL.String()) - - for i := 0; i < MAX_RETRIES; i++ { - resp, err := oci.GetClient().Do(req) - - if err != nil { - glog.Errorf("requesting: %v - will retry error: %v", newurl, err.Error()) - } - defer resp.Body.Close() - if respBody, err := ioutil.ReadAll(resp.Body); err == nil { - if resp.StatusCode >= 200 && resp.StatusCode < 300 { - if err := json.Unmarshal(respBody, &slashwrist); err != nil { - return slashwrist, fmt.Errorf("failed to marshal fileList response, reason: %s", err.Error()) - } - return slashwrist, nil - } else { - glog.Errorf("requesting: %v - will retry error (%s): %s", newurl, resp.Status, respBody) - } - } else { - glog.Errorf("requesting: %v - will retry error: %v", newurl, err.Error()) - } - - } - return nil, fmt.Errorf("request '%s' failed, reason: max retries exceeded", newurl) - -} - -// Describe - -func (oci *OCImage) Describe(imageid string) (ImageMetadata, error) { - newurl := oci.url + "/" + oci.apiVer + "/images/id/" + imageid - glog.Infof("OCI Describe, url: '%s'", newurl) - - var slashwrist ImageMetadata - - req, _ := http.NewRequest("GET", newurl, nil) - req.Header.Add("Accept", "application/json") - for i := 0; i < MAX_RETRIES; i++ { - resp, err := oci.GetClient().Do(req) - if err == nil { - defer resp.Body.Close() - if respBody, err := ioutil.ReadAll(resp.Body); err == nil { - if err := json.Unmarshal(respBody, &slashwrist); err != nil { - return slashwrist, fmt.Errorf("failed to unmarshal describe response, reason: %s", err.Error()) - } - return slashwrist, nil - } else { - glog.Errorf("requesting: %s - will retry error: %v", newurl, err.Error()) - } - } else { - glog.Errorf("requesting: %s - will retry error: %v", newurl, err.Error()) - } - } - - return slashwrist, fmt.Errorf("request '%s' failed, reason: max retries exceeded", newurl) - -} - -func (oci *OCImage) GetMultipleFiles(imageid string, fileNames []string, followSymLink, doesExist bool) (*tar.Reader, error) { - - if len(fileNames) == 0 || len(imageid) == 0 { - return nil, fmt.Errorf("bad usage: u must specify non-empty filelist and imageid ") - } - newurl := oci.url + "/" + oci.apiVer + "/images/id/" + imageid + "/files" - - req, err := http.NewRequest("GET", newurl, nil) - if err != nil { - return nil, err - } - req.Header.Add("Accept", "octet-stream") - - q := req.URL.Query() - q.Add("followSymLink", strconv.FormatBool(followSymLink)) - q.Add("doesExist", strconv.FormatBool(doesExist)) - for _, filename := range fileNames { - q.Add("file", filename) - } - req.URL.RawQuery = q.Encode() - - resp, err := oci.GetClient().Do(req) - if err != nil { - err = fmt.Errorf("error requesting file '%s' from server reason: %s", fileNames, err.Error()) - glog.Errorf(err.Error()) - return nil, err - } - if resp.StatusCode < 200 || resp.StatusCode >= 300 { - - return nil, fmt.Errorf("error has occurred: " + resp.Status) - } - defer resp.Body.Close() - data, err := ioutil.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("error: failed to read imageid %s files requested %v due to %s", imageid, fileNames, err.Error()) - } - reader := bytes.NewReader(data) - filestar := tar.NewReader(reader) - - return filestar, nil -} - -// GetFile - -func (oci *OCImage) GetSingleFile(imageid string, filepath string, followSymLink bool) ([]byte, string, error) { - newurl := oci.url + "/" + oci.apiVer + "/images/id/" + imageid + "/files/" + filepath - - glog.Infof("Requesting from OCI: '%s'", newurl) - var slashwrist []byte - - client := &http.Client{} - - req, err := http.NewRequest("GET", newurl, nil) - if err != nil { - return slashwrist, "", err - } - req.Header.Add("Accept", "octet-stream") - - q := req.URL.Query() - q.Add("followSymLink", strconv.FormatBool(followSymLink)) - req.URL.RawQuery = q.Encode() - resp, err := client.Do(req) - if err != nil { - err = fmt.Errorf("error requesting file '%s' from server reason: %s", filepath, err.Error()) - glog.Errorf(err.Error()) - return slashwrist, "", err - } - if resp.StatusCode != http.StatusOK { - - return slashwrist, "error has occurred: " + resp.Status, fmt.Errorf("error has occurred: " + resp.Status) - } - defer resp.Body.Close() - respBody, err := ioutil.ReadAll(resp.Body) - - return respBody, "success", err - -} - -// GetFile - -func (oci *OCImage) GetFileWithRetries(imageid string, filepath string, followSymLink bool) ([]byte, string, error) { - retry := 0 - for { - respBody, status, err := oci.GetSingleFile(imageid, filepath, followSymLink) - if err != nil && strings.Contains(err.Error(), "EOF") && retry < MAX_RETRIES { - glog.Warningf("Request: '%s', received 'EOF'. Retying", filepath) - retry++ - time.Sleep(1 * time.Second) - } else { - return respBody, status, err - } - - } -} diff --git a/vendor/github.com/armosec/capacketsgo/ocimage/ocimageapi_mock.go b/vendor/github.com/armosec/capacketsgo/ocimage/ocimageapi_mock.go deleted file mode 100644 index 43420c0f..00000000 --- a/vendor/github.com/armosec/capacketsgo/ocimage/ocimageapi_mock.go +++ /dev/null @@ -1,45 +0,0 @@ -package ocimage - -import ( - "encoding/json" - "strings" -) - -// import "encoding/json" - -// OCImageMock - -type OCImageMock struct { -} - -// GetImage - -func (ocim *OCImageMock) GetImage(imageTag, user, password string) (string, error) { - return "5ac6aae02c212cafb36e853dcfe366bac4b1c1097fe8c10c923842f09c8bf7e4", nil - -} - -// // FileList - mock -func (ocim *OCImageMock) FileList(imageid string, dir string, from int, to int, recursive bool, noDir bool) ([]FileMetadata, error) { - listOfFiles := []FileMetadata{} - list := `[{"isSymbolicLink":false,"layer":"sha256:f010348cae17a90a12165366416cb15c9606ea63a3735f9d967b843d33865f31","link":"","name":"etc/nginx","path":"etc/nginx","permissions":"0o40755"},{"isSymbolicLink":false,"layer":"sha256:1ce95ec4847ff9d80847f0a1836135255742c2160bc4ba52c829dfbc68a93291","link":"","name":"etc/apk","path":"etc/apk","permissions":"0o40755"},{"isSymbolicLink":false,"layer":"sha256:62bed320c887a0e141341a598b3a754c288bc91a15e66c7e1d10a941f63bc0c1","link":"","name":"etc/supervisor.d","path":"etc/supervisor.d","permissions":"0o40755"}]` - json.Unmarshal([]byte(list), &listOfFiles) - return listOfFiles, nil -} - -// // Describe - -func (ocim *OCImageMock) Describe(imageID string) (*ImageMetadata, error) { - imageData := &ImageMetadata{} - id := `{"architecture":"amd64","info":{"architecture":"amd64","config":{"ArgsEscaped":true,"AttachStderr":false,"AttachStdin":false,"AttachStdout":false,"Cmd":["/nginx"],"Domainname":"","Entrypoint":["/entrypoint.sh"],"Env":["PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","LANG=C.UTF-8","GPG_KEY=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D","PYTHON_VERSION=3.6.5","PYTHON_PIP_VERSION=10.0.1","NGINX_VERSION=1.13.8","UWSGI_INI=/app/uwsgi.ini","UWSGI_CHEAPER=2","UWSGI_PROCESSES=16","NGINX_MAX_UPLOAD=0","NGINX_WORKER_PROCESSES=1","LISTEN_PORT=80","STATIC_URL=/static","STATIC_PATH=/app/static","STATIC_INDEX=0","PYTHONPATH=/app"],"ExposedPorts":{"443/tcp":{},"80/tcp":{}},"Hostname":"d98c43c06009","Image":"sha256:66531c940f46ea26a1db3c63583058b56f97b2e85f83feaa2a41b8e58e702419","Labels":{"maintainer":"Sebastian Ramirez "},"OnBuild":[],"OpenStdin":false,"StdinOnce":false,"Tty":false,"User":"","Volumes":null,"WorkingDir":"/app"},"container":"8086c88edd59db391d40b0bd6463e6521ccf6e7ec97ccb4aa236d6612cebec1c","container_config":{"ArgsEscaped":true,"AttachStderr":false,"AttachStdin":false,"AttachStdout":false,"Cmd":["/bin/sh","-c","#(nop) COPY file:3f7d33a0228dc7f9feb6b386b9cac9f2730d691a447399a8c1ae2755e8477312 in /app/. "],"Domainname":"","Entrypoint":["/entrypoint.sh"],"Env":["PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","LANG=C.UTF-8","GPG_KEY=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D","PYTHON_VERSION=3.6.5","PYTHON_PIP_VERSION=10.0.1","NGINX_VERSION=1.13.8","UWSGI_INI=/app/uwsgi.ini","UWSGI_CHEAPER=2","UWSGI_PROCESSES=16","NGINX_MAX_UPLOAD=0","NGINX_WORKER_PROCESSES=1","LISTEN_PORT=80","STATIC_URL=/static","STATIC_PATH=/app/static","STATIC_INDEX=0","PYTHONPATH=/app"],"ExposedPorts":{"443/tcp":{},"80/tcp":{}},"Hostname":"d98c43c06009","Image":"sha256:66531c940f46ea26a1db3c63583058b56f97b2e85f83feaa2a41b8e58e702419","Labels":{"maintainer":"Sebastian Ramirez "},"OnBuild":[],"OpenStdin":false,"StdinOnce":false,"Tty":false,"User":"","Volumes":null,"WorkingDir":"/app"},"created":"2018-11-25T11:37:00.787977594Z","docker_version":"1.13.1","id":"4944f7cd6bdbabd69dfde3efe800f996a43a373db9a5a07824ee30b908f61bfb","os":"linux","parent":"080f106513ef7ac9a5375e22ae6e56584bf745e401fbb21dd54d7fcf22ef8570"},"name":"signer","schemaVersion":1,"signatures":[{"header":{"alg":"ES256","jwk":{"crv":"P-256","kid":"W5FE:S6CL:XC37:EVE5:HSZD:OODU:4KWZ:WEIM:RRNN:MKXO:IO6H:Y7N4","kty":"EC","x":"DpcaARFTpltBfJ4cAGdE9Gp9AO2dEogJRBsWC9A2My0","y":"OTD5zOUaIa1bldgfGhVSpve-Urfxcpl1QS35hSBQoXQ"}},"protected":"eyJmb3JtYXRMZW5ndGgiOjM5MTc4LCJmb3JtYXRUYWlsIjoiQ24wIiwidGltZSI6IjIwMjAtMDUtMTRUMDc6NTc6MTBaIn0","signature":"hWCo_ezuNNz4e3M1opkK4Mrh9XcQE3K69ppL9_aboFaIPDzJWCZh2yt4zX4rM3dT3-2lLYuurFqgvw4dwLaJ4g"}],"tag":"70"}` - json.Unmarshal([]byte(id), imageData) - return imageData, nil -} - -func (ocim *OCImageMock) GetSingleFile(fileName string, followSymLink bool) ([]byte, string, error) { - if strings.Contains(fileName, "-release") { - os := []byte("PRETTY_NAME=\"Debian GNU/Linux 10 (buster)\"\nNAME=\"Debian GNU/Linux\"\nVERSION_ID=\"10\"\nVERSION=\"10 (buster)\"\nVERSION_CODENAME=buster\nID=debian\nHOME_URL=\"https://www.debian.org/\"\nSUPPORT_URL=\"https://www.debian.org/support\"\nBUG_REPORT_URL=\"https://bugs.debian.org/\"\n") - - return os, "os", nil - } - - nginx := []byte("# Defaults for nginx initscript\n# sourced by /etc/init.d/nginx\n\n# Additional options that are passed to nginx\nDAEMON_ARGS=\"\"\n") - return nginx, "nginxscript", nil -} diff --git a/vendor/github.com/armosec/capacketsgo/ocimage/ocimagetypes.go b/vendor/github.com/armosec/capacketsgo/ocimage/ocimagetypes.go deleted file mode 100644 index edc2ae93..00000000 --- a/vendor/github.com/armosec/capacketsgo/ocimage/ocimagetypes.go +++ /dev/null @@ -1,116 +0,0 @@ -package ocimage - -import "github.com/docker/docker/api/types/container" - -// FileMetadata file metatdata -type FileMetadata struct { - IsSymbolicLink bool `json:"isSymbolicLink"` - Layer string `json:"layer"` - Link string `json:"link"` - Name string `json:"name"` - Path string `json:"path"` - Permissions string `json:"permissions"` -} - -// ImageMetadata image metatdata -type ImageMetadata struct { - Tag string `json:"tag"` - Name string `json:"name"` - Architecture string `json:"architecture"` - SchemaVersion int `json:"naschemaVersionme"` - Info ImageMetaInfo `json:"info"` - Signatures []ImageMetaSignature `json:"signatures"` -} - -// ImageMetaInfo - -type ImageMetaInfo struct { - ID string `json:"id,omitempty"` - Os string `json:"os,omitempty"` - Parent string `json:"parent,omitempty"` - Created string `json:"created,omitempty"` - Container string `json:"container,omitempty"` - Architecture string `json:"architecture,omitempty"` - Config *container.Config `json:"config,omitempty"` - ContainerConfig *container.Config `json:"container_config,omitempty"` -} - -// // ContainerInfo - -// type ContainerInfo struct { -// Tty bool `json:"Tty,omitempty"` -// ArgsEscaped bool `json:"ArgsEscaped,omitempty"` -// AttachStderr bool `json:"AttachStderr,omitempty"` -// AttachStdin bool `json:"AttachStdin,omitempty"` -// AttachStdout bool `json:"AttachStdout,omitempty"` -// OpenStdin bool `json:"OpenStdin,omitempty"` -// StdinOnce bool `json:"StdinOnce,omitempty"` -// User string `json:"User,omitempty"` -// Image string `json:"Image"` -// Hostname string `json:"Hostname,omitempty"` -// Domainname string `json:"Domainname,omitempty"` -// WorkingDir string `json:"WorkingDir,omitempty"` -// Cmd []string `json:"Cmd"` -// Env []string `json:"Env,omitempty"` -// Entrypoint []string `json:"Entrypoint"` -// Volumes interface{} `json:"Volumes,omitempty"` -// OnBuild []interface{} `json:"OnBuild,omitempty"` -// Labels map[string]string `json:"Labels,omitempty"` -// ExposedPorts map[string]interface{} `json:"ExposedPorts,omitempty"` -// } - -// ImageMetaSignature - -type ImageMetaSignature struct { - Protected string `json:"protected,omitempty"` - Signature string `json:"signature,omitempty"` - Header SignatureHeader `json:"header,omitempty"` -} - -// SignatureHeader - -type SignatureHeader struct { - Alg string `json:"alg,omitempty"` - Jwk HeaderJwk `json:"jwk,omitempty"` -} - -// HeaderJwk - -type HeaderJwk struct { - Crv string `json:"crv,omitempty"` - Kid string `json:"kid,omitempty"` - Kty string `json:"kty,omitempty"` - X string `json:"x,omitempty"` - Y string `json:"y,omitempty"` -} - -type OciImageManifestConfig struct { - Digest string `json:"digest"` - MediaType string `json:"mediaType"` - Size int `json:"size"` -} - -type OciImageManifestRequestOptions struct { - AllowRedirects bool `json:"allow_redirects"` - Stream bool `json:"stream"` - Verify bool `json:"verify"` - Headers map[string]string `json:"headers"` -} - -type OciImageManifestLayer struct { - Digest string `json:"digest"` - DownloadPath string `json:"dlPath"` - MediaType string `json:"mediaType"` - Size int `json:"size"` - RequestOptions OciImageManifestRequestOptions `json:"request_options"` -} - -type OciImageManifest struct { - Config OciImageManifestConfig `json:"config"` - Layers []OciImageManifestLayer `json:"layers"` -} - -//{"isSymbolicLink":false,"layer":"sha256:86b54f4b6a4ebee33338eb7c182a9a3d51a69cce1eb9af95a992f4da8eabe3be","link":"","name":"var/lib/dpkg/info/libdbus-1-3.list","path":"var/lib/dpkg/info/libdbus-1-3.list","permissions":"0o100644"}, -type OciImageFsEntry struct { - IsSymbolicLink bool `json:"isSymbolicLink"` - Layer string `json:"layer"` - Link string `json:"link"` - Name string `json:"name"` - Path string `json:"path"` - Permissions string `json:"permissions"` -} diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/apis.go b/vendor/github.com/armosec/capacketsgo/opapolicy/apis.go deleted file mode 100644 index 758cca1f..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/apis.go +++ /dev/null @@ -1,7 +0,0 @@ -package opapolicy - -const ( - PostureRestAPIPathV1 = "/v1/posture" - PostureRedisPrefix = "_postureReportv1" - K8sPostureNotification = "/k8srestapi/v1/newPostureReport" -) diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/datastructures.go b/vendor/github.com/armosec/capacketsgo/opapolicy/datastructures.go deleted file mode 100644 index ff776e99..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/datastructures.go +++ /dev/null @@ -1,150 +0,0 @@ -package opapolicy - -import ( - "time" - - armotypes "github.com/armosec/capacketsgo/armotypes" -) - -type AlertScore float32 -type RuleLanguages string - -const ( - RegoLanguage RuleLanguages = "Rego" - RegoLanguage2 RuleLanguages = "rego" -) - -// RegoResponse the expected response of single run of rego policy -type RuleResponse struct { - AlertMessage string `json:"alertMessage"` - PackageName string `json:"packagename"` - AlertScore AlertScore `json:"alertScore"` - // AlertObject AlertObject `json:"alertObject"` - AlertObject AlertObject `json:"alertObject"` // TODO - replace interface to AlertObject - Context []string `json:"context"` // TODO - Remove - Rulename string `json:"rulename"` // TODO - Remove - ExceptionName string `json:"exceptionName"` -} - -type AlertObject struct { - K8SApiObjects []map[string]interface{} `json:"k8sApiObjects,omitempty"` - ExternalObjects []map[string]interface{} `json:"externalObjects,omitempty"` -} - -type FrameworkReport struct { - Name string `json:"name"` - ControlReports []ControlReport `json:"controlReports"` -} -type ControlReport struct { - Name string `json:"name"` - RuleReports []RuleReport `json:"ruleReports"` - Remediation string `json:"remediation"` - Description string `json:"description"` -} -type RuleReport struct { - Name string `json:"name"` - Remediation string `json:"remediation"` - RuleStatus RuleStatus `json:"ruleStatus"` - RuleResponses []RuleResponse `json:"ruleResponses"` - NumOfResources int -} -type RuleStatus struct { - Status string `json:"status"` - Message string `json:"message"` -} - -// PostureReport -type PostureReport struct { - CustomerGUID string `json:"customerGUID"` - ClusterName string `json:"clusterName"` - ReportID string `json:"reportID"` - JobID string `json:"jobID"` - ReportGenerationTime time.Time `json:"generationTime"` - FrameworkReports []FrameworkReport `json:"frameworks"` -} - -// RuleMatchObjects defines which objects this rule applied on -type RuleMatchObjects struct { - APIGroups []string `json:"apiGroups"` // apps - APIVersions []string `json:"apiVersions"` // v1/ v1beta1 / * - Resources []string `json:"resources"` // dep.., pods, -} - -// RuleMatchObjects defines which objects this rule applied on -type RuleDependency struct { - PackageName string `json:"packageName"` // package name -} - -// PolicyRule represents single rule, the fundamental executable block of policy -type PolicyRule struct { - armotypes.PortalBase `json:",inline"` - CreationTime string `json:"creationTime"` - Rule string `json:"rule"` // multiline string! - RuleLanguage RuleLanguages `json:"ruleLanguage"` - Match []RuleMatchObjects `json:"match"` - RuleDependencies []RuleDependency `json:"ruleDependencies"` - Description string `json:"description"` - Remediation string `json:"remediation"` - RuleQuery string `json:"ruleQuery"` // default "armo_builtins" - DEPRECATED -} - -// Control represents a collection of rules which are combined together to single purpose -type Control struct { - armotypes.PortalBase `json:",inline"` - CreationTime string `json:"creationTime"` - Description string `json:"description"` - Remediation string `json:"remediation"` - Rules []PolicyRule `json:"rules"` - // for new list of rules in POST/UPADTE requests - RulesIDs *[]string `json:"rulesIDs,omitempty"` -} - -type UpdatedControl struct { - Control `json:",inline"` - Rules []interface{} `json:"rules"` -} - -// Framework represents a collection of controls which are combined together to expose comprehensive behavior -type Framework struct { - armotypes.PortalBase `json:",inline"` - CreationTime string `json:"creationTime"` - Description string `json:"description"` - Controls []Control `json:"controls"` - // for new list of controls in POST/UPADTE requests - ControlsIDs *[]string `json:"controlsIDs,omitempty"` -} - -type UpdatedFramework struct { - Framework `json:",inline"` - Controls []interface{} `json:"controls"` -} - -type NotificationPolicyType string -type NotificationPolicyKind string - -// Supported NotificationTypes -const ( - TypeValidateRules NotificationPolicyType = "validateRules" - TypeExecPostureScan NotificationPolicyType = "execPostureScan" - TypeUpdateRules NotificationPolicyType = "updateRules" -) - -// Supported NotificationKinds -const ( - KindFramework NotificationPolicyKind = "Framework" - KindControl NotificationPolicyKind = "Control" - KindRule NotificationPolicyKind = "Rule" -) - -type PolicyNotification struct { - NotificationType NotificationPolicyType `json:"notificationType"` - Rules []PolicyIdentifier `json:"rules"` - ReportID string `json:"reportID"` - JobID string `json:"jobID"` - Designators armotypes.PortalDesignator `json:"designators"` -} - -type PolicyIdentifier struct { - Kind NotificationPolicyKind `json:"kind"` - Name string `json:"name"` -} diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/datastructures_mock.go b/vendor/github.com/armosec/capacketsgo/opapolicy/datastructures_mock.go deleted file mode 100644 index 8f15a6c8..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/datastructures_mock.go +++ /dev/null @@ -1,300 +0,0 @@ -package opapolicy - -import ( - "time" - - armotypes "github.com/armosec/capacketsgo/armotypes" -) - -// Mock A -var ( - AMockCustomerGUID = "5d817063-096f-4d91-b39b-8665240080af" - AMockJobID = "36b6f9e1-3b63-4628-994d-cbe16f81e9c7" - AMockReportID = "2c31e4da-c6fe-440d-9b8a-785b80c8576a" - AMockClusterName = "clusterA" - AMockFrameworkName = "testFrameworkA" - AMockControlName = "testControlA" - AMockRuleName = "testRuleA" - AMockPortalBase = *armotypes.MockPortalBase(AMockCustomerGUID, "", nil) -) - -func MockRuleResponseA() *RuleResponse { - return &RuleResponse{ - AlertMessage: "test alert message A", - AlertScore: 0, - Rulename: AMockRuleName, - PackageName: "test.package.name.A", - Context: []string{}, - } -} - -func MockFrameworkReportA() *FrameworkReport { - return &FrameworkReport{ - Name: AMockFrameworkName, - ControlReports: []ControlReport{ - { - Name: AMockControlName, - RuleReports: []RuleReport{ - { - Name: AMockRuleName, - Remediation: "remove privilegedContainer: True flag from your pod spec", - RuleResponses: []RuleResponse{ - *MockRuleResponseA(), - }, - }, - }, - }, - }, - } -} - -func MockPostureReportA() *PostureReport { - return &PostureReport{ - CustomerGUID: AMockCustomerGUID, - ClusterName: AMockClusterName, - ReportID: AMockReportID, - JobID: AMockJobID, - ReportGenerationTime: time.Now().UTC(), - FrameworkReports: []FrameworkReport{*MockFrameworkReportA()}, - } -} - -func MockFrameworkA() *Framework { - return &Framework{ - PortalBase: *armotypes.MockPortalBase("aaaaaaaa-096f-4d91-b39b-8665240080af", AMockFrameworkName, nil), - CreationTime: "", - Description: "mock framework descryption", - Controls: []Control{ - { - PortalBase: *armotypes.MockPortalBase("aaaaaaaa-aaaa-4d91-b39b-8665240080af", AMockControlName, nil), - Rules: []PolicyRule{ - *MockRuleA(), - }, - }, - }, - } -} - -func MockRuleUntrustedRegistries() *PolicyRule { - return &PolicyRule{ - PortalBase: *armotypes.MockPortalBase("aaaaaaaa-aaaa-aaaa-b39b-8665240080af", AMockControlName, nil), - Rule: ` -package armo_builtins -# Check for images from blacklisted repos - -untrusted_registries(z) = x { - x := ["015253967648.dkr.ecr.eu-central-1.amazonaws.com/"] -} - -public_registries(z) = y{ - y := ["quay.io/kiali/","quay.io/datawire/","quay.io/keycloak/","quay.io/bitnami/"] -} - -untrustedImageRepo[msga] { - pod := input[_] - k := pod.kind - k == "Pod" - container := pod.spec.containers[_] - image := container.image - repo_prefix := untrusted_registries(image)[_] - startswith(image, repo_prefix) - selfLink := pod.metadata.selfLink - containerName := container.name - - msga := { - "alertMessage": sprintf("image '%v' in container '%s' in [%s] comes from untrusted registry", [image, containerName, selfLink]), - "alert": true, - "prevent": false, - "alertScore": 2, - "alertObject": [{"pod":pod}] - } -} - -untrustedImageRepo[msga] { - pod := input[_] - k := pod.kind - k == "Pod" - container := pod.spec.containers[_] - image := container.image - repo_prefix := public_registries(image)[_] - startswith(pod, repo_prefix) - selfLink := input.metadata.selfLink - containerName := container.name - - msga := { - "alertMessage": sprintf("image '%v' in container '%s' in [%s] comes from public registry", [image, containerName, selfLink]), - "alert": true, - "prevent": false, - "alertScore": 1, - "alertObject": [{"pod":pod}] - } -} - `, - RuleLanguage: RegoLanguage, - Match: []RuleMatchObjects{ - { - APIVersions: []string{"v1"}, - APIGroups: []string{"*"}, - Resources: []string{"pods"}, - }, - }, - RuleDependencies: []RuleDependency{ - { - PackageName: "kubernetes.api.client", - }, - }, - } -} - -func MockRuleA() *PolicyRule { - return &PolicyRule{ - PortalBase: *armotypes.MockPortalBase("aaaaaaaa-aaaa-aaaa-b39b-8665240080af", AMockControlName, nil), - Rule: MockRegoPrivilegedPods(), // - RuleLanguage: RegoLanguage, - Match: []RuleMatchObjects{ - { - APIVersions: []string{"v1"}, - APIGroups: []string{"*"}, - Resources: []string{"pods"}, - }, - }, - RuleDependencies: []RuleDependency{ - { - PackageName: "kubernetes.api.client", - }, - }, - } -} - -func MockRuleB() *PolicyRule { - return &PolicyRule{ - PortalBase: *armotypes.MockPortalBase("bbbbbbbb-aaaa-aaaa-b39b-8665240080af", AMockControlName, nil), - Rule: MockExternalFacingService(), // - RuleLanguage: RegoLanguage, - Match: []RuleMatchObjects{ - { - APIVersions: []string{"v1"}, - APIGroups: []string{""}, - Resources: []string{"pods"}, - }, - }, - RuleDependencies: []RuleDependency{ - { - PackageName: "kubernetes.api.client", - }, - }, - } -} - -func MockPolicyNotificationA() *PolicyNotification { - return &PolicyNotification{ - NotificationType: TypeExecPostureScan, - ReportID: AMockReportID, - JobID: AMockJobID, - Designators: armotypes.PortalDesignator{}, - Rules: []PolicyIdentifier{ - { - Kind: KindFramework, - Name: AMockFrameworkName, - }}, - } -} - -func MockTemp() string { - return ` - package armo_builtins - import data.kubernetes.api.client as client - deny[msga] { - #object := input[_] - object := client.query_all("pods") - obj := object.body.items[_] - msga := { - "packagename": "armo_builtins", - "alertMessage": "found object", - "alertScore": 3, - "alertObject": {"object": obj}, - } - } - ` -} - -func MockRegoPrivilegedPods() string { - return `package armo_builtins - - import data.kubernetes.api.client as client - - # Deny mutating action unless user is in group owning the resource - - #privileged pods - deny[msga] { - - pod := input[_] - containers := pod.spec.containers[_] - containers.securityContext.privileged == true - msga := { - "packagename": "armo_builtins", - "alertMessage": sprintf("the following pods are defined as privileged: %v", [pod]), - "alertScore": 3, - "alertObject": pod, - } - } - - #handles majority of workload resources - deny[msga] { - wl := input[_] - spec_template_spec_patterns := {"Deployment","ReplicaSet","DaemonSet","StatefulSet","Job"} - spec_template_spec_patterns[wl.kind] - containers := wl.spec.template.spec.containers[_] - containers.securityContext.privileged == true - msga := { - "packagename": "armo_builtins", - "alertMessage": sprintf("the following workloads are defined as privileged: %v", [wl]), - "alertScore": 3, - "alertObject": wl, - } - } - - #handles cronjob - deny[msga] { - wl := input[_] - wl.kind == "CronJob" - containers := wl.spec.jobTemplate.spec.template.spec.containers[_] - containers.securityContext.privileged == true - msga := { - "packagename": "armo_builtins", - "alertMessage": sprintf("the following cronjobs are defined as privileged: %v", [wl]), - "alertScore": 3, - "alertObject": wl, - } - } - ` -} - -func MockExternalFacingService() string { - return "\n\tpackage armo_builtins\n\n\timport data.kubernetes.api.client as client\n\timport data.cautils as cautils\n\ndeny[msga] {\n\n\twl := input[_]\n\tcluster_resource := client.query_all(\n\t\t\"services\"\n\t)\n\n\tlabels := wl.metadata.labels\n\tfiltered_labels := json.remove(labels, [\"pod-template-hash\"])\n \n#service := cluster_resource.body.items[i]\nservices := [svc | cluster_resource.body.items[i].metadata.namespace == wl.metadata.namespace; svc := cluster_resource.body.items[i]]\nservice := services[_]\nnp_or_lb := {\"NodePort\", \"LoadBalancer\"}\nnp_or_lb[service.spec.type]\ncautils.is_subobject(service.spec.selector,filtered_labels)\n\n msga := {\n\t\t\"alertMessage\": sprintf(\"%v pod %v expose external facing service: %v\",[wl.metadata.namespace, wl.metadata.name, service.metadata.name]),\n\t\t\"alertScore\": 2,\n\t\t\"packagename\": \"armo_builtins\",\n\t\t\"alertObject\": {\"srvc\":service}\n\t}\n}\n\t" -} -func GetRuntimePods() string { - return ` - package armo_builtins - - import data.kubernetes.api.client as client - - -deny[msga] { - - - cluster_resource := client.query_all( - "pods" - ) - - pod := cluster_resource.body.items[i] - msga := { - "alertMessage": "got something", - "alertScore": 2, - "packagename": "armo_builtins", - "alertObject": {"pod": pod} - } -} - - ` -} diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/datastructures_test.go b/vendor/github.com/armosec/capacketsgo/opapolicy/datastructures_test.go deleted file mode 100644 index 4ee1709b..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/datastructures_test.go +++ /dev/null @@ -1,42 +0,0 @@ -package opapolicy - -import ( - "encoding/json" - "testing" -) - -func TestMockPolicyNotificationA(t *testing.T) { - policy := MockPolicyNotificationA() - bp, err := json.Marshal(policy) - if err != nil { - t.Error(err) - } else { - t.Logf("%s\n", string(bp)) - // t.Errorf("%s\n", string(bp)) - } - -} - -func TestMockFrameworkA(t *testing.T) { - policy := MockFrameworkA() - bp, err := json.Marshal(policy) - if err != nil { - t.Error(err) - } else { - t.Logf("%s\n", string(bp)) - // t.Errorf("%s\n", string(bp)) - } - -} - -func TestMockPostureReportA(t *testing.T) { - policy := MockPostureReportA() - bp, err := json.Marshal(policy) - if err != nil { - t.Error(err) - } else { - // t.Errorf("%s\n", string(bp)) - t.Logf("%s\n", string(bp)) - } - -} diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/datastructuresmethods.go b/vendor/github.com/armosec/capacketsgo/opapolicy/datastructuresmethods.go deleted file mode 100644 index ce8a3a42..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/datastructuresmethods.go +++ /dev/null @@ -1,89 +0,0 @@ -package opapolicy - -import ( - "bytes" - "encoding/json" - "fmt" - - "github.com/armosec/armopa/rego" - "github.com/golang/glog" -) - -func (pn *PolicyNotification) ToJSONBytesBuffer() (*bytes.Buffer, error) { - res, err := json.Marshal(pn) - if err != nil { - return nil, err - } - return bytes.NewBuffer(res), err -} - -func (ruleReport *RuleReport) GetRuleStatus() (string, []RuleResponse, []RuleResponse) { - if len(ruleReport.RuleResponses) == 0 { - return "success", nil, nil - } - exceptions := make([]RuleResponse, 0) - failed := make([]RuleResponse, 0) - - for _, rule := range ruleReport.RuleResponses { - if rule.ExceptionName != "" { - failed = append(failed, rule) - } else { - exceptions = append(exceptions, rule) - } - } - - status := "failed" - if len(failed) == 0 && len(exceptions) > 0 { - status = "warning" - } - return status, failed, exceptions -} -func ParseRegoResult(regoResult *rego.ResultSet) ([]RuleResponse, error) { - var errs error - ruleResponses := []RuleResponse{} - for _, result := range *regoResult { - for desicionIdx := range result.Expressions { - if resMap, ok := result.Expressions[desicionIdx].Value.(map[string]interface{}); ok { - for objName := range resMap { - jsonBytes, err := json.Marshal(resMap[objName]) - if err != nil { - err = fmt.Errorf("in parseRegoResult, json.Marshal failed. name: %s, obj: %v, reason: %s", objName, resMap[objName], err) - glog.Error(err) - errs = fmt.Errorf("%s\n%s", errs, err) - continue - } - desObj := make([]RuleResponse, 0) - if err := json.Unmarshal(jsonBytes, &desObj); err != nil { - err = fmt.Errorf("in parseRegoResult, json.Unmarshal failed. name: %s, obj: %v, reason: %s", objName, resMap[objName], err) - glog.Error(err) - errs = fmt.Errorf("%s\n%s", errs, err) - continue - } - ruleResponses = append(ruleResponses, desObj...) - } - } - } - } - return ruleResponses, errs -} - -func (controlReport *ControlReport) GetNumberOfResources() int { - sum := 0 - for i := range controlReport.RuleReports { - sum += controlReport.RuleReports[i].NumOfResources - } - return sum -} - -func (controlReport *ControlReport) Passed() bool { - for i := range controlReport.RuleReports { - if len(controlReport.RuleReports[i].RuleResponses) > 0 { - return false - } - } - return true -} - -func (controlReport *ControlReport) Failed() bool { - return !controlReport.Passed() -} diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/gojayunmarshaller.go b/vendor/github.com/armosec/capacketsgo/opapolicy/gojayunmarshaller.go deleted file mode 100644 index c232a855..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/gojayunmarshaller.go +++ /dev/null @@ -1,47 +0,0 @@ -package opapolicy - -import ( - "github.com/francoispqt/gojay" - "time" -) - -/* - responsible on fast unmarshaling of various COMMON containerscan structures and substructures - -*/ -// UnmarshalJSONObject - File inside a pkg -func (r *PostureReport) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error) { - - switch key { - case "customerGUID": - err = dec.String(&(r.CustomerGUID)) - - case "clusterName": - err = dec.String(&(r.ClusterName)) - - case "reportID": - err = dec.String(&(r.ReportID)) - case "jobID": - err = dec.String(&(r.JobID)) - case "generationTime": - err = dec.Time(&(r.ReportGenerationTime), time.RFC3339) - r.ReportGenerationTime = r.ReportGenerationTime.Local() - } - return err - -} - -// func (files *PkgFiles) UnmarshalJSONArray(dec *gojay.Decoder) error { -// lae := PackageFile{} -// if err := dec.Object(&lae); err != nil { -// return err -// } - -// *files = append(*files, lae) -// return nil -// } - -func (file *PostureReport) NKeys() int { - return 0 -} -//------------------------ diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/dependencies.go b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/dependencies.go deleted file mode 100644 index 87dd3bd4..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/dependencies.go +++ /dev/null @@ -1,204 +0,0 @@ -package resources - -var RegoCAUtils = ` -package cautils - -list_contains(lista,element) { - some i - lista[i] == element -} - -# getPodName(metadata) = name { -# name := metadata.generateName -#} -getPodName(metadata) = name { - name := metadata.name -} - -#returns subobject ,sub1 is partial to parent, e.g parent = {a:a,b:b,c:c,d:d} -# sub1 = {b:b,c:c} - result is {b:b,c:c}, if sub1={b:b,e:f} returns {b:b} -object_intersection(parent,sub1) = r{ - - r := {k:p | p := sub1[k] - parent[k]== p - } -} - -#returns if parent contains sub(both are objects not sets!!) -is_subobject(sub,parent) { -object_intersection(sub,parent) == sub -} -` - -var RegoDesignators = ` -package designators - -import data.cautils -#functions that related to designators - -#allowed_namespace -#@input@: receive as part of the input object "included_namespaces" list -#@input@: item's namespace as "namespace" -#returns true if namespace exists in that list -included_namespaces(namespace){ - cautils.list_contains(["default"],namespace) -} - -#forbidden_namespaces -#@input@: receive as part of the input object "forbidden_namespaces" list -#@input@: item's namespace as "namespace" -#returns true if namespace exists in that list -excluded_namespaces(namespace){ - not cautils.list_contains(["excluded"],namespace) -} - -forbidden_wlids(wlid){ - input.forbidden_wlids[_] == wlid -} - -filter_k8s_object(obj) = filtered { - #put - filtered := obj - #filtered := [ x | cautils.list_contains(["default"],obj[i].metadata.namespace) ; x := obj[i] ] - # filtered := [ x | not cautils.list_contains([],filter1Set[i].metadata.namespace); x := filter1Set[i]] - -} -` -var RegoKubernetesApiClient = ` -package kubernetes.api.client - -# service account token -token := data.k8sconfig.token - -# Cluster host -host := data.k8sconfig.host - -# default certificate path -# crt_file := "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" -crt_file := data.k8sconfig.crtfile - -client_crt_file := data.k8sconfig.clientcrtfile -client_key_file := data.k8sconfig.clientkeyfile - - -# This information could be retrieved from the kubernetes API -# too, but would essentially require a request per API group, -# so for now use a lookup table for the most common resources. -resource_group_mapping := { - "services": "api/v1", - "pods": "api/v1", - "configmaps": "api/v1", - "secrets": "api/v1", - "persistentvolumeclaims": "api/v1", - "daemonsets": "apis/apps/v1", - "deployments": "apis/apps/v1", - "statefulsets": "apis/apps/v1", - "horizontalpodautoscalers": "api/autoscaling/v1", - "jobs": "apis/batch/v1", - "cronjobs": "apis/batch/v1beta1", - "ingresses": "api/extensions/v1beta1", - "replicasets": "apis/apps/v1", - "networkpolicies": "apis/networking.k8s.io/v1", - "clusterroles": "apis/rbac.authorization.k8s.io/v1", - "clusterrolebindings": "apis/rbac.authorization.k8s.io/v1", - "roles": "apis/rbac.authorization.k8s.io/v1", - "rolebindings": "apis/rbac.authorization.k8s.io/v1", - "serviceaccounts": "api/v1" -} - -# Query for given resource/name in provided namespace -# Example: query_ns("deployments", "my-app", "default") -query_name_ns(resource, name, namespace) = http.send({ - "url": sprintf("%v/%v/namespaces/%v/%v/%v", [ - host, - resource_group_mapping[resource], - namespace, - resource, - name, - ]), - "method": "get", - "headers": {"authorization": token}, - "tls_client_cert_file": client_crt_file, - "tls_client_key_file": client_key_file, - "tls_ca_cert_file": crt_file, - "raise_error": true, -}) - -# Query for given resource type using label selectors -# https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api -# Example: query_label_selector_ns("deployments", {"app": "opa-kubernetes-api-client"}, "default") -query_label_selector_ns(resource, selector, namespace) = http.send({ - "url": sprintf("%v/%v/namespaces/%v/%v?labelSelector=%v", [ - host, - resource_group_mapping[resource], - namespace, - resource, - label_map_to_query_string(selector), - ]), - "method": "get", - "headers": {"authorization": token}, - "tls_client_cert_file": client_crt_file, - "tls_client_key_file": client_key_file, - "tls_ca_cert_file": crt_file, - "raise_error": true, -}) - -# x := field_transform_to_qry_param("spec.selector",input) -# input = {"app": "acmefit", "service": "catalog-db"} -# result: "spec.selector.app%3Dacmefit,spec.selector.service%3Dcatalog-db" - - -query_field_selector_ns(resource, field, selector, namespace) = http.send({ - "url": sprintf("%v/%v/namespaces/%v/%v?fieldSelector=%v", [ - host, - resource_group_mapping[resource], - namespace, - resource, - field_transform_to_qry_param(field,selector), - ]), - "method": "get", - "headers": {"authorization": token}, - "tls_client_cert_file": client_crt_file, - "tls_client_key_file": client_key_file, - "tls_ca_cert_file": crt_file, - "raise_error": true, - -}) - -# # Query for all resources of type resource in all namespaces -# # Example: query_all("deployments") -# query_all(resource) = http.send({ -# "url": sprintf("https://%v:%v/%v/%v", [ -# ip, -# port, -# resource_group_mapping[resource], -# resource, -# ]), -# "method": "get", -# "headers": {"authorization": sprintf("Bearer %v", [token])}, -# "tls_client_cert_file": crt_file, -# "raise_error": true, -# }) - -# Query for all resources of type resource in all namespaces -# Example: query_all("deployments") -query_all(resource) = http.send({ - "url": sprintf("%v/%v/%v", [ - host, - resource_group_mapping[resource], - resource, - ]), - "method": "get", - "headers": {"authorization": token}, - "tls_client_cert_file": client_crt_file, - "tls_client_key_file": client_key_file, - "tls_ca_cert_file": crt_file, - "raise_error": true, -}) - -field_transform_to_qry_param(field,map) = finala { - mid := {concat(".",[field,key]): val | val := map[key]} - finala := label_map_to_query_string(mid) -} -label_map_to_query_string(map) = concat(",", [str | val := map[key]; str := concat("%3D", [key, val])]) -` diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/cronJob.reg b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/cronJob.reg deleted file mode 100755 index 32e98600..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/cronJob.reg +++ /dev/null @@ -1,20 +0,0 @@ -package armo_builtins - -# import data.kubernetes.api.client as client -import data.cautils as cautils - - -# alert cronjobs - -#handles cronjob -deny[msga] { - - wl := input[_] - wl.kind == "CronJob" - msga := { - "alertMessage": sprintf("the following cronjobs are defined: %v", [wl]), - "alertScore": 2, - "packagename": "armo_builtins", - "alertObject": wl - } -} diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/externalfacing.reg b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/externalfacing.reg deleted file mode 100755 index 4ad647cb..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/externalfacing.reg +++ /dev/null @@ -1,44 +0,0 @@ -package armo_builtins - -import data.kubernetes.api.client as client - - -# input: pod -# apiversion: v1 -# does: -# returns the external facing services of that pod -# -# -deny[msga] { - pod := input[_] - podns := pod.metadata.namespace - podname := getName(pod.metadata) - # pod := client.query_name_ns("pods","frontend-86c5ffb485-kfp9d", "default") - labels := pod.body.metadata.labels - filtered_labels := json.remove(labels, ["pod-template-hash"]) - - cluster_resource := client.query_all( - "services" - ) - - - services := [svc | cluster_resource.body.items[i].metadata.namespace == podns; svc := cluster_resource.body.items[i]] - service := services[_] - np_or_lb := {"NodePort", "LoadBalancer"} - np_or_lb[service.spec.type] - service.spec.selector == filtered_labels - - msga := { - "packagename": "armo_builtins", - "alertMessage": sprintf("pod %v/%v exposed services: %v\n", [podns,podname,service]), - "alertScore": 7, - "alertObject": {"service":service,"labels":filtered_labels, "podname":podname,"namespace":podns} - } -} - -getName(metadata) = name { - name := metadata.generateName -} -getName(metadata) = name { - name := metadata.name -} \ No newline at end of file diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/hostpath.reg b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/hostpath.reg deleted file mode 100755 index e312436e..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/hostpath.reg +++ /dev/null @@ -1,57 +0,0 @@ -package armo_builtins -#import data.kubernetes.api.client as client -import data.cautils as cautils - -# input: pod -# apiversion: v1 -# does: -# returns hostPath volumes -# -# -deny[msga] { - pod := input[_] - pod.kind == "Pod" - volumes := pod.spec.volumes - volume := volumes[_] - # crsrcs.body.spec.containers[_].volumeMounts[_].name = volume.name - volume.hostPath - podname := cautils.getPodName(pod.metadata) - obj := {"volume":volume,"podname": podname} - - msga := { - "packagename": "armo_builtins", - "alertMessage": sprintf("pod: %v has {%v,%v} ashostPath volume \n\n\n", [podname, volume]), - "alertScore": 7, - "alertObject": [obj] - } -} - -isRWMount(mount) { - not mount.readOnly -} -isRWMount(mount) { - mount.readOnly == false -} - - -#handles majority of workload resources -deny[msga] { - - wl := input[_] - spec_template_spec_patterns := {"Deployment","ReplicaSet","DaemonSet","StatefulSet","Job"} - spec_template_spec_patterns[wl.kind] - volumes := wl.spec.template.spec.volumes - volume := volumes[_] - volume.hostPath - wlname := cautils.getPodName(wl.metadata) - obj := {"volume":volume,"podname": wlname} - - msga := { - "packagename": "armo_builtins", - "alertMessage": sprintf("%v: %v has {%v,%v} as hostPath volume\n\n\n", [wl.kind,wlname, volume]), - "alertScore": 7, - "alertObject": [obj] - } -} - - diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/privileged.reg b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/privileged.reg deleted file mode 100755 index 85111179..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/privileged.reg +++ /dev/null @@ -1,56 +0,0 @@ -package armo_builtins - -#import data.kubernetes.api.client as client - - -# Deny mutating action unless user is in group owning the resource - - -#privileged pods -deny[msga] { - - - pod := input[_] - containers := pod.spec.containers[_] - containers.securityContext.privileged == true - msga := { - "packagename": "armo_builtins", - "alertMessage": sprintf("the following pods are defined as privileged: %v", [pod]), - "alertScore": 3, - "alertObject": pod, - } -} - - -#handles majority of workload resources -deny[msga] { - - wl := input[_] - spec_template_spec_patterns := {"Deployment","ReplicaSet","DaemonSet","StatefulSet","Job"} - spec_template_spec_patterns[wl.kind] - containers := wl.spec.template.spec.containers[_] - containers.securityContext.privileged == true - msga := { - "packagename": "armo_builtins", - "alertMessage": sprintf("the following workloads are defined as privileged: %v", [wl]), - "alertScore": 3, - "alertObject": wl, - } -} - - - -#handles cronjob -deny[msga] { - - wl := input[_] - wl.kind == "CronJob" - containers := wl.spec.jobTemplate.spec.template.spec.containers[_] - containers.securityContext.privileged == true - msga := { - "packagename": "armo_builtins", - "alertMessage": sprintf("the following cronjobs are defined as privileged: %v", [wl]), - "alertScore": 3, - "alertObject": wl, - } -} diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/rbacsecrets.reg b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/rbacsecrets.reg deleted file mode 100755 index 049d57f3..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/rbacsecrets.reg +++ /dev/null @@ -1,98 +0,0 @@ -package armo_builtins -import data.kubernetes.api.client as client -import data.cautils as cautils - - -# input: None -# apiversion: v1 -# does: -# returns roles+ related subjects in rolebinding - - -deny[msga] { - # rsrc := client.query_all("roles") - # role := rsrc.body.items[_] - role := input[_] - role.kind == "Role" - rule := role.rules[_] - cautils.list_contains(rule.resources,"secrets") - canViewSecrets(rule) - rbsrc := client.query_all("rolebindings") - rolebinding := rbsrc.body.items[_] - rolebinding.roleRef.kind == "Role" - rolebinding.roleRef.name == role.metadata.name - - - msga := { - "alertMessage": sprintf("the following users: %v , got read secret access roles", [rolebinding.subjects]), - "alertScore": 9, - "packagename": "armo_builtins", - "alertObject": {"role":role,"users":rolebinding.subjects} - } -} - - - -# input: None -# apiversion: v1 -# does: -# returns clusterroles+ related subjects in rolebinding - - -deny[msga] { - # rsrc := client.query_all("clusterroles") - # role := rsrc.body.items[_] - role := input[_] - role.kind == "ClusterRole" - rule := role.rules[_] - cautils.list_contains(rule.resources,"secrets") - canViewSecrets(rule) - rbsrc := client.query_all("rolebindings") - rolebinding := rbsrc.body.items[_] - rolebinding.roleRef.kind == "ClusterRole" - rolebinding.roleRef.name == role.metadata.name - - - msga := { - "alertMessage": sprintf("the following users: %v , got read secret access roles", [rolebinding.subjects]), - "alertScore": 9, - "packagename": "armo_builtins", - "alertObject": {"clusterrole":role,"users":rolebinding.subjects} - } -} - - -# input: None -# apiversion: v1 -# does: -# returns clusterroles+ related subjects in clusterrolebinding -# -# -deny[msga] { - # rsrc := client.query_all("clusterroles") - # role := rsrc.body.items[_] - role := input[_] - role.kind == "ClusterRole" - rule := role.rules[_] - cautils.list_contains(rule.resources,"secrets") - canViewSecrets(rule) - rbsrc := client.query_all("clusterrolebindings") - rolebinding := rbsrc.body.items[_] - rolebinding.roleRef.kind == "ClusterRole" - rolebinding.roleRef.name == role.metadata.name - - - msga := { - "alertMessage": sprintf("the following users: %v , got read secret access roles", [rolebinding.subjects]), - "alertScore": 9, - "packagename": "armo_builtins", - "alertObject": {"clusterrole":role,"users":rolebinding.subjects} - } -} - -canViewSecrets(rule) { - cautils.list_contains(rule.verbs,"get") -} -canViewSecrets(rule) { - cautils.list_contains(rule.verbs,"watch") -} diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/rwhostpath.reg b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/rwhostpath.reg deleted file mode 100755 index 68c6280e..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/rwhostpath.reg +++ /dev/null @@ -1,64 +0,0 @@ -package armo_builtins -#import data.kubernetes.api.client as client -import data.cautils as cautils - -# input: pod -# apiversion: v1 -# does: -# returns rw hostpath volumes of that pod -# -# -deny[msga] { - pod := input[_] - pod.kind == "Pod" - volumes := pod.spec.volumes - volume := volumes[_] - # crsrcs.body.spec.containers[_].volumeMounts[_].name = volume.name - mount := pod.spec.containers[_].volumeMounts[_] - mount.name == volume.name - volume.hostPath - isRWMount(mount) - podname := cautils.getPodName(pod.metadata) - obj := {"volume":volume,"mount":mount,"podname": podname} - - msga := { - "packagename": "armo_builtins", - "alertMessage": sprintf("pod: %v has {%v,%v} as rw hostPath volume and volumemount pair\n\n\n", [podname, volume,mount]), - "alertScore": 7, - "alertObject": [obj], - - } -} - -isRWMount(mount) { - not mount.readOnly -} -isRWMount(mount) { - mount.readOnly == false -} - - -#handles majority of workload resources -deny[msga] { - - wl := input[_] - spec_template_spec_patterns := {"Deployment","ReplicaSet","DaemonSet","StatefulSet","Job"} - spec_template_spec_patterns[wl.kind] - volumes := wl.spec.template.spec.volumes - volume := volumes[_] - mount := wl.spec.template.spec.containers[_].volumeMounts[_] - mount.name == volume.name - volume.hostPath - isRWMount(mount) - wlname := cautils.getPodName(wl.metadata) - obj := {"volume":volume,"mount":mount,"podname": wlname} - - msga := { - "packagename": "armo_builtins", - "alertMessage": sprintf("%v: %v has {%v,%v} as rw hostPath volume and volumemount pair\n\n\n", [wl.kind,wlname, volume,mount]), - "alertScore": 7, - "alertObject": [obj], - } -} - - diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/sshableworkload.reg b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/sshableworkload.reg deleted file mode 100755 index 431374e4..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/modules/sshableworkload.reg +++ /dev/null @@ -1,57 +0,0 @@ -package armo_builtins -import data.kubernetes.api.client as client -import data.cautils as cautils - -# input: pod -# apiversion: v1 -# does: -# returns the external facing services of that pod -# -# -deny[msga] { - pod := input[_] - podns := pod.metadata.namespace - podname := cautils.getPodName(pod.metadata) - # pod := client.query_name_ns("pods", "catalog-mongo-6f468d99b4-pn242", "default") - labels := pod.body.metadata.labels - filtered_labels := json.remove(labels, ["pod-template-hash"]) - - cluster_resource := client.query_all( - "services" - ) - - services := [svc | cluster_resource.body.items[i].metadata.namespace == podns; svc := cluster_resource.body.items[i]] - service := services[_] - service.spec.selector == filtered_labels - - hasSSHPorts(service) - - msga := { - "alertMessage": sprintf("pod %v/%v exposed by SSH services: %v\n", [podns,podname,service]), - "packagename": "armo_builtins", - "alertScore": 7, - "alertObject": [{"pod":pod,"service":{service}}] - } -} - -hasSSHPorts(service) { - port := service.spec.ports[_] - port.port == 22 -} - - -hasSSHPorts(service) { - port := service.spec.ports[_] - port.port == 2222 -} - -hasSSHPorts(service) { - port := service.spec.ports[_] - port.targetPort == 22 -} - - -hasSSHPorts(service) { - port := service.spec.ports[_] - port.targetPort == 2222 -} \ No newline at end of file diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/access2secrets.json b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/access2secrets.json deleted file mode 100755 index 14933b48..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/access2secrets.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "guid": "3b0467c9-488d-c244-99d0-90fbf600aaff", - "name": "[Builtin] rule-deny-access-to-secrets", - "creationTime": "2019-09-04T12:04:58.461455", - "description": "determines which users can get/list/watch secrets", - "attributes": { - "m$K8sThreatMatrix": "Credential Access::List k8s Secrets" - }, - "ruleDependencies": [ - { - "packageName":"cautils" - }, - { - "packageName":"kubernetes.api.client" - } - ], - "remediation": "", - "match": [ - { - "resources": [ - "Role","ClusterRole" - ], - "apiVersions": [ - "v1" - ], - "apiGroups": [ - "rbac.authorization.k8s.io" - ] - } - ], - "ruleLanguage": "Rego", - "rule": "\npackage armo_builtins\nimport data.kubernetes.api.client as client\nimport data.cautils as cautils\n\n\n# input: None\n# apiversion: v1\n# does: \n#\treturns roles+ related subjects in rolebinding\n\n\ndeny[msga] {\n\t# rsrc := client.query_all(\"roles\")\n\t# role := rsrc.body.items[_]\n\trole := input[_]\n\trole.kind == \"Role\"\n\trule := role.rules[_]\n\tcautils.list_contains(rule.resources,\"secrets\")\n\tcanViewSecrets(rule)\n\trbsrc := client.query_all(\"rolebindings\")\n\trolebinding := rbsrc.body.items[_]\n\trolebinding.roleRef.kind == \"Role\"\n\trolebinding.roleRef.name == role.metadata.name\n\t\n \n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"the following users: %v , got read secret access roles\", [rolebinding.subjects]),\n\t\t\"alert\": true,\n\t\t\"prevent\": false,\n\t\t\"alertScore\": 9,\n\t\t\"alertObject\": {\"role\":role,\"users\":rolebinding.subjects}\n\t\n\t}\n}\n\n\n\n# input: None\n# apiversion: v1\n# does: \n#\treturns clusterroles+ related subjects in rolebinding\n\n\ndeny[msga] {\n\t# rsrc := client.query_all(\"clusterroles\")\n\t# role := rsrc.body.items[_]\n\trole := input[_]\n\trole.kind == \"ClusterRole\"\n\trule := role.rules[_]\n\tcautils.list_contains(rule.resources,\"secrets\")\n\tcanViewSecrets(rule)\n\trbsrc := client.query_all(\"rolebindings\")\n\trolebinding := rbsrc.body.items[_]\n\trolebinding.roleRef.kind == \"ClusterRole\"\n\trolebinding.roleRef.name == role.metadata.name\n\t\n \n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"the following users: %v , got read secret access roles\", [rolebinding.subjects]),\n\t\t\"alert\": true,\n\t\t\"prevent\": false,\n\t\t\"alertScore\": 9,\n\t\t\"alertObject\": {\"clusterrole\":role,\"users\":rolebinding.subjects}\n\t\n\t}\n}\n\n\n# input: None\n# apiversion: v1\n# does: \n#\treturns clusterroles+ related subjects in clusterrolebinding\n#\n#\ndeny[msga] {\n\t# rsrc := client.query_all(\"clusterroles\")\n\t# role := rsrc.body.items[_]\n\trole := input[_]\n\trole.kind == \"ClusterRole\"\n\trule := role.rules[_]\n\tcautils.list_contains(rule.resources,\"secrets\")\n\tcanViewSecrets(rule)\n\trbsrc := client.query_all(\"clusterrolebindings\")\n\trolebinding := rbsrc.body.items[_]\n\trolebinding.roleRef.kind == \"ClusterRole\"\n\trolebinding.roleRef.name == role.metadata.name\n\t\n \n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"the following users: %v , got read secret access roles\", [rolebinding.subjects]),\n\t\t\"alert\": true,\n\t\t\"prevent\": false,\n\t\t\"alertScore\": 9,\n\t\t\"alertObject\": {\"clusterrole\":role,\"users\":rolebinding.subjects}\n\t\n\t}\n}\n\ncanViewSecrets(rule) {\n\tcautils.list_contains(rule.verbs,\"get\")\n}\ncanViewSecrets(rule) {\n\tcautils.list_contains(rule.verbs,\"watch\")\n}\n" -} diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/cansshtopod.json b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/cansshtopod.json deleted file mode 100755 index c00b15a1..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/cansshtopod.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "guid": "3b0467c9-488d-c244-99d0-90fbf600aaff", - "name": "[Builtin] rule-can-ssh-to-pod", - "creationTime": "2019-09-04T12:04:58.461455", - "description": "denies pods with SSH ports opened(22/222)", - "attributes": { - "microsoftK8sThreatMatrix": "val1" - }, - "ruleDependencies": [ - { - "packageName":"cautils" - }, - { - "packageName":"kubernetes.api.client" - } - ], - "remediation": "create a network policy that protects SSH ports", - "match": [ - { - "resources": [ - "Pods" - ], - "apiVersions": [ - "v1" - ], - "apiGroups": [ - "*" - ] - } - ], - "ruleLanguage": "Rego", - "rule": "\npackage armo_builtins\nimport data.kubernetes.api.client as client\nimport data.cautils as cautils\n\n# input: pod\n# apiversion: v1\n# does: \n#\treturns the external facing services of that pod\n#\n#\ndeny[msga] {\n\tpod := input[_]\n\tpodns := pod.metadata.namespace\n\tpodname := cautils.getPodName(pod.metadata)\n\t# pod := client.query_name_ns(\"pods\", \"catalog-mongo-6f468d99b4-pn242\", \"default\")\n\tlabels := pod.body.metadata.labels\n\tfiltered_labels := json.remove(labels, [\"pod-template-hash\"])\n \n\t cluster_resource := client.query_all(\n\t \t\"services\"\n\t )\n\n\tservices := [svc | cluster_resource.body.items[i].metadata.namespace == podns; svc := cluster_resource.body.items[i]]\n\tservice := \tservices[_]\n\tservice.spec.selector == filtered_labels\n \n\thasSSHPorts(service)\n\n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"pod %v/%v exposed by SSH services: %v\n\", [podns,podname,service]),\n\t\t\"alert\": true,\n\t\t\"prevent\": false,\n\t\t\"alertScore\": 7,\n\t\t\"alertObject\": [{\"pod\":pod,\"service\":{service}}]\n\t\n\t}\n}\n\nhasSSHPorts(service) {\n\tport := service.spec.ports[_]\n\tport.port == 22\n}\n\n\nhasSSHPorts(service) {\n\tport := service.spec.ports[_]\n\tport.port == 2222\n}\n\nhasSSHPorts(service) {\n\tport := service.spec.ports[_]\n\tport.targetPort == 22\n}\n\n\nhasSSHPorts(service) {\n\tport := service.spec.ports[_]\n\tport.targetPort == 2222\n}\n" - -} diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/compromisedregistries.json b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/compromisedregistries.json deleted file mode 100755 index 103e41c5..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/compromisedregistries.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "guid": "", - "name": "[Builtin] rule-identify-blacklisted-image-registries", - "creationTime": "", - "description": "Identifying if pod container images are from unallowed registries", - "attributes": { - "m$K8sThreatMatrix": "Initial Access::Compromised images in registry" - }, - "ruleDependencies": [ - { - "packageName": "cautils" - }, - { - "packageName": "kubernetes.api.client" - } - ], - "remediation": "Use images from safe registry", - "match": [ - { - "resources": [ - "Pods" - ], - "apiVersions": [ - "v1" - ], - "apiGroups": [ - "*" - ] - } - ], - "ruleLanguage": "Rego", - "rule": "\npackage armo_builtins\n# Check for images from blacklisted repos\n\nuntrusted_registries(z) = x {\n\tx := [\"015253967648.dkr.ecr.eu-central-1.amazonaws.com/\"]\t\n}\n\npublic_registries(z) = y{\n\ty := [\"quay.io/kiali/\",\"quay.io/datawire/\",\"quay.io/keycloak/\",\"quay.io/bitnami/\"]\n}\n\nuntrustedImageRepo[msga] {\n\tpod := input[_]\n\tk := pod.kind\n\tk == \"Pod\"\n\tcontainer := pod.spec.containers[_]\n\timage := container.image\n repo_prefix := untrusted_registries(image)[_]\n\tstartswith(image, repo_prefix)\n\tselfLink := pod.metadata.selfLink\n\tcontainerName := container.name\n\n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"image '%v' in container '%s' in [%s] comes from untrusted registry\", [image, containerName, selfLink]),\n\t\t\"alert\": true,\n\t\t\"prevent\": false,\n\t\t\"alertScore\": 2,\n\t\t\"alertObject\": [{\"pod\":pod}]\n\t}\n}\n\nuntrustedImageRepo[msga] {\n pod := input[_]\n\tk := pod.kind\n\tk == \"Pod\"\n\tcontainer := pod.spec.containers[_]\n\timage := container.image\n repo_prefix := public_registries(image)[_]\n\tstartswith(pod, repo_prefix)\n\tselfLink := input.metadata.selfLink\n\tcontainerName := container.name\n\n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"image '%v' in container '%s' in [%s] comes from public registry\", [image, containerName, selfLink]),\n\t\t\"alert\": true,\n\t\t\"prevent\": false,\n\t\t\"alertScore\": 1,\n\t\t\"alertObject\": [{\"pod\":pod}]\n\t}\n}" -} \ No newline at end of file diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/externalfacingservicesbypod.json b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/externalfacingservicesbypod.json deleted file mode 100755 index e5203fe2..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/externalfacingservicesbypod.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "guid": "3b0467c9-488d-c244-99d0-90fbf600aaff", - "name": "[Builtin] rule-pod-external-facing", - "creationTime": "2019-09-04T12:04:58.461455", - "description": "denies pods with external facing services, grabs related services", - "attributes": { - "microsoftK8sThreatMatrix": "val1" - }, - "ruleDependencies": [ - { - "packageName":"kubernetes.api.client" - } - ], - "remediation": "create a network policy that controls which protect your cluster from unwanted connections and the outside world", - "match": [ - { - "resources": [ - "Pods" - ], - "apiVersions": [ - "v1" - ], - "apiGroups": [ - "*" - ] - } - ], - "ruleLanguage": "Rego", - "rule": "\npackage armo_builtins\n\nimport data.kubernetes.api.client as client\n\n\n# input: pod\n# apiversion: v1\n# does: \n#\treturns the external facing services of that pod\n#\n#\ndeny[msga] {\n\tpod := input[_]\n\tpodns := pod.metadata.namespace\n\tpodname := getName(pod.metadata)\n\t# pod := client.query_name_ns(\"pods\",\"frontend-86c5ffb485-kfp9d\", \"default\")\n\tlabels := pod.body.metadata.labels\n\tfiltered_labels := json.remove(labels, [\"pod-template-hash\"])\n \n\t cluster_resource := client.query_all(\n\t \t\"services\"\n\t )\n\n\n\tservices := [svc | cluster_resource.body.items[i].metadata.namespace == podns; svc := cluster_resource.body.items[i]]\n\tservice := \tservices[_]\n\tnp_or_lb := {\"NodePort\", \"LoadBalancer\"}\n\tnp_or_lb[service.spec.type]\n\tservice.spec.selector == filtered_labels\n \n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"pod %v/%v exposed services: %v\n\", [podns,podname,service]),\n\t\t\"alert\": true,\n\t\t\"prevent\": false,\n\t\t\"alertScore\": 7,\n\t\t\"alertObject\": {\"service\":service,\"labels\":filtered_labels, \"podname\":podname,\"namespace\":podns}\n\t\n\t}\n}\n\ngetName(metadata) = name {\n\tname := metadata.generateName\n}\ngetName(metadata) = name {\n\tname := metadata.name\n}\n" - -} diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/hostpath.json b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/hostpath.json deleted file mode 100755 index baa84855..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/hostpath.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "guid": "3b0467c9-488d-c244-99d0-90fbf600aaff", - "name": "[Builtin] alert-any-hostpath", - "creationTime": "2019-09-04T12:04:58.461455", - "description": "determines if any workload contains a hostPath volume", - "attributes": { - "m$K8sThreatMatrix": "Privilege Escalation::hostPath mount" - }, - "ruleDependencies": [ - { - "packageName":"cautils" - } - ], - "remediation": "consider if hostPath is really necessary - reading sensitive data like hostPath credentials might endanger cluster, if so consider encrypting the data", - - "match": [ - { - "resources": [ - "Deployment","ReplicaSet","DaemonSet","StatefulSet","Job","Pod" - ], - "apiVersions": [ - "v1" - ], - "apiGroups": [ - "*" - ] - } - ], - "ruleLanguage": "Rego", - "rule": "\npackage armo_builtins\nimport data.kubernetes.api.client as client\nimport data.cautils as cautils\n\n# input: pod\n# apiversion: v1\n# does: \n#\treturns hostPath volumes\n#\n#\ndeny[msga] {\n pod := input[_]\n pod.kind == \"Pod\"\n volumes := pod.spec.volumes\n volume := volumes[_]\n # crsrcs.body.spec.containers[_].volumeMounts[_].name = volume.name\n volume.hostPath\n podname := cautils.getPodName(pod.metadata)\n obj := {\"volume\":volume,\"podname\": podname}\n\n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"pod: %v has {%v,%v} ashostPath volume \n\n\n\", [podname, volume]),\n\t\t\"alert\": true,\n\t\t\"prevent\": false,\n\t\t\"alertScore\": 7,\n\t\t\"alertObject\": [obj],\n\t\n\t}\n}\n\nisRWMount(mount) {\n not mount.readOnly\n}\nisRWMount(mount) {\n mount.readOnly == false\n}\n\n\n#handles majority of workload resources\ndeny[msga] {\n\n\twl := input[_]\n\tspec_template_spec_patterns := {\"Deployment\",\"ReplicaSet\",\"DaemonSet\",\"StatefulSet\",\"Job\"}\n\tspec_template_spec_patterns[wl.kind]\n volumes := wl.spec.template.spec.volumes\n volume := volumes[_]\n volume.hostPath\n wlname := cautils.getPodName(wl.metadata)\n obj := {\"volume\":volume,\"podname\": wlname}\n\n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"%v: %v has {%v,%v} as hostPath volume\n\n\n\", [wl.kind,wlname, volume]),\n\t\t\"alert\": true,\n\t\t\"prevent\": false,\n\t\t\"alertScore\": 7,\n\t\t\"alertObject\": [obj],\n\t\n\t}\n}\n\n\n" - } diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/instancemetadataapi.json b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/instancemetadataapi.json deleted file mode 100644 index 7ab203bb..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/instancemetadataapi.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "guid": "82f19070-2826-4fe4-a079-f5f7e7a1b04d", - "name": "[Builtin] instance-metadata-api-access", - "attributes": { - "m$K8sThreatMatrix": "Credential Access::Instance Metadata API" - }, - "creationTime": "2021-04-25T10:48:48.861806", - "rule": "package armo_builtins\n# Check for images from blacklisted repos\n\nmetadata_azure(z) = http.send({\n\t\"url\": \"http://169.254.169.254/metadata/instance?api-version=2020-09-01\",\n\t\"method\": \"get\",\n\t\"headers\": {\"Metadata\": \"true\"},\n\t\"raise_error\": true,\t\n})\n\nmetadata_gcp(z) = http.send({\n\t\"url\": \"http://169.254.169.254/computeMetadata/v1/?alt=json&recursive=true\",\n\t\"method\": \"get\",\n\t\"headers\": {\"Metadata-Flavor\": \"Google\"},\n\t\"raise_error\": true,\t\n})\n\nmetadata_aws(z) = metadata_object { \n\thostname := http.send({\n\t\"url\": \"http://169.254.169.254/latest/meta-data/local-hostname\",\n\t\"method\": \"get\",\n\t\"raise_error\": true,\t\n })\n\tmetadata_object := {\n\t\t\"raw_body\": hostname.raw_body,\n\t\t\"hostname\" : hostname.raw_body,\n\t\t\"status_code\" : hostname.status_code\n\t}\n}\n\nazure_metadata[msga] {\t\n\tmetadata_object := metadata_azure(\"aaa\")\n\tmetadata_object.status_code == 200\n\tnode_name := metadata_object.body.compute.name\n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"Node '%s' has access to Instance Metadata Services of Azure.\", [node_name]),\n\t\t\"alert\": true,\n\t\t\"prevent\": false,\n\t\t\"alertScore\": 1,\n\t\t\"alertObject\": [{\"nodeMetadata\":metadata_object.body}]\n\t}\n}\n\ngcp_metadata[msga] {\t\n\tmetadata_object := metadata_gcp(\"aaa\")\n\tmetadata_object.status_code == 200\n\tnode_name := metadata_object.body.instance.hostname\n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"Node '%s' has access to Instance Metadata Services of GCP.\", [node_name]),\n\t\t\"alert\": true,\n\t\t\"prevent\": false,\n\t\t\"alertScore\": 1,\n\t\t\"alertObject\": [{\"nodeMetadata\": metadata_object.raw_body}]\n\t}\n}\n\naws_metadata[msga] {\t\n\tmetadata_object := metadata_aws(\"aaa\")\n\tmetadata_object.status_code == 200\n\tnode_name := metadata_object.hostname\n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"Node '%s' has access to Instance Metadata Services of AWS.\", [node_name]),\n\t\t\"alert\": true,\n\t\t\"prevent\": false,\n\t\t\"alertScore\": 1,\n\t\t\"alertObject\": [{\"nodeMetadata\": metadata_object.raw_body}]\n\t}\n}", - "ruleLanguage": "Rego", - "match": [ - { - "apiGroups": [ - "*" - ], - "apiVersions": [ - "*" - ], - "resources": [ - "nodes" - ] - } - ], - "ruleDependencies": [], - "description": "Checks if there is access from the nodes to cloud prividers instance metadata services", - "remediation": "From https://attack.mitre.org/techniques/T1552/005/ :Option A: Disable or Remove Feature or Program, Option B: Filter Network Traffic", - "ruleQuery": "" -} diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/iscronjob.json b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/iscronjob.json deleted file mode 100755 index 182ee4de..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/iscronjob.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "guid": "[Builtin] 3b0467c9-488d-c244-99d0-90fbf600aaff", - "name": "rule-deny-cronjobs", - "creationTime": "2019-09-04T12:04:58.461455", - "description": "determines if it's cronjob", - "attributes": { - "m$K8sThreatMatrix": "Persistence::Cronjob" - }, - "ruleDependencies": [ - { - "packageName":"cautils" - } - ], - "remediation": "", - "match": [ - { - "resources": [ - "CronJob" - ], - "apiVersions": [ - "v1beta1" - ], - "apiGroups": [ - "batch" - ] - } - ], - "ruleLanguage": "Rego", - "rule": "\npackage armo_builtins\n\n# import data.kubernetes.api.client as client\nimport data.cautils as cautils\n\n\n# alert cronjobs\n\n#handles cronjob\ndeny[msga] {\n\n\twl := input[_]\n\twl.kind == \"CronJob\"\n msga := {\n\t\t\"alertMessage\": sprintf(\"the following cronjobs are defined: %v\", [wl]),\n\t\t\"alert\": true,\n\t\t\"prevent\": false,\n\t\t\"alertScore\": 2,\n\t\t\"alertObject\": wl\n\t\n\t}\n}\n" -} diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/privilegedworkload.json b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/privilegedworkload.json deleted file mode 100755 index 5a6e0faf..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/privilegedworkload.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "guid": "", - "name": "[Builtin] rule-privilege-escalation", - "creationTime": "2019-09-04T12:04:58.461455", - "description": "determines if pods/deployments defined as privileged true", - "attributes": { - "mitre": "Privilege Escalation", - "mitreCode": "TA0004", - "m$K8sThreatMatrix": "Privilege Escalation::privileged container" - }, - "ruleDependencies": [ - ], - "remediation": "avoid defining pods as privilleged", - "match": [ - { - "resources": [ - "Deployment","ReplicaSet","DaemonSet","StatefulSet","Job","Pod","CronJob" - ], - "apiVersions": [ - "v1" - ], - "apiGroups": [ - "*" - ] - } - ], - "ruleLanguage": "Rego", - "rule": "\npackage armo_builtins\n\nimport data.kubernetes.api.client as client\nimport data.designators as scope\nimport data.cautils as cautils\n\n\n# Deny mutating action unless user is in group owning the resource\n\n\n#privileged pods\ndeny[msga] {\n\n \n\tpod := input[_]\n\tcontainers := pod.spec.containers[_]\n\tcontainers.securityContext.privileged == true\n msga := {\n\t\t\"alertMessage\": sprintf(\"the following pods are defined as privileged: %v\", [pod]),\n\t\t\"alert\": true,\n\t\t\"prevent\": false,\n\t\t\"alertScore\": 3,\n\t\t\"alertObject\": pod,\n\t\n\t}\n}\n\n\n#handles majority of workload resources\ndeny[msga] {\n\n\twl := input[_]\n\tspec_template_spec_patterns := {\"Deployment\",\"ReplicaSet\",\"DaemonSet\",\"StatefulSet\",\"Job\"}\n\tspec_template_spec_patterns[wl.kind]\n\tcontainers := wl.spec.template.spec.containers[_]\n\tcontainers.securityContext.privileged == true\n msga := {\n\t\t\"alertMessage\": sprintf(\"the following workloads are defined as privileged: %v\", [wl]),\n\t\t\"alert\": true,\n\t\t\"prevent\": false,\n\t\t\"alertScore\": 3,\n\t\t\"alertObject\": wl,\n\t\n\t}\n}\n\n\n\n#handles cronjob\ndeny[msga] {\n\n\twl := input[_]\n\twl.kind == \"CronJob\"\n\tcontainers := wl.spec.jobTemplate.spec.template.spec.containers[_]\n\tcontainers.securityContext.privileged == true\n msga := {\n\t\t\"alertMessage\": sprintf(\"the following cronjobs are defined as privileged: %v\", [wl]),\n\t\t\"alert\": true,\n\t\t\"prevent\": false,\n\t\t\"alertScore\": 3,\n\t\t\"alertObject\": wl,\n\t\n\t}\n}\n\n" -} diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/rwhostpath.json b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/rwhostpath.json deleted file mode 100755 index 93f57e94..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/rego/regorulesjsons/rwhostpath.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "guid": "3b0467c9-488d-c244-99d0-90fbf600aaff", - "name": "[Builtin] alert-rw-hostpath", - "creationTime": "2019-09-04T12:04:58.461455", - "description": "determines if any workload contains a hostPath volume with rw permissions", - "attributes": { - "m$K8sThreatMatrix": "Persistance::Writable hostPath mount" - }, - "ruleDependencies": [ - { - "packageName":"cautils" - } - ], - "remediation": "consider if hostPath is really necessary- sensitive data like hostPath credentials might endanger cluster, if so consider encrypting the data", - - "match": [ - { - "resources": [ - "Deployment","ReplicaSet","DaemonSet","StatefulSet","Job","Pod" - ], - "apiVersions": [ - "v1" - ], - "apiGroups": [ - "*" - ] - } - ], - "ruleLanguage": "Rego", - "rule": "\"\\npackage armo_builtins\\nimport data.kubernetes.api.client as client\\nimport data.cautils as cautils\\n\\n# input: pod\\n# apiversion: v1\\n# does: \\n#\\treturns hostPath volumes\\n#\\n#\\ndeny[msga] {\\n pod := input[_]\\n pod.kind == \\\"Pod\\\"\\n volumes := pod.spec.volumes\\n volume := volumes[_]\\n # crsrcs.body.spec.containers[_].volumeMounts[_].name = volume.name\\n volume.hostPath\\n podname := cautils.getPodName(pod.metadata)\\n obj := {\\\"volume\\\":volume,\\\"podname\\\": podname}\\n\\n\\tmsga := {\\n\\t\\t\\\"alertMessage\\\": sprintf(\\\"pod: %v has {%v,%v} ashostPath volume \\n\\n\\n\\\", [podname, volume]),\\n\\t\\t\\\"alert\\\": true,\\n\\t\\t\\\"prevent\\\": false,\\n\\t\\t\\\"alertScore\\\": 7,\\n\\t\\t\\\"alertObject\\\": [obj],\\n\\t\\n\\t}\\n}\\n\\nisRWMount(mount) {\\n not mount.readOnly\\n}\\nisRWMount(mount) {\\n mount.readOnly == false\\n}\\n\\n\\n#handles majority of workload resources\\ndeny[msga] {\\n\\n\\twl := input[_]\\n\\tspec_template_spec_patterns := {\\\"Deployment\\\",\\\"ReplicaSet\\\",\\\"DaemonSet\\\",\\\"StatefulSet\\\",\\\"Job\\\"}\\n\\tspec_template_spec_patterns[wl.kind]\\n volumes := wl.spec.template.spec.volumes\\n volume := volumes[_]\\n volume.hostPath\\n wlname := cautils.getPodName(wl.metadata)\\n obj := {\\\"volume\\\":volume,\\\"podname\\\": wlname}\\n\\n\\tmsga := {\\n\\t\\t\\\"alertMessage\\\": sprintf(\\\"%v: %v has {%v,%v} as hostPath volume\\n\\n\\n\\\", [wl.kind,wlname, volume]),\\n\\t\\t\\\"alert\\\": true,\\n\\t\\t\\\"prevent\\\": false,\\n\\t\\t\\\"alertScore\\\": 7,\\n\\t\\t\\\"alertObject\\\": [obj],\\n\\t\\n\\t}\\n}\\n\\n\\n\"" -} diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/resourcesutils.go b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/resourcesutils.go deleted file mode 100644 index fecfe127..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/resourcesutils.go +++ /dev/null @@ -1,125 +0,0 @@ -package resources - -import ( - "encoding/json" - "fmt" - "io/ioutil" - "os" - "path/filepath" - "strings" - - "github.com/armosec/armopa/storage" - "github.com/armosec/armopa/storage/inmem" - "github.com/armosec/armopa/util" - "github.com/armosec/capacketsgo/k8sinterface" - "github.com/golang/glog" - "k8s.io/client-go/rest" -) - -var ( - RegoDependenciesPath = "/resources/rego/dependencies" -) - -type RegoDependenciesData struct { - K8sConfig RegoK8sConfig `json:"k8sconfig"` -} - -type RegoK8sConfig struct { - Token string `json:"token"` - IP string `json:"ip"` - Host string `json:"host"` - Port string `json:"port"` - CrtFile string `json:"crtfile"` - ClientCrtFile string `json:"clientcrtfile"` - ClientKeyFile string `json:"clientkeyfile"` - // ClientKeyFile string `json:"crtfile"` -} - -func NewRegoDependenciesDataMock() *RegoDependenciesData { - return NewRegoDependenciesData(k8sinterface.GetK8sConfig()) -} - -func NewRegoDependenciesData(k8sConfig *rest.Config) *RegoDependenciesData { - - regoDependenciesData := RegoDependenciesData{ - K8sConfig: *NewRegoK8sConfig(k8sConfig), - } - return ®oDependenciesData -} -func NewRegoK8sConfig(k8sConfig *rest.Config) *RegoK8sConfig { - - host := k8sConfig.Host - if host == "" { - ip := os.Getenv("KUBERNETES_SERVICE_HOST") - port := os.Getenv("KUBERNETES_SERVICE_PORT") - host = fmt.Sprintf("https://%s:%s", ip, port) - } - - token := "" - if k8sConfig.BearerToken != "" { - token = fmt.Sprintf("Bearer %s", k8sConfig.BearerToken) - } - - // crtFile := os.Getenv("KUBERNETES_CRT_PATH") - // if crtFile == "" { - // crtFile = k8sConfig.CAFile - // // crtFile = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" - // } - - // glog.Infof("===========================================================================") - // glog.Infof(fmt.Sprintf("%v", k8sConfig.String())) - // glog.Infof("===========================================================================") - - regoK8sConfig := RegoK8sConfig{ - Token: token, - Host: k8sConfig.Host, - CrtFile: k8sConfig.CAFile, - ClientCrtFile: k8sConfig.CertFile, - ClientKeyFile: k8sConfig.KeyFile, - } - return ®oK8sConfig -} -func (data *RegoDependenciesData) TOStorage() (storage.Store, error) { - var jsonObj map[string]interface{} - bytesData, err := json.Marshal(*data) - if err != nil { - return nil, err - } - // glog.Infof("RegoDependenciesData: %s", bytesData) - if err := util.UnmarshalJSON(bytesData, &jsonObj); err != nil { - return nil, err - } - return inmem.NewFromObject(jsonObj), nil -} - -// LoadRegoDependenciesFromDir loads the policies list from *.rego file in given directory -func LoadRegoFiles(dir string) map[string]string { - - modules := make(map[string]string) - - // Compile the module. The keys are used as identifiers in error messages. - filepath.Walk(dir, func(path string, info os.FileInfo, err error) error { - if err == nil && strings.HasSuffix(path, ".rego") && !info.IsDir() { - content, err := ioutil.ReadFile(path) - if err != nil { - glog.Errorf("LoadRegoFiles, Failed to load: %s: %v", path, err) - } else { - modules[strings.Trim(filepath.Base(path), ".rego")] = string(content) - } - } - return nil - }) - - return modules -} - -// LoadRegoModules loads the policies from variables -func LoadRegoModules() map[string]string { - - modules := make(map[string]string) - modules["cautils"] = RegoCAUtils - modules["designators"] = RegoDesignators - modules["kubernetes.api.client"] = RegoKubernetesApiClient - - return modules -} diff --git a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/resourcesutils_test.go b/vendor/github.com/armosec/capacketsgo/opapolicy/resources/resourcesutils_test.go deleted file mode 100644 index eeabc59c..00000000 --- a/vendor/github.com/armosec/capacketsgo/opapolicy/resources/resourcesutils_test.go +++ /dev/null @@ -1,17 +0,0 @@ -package resources - -import ( - "os" - "path/filepath" - "testing" -) - -func TestLoadRegoDependenciesFromDir(t *testing.T) { - dir, _ := os.Getwd() - t.Errorf("%s", filepath.Join(dir, "rego/dependencies")) - return - // modules := LoadRegoDependenciesFromDir("") - // if len(modules) == 0 { - // t.Errorf("modules len == 0") - // } -} diff --git a/vendor/github.com/armosec/capacketsgo/secrethandling/apifields.go b/vendor/github.com/armosec/capacketsgo/secrethandling/apifields.go deleted file mode 100644 index 8470a408..00000000 --- a/vendor/github.com/armosec/capacketsgo/secrethandling/apifields.go +++ /dev/null @@ -1,64 +0,0 @@ -package secrethandling - -import ( - "bytes" - "encoding/binary" - "strings" -) - -// API fields -var ( - WlidPrefix = "wlid://" - ClusterWlidPrefix = "cluster-" - NamespaceWlidPrefix = "namespace-" - DataCenterWlidPrefix = "datacenter-" - ProjectWlidPrefix = "project-" - SecretSIDPrefix = "secret-" - SubSecretSIDPrefix = "subsecret-" - K8SKindsList = []string{"ComponentStatus", "ConfigMap", "ControllerRevision", "CronJob", - "CustomResourceDefinition", "DaemonSet", "Deployment", "Endpoints", "Event", "HorizontalPodAutoscaler", - "Ingress", "Job", "Lease", "LimitRange", "LocalSubjectAccessReview", "MutatingWebhookConfiguration", - "Namespace", "NetworkPolicy", "Node", "PersistentVolume", "PersistentVolumeClaim", "Pod", - "PodDisruptionBudget", "PodSecurityPolicy", "PodTemplate", "PriorityClass", "ReplicaSet", - "ReplicationController", "ResourceQuota", "Role", "RoleBinding", "Secret", "SelfSubjectAccessReview", - "SelfSubjectRulesReview", "Service", "ServiceAccount", "StatefulSet", "StorageClass", - "SubjectAccessReview", "TokenReview", "ValidatingWebhookConfiguration", "VolumeAttachment"} - NativeKindsList = []string{"Dockerized", "Native"} - KindReverseMap = map[string]string{} -) - -// SecretTLVTag the tlv tag -var SecretTLVTag = []byte{231, 197, 24, 237} - -func init() { - for _, kind := range K8SKindsList { - KindReverseMap[strings.ToLower(strings.Replace(kind, "-", "", -1))] = kind - } - for _, kind := range NativeKindsList { - KindReverseMap[strings.ToLower(strings.Replace(kind, "-", "", -1))] = kind - } -} - -// IsKindK8S returns true if kind is a k8s -func IsKindK8S(k string) bool { - if val, ok := KindReverseMap[k]; ok { - k = val - } - for _, k8sKind := range K8SKindsList { - if k == k8sKind { - return true - } - } - return false -} - -// HasSecretTLV is the byte slice an encrypted secret -func HasSecretTLV(secret []byte) bool { - return bytes.HasPrefix(secret, SecretTLVTag) -} - -// GetSecretTLVLength return TLV length -func GetSecretTLVLength(secret []byte) uint32 { - length := secret[len(SecretTLVTag) : len(SecretTLVTag)+4] - return uint32(len(SecretTLVTag)+4) + binary.BigEndian.Uint32(length) -} diff --git a/vendor/github.com/armosec/capacketsgo/secrethandling/inclustersecrethandling.go b/vendor/github.com/armosec/capacketsgo/secrethandling/inclustersecrethandling.go deleted file mode 100644 index ef961f6e..00000000 --- a/vendor/github.com/armosec/capacketsgo/secrethandling/inclustersecrethandling.go +++ /dev/null @@ -1,163 +0,0 @@ -package secrethandling - -import ( - "context" - b64 "encoding/base64" - "encoding/json" - "fmt" - "strings" - - "github.com/docker/docker/api/types" - "github.com/golang/glog" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes" -) - -// DockerConfigJsonstructure - -type DockerConfigJsonstructure map[string]map[string]types.AuthConfig - -func updateSecret(authConfig *types.AuthConfig, serverAddress string) { - if authConfig.ServerAddress == "" { - authConfig.ServerAddress = serverAddress - } - if authConfig.Username == "" || authConfig.Password == "" { - glog.Infof("secret missing user name or password, using auth") - auth := authConfig.Auth - decodedAuth, err := b64.StdEncoding.DecodeString(auth) - if err != nil { - glog.Errorf("error: %s", err.Error()) - return - } - - splittedAuth := strings.Split(string(decodedAuth), ":") - if len(splittedAuth) == 2 { - authConfig.Username = splittedAuth[0] - authConfig.Password = splittedAuth[1] - } - } - if authConfig.Auth == "" { - auth := fmt.Sprintf("%s:%s", authConfig.Username, authConfig.Password) - authConfig.Auth = b64.StdEncoding.EncodeToString([]byte(auth)) - } -} - -func parseEncodedSecret(sec map[string][]byte) (string, string) { - buser := sec[corev1.BasicAuthUsernameKey] - bpsw := sec[corev1.BasicAuthPasswordKey] - duser, _ := b64.StdEncoding.DecodeString(string(buser)) - dpsw, _ := b64.StdEncoding.DecodeString(string(bpsw)) - return string(duser), string(dpsw) - -} -func parseDecodedSecret(sec map[string]string) (string, string) { - user := sec[corev1.BasicAuthUsernameKey] - psw := sec[corev1.BasicAuthPasswordKey] - return user, psw - -} - -// ReadSecret - -func ReadSecret(secret interface{}, secretName string) (types.AuthConfig, error) { - // Store secret based on it's structure - var authConfig types.AuthConfig - if sec, ok := secret.(*types.AuthConfig); ok { - return *sec, nil - } - if sec, ok := secret.(map[string]string); ok { - return types.AuthConfig{Username: sec["username"]}, nil - } - if sec, ok := secret.(DockerConfigJsonstructure); ok { - if _, k := sec["auths"]; !k { - return authConfig, fmt.Errorf("cant find auths") - } - for serverAddress, authConfig := range sec["auths"] { - updateSecret(&authConfig, serverAddress) - return authConfig, nil - } - } - - return authConfig, fmt.Errorf("cant find secret") -} - -func GetSecret(clientset *kubernetes.Clientset, namespace, name string) (*types.AuthConfig, error) { - res, err := clientset.CoreV1().Secrets(namespace).Get(context.Background(), name, metav1.GetOptions{}) - if err != nil { - glog.Errorf("%v", err) - } - - // Read secret - secret, err := GetSecretContent(res) - if err != nil { - glog.Error(err) - return nil, err - } - - if secret == nil { - err := fmt.Errorf("secret %s not found", name) - glog.Error(err) - return nil, err - } - sec, err := ReadSecret(secret, name) - if err != nil { - return &sec, err - } - return &sec, nil - -} - -// GetSecretContent - -func GetSecretContent(secret *corev1.Secret) (interface{}, error) { - - // Secret types- https://github.com/kubernetes/kubernetes/blob/7693a1d5fe2a35b6e2e205f03ae9b3eddcdabc6b/pkg/apis/core/types.go#L4394-L4478 - switch secret.Type { - case corev1.SecretTypeDockerConfigJson: - sec := make(DockerConfigJsonstructure) - if err := json.Unmarshal(secret.Data[corev1.DockerConfigJsonKey], &sec); err != nil { - return nil, err - } - return sec, nil - default: - user, psw := "", "" - if len(secret.Data) != 0 { - user, psw = parseEncodedSecret(secret.Data) - } else if len(secret.StringData) != 0 { - userD, pswD := parseDecodedSecret(secret.StringData) - if userD != "" { - user = userD - } - if pswD != "" { - psw = pswD - } - } else { - return nil, fmt.Errorf("data not found in secret") - } - if user == "" || psw == "" { - return nil, fmt.Errorf("username or password not found") - } - - return &types.AuthConfig{Username: user, Password: psw}, nil - } -} - -func ParseSecret(res *corev1.Secret, name string) (*types.AuthConfig, error) { - - // Read secret - secret, err := GetSecretContent(res) - if err != nil { - glog.Error(err) - return nil, err - } - - if secret == nil { - err := fmt.Errorf("secret %s not found", name) - glog.Error(err) - return nil, err - } - sec, err := ReadSecret(secret, name) - if err != nil { - return &sec, err - } - return &sec, nil - -} diff --git a/vendor/github.com/armosec/capacketsgo/secrethandling/secretencryption.go b/vendor/github.com/armosec/capacketsgo/secrethandling/secretencryption.go deleted file mode 100644 index 20052d53..00000000 --- a/vendor/github.com/armosec/capacketsgo/secrethandling/secretencryption.go +++ /dev/null @@ -1,84 +0,0 @@ -package secrethandling - -import "fmt" - -// GetFieldsToEncrypt get fields from secret data to encrypt -func GetFieldsToEncrypt(secretDate map[string][]byte, secretPolicy *SecretAccessPolicy, subsecretName string) (map[string]string, error) { - fieldsToEncrypt, err := GetFieldsToEncryptFromSecretPolicy(secretDate, secretPolicy) - if err != nil || len(fieldsToEncrypt) != 0 { // if subsecrets are defined in secret policy - return fieldsToEncrypt, err - } - - // if secret policy doesn't have subsecrets - if subsecretName != "" { - secretData, ok := secretDate[subsecretName] - if !ok { - return fieldsToEncrypt, fmt.Errorf("subsecret %s not found in secret data", subsecretName) - } - if !HasSecretTLV(secretData) { - fieldsToEncrypt[subsecretName] = "" - } - } else { - for subsecret, secretData := range secretDate { - if !HasSecretTLV(secretData) { - fieldsToEncrypt[subsecret] = "" - } - } - - } - return fieldsToEncrypt, nil -} - -// GetFieldsToEncryptFromSecretPolicy - -func GetFieldsToEncryptFromSecretPolicy(secretDate map[string][]byte, secretPolicy *SecretAccessPolicy) (map[string]string, error) { - fieldsToEncrypt := make(map[string]string) - if secretPolicy == nil || secretPolicy.Secrets == nil { - return fieldsToEncrypt, nil - } - for secrets := range secretPolicy.Secrets { - for _, subsecret := range secretPolicy.Secrets[secrets].KeyIDs { - subsecretData, err := SubsecretToEncrypt(secretDate, subsecret.SubSecretName) - if err != nil { - return fieldsToEncrypt, err - } - if !HasSecretTLV(subsecretData) { - fieldsToEncrypt[subsecret.SubSecretName] = subsecret.KeyID - } - } - } - return fieldsToEncrypt, nil -} - -// SubsecretToEncrypt check if the given subsecret should be encrypted -func SubsecretToEncrypt(subsecrets map[string][]byte, subsecretName string) ([]byte, error) { - secretData, ok := subsecrets[subsecretName] - if !ok { - return []byte{}, fmt.Errorf("subsecret %s not found in data", subsecretName) - } - if _, ok := subsecrets[subsecretName+ArmoShadowSubsecretSuffix]; ok { - return []byte{}, nil - } - return secretData, nil -} - -// GetFieldsToDecrypt get encrypted secret fields -func GetFieldsToDecrypt(secretDate map[string][]byte, subsecretName string) ([]string, error) { - fieldsToDecrypt := []string{} - if subsecretName != "" { - secretData, ok := secretDate[subsecretName] - if !ok { - return fieldsToDecrypt, fmt.Errorf("subsecret %s not found in secret data", subsecretName) - } - if HasSecretTLV(secretData) { - fieldsToDecrypt = append(fieldsToDecrypt, subsecretName) - } - } else { - for subsecret, secretData := range secretDate { - if HasSecretTLV(secretData) { - fieldsToDecrypt = append(fieldsToDecrypt, subsecret) - } - } - - } - return fieldsToDecrypt, nil -} diff --git a/vendor/github.com/armosec/capacketsgo/secrethandling/secrethandling.go b/vendor/github.com/armosec/capacketsgo/secrethandling/secrethandling.go deleted file mode 100644 index cf14ea80..00000000 --- a/vendor/github.com/armosec/capacketsgo/secrethandling/secrethandling.go +++ /dev/null @@ -1,495 +0,0 @@ -package secrethandling - -import ( - "encoding/base64" - "encoding/hex" - "fmt" - "strings" - "time" - - "go.uber.org/zap" - corev1 "k8s.io/api/core/v1" -) - -// Global variables to use in another packages -var ( - ArmoShadowSecretInitalLabel = "cyberarmor.initial" - ArmoShadowSecretFlagLabel = "cyberarmor.secret" - ArmoShadowSecretPrefix = "ca-" - ArmoShadowSubsecretSuffix = ".castatus" -) - -// CAK8SMeta holds common metadata about k8s objects -type CAK8SMeta struct { - CustomerGUID string `json:"customerGUID"` - CAClusterName string `json:"caClusterName,omitempty"` - LastUpdateTime time.Time `json:"caLastUpdate"` - IsActive bool `json:"isActive"` -} - -// K8SSecret represents single k8s secret in cluster -type K8SSecret struct { - CAK8SMeta `json:",inline"` - corev1.Secret `json:",inline"` - Protected int `json:"protected"` -} - -// DEPRECATED - "github.com/armosec/capacketsgo/armotypes" -// PortalBase holds basic items data from portal BE -type PortalBase struct { - GUID string `json:"guid"` - Name string `json:"name"` - Attributes map[string]interface{} `json:"attributes,omitempty"` // could be string -} - -// DEPRECATED - "github.com/armosec/capacketsgo/armotypes" -// PortalDesignator represented single designation options -type PortalDesignator struct { - DesignatorType string `json:"designatorType"` - WLID string `json:"wlid"` - WildWLID string `json:"wildwlid"` - Attributes map[string]string `json:"attributes"` -} - -// SecretAccessPolicy represent list od workloads allows to access some secrets -// Notice that in K8S, workload can use secret only in case they are in the same namespace -type SecretAccessPolicy struct { - PortalBase `json:",inline"` - PolicyType string `json:"policyType"` - CreationDate string `json:"creation_time"` - Designators []PortalDesignator `json:"designators"` - Secrets []PortalSecretDefinition `json:"secrets"` -} - -// PortalSecretDefinition defines a relation between keys and sub secrets of specific secret -type PortalSecretDefinition struct { - SecretID string `json:"sid"` - KeyIDs []PortalSubSecretDefinition `json:"keyIDs"` -} - -// PortalSubSecretDefinition defines a relation between keyID and sub secret -type PortalSubSecretDefinition struct { - SubSecretName string `json:"subSecretName"` - KeyID string `json:"keyID"` -} - -var supportedSecretsTypes = []corev1.SecretType{corev1.SecretTypeOpaque} - -// LoadSubSecretsIntoPolicy fills the subsecrets names + keyIDs in this policy -// returns if this policy had changed during the process -func (sap *SecretAccessPolicy) LoadSubSecretsIntoPolicy(shadowSecret *K8SSecret, initialSID string) bool { - isChanged := false - if !shadowSecret.IsActive { - return false - } - for secIdx := range sap.Secrets { - if sap.Secrets[secIdx].SecretID == initialSID { - if sap.Secrets[secIdx].KeyIDs == nil { - sap.Secrets[secIdx].KeyIDs = make([]PortalSubSecretDefinition, 0) - } - policySubSecs := make(map[string]map[string]bool, len(sap.Secrets[secIdx].KeyIDs)) - // collecting sub-secrets and keyIDs currently exists in the policy - for subSecIdx := range sap.Secrets[secIdx].KeyIDs { - if _, ok := policySubSecs[sap.Secrets[secIdx].KeyIDs[subSecIdx].SubSecretName]; !ok { - policySubSecs[sap.Secrets[secIdx].KeyIDs[subSecIdx].SubSecretName] = make(map[string]bool) - } - policySubSecs[sap.Secrets[secIdx].KeyIDs[subSecIdx].SubSecretName][sap.Secrets[secIdx].KeyIDs[subSecIdx].KeyID] = true - } - - if shadowSecret.Annotations != nil { - // filling new sub-secrets or new keyIDs in the policy - for anno := range shadowSecret.Annotations { - subSecName := GetSubSecretFromAnnotation(anno) - subSecKeyID := GetSubSecretKeyIDFromAnnotation(shadowSecret.Annotations[anno]) - if subSecName != "" && subSecKeyID != "" { - subSecKeyIDFound := false - for subSecIdx := range sap.Secrets[secIdx].KeyIDs { - subSecKeyIDFound = updateSubsecretPolicy(&sap.Secrets[secIdx].KeyIDs[subSecIdx], subSecName, subSecKeyID) - } - if subSecKeyIDFound { - isChanged = subSecKeyIDFound - continue - } - if _, ok := policySubSecs[subSecName]; ok { - if _, ok := policySubSecs[subSecName][subSecKeyID]; ok { - continue - } - } - isChanged = true - sap.Secrets[secIdx].KeyIDs = append(sap.Secrets[secIdx].KeyIDs, PortalSubSecretDefinition{ - SubSecretName: subSecName, - KeyID: subSecKeyID, - }) - } - } - } - } - } - return isChanged -} - -func updateSubsecretPolicy(portalSubSecretDefinition *PortalSubSecretDefinition, subSecName, subSecKeyID string) bool { - if portalSubSecretDefinition.SubSecretName == "" && portalSubSecretDefinition.KeyID == "" { // empty secret name and empty secret id - portalSubSecretDefinition.SubSecretName = subSecName - portalSubSecretDefinition.KeyID = subSecKeyID - return true - } - if portalSubSecretDefinition.SubSecretName == subSecName { - if portalSubSecretDefinition.KeyID == "" || portalSubSecretDefinition.KeyID != subSecKeyID { // empty/old secretID - portalSubSecretDefinition.KeyID = subSecKeyID - return true - } - } - if portalSubSecretDefinition.SubSecretName == "" { // empty secret name - if portalSubSecretDefinition.KeyID == subSecKeyID { - portalSubSecretDefinition.SubSecretName = subSecName - return true - } - } - return false -} - -// GetSubSecretKeyIDFromAnnotation extract from annotation value the desired key id -func GetSubSecretKeyIDFromAnnotation(annotationVal string) string { - // described in https://cyberarmorio.sharepoint.com/sites/development2/Shared%20Documents/Kubernetes%20secrets.docx?web=1, data definitions section - castatusBytes, err := base64.StdEncoding.DecodeString(annotationVal) - if err != nil { - zap.L().Error("In GetSubSecretKeyIDFromAnnotation failed to DecodeString", zap.Error(err)) - return "" - } - return hex.EncodeToString(castatusBytes[24 : 24+16]) -} - -// GetSubSecretFromAnnotation extract from annotation tag the desired sub-secret name -func GetSubSecretFromAnnotation(annotationTag string) string { - annotSlices := strings.SplitN(annotationTag, "/", 2) - if len(annotSlices) == 2 && annotSlices[0] == "cyberarmor" { - if len(annotSlices) == 2 && annotSlices[0] == "cyberarmor" { - sepIdx := strings.LastIndex(annotSlices[1], ".") - if len(annotSlices[1]) > -1 && annotSlices[1][sepIdx+1:] == "castatus" { - return annotSlices[1][:sepIdx] - } - } - } - return "" -} - -// GetID returnd the sid of the secret -func (sec *K8SSecret) GetID() string { - return fmt.Sprintf("sid://cluster-%s/namespace-%s/secret-%s", sec.CAClusterName, sec.Namespace, sec.Name) -} - -// SplitSecretID splits the secret id string into cluster, namespace, secret-name [,sub-secret-name] -func SplitSecretID(sid string) ([]string, error) { - if err := ValidateSecretID(sid); err != nil { - return nil, err - } - - splits := strings.Split(sid, "/") - splitsLen := len(splits) - if splitsLen < 5 || splitsLen > 6 { - return nil, fmt.Errorf("invalid sid: '%s', to short", sid) - } - kind := "" - if strings.HasPrefix(splits[2], ClusterWlidPrefix) && strings.HasPrefix(splits[3], NamespaceWlidPrefix) { - kind = "k8s" - } else if strings.HasPrefix(splits[2], DataCenterWlidPrefix) && strings.HasPrefix(splits[3], ProjectWlidPrefix) { - kind = "native" - } else { - return nil, fmt.Errorf("invalid sid: '%s', unknown kind", sid) - } - - rslt := make([]string, 0, 4) - if kind == "k8s" { - rslt = append(rslt, splits[2][len(ClusterWlidPrefix):]) - rslt = append(rslt, splits[3][len(NamespaceWlidPrefix):]) - } else { - rslt = append(rslt, splits[2][len(DataCenterWlidPrefix):]) - rslt = append(rslt, splits[3][len(ProjectWlidPrefix):]) - } - rslt = append(rslt, splits[4][len(SecretSIDPrefix):]) - if len(splits) > 5 { - rslt = append(rslt, splits[5][len(SubSecretSIDPrefix):]) - } - return rslt, nil -} - -// ValidateSecretID test secret validation -func ValidateSecretID(sid string) error { - if sid == "" { - return fmt.Errorf("secret-id not found") - } - splits := strings.Split(sid, "/") - splitsLen := len(splits) - if splitsLen < 3 || splitsLen > 6 { - return fmt.Errorf("invalid sid: %s, to short or to long", sid) - } - level1 := "" - if splits[2] != "" { - if strings.HasPrefix(splits[2], ClusterWlidPrefix) { - if splits[2][len(ClusterWlidPrefix):] != "" { - level1 = NamespaceWlidPrefix - } - } else { - if strings.HasPrefix(splits[2], DataCenterWlidPrefix) { - if splits[2][len(DataCenterWlidPrefix):] != "" { - level1 = ProjectWlidPrefix - } - } - } - } - if level1 == "" { - return fmt.Errorf("invalid sid: %s, missing cluster/datacenter", sid) - } - - if splitsLen >= 4 { - if splits[3] != "" && (!strings.HasPrefix(splits[3], level1) || splits[3][len(level1):] == "") { - return fmt.Errorf("invalid sid: %s, empty namespace/project", sid) - } - } - if splitsLen >= 5 { - if splits[4] != "" && (!strings.HasPrefix(splits[4], SecretSIDPrefix) || splits[4][len(SecretSIDPrefix):] == "") { - return fmt.Errorf("invalid sid: %s, empty secret name", sid) - } - } - if splitsLen == 6 { - if splits[5] != "" && (!strings.HasPrefix(splits[5], SubSecretSIDPrefix) || splits[5][len(SubSecretSIDPrefix):] == "") { - return fmt.Errorf("invalid sid: %s, empty subsecret name", sid) - } - } - return nil -} - -// GetSID get secret is -func GetSID(cluster, namespace, name, subsecret string) string { - sid := fmt.Sprintf("sid://%s%s/%s%s/secret-%s", ClusterWlidPrefix, cluster, NamespaceWlidPrefix, namespace, name) - if subsecret != "" { - sid = fmt.Sprintf("%s/subsecret-%s", sid, subsecret) - } - return sid -} - -// GetNativeSID get native secret is -func GetNativeSID(datacenter, project, name, subsecret string) string { - sid := fmt.Sprintf("sid://%s%s/%s%s/secret-%s", DataCenterWlidPrefix, datacenter, ProjectWlidPrefix, project, name) - if subsecret != "" { - sid = fmt.Sprintf("%s/subsecret-%s", sid, subsecret) - } - return sid -} - -// IsSIDK8s get secret kind -func IsSIDK8s(sid string) bool { - splits := strings.Split(sid, "/") - if sid == "sid://" || strings.HasPrefix(splits[2], ClusterWlidPrefix) { - return true - } - return false -} - -// GetSIDCluster get cluster name from secret-id -func GetSIDCluster(sid string) string { - splitted, _ := SplitSecretID(sid) - return splitted[0] -} - -// GetSIDNamespace get namespace name from secret-id -func GetSIDNamespace(sid string) string { - splitted, _ := SplitSecretID(sid) - return splitted[1] -} - -// GetSIDLevel0 get level0 name from secret-id -func GetSIDLevel0(sid string) string { - splitted, _ := SplitSecretID(sid) - return splitted[0] -} - -// GetSIDLevel1 get level1 name from secret-id -func GetSIDLevel1(sid string) string { - splitted, _ := SplitSecretID(sid) - return splitted[1] -} - -// GetSIDName get secret name from secret-id -func GetSIDName(sid string) string { - splitted, _ := SplitSecretID(sid) - return splitted[2] -} - -// GetSIDSubsecret get subsecret name from secret-id, if not found, return empty string -func GetSIDSubsecret(sid string) string { - splitted, _ := SplitSecretID(sid) - if len(splitted) > 3 { - return splitted[3] - } - return "" -} - -// RemoveSIDSubsecret get subsecret name from secret-id, if not found, return empty string -func RemoveSIDSubsecret(sid string) string { - splitted, _ := SplitSecretID(sid) - if len(splitted) < 3 { - return "" - } - if IsSIDK8s(sid) { - return GetSID(splitted[0], splitted[1], splitted[2], "") - } - return GetNativeSID(splitted[0], splitted[1], splitted[2], "") -} - -// GetSecretIDsFromPolicyList list secret-ids from a list of policies -func GetSecretIDsFromPolicyList(listSecretAccessPolicy []SecretAccessPolicy) map[string]SecretAccessPolicy { - secretIDs := make(map[string]SecretAccessPolicy) - for i := range listSecretAccessPolicy { - secretIDsTmp := GetSecretIDsFromPolicy(&listSecretAccessPolicy[i]) - for j := range secretIDsTmp { - secretIDs[secretIDsTmp[j]] = listSecretAccessPolicy[i] - } - } - return secretIDs -} - -// GetSecretIDsFromPolicy list secret-ids from a secret policy -func GetSecretIDsFromPolicy(secretAccessPolicy *SecretAccessPolicy) []string { - secretIDs := []string{} - if secretAccessPolicy.Secrets == nil { - return secretIDs - } - for sec := range secretAccessPolicy.Secrets { - if secretAccessPolicy.Secrets[sec].SecretID != "" { - secretIDs = append(secretIDs, secretAccessPolicy.Secrets[sec].SecretID) - } - } - return secretIDs -} - -// IsSecretTypeSupported does Armo support protection on this type of secret -func IsSecretTypeSupported(secretType corev1.SecretType) bool { - for i := range supportedSecretsTypes { - if supportedSecretsTypes[i] == secretType { - return true - } - } - return false -} - -// GenerateDefaultNamespacePolicy generate default secret access policy based on namespace -func GenerateDefaultNamespacePolicy(sid string) *SecretAccessPolicy { - - keyLevel0 := "" - keyLevel1 := "" - - if IsSIDK8s(sid) { - keyLevel0 = strings.TrimSuffix(ClusterWlidPrefix, "-") - keyLevel1 = strings.TrimSuffix(NamespaceWlidPrefix, "-") - } else { - keyLevel0 = strings.TrimSuffix(DataCenterWlidPrefix, "-") - keyLevel1 = strings.TrimSuffix(ProjectWlidPrefix, "-") - } - return &SecretAccessPolicy{ - PortalBase: PortalBase{ - Name: sid, - Attributes: map[string]interface{}{ - "name": "generatedInBackend", - "policy": "generatedInBackend", - }, - }, - CreationDate: time.Now().UTC().Format(time.RFC3339), - PolicyType: "secretAccessList", - Designators: []PortalDesignator{ - { - DesignatorType: "attributes", - Attributes: map[string]string{ - keyLevel0: GetSIDLevel0(sid), - keyLevel1: GetSIDLevel1(sid), - }, - }, - }, - Secrets: []PortalSecretDefinition{ - { - SecretID: sid, - KeyIDs: []PortalSubSecretDefinition{}, - }, - }, - } -} - -// EditEncryptionSecretPolicy remove subsecret name from sid -func EditEncryptionSecretPolicy(secretAccessPolicy *SecretAccessPolicy) { - if secretAccessPolicy == nil || secretAccessPolicy.Secrets == nil { - return - } - for i := range secretAccessPolicy.Secrets { - sid := secretAccessPolicy.Secrets[i].SecretID - if secretAccessPolicy.Secrets[i].KeyIDs == nil { - secretAccessPolicy.Secrets[i].KeyIDs = []PortalSubSecretDefinition{} - } - subsecret := GetSIDSubsecret(sid) - if subsecret == "" { - continue - } - secretAccessPolicy.Secrets[i].SecretID = RemoveSIDSubsecret(sid) - found := false - for j := range secretAccessPolicy.Secrets[i].KeyIDs { - if secretAccessPolicy.Secrets[i].KeyIDs[j].SubSecretName == subsecret { - found = true - } - } - if len(secretAccessPolicy.Secrets[i].KeyIDs) == 0 || !found { - secretAccessPolicy.Secrets[i].KeyIDs = append(secretAccessPolicy.Secrets[i].KeyIDs, PortalSubSecretDefinition{SubSecretName: subsecret}) - } - } - -} - -// ValidateSecretAccessPolicy validate secret policy object -func ValidateSecretAccessPolicy(policy *SecretAccessPolicy) error { - if policy == nil { - return fmt.Errorf("empty secretAccessPolicy") - } - if policy.Attributes == nil { - policy.Attributes = make(map[string]interface{}) - } - policy.Attributes["lastEdited"] = time.Now().UTC().Format(time.RFC3339) - - if policy.PolicyType == "" { - policy.PolicyType = "secretAccessList" - } - if policy.Secrets == nil || len(policy.Secrets) == 0 { - return fmt.Errorf("no secrets found in secretAccessPolicy") - } - for i := range policy.Secrets { - if policy.Secrets[i].SecretID == "" { - return fmt.Errorf("empty SecretID found in secretAccessPolicy index %d", i) - } - if policy.Secrets[i].KeyIDs == nil { - policy.Secrets[i].KeyIDs = []PortalSubSecretDefinition{} - } - } - if policy.Name == "" { - policy.Name = policy.Secrets[0].SecretID - policy.Attributes["name"] = "nameGeneratedInBackend" - } - - if policy.Designators != nil { - for i := range policy.Designators { - if policy.Designators[i].DesignatorType == "" { - if policy.Designators[i].WLID != "" { - policy.Designators[i].DesignatorType = "wlid" - } - if policy.Designators[i].WildWLID != "" { - policy.Designators[i].DesignatorType = "wildwlid" - } - if policy.Designators[i].Attributes != nil && len(policy.Designators[i].Attributes) > 0 { - policy.Designators[i].DesignatorType = "attributes" - } - } - } - } - if policy.CreationDate == "" { - policy.CreationDate = time.Now().UTC().Format(time.RFC3339) - } - - return nil -} diff --git a/vendor/github.com/armosec/capacketsgo/secrethandling/secrethandling_test.go b/vendor/github.com/armosec/capacketsgo/secrethandling/secrethandling_test.go deleted file mode 100644 index 4a1b0e0e..00000000 --- a/vendor/github.com/armosec/capacketsgo/secrethandling/secrethandling_test.go +++ /dev/null @@ -1,102 +0,0 @@ -package secrethandling - -import "testing" - -func TestIsSecretTypeSupported(t *testing.T) { - if !IsSecretTypeSupported("Opaque") { - t.Errorf("secret is supported") - } -} - -func TestUpdateSubsecretPolicy(t *testing.T) { - portalSubSecretDefinition := &PortalSubSecretDefinition{ - KeyID: "8a14bc679340d3878a14bc679340d387", - SubSecretName: "user", - } - subSecName := "user" - subSecKeyID := "8a14bc679340d3878a14bc679340d381" - if updated := updateSubsecretPolicy(portalSubSecretDefinition, subSecName, subSecKeyID); !updated { - t.Errorf("should update") - } - if portalSubSecretDefinition.KeyID != subSecKeyID { - t.Errorf("keyID not updated") - } - -} -func TestValidateSecretIDK8s(t *testing.T) { - if err := ValidateSecretID(""); err == nil { - t.Errorf("A expected to fail") - } - if err := ValidateSecretID("sid://"); err == nil { - t.Errorf("B expected to fail") - } - if err := ValidateSecretID("sid://cluster-"); err == nil { - t.Errorf("C expected to fail") - } - if err := ValidateSecretID("sid://cluster-bla"); err != nil { - t.Errorf("D expected to pass") - } - if err := ValidateSecretID("sid://cluster-bla"); err != nil { - t.Errorf("E expected to pass") - } - if err := ValidateSecretID("sid://cluster-bla/"); err != nil { - t.Errorf("F expected to pass") - } - if err := ValidateSecretID("sid://cluster-bla/namespace-"); err == nil { - t.Errorf("G expected to fail") - } - if err := ValidateSecretID("sid://cluster-bla/namespace-bla/secret-bla"); err != nil { - t.Errorf("H expected to pass") - } - if err := ValidateSecretID("sid://cluster-bla/namespace-bla/secret-bla/subsecret-bla"); err != nil { - t.Errorf("I expected to pass") - } - -} - -func TestValidateSecretIDNative(t *testing.T) { - if err := ValidateSecretID(""); err == nil { - t.Errorf("A expected to fail") - } - if err := ValidateSecretID("sid://"); err == nil { - t.Errorf("B expected to fail") - } - if err := ValidateSecretID("sid://datacenter-"); err == nil { - t.Errorf("C expected to fail") - } - if err := ValidateSecretID("sid://datacenter-bla"); err != nil { - t.Errorf("D expected to pass") - } - if err := ValidateSecretID("sid://datacenter-bla"); err != nil { - t.Errorf("E expected to pass") - } - if err := ValidateSecretID("sid://datacenter-bla/"); err != nil { - t.Errorf("F expected to pass") - } - if err := ValidateSecretID("sid://datacenter-bla/project-"); err == nil { - t.Errorf("G expected to fail") - } - if err := ValidateSecretID("sid://datacenter-pod_seal-njca/project-default/secret-temp"); err != nil { - t.Errorf("H expected to pass") - } - if err := ValidateSecretID("sid://datacenter-bla/project-bla/secret-bla/subsecret-bla"); err != nil { - t.Errorf("I expected to pass") - } - -} - -func TestIsSIDK8s(t *testing.T) { - if IsSIDK8s("sid://datacenter-bla/project-bla/secret-bla") { - t.Errorf("expect to be native") - } - if !IsSIDK8s("sid://") { - t.Errorf("A expect to be k8s") - } - if !IsSIDK8s("sid://cluster-bla") { - t.Errorf("B expect to be k8s") - } - if !IsSIDK8s("sid://cluster-bla/namespace-bla/secret-bla") { - t.Errorf("C expect to be k8s") - } - -} diff --git a/vendor/github.com/armosec/capacketsgo/system-reports/README.md b/vendor/github.com/armosec/capacketsgo/system-reports/README.md deleted file mode 100644 index 33efd2f0..00000000 --- a/vendor/github.com/armosec/capacketsgo/system-reports/README.md +++ /dev/null @@ -1,5 +0,0 @@ -system-reports - -env variables: -====== -ARMO_EVENT_URL - contains the full url that the component will need to report to \ No newline at end of file diff --git a/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/basic_report.go b/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/basic_report.go deleted file mode 100644 index 246b6d84..00000000 --- a/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/basic_report.go +++ /dev/null @@ -1,164 +0,0 @@ -// represent a basic report -package datastructures - -import ( - "fmt" - "reflect" - "strings" - "sync" - "time" -) - -const ( - SysreportEndpoint = "/k8s/sysreport" - // //WT related - // WtPreConfigured = "wt preconfigured" - // wtUpdateStart = "wt update started" -) - -// JobsAnnotations job annotation -type JobsAnnotations struct { - /*jobid: context eg. if a certain job has multiple stages - eg. attach namespace>attach wlid in ns - so obj when pod is catched should look like: - { - jobID#1: { - "attach namespace" - } - } - - SHOULD BE RETHINK - */ - // JobIDsContex map[string]string `json:"jobIDsContex,omitempty"` - CurrJobID string `json:"jobID"` //simplest case (for now till we have a better idea) - ParentJobID string `json:"parentJobID"` //simplest case (for now till we have a better idea) - LastActionID string `json:"actionID"` //simplest case (for now till we have a better idea) used to pass as defining ordering between multiple components -} - -//BaseReport : represents the basic reports from various actions eg. attach and so on -// -// ("reporter": "auditlog processor", //the name of your k8s component -// "target": " auditlogs", // eg. if you know its cluster & ns you can say: hipstershop/dev auditlogs -// "status": -// "action": " -// "actionID" & "actionIDN" - numerical representation - eg if it's the first step then it should be 1, it also allow "forks" to happen -// "jobID": event reciever will fill that for you -// "parentAction": used like if you have like autoattach right? namespaces is the parent job but every wl up has attach but it's parent is the autoattach task -// "timestamp": -// "customerGUID": s.e -// } - -// Statuses type -type StatusType string - -const ( - JobSuccess string = "success" - JobFailed string = "failure" - JobStarted string = "started" - JobDone string = "done" -) - -type BaseReport struct { - CustomerGUID string `json:"customerGUID"` // customerGUID as declared in environment - Reporter string `json:"reporter"` // webhook, webscoket, other possible components - Target string `json:"target"` // wlid, cluster,etc. - which component this event is applicable on - Status string `json:"status"` // Action scope: Before action use "started", after action use "failure/success". Reporter scope: Before action use "started", after action use "done". - ActionName string `json:"action"` // Stage action. short description of the action to-be-done. When definding an action - Errors []string `json:"errors,omitempty"` - ActionID string `json:"actionID"` // Stage counter of the E2E process. initialize at 1. The number is increased when sending job report - ActionIDN int `json:"numSeq"` // The ActionID in number presentation - JobID string `json:"jobID"` // UID received from the eventReceiver after first report (the initializing is part of the first report) - ParentAction string `json:"parentAction,omitempty"` // Parent JobID - Details string `json:"details,omitempty"` // Parent JobID - Timestamp time.Time `json:"timestamp"` // - mutex sync.Mutex `json:"-"` // ignore - // Status StatusType `json:"status"` //it's status -} - -// -// ("reporter": "auditlog processor", //the name of your k8s component -// "target": " auditlogs", // eg. if you know its cluster & ns you can say: hipstershop/dev auditlogs -// "status": -// "action": " -// "actionID" & "actionIDN" - numerical representation - eg if it's the first step then it should be 1, it also allow "forks" to happen -// "jobID": event reciever will fill that for you -// "parentAction": used like if you have like autoattach right? namespaces is the parent job but every wl up has attach but it's parent is the autoattach task -// "timestamp": -// "customerGUID": s.e -// } - -// NewBaseReport return pointer to new BaseReport obj -func NewBaseReport(customerGUID, reporter string) *BaseReport { - return &BaseReport{ - CustomerGUID: customerGUID, - Reporter: reporter, - Status: JobStarted, - ActionName: fmt.Sprintf("Starting %s", reporter), - ActionID: "1", - ActionIDN: 1, - } -} - -// IReporter reporter interface -type IReporter interface { - // createReport() BaseReport - Send() (int, string, error) //send logic is here - GetReportID() string - AddError(string) - GetNextActionId() string //get - NextActionID() - SimpleReportAnnotations(bool, bool) (string, string) - SendAsRoutine([]string, bool) //goroutine wrapper - - // set methods - SendAction(string, bool) - SendError(error, bool, bool) - SendStatus(string, bool) - - // set methods - SetReporter(string) - SetStatus(string) - SetActionName(string) - SetTarget(string) - SetActionID(string) - SetJobID(string) - SetParentAction(string) - SetTimestamp(time.Time) - SetActionIDN(int) - SetCustomerGUID(string) - SetDetails(string) - - // get methods - GetReporter() string - GetStatus() string - GetActionName() string - GetTarget() string - GetErrorList() []string - GetActionID() string - GetJobID() string - GetParentAction() string - GetTimestamp() time.Time - GetActionIDN() int - GetCustomerGUID() string - GetDetails() string -} - -// IsEqual are two IReporter objects equal -func IsEqual(lhs, rhs IReporter) bool { - if strings.Compare(lhs.GetJobID(), rhs.GetJobID()) != 0 || - strings.Compare(lhs.GetStatus(), rhs.GetStatus()) != 0 || - strings.Compare(lhs.GetReporter(), rhs.GetReporter()) != 0 || - strings.Compare(lhs.GetTarget(), rhs.GetTarget()) != 0 || - strings.Compare(lhs.GetActionID(), rhs.GetActionID()) != 0 || - strings.Compare(lhs.GetActionName(), rhs.GetActionName()) != 0 || - strings.Compare(lhs.GetParentAction(), rhs.GetParentAction()) != 0 || - lhs.GetActionIDN() != rhs.GetActionIDN() || - - lhs.GetTimestamp().Unix() != rhs.GetTimestamp().Unix() || - !reflect.DeepEqual(rhs.GetErrorList(), lhs.GetErrorList()) { - return false - } - - return true -} diff --git a/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/basicreportmock.go b/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/basicreportmock.go deleted file mode 100644 index cc72749d..00000000 --- a/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/basicreportmock.go +++ /dev/null @@ -1,16 +0,0 @@ -package datastructures - -//BaseReportMock : represents the basic reports from various actions eg. attach and so on -type BaseReportMock struct { - BaseReport `json:",inline"` -} - -// NewBaseReportMock - -func NewBaseReportMock(costumerGUID, reporter string) *BaseReportMock { - brm := BaseReportMock{} - brm.Reporter = reporter - brm.CustomerGUID = costumerGUID - brm.Status = "started" - return &brm - -} diff --git a/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/datastructures_test.go b/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/datastructures_test.go deleted file mode 100644 index a092600d..00000000 --- a/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/datastructures_test.go +++ /dev/null @@ -1,107 +0,0 @@ -package datastructures - -import ( - "bytes" - "encoding/json" - "fmt" - "reflect" - "strings" - "testing" - "time" - - "github.com/francoispqt/gojay" -) - -func TestBaseReportStructure(t *testing.T) { - a := BaseReport{Reporter: "unit-test", Target: "unit-test-framework", JobID: "id", ActionID: "id2"} - timestamp := a.Timestamp - - a.Send() - if timestamp == a.Timestamp { - t.Errorf("Expecting different timestamp when sending a notification, received %v", a) - } - -} - -func TestFirstBaseReportStructure(t *testing.T) { - a := BaseReport{Reporter: "unit-test", Target: "unit-test-framework"} - id := a.JobID - a.Send() - if id != a.JobID { - t.Errorf("Expecting to have proccessID generated from 1st report, received %v", a) - } - -} -func BaseReportDiff(lhs, rhs *BaseReport) { - if strings.Compare(lhs.JobID, rhs.JobID) != 0 { - fmt.Printf("jobID: %v != %v\n", lhs.JobID, rhs.JobID) - } - if strings.Compare(lhs.Status, rhs.Status) != 0 { - fmt.Printf("Status: %v != %v\n", lhs.Status, rhs.Status) - } - if strings.Compare(lhs.Reporter, rhs.Reporter) != 0 { - fmt.Printf("Reporter: %v != %v\n", lhs.Reporter, rhs.Reporter) - } - if strings.Compare(lhs.Target, rhs.Target) != 0 { - fmt.Printf("Target: %v != %v\n", lhs.Target, rhs.Target) - } - if strings.Compare(lhs.ActionID, rhs.ActionID) != 0 { - fmt.Printf("ActionID: %v != %v\n", lhs.ActionID, rhs.ActionID) - } - if strings.Compare(lhs.ActionName, rhs.ActionName) != 0 { - fmt.Printf("ActionName: %v != %v\n", lhs.ActionName, rhs.ActionName) - } - if strings.Compare(lhs.ParentAction, rhs.ParentAction) != 0 { - fmt.Printf("%v != %v\n", lhs.ParentAction, rhs.ParentAction) - } - if lhs.Timestamp.Unix() != rhs.Timestamp.Unix() { - fmt.Printf("Timestamp: %v != %v\n", lhs.Timestamp, rhs.Timestamp) - } - if lhs.ActionIDN != rhs.ActionIDN { - fmt.Printf("ActionIDN: %v != %v\n", lhs.ActionIDN, rhs.ActionIDN) - } - if !reflect.DeepEqual(rhs.Errors, lhs.Errors) { - fmt.Printf("Errors: %v != %v\n", lhs.Errors, rhs.Errors) - } - -} -func TestUnmarshallingSuccess(t *testing.T) { - lhs := BaseReport{Reporter: "unit-test", Target: "unit-test-framework", JobID: "1", ActionID: "1", Status: "testing", ActionName: "Testing", ActionIDN: 1} - rhs := &BaseReport{} - lhs.AddError("1") - lhs.AddError("2") - lhs.Timestamp = time.Now() - bolB, _ := json.Marshal(lhs) - r := bytes.NewReader(bolB) - - er := gojay.NewDecoder(r).DecodeObject(rhs) - if er != nil { - t.Errorf("marshalling failed due to: %v", er.Error()) - } - if !IsEqual(&lhs, rhs) { - BaseReportDiff(&lhs, rhs) - fmt.Printf("%+v\n", lhs) - t.Errorf("%v", rhs) - } - -} - -func TestUnmarshallingPartial(t *testing.T) { - lhs := BaseReport{Reporter: "unit-test", Target: "unit-test-framework", JobID: "1", ActionID: "1", Status: "testing", ActionName: "Testing", ActionIDN: 1} - rhs := &BaseReport{} - - lhs.Timestamp = time.Now() - bolB, _ := json.Marshal(lhs) - r := bytes.NewReader(bolB) - - er := gojay.NewDecoder(r).DecodeObject(rhs) - if er != nil { - t.Errorf("marshalling failed due to: %v", er.Error()) - } - if !IsEqual(&lhs, rhs) { - BaseReportDiff(&lhs, rhs) - fmt.Printf("%+v\n", lhs) - t.Errorf("%v", rhs) - } - -} diff --git a/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/gojayunmarshaller.go b/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/gojayunmarshaller.go deleted file mode 100644 index 818510dd..00000000 --- a/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/gojayunmarshaller.go +++ /dev/null @@ -1,53 +0,0 @@ -package datastructures - -import ( - "time" - - "github.com/francoispqt/gojay" -) - -func (reporter *BaseReport) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error) { - switch key { - case "timestamp": - err = dec.Time(&(reporter.Timestamp), time.RFC3339) - reporter.Timestamp = reporter.Timestamp.Local() - case "reporter": - err = dec.String(&(reporter.Reporter)) - case "target": - err = dec.String(&(reporter.Target)) - case "status": - err = dec.String(&(reporter.Status)) - case "actionID": - err = dec.String(&(reporter.ActionID)) - case "jobID": - err = dec.String(&(reporter.JobID)) - case "action": - err = dec.String(&(reporter.ActionName)) - case "parentAction": - err = dec.String(&(reporter.ParentAction)) - case "numSeq": - - err = dec.Int(&(reporter.ActionIDN)) - - case "errors": - err = dec.SliceString(&(reporter.Errors)) - - case "customerGUID": - err = dec.String(&(reporter.CustomerGUID)) - } - return err -} - -// func (errors *[]string) UnmarshalJSONArray(dec *gojay.Decoder) error { -// lae := "" -// if err := dec.String(&lae); err != nil { -// return err -// } - -// *t = append(*t, lae) -// return nil -// } - -func (ae *BaseReport) NKeys() int { - return 0 -} diff --git a/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/methods.go b/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/methods.go deleted file mode 100644 index 4662e510..00000000 --- a/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/methods.go +++ /dev/null @@ -1,285 +0,0 @@ -package datastructures - -import ( - "bytes" - "encoding/json" - "fmt" - "io/ioutil" - "net/http" - "os" - "strconv" - "strings" - "sync" - "time" - - "github.com/golang/glog" -) - -var MAX_RETRIES int = 3 - -func (report *BaseReport) InitMutex() { - report.mutex = sync.Mutex{} -} - -func (report *BaseReport) NextActionID() { - report.ActionIDN++ - report.ActionID = report.GetNextActionId() -} -func (report *BaseReport) SimpleReportAnnotations(setParent bool, setCurrent bool) (string, string) { - - nextactionID := report.GetNextActionId() - - jobs := JobsAnnotations{LastActionID: nextactionID} - if setParent { - jobs.ParentJobID = report.JobID - } - if setCurrent { - jobs.CurrJobID = report.JobID - } - jsonAsString, _ := json.Marshal(jobs) - return string(jsonAsString), nextactionID - //ok -} - -func (report *BaseReport) GetNextActionId() string { - return strconv.Itoa(report.ActionIDN) -} - -func (report *BaseReport) AddError(er string) { - report.mutex.Lock() - defer report.mutex.Unlock() - if report.Errors == nil { - report.Errors = make([]string, 0) - } - report.Errors = append(report.Errors, er) -} - -func (report *BaseReport) SendAsRoutine(collector []string, progressNext bool) { - report.mutex.Lock() - go func() { - defer report.mutex.Unlock() - status, _, _ := report.Send() - if status < 200 || status >= 300 { - // TODO handle error - } - if progressNext { - report.NextActionID() - } - }() -} -func (report *BaseReport) GetReportID() string { - return fmt.Sprintf("%s::%s::%s (verbose: %s::%s)", report.Target, report.JobID, report.ActionID, report.ParentAction, report.ActionName) -} - -// Send - send http request. returns-> http status code, return message (jobID/OK), http/go error -func (report *BaseReport) Send() (int, string, error) { - - url := os.Getenv("CA_EVENT_RECEIVER_HTTP") - - if len(url) == 0 { - url = os.Getenv("CA_ARMO_EVENT_URL") // Deprecated - if len(url) == 0 { - glog.Errorf("%s - Error: CA_EVENT_RECEIVER_HTTP is missing", report.GetReportID()) - return 0, "", nil - } - } - url = url + SysreportEndpoint - report.Timestamp = time.Now() - if report.ActionID == "" { - report.ActionID = "1" - report.ActionIDN = 1 - } - reqBody, err := json.Marshal(report) - - if err != nil { - glog.Errorf("%s - Failed to marshall report object", report.GetReportID()) - return 500, "Couldn't marshall report object", err - } - var resp *http.Response - - for i := 0; i < MAX_RETRIES; i++ { - resp, err = http.Post(url, "application/json", bytes.NewBuffer(reqBody)) - if err == nil { - break - } - e := fmt.Errorf("attempt #%d %s - Failed posting report. Url: '%s', reason: '%s' report: '%s' ", i, report.GetReportID(), url, err.Error(), string(reqBody)) - glog.Error(e) - - if i == MAX_RETRIES-1 { - return 500, e.Error(), err - } - - } - // TODO - test retry - - defer resp.Body.Close() - body, err := ioutil.ReadAll(resp.Body) - bodyAsStr := "body could not be fetched" - if err == nil { - bodyAsStr = string(body) - } - - //first successful report gets it's jobID/proccessID - if len(report.JobID) == 0 && bodyAsStr != "ok" && resp.StatusCode >= 200 && resp.StatusCode < 300 { - report.JobID = bodyAsStr - glog.Infof("Generated jobID: '%s'", report.JobID) - } - return resp.StatusCode, bodyAsStr, nil -} - -// ======================================== SEND WRAPPER ======================================= - -// SendError - wrap AddError -func (report *BaseReport) SendError(err error, sendReport bool, initErrors bool) { - report.mutex.Lock() // + - - if report.Errors == nil { - report.Errors = make([]string, 0) - } - if err != nil { - e := fmt.Sprintf("Action: %s, Error: %s", report.ActionName, err.Error()) - report.Errors = append(report.Errors, e) - } - report.Status = JobFailed // TODO - Add flag? - report.mutex.Unlock() // - - if sendReport { - report.SendAsRoutine([]string{}, true) - } - if sendReport && initErrors { - report.mutex.Lock() // + - report.Errors = make([]string, 0) - report.mutex.Unlock() // - - } -} - -func (report *BaseReport) SendAction(actionName string, sendReport bool) { - report.SetActionName(actionName) - if sendReport { - report.SendAsRoutine([]string{}, true) - } -} - -func (report *BaseReport) SendStatus(status string, sendReport bool) { - report.SetStatus(status) - if sendReport { - report.SendAsRoutine([]string{}, true) - } -} - -// ============================================ SET ============================================ - -func (report *BaseReport) SetReporter(reporter string) { - report.mutex.Lock() - defer report.mutex.Unlock() - report.Reporter = strings.Title(reporter) -} -func (report *BaseReport) SetStatus(status string) { - report.mutex.Lock() - defer report.mutex.Unlock() - report.Status = status -} - -func (report *BaseReport) SetActionName(actionName string) { - report.mutex.Lock() - defer report.mutex.Unlock() - report.ActionName = strings.Title(actionName) - report.Status = JobStarted -} - -func (report *BaseReport) SetDetails(details string) { - report.mutex.Lock() - defer report.mutex.Unlock() - report.Details = details -} - -func (report *BaseReport) SetTarget(target string) { - report.mutex.Lock() - defer report.mutex.Unlock() - report.Target = target -} - -func (report *BaseReport) SetActionID(actionID string) { - report.mutex.Lock() - defer report.mutex.Unlock() - report.ActionID = actionID -} - -func (report *BaseReport) SetJobID(jobID string) { - report.mutex.Lock() - defer report.mutex.Unlock() - report.JobID = jobID -} - -func (report *BaseReport) SetParentAction(parentAction string) { - report.mutex.Lock() - defer report.mutex.Unlock() - report.ParentAction = parentAction -} - -func (report *BaseReport) SetCustomerGUID(customerGUID string) { - report.mutex.Lock() - defer report.mutex.Unlock() - report.CustomerGUID = customerGUID -} - -func (report *BaseReport) SetActionIDN(actionIDN int) { - report.mutex.Lock() - defer report.mutex.Unlock() - report.ActionIDN = actionIDN - report.ActionID = strconv.Itoa(report.ActionIDN) -} - -func (report *BaseReport) SetTimestamp(timestamp time.Time) { - report.mutex.Lock() - defer report.mutex.Unlock() - report.Timestamp = timestamp -} - -// ============================================ GET ============================================ -func (report *BaseReport) GetActionName() string { - return report.ActionName -} - -func (report *BaseReport) GetStatus() string { - return report.Status -} - -func (report *BaseReport) GetErrorList() []string { - return report.Errors -} - -func (report *BaseReport) GetTarget() string { - return report.Target -} - -func (report *BaseReport) GetReporter() string { - return report.Reporter -} - -func (report *BaseReport) GetActionID() string { - return report.ActionID -} - -func (report *BaseReport) GetJobID() string { - return report.JobID -} - -func (report *BaseReport) GetParentAction() string { - return report.ParentAction -} - -func (report *BaseReport) GetCustomerGUID() string { - return report.CustomerGUID -} - -func (report *BaseReport) GetActionIDN() int { - return report.ActionIDN -} - -func (report *BaseReport) GetTimestamp() time.Time { - return report.Timestamp -} - -func (report *BaseReport) GetDetails() string { - return report.Details -} diff --git a/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/methodsmock.go b/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/methodsmock.go deleted file mode 100644 index 9195e853..00000000 --- a/vendor/github.com/armosec/capacketsgo/system-reports/datastructures/methodsmock.go +++ /dev/null @@ -1,166 +0,0 @@ -package datastructures - -import ( - "encoding/json" - "fmt" - "strconv" - "sync" - "time" -) - -func (reportMock *BaseReportMock) InitMutex() { - reportMock.mutex = sync.Mutex{} -} - -func (reportMock *BaseReportMock) NextActionID() { - reportMock.ActionIDN++ - reportMock.ActionID = reportMock.GetNextActionId() -} -func (reportMock *BaseReportMock) SimpleReportAnnotations(setParent bool, setCurrent bool) (string, string) { - - nextactionID := reportMock.GetNextActionId() - - jobs := JobsAnnotations{LastActionID: nextactionID} - if setParent { - jobs.ParentJobID = reportMock.JobID - } - if setCurrent { - jobs.CurrJobID = reportMock.JobID - } - jsonAsString, _ := json.Marshal(jobs) - return string(jsonAsString), nextactionID -} - -func (reportMock *BaseReportMock) GetNextActionId() string { - return strconv.Itoa(reportMock.ActionIDN) -} - -func (reportMock *BaseReportMock) AddError(er string) { - reportMock.mutex.Lock() - defer reportMock.mutex.Unlock() - if reportMock.Errors == nil { - reportMock.Errors = make([]string, 0) - } - reportMock.Errors = append(reportMock.Errors, er) -} -func (reportMock *BaseReportMock) SendAsRoutine(collector []string, progressNext bool) { - go func() { - - reportMock.mutex.Lock() - defer reportMock.mutex.Unlock() - status, _, _ := reportMock.Send() - if status < 200 || status >= 300 { - //handle error - } - if progressNext { - reportMock.NextActionID() - } - }() -} -func (reportMock *BaseReportMock) GetReportID() string { - return fmt.Sprintf("%s::%s::%s (verbose: %s::%s)", reportMock.Target, reportMock.JobID, reportMock.ActionID, reportMock.ParentAction, reportMock.ActionName) -} - -func (reportMock *BaseReportMock) Send() (int, string, error) { - return 200, "", nil -} - -// ======================================== SEND WRAPPER ======================================= - -// SendError - wrap AddError -func (reportMock *BaseReportMock) SendError(err error, sendReport bool, initErrors bool) { - reportMock.AddError(err.Error()) -} - -func (reportMock *BaseReportMock) SendAction(actionName string, sendReport bool) { - reportMock.SetActionName(actionName) -} - -func (reportMock *BaseReportMock) SendStatus(status string, sendReport bool) { - reportMock.SetStatus(status) -} - -// ============================================ SET ============================================ -func (reportMock *BaseReportMock) SetReporter(reporter string) { - reportMock.Reporter = reporter -} - -func (reportMock *BaseReportMock) SetStatus(status string) { - reportMock.Status = status -} - -func (reportMock *BaseReportMock) SetActionName(actionName string) { - reportMock.ActionName = actionName -} - -func (reportMock *BaseReportMock) SetActionID(actionID string) { - reportMock.ActionID = actionID -} - -func (reportMock *BaseReportMock) SetJobID(jobID string) { - reportMock.JobID = jobID -} - -func (reportMock *BaseReportMock) SetParentAction(parentAction string) { - reportMock.ParentAction = parentAction -} - -func (reportMock *BaseReportMock) SetCustomerGUID(customerGUID string) { - reportMock.CustomerGUID = customerGUID -} - -func (reportMock *BaseReportMock) SetActionIDN(actionIDN int) { - reportMock.ActionIDN = actionIDN -} - -func (reportMock *BaseReportMock) SetTimestamp(timestamp time.Time) { - reportMock.Timestamp = timestamp -} - -func (reportMock *BaseReportMock) SetTarget(target string) { - reportMock.Target = target -} - -// ============================================ GET ============================================ -func (reportMock *BaseReportMock) GetReporter() string { - return reportMock.Reporter -} -func (reportMock *BaseReportMock) GetActionName() string { - return reportMock.ActionName -} - -func (reportMock *BaseReportMock) GetStatus() string { - return reportMock.Status -} - -func (reportMock *BaseReportMock) GetErrorList() []string { - return reportMock.Errors -} - -func (reportMock *BaseReportMock) GetActionID() string { - return reportMock.ActionID -} - -func (reportMock *BaseReportMock) GetJobID() string { - return reportMock.JobID -} - -func (reportMock *BaseReportMock) GetParentAction() string { - return reportMock.ParentAction -} - -func (reportMock *BaseReportMock) GetCustomerGUID() string { - return reportMock.CustomerGUID -} - -func (reportMock *BaseReportMock) GetActionIDN() int { - return reportMock.ActionIDN -} - -func (reportMock *BaseReportMock) GetTimestamp() time.Time { - return reportMock.Timestamp -} - -func (reportMock *BaseReportMock) GetTarget() string { - return reportMock.Target -} diff --git a/vendor/github.com/armosec/capacketsgo/system-reports/sysreports_test.go b/vendor/github.com/armosec/capacketsgo/system-reports/sysreports_test.go deleted file mode 100644 index 596f2c63..00000000 --- a/vendor/github.com/armosec/capacketsgo/system-reports/sysreports_test.go +++ /dev/null @@ -1,100 +0,0 @@ -package systemReport - -import ( - "encoding/json" - "strconv" - "sync" - "testing" - - "github.com/armosec/capacketsgo/system-reports/datastructures" - "github.com/armosec/capacketsgo/system-reports/utilities" - "github.com/golang/glog" -) - -func TestBaseReportStructure(t *testing.T) { - a := datastructures.BaseReport{Reporter: "unit-test", Target: "unit-test-framework", JobID: "id", ActionID: "id2"} - timestamp := a.Timestamp - - a.Send() - if timestamp == a.Timestamp { - t.Errorf("Expecting different timestamp when sending a notification, received %v", a) - } - -} - -func TestFirstBaseReportStructure(t *testing.T) { - a := datastructures.BaseReport{Reporter: "unit-test", Target: "unit-test-framework"} - _, id, _ := a.Send() - if id != a.JobID { - t.Errorf("Expecting to have proccessID generated from 1st report, received %v", a) - } - -} - -func TestJobsAnnotation(t *testing.T) { - a := datastructures.JobsAnnotations{CurrJobID: "test-job", LastActionID: "1"} - - marshal, err := json.Marshal(a) - if err != nil { - t.Errorf("unable to stringify job annotation: %v", a) - } - - jobid, obj, err := utilities.GetJobIDByContext(marshal, "test") - if err != nil { - t.Errorf("unable to parhe json job annotation: %v", a) - } - - if jobid != "test-job" || a.CurrJobID != obj.CurrJobID || a.LastActionID != obj.LastActionID || a.ParentJobID != obj.ParentJobID { - t.Error("unable to parse job annotation correctly") - } - -} - -func TestBaseReportNextActionID(t *testing.T) { - a := datastructures.BaseReport{Reporter: "unit-test", Target: "unit-test-framework", Status: "started", JobID: "processid1", ActionID: "1"} - a.Send() - a.NextActionID() - a.Send() - a.NextActionID() - a.Send() - a.NextActionID() - - if a.ActionID != "4" { - t.Errorf("NextActionID had unexpected behaviour %v", a) - } -} - -func TestBaseReportTestConcurrentErrorAdding(t *testing.T) { - a := &datastructures.BaseReport{Reporter: "unit-test", Target: "unit-test-framework", Status: "started", JobID: "processid1", ActionID: "1"} - var wg sync.WaitGroup - for j := 0; j < 10; j++ { - - for i := 0; i < 4; i++ { - wg.Add(1) - go func(i int, wg *sync.WaitGroup) { - defer wg.Done() - s := strconv.Itoa(i) - glog.Errorf("%s", s) - a.AddError(s) - }(i, &wg) - } - wg.Wait() - - if len(a.Errors) != 4 { - t.Errorf("an inconsistency error occured at round %d, expected 4 errors and got %v", j, a) - } - a.Errors = nil - - } -} - -//integration test- works -// func TestImmutableBaseReport(t *testing.T) { -// jobId := "" -// // target, reporter, actionID, action, status string, jobID *string, err error -// utilities.SendImuttableReport("wlid://unit-test", "unit-test", "1", "testing", "starting", &jobId, fmt.Errorf("severe error")) -// // if len(jobId) == 0 { - -// t.Errorf("%v", jobId) -// // } -//} diff --git a/vendor/github.com/armosec/capacketsgo/system-reports/utilities/utils.go b/vendor/github.com/armosec/capacketsgo/system-reports/utilities/utils.go deleted file mode 100644 index 5ec857ce..00000000 --- a/vendor/github.com/armosec/capacketsgo/system-reports/utilities/utils.go +++ /dev/null @@ -1,101 +0,0 @@ -package utilities - -import ( - "encoding/json" - "fmt" - "strconv" - - "github.com/armosec/capacketsgo/armotypes" - "github.com/armosec/capacketsgo/system-reports/datastructures" - "github.com/golang/glog" -) - -var ( - EmptyString = []string{} -) - -//TODO -//takes annotation and return the jobID, annotationObject, err -func GetJobIDByContext(jobs []byte, context string) (string, datastructures.JobsAnnotations, error) { - - var jobject datastructures.JobsAnnotations - err := json.Unmarshal(jobs, &jobject) - - return jobject.CurrJobID, jobject, err -} - -func ProcessAnnotations(reporter datastructures.IReporter, ijobAnot interface{}, hasAnnotations bool) { - if hasAnnotations { - glog.Infof("has job annotation %s", ijobAnot) - tmpstr := fmt.Sprintf("%s", ijobAnot) - _, jobAnnotObj, jerr := GetJobIDByContext([]byte(tmpstr), "attach") - if jerr == nil { - if len(jobAnnotObj.CurrJobID) > 0 { - reporter.SetJobID(jobAnnotObj.CurrJobID) - } - glog.Infof("job annotations object: %v", jobAnnotObj) - - reporter.SetParentAction(jobAnnotObj.ParentJobID) - reporter.SetActionID(jobAnnotObj.LastActionID) - actionID, _ := strconv.Atoi(reporter.GetActionID()) - reporter.SetActionIDN(actionID) - } - - } else { - glog.Errorf("no job annotation") - } -} - -//incase you want to send it all and just manage jobID, actionID yourself (no locking downtimes) -func SendImuttableReport(target, reporter, actionID, action, status string, jobID *string, err error) { - // go func(jobID *string) { - - lhs := datastructures.BaseReport{Reporter: reporter, ActionName: action, Target: target, JobID: *jobID, ActionID: actionID, Status: status} - lhs.ActionIDN, _ = strconv.Atoi(actionID) - if err != nil { - lhs.AddError(err.Error()) - glog.Error(err.Error()) - } - _, *jobID, _ = lhs.Send() - - glog.Infof("sent sys-report: %v", lhs) - - // }(jobID) - -} - -func InitReporter(customerGUID, reporterName, actionName, wlid string, designator *armotypes.PortalDesignator) *datastructures.BaseReport { - reporter := datastructures.NewBaseReport(customerGUID, reporterName) - if actionName != "" { - reporter.SetActionName(actionName) - } - if wlid != "" { - reporter.SetTarget(wlid) - } else if designator != nil { - reporter.SetTarget(GetTargetFromDesignator(designator)) - } - reporter.SendAsRoutine(EmptyString, true) - return reporter -} - -func GetTargetFromDesignator(designator *armotypes.PortalDesignator) string { - switch designator.DesignatorType { - case armotypes.DesignatorWlid: - return designator.WLID - case armotypes.DesignatorWildWlid: - return designator.WildWLID - case armotypes.DesignatorAttributes: - if designator.Attributes != nil { - return convertMapToString(designator.Attributes) - } - } - return "Unknown target" -} - -func convertMapToString(smap map[string]string) string { - str := "" - for i := range smap { - str += fmt.Sprintf("%s=%s;", i, smap[i]) - } - return str -}