diff --git a/.github/workflows/01-golang-lint.yaml b/.github/workflows/01-golang-lint.yaml new file mode 100644 index 00000000..89af89d5 --- /dev/null +++ b/.github/workflows/01-golang-lint.yaml @@ -0,0 +1,54 @@ +name: golangci-lint +on: + push: + branches: + - dev + pull_request: + types: [ edited, opened, synchronize, reopened ] + branches: [ master, dev ] + paths-ignore: + - '**.yaml' + - '**.md' +permissions: + contents: read + # Optional: allow read access to pull request. Use with `only-new-issues` option. + pull-requests: read +jobs: + golangci: + name: lint + runs-on: ubuntu-20.04 + steps: + - uses: actions/setup-go@v3 + with: + go-version: 1.18 + - uses: actions/checkout@v3 + with: + submodules: recursive + - name: Install libgit2 + run: make libgit2 + - name: golangci-lint + uses: golangci/golangci-lint-action@v3 + with: + # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version + version: latest + + # Optional: working directory, useful for monorepos + # working-directory: somedir + + # Optional: golangci-lint command line arguments. + # args: --issues-exit-code=0 + args: --timeout 10m --build-tags=static + #--new-from-rev dev + + # Optional: show only new issues if it's a pull request. The default value is `false`. + only-new-issues: true + + # Optional: if set to true then the all caching functionality will be complete disabled, + # takes precedence over all other caching options. + # skip-cache: true + + # Optional: if set to true then the action don't cache or restore ~/go/pkg. + # skip-pkg-cache: true + + # Optional: if set to true then the action don't cache or restore ~/.cache/go-build. + # skip-build-cache: true diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index b3e0ec05..9866022c 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -37,7 +37,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.18 + go-version: 1.19 - name: Install MSYS2 & libgit2 (Windows) shell: cmd diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 2d17c3a4..9578c4fb 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -61,7 +61,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.18 + go-version: 1.19 - name: Install MSYS2 & libgit2 (Windows) shell: cmd diff --git a/.gitignore b/.gitignore index 676bc584..827afa23 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,5 @@ *.pyc* .idea .history -ca.srl \ No newline at end of file +ca.srl +*.out diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 00000000..c57a2e41 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,58 @@ +linters-settings: + govet: + check-shadowing: true + dupl: + threshold: 200 + goconst: + min-len: 3 + min-occurrences: 2 + gocognit: + min-complexity: 65 + +linters: + enable: + - gosec + - staticcheck + - nolintlint + disable: + # temporarily disabled + - varcheck + - ineffassign + - unused + - typecheck + - errcheck + - govet + - gosimple + - deadcode + - gofmt + - goimports + - bodyclose + - dupl + - gocognit + - gocritic + - goimports + - nakedret + - revive + - stylecheck + - unconvert + - unparam + #- forbidigo # <- see later + # should remain disabled + - maligned + - lll + - gochecknoinits + - gochecknoglobals +issues: + exclude-rules: + - linters: + - revive + text: "var-naming" + - linters: + - revive + text: "type name will be used as (.+?) by other packages, and that stutters" + - linters: + - stylecheck + text: "ST1003" +run: + skip-dirs: + - git2go diff --git a/README.md b/README.md index e7f87d89..b3c2e68b 100644 --- a/README.md +++ b/README.md @@ -11,11 +11,11 @@ :sunglasses: [Want to contribute?](#being-a-part-of-the-team) :innocent: -Kubescape is a K8s open-source tool providing a Kubernetes single pane of glass, including risk analysis, security compliance, RBAC visualizer, and image vulnerability scanning. -Kubescape scans K8s clusters, YAML files, and HELM charts, detecting misconfigurations according to multiple frameworks (such as the [NSA-CISA](https://www.armosec.io/blog/kubernetes-hardening-guidance-summary-by-armo/?utm_source=github&utm_medium=repository), [MITRE ATT&CK®](https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/)), software vulnerabilities, and RBAC (role-based-access-control) violations at early stages of the CI/CD pipeline, calculates risk score instantly and shows risk trends over time. +Kubescape is an open-source Kubernetes security platform. A single pane of glass access to view risk analysis, security compliance, RBAC visualization, and image vulnerability scanning. +Kubescape scans Kubernetes clusters, YAML files, and Helm charts. It detects misconfigurations according to multiple frameworks (such as [NSA-CISA](https://www.armosec.io/blog/kubernetes-hardening-guidance-summary-by-armo/?utm_source=github&utm_medium=repository), [MITRE ATT&CK®](https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/) and [CIS Benchmark](https://www.armosec.io/blog/cis-kubernetes-benchmark-framework-scanning-tools-comparison/?utm_source=github&utm_medium=repository)). Kubescape also helps you find software vulnerabilities, and RBAC (role-based-access-control) violations at early stages of the CI/CD pipeline. It calculates your risk score instantly and shows risk trends over time. -It has become one of the fastest-growing Kubernetes tools among developers due to its easy-to-use CLI interface, flexible output formats, and automated scanning capabilities, saving Kubernetes users and admins precious time, effort, and resources. -Kubescape integrates natively with other DevOps tools, including Jenkins, CircleCI, Github workflows, Prometheus, and Slack, and supports multi-cloud K8s deployments like EKS, GKE, and AKS. +Kubescape is one of the fastest-growing Kubernetes security tools among developers. It saves Kubernetes users and admins precious time, effort, and resources with its easy-to-use CLI interface, flexible output formats, and automated scanning capabilities. +Kubescape integrates natively with other DevOps tools, including Jenkins, CircleCI, Github workflows, Prometheus, and Slack. It supports multi-cloud Kubernetes deployments like EKS, GKE, and AKS.
@@ -72,12 +72,14 @@ kubescape scan --enable-host-scan --verbose # Being a part of the team ## Community -We invite you to our community! We are excited about this project and want to return the love we get. +You are in vited to our community! We are excited about this project and want to return the love we get. -We hold community meetings in [Zoom](https://us02web.zoom.us/j/84020231442) on the first Tuesday of every month at 14:00 GMT! :sunglasses: +We hold community meetings on [Zoom](https://us02web.zoom.us/j/84020231442) on the first Tuesday of every month at 14:00 GMT! :sunglasses: + +Please make sure that you follow our [Code Of Conduct](https://github.com/kubescape/kubescape/blob/master/CODE_OF_CONDUCT.md). ## Contributions -[Want to contribute?](https://github.com/kubescape/kubescape/blob/master/CONTRIBUTING.md) Want to discuss something? Have an issue? Please make sure that you follow our [Code Of Conduct](https://github.com/kubescape/kubescape/blob/master/CODE_OF_CONDUCT.md) . +Want to discuss something? Have an issue? [Want to contribute?](https://github.com/kubescape/kubescape/blob/master/CONTRIBUTING.md) * Feel free to pick a task from the [issues](https://github.com/kubescape/kubescape/issues?q=is%3Aissue+is%3Aopen+label%3A%22open+for+contribution%22), [roadmap](docs/roadmap.md) or suggest a feature of your own. [Contact us](MAINTAINERS.md) directly for more information :) * [Open an issue](https://github.com/kubescape/kubescape/issues/new/choose) , we are trying to respond within 48 hours @@ -264,7 +266,7 @@ kubescape scan --format prometheus kubescape scan --format html --output results.html ``` -#### Scan with exceptions, objects with exceptions will be presented as `exclude` and not `fail` +#### Scan with exceptions. Objects with exceptions will be presented as `exclude` and not `fail` [Full documentation](examples/exceptions/README.md) ``` kubescape scan --exceptions examples/exceptions/exclude-kube-namespaces.json @@ -276,13 +278,13 @@ kubescape scan ``` > Kubescape will load the default value file -#### Scan Kustomize Directory +#### Scan a Kustomize Directory ``` kubescape scan ``` -> Kubescape will generate Kubernetes Yaml Objects using 'Kustomize' file and scans them for security. +> Kubescape will generate Kubernetes YAML objects using a 'Kustomize' file and scan them for security. -### Offline/Air-gaped Environment Support +### Offline/Air-gapped Environment Support [Video tutorial](https://youtu.be/IGXL9s37smM) @@ -326,7 +328,7 @@ kubescape scan framework nsa --use-from /path/nsa.json ![Visual Studio Marketplace Downloads](https://img.shields.io/visual-studio-marketplace/d/kubescape.kubescape?label=VScode) ![Open VSX](https://img.shields.io/open-vsx/dt/kubescape/kubescape?label=openVSX&color=yellowgreen) -Scan the YAML files while writing them using the [vs code extension](https://github.com/armosec/vscode-kubescape/blob/master/README.md) +Scan the YAML files while writing them using the [VS Code extension](https://github.com/armosec/vscode-kubescape/blob/master/README.md) ## Lens Extension @@ -408,15 +410,15 @@ View Kubescape scan results directly in [Lens IDE](https://k8slens.dev/) using k
Instructions to use the playground -* Apply changes you wish to make to the kubescape directory using text editors like `Vim`. +* Apply changes you wish to make to the Kubescape directory using text editors like `Vim`. * [Build on Linux](https://github.com/kubescape/kubescape#build-on-linuxmacos) -* Now, you can use Kubescape just like a normal user. Instead of using `kubescape`, use `./kubescape`. (Make sure you are inside kubescape directory because the command will execute the binary named `kubescape` in `kubescape directory`) +* Now, you can use Kubescape like a regular user. Instead of using `kubescape`, use `./kubescape`. Make sure you are in the Kubescape directory because the command will execute the binary named `kubescape` in `kubescape directory`)
-## VS code configuration samples +## VS Code configuration samples -You can use the sample files below to setup your VS code environment for building and debugging purposes. +You can use the sample files below to setup your VS Code environment for building and debugging purposes.
.vscode/settings.json @@ -463,11 +465,11 @@ You can use the sample files below to setup your VS code environment for buildin ## Technology Kubescape is based on the [OPA engine](https://github.com/open-policy-agent/opa) and ARMO's posture controls. -The tools retrieve Kubernetes objects from the API server and run a set of [rego's snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io?utm_source=github&utm_medium=repository). +The tools retrieve Kubernetes objects from the API server and runs a set of [Rego snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io?utm_source=github&utm_medium=repository). -The results by default are printed in a pretty "console friendly" manner, but they can be retrieved in JSON format for further processing. +The results by default are printed in a "console friendly" manner, but they can be retrieved in JSON format for further processing. -Kubescape is an open source project, we welcome your feedback and ideas for improvement. We’re also aiming to collaborate with the Kubernetes community to help make the tests more robust and complete as Kubernetes develops. +Kubescape is an open source project, we welcome your feedback and ideas for improvement. We are part of the Kubernetes community and aim to make the tests more robust and complete as Kubernetes develops. ## Thanks to all the contributors ❤️ diff --git a/build/Dockerfile b/build/Dockerfile index 360efa76..db5ac948 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.18-alpine as builder +FROM golang:1.19-alpine as builder ARG image_version ARG client diff --git a/cmd/completion/completion.go b/cmd/completion/completion.go index 3a7ac1a5..453cb12b 100644 --- a/cmd/completion/completion.go +++ b/cmd/completion/completion.go @@ -9,11 +9,11 @@ import ( var completionCmdExamples = ` - # Enable BASH shell autocompletion - $ source <(kubescape completion bash) + # Enable BASH shell autocompletion + $ source <(kubescape completion bash) $ echo 'source <(kubescape completion bash)' >> ~/.bashrc - # Enable ZSH shell autocompletion + # Enable ZSH shell autocompletion $ source <(kubectl completion zsh) $ echo 'source <(kubectl completion zsh)' >> "${fpath[1]}/_kubectl" @@ -27,7 +27,7 @@ func GetCompletionCmd() *cobra.Command { Example: completionCmdExamples, DisableFlagsInUseLine: true, ValidArgs: []string{"bash", "zsh", "fish", "powershell"}, - Args: cobra.ExactValidArgs(1), + Args: cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs), Run: func(cmd *cobra.Command, args []string) { switch strings.ToLower(args[0]) { case "bash": diff --git a/cmd/scan/scan.go b/cmd/scan/scan.go index 7868fee9..ac87f2e7 100644 --- a/cmd/scan/scan.go +++ b/cmd/scan/scan.go @@ -58,6 +58,7 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command { }, PreRun: func(cmd *cobra.Command, args []string) { k8sinterface.SetClusterContextName(scanInfo.KubeContext) + }, PostRun: func(cmd *cobra.Command, args []string) { // TODO - revert context @@ -65,6 +66,7 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command { } scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache") + // scanCmd.PersistentFlags().BoolVar(&scanInfo.CreateAccount, "create-account", false, "Create a Kubescape SaaS account ID account ID is not found in cache. After creating the account, the account ID will be saved in cache. In addition, the scanning results will be uploaded to the Kubescape SaaS") scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armosec.io/docs/authentication") scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armosec.io/docs/authentication") scanCmd.PersistentFlags().StringVarP(&scanInfo.KubeContext, "kube-context", "", "", "Kube context. Default will use the current-context") @@ -89,12 +91,14 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command { scanCmd.PersistentFlags().StringVar(&scanInfo.CustomClusterName, "cluster-name", "", "Set the custom name of the cluster. Not same as the kube-context flag") scanCmd.PersistentFlags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Submit the scan results to Kubescape SaaS where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted") scanCmd.PersistentFlags().BoolVarP(&scanInfo.OmitRawResources, "omit-raw-resources", "", false, "Omit raw resources from the output. By default the raw resources are included in the output") + scanCmd.PersistentFlags().BoolVarP(&scanInfo.PrintAttackTree, "print-attack-tree", "", false, "Print attack tree") scanCmd.PersistentFlags().MarkDeprecated("silent", "use '--logger' flag instead. Flag will be removed at 1.May.2022") // hidden flags scanCmd.PersistentFlags().MarkHidden("host-scan-yaml") // this flag should be used very cautiously. We prefer users will not use it at all unless the DaemonSet can not run pods on the nodes scanCmd.PersistentFlags().MarkHidden("omit-raw-resources") + scanCmd.PersistentFlags().MarkHidden("print-attack-tree") // Retrieve --kubeconfig flag from https://github.com/kubernetes/kubectl/blob/master/pkg/cmd/cmd.go scanCmd.PersistentFlags().AddGoFlag(flag.Lookup("kubeconfig")) diff --git a/core/cautils/customerloader.go b/core/cautils/customerloader.go index 733fb216..f45c9d8f 100644 --- a/core/cautils/customerloader.go +++ b/core/cautils/customerloader.go @@ -470,10 +470,7 @@ func (c *ClusterConfig) updateConfigMap() error { } func updateConfigFile(configObj *ConfigObj) error { - if err := os.WriteFile(ConfigFileFullPath(), configObj.Config(), 0664); err != nil { - return err - } - return nil + return os.WriteFile(ConfigFileFullPath(), configObj.Config(), 0664) //nolint:gosec } func (c *ClusterConfig) updateConfigData(configMap *corev1.ConfigMap) { diff --git a/core/cautils/datastructures.go b/core/cautils/datastructures.go index 06a1c072..16aa1af0 100644 --- a/core/cautils/datastructures.go +++ b/core/cautils/datastructures.go @@ -5,6 +5,7 @@ import ( "github.com/kubescape/k8s-interface/workloadinterface" "github.com/kubescape/opa-utils/reporthandling" apis "github.com/kubescape/opa-utils/reporthandling/apis" + "github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1" "github.com/kubescape/opa-utils/reporthandling/results/v1/prioritization" "github.com/kubescape/opa-utils/reporthandling/results/v1/resourcesresults" reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2" @@ -22,8 +23,10 @@ type OPASessionObj struct { ResourcesResult map[string]resourcesresults.Result // resources scan results, map[] ResourceSource map[string]reporthandling.Source // resources sources, map[] ResourcesPrioritized map[string]prioritization.PrioritizedResource // resources prioritization information, map[] - Report *reporthandlingv2.PostureReport // scan results v2 - Remove - RegoInputData RegoInputData // input passed to rego for scanning. map[][] + ResourceAttackTracks map[string]v1alpha1.IAttackTrack // resources attack tracks, map[] + AttackTracks map[string]v1alpha1.IAttackTrack + Report *reporthandlingv2.PostureReport // scan results v2 - Remove + RegoInputData RegoInputData // input passed to rego for scanning. map[][] Metadata *reporthandlingv2.Metadata InfoMap map[string]apis.StatusInfo // Map errors of resources to StatusInfo ResourceToControlsMap map[string][]string // map[] = [] diff --git a/core/cautils/getter/getpoliciesutils.go b/core/cautils/getter/getpoliciesutils.go index 7d822eb3..97e277f5 100644 --- a/core/cautils/getter/getpoliciesutils.go +++ b/core/cautils/getter/getpoliciesutils.go @@ -21,18 +21,19 @@ func SaveInFile(policy interface{}, pathStr string) error { if err != nil { return err } - err = os.WriteFile(pathStr, []byte(fmt.Sprintf("%v", string(encodedData))), 0644) + err = os.WriteFile(pathStr, encodedData, 0644) //nolint:gosec if err != nil { if os.IsNotExist(err) { pathDir := path.Dir(pathStr) - if err := os.Mkdir(pathDir, 0744); err != nil { + // pathDir could contain subdirectories + if err := os.MkdirAll(pathDir, 0755); err != nil { return err } } else { return err } - err = os.WriteFile(pathStr, []byte(fmt.Sprintf("%v", string(encodedData))), 0644) + err = os.WriteFile(pathStr, encodedData, 0644) //nolint:gosec if err != nil { return err } diff --git a/core/cautils/getter/loadpolicy.go b/core/cautils/getter/loadpolicy.go index 500a2ede..83dba321 100644 --- a/core/cautils/getter/loadpolicy.go +++ b/core/cautils/getter/loadpolicy.go @@ -36,11 +36,11 @@ func NewLoadPolicy(filePaths []string) *LoadPolicy { } } -// Return control from file +// GetControl returns a control from the policy file. func (lp *LoadPolicy) GetControl(controlID string) (*reporthandling.Control, error) { - control := &reporthandling.Control{} filePath := lp.filePath() + f, err := os.ReadFile(filePath) if err != nil { return nil, err @@ -49,20 +49,26 @@ func (lp *LoadPolicy) GetControl(controlID string) (*reporthandling.Control, err if err = json.Unmarshal(f, control); err != nil { return control, err } - if controlID != "" && !strings.EqualFold(controlID, control.ControlID) && !strings.EqualFold(controlID, control.ControlID) { - framework, err := lp.GetFramework(control.Name) - if err != nil { - return nil, fmt.Errorf("control from file not matching") - } else { - for _, ctrl := range framework.Controls { - if strings.EqualFold(ctrl.ControlID, controlID) || strings.EqualFold(ctrl.ControlID, controlID) { - control = &ctrl - break - } - } + + if controlID == "" || strings.EqualFold(controlID, control.ControlID) { + return control, nil + } + + framework, err := lp.GetFramework(control.Name) + if err != nil { + return nil, fmt.Errorf("control from file not matching") + } + + for _, toPin := range framework.Controls { + ctrl := toPin + if strings.EqualFold(ctrl.ControlID, controlID) { + control = &ctrl + + break } } - return control, err + + return control, nil } func (lp *LoadPolicy) GetFramework(frameworkName string) (*reporthandling.Framework, error) { diff --git a/core/cautils/localgitrepository_test.go b/core/cautils/localgitrepository_test.go index 933aa10d..948c289a 100644 --- a/core/cautils/localgitrepository_test.go +++ b/core/cautils/localgitrepository_test.go @@ -27,7 +27,7 @@ func unzipFile(zipPath, destinationFolder string) (*zip.ReadCloser, error) { return nil, err } for _, f := range archive.File { - filePath := filepath.Join(destinationFolder, f.Name) + filePath := filepath.Join(destinationFolder, f.Name) //nolint:gosec if !strings.HasPrefix(filePath, filepath.Clean(destinationFolder)+string(os.PathSeparator)) { return nil, fmt.Errorf("invalid file path") } @@ -50,7 +50,7 @@ func unzipFile(zipPath, destinationFolder string) (*zip.ReadCloser, error) { return nil, err } - if _, err := io.Copy(dstFile, fileInArchive); err != nil { + if _, err := io.Copy(dstFile, fileInArchive); err != nil { //nolint:gosec return nil, err } diff --git a/core/cautils/scaninfo.go b/core/cautils/scaninfo.go index ab831dec..651fbda7 100644 --- a/core/cautils/scaninfo.go +++ b/core/cautils/scaninfo.go @@ -120,6 +120,7 @@ type ScanInfo struct { FailThreshold float32 // Failure score threshold FailThresholdSeverity string // Severity at and above which the command should fail Submit bool // Submit results to Kubescape Cloud BE + CreateAccount bool // Create account in Kubescape Cloud BE if no account found in local cache ScanID string // Report id of the current scan HostSensorEnabled BoolPtrFlag // Deploy Kubescape K8s host scanner to collect data from certain controls HostSensorYamlPath string // Path to hostsensor file @@ -129,6 +130,7 @@ type ScanInfo struct { FrameworkScan bool // false if scanning control ScanAll bool // true if scan all frameworks OmitRawResources bool // true if omit raw resources from the output + PrintAttackTree bool // true if print attack tree } type Getters struct { diff --git a/core/core/download.go b/core/core/download.go index 49b355c2..bd7d8203 100644 --- a/core/core/download.go +++ b/core/core/download.go @@ -6,7 +6,6 @@ import ( "path/filepath" "strings" - "github.com/armosec/armoapi-go/armotypes" logger "github.com/kubescape/go-logger" "github.com/kubescape/go-logger/helpers" "github.com/kubescape/kubescape/v2/core/cautils/getter" @@ -114,13 +113,10 @@ func downloadConfigInputs(downloadInfo *metav1.DownloadInfo) error { } func downloadExceptions(downloadInfo *metav1.DownloadInfo) error { - var err error tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi()) - exceptionsGetter := getExceptionsGetter("", tenant.GetAccountID(), nil) - exceptions := []armotypes.PostureExceptionPolicy{} - exceptions, err = exceptionsGetter.GetExceptions(tenant.GetContextName()) + exceptions, err := exceptionsGetter.GetExceptions(tenant.GetContextName()) if err != nil { return err } diff --git a/core/core/initutils.go b/core/core/initutils.go index aacb969c..f03fa4ec 100644 --- a/core/core/initutils.go +++ b/core/core/initutils.go @@ -182,6 +182,10 @@ func setSubmitBehavior(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantC scanInfo.Submit = true } + if scanInfo.CreateAccount { + scanInfo.Submit = true + } + } // setPolicyGetter set the policy getter - local file/github release/Kubescape Cloud API @@ -259,8 +263,8 @@ func getAttackTracksGetter(accountID string, downloadReleasedPolicy *getter.Down } // getUIPrinter returns a printer that will be used to print to the program’s UI (terminal) -func getUIPrinter(verboseMode bool, formatVersion string, viewType cautils.ViewTypes) printer.IPrinter { - p := printerv2.NewPrettyPrinter(verboseMode, formatVersion, viewType) +func getUIPrinter(verboseMode bool, formatVersion string, attackTree bool, viewType cautils.ViewTypes) printer.IPrinter { + p := printerv2.NewPrettyPrinter(verboseMode, formatVersion, attackTree, viewType) // Since the UI of the program is a CLI (Stdout), it means that it should always print to Stdout p.SetWriter(os.Stdout.Name()) diff --git a/core/core/initutils_test.go b/core/core/initutils_test.go index b1b80cbc..8f518125 100644 --- a/core/core/initutils_test.go +++ b/core/core/initutils_test.go @@ -17,7 +17,7 @@ func Test_getUIPrinter(t *testing.T) { wantVerboseMode := scanInfo.VerboseMode wantViewType := cautils.ViewTypes(scanInfo.View) - got := getUIPrinter(scanInfo.VerboseMode, scanInfo.FormatVersion, cautils.ViewTypes(scanInfo.View)) + got := getUIPrinter(scanInfo.VerboseMode, scanInfo.FormatVersion, scanInfo.PrintAttackTree, cautils.ViewTypes(scanInfo.View)) gotValue := reflect.ValueOf(got).Elem() gotFormatVersion := gotValue.FieldByName("formatVersion").String() diff --git a/core/core/scan.go b/core/core/scan.go index 03218b88..c2531c2d 100644 --- a/core/core/scan.go +++ b/core/core/scan.go @@ -99,12 +99,12 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces { outputPrinters := make([]printer.IPrinter, 0) for _, format := range formats { - printerHandler := resultshandling.NewPrinter(format, scanInfo.FormatVersion, scanInfo.VerboseMode, cautils.ViewTypes(scanInfo.View)) + printerHandler := resultshandling.NewPrinter(format, scanInfo.FormatVersion, scanInfo.PrintAttackTree, scanInfo.VerboseMode, cautils.ViewTypes(scanInfo.View)) printerHandler.SetWriter(scanInfo.Output) outputPrinters = append(outputPrinters, printerHandler) } - uiPrinter := getUIPrinter(scanInfo.VerboseMode, scanInfo.FormatVersion, cautils.ViewTypes(scanInfo.View)) + uiPrinter := getUIPrinter(scanInfo.VerboseMode, scanInfo.FormatVersion, scanInfo.PrintAttackTree, cautils.ViewTypes(scanInfo.View)) // ================== return interface ====================================== @@ -170,7 +170,7 @@ func (ks *Kubescape) Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsH // ======================== prioritization =================== - if priotizationHandler, err := resourcesprioritization.NewResourcesPrioritizationHandler(scanInfo.Getters.AttackTracksGetter); err != nil { + if priotizationHandler, err := resourcesprioritization.NewResourcesPrioritizationHandler(scanInfo.Getters.AttackTracksGetter, scanInfo.PrintAttackTree); err != nil { logger.L().Warning("failed to get attack tracks, this may affect the scanning results", helpers.Error(err)) } else if err := priotizationHandler.PrioritizeResources(scanData); err != nil { return resultsHandling, fmt.Errorf("%w", err) diff --git a/core/pkg/containerscan/containerscan_mock.go b/core/pkg/containerscan/containerscan_mock.go index cac3471e..ba08017f 100644 --- a/core/pkg/containerscan/containerscan_mock.go +++ b/core/pkg/containerscan/containerscan_mock.go @@ -50,7 +50,7 @@ func randSeq(n int, bank []rune) string { b := make([]rune, n) for i := range b { - b[i] = bank[rand.Intn(len(bank))] + b[i] = bank[rand.Intn(len(bank))] //nolint:gosec } return string(b) } @@ -60,7 +60,7 @@ func GenerateContainerScanLayer(layer *ScanResultLayer) { layer.LayerHash = randSeq(32, hash) layer.Vulnerabilities = make(VulnerabilitiesList, 0) layer.Packages = make(LinuxPkgs, 0) - vuls := rand.Intn(10) + 1 + vuls := rand.Intn(10) + 1 //nolint:gosec for i := 0; i < vuls; i++ { v := Vulnerability{} diff --git a/core/pkg/opaprocessor/processorhandler.go b/core/pkg/opaprocessor/processorhandler.go index 9c32d9f5..83a4fd17 100644 --- a/core/pkg/opaprocessor/processorhandler.go +++ b/core/pkg/opaprocessor/processorhandler.go @@ -69,23 +69,26 @@ func (opap *OPAProcessor) Process(policies *cautils.Policies) error { cautils.StartSpinner() - var errs error - for _, control := range policies.Controls { + for _, toPin := range policies.Controls { + control := toPin resourcesAssociatedControl, err := opap.processControl(&control) if err != nil { logger.L().Error(err.Error()) } + + if len(resourcesAssociatedControl) == 0 { + continue + } + // update resources with latest results - if len(resourcesAssociatedControl) != 0 { - for resourceID, controlResult := range resourcesAssociatedControl { - if _, ok := opap.ResourcesResult[resourceID]; !ok { - opap.ResourcesResult[resourceID] = resourcesresults.Result{ResourceID: resourceID} - } - t := opap.ResourcesResult[resourceID] - t.AssociatedControls = append(t.AssociatedControls, controlResult) - opap.ResourcesResult[resourceID] = t + for resourceID, controlResult := range resourcesAssociatedControl { + if _, ok := opap.ResourcesResult[resourceID]; !ok { + opap.ResourcesResult[resourceID] = resourcesresults.Result{ResourceID: resourceID} } + t := opap.ResourcesResult[resourceID] + t.AssociatedControls = append(t.AssociatedControls, controlResult) + opap.ResourcesResult[resourceID] = t } } @@ -95,7 +98,7 @@ func (opap *OPAProcessor) Process(policies *cautils.Policies) error { opap.loggerDoneScanning() - return errs + return nil } func (opap *OPAProcessor) loggerStartScanning() { diff --git a/core/pkg/opaprocessor/processorhandlerutils.go b/core/pkg/opaprocessor/processorhandlerutils.go index b468e668..89a74be0 100644 --- a/core/pkg/opaprocessor/processorhandlerutils.go +++ b/core/pkg/opaprocessor/processorhandlerutils.go @@ -15,9 +15,9 @@ import ( // updateResults updates the results objects and report objects. This is a critical function - DO NOT CHANGE // // The function: -// - removes sensible data -// - adds exceptions -// - summarizes results +// - removes sensible data +// - adds exceptions +// - summarizes results func (opap *OPAProcessor) updateResults() { // remove data from all objects @@ -117,9 +117,11 @@ func getKubernetesObjects(k8sResources *cautils.K8SResources, allResources map[s groupResources := k8sinterface.ResourceGroupToString(groups, version, resource) for _, groupResource := range groupResources { if k8sObj, ok := (*k8sResources)[groupResource]; ok { - if k8sObj == nil { - // logger.L().Debug("skipping", helpers.String("resource", groupResource)) - } + /* + if k8sObj == nil { + // logger.L().Debug("skipping", helpers.String("resource", groupResource)) + } + */ for i := range k8sObj { k8sObjects = append(k8sObjects, allResources[k8sObj[i]]) } diff --git a/core/pkg/policyhandler/handlenotification.go b/core/pkg/policyhandler/handlenotification.go index 1814fbed..7901979a 100644 --- a/core/pkg/policyhandler/handlenotification.go +++ b/core/pkg/policyhandler/handlenotification.go @@ -2,9 +2,13 @@ package policyhandler import ( "fmt" + "strings" + + helpersv1 "github.com/kubescape/opa-utils/reporthandling/helpers/v1" + + clientcmdapi "k8s.io/client-go/tools/clientcmd/api" cloudsupportv1 "github.com/kubescape/k8s-interface/cloudsupport/v1" - helpersv1 "github.com/kubescape/opa-utils/reporthandling/helpers/v1" reportv2 "github.com/kubescape/opa-utils/reporthandling/v2" "github.com/armosec/armoapi-go/armotypes" @@ -56,9 +60,7 @@ func (policyHandler *PolicyHandler) CollectResources(policyIdentifier []cautils. func (policyHandler *PolicyHandler) getResources(policyIdentifier []cautils.PolicyIdentifier, opaSessionObj *cautils.OPASessionObj, scanInfo *cautils.ScanInfo) error { opaSessionObj.Report.ClusterAPIServerInfo = policyHandler.resourceHandler.GetClusterAPIServerInfo() - if cloudMetadata := getCloudMetadata(opaSessionObj); cloudMetadata != nil { - opaSessionObj.Metadata.ContextMetadata.ClusterContextMetadata.CloudMetadata = reportv2.NewCloudMetadata(cloudMetadata) - } + setCloudMetadata(opaSessionObj) resourcesMap, allResources, ksResources, err := policyHandler.resourceHandler.GetResources(opaSessionObj, &policyIdentifier[0].Designators) if err != nil { @@ -80,38 +82,68 @@ func getDesignator(policyIdentifier []cautils.PolicyIdentifier) *armotypes.Porta } func setCloudMetadata(opaSessionObj *cautils.OPASessionObj) { - cloudMetadata := getCloudMetadata(opaSessionObj) - if cloudMetadata == nil { + iCloudMetadata := getCloudMetadata(opaSessionObj, k8sinterface.GetConfig()) + if iCloudMetadata == nil { return - } - opaSessionObj.Report.Metadata.ClusterMetadata.CloudMetadata = reportv2.NewCloudMetadata(cloudMetadata) - opaSessionObj.Report.Metadata.ContextMetadata.ClusterContextMetadata.CloudMetadata = reportv2.NewCloudMetadata(cloudMetadata) - opaSessionObj.Report.ClusterCloudProvider = string(cloudMetadata.Provider()) // Fallback + cloudMetadata := reportv2.NewCloudMetadata(iCloudMetadata) + opaSessionObj.Metadata.ContextMetadata.ClusterContextMetadata.CloudMetadata = cloudMetadata + opaSessionObj.Metadata.ClusterMetadata.CloudMetadata = cloudMetadata // deprecated - fallback + opaSessionObj.Report.ClusterCloudProvider = iCloudMetadata.Provider().ToString() // deprecated - fallback } -func getCloudMetadata(opaSessionObj *cautils.OPASessionObj) apis.ICloudParser { +// getCloudMetadata - get cloud metadata from kubeconfig or API server +// There are 3 options: +// 1. Get cloud provider from API server git version (EKS, GKE) +// 2. Get cloud provider from kubeconfig by parsing the cluster context (EKS, GKE) +// 3. Get cloud provider from kubeconfig by parsing the server URL (AKS) +func getCloudMetadata(opaSessionObj *cautils.OPASessionObj, config *clientcmdapi.Config) apis.ICloudParser { + + if config == nil { + return nil + } var provider string - context := k8sinterface.GetContextName() // attempting to get cloud provider from API server git version if opaSessionObj.Report.ClusterAPIServerInfo != nil { provider = cloudsupport.GetCloudProvider(opaSessionObj.Report.ClusterAPIServerInfo.GitVersion) } - if provider == "" { - // Fallback - get provider from context - provider = cloudsupport.GetCloudProvider(context) + if provider == cloudsupportv1.AKS || isAKS(config) { + return helpersv1.NewAKSMetadata(k8sinterface.GetContextName()) + } + if provider == cloudsupportv1.EKS || isEKS(config) { + return helpersv1.NewEKSMetadata(k8sinterface.GetContextName()) + } + if provider == cloudsupportv1.GKE || isGKE(config) { + return helpersv1.NewGKEMetadata(k8sinterface.GetContextName()) } - switch provider { - case cloudsupportv1.GKE: - return helpersv1.NewGKEMetadata(context) - case cloudsupportv1.EKS: - return helpersv1.NewEKSMetadata(context) - // case cloudsupportv1.AKS: TODO: Implement AKS support - // return helpersv1.NewAKSMetadata() - } return nil } + +// check if the server is AKS. e.g. https://XXX.XX.XXX.azmk8s.io:443 +func isAKS(config *clientcmdapi.Config) bool { + const serverIdentifierAKS = "azmk8s.io" + if cluster, ok := config.Clusters[config.CurrentContext]; ok { + return strings.Contains(cluster.Server, serverIdentifierAKS) + } + return false +} + +// check if the server is EKS. e.g. arn:aws:eks:eu-west-1:xxx:cluster/xxxx +func isEKS(config *clientcmdapi.Config) bool { + if context, ok := config.Contexts[config.CurrentContext]; ok { + return strings.Contains(context.Cluster, cloudsupportv1.EKS) + } + return false +} + +// check if the server is GKE. e.g. gke_xxx-xx-0000_us-central1-c_xxxx-1 +func isGKE(config *clientcmdapi.Config) bool { + if context, ok := config.Contexts[config.CurrentContext]; ok { + return strings.Contains(context.Cluster, cloudsupportv1.GKE) + } + return false +} diff --git a/core/pkg/policyhandler/handlenotification_test.go b/core/pkg/policyhandler/handlenotification_test.go index 308040e4..265e62f9 100644 --- a/core/pkg/policyhandler/handlenotification_test.go +++ b/core/pkg/policyhandler/handlenotification_test.go @@ -1,28 +1,44 @@ package policyhandler import ( + _ "embed" + "encoding/json" "testing" - reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2" - + "github.com/kubescape/kubescape/v2/core/cautils" "github.com/kubescape/opa-utils/reporthandling/apis" helpersv1 "github.com/kubescape/opa-utils/reporthandling/helpers/v1" - - "github.com/kubescape/kubescape/v2/core/cautils" + reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2" "k8s.io/apimachinery/pkg/version" + clientcmdapi "k8s.io/client-go/tools/clientcmd/api" ) +var ( + //go:embed kubeconfig_mock.json + kubeConfigMock string +) + +func getKubeConfigMock() *clientcmdapi.Config { + kubeConfig := clientcmdapi.Config{} + if err := json.Unmarshal([]byte(kubeConfigMock), &kubeConfig); err != nil { + panic(err) + } + return &kubeConfig +} func Test_getCloudMetadata(t *testing.T) { type args struct { + context string opaSessionObj *cautils.OPASessionObj + kubeConfig *clientcmdapi.Config } + kubeConfig := getKubeConfigMock() tests := []struct { want apis.ICloudParser args args name string }{ { - name: "Test_getCloudMetadata", + name: "Test_getCloudMetadata - GitVersion: GKE", args: args{ opaSessionObj: &cautils.OPASessionObj{ Report: &reporthandlingv2.PostureReport{ @@ -31,15 +47,155 @@ func Test_getCloudMetadata(t *testing.T) { }, }, }, + context: "", + kubeConfig: kubeConfig, }, want: helpersv1.NewGKEMetadata(""), }, + { + name: "Test_getCloudMetadata_context_GKE", + args: args{ + opaSessionObj: &cautils.OPASessionObj{ + Report: &reporthandlingv2.PostureReport{ + ClusterAPIServerInfo: nil, + }, + }, + kubeConfig: kubeConfig, + context: "gke_xxx-xx-0000_us-central1-c_xxxx-1", + }, + want: helpersv1.NewGKEMetadata(""), + }, + { + name: "Test_getCloudMetadata_context_EKS", + args: args{ + opaSessionObj: &cautils.OPASessionObj{ + Report: &reporthandlingv2.PostureReport{ + ClusterAPIServerInfo: nil, + }, + }, + kubeConfig: kubeConfig, + context: "arn:aws:eks:eu-west-1:xxx:cluster/xxxx", + }, + want: helpersv1.NewEKSMetadata(""), + }, + { + name: "Test_getCloudMetadata_context_AKS", + args: args{ + opaSessionObj: &cautils.OPASessionObj{ + Report: &reporthandlingv2.PostureReport{ + ClusterAPIServerInfo: nil, + }, + }, + kubeConfig: kubeConfig, + context: "xxxx-2", + }, + want: helpersv1.NewAKSMetadata(""), + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := getCloudMetadata(tt.args.opaSessionObj); got.Provider() != tt.want.Provider() { + tt.args.kubeConfig.CurrentContext = tt.args.context + got := getCloudMetadata(tt.args.opaSessionObj, tt.args.kubeConfig) + if got == nil { + t.Errorf("getCloudMetadata() = %v, want %v", got, tt.want.Provider()) + return + } + if got.Provider() != tt.want.Provider() { t.Errorf("getCloudMetadata() = %v, want %v", got, tt.want) } }) } } + +func Test_isGKE(t *testing.T) { + type args struct { + config *clientcmdapi.Config + context string + } + tests := []struct { + name string + args args + want bool + }{ + { + name: "Test_isGKE", + args: args{ + config: getKubeConfigMock(), + context: "gke_xxx-xx-0000_us-central1-c_xxxx-1", + }, + want: true, + }, + } + for _, tt := range tests { + + t.Run(tt.name, func(t *testing.T) { + // set context + tt.args.config.CurrentContext = tt.args.context + if got := isGKE(tt.args.config); got != tt.want { + t.Errorf("isGKE() = %v, want %v", got, tt.want) + } + }) + } +} + +func Test_isEKS(t *testing.T) { + type args struct { + config *clientcmdapi.Config + context string + } + tests := []struct { + name string + args args + want bool + }{ + { + name: "Test_isEKS", + args: args{ + config: getKubeConfigMock(), + context: "arn:aws:eks:eu-west-1:xxx:cluster/xxxx", + }, + want: true, + }, + } + for _, tt := range tests { + + t.Run(tt.name, func(t *testing.T) { + // set context + tt.args.config.CurrentContext = tt.args.context + if got := isEKS(tt.args.config); got != tt.want { + t.Errorf("isEKS() = %v, want %v", got, tt.want) + } + }) + } +} + +func Test_isAKS(t *testing.T) { + type args struct { + config *clientcmdapi.Config + context string + } + tests := []struct { + name string + args args + want bool + }{ + { + name: "Test_isAKS", + args: args{ + config: getKubeConfigMock(), + context: "xxxx-2", + }, + want: true, + }, + } + for _, tt := range tests { + + t.Run(tt.name, func(t *testing.T) { + // set context + tt.args.config.CurrentContext = tt.args.context + if got := isAKS(tt.args.config); got != tt.want { + t.Errorf("isAKS() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/core/pkg/policyhandler/kubeconfig_mock.json b/core/pkg/policyhandler/kubeconfig_mock.json new file mode 100644 index 00000000..4c62f82d --- /dev/null +++ b/core/pkg/policyhandler/kubeconfig_mock.json @@ -0,0 +1,82 @@ +{ + "preferences": {}, + "clusters": { + "xxxx-2": { + "server": "https://XXX.XX.XXX.azmk8s.io:443" + }, + "arn:aws:eks:eu-west-1:xxx:cluster/xxxx": { + "server": "https://XX.XX.eu-west-1.eks.amazonaws.com" + }, + "xxxx-0": { + "server": "https://kubernetes.docker.XXX:6443" + }, + "xxxx-1": { + "server": "https://127.0.0.1:49498" + }, + "gke_xxx-xx-0000_us-central1-c_xxxx-1": { + "server": "https://0.0.0.0" + }, + "microk8s-cluster": { + "server": "https://0.0.0.0:16443" + } + }, + "users": { + "arn:aws:eks:eu-west-1:xxx:cluster/xxxx": { + "exec": { + "command": "aws", + "args": [ + "--region", + "eu-west-1", + "eks", + "get-token", + "--cluster-name", + "xxx" + ], + "env": null, + "apiVersion": "client.authentication.k8s.io/v1beta1", + "provideClusterInfo": false, + "Config": null, + "InteractiveMode": "IfAvailable", + "StdinUnavailable": false, + "StdinUnavailableMessage": "" + } + }, + "gke_elated-pottery-xxx_us-central1-c_xxxx-1": { + "auth-provider": { + "name": "gcp", + "config": { + "cmd-args": "config config-helper --format=json", + "cmd-path": "/opt/homebrew/Caskroom/google-cloud-sdk/latest/google-cloud-sdk/bin/gcloud" + } + } + } + }, + "contexts": { + "xxxx-2": { + "cluster": "xxxx-2", + "user": "clusterUser_MyResourceGroup_xxxx-2" + }, + "arn:aws:eks:eu-west-1:xxx:cluster/xxxx": { + "cluster": "arn:aws:eks:eu-west-1:xxx:cluster/xxxx", + "user": "arn:aws:eks:eu-west-1:xxx:cluster/xxxx" + }, + "docker-desktop": { + "cluster": "docker-desktop", + "user": "docker-desktop" + }, + "xxxx-0": { + "cluster": "xxxx-0", + "user": "xxxx-0", + "namespace": "default" + }, + "gke_xxx-xx-0000_us-central1-c_xxxx-1": { + "cluster": "gke_xxx-xx-0000_us-central1-c_xxxx-1", + "user": "gke_xxx-xx-0000_us-central1-c_xxxx-1" + }, + "microk8s": { + "cluster": "microk8s-cluster", + "user": "admin" + } + }, + "current-context": "xxxx-0" +} \ No newline at end of file diff --git a/core/pkg/registryadaptors/armosec/v1/civksadaptor.go b/core/pkg/registryadaptors/armosec/v1/civksadaptor.go index 8fe4b48b..a72a1a67 100644 --- a/core/pkg/registryadaptors/armosec/v1/civksadaptor.go +++ b/core/pkg/registryadaptors/armosec/v1/civksadaptor.go @@ -25,14 +25,17 @@ func (ksCivAdaptor *KSCivAdaptor) Login() error { } func (ksCivAdaptor *KSCivAdaptor) GetImagesVulnerabilities(imageIDs []registryvulnerabilities.ContainerImageIdentifier) ([]registryvulnerabilities.ContainerImageVulnerabilityReport, error) { resultList := make([]registryvulnerabilities.ContainerImageVulnerabilityReport, 0) - for _, imageID := range imageIDs { + for _, toPin := range imageIDs { + imageID := toPin result, err := ksCivAdaptor.GetImageVulnerability(&imageID) - if err == nil { - resultList = append(resultList, *result) - } else { + if err != nil { logger.L().Debug("failed to get image vulnerabilities", helpers.String("image", imageID.Tag), helpers.Error(err)) + continue } + + resultList = append(resultList, *result) } + return resultList, nil } diff --git a/core/pkg/registryadaptors/gcp/v1/gcpadaptor.go b/core/pkg/registryadaptors/gcp/v1/gcpadaptor.go index 253a58b8..cd8a99db 100644 --- a/core/pkg/registryadaptors/gcp/v1/gcpadaptor.go +++ b/core/pkg/registryadaptors/gcp/v1/gcpadaptor.go @@ -30,14 +30,17 @@ func (GCPAdaptor *GCPAdaptor) Login() error { func (GCPAdaptor *GCPAdaptor) GetImagesVulnerabilities(imageIDs []registryvulnerabilities.ContainerImageIdentifier) ([]registryvulnerabilities.ContainerImageVulnerabilityReport, error) { resultList := make([]registryvulnerabilities.ContainerImageVulnerabilityReport, 0) - for _, imageID := range imageIDs { + for _, toPin := range imageIDs { + imageID := toPin result, err := GCPAdaptor.GetImageVulnerability(&imageID) - if err == nil { - resultList = append(resultList, *result) - } else { + if err != nil { logger.L().Debug("failed to get image vulnerabilities", helpers.String("image", imageID.Tag), helpers.Error(err)) + continue } + + resultList = append(resultList, *result) } + return resultList, nil } diff --git a/core/pkg/registryadaptors/gcp/v1/gcpadaptormock.go b/core/pkg/registryadaptors/gcp/v1/gcpadaptormock.go index a99496b0..a95020eb 100644 --- a/core/pkg/registryadaptors/gcp/v1/gcpadaptormock.go +++ b/core/pkg/registryadaptors/gcp/v1/gcpadaptormock.go @@ -20,15 +20,16 @@ func (GCPAdaptorMock *GCPAdaptorMock) Login() error { func (GCPAdaptorMock *GCPAdaptorMock) GetImagesVulnerabilities(imageIDs []registryvulnerabilities.ContainerImageIdentifier) ([]registryvulnerabilities.ContainerImageVulnerabilityReport, error) { resultList := make([]registryvulnerabilities.ContainerImageVulnerabilityReport, 0) - for _, imageID := range imageIDs { + for _, toPin := range imageIDs { + imageID := toPin result, err := GCPAdaptorMock.GetImageVulnerability(&imageID) - if err == nil { - resultList = append(resultList, *result) - } else { + if err != nil { return nil, err } - return resultList, nil + resultList = append(resultList, *result) + + return resultList, nil //nolint:staticcheck // we return at once and shorten the mocked result } GCPAdaptorMock.resultList = resultList diff --git a/core/pkg/resourcehandler/k8sresources.go b/core/pkg/resourcehandler/k8sresources.go index 72406c96..f1de0d20 100644 --- a/core/pkg/resourcehandler/k8sresources.go +++ b/core/pkg/resourcehandler/k8sresources.go @@ -247,7 +247,7 @@ func (k8sHandler *K8sResourceHandler) pullSingleResource(resource *schema.GroupV clientResource = k8sHandler.k8s.DynamicClient.Resource(*resource) } else if k8sinterface.IsNamespaceScope(resource) { clientResource = k8sHandler.k8s.DynamicClient.Resource(*resource).Namespace(namespace) - } else if k8sHandler.fieldSelector.GetClusterScope(*&resource) { + } else if k8sHandler.fieldSelector.GetClusterScope(resource) { clientResource = k8sHandler.k8s.DynamicClient.Resource(*resource) } else { continue diff --git a/core/pkg/resourcehandler/remotegitutils.go b/core/pkg/resourcehandler/remotegitutils.go index 8ab7b0c7..ce550bdc 100644 --- a/core/pkg/resourcehandler/remotegitutils.go +++ b/core/pkg/resourcehandler/remotegitutils.go @@ -15,12 +15,12 @@ import ( // To Check if the given repository is Public(No Authentication needed), send a HTTP GET request to the URL // If response code is 200, the repository is Public. -func isGitRepoPublic(URL string) bool { - resp, err := nethttp.Get(URL) - +func isGitRepoPublic(u string) bool { + resp, err := nethttp.Get(u) //nolint:gosec if err != nil { return false } + // if the status code is 200, our get request is successful. // It only happens when the repository is public. if resp.StatusCode == 200 { diff --git a/core/pkg/resourcesprioritization/prioritizationhandler.go b/core/pkg/resourcesprioritization/prioritizationhandler.go index 8ab39b6e..9d6987ec 100644 --- a/core/pkg/resourcesprioritization/prioritizationhandler.go +++ b/core/pkg/resourcesprioritization/prioritizationhandler.go @@ -1,6 +1,7 @@ package resourcesprioritization import ( + "encoding/json" "fmt" logger "github.com/kubescape/go-logger" @@ -13,12 +14,16 @@ import ( ) type ResourcesPrioritizationHandler struct { - attackTracks []v1alpha1.IAttackTrack + resourceToAttackTracks map[string]v1alpha1.IAttackTrack + attackTracks []v1alpha1.IAttackTrack + buildResourcesMap bool } -func NewResourcesPrioritizationHandler(attackTracksGetter getter.IAttackTracksGetter) (*ResourcesPrioritizationHandler, error) { +func NewResourcesPrioritizationHandler(attackTracksGetter getter.IAttackTracksGetter, buildResourcesMap bool) (*ResourcesPrioritizationHandler, error) { handler := &ResourcesPrioritizationHandler{ - attackTracks: make([]v1alpha1.IAttackTrack, 0), + attackTracks: make([]v1alpha1.IAttackTrack, 0), + resourceToAttackTracks: make(map[string]v1alpha1.IAttackTrack), + buildResourcesMap: buildResourcesMap, } tracks, err := attackTracksGetter.GetAttackTracks() @@ -64,7 +69,6 @@ func (handler *ResourcesPrioritizationHandler) PrioritizeResources(sessionObj *c resourcePriorityVector := []prioritization.ControlsVector{} resource, exist := sessionObj.AllResources[resourceId] if !exist { - logger.L().Error("resource not found in resources map", helpers.String("resource ID", resourceId)) continue } @@ -86,6 +90,12 @@ func (handler *ResourcesPrioritizationHandler) PrioritizeResources(sessionObj *c // Load the failed controls into the attack track allPathsHandler := v1alpha1.NewAttackTrackAllPathsHandler(attackTrack, &controlsLookup) + // only build the map if the user requested it + if handler.buildResourcesMap { + // Store the attack track for returning to the caller + handler.resourceToAttackTracks[resourceId] = handler.copyAttackTrack(attackTrack, &controlsLookup) + } + // Calculate all the paths for the attack track allAttackPaths := allPathsHandler.CalculateAllPaths() @@ -128,6 +138,8 @@ func (handler *ResourcesPrioritizationHandler) PrioritizeResources(sessionObj *c sessionObj.ResourcesPrioritized[resourceId] = prioritizedResource } + sessionObj.ResourceAttackTracks = handler.resourceToAttackTracks + return nil } @@ -147,3 +159,18 @@ func (handler *ResourcesPrioritizationHandler) isSupportedKind(obj workloadinter } return false } + +func (handler *ResourcesPrioritizationHandler) copyAttackTrack(attackTrack v1alpha1.IAttackTrack, lookup v1alpha1.IAttackTrackControlsLookup) v1alpha1.IAttackTrack { + copyBytes, _ := json.Marshal(attackTrack) + var copyObj v1alpha1.AttackTrack + json.Unmarshal(copyBytes, ©Obj) + + iter := copyObj.Iterator() + for iter.HasNext() { + step := iter.Next() + failedControls := lookup.GetAssociatedControls(copyObj.GetName(), step.GetName()) + step.SetControls(failedControls) + } + + return ©Obj +} diff --git a/core/pkg/resourcesprioritization/prioritizationhandler_test.go b/core/pkg/resourcesprioritization/prioritizationhandler_test.go index 3742bf97..63d1cf6a 100644 --- a/core/pkg/resourcesprioritization/prioritizationhandler_test.go +++ b/core/pkg/resourcesprioritization/prioritizationhandler_test.go @@ -97,7 +97,7 @@ func ResourceAssociatedControlMock(controlID string, status apis.ScanningStatus) } func TestNewResourcesPrioritizationHandler(t *testing.T) { - handler, err := NewResourcesPrioritizationHandler(&AttackTracksGetterMock{}) + handler, err := NewResourcesPrioritizationHandler(&AttackTracksGetterMock{}, false) assert.NoError(t, err) assert.Len(t, handler.attackTracks, 2) assert.Equal(t, handler.attackTracks[0].GetName(), "TestAttackTrack") @@ -182,7 +182,7 @@ func TestResourcesPrioritizationHandler_PrioritizeResources(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - handler, _ := NewResourcesPrioritizationHandler(&AttackTracksGetterMock{}) + handler, _ := NewResourcesPrioritizationHandler(&AttackTracksGetterMock{}, false) sessionObj := OPASessionObjMock(tt.allPoliciesControls, tt.results, tt.controls, tt.resources) err := handler.PrioritizeResources(sessionObj) assert.NoError(t, err, "expected to have no errors in PrioritizeResources()") diff --git a/core/pkg/resultshandling/gotree/gotree.go b/core/pkg/resultshandling/gotree/gotree.go new file mode 100644 index 00000000..5bfba207 --- /dev/null +++ b/core/pkg/resultshandling/gotree/gotree.go @@ -0,0 +1,128 @@ +package gotree + +import ( + "strings" +) + +const ( + newLine = "\n" + emptySpace = " " + middleItem = "├── " + continueItem = "│ " + lastItem = "└── " +) + +type ( + tree struct { + text string + items []Tree + } + + // Tree is tree interface + Tree interface { + Add(text string) Tree + AddTree(tree Tree) + Items() []Tree + Text() string + Print() string + } + + printer struct { + } + + // Printer is printer interface + Printer interface { + Print(Tree) string + } +) + +// New returns a new GoTree.Tree +func New(text string) Tree { + return &tree{ + text: text, + items: []Tree{}, + } +} + +// Add adds a node to the tree +func (t *tree) Add(text string) Tree { + n := New(text) + t.items = append(t.items, n) + return n +} + +// AddTree adds a tree as an item +func (t *tree) AddTree(tree Tree) { + t.items = append(t.items, tree) +} + +// Text returns the node's value +func (t *tree) Text() string { + return t.text +} + +// Items returns all items in the tree +func (t *tree) Items() []Tree { + return t.items +} + +// Print returns an visual representation of the tree +func (t *tree) Print() string { + return newPrinter().Print(t) +} + +func newPrinter() Printer { + return &printer{} +} + +// Print prints a tree to a string +func (p *printer) Print(t Tree) string { + return t.Text() + newLine + p.printItems(t.Items(), []bool{}) +} + +func (p *printer) printText(text string, spaces []bool, last bool) string { + var result string + for _, space := range spaces { + if space { + result += emptySpace + } else { + result += continueItem + } + } + + indicator := middleItem + if last { + indicator = lastItem + } + + var out string + lines := strings.Split(text, "\n") + for i := range lines { + text := lines[i] + if i == 0 { + out += result + indicator + text + newLine + continue + } + if last { + indicator = emptySpace + } else { + indicator = continueItem + } + out += result + indicator + text + newLine + } + + return out +} + +func (p *printer) printItems(t []Tree, spaces []bool) string { + var result string + for i, f := range t { + last := i == len(t)-1 + result += p.printText(f.Text(), spaces, last) + if len(f.Items()) > 0 { + spacesChild := append(spaces, last) + result += p.printItems(f.Items(), spacesChild) + } + } + return result +} diff --git a/core/pkg/resultshandling/printer/v2/attacktracks.go b/core/pkg/resultshandling/printer/v2/attacktracks.go new file mode 100644 index 00000000..7095f0b6 --- /dev/null +++ b/core/pkg/resultshandling/printer/v2/attacktracks.go @@ -0,0 +1,138 @@ +package printer + +import ( + "fmt" + "os" + "sort" + "strconv" + "strings" + + "github.com/fatih/color" + "github.com/kubescape/kubescape/v2/core/cautils" + "github.com/kubescape/kubescape/v2/core/pkg/resultshandling/gotree" + "github.com/kubescape/opa-utils/reporthandling/apis" + "github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1" + "github.com/kubescape/opa-utils/reporthandling/results/v1/prioritization" +) + +const TOP_RESOURCE_COUNT = 15 +const TOP_VECTOR_COUNT = 10 + +func (prettyPrinter *PrettyPrinter) printAttackTreeNode(node v1alpha1.IAttackTrackStep, depth int) { + prefix := strings.Repeat("\t", depth) + text := prefix + node.GetName() + "\n" + if len(node.GetControls()) > 0 { + color.Red(text) + } else { + color.Green(text) + } + + for i := 0; i < node.Length(); i++ { + prettyPrinter.printAttackTreeNode(node.SubStepAt(i), depth+1) + } +} + +func (prettyPrinter *PrettyPrinter) createFailedControlList(node v1alpha1.IAttackTrackStep) string { + var r string + for i, control := range node.GetControls() { + if i == 0 { + r = control.GetControlId() + } else { + r = fmt.Sprintf("%s, %s", r, control.GetControlId()) + } + } + return r +} + +func (prettyPrinter *PrettyPrinter) buildTreeFromAttackTrackStep(tree gotree.Tree, node v1alpha1.IAttackTrackStep) gotree.Tree { + nodeName := node.GetName() + if len(node.GetControls()) > 0 { + red := color.New(color.Bold, color.FgRed).SprintFunc() + nodeName = red(nodeName) + } + + controlText := prettyPrinter.createFailedControlList(node) + if len(controlText) > 0 { + controlStyle := color.New(color.FgWhite, color.Faint).SprintFunc() + controlText = controlStyle(fmt.Sprintf(" (%s)", controlText)) + } + + subTree := gotree.New(nodeName + controlText) + for i := 0; i < node.Length(); i++ { + subTree.AddTree(prettyPrinter.buildTreeFromAttackTrackStep(tree, node.SubStepAt(i))) + } + + if tree == nil { + return subTree + } + + tree.AddTree(subTree) + return tree +} + +func (prettyPrinter *PrettyPrinter) printResourceAttackGraph(attackTrack v1alpha1.IAttackTrack) { + tree := prettyPrinter.buildTreeFromAttackTrackStep(nil, attackTrack.GetData()) + fmt.Fprintln(prettyPrinter.writer, tree.Print()) +} + +func getNumericValueFromEnvVar(envVar string, defaultValue int) int { + value := os.Getenv(envVar) + if value != "" { + if value, err := strconv.Atoi(value); err == nil { + return value + } + } + return defaultValue +} +func (prettyPrinter *PrettyPrinter) printAttackTracks(opaSessionObj *cautils.OPASessionObj) { + if prettyPrinter.printAttackTree == false || opaSessionObj.ResourceAttackTracks == nil { + return + } + + // check if counters are set in env vars and use them, otherwise use default values + topResourceCount := getNumericValueFromEnvVar("ATTACK_TREE_TOP_RESOURCES", TOP_RESOURCE_COUNT) + topVectorCount := getNumericValueFromEnvVar("ATTACK_TREE_TOP_VECTORS", TOP_VECTOR_COUNT) + + prioritizedResources := opaSessionObj.ResourcesPrioritized + resourceToAttackTrack := opaSessionObj.ResourceAttackTracks + + resources := make([]prioritization.PrioritizedResource, 0, len(prioritizedResources)) + for _, value := range prioritizedResources { + resources = append(resources, value) + } + + sort.Slice(resources, func(i, j int) bool { + return resources[i].Score > resources[j].Score + }) + + for i := 0; i < topResourceCount && i < len(resources); i++ { + fmt.Fprintf(prettyPrinter.writer, "\n"+getSeparator("^")+"\n") + resource := resources[i] + resourceObj := opaSessionObj.AllResources[resource.ResourceID] + + fmt.Fprintf(prettyPrinter.writer, "Name: %s\n", resourceObj.GetName()) + fmt.Fprintf(prettyPrinter.writer, "Kind: %s\n", resourceObj.GetKind()) + fmt.Fprintf(prettyPrinter.writer, "Namespace: %s\n\n", resourceObj.GetNamespace()) + + fmt.Fprintf(prettyPrinter.writer, "Score: %.2f\n", resource.Score) + fmt.Fprintf(prettyPrinter.writer, "Severity: %s\n", apis.SeverityNumberToString(resource.Severity)) + fmt.Fprintf(prettyPrinter.writer, "Total vectors: %v\n\n", len(resources[i].PriorityVector)) + + prettyPrinter.printResourceAttackGraph(resourceToAttackTrack[resource.ResourceID]) + + sort.Slice(resource.PriorityVector, func(x, y int) bool { + return resource.PriorityVector[x].Score > resource.PriorityVector[y].Score + }) + + for j := 0; j < topVectorCount && j < len(resources[i].PriorityVector); j++ { + priorityVector := resource.PriorityVector[j] + + vectorStrings := []string{} + for _, controlId := range priorityVector.ListControls() { + vectorStrings = append(vectorStrings, fmt.Sprintf("%s (%s)", controlId.Category, controlId.ControlID)) + } + + fmt.Fprintf(prettyPrinter.writer, "%v) [%.2f] [Severity: %v] [Attack Track: %v]: %v \n", j+1, priorityVector.Score, apis.SeverityNumberToString(priorityVector.Severity), priorityVector.AttackTrackName, strings.Join(vectorStrings, " -> ")) + } + } +} diff --git a/core/pkg/resultshandling/printer/v2/prettyprinter.go b/core/pkg/resultshandling/printer/v2/prettyprinter.go index 7ef75e9d..14817b65 100644 --- a/core/pkg/resultshandling/printer/v2/prettyprinter.go +++ b/core/pkg/resultshandling/printer/v2/prettyprinter.go @@ -24,17 +24,19 @@ const ( ) type PrettyPrinter struct { - formatVersion string - viewType cautils.ViewTypes - writer *os.File - verboseMode bool + writer *os.File + formatVersion string + viewType cautils.ViewTypes + verboseMode bool + printAttackTree bool } -func NewPrettyPrinter(verboseMode bool, formatVersion string, viewType cautils.ViewTypes) *PrettyPrinter { +func NewPrettyPrinter(verboseMode bool, formatVersion string, attackTree bool, viewType cautils.ViewTypes) *PrettyPrinter { return &PrettyPrinter{ - verboseMode: verboseMode, - formatVersion: formatVersion, - viewType: viewType, + verboseMode: verboseMode, + formatVersion: formatVersion, + viewType: viewType, + printAttackTree: attackTree, } } @@ -60,6 +62,7 @@ func (pp *PrettyPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) { printer.LogOutputFile(pp.writer.Name()) } + pp.printAttackTracks(opaSessionObj) } func (pp *PrettyPrinter) SetWriter(outputFile string) { diff --git a/core/pkg/resultshandling/printer/v2/prometheusutils.go b/core/pkg/resultshandling/printer/v2/prometheusutils.go index 89f351e2..b6ac8d66 100644 --- a/core/pkg/resultshandling/printer/v2/prometheusutils.go +++ b/core/pkg/resultshandling/printer/v2/prometheusutils.go @@ -319,11 +319,13 @@ func (m *Metrics) setResourcesCounters( resources map[string]workloadinterface.IMetadata, results map[string]resourcesresults.Result) { - for resourceID, result := range results { + for resourceID, toPin := range results { r, ok := resources[resourceID] if !ok { continue } + result := toPin + passed, excluded, failed := resourceControlStatusCounters(&result) mrc := mResources{} @@ -339,5 +341,4 @@ func (m *Metrics) setResourcesCounters( m.listResources = append(m.listResources, mrc) } - } diff --git a/core/pkg/resultshandling/printer/v2/sarifprinter.go b/core/pkg/resultshandling/printer/v2/sarifprinter.go index 645c2a73..adc565cc 100644 --- a/core/pkg/resultshandling/printer/v2/sarifprinter.go +++ b/core/pkg/resultshandling/printer/v2/sarifprinter.go @@ -129,7 +129,9 @@ func (sp *SARIFPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) { logger.L().Debug("failed to create location resolver", helpers.Error(err)) } - for _, ac := range result.AssociatedControls { + for _, toPin := range result.AssociatedControls { + ac := toPin + if ac.GetStatus(nil).IsFailed() { ctl := opaSessionObj.Report.SummaryDetails.Controls.GetControl(reportsummary.EControlCriteriaID, ac.GetID()) location := sp.resolveFixLocation(opaSessionObj, locationResolver, &ac, resourceID) diff --git a/core/pkg/resultshandling/reporter/v2/mockreporter.go b/core/pkg/resultshandling/reporter/v2/mockreporter.go index e97107b0..4d265b5d 100644 --- a/core/pkg/resultshandling/reporter/v2/mockreporter.go +++ b/core/pkg/resultshandling/reporter/v2/mockreporter.go @@ -2,14 +2,12 @@ package reporter import ( "fmt" + "net/url" "os" "github.com/kubescape/kubescape/v2/core/cautils" - "github.com/kubescape/kubescape/v2/core/cautils/getter" ) -const NO_SUBMIT_QUERY = "utm_source=GitHub&utm_medium=CLI&utm_campaign=no_submit" - type ReportMock struct { query string message string @@ -32,11 +30,19 @@ func (reportMock *ReportMock) SetClusterName(clusterName string) { } func (reportMock *ReportMock) GetURL() string { - u := fmt.Sprintf("https://%s/account/sign-up", getter.GetKSCloudAPIConnector().GetCloudUIURL()) - if reportMock.query != "" { - u += fmt.Sprintf("?%s", reportMock.query) + u, err := url.Parse(reportMock.query) + if err != nil || u.String() == "" { + return "" } - return u + + q := u.Query() + q.Add("utm_source", "GitHub") + q.Add("utm_medium", "CLI") + q.Add("utm_campaign", "Submit") + + u.RawQuery = q.Encode() + + return u.String() } func (reportMock *ReportMock) DisplayReportURL() { @@ -44,8 +50,8 @@ func (reportMock *ReportMock) DisplayReportURL() { sep := "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" message := sep + "\n" message += "Scan results have not been submitted: " + reportMock.message + "\n" - if reportMock.query != "" { - message += "For more details: " + reportMock.query + "\n" + if link := reportMock.GetURL(); link != "" { + message += "For more details: " + link + "\n" } message += sep + "\n" cautils.InfoTextDisplay(os.Stderr, fmt.Sprintf("\n%s\n", message)) diff --git a/core/pkg/resultshandling/reporter/v2/mockreporter_test.go b/core/pkg/resultshandling/reporter/v2/mockreporter_test.go new file mode 100644 index 00000000..2a699a54 --- /dev/null +++ b/core/pkg/resultshandling/reporter/v2/mockreporter_test.go @@ -0,0 +1,43 @@ +package reporter + +import "testing" + +func TestReportMock_GetURL(t *testing.T) { + type fields struct { + query string + } + tests := []struct { + name string + fields fields + want string + }{ + { + name: "TestReportMock_GetURL", + fields: struct { + query string + }{ + query: "https://kubescape.io", + }, + want: "https://kubescape.io?utm_campaign=Submit&utm_medium=CLI&utm_source=GitHub", + }, + { + name: "TestReportMock_GetURL_empty", + fields: struct { + query string + }{ + query: "", + }, + want: "", + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + reportMock := &ReportMock{ + query: tt.fields.query, + } + if got := reportMock.GetURL(); got != tt.want { + t.Errorf("ReportMock.GetURL() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/core/pkg/resultshandling/results.go b/core/pkg/resultshandling/results.go index 8069ec89..83ffc8f8 100644 --- a/core/pkg/resultshandling/results.go +++ b/core/pkg/resultshandling/results.go @@ -92,7 +92,7 @@ func (rh *ResultsHandler) HandleResults() error { } // NewPrinter returns a new printer for a given format and configuration options -func NewPrinter(printFormat, formatVersion string, verboseMode bool, viewType cautils.ViewTypes) printer.IPrinter { +func NewPrinter(printFormat, formatVersion string, verboseMode bool, attackTree bool, viewType cautils.ViewTypes) printer.IPrinter { switch printFormat { case printer.JsonFormat: @@ -117,6 +117,6 @@ func NewPrinter(printFormat, formatVersion string, verboseMode bool, viewType ca if printFormat != printer.PrettyFormat { logger.L().Error(fmt.Sprintf("Invalid format \"%s\", default format \"pretty-printer\" is applied", printFormat)) } - return printerv2.NewPrettyPrinter(verboseMode, formatVersion, viewType) + return printerv2.NewPrettyPrinter(verboseMode, formatVersion, attackTree, viewType) } } diff --git a/go.mod b/go.mod index 22976b74..486b1504 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/kubescape/kubescape/v2 -go 1.18 +go 1.19 require ( cloud.google.com/go/containeranalysis v0.4.0 @@ -16,8 +16,8 @@ require ( github.com/johnfercher/maroto v0.37.0 github.com/kubescape/go-git-url v0.0.20 github.com/kubescape/go-logger v0.0.6 - github.com/kubescape/k8s-interface v0.0.89 - github.com/kubescape/opa-utils v0.0.218 + github.com/kubescape/k8s-interface v0.0.94-0.20221228202834-4b64f2440950 + github.com/kubescape/opa-utils v0.0.222 github.com/kubescape/rbac-utils v0.0.19 github.com/libgit2/git2go/v33 v33.0.9 github.com/mattn/go-isatty v0.0.14 @@ -28,7 +28,7 @@ require ( github.com/spf13/cobra v1.6.1 github.com/stretchr/testify v1.8.0 github.com/whilp/git-urls v1.0.0 - golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 + golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 google.golang.org/api v0.85.0 google.golang.org/genproto v0.0.0-20220708155623-50e5f4832e73 google.golang.org/protobuf v1.28.1 @@ -50,17 +50,18 @@ require ( cloud.google.com/go/compute v1.7.0 // indirect cloud.google.com/go/container v1.2.0 // indirect cloud.google.com/go/grafeas v0.2.0 // indirect - github.com/Azure/azure-sdk-for-go v66.0.0+incompatible // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.0.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 v2.2.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.27 // indirect github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect - github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 // indirect - github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect - github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect - github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v0.7.0 // indirect github.com/BurntSushi/toml v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.1.1 // indirect @@ -68,8 +69,6 @@ require ( github.com/Microsoft/go-winio v0.5.1 // indirect github.com/OneOfOne/xxhash v1.2.8 // indirect github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 // indirect - github.com/PuerkitoBio/purell v1.1.1 // indirect - github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect github.com/a8m/envsubst v1.3.0 // indirect github.com/acomagu/bufpipe v1.0.3 // indirect github.com/agnivade/levenshtein v1.1.1 // indirect @@ -96,7 +95,7 @@ require ( github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.4.0 // indirect github.com/elliotchance/orderedmap v1.5.0 // indirect - github.com/emicklei/go-restful/v3 v3.8.0 // indirect + github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/emirpasic/gods v1.12.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/ghodss/yaml v1.0.0 // indirect @@ -106,17 +105,17 @@ require ( github.com/go-gota/gota v0.12.0 // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect - github.com/go-openapi/jsonreference v0.19.5 // indirect + github.com/go-openapi/jsonreference v0.20.0 // indirect github.com/go-openapi/swag v0.19.14 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/goccy/go-json v0.9.11 // indirect github.com/goccy/go-yaml v1.9.6 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt/v4 v4.2.0 // indirect + github.com/golang-jwt/jwt/v4 v4.4.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect - github.com/google/go-cmp v0.5.8 // indirect + github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.1.0 // indirect github.com/googleapis/gax-go/v2 v2.4.0 // indirect @@ -130,6 +129,7 @@ require ( github.com/json-iterator/go v1.1.12 // indirect github.com/jung-kurt/gofpdf v1.16.2 // indirect github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 // indirect + github.com/kylelemons/godebug v1.1.0 // indirect github.com/magiconair/properties v1.8.6 // indirect github.com/mailru/easyjson v0.7.6 // indirect github.com/mattn/go-colorable v0.1.12 // indirect @@ -144,6 +144,7 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect + github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/pquerna/cachecontrol v0.1.0 // indirect @@ -166,11 +167,11 @@ require ( go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.22.0 // indirect golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // indirect - golang.org/x/net v0.0.0-20220909164309-bea034e7d591 // indirect + golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10 // indirect golang.org/x/oauth2 v0.0.0-20220630143837-2104d58473e0 // indirect - golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 // indirect - golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect - golang.org/x/text v0.3.7 // indirect + golang.org/x/sys v0.3.0 // indirect + golang.org/x/term v0.3.0 // indirect + golang.org/x/text v0.5.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect gonum.org/v1/gonum v0.9.1 // indirect @@ -182,7 +183,7 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/apiextensions-apiserver v0.24.2 // indirect k8s.io/klog/v2 v2.80.1 // indirect - k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect + k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect sigs.k8s.io/controller-runtime v0.12.3 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect diff --git a/go.sum b/go.sum index e0145f02..b6a57a8e 100644 --- a/go.sum +++ b/go.sum @@ -72,36 +72,37 @@ dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1 dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU= gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= -github.com/Azure/azure-sdk-for-go v66.0.0+incompatible h1:bmmC38SlE8/E81nNADlgmVGurPWMHDX2YNXVQMrBpEE= -github.com/Azure/azure-sdk-for-go v66.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.0 h1:Ut0ZGdOwJDw0npYEg+TLlPls3Pq6JiZaP2/aGKir7Zw= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.0/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.0 h1:t/W5MYAuQy81cvM8VUNfRLzhtKpXhVUAN7Cd7KVbTyc= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.0/go.mod h1:NBanQUfSWiWn3QEpWDTCU0IjBECKOYvl2R8xdRtMtiM= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.0.0 h1:WJd2y/3vp3sgG1u1KfDaEyGiM9oC11cBa9rbmsSv5rQ= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.0.0/go.mod h1:XlGHa0e9Mg7RNOshDEuc0HptPdtN/SI0HCu+02rdnOA= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 v2.2.0 h1:3L+gX5ssCABAToH0VQ64/oNz7rr+ShW+2sB+sonzIlY= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 v2.2.0/go.mod h1:4gUds0dEPFIld6DwHfbo0cLBljyIyI5E5ciPb5MLi3Q= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= -github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg= github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 h1:P6bYXFoao05z5uhOQzbC3Qd8JqF3jUoocoTeIxkp2cA= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.11/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 h1:0W/yGmFdTIT77fvdlGZ0LMISoLHFJ7Tx4U0yeB+uFs4= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg= github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw= github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= -github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk= -github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= -github.com/Azure/go-autorest/autorest/validation v0.3.1 h1:AgyqjAd94fwNAoTjl/WQXg4VvFeRFpO+UhNyRXqF1ac= -github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= +github.com/AzureAD/microsoft-authentication-library-for-go v0.7.0 h1:VgSJlZH5u0k2qxSpqyghcFQKmvYckj46uymKK5XzkBM= +github.com/AzureAD/microsoft-authentication-library-for-go v0.7.0/go.mod h1:BDJ5qMFKx9DugEg3+uQSDCdbYPr5s9vBTrL9P8TpqOU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= @@ -123,9 +124,7 @@ github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8 github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 h1:YoJbenK9C67SkzkDfmQuVln04ygHj3vjZfd9FL+GmQQ= github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= -github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/a8m/envsubst v1.3.0 h1:GmXKmVssap0YtlU3E230W98RWtWCyIZzjtf1apWWyAg= github.com/a8m/envsubst v1.3.0/go.mod h1:MVUTQNGQ3tsjOOtKCNd+fl8RzhsXcDvvAEzkhGtlsbY= @@ -259,6 +258,7 @@ github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+ github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= +github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c= github.com/docker/docker v20.10.17+incompatible h1:JYCuMrWaVNophQTOrMMoSwudOVEfcegoZZrleKc1xwE= github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= @@ -273,8 +273,8 @@ github.com/elliotchance/orderedmap v1.5.0 h1:1IsExUsjv5XNBD3ZdC7jkAAqLWOOKdbPTmk github.com/elliotchance/orderedmap v1.5.0/go.mod h1:wsDwEaX5jEoyhbs7x93zk2H/qv0zwuhg4inXhDkYqys= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw= -github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= +github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg= github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= github.com/enescakir/emoji v1.0.0 h1:W+HsNql8swfCQFtioDGDHCHri8nudlK1n5p2rHCJoog= @@ -354,8 +354,9 @@ github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34 github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= -github.com/go-openapi/jsonreference v0.19.5 h1:1WJP/wi4OjB4iV8KVbH73rQaoialJrqv8gitZLxGLtM= github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= +github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA= +github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= @@ -377,8 +378,9 @@ github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU= github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs= +github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ= @@ -440,8 +442,9 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= -github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -587,12 +590,14 @@ github.com/kubescape/go-git-url v0.0.20 h1:oTtmF4c4Vmt0Og3Qbnjkz18sdu4ZdHubQlO6J github.com/kubescape/go-git-url v0.0.20/go.mod h1:IbVT7Wsxlghsa+YxI5KOx4k9VQJaa3z0kTaQz5D3nKM= github.com/kubescape/go-logger v0.0.6 h1:ynhAmwrz0O7Jtqq1CdmCZUrKveji25hVP+B/FAb3QrA= github.com/kubescape/go-logger v0.0.6/go.mod h1:DnVWEvC90LFY1nNMaNo6nBVOcqkLMK3S0qzXP1fzRvI= -github.com/kubescape/k8s-interface v0.0.89 h1:OtlvZosHpjlbHfsilfQk2wRbuBnxwF0e+WZX6GbkfLU= -github.com/kubescape/k8s-interface v0.0.89/go.mod h1:pgFRs20mHiavf6+fFWY7h/f8HuKlwuZwirvjxiKJlu0= -github.com/kubescape/opa-utils v0.0.218 h1:3YFloD8NYn0iKeheIaJAr7QynWQJsAjD2o4hlI3RFjE= -github.com/kubescape/opa-utils v0.0.218/go.mod h1:sNCabe+qZmZLSs/T76fPewEZnl5TSzGq4vhmPd1tP3o= +github.com/kubescape/k8s-interface v0.0.94-0.20221228202834-4b64f2440950 h1:r9QwpzU4FG0B4XRbKx0J0VsmwO00+a6c2a8Utq5ae0k= +github.com/kubescape/k8s-interface v0.0.94-0.20221228202834-4b64f2440950/go.mod h1:cFE6PoBm+31LjynY2XkzX19mRmaE9CRk2UQv/rEF3ZY= +github.com/kubescape/opa-utils v0.0.222 h1:+szwU3VvYzqc8SP0JC82LOkaarwpVseGt5EZYTf0w5o= +github.com/kubescape/opa-utils v0.0.222/go.mod h1:cKWsKl2t2XP7Mc3t1c3hNdf8Kg0sxikUcqATfq09vzU= github.com/kubescape/rbac-utils v0.0.19 h1:7iydgVxlMLW15MgHORfMBMqNj9jHtFGACd744fdtrFs= github.com/kubescape/rbac-utils v0.0.19/go.mod h1:t57AhSrjuNGQ+mpZWQM/hBzrCOeKBDHegFoVo4tbikQ= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -699,6 +704,8 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= github.com/phpdave11/gofpdi v1.0.7/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= +github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 h1:Qj1ukM4GlMWXNdMBuXcXfz/Kw9s1qm0CLY32QxuSImI= +github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -982,8 +989,9 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1044,8 +1052,8 @@ golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220617184016-355a448f1bc9/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220909164309-bea034e7d591 h1:D0B/7al0LLrVC8aWF4+oxpv/m8bc7ViFfVS8/gXGdqI= -golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10 h1:Frnccbp+ok2GkUS2tC84yAq/U9Vg+0sIO7aRL3T4Xnc= +golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1177,12 +1185,13 @@ golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 h1:v6hYoSR9T5oet+pMXwUWkbiVqx/63mlHjefrHmxwfeY= -golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= +golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1191,8 +1200,9 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= +golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1556,8 +1566,8 @@ k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk= -k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA= -k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU= +k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E= +k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y= diff --git a/httphandler/go.mod b/httphandler/go.mod index 0d36ef04..6b98f4d7 100644 --- a/httphandler/go.mod +++ b/httphandler/go.mod @@ -1,6 +1,6 @@ module github.com/kubescape/kubescape/v2/httphandler -go 1.18 +go 1.19 replace github.com/kubescape/kubescape/v2 => ../ @@ -12,7 +12,7 @@ require ( github.com/gorilla/schema v1.2.0 github.com/kubescape/go-logger v0.0.6 github.com/kubescape/kubescape/v2 v2.0.0-00010101000000-000000000000 - github.com/kubescape/opa-utils v0.0.218 + github.com/kubescape/opa-utils v0.0.222 github.com/stretchr/testify v1.8.0 k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 ) @@ -22,17 +22,12 @@ require ( cloud.google.com/go/container v1.2.0 // indirect cloud.google.com/go/containeranalysis v0.4.0 // indirect cloud.google.com/go/grafeas v0.2.0 // indirect - github.com/Azure/azure-sdk-for-go v66.0.0+incompatible // indirect - github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest v0.11.27 // indirect - github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect - github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 // indirect - github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect - github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect - github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect - github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect - github.com/Azure/go-autorest/logger v0.2.1 // indirect - github.com/Azure/go-autorest/tracing v0.6.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.0.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 v2.2.0 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v0.7.0 // indirect github.com/BurntSushi/toml v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.1.1 // indirect @@ -40,8 +35,6 @@ require ( github.com/Microsoft/go-winio v0.5.1 // indirect github.com/OneOfOne/xxhash v1.2.8 // indirect github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 // indirect - github.com/PuerkitoBio/purell v1.1.1 // indirect - github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect github.com/a8m/envsubst v1.3.0 // indirect github.com/acomagu/bufpipe v1.0.3 // indirect github.com/agnivade/levenshtein v1.1.1 // indirect @@ -72,7 +65,7 @@ require ( github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.4.0 // indirect github.com/elliotchance/orderedmap v1.5.0 // indirect - github.com/emicklei/go-restful/v3 v3.8.0 // indirect + github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/emirpasic/gods v1.12.0 // indirect github.com/enescakir/emoji v1.0.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect @@ -88,7 +81,7 @@ require ( github.com/go-openapi/analysis v0.21.2 // indirect github.com/go-openapi/errors v0.20.2 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect - github.com/go-openapi/jsonreference v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.0 // indirect github.com/go-openapi/loads v0.21.1 // indirect github.com/go-openapi/spec v0.20.4 // indirect github.com/go-openapi/strfmt v0.21.2 // indirect @@ -99,11 +92,11 @@ require ( github.com/goccy/go-json v0.9.11 // indirect github.com/goccy/go-yaml v1.9.6 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt/v4 v4.2.0 // indirect + github.com/golang-jwt/jwt/v4 v4.4.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect - github.com/google/go-cmp v0.5.8 // indirect + github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/googleapis/enterprise-certificate-proxy v0.1.0 // indirect @@ -119,8 +112,9 @@ require ( github.com/jung-kurt/gofpdf v1.16.2 // indirect github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 // indirect github.com/kubescape/go-git-url v0.0.20 // indirect - github.com/kubescape/k8s-interface v0.0.89 // indirect + github.com/kubescape/k8s-interface v0.0.94-0.20221228202834-4b64f2440950 // indirect github.com/kubescape/rbac-utils v0.0.19 // indirect + github.com/kylelemons/godebug v1.1.0 // indirect github.com/libgit2/git2go/v33 v33.0.9 // indirect github.com/magiconair/properties v1.8.6 // indirect github.com/mailru/easyjson v0.7.7 // indirect @@ -142,6 +136,7 @@ require ( github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect github.com/owenrumney/go-sarif/v2 v2.1.2 // indirect + github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/pquerna/cachecontrol v0.1.0 // indirect @@ -166,12 +161,12 @@ require ( go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.22.0 // indirect golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // indirect - golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect - golang.org/x/net v0.0.0-20220909164309-bea034e7d591 // indirect + golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect + golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10 // indirect golang.org/x/oauth2 v0.0.0-20220630143837-2104d58473e0 // indirect - golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 // indirect - golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect - golang.org/x/text v0.3.7 // indirect + golang.org/x/sys v0.3.0 // indirect + golang.org/x/term v0.3.0 // indirect + golang.org/x/text v0.5.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect gonum.org/v1/gonum v0.9.1 // indirect @@ -187,12 +182,12 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect helm.sh/helm/v3 v3.9.0 // indirect - k8s.io/api v0.25.3 // indirect + k8s.io/api v0.26.0 // indirect k8s.io/apiextensions-apiserver v0.24.2 // indirect - k8s.io/apimachinery v0.25.3 // indirect - k8s.io/client-go v0.25.3 // indirect + k8s.io/apimachinery v0.26.0 // indirect + k8s.io/client-go v0.26.0 // indirect k8s.io/klog/v2 v2.80.1 // indirect - k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect + k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect sigs.k8s.io/controller-runtime v0.12.3 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/kustomize/api v0.11.4 // indirect diff --git a/httphandler/go.sum b/httphandler/go.sum index d4c493ee..ff0d845b 100644 --- a/httphandler/go.sum +++ b/httphandler/go.sum @@ -72,36 +72,26 @@ dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1 dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU= gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= -github.com/Azure/azure-sdk-for-go v66.0.0+incompatible h1:bmmC38SlE8/E81nNADlgmVGurPWMHDX2YNXVQMrBpEE= -github.com/Azure/azure-sdk-for-go v66.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.0 h1:Ut0ZGdOwJDw0npYEg+TLlPls3Pq6JiZaP2/aGKir7Zw= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.0/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.0 h1:t/W5MYAuQy81cvM8VUNfRLzhtKpXhVUAN7Cd7KVbTyc= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.0/go.mod h1:NBanQUfSWiWn3QEpWDTCU0IjBECKOYvl2R8xdRtMtiM= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.0.0 h1:WJd2y/3vp3sgG1u1KfDaEyGiM9oC11cBa9rbmsSv5rQ= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.0.0/go.mod h1:XlGHa0e9Mg7RNOshDEuc0HptPdtN/SI0HCu+02rdnOA= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 v2.2.0 h1:3L+gX5ssCABAToH0VQ64/oNz7rr+ShW+2sB+sonzIlY= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 v2.2.0/go.mod h1:4gUds0dEPFIld6DwHfbo0cLBljyIyI5E5ciPb5MLi3Q= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= -github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= -github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= -github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= -github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= -github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg= -github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 h1:P6bYXFoao05z5uhOQzbC3Qd8JqF3jUoocoTeIxkp2cA= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.11/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 h1:0W/yGmFdTIT77fvdlGZ0LMISoLHFJ7Tx4U0yeB+uFs4= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg= -github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= -github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw= -github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= -github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk= -github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= -github.com/Azure/go-autorest/autorest/validation v0.3.1 h1:AgyqjAd94fwNAoTjl/WQXg4VvFeRFpO+UhNyRXqF1ac= -github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= -github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= +github.com/AzureAD/microsoft-authentication-library-for-go v0.7.0 h1:VgSJlZH5u0k2qxSpqyghcFQKmvYckj46uymKK5XzkBM= +github.com/AzureAD/microsoft-authentication-library-for-go v0.7.0/go.mod h1:BDJ5qMFKx9DugEg3+uQSDCdbYPr5s9vBTrL9P8TpqOU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= @@ -123,9 +113,7 @@ github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8 github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 h1:YoJbenK9C67SkzkDfmQuVln04ygHj3vjZfd9FL+GmQQ= github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= -github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/a8m/envsubst v1.3.0 h1:GmXKmVssap0YtlU3E230W98RWtWCyIZzjtf1apWWyAg= github.com/a8m/envsubst v1.3.0/go.mod h1:MVUTQNGQ3tsjOOtKCNd+fl8RzhsXcDvvAEzkhGtlsbY= @@ -261,6 +249,7 @@ github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+ github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= +github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c= github.com/docker/docker v20.10.17+incompatible h1:JYCuMrWaVNophQTOrMMoSwudOVEfcegoZZrleKc1xwE= github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= @@ -275,8 +264,8 @@ github.com/elliotchance/orderedmap v1.5.0 h1:1IsExUsjv5XNBD3ZdC7jkAAqLWOOKdbPTmk github.com/elliotchance/orderedmap v1.5.0/go.mod h1:wsDwEaX5jEoyhbs7x93zk2H/qv0zwuhg4inXhDkYqys= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw= -github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= +github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg= github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= github.com/enescakir/emoji v1.0.0 h1:W+HsNql8swfCQFtioDGDHCHri8nudlK1n5p2rHCJoog= @@ -363,8 +352,9 @@ github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUe github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= -github.com/go-openapi/jsonreference v0.19.6 h1:UBIxjkht+AWIgYzCDSv2GN+E/togfwXUJFRTWhl2Jjs= github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns= +github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA= +github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= github.com/go-openapi/loads v0.21.1 h1:Wb3nVZpdEzDTcly8S4HMkey6fjARRzb7iEaySimlDW0= github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= github.com/go-openapi/runtime v0.24.1 h1:Sml5cgQKGYQHF+M7yYSHaH1eOjvTykrddTE/KtQVjqo= @@ -425,9 +415,8 @@ github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zV github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU= -github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs= +github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ= @@ -490,8 +479,9 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= -github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -643,12 +633,14 @@ github.com/kubescape/go-git-url v0.0.20 h1:oTtmF4c4Vmt0Og3Qbnjkz18sdu4ZdHubQlO6J github.com/kubescape/go-git-url v0.0.20/go.mod h1:IbVT7Wsxlghsa+YxI5KOx4k9VQJaa3z0kTaQz5D3nKM= github.com/kubescape/go-logger v0.0.6 h1:ynhAmwrz0O7Jtqq1CdmCZUrKveji25hVP+B/FAb3QrA= github.com/kubescape/go-logger v0.0.6/go.mod h1:DnVWEvC90LFY1nNMaNo6nBVOcqkLMK3S0qzXP1fzRvI= -github.com/kubescape/k8s-interface v0.0.89 h1:OtlvZosHpjlbHfsilfQk2wRbuBnxwF0e+WZX6GbkfLU= -github.com/kubescape/k8s-interface v0.0.89/go.mod h1:pgFRs20mHiavf6+fFWY7h/f8HuKlwuZwirvjxiKJlu0= -github.com/kubescape/opa-utils v0.0.218 h1:3YFloD8NYn0iKeheIaJAr7QynWQJsAjD2o4hlI3RFjE= -github.com/kubescape/opa-utils v0.0.218/go.mod h1:sNCabe+qZmZLSs/T76fPewEZnl5TSzGq4vhmPd1tP3o= +github.com/kubescape/k8s-interface v0.0.94-0.20221228202834-4b64f2440950 h1:r9QwpzU4FG0B4XRbKx0J0VsmwO00+a6c2a8Utq5ae0k= +github.com/kubescape/k8s-interface v0.0.94-0.20221228202834-4b64f2440950/go.mod h1:cFE6PoBm+31LjynY2XkzX19mRmaE9CRk2UQv/rEF3ZY= +github.com/kubescape/opa-utils v0.0.222 h1:+szwU3VvYzqc8SP0JC82LOkaarwpVseGt5EZYTf0w5o= +github.com/kubescape/opa-utils v0.0.222/go.mod h1:cKWsKl2t2XP7Mc3t1c3hNdf8Kg0sxikUcqATfq09vzU= github.com/kubescape/rbac-utils v0.0.19 h1:7iydgVxlMLW15MgHORfMBMqNj9jHtFGACd744fdtrFs= github.com/kubescape/rbac-utils v0.0.19/go.mod h1:t57AhSrjuNGQ+mpZWQM/hBzrCOeKBDHegFoVo4tbikQ= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -739,11 +731,11 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU= +github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q= +github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys= github.com/open-policy-agent/opa v0.45.0 h1:P5nuhVRtR+e58fk3CMMbiqr6ZFyWQPNOC3otsorGsFs= github.com/open-policy-agent/opa v0.45.0/go.mod h1:/OnsYljNEWJ6DXeFOOnoGn8CvwZGMUS4iRqzYdJvmBI= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -764,6 +756,8 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= github.com/phpdave11/gofpdi v1.0.7/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= +github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 h1:Qj1ukM4GlMWXNdMBuXcXfz/Kw9s1qm0CLY32QxuSImI= +github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -1010,7 +1004,6 @@ golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWP golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM= golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= @@ -1062,8 +1055,9 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1125,8 +1119,8 @@ golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220617184016-355a448f1bc9/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220909164309-bea034e7d591 h1:D0B/7al0LLrVC8aWF4+oxpv/m8bc7ViFfVS8/gXGdqI= -golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10 h1:Frnccbp+ok2GkUS2tC84yAq/U9Vg+0sIO7aRL3T4Xnc= +golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1263,12 +1257,13 @@ golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 h1:v6hYoSR9T5oet+pMXwUWkbiVqx/63mlHjefrHmxwfeY= -golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= +golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1277,8 +1272,9 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= +golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1624,17 +1620,17 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.24.2/go.mod h1:AHqbSkTm6YrQ0ObxjO3Pmp/ubFF/KuM7jU+3khoBsOg= -k8s.io/api v0.25.3 h1:Q1v5UFfYe87vi5H7NU0p4RXC26PPMT8KOpr1TLQbCMQ= -k8s.io/api v0.25.3/go.mod h1:o42gKscFrEVjHdQnyRenACrMtbuJsVdP+WVjqejfzmI= +k8s.io/api v0.26.0 h1:IpPlZnxBpV1xl7TGk/X6lFtpgjgntCg8PJ+qrPHAC7I= +k8s.io/api v0.26.0/go.mod h1:k6HDTaIFC8yn1i6pSClSqIwLABIcLV9l5Q4EcngKnQg= k8s.io/apiextensions-apiserver v0.24.2 h1:/4NEQHKlEz1MlaK/wHT5KMKC9UKYz6NZz6JE6ov4G6k= k8s.io/apiextensions-apiserver v0.24.2/go.mod h1:e5t2GMFVngUEHUd0wuCJzw8YDwZoqZfJiGOW6mm2hLQ= k8s.io/apimachinery v0.24.2/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM= -k8s.io/apimachinery v0.25.3 h1:7o9ium4uyUOM76t6aunP0nZuex7gDf8VGwkR5RcJnQc= -k8s.io/apimachinery v0.25.3/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo= +k8s.io/apimachinery v0.26.0 h1:1feANjElT7MvPqp0JT6F3Ss6TWDwmcjLypwoPpEf7zg= +k8s.io/apimachinery v0.26.0/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= k8s.io/apiserver v0.24.2/go.mod h1:pSuKzr3zV+L+MWqsEo0kHHYwCo77AT5qXbFXP2jbvFI= k8s.io/client-go v0.24.2/go.mod h1:zg4Xaoo+umDsfCWr4fCnmLEtQXyCNXCvJuSsglNcV30= -k8s.io/client-go v0.25.3 h1:oB4Dyl8d6UbfDHD8Bv8evKylzs3BXzzufLiO27xuPs0= -k8s.io/client-go v0.25.3/go.mod h1:t39LPczAIMwycjcXkVc+CB+PZV69jQuNx4um5ORDjQA= +k8s.io/client-go v0.26.0 h1:lT1D3OfO+wIi9UFolCrifbjUUgu7CpLca0AD8ghRLI8= +k8s.io/client-go v0.26.0/go.mod h1:I2Sh57A79EQsDmn7F7ASpmru1cceh3ocVT9KlX2jEZg= k8s.io/code-generator v0.24.2/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w= k8s.io/component-base v0.24.2/go.mod h1:ucHwW76dajvQ9B7+zecZAP3BVqvrHoOxm8olHEg0nmM= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= @@ -1647,8 +1643,8 @@ k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk= -k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA= -k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU= +k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E= +k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y=