diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index 243f81a5..00000000 --- a/.dockerignore +++ /dev/null @@ -1,5 +0,0 @@ -# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file -# Ignore all files which are not go type -!**/*.go -!**/*.mod -!**/*.sum diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9b76f82e..52ff1a35 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -3,58 +3,78 @@ on: push: tags: - "v*" + env: VERSION: ${{ github.ref_name }} - IMAGE: quay.io/jetstack/cert-manager-approver-policy:${{ github.ref_name }} + jobs: - docker-image: + build_images: + runs-on: ubuntu-latest + permissions: - contents: write - id-token: write - runs-on: ubuntu-22.04 + contents: read # needed for checkout + packages: write # needed for push images + id-token: write # needed for keyless signing + steps: - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_PASSWORD }} - - uses: docker/build-push-action@v5 + + - uses: actions/setup-go@v4 with: - context: . - file: ./Dockerfile - platforms: linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le - push: true - tags: ${{ env.IMAGE }} - build-args: | - VERSION=${{ env.VERSION }} - - github-release: - runs-on: ubuntu-22.04 - needs: - - docker-image + go-version-file: go.mod + + - id: release + run: make release + + - uses: actions/upload-artifact@v3 + with: + name: trust-manager-${{ env.VERSION }}.tgz + path: ${{ steps.release.outputs.RELEASE_HELM_CHART_TAR }} + + outputs: + RELEASE_OCI_MANAGER_IMAGE: ${{ steps.release.outputs.RELEASE_OCI_MANAGER_IMAGE }} + RELEASE_OCI_MANAGER_TAG: ${{ steps.release.outputs.RELEASE_OCI_MANAGER_TAG }} + RELEASE_HELM_CHART_NAME: ${{ steps.release.outputs.RELEASE_HELM_CHART_NAME }} + RELEASE_HELM_CHART_VERSION: ${{ steps.release.outputs.RELEASE_HELM_CHART_VERSION }} + + github_release: + runs-on: ubuntu-latest + + needs: build_images + + permissions: + contents: write # needed for creating a PR + pull-requests: write # needed for creating a PR + steps: - - uses: actions/checkout@v4 - - id: create_helm_archive - run: make helm-chart - - id: create_release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - run: | + touch .notes-file + echo "OCI_MANAGER_IMAGE: ${{ needs.build_images.outputs.RELEASE_OCI_MANAGER_IMAGE }}" >> .notes-file + echo "OCI_MANAGER_TAG: ${{ needs.build_images.outputs.RELEASE_OCI_MANAGER_TAG }}" >> .notes-file + echo "HELM_CHART_NAME: ${{ needs.build_images.outputs.RELEASE_HELM_CHART_NAME }}" >> .notes-file + echo "HELM_CHART_VERSION: ${{ needs.build_images.outputs.RELEASE_HELM_CHART_VERSION }}" >> .notes-file + + - id: chart_download + uses: actions/download-artifact@v3 with: - tag_name: ${{ env.VERSION }} - release_name: ${{ env.VERSION }} - draft: true - prerelease: true - body: | - Docker Image: `${{ env.IMAGE }}` - - uses: actions/upload-release-asset@v1 - env: + name: trust-manager-${{ env.VERSION }}.tgz + + - env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ${{ steps.create_helm_archive.outputs.path }} - asset_name: cert-manager-approver-policy.helm-chart.tgz - asset_content_type: application/gzip + run: | + gh release create "$VERSION" \ + --repo="$GITHUB_REPOSITORY" \ + --title="${GITHUB_REPOSITORY#*/} ${VERSION#v}" \ + --draft \ + --verify-tag \ + --notes-file .notes-file + + gh release upload "$VERSION" \ + --repo="$GITHUB_REPOSITORY" \ + "${{ steps.chart_download.outputs.download-path }}/trust-manager-$VERSION.tgz" diff --git a/.gitignore b/.gitignore index 9841dd46..dea47876 100644 --- a/.gitignore +++ b/.gitignore @@ -1,12 +1,11 @@ - # Binaries for programs and plugins *.exe *.exe~ *.dll *.so *.dylib -_bin bin +testbin/* # Test binary, build with `go test -c` *.test @@ -15,17 +14,18 @@ bin *.out # Kubernetes Generated files - skip generated files, except for vendored files - !vendor/**/zz_generated.* # editor and IDE paraphernalia .idea -*.iml *.swp *.swo *~ +_bin +_certs +_artifacts .vscode -/approver-policy -/_artifacts +# direnv files +.envrc diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..156378c9 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,3 @@ +# Contributing + +Please refer to the [cert-manager Contributing guide](https://cert-manager.io/docs/contributing/). diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index de0995f3..00000000 --- a/Dockerfile +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright 2021 The cert-manager Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Build the approver-policy binary -FROM docker.io/library/golang:1.20 as builder - -WORKDIR /workspace -# Copy the Go Modules manifests -COPY go.mod go.mod -COPY go.sum go.sum - -# Copy the go source files -COPY Makefile Makefile -COPY cmd/ cmd/ -COPY pkg/ pkg/ - -RUN go mod download - -ARG VERSION -# Build -RUN make build VERSION=${VERSION} - -# Use distroless as minimal base image to package the manager binary -# Refer to https://github.com/GoogleContainerTools/distroless for more details -# To get latest SHA run crane digest gcr.io/distroless/static:latest -FROM gcr.io/distroless/static@sha256:7198a357ff3a8ef750b041324873960cf2153c11cc50abb9d8d5f8bb089f6b4e -LABEL description="cert-manager Approver based on CertificateRequestPolicy CRD policies" - -WORKDIR / -USER 1001 -COPY --from=builder /workspace/bin/approver-policy /usr/bin/cert-manager-approver-policy - -ENTRYPOINT ["/usr/bin/cert-manager-approver-policy"] diff --git a/Makefile b/Makefile index f6d7d190..98bcd5f8 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -# Copyright 2021 The cert-manager Authors. +# Copyright 2023 The cert-manager Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,6 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + MAKEFLAGS += --warn-undefined-variables --no-builtin-rules SHELL := /usr/bin/env bash .SHELLFLAGS := -uo pipefail -c @@ -19,274 +20,44 @@ SHELL := /usr/bin/env bash .SUFFIXES: FORCE: -# The version of approver-policy -VERSION ?= $(shell git describe --tags --always --dirty --match='v*' --abbrev=14) - -BINDIR := $(CURDIR)/_bin - -.PHONY: all -all: help - -ARCH ?= $(shell go env GOARCH) -OS ?= $(shell go env GOOS) - -# Check https://github.com/helm/helm/releases for latest available release -HELM_VERSION ?= 3.11.3 -# Check https://github.com/kubernetes-sigs/kubebuilder/blob/tools-releases/build/cloudbuild_tools.yaml -# for latest available tag -KUBEBUILDER_TOOLS_VERSION ?= 1.27.1 -# Check https://github.com/kyverno/kyverno/releases for latest available release -KYVERNO_VERSION ?= v1.10.0 -K8S_CLUSTER_NAME ?= approver-policy -IMAGE_REGISTRY ?= quay.io/jetstack -IMAGE_NAME := cert-manager-approver-policy -IMAGE_TAG := $(VERSION) -IMAGE := $(IMAGE_REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG) - -GOMARKDOC_FLAGS=--format github --repository.url "https://github.com/cert-manager/approver-policy" --repository.default-branch master --repository.path / - -# An OCI Helm chart registry where the Helm package will be uploaded on release. -# Empty by default to prevent accidental publication of the Helm chart. -HELM_CHART_REGISTRY ?= - -helm_chart_archive := $(BINDIR)/charts/cert-manager-approver-policy-$(VERSION).tgz - -##@ General - -# The help target prints out all targets with their descriptions organized -# beneath their categories. The categories are represented by '##@' and the -# target descriptions by '##'. The awk commands is responsible for reading the -# entire set of makefiles included in this invocation, looking for lines of the -# file as xyz: ## something, and then pretty-format the target and help. Then, -# if there's a line with ##@ something, that gets pretty-printed as a category. -# More info on the usage of ANSI control characters for terminal formatting: -# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters -# More info on the awk command: -# http://linuxcommand.org/lc3_adv_awk.php - -.PHONY: help -help: ## Display this help. - @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) - -##@ Utilities - -.PHONY: clean -clean: ## clean up created files - rm -rf \ - $(BINDIR) \ - _artifacts - -##@ Build - -.PHONY: build -build: ## Build manager binary. - CGO_ENABLED=0 go build -o bin/approver-policy ./cmd/ - -.PHONY: image -image: ## build docker image - docker build --tag ${IMAGE} --build-arg VERSION=$(VERSION) . - -##@ Development - -.PHONY: generate-manifests -generate-manifests: ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. -generate-manifests: | $(BINDIR)/controller-gen - $(BINDIR)/controller-gen rbac:roleName=manager-role crd webhook paths="./..." \ - output:crd:artifacts:config=$(helm_chart_source_dir)/templates/crds - -.PHONY: generate-deepcopy -generate-deepcopy: ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. -generate-deepcopy: | $(BINDIR)/controller-gen - $(BINDIR)/controller-gen object:headerFile="hack/boilerplate/boilerplate.go.txt" paths="./..." - -.PHONY: generate-protos -generate-protos: ## Generate protocol buffer Go code. -generate-protos: | $(BINDIR)/protoc-gen-go - $(BINDIR)/protoc --plugin=$(BINDIR)/protoc-gen-go --proto_path=. --go_out=. --go_opt=paths=source_relative \ - pkg/internal/approver/validation/certificaterequest.proto - -.PHONY: generate-helm-docs -generate-helm-docs: ## Generate helm docs -generate-helm-docs: | $(BINDIR)/helm-docs - $(BINDIR)/helm-docs deploy/charts/approver-policy - -.PHONY: generate-api-docs -generate-api-docs: | $(BINDIR)/gomarkdoc - mkdir -p docs/api - $(BINDIR)/gomarkdoc $(GOMARKDOC_FLAGS) --output docs/api/api.md github.com/cert-manager/approver-policy/pkg/apis/policy/v1alpha1 - -.PHONY: generate -generate: ## generate code and documentation -generate: fmt -generate: generate-manifests -generate: generate-deepcopy -generate: generate-helm-docs -generate: generate-api-docs -generate: generate-protos - -.PHONY: fmt -fmt: ## Run go fmt against code. - go fmt ./... - -.PHONY: vet -vet: ## Run go vet against code. - go vet ./... +noop: # do nothing -##@ Testing +################################## +# Host OS and architecture setup # +################################## -.PHONY: verify-pod-security-standards -verify-pod-security-standards: $(helm_chart_archive) | $(BINDIR)/kyverno $(BINDIR)/kustomize $(BINDIR)/helm - $(BINDIR)/kyverno apply <($(BINDIR)/kustomize build https://github.com/kyverno/policies/pod-security/enforce) \ - --resource <($(BINDIR)/helm template $(helm_chart_archive)) 2>/dev/null +# The reason we don't use "go env GOOS" or "go env GOARCH" is that the "go" +# binary may not be available in the PATH yet when the Makefiles are +# evaluated. HOST_OS and HOST_ARCH only support Linux, *BSD and macOS (M1 +# and Intel). +HOST_OS ?= $(shell uname -s | tr A-Z a-z) +HOST_ARCH ?= $(shell uname -m) +ifeq (x86_64, $(HOST_ARCH)) + HOST_ARCH = amd64 +endif -# Run both `helm lint` and `helm template`, to check that the templates can be rendered. -.PHONY: verify-helm-lint -verify-helm-lint: $(helm_chart_archive) | $(BINDIR)/helm - $(BINDIR)/helm lint $(helm_chart_archive) - $(BINDIR)/helm template $(helm_chart_archive) --values hack/helm/sample-chart-values.yaml +################################## +# Git and versioning information # +################################## -# instead of running verify-generate-api-docs, this target uses the gomarkdoc --check flag to verify that the docs are up to date -.PHONY: verify-api-docs -verify-api-docs: $(BINDIR)/gomarkdoc - @$(BINDIR)/gomarkdoc \ - --check $(GOMARKDOC_FLAGS) \ - --output docs/api/api.md github.com/cert-manager/approver-policy/pkg/apis/policy/v1alpha1 \ - || (echo "docs are not up to date; run 'make generate' and commit the result" && exit 1) +VERSION ?= $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty) +GITCOMMIT := $(shell git rev-parse HEAD) -# Run the supplied make target argument in a temporary workspace and diff the results. -verify-%: FORCE - ./hack/util/verify.sh $(MAKE) -s $* +################################## +# Global variables and dirs # +################################## -.PHONY: verify -verify: ## Verify code and generate targets. -verify: vet -verify: verify-generate-manifests -verify: verify-generate-deepcopy -verify: verify-generate-helm-docs -verify: verify-api-docs - @echo "The following targets create temporary files in the current directory, that is why they have to be run last:" - $(MAKE) \ - verify-helm-lint \ - verify-pod-security-standards +bin_dir := _bin -cert_manager_crds: $(BINDIR)/cert-manager/crds.yaml -$(BINDIR)/cert-manager/crds.yaml: | $(BINDIR) - mkdir -p $(BINDIR)/cert-manager - curl -sSLo $(BINDIR)/cert-manager/crds.yaml https://github.com/cert-manager/cert-manager/releases/download/$(shell curl --silent "https://api.github.com/repos/cert-manager/cert-manager/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')/cert-manager.crds.yaml - -.PHONY: test -test: cert_manager_crds tools ## Test approver-policy - KUBEBUILDER_ASSETS=$(BINDIR)/kubebuilder/bin \ - ROOTDIR=$(CURDIR) \ - $(BINDIR)/ginkgo -procs=1 -v $(TEST_ARGS) ./cmd/... ./pkg/... - -.PHONY: demo -demo: cert_manager_crds tools ## create cluster and deploy approver-policy - REPO_ROOT=$(shell pwd) ./hack/ci/create-cluster.sh - -.PHONY: smoke -smoke: demo ## create cluster, deploy approver-policy, run smoke tests - REPO_ROOT=$(shell pwd) ./hack/ci/run-smoke-test.sh - REPO_ROOT=$(shell pwd) ./hack/ci/delete-cluster.sh - -##@ Helm Chart - -helm_chart_source_dir := deploy/charts/approver-policy -helm_chart_sources := $(shell find $(helm_chart_source_dir) -maxdepth 1 -type f) $(shell find $(helm_chart_source_dir)/templates -type f) - -$(helm_chart_archive): $(helm_chart_sources) | $(BINDIR)/helm - $(eval helm_chart_source_dir_versioned := $(BINDIR)/charts/approver-policy-$(VERSION)) - rm -rf $(helm_chart_source_dir_versioned) - mkdir -p $(dir $(helm_chart_source_dir_versioned)) - cp -a $(helm_chart_source_dir) $(helm_chart_source_dir_versioned) - mkdir -p $(dir $@) - $(BINDIR)/helm package $(helm_chart_source_dir_versioned) \ - --app-version $(VERSION) \ - --version $(VERSION) \ - --destination $(dir $@) - -# Allow target to create GitHub outputs when run via GitHub Actions -GITHUB_OUTPUT ?= /dev/null - -.PHONY: helm-chart -helm-chart: ## Create a helm chart -helm-chart: $(helm_chart_archive) - @echo path=$(helm_chart_archive) >> $(GITHUB_OUTPUT) - -##@ Tools - --include osvars.mk -# -# protocol compiler -# ------------------ -PROTOC_VERSION := 25.0 -PROTOC_RELEASES_PATH := https://github.com/protocolbuffers/protobuf/releases/download -PROTOC_ZIP := protoc-$(PROTOC_VERSION)-$(PROTOC_PLATFORM).zip -PROTOC_DOWNLOAD := $(PROTOC_RELEASES_PATH)/v$(PROTOC_VERSION)/$(PROTOC_ZIP) - -$(BINDIR)/protoc: | $(BINDIR) - curl --location $(PROTOC_DOWNLOAD) --output $(BINDIR)/$(PROTOC_ZIP) - unzip -o -d "$(BINDIR)" $(BINDIR)/$(PROTOC_ZIP) && mv $(BINDIR)/bin/protoc $@ - -$(BINDIR)/protoc-gen-go: | $(BINDIR)/protoc - cd hack/tools && go build -o $@ google.golang.org/protobuf/cmd/protoc-gen-go - -$(BINDIR): +$(bin_dir) $(bin_dir)/scratch: mkdir -p $@ -$(BINDIR)/deepcopy-gen: | $(BINDIR) - cd hack/tools && go build -o $@ k8s.io/code-generator/cmd/deepcopy-gen - -$(BINDIR)/controller-gen: | $(BINDIR) - cd hack/tools && go build -o $@ sigs.k8s.io/controller-tools/cmd/controller-gen - -$(BINDIR)/ginkgo: | $(BINDIR) - cd hack/tools && go build -o $@ github.com/onsi/ginkgo/v2/ginkgo - -$(BINDIR)/kind: | $(BINDIR) - cd hack/tools && go build -o $@ sigs.k8s.io/kind - -$(BINDIR)/kustomize: | $(BINDIR) - cd hack/tools && go build -o $@ sigs.k8s.io/kustomize/kustomize/v5 - -$(BINDIR)/helm: | $(BINDIR) - curl -o $(BINDIR)/helm.tar.gz -sSL "https://get.helm.sh/helm-v$(HELM_VERSION)-$(OS)-$(ARCH).tar.gz" - tar -C $(BINDIR) -xzf $(BINDIR)/helm.tar.gz - cp $(BINDIR)/$(OS)-$(ARCH)/helm $@ - rm -r $(BINDIR)/$(OS)-$(ARCH) $(BINDIR)/helm.tar.gz - $(BINDIR)/helm repo add jetstack https://charts.jetstack.io --force-update - -$(BINDIR)/kubectl: | $(BINDIR) - curl -o $@ -LO "https://storage.googleapis.com/kubernetes-release/release/$(shell curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/$(OS)/$(ARCH)/kubectl" - chmod +x $@ - -$(BINDIR)/kubebuilder/bin/kube-apiserver: | $(BINDIR) - curl -sSLo $(BINDIR)/envtest-bins.tar.gz "https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-$(KUBEBUILDER_TOOLS_VERSION)-$(OS)-$(ARCH).tar.gz" - mkdir -p $(BINDIR)/kubebuilder - tar -C $(BINDIR)/kubebuilder --strip-components=1 -zvxf $(BINDIR)/envtest-bins.tar.gz - -$(BINDIR)/gomarkdoc: | $(BINDIR) - cd hack/tools && go build -o $@ github.com/princjef/gomarkdoc/cmd/gomarkdoc - -$(BINDIR)/helm-docs: | $(BINDIR) - cd hack/tools && go build -o $@ github.com/norwoodj/helm-docs/cmd/helm-docs - -$(BINDIR)/kyverno: | $(BINDIR) - curl https://github.com/kyverno/kyverno/releases/download/$(KYVERNO_VERSION)/kyverno-cli_$(KYVERNO_VERSION)_$(OS)_$(subst amd64,x86_64,${ARCH}).tar.gz -fsSL -o $@.tar.gz - @# O writes the specified file to stdout - tar xfO $@.tar.gz kyverno > $@ - chmod +x $@ - rm -f $@.tar.gz +################################## +# Include all the Makefiles # +################################## -.PHONY: tools -tools: ## Download and setup all tools -tools: $(BINDIR)/deepcopy-gen -tools: $(BINDIR)/controller-gen -tools: $(BINDIR)/ginkgo -tools: $(BINDIR)/kind -tools: $(BINDIR)/helm -tools: $(BINDIR)/kubectl -tools: $(BINDIR)/kubebuilder/bin/kube-apiserver -tools: $(BINDIR)/gomarkdoc -tools: $(BINDIR)/helm-docs -tools: $(BINDIR)/protoc-gen-go +-include make/00_mod.mk +-include make/_shared/*/00_mod.mk +-include make/_shared/*/01_mod.mk +-include make/02_mod.mk +-include make/_shared/*/02_mod.mk diff --git a/OWNERS b/OWNERS index 057a499b..b82b958c 100644 --- a/OWNERS +++ b/OWNERS @@ -1,19 +1,4 @@ approvers: -- munnerz -- joshvanl -- wallrj -- jakexks -- maelvls -- irbekrm -- sgtcodfish -- inteon +- cert-manager-maintainers reviewers: -- munnerz -- joshvanl -- wallrj -- jakexks -- maelvls -- irbekrm -- sgtcodfish -- inteon -- erikgb +- cert-manager-maintainers diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES new file mode 100644 index 00000000..8226c2d9 --- /dev/null +++ b/OWNERS_ALIASES @@ -0,0 +1,10 @@ +aliases: + cert-manager-maintainers: + - munnerz + - joshvanl + - wallrj + - jakexks + - maelvls + - irbekrm + - sgtcodfish + - inteon diff --git a/SECURITY.md b/SECURITY.md index 5b5107e8..3b96b8a7 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,6 +1,3 @@ -# Vulnerability Reporting Process +# Security -Security is the number one priority for cert-manager. If you think you've -found a vulnerability in approver-policy, or in any cert-manager -project, please follow the [vulnerability reporting process](https://github.com/cert-manager/cert-manager/blob/master/SECURITY.md) -documented in the main cert-manager repository. +Please refer to the [cert-manager organisation security document](https://github.com/cert-manager/community/blob/main/SECURITY.md). diff --git a/deploy/charts/approver-policy/Chart.yaml b/deploy/charts/approver-policy/Chart.yaml index 32ec4dbd..8f8f00e1 100644 --- a/deploy/charts/approver-policy/Chart.yaml +++ b/deploy/charts/approver-policy/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -name: cert-manager-approver-policy +name: approver-policy type: application -description: A Helm chart for cert-manager-approver-policy +description: A Helm chart for approver-policy home: https://github.com/cert-manager/approver-policy maintainers: diff --git a/deploy/charts/approver-policy/README.md b/deploy/charts/approver-policy/README.md index 0cc9b885..f6cc81c1 100644 --- a/deploy/charts/approver-policy/README.md +++ b/deploy/charts/approver-policy/README.md @@ -1,8 +1,8 @@ -# cert-manager-approver-policy +# approver-policy ![Version: v0.0.0](https://img.shields.io/badge/Version-v0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.0](https://img.shields.io/badge/AppVersion-v0.0.0-informational?style=flat-square) -A Helm chart for cert-manager-approver-policy +A Helm chart for approver-policy **Homepage:** @@ -39,11 +39,9 @@ A Helm chart for cert-manager-approver-policy | app.webhook.timeoutSeconds | int | `5` | Timeout of webhook HTTP request. | | app.webhook.tolerations | list | `[]` | https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | | commonLabels | object | `{}` | Optional allow custom labels to be placed on resources | -| image.digest | string | `nil` | Target image digest. Will override any tag if set. for example: digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 | | image.pullPolicy | string | `"IfNotPresent"` | Kubernetes imagePullPolicy on Deployment. | -| image.registry | string | `nil` | Target image registry. Will be prepended to the target image repositry if set. | | image.repository | string | `"quay.io/jetstack/cert-manager-approver-policy"` | Target image repository. | -| image.tag | string | `nil` | Target image version tag. Defaults to the chart's appVersion. | +| image.tag | string | `""` | Target image version tag (if empty, Chart AppVersion will be used) | | imagePullSecrets | list | `[]` | Optional secrets used for pulling the approver-policy container image. | | podAnnotations | object | `{}` | Optional allow custom annotations to be placed on cert-manager-approver pod | | replicaCount | int | `1` | Number of replicas of approver-policy to run. | diff --git a/deploy/charts/approver-policy/crd_bases/policy.cert-manager.io_certificaterequestpolicies.yaml b/deploy/charts/approver-policy/crd_bases/policy.cert-manager.io_certificaterequestpolicies.yaml new file mode 100644 index 00000000..60bc2460 --- /dev/null +++ b/deploy/charts/approver-policy/crd_bases/policy.cert-manager.io_certificaterequestpolicies.yaml @@ -0,0 +1,584 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: certificaterequestpolicies.policy.cert-manager.io +spec: + group: policy.cert-manager.io + names: + categories: + - cert-manager + kind: CertificateRequestPolicy + listKind: CertificateRequestPolicyList + plural: certificaterequestpolicies + shortNames: + - crp + singular: certificaterequestpolicy + scope: Cluster + versions: + - additionalPrinterColumns: + - description: CertificateRequestPolicy is ready for evaluation + jsonPath: .status.conditions[?(@.type == "Ready")].status + name: Ready + type: string + - description: Timestamp CertificateRequestPolicy was created + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: CertificateRequestPolicy is an object for describing a "policy + profile" that makes decisions on whether applicable CertificateRequests + should be approved or denied. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CertificateRequestPolicySpec defines the desired state of + CertificateRequestPolicy. + properties: + allowed: + description: Allowed is the set of attributes that are "allowed" by + this policy. A CertificateRequest will only be considered permissible + for this policy if the CertificateRequest has the same or less as + what is allowed. Empty or `nil` allowed fields mean CertificateRequests + are not allowed to have that field present to be permissible. + properties: + commonName: + description: CommonName defines the X.509 Common Name that is + permissible. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Value is + also defined. + type: boolean + value: + description: Value defines the value that is permissible to + be present on the request. Accepts wildcards "*". An omitted + field or value of `nil` forbids the value from being requested. + An empty string is equivalent to `nil`, however an empty + string pared with Required as `true` is an impossible condition + that always denies. Value may not be `nil` if Required is + `true`. + type: string + type: object + dnsNames: + description: DNSNames defines the X.509 DNS SANs that may be requested + for. Accepts wildcards "*". + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field as + not required. + type: boolean + values: + description: Defines the values that are permissible to be + present on request. Accepts wildcards "*". An omitted field + or value of `nil` forbids any value on the related field + in the request from being requested. An empty slice `[]` + is equivalent to `nil`, however an empty slice pared with + Required `true` is an impossible condition that always denies. + Values may not be `nil` if Required is `true`. + items: + type: string + type: array + type: object + emailAddresses: + description: EmailAddresses defines the X.509 Email SANs that + may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field as + not required. + type: boolean + values: + description: Defines the values that are permissible to be + present on request. Accepts wildcards "*". An omitted field + or value of `nil` forbids any value on the related field + in the request from being requested. An empty slice `[]` + is equivalent to `nil`, however an empty slice pared with + Required `true` is an impossible condition that always denies. + Values may not be `nil` if Required is `true`. + items: + type: string + type: array + type: object + ipAddresses: + description: IPAddresses defines the X.509 IP SANs that may be + requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field as + not required. + type: boolean + values: + description: Defines the values that are permissible to be + present on request. Accepts wildcards "*". An omitted field + or value of `nil` forbids any value on the related field + in the request from being requested. An empty slice `[]` + is equivalent to `nil`, however an empty slice pared with + Required `true` is an impossible condition that always denies. + Values may not be `nil` if Required is `true`. + items: + type: string + type: array + type: object + isCA: + description: IsCA defines whether it is permissible for a CertificateRequest + to have the `spec.IsCA` field set to `true`. An omitted field, + value of `nil` or `false`, forbids the `spec.IsCA` field from + bring `true`. A value of `true` permits CertificateRequests + setting the `spec.IsCA` field to `true`. + type: boolean + subject: + description: Subject defines the X.509 subject that is permissible. + An omitted field or value of `nil` forbids any Subject being + requested. + properties: + countries: + description: Countries define the X.509 Subject Countries + that may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field + as not required. + type: boolean + values: + description: Defines the values that are permissible to + be present on request. Accepts wildcards "*". An omitted + field or value of `nil` forbids any value on the related + field in the request from being requested. An empty + slice `[]` is equivalent to `nil`, however an empty + slice pared with Required `true` is an impossible condition + that always denies. Values may not be `nil` if Required + is `true`. + items: + type: string + type: array + type: object + localities: + description: Localities defines the X.509 Subject Localities + that may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field + as not required. + type: boolean + values: + description: Defines the values that are permissible to + be present on request. Accepts wildcards "*". An omitted + field or value of `nil` forbids any value on the related + field in the request from being requested. An empty + slice `[]` is equivalent to `nil`, however an empty + slice pared with Required `true` is an impossible condition + that always denies. Values may not be `nil` if Required + is `true`. + items: + type: string + type: array + type: object + organizationalUnits: + description: OrganizationalUnits defines the X.509 Subject + Organizational Units that may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field + as not required. + type: boolean + values: + description: Defines the values that are permissible to + be present on request. Accepts wildcards "*". An omitted + field or value of `nil` forbids any value on the related + field in the request from being requested. An empty + slice `[]` is equivalent to `nil`, however an empty + slice pared with Required `true` is an impossible condition + that always denies. Values may not be `nil` if Required + is `true`. + items: + type: string + type: array + type: object + organizations: + description: Organizations define the X.509 Subject Organizations + that may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field + as not required. + type: boolean + values: + description: Defines the values that are permissible to + be present on request. Accepts wildcards "*". An omitted + field or value of `nil` forbids any value on the related + field in the request from being requested. An empty + slice `[]` is equivalent to `nil`, however an empty + slice pared with Required `true` is an impossible condition + that always denies. Values may not be `nil` if Required + is `true`. + items: + type: string + type: array + type: object + postalCodes: + description: PostalCodes defines the X.509 Subject Postal + Codes that may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field + as not required. + type: boolean + values: + description: Defines the values that are permissible to + be present on request. Accepts wildcards "*". An omitted + field or value of `nil` forbids any value on the related + field in the request from being requested. An empty + slice `[]` is equivalent to `nil`, however an empty + slice pared with Required `true` is an impossible condition + that always denies. Values may not be `nil` if Required + is `true`. + items: + type: string + type: array + type: object + provinces: + description: Provinces defines the X.509 Subject Provinces + that may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field + as not required. + type: boolean + values: + description: Defines the values that are permissible to + be present on request. Accepts wildcards "*". An omitted + field or value of `nil` forbids any value on the related + field in the request from being requested. An empty + slice `[]` is equivalent to `nil`, however an empty + slice pared with Required `true` is an impossible condition + that always denies. Values may not be `nil` if Required + is `true`. + items: + type: string + type: array + type: object + serialNumber: + description: SerialNumber defines the X.509 Subject Serial + Number that may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Value + is also defined. + type: boolean + value: + description: Value defines the value that is permissible + to be present on the request. Accepts wildcards "*". + An omitted field or value of `nil` forbids the value + from being requested. An empty string is equivalent + to `nil`, however an empty string pared with Required + as `true` is an impossible condition that always denies. + Value may not be `nil` if Required is `true`. + type: string + type: object + streetAddresses: + description: StreetAddresses defines the X.509 Subject Street + Addresses that may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field + as not required. + type: boolean + values: + description: Defines the values that are permissible to + be present on request. Accepts wildcards "*". An omitted + field or value of `nil` forbids any value on the related + field in the request from being requested. An empty + slice `[]` is equivalent to `nil`, however an empty + slice pared with Required `true` is an impossible condition + that always denies. Values may not be `nil` if Required + is `true`. + items: + type: string + type: array + type: object + type: object + uris: + description: URIs defines the X.509 URI SANs that may be requested + for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field as + not required. + type: boolean + values: + description: Defines the values that are permissible to be + present on request. Accepts wildcards "*". An omitted field + or value of `nil` forbids any value on the related field + in the request from being requested. An empty slice `[]` + is equivalent to `nil`, however an empty slice pared with + Required `true` is an impossible condition that always denies. + Values may not be `nil` if Required is `true`. + items: + type: string + type: array + type: object + usages: + description: Usages defines the list of permissible key usages + that may appear on the CertificateRequest `spec.keyUsages` field. + An omitted field or value of `nil` forbids any Usages being + requested. An empty slice `[]` is equivalent to `nil`. + items: + description: "KeyUsage specifies valid usage contexts for keys. + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + \n Valid KeyUsage values are as follows: \"signing\", \"digital + signature\", \"content commitment\", \"key encipherment\", + \"key agreement\", \"data encipherment\", \"cert sign\", \"crl + sign\", \"encipher only\", \"decipher only\", \"any\", \"server + auth\", \"client auth\", \"code signing\", \"email protection\", + \"s/mime\", \"ipsec end system\", \"ipsec tunnel\", \"ipsec + user\", \"timestamping\", \"ocsp signing\", \"microsoft sgc\", + \"netscape sgc\"" + enum: + - signing + - digital signature + - content commitment + - key encipherment + - key agreement + - data encipherment + - cert sign + - crl sign + - encipher only + - decipher only + - any + - server auth + - client auth + - code signing + - email protection + - s/mime + - ipsec end system + - ipsec tunnel + - ipsec user + - timestamping + - ocsp signing + - microsoft sgc + - netscape sgc + type: string + type: array + type: object + constraints: + description: Constraints is the set of attributes that _must_ be satisfied + by the CertificateRequest for the request to be permissible by the + policy. Empty or `nil` constraint fields mean CertificateRequests + satisfy that field with any value of their corresponding attribute. + properties: + maxDuration: + description: MaxDuration defines the maximum duration a certificate + may be requested for. Values are inclusive (i.e. a max value + of `1h` will accept a duration of `1h`). MaxDuration and MinDuration + may be the same value. An omitted field or value of `nil` permits + any maximum duration. If MaxDuration is defined, a duration + _must_ be requested on the CertificateRequest. + type: string + minDuration: + description: MinDuration defines the minimum duration a certificate + may be requested for. Values are inclusive (i.e. a min value + of `1h` will accept a duration of `1h`). MinDuration and MaxDuration + may be the same value. An omitted field or value of `nil` permits + any minimum duration. If MinDuration is defined, a duration + _must_ be requested on the CertificateRequest. + type: string + privateKey: + description: PrivateKey defines the shape of permissible private + keys that may be used for the request with this policy. An omitted + field or value of `nil` permits the use of any private key by + the requestor. + properties: + algorithm: + description: Algorithm defines the allowed crypto algorithm + that is used by the requestor for their private key in their + request. An omitted field or value of `nil` permits any + Algorithm. + enum: + - RSA + - ECDSA + - Ed25519 + type: string + maxSize: + description: MaxSize defines the maximum key size a requestor + may use for their private key. Values are inclusive (i.e. + a min value of `2048` will accept a size of `2048`). MaxSize + and MinSize may be the same value. An omitted field or value + of `nil` permits any maximum size. + type: integer + minSize: + description: MinSize defines the minimum key size a requestor + may use for their private key. Values are inclusive (i.e. + a min value of `2048` will accept a size of `2048`). MinSize + and MaxSize may be the same value. An omitted field or value + of `nil` permits any minimum size. + type: integer + type: object + type: object + plugins: + additionalProperties: + description: CertificateRequestPolicyPluginData is configuration + needed by the plugin approver to evaluate a CertificateRequest + on this policy. + properties: + values: + additionalProperties: + type: string + description: Values define a set of well-known, to the plugin, + key value pairs that are required for the plugin to successfully + evaluate a request based on this policy. + type: object + type: object + description: Plugins define a set of plugins and their configuration + that should be executed when this policy is evaluated against a + CertificateRequest. A plugin must already be built within approver-policy + for it to be available. + type: object + selector: + description: Selector is used for selecting over which CertificateRequests + this CertificateRequestPolicy is appropriate for and so will used + for its approval evaluation. + properties: + issuerRef: + description: "IssuerRef is used to match this CertificateRequestPolicy + against processed CertificateRequests. This policy will only + be evaluated against a CertificateRequest whose `spec.issuerRef` + field matches `spec.selector.issuerRef`. CertificateRequests + will not be processed on unmatched `issuerRef` if defined, regardless + of whether the requestor is bound by RBAC. Accepts wildcards + \"*\". Omitted values are equivalent to \"*\". \n The following + value will match _all_ `issuerRefs`: ``` issuerRef: {} ```" + properties: + group: + description: Group is the wildcard selector to match the `spec.issuerRef.group` + field on requests. Accepts wildcards "*". An omitted field + or value of `nil` matches all. + type: string + kind: + description: Kind is the wildcard selector to match the `spec.issuerRef.kind` + field on requests. Accepts wildcards "*". An omitted field + or value of `nil` matches all. + type: string + name: + description: Name is the wildcard selector to match the `spec.issuerRef.name` + field on requests. Accepts wildcards "*". An omitted field + or value of `nil` matches all. + type: string + type: object + namespace: + description: Namespace is used to select on Namespaces, meaning + the CertificateRequestPolicy will only match on CertificateRequests + that have been created in matching selected Namespaces. If this + field is omitted, all Namespaces are selected. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is the set of Namespace labels that + select on CertificateRequests which have been created in + a Namespace matching the selector. + type: object + matchNames: + description: MatchNames are the set of Namespace names that + select on CertificateRequests that have been created in + a matching Namespace. Accepts wildcards "*". + items: + type: string + type: array + type: object + type: object + required: + - selector + type: object + status: + description: CertificateRequestPolicyStatus defines the observed state + of the CertificateRequestPolicy. + properties: + conditions: + description: List of status conditions to indicate the status of the + CertificateRequestPolicy. Known condition types are `Ready`. + items: + description: CertificateRequestPolicyCondition contains condition + information for a CertificateRequestPolicyStatus. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the + details of the last transition, complementing reason. + type: string + observedGeneration: + description: If set, this represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the CertificateRequestPolicy. + format: int64 + type: integer + reason: + description: Reason is a brief machine readable explanation + for the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: Type of the condition, known values are (`Ready`). + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/charts/approver-policy/templates/_helpers.tpl b/deploy/charts/approver-policy/templates/_helpers.tpl index 4b6b2b7a..ddfa6a55 100644 --- a/deploy/charts/approver-policy/templates/_helpers.tpl +++ b/deploy/charts/approver-policy/templates/_helpers.tpl @@ -27,17 +27,3 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{ toYaml .Values.commonLabels }} {{- end }} {{- end -}} - -{{/* -Util function for generating the image URL based on the provided options. -IMPORTANT: This function is standarized across all charts in the cert-manager GH organization. -Any changes to this function should also be made in cert-manager, trust-manager, approver-policy, ... -See https://github.com/cert-manager/cert-manager/issues/6329 for a list of linked PRs. -*/}} -{{- define "image" -}} -{{- $defaultTag := index . 1 -}} -{{- with index . 0 -}} -{{- if .registry -}}{{ printf "%s/%s" .registry .repository }}{{- else -}}{{- .repository -}}{{- end -}} -{{- if .digest -}}{{ printf "@%s" .digest }}{{- else -}}{{ printf ":%s" (default $defaultTag .tag) }}{{- end -}} -{{- end }} -{{- end }} diff --git a/deploy/charts/approver-policy/templates/deployment.yaml b/deploy/charts/approver-policy/templates/deployment.yaml index 0254214c..f947d7fc 100644 --- a/deploy/charts/approver-policy/templates/deployment.yaml +++ b/deploy/charts/approver-policy/templates/deployment.yaml @@ -31,7 +31,7 @@ spec: serviceAccountName: {{ include "cert-manager-approver-policy.name" . }} containers: - name: {{ include "cert-manager-approver-policy.name" . }} - image: "{{ template "image" (tuple .Values.image $.Chart.AppVersion) }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - containerPort: {{ .Values.app.webhook.port }} diff --git a/deploy/charts/approver-policy/templates/policy.cert-manager.io_certificaterequestpolicies.yaml b/deploy/charts/approver-policy/templates/policy.cert-manager.io_certificaterequestpolicies.yaml new file mode 100644 index 00000000..03cd7ae0 --- /dev/null +++ b/deploy/charts/approver-policy/templates/policy.cert-manager.io_certificaterequestpolicies.yaml @@ -0,0 +1,586 @@ +{{ if .Values.crds.enabled }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: certificaterequestpolicies.policy.cert-manager.io +spec: + group: policy.cert-manager.io + names: + categories: + - cert-manager + kind: CertificateRequestPolicy + listKind: CertificateRequestPolicyList + plural: certificaterequestpolicies + shortNames: + - crp + singular: certificaterequestpolicy + scope: Cluster + versions: + - additionalPrinterColumns: + - description: CertificateRequestPolicy is ready for evaluation + jsonPath: .status.conditions[?(@.type == "Ready")].status + name: Ready + type: string + - description: Timestamp CertificateRequestPolicy was created + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: CertificateRequestPolicy is an object for describing a "policy + profile" that makes decisions on whether applicable CertificateRequests + should be approved or denied. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CertificateRequestPolicySpec defines the desired state of + CertificateRequestPolicy. + properties: + allowed: + description: Allowed is the set of attributes that are "allowed" by + this policy. A CertificateRequest will only be considered permissible + for this policy if the CertificateRequest has the same or less as + what is allowed. Empty or `nil` allowed fields mean CertificateRequests + are not allowed to have that field present to be permissible. + properties: + commonName: + description: CommonName defines the X.509 Common Name that is + permissible. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Value is + also defined. + type: boolean + value: + description: Value defines the value that is permissible to + be present on the request. Accepts wildcards "*". An omitted + field or value of `nil` forbids the value from being requested. + An empty string is equivalent to `nil`, however an empty + string pared with Required as `true` is an impossible condition + that always denies. Value may not be `nil` if Required is + `true`. + type: string + type: object + dnsNames: + description: DNSNames defines the X.509 DNS SANs that may be requested + for. Accepts wildcards "*". + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field as + not required. + type: boolean + values: + description: Defines the values that are permissible to be + present on request. Accepts wildcards "*". An omitted field + or value of `nil` forbids any value on the related field + in the request from being requested. An empty slice `[]` + is equivalent to `nil`, however an empty slice pared with + Required `true` is an impossible condition that always denies. + Values may not be `nil` if Required is `true`. + items: + type: string + type: array + type: object + emailAddresses: + description: EmailAddresses defines the X.509 Email SANs that + may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field as + not required. + type: boolean + values: + description: Defines the values that are permissible to be + present on request. Accepts wildcards "*". An omitted field + or value of `nil` forbids any value on the related field + in the request from being requested. An empty slice `[]` + is equivalent to `nil`, however an empty slice pared with + Required `true` is an impossible condition that always denies. + Values may not be `nil` if Required is `true`. + items: + type: string + type: array + type: object + ipAddresses: + description: IPAddresses defines the X.509 IP SANs that may be + requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field as + not required. + type: boolean + values: + description: Defines the values that are permissible to be + present on request. Accepts wildcards "*". An omitted field + or value of `nil` forbids any value on the related field + in the request from being requested. An empty slice `[]` + is equivalent to `nil`, however an empty slice pared with + Required `true` is an impossible condition that always denies. + Values may not be `nil` if Required is `true`. + items: + type: string + type: array + type: object + isCA: + description: IsCA defines whether it is permissible for a CertificateRequest + to have the `spec.IsCA` field set to `true`. An omitted field, + value of `nil` or `false`, forbids the `spec.IsCA` field from + bring `true`. A value of `true` permits CertificateRequests + setting the `spec.IsCA` field to `true`. + type: boolean + subject: + description: Subject defines the X.509 subject that is permissible. + An omitted field or value of `nil` forbids any Subject being + requested. + properties: + countries: + description: Countries define the X.509 Subject Countries + that may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field + as not required. + type: boolean + values: + description: Defines the values that are permissible to + be present on request. Accepts wildcards "*". An omitted + field or value of `nil` forbids any value on the related + field in the request from being requested. An empty + slice `[]` is equivalent to `nil`, however an empty + slice pared with Required `true` is an impossible condition + that always denies. Values may not be `nil` if Required + is `true`. + items: + type: string + type: array + type: object + localities: + description: Localities defines the X.509 Subject Localities + that may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field + as not required. + type: boolean + values: + description: Defines the values that are permissible to + be present on request. Accepts wildcards "*". An omitted + field or value of `nil` forbids any value on the related + field in the request from being requested. An empty + slice `[]` is equivalent to `nil`, however an empty + slice pared with Required `true` is an impossible condition + that always denies. Values may not be `nil` if Required + is `true`. + items: + type: string + type: array + type: object + organizationalUnits: + description: OrganizationalUnits defines the X.509 Subject + Organizational Units that may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field + as not required. + type: boolean + values: + description: Defines the values that are permissible to + be present on request. Accepts wildcards "*". An omitted + field or value of `nil` forbids any value on the related + field in the request from being requested. An empty + slice `[]` is equivalent to `nil`, however an empty + slice pared with Required `true` is an impossible condition + that always denies. Values may not be `nil` if Required + is `true`. + items: + type: string + type: array + type: object + organizations: + description: Organizations define the X.509 Subject Organizations + that may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field + as not required. + type: boolean + values: + description: Defines the values that are permissible to + be present on request. Accepts wildcards "*". An omitted + field or value of `nil` forbids any value on the related + field in the request from being requested. An empty + slice `[]` is equivalent to `nil`, however an empty + slice pared with Required `true` is an impossible condition + that always denies. Values may not be `nil` if Required + is `true`. + items: + type: string + type: array + type: object + postalCodes: + description: PostalCodes defines the X.509 Subject Postal + Codes that may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field + as not required. + type: boolean + values: + description: Defines the values that are permissible to + be present on request. Accepts wildcards "*". An omitted + field or value of `nil` forbids any value on the related + field in the request from being requested. An empty + slice `[]` is equivalent to `nil`, however an empty + slice pared with Required `true` is an impossible condition + that always denies. Values may not be `nil` if Required + is `true`. + items: + type: string + type: array + type: object + provinces: + description: Provinces defines the X.509 Subject Provinces + that may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field + as not required. + type: boolean + values: + description: Defines the values that are permissible to + be present on request. Accepts wildcards "*". An omitted + field or value of `nil` forbids any value on the related + field in the request from being requested. An empty + slice `[]` is equivalent to `nil`, however an empty + slice pared with Required `true` is an impossible condition + that always denies. Values may not be `nil` if Required + is `true`. + items: + type: string + type: array + type: object + serialNumber: + description: SerialNumber defines the X.509 Subject Serial + Number that may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Value + is also defined. + type: boolean + value: + description: Value defines the value that is permissible + to be present on the request. Accepts wildcards "*". + An omitted field or value of `nil` forbids the value + from being requested. An empty string is equivalent + to `nil`, however an empty string pared with Required + as `true` is an impossible condition that always denies. + Value may not be `nil` if Required is `true`. + type: string + type: object + streetAddresses: + description: StreetAddresses defines the X.509 Subject Street + Addresses that may be requested for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field + as not required. + type: boolean + values: + description: Defines the values that are permissible to + be present on request. Accepts wildcards "*". An omitted + field or value of `nil` forbids any value on the related + field in the request from being requested. An empty + slice `[]` is equivalent to `nil`, however an empty + slice pared with Required `true` is an impossible condition + that always denies. Values may not be `nil` if Required + is `true`. + items: + type: string + type: array + type: object + type: object + uris: + description: URIs defines the X.509 URI SANs that may be requested + for. + properties: + required: + description: Required marks this field as being a required + value on the request. May only be set to true if Values + is also defined. Default is nil which marks the field as + not required. + type: boolean + values: + description: Defines the values that are permissible to be + present on request. Accepts wildcards "*". An omitted field + or value of `nil` forbids any value on the related field + in the request from being requested. An empty slice `[]` + is equivalent to `nil`, however an empty slice pared with + Required `true` is an impossible condition that always denies. + Values may not be `nil` if Required is `true`. + items: + type: string + type: array + type: object + usages: + description: Usages defines the list of permissible key usages + that may appear on the CertificateRequest `spec.keyUsages` field. + An omitted field or value of `nil` forbids any Usages being + requested. An empty slice `[]` is equivalent to `nil`. + items: + description: "KeyUsage specifies valid usage contexts for keys. + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + \n Valid KeyUsage values are as follows: \"signing\", \"digital + signature\", \"content commitment\", \"key encipherment\", + \"key agreement\", \"data encipherment\", \"cert sign\", \"crl + sign\", \"encipher only\", \"decipher only\", \"any\", \"server + auth\", \"client auth\", \"code signing\", \"email protection\", + \"s/mime\", \"ipsec end system\", \"ipsec tunnel\", \"ipsec + user\", \"timestamping\", \"ocsp signing\", \"microsoft sgc\", + \"netscape sgc\"" + enum: + - signing + - digital signature + - content commitment + - key encipherment + - key agreement + - data encipherment + - cert sign + - crl sign + - encipher only + - decipher only + - any + - server auth + - client auth + - code signing + - email protection + - s/mime + - ipsec end system + - ipsec tunnel + - ipsec user + - timestamping + - ocsp signing + - microsoft sgc + - netscape sgc + type: string + type: array + type: object + constraints: + description: Constraints is the set of attributes that _must_ be satisfied + by the CertificateRequest for the request to be permissible by the + policy. Empty or `nil` constraint fields mean CertificateRequests + satisfy that field with any value of their corresponding attribute. + properties: + maxDuration: + description: MaxDuration defines the maximum duration a certificate + may be requested for. Values are inclusive (i.e. a max value + of `1h` will accept a duration of `1h`). MaxDuration and MinDuration + may be the same value. An omitted field or value of `nil` permits + any maximum duration. If MaxDuration is defined, a duration + _must_ be requested on the CertificateRequest. + type: string + minDuration: + description: MinDuration defines the minimum duration a certificate + may be requested for. Values are inclusive (i.e. a min value + of `1h` will accept a duration of `1h`). MinDuration and MaxDuration + may be the same value. An omitted field or value of `nil` permits + any minimum duration. If MinDuration is defined, a duration + _must_ be requested on the CertificateRequest. + type: string + privateKey: + description: PrivateKey defines the shape of permissible private + keys that may be used for the request with this policy. An omitted + field or value of `nil` permits the use of any private key by + the requestor. + properties: + algorithm: + description: Algorithm defines the allowed crypto algorithm + that is used by the requestor for their private key in their + request. An omitted field or value of `nil` permits any + Algorithm. + enum: + - RSA + - ECDSA + - Ed25519 + type: string + maxSize: + description: MaxSize defines the maximum key size a requestor + may use for their private key. Values are inclusive (i.e. + a min value of `2048` will accept a size of `2048`). MaxSize + and MinSize may be the same value. An omitted field or value + of `nil` permits any maximum size. + type: integer + minSize: + description: MinSize defines the minimum key size a requestor + may use for their private key. Values are inclusive (i.e. + a min value of `2048` will accept a size of `2048`). MinSize + and MaxSize may be the same value. An omitted field or value + of `nil` permits any minimum size. + type: integer + type: object + type: object + plugins: + additionalProperties: + description: CertificateRequestPolicyPluginData is configuration + needed by the plugin approver to evaluate a CertificateRequest + on this policy. + properties: + values: + additionalProperties: + type: string + description: Values define a set of well-known, to the plugin, + key value pairs that are required for the plugin to successfully + evaluate a request based on this policy. + type: object + type: object + description: Plugins define a set of plugins and their configuration + that should be executed when this policy is evaluated against a + CertificateRequest. A plugin must already be built within approver-policy + for it to be available. + type: object + selector: + description: Selector is used for selecting over which CertificateRequests + this CertificateRequestPolicy is appropriate for and so will used + for its approval evaluation. + properties: + issuerRef: + description: "IssuerRef is used to match this CertificateRequestPolicy + against processed CertificateRequests. This policy will only + be evaluated against a CertificateRequest whose `spec.issuerRef` + field matches `spec.selector.issuerRef`. CertificateRequests + will not be processed on unmatched `issuerRef` if defined, regardless + of whether the requestor is bound by RBAC. Accepts wildcards + \"*\". Omitted values are equivalent to \"*\". \n The following + value will match _all_ `issuerRefs`: ``` issuerRef: {} ```" + properties: + group: + description: Group is the wildcard selector to match the `spec.issuerRef.group` + field on requests. Accepts wildcards "*". An omitted field + or value of `nil` matches all. + type: string + kind: + description: Kind is the wildcard selector to match the `spec.issuerRef.kind` + field on requests. Accepts wildcards "*". An omitted field + or value of `nil` matches all. + type: string + name: + description: Name is the wildcard selector to match the `spec.issuerRef.name` + field on requests. Accepts wildcards "*". An omitted field + or value of `nil` matches all. + type: string + type: object + namespace: + description: Namespace is used to select on Namespaces, meaning + the CertificateRequestPolicy will only match on CertificateRequests + that have been created in matching selected Namespaces. If this + field is omitted, all Namespaces are selected. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is the set of Namespace labels that + select on CertificateRequests which have been created in + a Namespace matching the selector. + type: object + matchNames: + description: MatchNames are the set of Namespace names that + select on CertificateRequests that have been created in + a matching Namespace. Accepts wildcards "*". + items: + type: string + type: array + type: object + type: object + required: + - selector + type: object + status: + description: CertificateRequestPolicyStatus defines the observed state + of the CertificateRequestPolicy. + properties: + conditions: + description: List of status conditions to indicate the status of the + CertificateRequestPolicy. Known condition types are `Ready`. + items: + description: CertificateRequestPolicyCondition contains condition + information for a CertificateRequestPolicyStatus. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the + details of the last transition, complementing reason. + type: string + observedGeneration: + description: If set, this represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.condition[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the CertificateRequestPolicy. + format: int64 + type: integer + reason: + description: Reason is a brief machine readable explanation + for the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: Type of the condition, known values are (`Ready`). + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{ end }} diff --git a/deploy/charts/approver-policy/values.schema.json b/deploy/charts/approver-policy/values.schema.json new file mode 100644 index 00000000..ce3b920a --- /dev/null +++ b/deploy/charts/approver-policy/values.schema.json @@ -0,0 +1,1788 @@ +{ + "$defs": { + "com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.App": { + "additionalProperties": false, + "properties": { + "approveSignerNames": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "extraArgs": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "logLevel": { + "default": 0, + "format": "int32", + "type": "integer" + }, + "metrics": { + "$ref": "#/$defs/com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.Metrics", + "default": {} + }, + "readinessProbe": { + "$ref": "#/$defs/com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.ReadinessProbe", + "default": {} + }, + "webhook": { + "$ref": "#/$defs/com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.Webhook", + "default": {} + } + }, + "required": [ + "logLevel", + "extraArgs", + "approveSignerNames", + "metrics", + "readinessProbe", + "webhook" + ], + "type": "object" + }, + "com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.ContainerImage": { + "additionalProperties": false, + "properties": { + "pullPolicy": { + "default": "", + "type": "string" + }, + "repository": { + "default": "", + "type": "string" + }, + "tag": { + "default": "", + "type": "string" + } + }, + "required": [ + "repository", + "tag", + "pullPolicy" + ], + "type": "object" + }, + "com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.HelmValues": { + "additionalProperties": false, + "properties": { + "app": { + "$ref": "#/$defs/com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.App", + "default": {} + }, + "commonLabels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "image": { + "$ref": "#/$defs/com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.ContainerImage", + "default": {} + }, + "imagePullSecrets": { + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "podAnnotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "replicaCount": { + "default": 0, + "format": "int32", + "type": "integer" + }, + "resources": { + "$ref": "#/$defs/io.k8s.api.core.v1.ResourceRequirements", + "default": {} + }, + "volumeMounts": { + "items": { + "$ref": "#/$defs/io.k8s.api.core.v1.VolumeMount", + "default": {} + }, + "type": "array" + }, + "volumes": { + "items": { + "$ref": "#/$defs/io.k8s.api.core.v1.Volume", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "replicaCount", + "image", + "imagePullSecrets", + "app", + "volumeMounts", + "volumes", + "resources", + "commonLabels", + "podAnnotations" + ], + "type": "object" + }, + "com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.Metrics": { + "additionalProperties": false, + "properties": { + "port": { + "default": 0, + "format": "int32", + "type": "integer" + }, + "service": { + "$ref": "#/$defs/com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.MetricsService", + "default": {} + } + }, + "required": [ + "port", + "service" + ], + "type": "object" + }, + "com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.MetricsService": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + }, + "servicemonitor": { + "$ref": "#/$defs/com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.ServiceMonitor", + "default": {} + }, + "type": { + "default": "", + "type": "string" + } + }, + "required": [ + "enabled", + "type", + "servicemonitor" + ], + "type": "object" + }, + "com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.ReadinessProbe": { + "additionalProperties": false, + "properties": { + "port": { + "default": 0, + "format": "int32", + "type": "integer" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.ServiceMonitor": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + }, + "interval": { + "default": "", + "type": "string" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "prometheusInstance": { + "default": "", + "type": "string" + }, + "scrapeTimeout": { + "default": "", + "type": "string" + } + }, + "required": [ + "enabled", + "prometheusInstance", + "interval", + "scrapeTimeout", + "labels" + ], + "type": "object" + }, + "com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.Webhook": { + "additionalProperties": false, + "properties": { + "affinity": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "certificateDir": { + "default": "", + "type": "string" + }, + "dnsPolicy": { + "default": "", + "type": "string" + }, + "host": { + "default": "", + "type": "string" + }, + "hostNetwork": { + "default": false, + "type": "boolean" + }, + "nodeSelector": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "type": "object" + }, + "port": { + "default": 0, + "format": "int32", + "type": "integer" + }, + "service": { + "$ref": "#/$defs/com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.WebhookService", + "default": {} + }, + "timeoutSeconds": { + "default": 0, + "format": "int32", + "type": "integer" + }, + "tolerations": { + "items": { + "$ref": "#/$defs/io.k8s.api.core.v1.Toleration", + "default": {} + }, + "type": "array" + } + }, + "required": [ + "host", + "port", + "timeoutSeconds", + "certificateDir", + "service", + "hostNetwork", + "dnsPolicy", + "affinity", + "nodeSelector", + "tolerations" + ], + "type": "object" + }, + "com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.WebhookService": { + "additionalProperties": false, + "properties": { + "nodePort": { + "default": 0, + "format": "int32", + "type": "integer" + }, + "type": { + "default": "", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource": { + "additionalProperties": false, + "description": "Represents a Persistent Disk resource in AWS.\n\nAn AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" + }, + "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "boolean" + }, + "volumeID": { + "default": "", + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.AzureDiskVolumeSource": { + "additionalProperties": false, + "description": "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", + "properties": { + "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.\n\nPossible enum values:\n - `\"None\"`\n - `\"ReadOnly\"`\n - `\"ReadWrite\"`", + "enum": [ + "None", + "ReadOnly", + "ReadWrite" + ], + "type": "string" + }, + "diskName": { + "default": "", + "description": "diskName is the Name of the data disk in the blob storage", + "type": "string" + }, + "diskURI": { + "default": "", + "description": "diskURI is the URI of data disk in the blob storage", + "type": "string" + }, + "fsType": { + "description": "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared\n\nPossible enum values:\n - `\"Dedicated\"`\n - `\"Managed\"`\n - `\"Shared\"`", + "enum": [ + "Dedicated", + "Managed", + "Shared" + ], + "type": "string" + }, + "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + } + }, + "required": [ + "diskName", + "diskURI" + ], + "type": "object" + }, + "io.k8s.api.core.v1.AzureFileVolumeSource": { + "additionalProperties": false, + "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", + "properties": { + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretName": { + "default": "", + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", + "type": "string" + }, + "shareName": { + "default": "", + "description": "shareName is the azure share Name", + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CSIVolumeSource": { + "additionalProperties": false, + "description": "Represents a source location of a volume to mount, managed by an external CSI driver", + "properties": { + "driver": { + "default": "", + "description": "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", + "type": "string" + }, + "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", + "type": "string" + }, + "nodePublishSecretRef": { + "$ref": "#/$defs/io.k8s.api.core.v1.LocalObjectReference", + "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." + }, + "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).", + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", + "type": "object" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CephFSVolumeSource": { + "additionalProperties": false, + "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", + "properties": { + "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", + "type": "string" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "boolean" + }, + "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + }, + "secretRef": { + "$ref": "#/$defs/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + }, + "user": { + "description": "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CinderVolumeSource": { + "additionalProperties": false, + "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/$defs/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." + }, + "volumeID": { + "default": "", + "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapProjection": { + "additionalProperties": false, + "description": "Adapts a ConfigMap into a projected volume.\n\nThe contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "items": { + "$ref": "#/$defs/io.k8s.api.core.v1.KeyToPath", + "default": {} + }, + "type": "array" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapVolumeSource": { + "additionalProperties": false, + "description": "Adapts a ConfigMap into a volume.\n\nThe contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.", + "properties": { + "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "items": { + "$ref": "#/$defs/io.k8s.api.core.v1.KeyToPath", + "default": {} + }, + "type": "array" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIProjection": { + "additionalProperties": false, + "description": "Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.", + "properties": { + "items": { + "description": "Items is a list of DownwardAPIVolume file", + "items": { + "$ref": "#/$defs/io.k8s.api.core.v1.DownwardAPIVolumeFile", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIVolumeFile": { + "additionalProperties": false, + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "properties": { + "fieldRef": { + "$ref": "#/$defs/io.k8s.api.core.v1.ObjectFieldSelector", + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + }, + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "default": "", + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "type": "string" + }, + "resourceFieldRef": { + "$ref": "#/$defs/io.k8s.api.core.v1.ResourceFieldSelector", + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIVolumeSource": { + "additionalProperties": false, + "description": "DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.", + "properties": { + "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "Items is a list of downward API volume file", + "items": { + "$ref": "#/$defs/io.k8s.api.core.v1.DownwardAPIVolumeFile", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EmptyDirVolumeSource": { + "additionalProperties": false, + "description": "Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.", + "properties": { + "medium": { + "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "type": "string" + }, + "sizeLimit": { + "$ref": "#/$defs/io.k8s.apimachinery.pkg.api.resource.Quantity", + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EphemeralVolumeSource": { + "additionalProperties": false, + "description": "Represents an ephemeral volume that is handled by a normal storage driver.", + "properties": { + "volumeClaimTemplate": { + "$ref": "#/$defs/io.k8s.api.core.v1.PersistentVolumeClaimTemplate", + "description": "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes to the PVC after it has been created.\n\nRequired, must not be nil." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.FCVolumeSource": { + "additionalProperties": false, + "description": "Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "lun": { + "description": "lun is Optional: FC target lun number", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.FlexVolumeSource": { + "additionalProperties": false, + "description": "FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", + "properties": { + "driver": { + "default": "", + "description": "driver is the name of the driver to use for this volume.", + "type": "string" + }, + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", + "type": "string" + }, + "options": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "options is Optional: this field holds extra command options if any.", + "type": "object" + }, + "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/$defs/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "io.k8s.api.core.v1.FlockerVolumeSource": { + "additionalProperties": false, + "description": "Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.", + "properties": { + "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated", + "type": "string" + }, + "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.GCEPersistentDiskVolumeSource": { + "additionalProperties": false, + "description": "Represents a Persistent Disk resource in Google Compute Engine.\n\nA GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string" + }, + "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "format": "int32", + "type": "integer" + }, + "pdName": { + "default": "", + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "boolean" + } + }, + "required": [ + "pdName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GitRepoVolumeSource": { + "additionalProperties": false, + "description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", + "properties": { + "directory": { + "description": "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", + "type": "string" + }, + "repository": { + "default": "", + "description": "repository is the URL", + "type": "string" + }, + "revision": { + "description": "revision is the commit hash for the specified revision.", + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GlusterfsVolumeSource": { + "additionalProperties": false, + "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", + "properties": { + "endpoints": { + "default": "", + "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "path": { + "default": "", + "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HostPathVolumeSource": { + "additionalProperties": false, + "description": "Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.", + "properties": { + "path": { + "default": "", + "description": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "type": "string" + }, + "type": { + "description": "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n\nPossible enum values:\n - `\"\"` For backwards compatible, leave it empty if unset\n - `\"BlockDevice\"` A block device must exist at the given path\n - `\"CharDevice\"` A character device must exist at the given path\n - `\"Directory\"` A directory must exist at the given path\n - `\"DirectoryOrCreate\"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet.\n - `\"File\"` A file must exist at the given path\n - `\"FileOrCreate\"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.\n - `\"Socket\"` A UNIX socket must exist at the given path", + "enum": [ + "", + "BlockDevice", + "CharDevice", + "Directory", + "DirectoryOrCreate", + "File", + "FileOrCreate", + "Socket" + ], + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ISCSIVolumeSource": { + "additionalProperties": false, + "description": "Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", + "properties": { + "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", + "type": "boolean" + }, + "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", + "type": "boolean" + }, + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", + "type": "string" + }, + "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.", + "type": "string" + }, + "iqn": { + "default": "", + "description": "iqn is the target iSCSI Qualified Name.", + "type": "string" + }, + "iscsiInterface": { + "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", + "type": "string" + }, + "lun": { + "default": 0, + "description": "lun represents iSCSI Target Lun number.", + "format": "int32", + "type": "integer" + }, + "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/$defs/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication" + }, + "targetPortal": { + "default": "", + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "type": "string" + } + }, + "required": [ + "targetPortal", + "iqn", + "lun" + ], + "type": "object" + }, + "io.k8s.api.core.v1.KeyToPath": { + "additionalProperties": false, + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "default": "", + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "default": "", + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.LocalObjectReference": { + "additionalProperties": false, + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "properties": { + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.NFSVolumeSource": { + "additionalProperties": false, + "description": "Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.", + "properties": { + "path": { + "default": "", + "description": "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "boolean" + }, + "server": { + "default": "", + "description": "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" + } + }, + "required": [ + "server", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ObjectFieldSelector": { + "additionalProperties": false, + "description": "ObjectFieldSelector selects an APIVersioned field of an object.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "default": "", + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimSpec": { + "additionalProperties": false, + "description": "PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "dataSource": { + "$ref": "#/$defs/io.k8s.api.core.v1.TypedLocalObjectReference", + "description": "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." + }, + "dataSourceRef": { + "$ref": "#/$defs/io.k8s.api.core.v1.TypedObjectReference", + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + }, + "resources": { + "$ref": "#/$defs/io.k8s.api.core.v1.ResourceRequirements", + "default": {}, + "description": "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + }, + "selector": { + "$ref": "#/$defs/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", + "description": "selector is a label query over volumes to consider for binding." + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.\n\nPossible enum values:\n - `\"Block\"` means the volume will not be formatted with a filesystem and will remain a raw block device.\n - `\"Filesystem\"` means the volume will be or is formatted with a filesystem.", + "enum": [ + "Block", + "Filesystem" + ], + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimTemplate": { + "additionalProperties": false, + "description": "PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.", + "properties": { + "metadata": { + "$ref": "#/$defs/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta", + "default": {}, + "description": "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation." + }, + "spec": { + "$ref": "#/$defs/io.k8s.api.core.v1.PersistentVolumeClaimSpec", + "default": {}, + "description": "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource": { + "additionalProperties": false, + "description": "PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).", + "properties": { + "claimName": { + "default": "", + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts. Default false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource": { + "additionalProperties": false, + "description": "Represents a Photon Controller persistent disk resource.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "pdID": { + "default": "", + "description": "pdID is the ID that identifies Photon Controller persistent disk", + "type": "string" + } + }, + "required": [ + "pdID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PortworxVolumeSource": { + "additionalProperties": false, + "description": "PortworxVolumeSource represents a Portworx volume resource.", + "properties": { + "fsType": { + "description": "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "volumeID": { + "default": "", + "description": "volumeID uniquely identifies a Portworx volume", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ProjectedVolumeSource": { + "additionalProperties": false, + "description": "Represents a projected volume source", + "properties": { + "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "sources": { + "description": "sources is the list of volume projections", + "items": { + "$ref": "#/$defs/io.k8s.api.core.v1.VolumeProjection", + "default": {} + }, + "type": "array" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.QuobyteVolumeSource": { + "additionalProperties": false, + "description": "Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.", + "properties": { + "group": { + "description": "group to map volume access to Default is no group", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", + "type": "boolean" + }, + "registry": { + "default": "", + "description": "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", + "type": "string" + }, + "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", + "type": "string" + }, + "user": { + "description": "user to map volume access to Defaults to serivceaccount user", + "type": "string" + }, + "volume": { + "default": "", + "description": "volume is a string that references an already created Quobyte volume by name.", + "type": "string" + } + }, + "required": [ + "registry", + "volume" + ], + "type": "object" + }, + "io.k8s.api.core.v1.RBDVolumeSource": { + "additionalProperties": false, + "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", + "type": "string" + }, + "image": { + "default": "", + "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "keyring": { + "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "monitors": { + "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "pool": { + "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/$defs/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + }, + "user": { + "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "monitors", + "image" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ResourceClaim": { + "additionalProperties": false, + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "default": "", + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ResourceFieldSelector": { + "additionalProperties": false, + "description": "ResourceFieldSelector represents container resources (cpu, memory) and their output format", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "$ref": "#/$defs/io.k8s.apimachinery.pkg.api.resource.Quantity", + "default": {}, + "description": "Specifies the output format of the exposed resources, defaults to \"1\"" + }, + "resource": { + "default": "", + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ResourceRequirements": { + "additionalProperties": false, + "description": "ResourceRequirements describes the compute resource requirements.", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "$ref": "#/$defs/io.k8s.api.core.v1.ResourceClaim", + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "$ref": "#/$defs/io.k8s.apimachinery.pkg.api.resource.Quantity", + "default": {} + }, + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "$ref": "#/$defs/io.k8s.apimachinery.pkg.api.resource.Quantity", + "default": {} + }, + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ScaleIOVolumeSource": { + "additionalProperties": false, + "description": "ScaleIOVolumeSource represents a persistent ScaleIO volume", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", + "type": "string" + }, + "gateway": { + "default": "", + "description": "gateway is the host address of the ScaleIO API Gateway.", + "type": "string" + }, + "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", + "type": "string" + }, + "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/$defs/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + }, + "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", + "type": "boolean" + }, + "storageMode": { + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", + "type": "string" + }, + "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", + "type": "string" + }, + "system": { + "default": "", + "description": "system is the name of the storage system as configured in ScaleIO.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", + "type": "string" + } + }, + "required": [ + "gateway", + "system", + "secretRef" + ], + "type": "object" + }, + "io.k8s.api.core.v1.SecretProjection": { + "additionalProperties": false, + "description": "Adapts a secret into a projected volume.\n\nThe contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "items": { + "$ref": "#/$defs/io.k8s.api.core.v1.KeyToPath", + "default": {} + }, + "type": "array" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional field specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SecretVolumeSource": { + "additionalProperties": false, + "description": "Adapts a Secret into a volume.\n\nThe contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", + "properties": { + "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "items": { + "$ref": "#/$defs/io.k8s.api.core.v1.KeyToPath", + "default": {} + }, + "type": "array" + }, + "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ServiceAccountTokenProjection": { + "additionalProperties": false, + "description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).", + "properties": { + "audience": { + "description": "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", + "type": "string" + }, + "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", + "format": "int64", + "type": "integer" + }, + "path": { + "default": "", + "description": "path is the path relative to the mount point of the file to project the token into.", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.StorageOSVolumeSource": { + "additionalProperties": false, + "description": "Represents a StorageOS persistent volume resource.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "$ref": "#/$defs/io.k8s.api.core.v1.LocalObjectReference", + "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + }, + "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", + "type": "string" + }, + "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.Toleration": { + "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.\n\nPossible enum values:\n - `\"NoExecute\"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController.\n - `\"NoSchedule\"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler.\n - `\"PreferNoSchedule\"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler.", + "enum": [ + "NoExecute", + "NoSchedule", + "PreferNoSchedule" + ], + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.\n\nPossible enum values:\n - `\"Equal\"`\n - `\"Exists\"`", + "enum": [ + "Equal", + "Exists" + ], + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.TypedLocalObjectReference": { + "additionalProperties": false, + "description": "TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "default": "", + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "default": "", + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.TypedObjectReference": { + "additionalProperties": false, + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "default": "", + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "default": "", + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Volume": { + "additionalProperties": false, + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", + "properties": { + "awsElasticBlockStore": { + "$ref": "#/$defs/io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource", + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + }, + "azureDisk": { + "$ref": "#/$defs/io.k8s.api.core.v1.AzureDiskVolumeSource", + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + }, + "azureFile": { + "$ref": "#/$defs/io.k8s.api.core.v1.AzureFileVolumeSource", + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod." + }, + "cephfs": { + "$ref": "#/$defs/io.k8s.api.core.v1.CephFSVolumeSource", + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" + }, + "cinder": { + "$ref": "#/$defs/io.k8s.api.core.v1.CinderVolumeSource", + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + }, + "configMap": { + "$ref": "#/$defs/io.k8s.api.core.v1.ConfigMapVolumeSource", + "description": "configMap represents a configMap that should populate this volume" + }, + "csi": { + "$ref": "#/$defs/io.k8s.api.core.v1.CSIVolumeSource", + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." + }, + "downwardAPI": { + "$ref": "#/$defs/io.k8s.api.core.v1.DownwardAPIVolumeSource", + "description": "downwardAPI represents downward API about the pod that should populate this volume" + }, + "emptyDir": { + "$ref": "#/$defs/io.k8s.api.core.v1.EmptyDirVolumeSource", + "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + }, + "ephemeral": { + "$ref": "#/$defs/io.k8s.api.core.v1.EphemeralVolumeSource", + "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.\n\nUse this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.\n\nA pod can use both types of ephemeral volumes and persistent volumes at the same time." + }, + "fc": { + "$ref": "#/$defs/io.k8s.api.core.v1.FCVolumeSource", + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + }, + "flexVolume": { + "$ref": "#/$defs/io.k8s.api.core.v1.FlexVolumeSource", + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin." + }, + "flocker": { + "$ref": "#/$defs/io.k8s.api.core.v1.FlockerVolumeSource", + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" + }, + "gcePersistentDisk": { + "$ref": "#/$defs/io.k8s.api.core.v1.GCEPersistentDiskVolumeSource", + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + }, + "gitRepo": { + "$ref": "#/$defs/io.k8s.api.core.v1.GitRepoVolumeSource", + "description": "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." + }, + "glusterfs": { + "$ref": "#/$defs/io.k8s.api.core.v1.GlusterfsVolumeSource", + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" + }, + "hostPath": { + "$ref": "#/$defs/io.k8s.api.core.v1.HostPathVolumeSource", + "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + }, + "iscsi": { + "$ref": "#/$defs/io.k8s.api.core.v1.ISCSIVolumeSource", + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" + }, + "name": { + "default": "", + "description": "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "nfs": { + "$ref": "#/$defs/io.k8s.api.core.v1.NFSVolumeSource", + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + }, + "persistentVolumeClaim": { + "$ref": "#/$defs/io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource", + "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + }, + "photonPersistentDisk": { + "$ref": "#/$defs/io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource", + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" + }, + "portworxVolume": { + "$ref": "#/$defs/io.k8s.api.core.v1.PortworxVolumeSource", + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine" + }, + "projected": { + "$ref": "#/$defs/io.k8s.api.core.v1.ProjectedVolumeSource", + "description": "projected items for all in one resources secrets, configmaps, and downward API" + }, + "quobyte": { + "$ref": "#/$defs/io.k8s.api.core.v1.QuobyteVolumeSource", + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" + }, + "rbd": { + "$ref": "#/$defs/io.k8s.api.core.v1.RBDVolumeSource", + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" + }, + "scaleIO": { + "$ref": "#/$defs/io.k8s.api.core.v1.ScaleIOVolumeSource", + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." + }, + "secret": { + "$ref": "#/$defs/io.k8s.api.core.v1.SecretVolumeSource", + "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + }, + "storageos": { + "$ref": "#/$defs/io.k8s.api.core.v1.StorageOSVolumeSource", + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." + }, + "vsphereVolume": { + "$ref": "#/$defs/io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource", + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeMount": { + "additionalProperties": false, + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "default": "", + "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", + "type": "string" + }, + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.\n\nPossible enum values:\n - `\"Bidirectional\"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume (\"rshared\" in Linux terminology).\n - `\"HostToContainer\"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume (\"rslave\" in Linux terminology).\n - `\"None\"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to \"private\" in Linux terminology.", + "enum": [ + "Bidirectional", + "HostToContainer", + "None" + ], + "type": "string" + }, + "name": { + "default": "", + "description": "This must match the Name of a Volume.", + "type": "string" + }, + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + "type": "boolean" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", + "type": "string" + } + }, + "required": [ + "name", + "mountPath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeProjection": { + "additionalProperties": false, + "description": "Projection that may be projected along with other supported volume types", + "properties": { + "configMap": { + "$ref": "#/$defs/io.k8s.api.core.v1.ConfigMapProjection", + "description": "configMap information about the configMap data to project" + }, + "downwardAPI": { + "$ref": "#/$defs/io.k8s.api.core.v1.DownwardAPIProjection", + "description": "downwardAPI information about the downwardAPI data to project" + }, + "secret": { + "$ref": "#/$defs/io.k8s.api.core.v1.SecretProjection", + "description": "secret information about the secret data to project" + }, + "serviceAccountToken": { + "$ref": "#/$defs/io.k8s.api.core.v1.ServiceAccountTokenProjection", + "description": "serviceAccountToken is information about the serviceAccountToken data to project" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource": { + "additionalProperties": false, + "description": "Represents a vSphere volume resource.", + "properties": { + "fsType": { + "description": "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", + "type": "string" + }, + "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", + "type": "string" + }, + "volumePath": { + "default": "", + "description": "volumePath is the path that identifies vSphere volume vmdk", + "type": "string" + } + }, + "required": [ + "volumePath" + ], + "type": "object" + }, + "io.k8s.apimachinery.pkg.api.resource.Quantity": { + "additionalProperties": false + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector": { + "additionalProperties": false + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta": { + "additionalProperties": false + } + }, + "$ref": "#/$defs/com.github.cert-manager.approver-policy.deploy.charts.approver-policy.values.HelmValues", + "$schema": "http://json-schema.org/draft-07/schema#" +} diff --git a/deploy/charts/approver-policy/values.yaml b/deploy/charts/approver-policy/values.yaml index e6899937..b2c1174a 100644 --- a/deploy/charts/approver-policy/values.yaml +++ b/deploy/charts/approver-policy/values.yaml @@ -4,17 +4,8 @@ replicaCount: 1 image: # -- Target image repository. repository: quay.io/jetstack/cert-manager-approver-policy - # -- Target image registry. Will be prepended to the target image repositry if set. - registry: - - # -- Target image version tag. Defaults to the chart's appVersion. - tag: - - # -- Target image digest. Will override any tag if set. - # for example: - # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 - digest: - + # -- Target image version tag (if empty, Chart AppVersion will be used) + tag: "" # -- Kubernetes imagePullPolicy on Deployment. pullPolicy: IfNotPresent diff --git a/deploy/charts/approver-policy/values/doc.go b/deploy/charts/approver-policy/values/doc.go new file mode 100644 index 00000000..959a30cf --- /dev/null +++ b/deploy/charts/approver-policy/values/doc.go @@ -0,0 +1,18 @@ +/* +Copyright 2023 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +k8s:openapi-gen=true +package values diff --git a/deploy/charts/approver-policy/values/values.go b/deploy/charts/approver-policy/values/values.go new file mode 100644 index 00000000..a8c25460 --- /dev/null +++ b/deploy/charts/approver-policy/values/values.go @@ -0,0 +1,90 @@ +/* +Copyright 2023 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package values + +import ( + corev1 "k8s.io/api/core/v1" +) + +type HelmValues struct { + ReplicaCount int `json:"replicaCount"` + Image ContainerImage `json:"image"` + ImagePullSecrets []string `json:"imagePullSecrets"` + App App `json:"app"` + VolumeMounts []corev1.VolumeMount `json:"volumeMounts"` + Volumes []corev1.Volume `json:"volumes"` + Resources corev1.ResourceRequirements `json:"resources"` + CommonLabels map[string]string `json:"commonLabels"` + PodAnnotations map[string]string `json:"podAnnotations"` +} + +type App struct { + LogLevel int `json:"logLevel"` + ExtraArgs []string `json:"extraArgs"` + ApproveSignerNames []string `json:"approveSignerNames"` + Metrics Metrics `json:"metrics"` + ReadinessProbe ReadinessProbe `json:"readinessProbe"` + Webhook Webhook `json:"webhook"` +} + +type ReadinessProbe struct { + Port int `json:"port"` +} + +type Metrics struct { + Port int `json:"port"` + Service MetricsService `json:"service"` +} + +type MetricsService struct { + Enabled bool `json:"enabled"` + Type string `json:"type"` + ServiceMonitor ServiceMonitor `json:"servicemonitor"` +} + +type ServiceMonitor struct { + Enabled bool `json:"enabled"` + PrometheusInstance string `json:"prometheusInstance"` + Interval string `json:"interval"` + ScrapeTimeout string `json:"scrapeTimeout"` + Labels map[string]string `json:"labels"` +} + +type Webhook struct { + Host string `json:"host"` + Port int `json:"port"` + TimeoutSeconds int `json:"timeoutSeconds"` + CertificateDir string `json:"certificateDir"` + Service WebhookService `json:"service"` + HostNetwork bool `json:"hostNetwork"` + DNSPolicy string `json:"dnsPolicy"` + Affinity map[string]string `json:"affinity"` + NodeSelector map[string]string `json:"nodeSelector"` + Tolerations []corev1.Toleration `json:"tolerations"` +} + +type WebhookService struct { + Type string `json:"type"` + // +optional + NodePort int `json:"nodePort"` +} + +type ContainerImage struct { + Repository string `json:"repository"` + Tag string `json:"tag"` + PullPolicy string `json:"pullPolicy"` +} diff --git a/docs/api/api.md b/docs/api/api.md index ddb48fea..d8ebfe16 100755 --- a/docs/api/api.md +++ b/docs/api/api.md @@ -11,61 +11,60 @@ import "github.com/cert-manager/approver-policy/pkg/apis/policy/v1alpha1" ## Index - [Variables](<#variables>) -- [type CertificateRequestPolicy](<#type-certificaterequestpolicy>) - - [func (in *CertificateRequestPolicy) DeepCopy() *CertificateRequestPolicy](<#func-certificaterequestpolicy-deepcopy>) - - [func (in *CertificateRequestPolicy) DeepCopyInto(out *CertificateRequestPolicy)](<#func-certificaterequestpolicy-deepcopyinto>) - - [func (in *CertificateRequestPolicy) DeepCopyObject() runtime.Object](<#func-certificaterequestpolicy-deepcopyobject>) -- [type CertificateRequestPolicyAllowed](<#type-certificaterequestpolicyallowed>) - - [func (in *CertificateRequestPolicyAllowed) DeepCopy() *CertificateRequestPolicyAllowed](<#func-certificaterequestpolicyallowed-deepcopy>) - - [func (in *CertificateRequestPolicyAllowed) DeepCopyInto(out *CertificateRequestPolicyAllowed)](<#func-certificaterequestpolicyallowed-deepcopyinto>) -- [type CertificateRequestPolicyAllowedString](<#type-certificaterequestpolicyallowedstring>) - - [func (in *CertificateRequestPolicyAllowedString) DeepCopy() *CertificateRequestPolicyAllowedString](<#func-certificaterequestpolicyallowedstring-deepcopy>) - - [func (in *CertificateRequestPolicyAllowedString) DeepCopyInto(out *CertificateRequestPolicyAllowedString)](<#func-certificaterequestpolicyallowedstring-deepcopyinto>) -- [type CertificateRequestPolicyAllowedStringSlice](<#type-certificaterequestpolicyallowedstringslice>) - - [func (in *CertificateRequestPolicyAllowedStringSlice) DeepCopy() *CertificateRequestPolicyAllowedStringSlice](<#func-certificaterequestpolicyallowedstringslice-deepcopy>) - - [func (in *CertificateRequestPolicyAllowedStringSlice) DeepCopyInto(out *CertificateRequestPolicyAllowedStringSlice)](<#func-certificaterequestpolicyallowedstringslice-deepcopyinto>) -- [type CertificateRequestPolicyAllowedX509Subject](<#type-certificaterequestpolicyallowedx509subject>) - - [func (in *CertificateRequestPolicyAllowedX509Subject) DeepCopy() *CertificateRequestPolicyAllowedX509Subject](<#func-certificaterequestpolicyallowedx509subject-deepcopy>) - - [func (in *CertificateRequestPolicyAllowedX509Subject) DeepCopyInto(out *CertificateRequestPolicyAllowedX509Subject)](<#func-certificaterequestpolicyallowedx509subject-deepcopyinto>) -- [type CertificateRequestPolicyCondition](<#type-certificaterequestpolicycondition>) - - [func (in *CertificateRequestPolicyCondition) DeepCopy() *CertificateRequestPolicyCondition](<#func-certificaterequestpolicycondition-deepcopy>) - - [func (in *CertificateRequestPolicyCondition) DeepCopyInto(out *CertificateRequestPolicyCondition)](<#func-certificaterequestpolicycondition-deepcopyinto>) -- [type CertificateRequestPolicyConditionType](<#type-certificaterequestpolicyconditiontype>) -- [type CertificateRequestPolicyConstraints](<#type-certificaterequestpolicyconstraints>) - - [func (in *CertificateRequestPolicyConstraints) DeepCopy() *CertificateRequestPolicyConstraints](<#func-certificaterequestpolicyconstraints-deepcopy>) - - [func (in *CertificateRequestPolicyConstraints) DeepCopyInto(out *CertificateRequestPolicyConstraints)](<#func-certificaterequestpolicyconstraints-deepcopyinto>) -- [type CertificateRequestPolicyConstraintsPrivateKey](<#type-certificaterequestpolicyconstraintsprivatekey>) - - [func (in *CertificateRequestPolicyConstraintsPrivateKey) DeepCopy() *CertificateRequestPolicyConstraintsPrivateKey](<#func-certificaterequestpolicyconstraintsprivatekey-deepcopy>) - - [func (in *CertificateRequestPolicyConstraintsPrivateKey) DeepCopyInto(out *CertificateRequestPolicyConstraintsPrivateKey)](<#func-certificaterequestpolicyconstraintsprivatekey-deepcopyinto>) -- [type CertificateRequestPolicyList](<#type-certificaterequestpolicylist>) - - [func (in *CertificateRequestPolicyList) DeepCopy() *CertificateRequestPolicyList](<#func-certificaterequestpolicylist-deepcopy>) - - [func (in *CertificateRequestPolicyList) DeepCopyInto(out *CertificateRequestPolicyList)](<#func-certificaterequestpolicylist-deepcopyinto>) - - [func (in *CertificateRequestPolicyList) DeepCopyObject() runtime.Object](<#func-certificaterequestpolicylist-deepcopyobject>) -- [type CertificateRequestPolicyPluginData](<#type-certificaterequestpolicyplugindata>) - - [func (in *CertificateRequestPolicyPluginData) DeepCopy() *CertificateRequestPolicyPluginData](<#func-certificaterequestpolicyplugindata-deepcopy>) - - [func (in *CertificateRequestPolicyPluginData) DeepCopyInto(out *CertificateRequestPolicyPluginData)](<#func-certificaterequestpolicyplugindata-deepcopyinto>) -- [type CertificateRequestPolicySelector](<#type-certificaterequestpolicyselector>) - - [func (in *CertificateRequestPolicySelector) DeepCopy() *CertificateRequestPolicySelector](<#func-certificaterequestpolicyselector-deepcopy>) - - [func (in *CertificateRequestPolicySelector) DeepCopyInto(out *CertificateRequestPolicySelector)](<#func-certificaterequestpolicyselector-deepcopyinto>) -- [type CertificateRequestPolicySelectorIssuerRef](<#type-certificaterequestpolicyselectorissuerref>) - - [func (in *CertificateRequestPolicySelectorIssuerRef) DeepCopy() *CertificateRequestPolicySelectorIssuerRef](<#func-certificaterequestpolicyselectorissuerref-deepcopy>) - - [func (in *CertificateRequestPolicySelectorIssuerRef) DeepCopyInto(out *CertificateRequestPolicySelectorIssuerRef)](<#func-certificaterequestpolicyselectorissuerref-deepcopyinto>) -- [type CertificateRequestPolicySelectorNamespace](<#type-certificaterequestpolicyselectornamespace>) - - [func (in *CertificateRequestPolicySelectorNamespace) DeepCopy() *CertificateRequestPolicySelectorNamespace](<#func-certificaterequestpolicyselectornamespace-deepcopy>) - - [func (in *CertificateRequestPolicySelectorNamespace) DeepCopyInto(out *CertificateRequestPolicySelectorNamespace)](<#func-certificaterequestpolicyselectornamespace-deepcopyinto>) -- [type CertificateRequestPolicySpec](<#type-certificaterequestpolicyspec>) - - [func (in *CertificateRequestPolicySpec) DeepCopy() *CertificateRequestPolicySpec](<#func-certificaterequestpolicyspec-deepcopy>) - - [func (in *CertificateRequestPolicySpec) DeepCopyInto(out *CertificateRequestPolicySpec)](<#func-certificaterequestpolicyspec-deepcopyinto>) -- [type CertificateRequestPolicyStatus](<#type-certificaterequestpolicystatus>) - - [func (in *CertificateRequestPolicyStatus) DeepCopy() *CertificateRequestPolicyStatus](<#func-certificaterequestpolicystatus-deepcopy>) - - [func (in *CertificateRequestPolicyStatus) DeepCopyInto(out *CertificateRequestPolicyStatus)](<#func-certificaterequestpolicystatus-deepcopyinto>) -- [type ValidationRule](<#type-validationrule>) - - [func (in *ValidationRule) DeepCopy() *ValidationRule](<#func-validationrule-deepcopy>) - - [func (in *ValidationRule) DeepCopyInto(out *ValidationRule)](<#func-validationrule-deepcopyinto>) +- [type CertificateRequestPolicy](<#CertificateRequestPolicy>) + - [func \(in \*CertificateRequestPolicy\) DeepCopy\(\) \*CertificateRequestPolicy](<#CertificateRequestPolicy.DeepCopy>) + - [func \(in \*CertificateRequestPolicy\) DeepCopyInto\(out \*CertificateRequestPolicy\)](<#CertificateRequestPolicy.DeepCopyInto>) + - [func \(in \*CertificateRequestPolicy\) DeepCopyObject\(\) runtime.Object](<#CertificateRequestPolicy.DeepCopyObject>) +- [type CertificateRequestPolicyAllowed](<#CertificateRequestPolicyAllowed>) + - [func \(in \*CertificateRequestPolicyAllowed\) DeepCopy\(\) \*CertificateRequestPolicyAllowed](<#CertificateRequestPolicyAllowed.DeepCopy>) + - [func \(in \*CertificateRequestPolicyAllowed\) DeepCopyInto\(out \*CertificateRequestPolicyAllowed\)](<#CertificateRequestPolicyAllowed.DeepCopyInto>) +- [type CertificateRequestPolicyAllowedString](<#CertificateRequestPolicyAllowedString>) + - [func \(in \*CertificateRequestPolicyAllowedString\) DeepCopy\(\) \*CertificateRequestPolicyAllowedString](<#CertificateRequestPolicyAllowedString.DeepCopy>) + - [func \(in \*CertificateRequestPolicyAllowedString\) DeepCopyInto\(out \*CertificateRequestPolicyAllowedString\)](<#CertificateRequestPolicyAllowedString.DeepCopyInto>) +- [type CertificateRequestPolicyAllowedStringSlice](<#CertificateRequestPolicyAllowedStringSlice>) + - [func \(in \*CertificateRequestPolicyAllowedStringSlice\) DeepCopy\(\) \*CertificateRequestPolicyAllowedStringSlice](<#CertificateRequestPolicyAllowedStringSlice.DeepCopy>) + - [func \(in \*CertificateRequestPolicyAllowedStringSlice\) DeepCopyInto\(out \*CertificateRequestPolicyAllowedStringSlice\)](<#CertificateRequestPolicyAllowedStringSlice.DeepCopyInto>) +- [type CertificateRequestPolicyAllowedX509Subject](<#CertificateRequestPolicyAllowedX509Subject>) + - [func \(in \*CertificateRequestPolicyAllowedX509Subject\) DeepCopy\(\) \*CertificateRequestPolicyAllowedX509Subject](<#CertificateRequestPolicyAllowedX509Subject.DeepCopy>) + - [func \(in \*CertificateRequestPolicyAllowedX509Subject\) DeepCopyInto\(out \*CertificateRequestPolicyAllowedX509Subject\)](<#CertificateRequestPolicyAllowedX509Subject.DeepCopyInto>) +- [type CertificateRequestPolicyCondition](<#CertificateRequestPolicyCondition>) + - [func \(in \*CertificateRequestPolicyCondition\) DeepCopy\(\) \*CertificateRequestPolicyCondition](<#CertificateRequestPolicyCondition.DeepCopy>) + - [func \(in \*CertificateRequestPolicyCondition\) DeepCopyInto\(out \*CertificateRequestPolicyCondition\)](<#CertificateRequestPolicyCondition.DeepCopyInto>) +- [type CertificateRequestPolicyConditionType](<#CertificateRequestPolicyConditionType>) +- [type CertificateRequestPolicyConstraints](<#CertificateRequestPolicyConstraints>) + - [func \(in \*CertificateRequestPolicyConstraints\) DeepCopy\(\) \*CertificateRequestPolicyConstraints](<#CertificateRequestPolicyConstraints.DeepCopy>) + - [func \(in \*CertificateRequestPolicyConstraints\) DeepCopyInto\(out \*CertificateRequestPolicyConstraints\)](<#CertificateRequestPolicyConstraints.DeepCopyInto>) +- [type CertificateRequestPolicyConstraintsPrivateKey](<#CertificateRequestPolicyConstraintsPrivateKey>) + - [func \(in \*CertificateRequestPolicyConstraintsPrivateKey\) DeepCopy\(\) \*CertificateRequestPolicyConstraintsPrivateKey](<#CertificateRequestPolicyConstraintsPrivateKey.DeepCopy>) + - [func \(in \*CertificateRequestPolicyConstraintsPrivateKey\) DeepCopyInto\(out \*CertificateRequestPolicyConstraintsPrivateKey\)](<#CertificateRequestPolicyConstraintsPrivateKey.DeepCopyInto>) +- [type CertificateRequestPolicyList](<#CertificateRequestPolicyList>) + - [func \(in \*CertificateRequestPolicyList\) DeepCopy\(\) \*CertificateRequestPolicyList](<#CertificateRequestPolicyList.DeepCopy>) + - [func \(in \*CertificateRequestPolicyList\) DeepCopyInto\(out \*CertificateRequestPolicyList\)](<#CertificateRequestPolicyList.DeepCopyInto>) + - [func \(in \*CertificateRequestPolicyList\) DeepCopyObject\(\) runtime.Object](<#CertificateRequestPolicyList.DeepCopyObject>) +- [type CertificateRequestPolicyPluginData](<#CertificateRequestPolicyPluginData>) + - [func \(in \*CertificateRequestPolicyPluginData\) DeepCopy\(\) \*CertificateRequestPolicyPluginData](<#CertificateRequestPolicyPluginData.DeepCopy>) + - [func \(in \*CertificateRequestPolicyPluginData\) DeepCopyInto\(out \*CertificateRequestPolicyPluginData\)](<#CertificateRequestPolicyPluginData.DeepCopyInto>) +- [type CertificateRequestPolicySelector](<#CertificateRequestPolicySelector>) + - [func \(in \*CertificateRequestPolicySelector\) DeepCopy\(\) \*CertificateRequestPolicySelector](<#CertificateRequestPolicySelector.DeepCopy>) + - [func \(in \*CertificateRequestPolicySelector\) DeepCopyInto\(out \*CertificateRequestPolicySelector\)](<#CertificateRequestPolicySelector.DeepCopyInto>) +- [type CertificateRequestPolicySelectorIssuerRef](<#CertificateRequestPolicySelectorIssuerRef>) + - [func \(in \*CertificateRequestPolicySelectorIssuerRef\) DeepCopy\(\) \*CertificateRequestPolicySelectorIssuerRef](<#CertificateRequestPolicySelectorIssuerRef.DeepCopy>) + - [func \(in \*CertificateRequestPolicySelectorIssuerRef\) DeepCopyInto\(out \*CertificateRequestPolicySelectorIssuerRef\)](<#CertificateRequestPolicySelectorIssuerRef.DeepCopyInto>) +- [type CertificateRequestPolicySelectorNamespace](<#CertificateRequestPolicySelectorNamespace>) + - [func \(in \*CertificateRequestPolicySelectorNamespace\) DeepCopy\(\) \*CertificateRequestPolicySelectorNamespace](<#CertificateRequestPolicySelectorNamespace.DeepCopy>) + - [func \(in \*CertificateRequestPolicySelectorNamespace\) DeepCopyInto\(out \*CertificateRequestPolicySelectorNamespace\)](<#CertificateRequestPolicySelectorNamespace.DeepCopyInto>) +- [type CertificateRequestPolicySpec](<#CertificateRequestPolicySpec>) + - [func \(in \*CertificateRequestPolicySpec\) DeepCopy\(\) \*CertificateRequestPolicySpec](<#CertificateRequestPolicySpec.DeepCopy>) + - [func \(in \*CertificateRequestPolicySpec\) DeepCopyInto\(out \*CertificateRequestPolicySpec\)](<#CertificateRequestPolicySpec.DeepCopyInto>) +- [type CertificateRequestPolicyStatus](<#CertificateRequestPolicyStatus>) + - [func \(in \*CertificateRequestPolicyStatus\) DeepCopy\(\) \*CertificateRequestPolicyStatus](<#CertificateRequestPolicyStatus.DeepCopy>) + - [func \(in \*CertificateRequestPolicyStatus\) DeepCopyInto\(out \*CertificateRequestPolicyStatus\)](<#CertificateRequestPolicyStatus.DeepCopyInto>) ## Variables + + ```go var ( // +k8s:deepcopy-gen=false @@ -79,17 +78,20 @@ var ( ) ``` + + ```go var CertificateRequestPolicyKind = "CertificateRequestPolicy" ``` -SchemeGroupVersion is group version used to register these objects \+k8s:deepcopy\-gen=false +SchemeGroupVersion is group version used to register these objects \+k8s:deepcopy\-gen=false ```go var SchemeGroupVersion = schema.GroupVersion{Group: policy.GroupName, Version: "v1alpha1"} ``` -## type [CertificateRequestPolicy]() + +## type [CertificateRequestPolicy]() CertificateRequestPolicy is an object for describing a "policy profile" that makes decisions on whether applicable CertificateRequests should be approved or denied. @@ -103,7 +105,8 @@ type CertificateRequestPolicy struct { } ``` -### func \(\*CertificateRequestPolicy\) [DeepCopy]() + +### func \(\*CertificateRequestPolicy\) [DeepCopy]() ```go func (in *CertificateRequestPolicy) DeepCopy() *CertificateRequestPolicy @@ -111,7 +114,8 @@ func (in *CertificateRequestPolicy) DeepCopy() *CertificateRequestPolicy DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestPolicy. -### func \(\*CertificateRequestPolicy\) [DeepCopyInto]() + +### func \(\*CertificateRequestPolicy\) [DeepCopyInto]() ```go func (in *CertificateRequestPolicy) DeepCopyInto(out *CertificateRequestPolicy) @@ -119,7 +123,8 @@ func (in *CertificateRequestPolicy) DeepCopyInto(out *CertificateRequestPolicy) DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. -### func \(\*CertificateRequestPolicy\) [DeepCopyObject]() + +### func \(\*CertificateRequestPolicy\) [DeepCopyObject]() ```go func (in *CertificateRequestPolicy) DeepCopyObject() runtime.Object @@ -127,7 +132,8 @@ func (in *CertificateRequestPolicy) DeepCopyObject() runtime.Object DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -## type [CertificateRequestPolicyAllowed]() + +## type [CertificateRequestPolicyAllowed]() CertificateRequestPolicyAllowed defines the allowed attributes for a CertificateRequest. A CertificateRequest can request \_less\_ than what is allowed, but \_not more\_, i.e. a CertificateRequest can request a subset of what is declared as allowed by the policy. Omitted fields declares that the equivalent CertificateRequest field \_must\_ be omitted or have an empty value for the request to be permitted. @@ -179,7 +185,8 @@ type CertificateRequestPolicyAllowed struct { } ``` -### func \(\*CertificateRequestPolicyAllowed\) [DeepCopy]() + +### func \(\*CertificateRequestPolicyAllowed\) [DeepCopy]() ```go func (in *CertificateRequestPolicyAllowed) DeepCopy() *CertificateRequestPolicyAllowed @@ -187,7 +194,8 @@ func (in *CertificateRequestPolicyAllowed) DeepCopy() *CertificateRequestPolicyA DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestPolicyAllowed. -### func \(\*CertificateRequestPolicyAllowed\) [DeepCopyInto]() + +### func \(\*CertificateRequestPolicyAllowed\) [DeepCopyInto]() ```go func (in *CertificateRequestPolicyAllowed) DeepCopyInto(out *CertificateRequestPolicyAllowed) @@ -195,7 +203,8 @@ func (in *CertificateRequestPolicyAllowed) DeepCopyInto(out *CertificateRequestP DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. -## type [CertificateRequestPolicyAllowedString]() + +## type [CertificateRequestPolicyAllowedString]() CertificateRequestPolicyAllowedString represents an allowed string value and/or validations paired with whether the field is a required value on the request. If no allowed value nor validations are specified, the related field must be empty. @@ -228,7 +237,8 @@ type CertificateRequestPolicyAllowedString struct { } ``` -### func \(\*CertificateRequestPolicyAllowedString\) [DeepCopy]() + +### func \(\*CertificateRequestPolicyAllowedString\) [DeepCopy]() ```go func (in *CertificateRequestPolicyAllowedString) DeepCopy() *CertificateRequestPolicyAllowedString @@ -236,7 +246,8 @@ func (in *CertificateRequestPolicyAllowedString) DeepCopy() *CertificateRequestP DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestPolicyAllowedString. -### func \(\*CertificateRequestPolicyAllowedString\) [DeepCopyInto]() + +### func \(\*CertificateRequestPolicyAllowedString\) [DeepCopyInto]() ```go func (in *CertificateRequestPolicyAllowedString) DeepCopyInto(out *CertificateRequestPolicyAllowedString) @@ -244,7 +255,8 @@ func (in *CertificateRequestPolicyAllowedString) DeepCopyInto(out *CertificateRe DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. -## type [CertificateRequestPolicyAllowedStringSlice]() + +## type [CertificateRequestPolicyAllowedStringSlice]() CertificateRequestPolicyAllowedStringSlice represents allowed string values and/or validations paired with whether the field is a required value on the request. If neither allowed values nor validations are specified, the related field must be empty. @@ -277,7 +289,8 @@ type CertificateRequestPolicyAllowedStringSlice struct { } ``` -### func \(\*CertificateRequestPolicyAllowedStringSlice\) [DeepCopy]() + +### func \(\*CertificateRequestPolicyAllowedStringSlice\) [DeepCopy]() ```go func (in *CertificateRequestPolicyAllowedStringSlice) DeepCopy() *CertificateRequestPolicyAllowedStringSlice @@ -285,7 +298,8 @@ func (in *CertificateRequestPolicyAllowedStringSlice) DeepCopy() *CertificateReq DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestPolicyAllowedStringSlice. -### func \(\*CertificateRequestPolicyAllowedStringSlice\) [DeepCopyInto]() + +### func \(\*CertificateRequestPolicyAllowedStringSlice\) [DeepCopyInto]() ```go func (in *CertificateRequestPolicyAllowedStringSlice) DeepCopyInto(out *CertificateRequestPolicyAllowedStringSlice) @@ -293,7 +307,8 @@ func (in *CertificateRequestPolicyAllowedStringSlice) DeepCopyInto(out *Certific DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. -## type [CertificateRequestPolicyAllowedX509Subject]() + +## type [CertificateRequestPolicyAllowedX509Subject]() CertificateRequestPolicyAllowedX509Subject declares allowed X.509 Subject attributes for a CertificateRequest. A CertificateRequest can request a subset of the allowed X.509 Subject attributes. @@ -337,7 +352,8 @@ type CertificateRequestPolicyAllowedX509Subject struct { } ``` -### func \(\*CertificateRequestPolicyAllowedX509Subject\) [DeepCopy]() + +### func \(\*CertificateRequestPolicyAllowedX509Subject\) [DeepCopy]() ```go func (in *CertificateRequestPolicyAllowedX509Subject) DeepCopy() *CertificateRequestPolicyAllowedX509Subject @@ -345,7 +361,8 @@ func (in *CertificateRequestPolicyAllowedX509Subject) DeepCopy() *CertificateReq DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestPolicyAllowedX509Subject. -### func \(\*CertificateRequestPolicyAllowedX509Subject\) [DeepCopyInto]() + +### func \(\*CertificateRequestPolicyAllowedX509Subject\) [DeepCopyInto]() ```go func (in *CertificateRequestPolicyAllowedX509Subject) DeepCopyInto(out *CertificateRequestPolicyAllowedX509Subject) @@ -353,7 +370,8 @@ func (in *CertificateRequestPolicyAllowedX509Subject) DeepCopyInto(out *Certific DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. -## type [CertificateRequestPolicyCondition]() + +## type [CertificateRequestPolicyCondition]() CertificateRequestPolicyCondition contains condition information for a CertificateRequestPolicyStatus. @@ -390,7 +408,8 @@ type CertificateRequestPolicyCondition struct { } ``` -### func \(\*CertificateRequestPolicyCondition\) [DeepCopy]() + +### func \(\*CertificateRequestPolicyCondition\) [DeepCopy]() ```go func (in *CertificateRequestPolicyCondition) DeepCopy() *CertificateRequestPolicyCondition @@ -398,7 +417,8 @@ func (in *CertificateRequestPolicyCondition) DeepCopy() *CertificateRequestPolic DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestPolicyCondition. -### func \(\*CertificateRequestPolicyCondition\) [DeepCopyInto]() + +### func \(\*CertificateRequestPolicyCondition\) [DeepCopyInto]() ```go func (in *CertificateRequestPolicyCondition) DeepCopyInto(out *CertificateRequestPolicyCondition) @@ -406,7 +426,8 @@ func (in *CertificateRequestPolicyCondition) DeepCopyInto(out *CertificateReques DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. -## type [CertificateRequestPolicyConditionType]() + +## type [CertificateRequestPolicyConditionType]() CertificateRequestPolicyConditionType represents a CertificateRequestPolicy condition value. @@ -414,6 +435,8 @@ CertificateRequestPolicyConditionType represents a CertificateRequestPolicy cond type CertificateRequestPolicyConditionType string ``` + + ```go const ( // CertificateRequestPolicyConditionReady indicates that the @@ -425,7 +448,8 @@ const ( ) ``` -## type [CertificateRequestPolicyConstraints]() + +## type [CertificateRequestPolicyConstraints]() CertificateRequestPolicyConstraints define fields that \_must\_ be satisfied by the CertificateRequest for the request to be allowed by this policy. Omitted fields will be satisfied by any value in the corresponding attribute of the request. @@ -456,7 +480,8 @@ type CertificateRequestPolicyConstraints struct { } ``` -### func \(\*CertificateRequestPolicyConstraints\) [DeepCopy]() + +### func \(\*CertificateRequestPolicyConstraints\) [DeepCopy]() ```go func (in *CertificateRequestPolicyConstraints) DeepCopy() *CertificateRequestPolicyConstraints @@ -464,7 +489,8 @@ func (in *CertificateRequestPolicyConstraints) DeepCopy() *CertificateRequestPol DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestPolicyConstraints. -### func \(\*CertificateRequestPolicyConstraints\) [DeepCopyInto]() + +### func \(\*CertificateRequestPolicyConstraints\) [DeepCopyInto]() ```go func (in *CertificateRequestPolicyConstraints) DeepCopyInto(out *CertificateRequestPolicyConstraints) @@ -472,7 +498,8 @@ func (in *CertificateRequestPolicyConstraints) DeepCopyInto(out *CertificateRequ DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. -## type [CertificateRequestPolicyConstraintsPrivateKey]() + +## type [CertificateRequestPolicyConstraintsPrivateKey]() CertificateRequestPolicyConstraintsPrivateKey defines constraints on the shape of private key allowed for a CertificateRequest. @@ -500,7 +527,8 @@ type CertificateRequestPolicyConstraintsPrivateKey struct { } ``` -### func \(\*CertificateRequestPolicyConstraintsPrivateKey\) [DeepCopy]() + +### func \(\*CertificateRequestPolicyConstraintsPrivateKey\) [DeepCopy]() ```go func (in *CertificateRequestPolicyConstraintsPrivateKey) DeepCopy() *CertificateRequestPolicyConstraintsPrivateKey @@ -508,7 +536,8 @@ func (in *CertificateRequestPolicyConstraintsPrivateKey) DeepCopy() *Certificate DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestPolicyConstraintsPrivateKey. -### func \(\*CertificateRequestPolicyConstraintsPrivateKey\) [DeepCopyInto]() + +### func \(\*CertificateRequestPolicyConstraintsPrivateKey\) [DeepCopyInto]() ```go func (in *CertificateRequestPolicyConstraintsPrivateKey) DeepCopyInto(out *CertificateRequestPolicyConstraintsPrivateKey) @@ -516,7 +545,8 @@ func (in *CertificateRequestPolicyConstraintsPrivateKey) DeepCopyInto(out *Certi DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. -## type [CertificateRequestPolicyList]() + +## type [CertificateRequestPolicyList]() \+k8s:deepcopy\-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object CertificateRequestPolicyList is a list of CertificateRequestPolicies. @@ -528,7 +558,8 @@ type CertificateRequestPolicyList struct { } ``` -### func \(\*CertificateRequestPolicyList\) [DeepCopy]() + +### func \(\*CertificateRequestPolicyList\) [DeepCopy]() ```go func (in *CertificateRequestPolicyList) DeepCopy() *CertificateRequestPolicyList @@ -536,7 +567,8 @@ func (in *CertificateRequestPolicyList) DeepCopy() *CertificateRequestPolicyList DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestPolicyList. -### func \(\*CertificateRequestPolicyList\) [DeepCopyInto]() + +### func \(\*CertificateRequestPolicyList\) [DeepCopyInto]() ```go func (in *CertificateRequestPolicyList) DeepCopyInto(out *CertificateRequestPolicyList) @@ -544,7 +576,8 @@ func (in *CertificateRequestPolicyList) DeepCopyInto(out *CertificateRequestPoli DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. -### func \(\*CertificateRequestPolicyList\) [DeepCopyObject]() + +### func \(\*CertificateRequestPolicyList\) [DeepCopyObject]() ```go func (in *CertificateRequestPolicyList) DeepCopyObject() runtime.Object @@ -552,7 +585,8 @@ func (in *CertificateRequestPolicyList) DeepCopyObject() runtime.Object DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -## type [CertificateRequestPolicyPluginData]() + +## type [CertificateRequestPolicyPluginData]() CertificateRequestPolicyPluginData is configuration needed by the plugin approver to evaluate a CertificateRequest on this policy. @@ -566,7 +600,8 @@ type CertificateRequestPolicyPluginData struct { } ``` -### func \(\*CertificateRequestPolicyPluginData\) [DeepCopy]() + +### func \(\*CertificateRequestPolicyPluginData\) [DeepCopy]() ```go func (in *CertificateRequestPolicyPluginData) DeepCopy() *CertificateRequestPolicyPluginData @@ -574,7 +609,8 @@ func (in *CertificateRequestPolicyPluginData) DeepCopy() *CertificateRequestPoli DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestPolicyPluginData. -### func \(\*CertificateRequestPolicyPluginData\) [DeepCopyInto]() + +### func \(\*CertificateRequestPolicyPluginData\) [DeepCopyInto]() ```go func (in *CertificateRequestPolicyPluginData) DeepCopyInto(out *CertificateRequestPolicyPluginData) @@ -582,7 +618,8 @@ func (in *CertificateRequestPolicyPluginData) DeepCopyInto(out *CertificateReque DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. -## type [CertificateRequestPolicySelector]() + +## type [CertificateRequestPolicySelector]() CertificateRequestPolicySelector is used for selecting over which CertificateRequests this CertificateRequestPolicy is appropriate for, and if so, will be used to evaluate the request. All selectors that have been configured must match a CertificateRequest in order for the CertificateRequestPolicy to be chosen for evaluation. At least one of IssuerRef or Namespace must be defined. @@ -610,7 +647,8 @@ type CertificateRequestPolicySelector struct { } ``` -### func \(\*CertificateRequestPolicySelector\) [DeepCopy]() + +### func \(\*CertificateRequestPolicySelector\) [DeepCopy]() ```go func (in *CertificateRequestPolicySelector) DeepCopy() *CertificateRequestPolicySelector @@ -618,7 +656,8 @@ func (in *CertificateRequestPolicySelector) DeepCopy() *CertificateRequestPolicy DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestPolicySelector. -### func \(\*CertificateRequestPolicySelector\) [DeepCopyInto]() + +### func \(\*CertificateRequestPolicySelector\) [DeepCopyInto]() ```go func (in *CertificateRequestPolicySelector) DeepCopyInto(out *CertificateRequestPolicySelector) @@ -626,7 +665,8 @@ func (in *CertificateRequestPolicySelector) DeepCopyInto(out *CertificateRequest DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. -## type [CertificateRequestPolicySelectorIssuerRef]() + +## type [CertificateRequestPolicySelectorIssuerRef]() CertificateRequestPolicySelectorIssuerRef defines the selector for matching the issuer reference of requests. @@ -655,7 +695,8 @@ type CertificateRequestPolicySelectorIssuerRef struct { } ``` -### func \(\*CertificateRequestPolicySelectorIssuerRef\) [DeepCopy]() + +### func \(\*CertificateRequestPolicySelectorIssuerRef\) [DeepCopy]() ```go func (in *CertificateRequestPolicySelectorIssuerRef) DeepCopy() *CertificateRequestPolicySelectorIssuerRef @@ -663,7 +704,8 @@ func (in *CertificateRequestPolicySelectorIssuerRef) DeepCopy() *CertificateRequ DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestPolicySelectorIssuerRef. -### func \(\*CertificateRequestPolicySelectorIssuerRef\) [DeepCopyInto]() + +### func \(\*CertificateRequestPolicySelectorIssuerRef\) [DeepCopyInto]() ```go func (in *CertificateRequestPolicySelectorIssuerRef) DeepCopyInto(out *CertificateRequestPolicySelectorIssuerRef) @@ -671,7 +713,8 @@ func (in *CertificateRequestPolicySelectorIssuerRef) DeepCopyInto(out *Certifica DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. -## type [CertificateRequestPolicySelectorNamespace]() + +## type [CertificateRequestPolicySelectorNamespace]() CertificateRequestPolicySelectorNamespace defines the selector for matching the namespace of requests. Note that all selectors must match in order for the request to be considered for evaluation by this policy. @@ -692,7 +735,8 @@ type CertificateRequestPolicySelectorNamespace struct { } ``` -### func \(\*CertificateRequestPolicySelectorNamespace\) [DeepCopy]() + +### func \(\*CertificateRequestPolicySelectorNamespace\) [DeepCopy]() ```go func (in *CertificateRequestPolicySelectorNamespace) DeepCopy() *CertificateRequestPolicySelectorNamespace @@ -700,7 +744,8 @@ func (in *CertificateRequestPolicySelectorNamespace) DeepCopy() *CertificateRequ DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestPolicySelectorNamespace. -### func \(\*CertificateRequestPolicySelectorNamespace\) [DeepCopyInto]() + +### func \(\*CertificateRequestPolicySelectorNamespace\) [DeepCopyInto]() ```go func (in *CertificateRequestPolicySelectorNamespace) DeepCopyInto(out *CertificateRequestPolicySelectorNamespace) @@ -708,7 +753,8 @@ func (in *CertificateRequestPolicySelectorNamespace) DeepCopyInto(out *Certifica DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. -## type [CertificateRequestPolicySpec]() + +## type [CertificateRequestPolicySpec]() CertificateRequestPolicySpec defines the desired state of CertificateRequestPolicy. @@ -746,7 +792,8 @@ type CertificateRequestPolicySpec struct { } ``` -### func \(\*CertificateRequestPolicySpec\) [DeepCopy]() + +### func \(\*CertificateRequestPolicySpec\) [DeepCopy]() ```go func (in *CertificateRequestPolicySpec) DeepCopy() *CertificateRequestPolicySpec @@ -754,7 +801,8 @@ func (in *CertificateRequestPolicySpec) DeepCopy() *CertificateRequestPolicySpec DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestPolicySpec. -### func \(\*CertificateRequestPolicySpec\) [DeepCopyInto]() + +### func \(\*CertificateRequestPolicySpec\) [DeepCopyInto]() ```go func (in *CertificateRequestPolicySpec) DeepCopyInto(out *CertificateRequestPolicySpec) @@ -762,7 +810,8 @@ func (in *CertificateRequestPolicySpec) DeepCopyInto(out *CertificateRequestPoli DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. -## type [CertificateRequestPolicyStatus]() + +## type [CertificateRequestPolicyStatus]() CertificateRequestPolicyStatus defines the observed state of the CertificateRequestPolicy. @@ -778,7 +827,8 @@ type CertificateRequestPolicyStatus struct { } ``` -### func \(\*CertificateRequestPolicyStatus\) [DeepCopy]() + +### func \(\*CertificateRequestPolicyStatus\) [DeepCopy]() ```go func (in *CertificateRequestPolicyStatus) DeepCopy() *CertificateRequestPolicyStatus @@ -786,7 +836,8 @@ func (in *CertificateRequestPolicyStatus) DeepCopy() *CertificateRequestPolicySt DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateRequestPolicyStatus. -### func \(\*CertificateRequestPolicyStatus\) [DeepCopyInto]() + +### func \(\*CertificateRequestPolicyStatus\) [DeepCopyInto]() ```go func (in *CertificateRequestPolicyStatus) DeepCopyInto(out *CertificateRequestPolicyStatus) @@ -794,51 +845,4 @@ func (in *CertificateRequestPolicyStatus) DeepCopyInto(out *CertificateRequestPo DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. -## type [ValidationRule]() - -ValidationRule describes a validation rule expressed in CEL. - -```go -type ValidationRule struct { - // Rule represents the expression which will be evaluated by CEL. - // ref: https://github.com/google/cel-spec - // The Rule is scoped to the location of the validations in the schema. - // The `self` variable in the CEL expression is bound to the scoped value. - // To enable more advanced validation rules, approver-policy provides the - // `cr` (map) variable to the CEL expression containing `namespace` and - // `name` of the `CertificateRequest` resource. - // - // Examples: - // - Rule for namespaced DNSNames: - // {"rule": "self.endsWith(cr.namespace + '.svc.cluster.local'"} - Rule string `json:"rule"` - - // Message is the message to display when validation fails. - // Message is required if the Rule contains line breaks. Note that Message - // must not contain line breaks. - // If unset, a fallback message is used: "failed rule: {Rule}". - // e.g. "must be a URL with the host matching spec.host" - // +optional - Message *string `json:"message,omitempty"` -} -``` - -### func \(\*ValidationRule\) [DeepCopy]() - -```go -func (in *ValidationRule) DeepCopy() *ValidationRule -``` - -DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidationRule. - -### func \(\*ValidationRule\) [DeepCopyInto]() - -```go -func (in *ValidationRule) DeepCopyInto(out *ValidationRule) -``` - -DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. - - - Generated by [gomarkdoc]() diff --git a/go.mod b/go.mod index cc5dc11f..b679f8ca 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/cert-manager/approver-policy -go 1.20 +go 1.21.1 require ( github.com/cert-manager/cert-manager v1.13.2 diff --git a/go.sum b/go.sum index dff70909..2b342e9f 100644 --- a/go.sum +++ b/go.sum @@ -125,6 +125,7 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -166,6 +167,7 @@ github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGy github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= @@ -214,6 +216,7 @@ go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= +go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= diff --git a/hack/boilerplate/boilerplate.py b/hack/boilerplate/boilerplate.py deleted file mode 100755 index bb2b4b8b..00000000 --- a/hack/boilerplate/boilerplate.py +++ /dev/null @@ -1,216 +0,0 @@ -#!/usr/bin/env python3 - -# Copyright 2015 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from __future__ import print_function - -import argparse -import difflib -import glob -import os -import re -import sys - -parser = argparse.ArgumentParser() -parser.add_argument( - "filenames", - help="list of files to check, all files if unspecified", - nargs='*') - -rootdir = os.path.dirname(__file__) + "/../../" -rootdir = os.path.abspath(rootdir) -parser.add_argument( - "--rootdir", default=rootdir, help="root directory to examine") - -default_boilerplate_dir = os.path.join(rootdir, "hack/boilerplate") -parser.add_argument("--boilerplate-dir", default=default_boilerplate_dir) - -parser.add_argument( - "-v", - "--verbose", - help="give verbose output regarding why a file does not pass", - action="store_true") - -args = parser.parse_args() - -verbose_out = sys.stderr if args.verbose else open("/dev/null", "w") - - -def get_refs(): - refs = {} - - for path in glob.glob( - os.path.join(args.boilerplate_dir, "boilerplate.*.txt")): - extension = os.path.basename(path).split(".")[1] - - ref_file = open(path, 'r') - ref = ref_file.read().splitlines() - ref_file.close() - refs[extension] = ref - - return refs - - -def file_passes(filename, refs, regexs): - try: - f = open(filename, 'r') - except Exception as exc: - print("Unable to open %s: %s" % (filename, exc), file=verbose_out) - return False - - data = f.read() - f.close() - - basename = os.path.basename(filename) - extension = file_extension(filename) - if extension != "": - ref = refs[extension] - else: - ref = refs[basename] - - # remove build tags from the top of Go files - if extension == "go": - p = regexs["go_build_constraints"] - (data, found) = p.subn("", data, 1) - - # remove shebang from the top of shell files - if extension == "sh": - p = regexs["shebang"] - (data, found) = p.subn("", data, 1) - - data = data.splitlines() - - # if our test file is smaller than the reference it surely fails! - if len(ref) > len(data): - print( - 'File %s smaller than reference (%d < %d)' % (filename, len(data), - len(ref)), - file=verbose_out) - return False - - # trim our file to the same number of lines as the reference file - data = data[:len(ref)] - - p = regexs["year"] - for d in data: - if p.search(d): - print('File %s is missing the year' % filename, file=verbose_out) - return False - - # Replace all occurrences of the regex "2014|2015|2016|2017|2018|2019|2020|2021|2022|2023" with "YEAR" - p = regexs["date"] - for i, d in enumerate(data): - (data[i], found) = p.subn('YEAR', d) - if found != 0: - break - - # if we don't match the reference at this point, fail - if ref != data: - print( - "Header in %s does not match reference, diff:" % filename, - file=verbose_out) - if args.verbose: - print(file=verbose_out) - for line in difflib.unified_diff( - ref, data, 'reference', filename, lineterm=''): - print(line, file=verbose_out) - print(file=verbose_out) - return False - - return True - - -def file_extension(filename): - return os.path.splitext(filename)[1].split(".")[-1].lower() - - -skipped_dirs = [ - '.git', - "docs/venv", - "hack", - "bin", -] - - -def normalize_files(files): - newfiles = [] - for pathname in files: - if any(x in pathname for x in skipped_dirs): - continue - newfiles.append(pathname) - for i, pathname in enumerate(newfiles): - if not os.path.isabs(pathname): - newfiles[i] = os.path.join(args.rootdir, pathname) - return newfiles - - -def get_files(extensions): - files = [] - if len(args.filenames) > 0: - files = args.filenames - else: - for root, dirs, walkfiles in os.walk(args.rootdir): - # don't visit certain dirs. This is just a performance improvement - # as we would prune these later in normalize_files(). But doing it - # cuts down the amount of filesystem walking we do and cuts down - # the size of the file list - for d in skipped_dirs: - if d in dirs: - dirs.remove(d) - - for name in walkfiles: - pathname = os.path.join(root, name) - files.append(pathname) - - files = normalize_files(files) - outfiles = [] - for pathname in files: - basename = os.path.basename(pathname) - extension = file_extension(pathname) - if extension in extensions or basename in extensions: - outfiles.append(pathname) - return outfiles - - -def get_regexs(): - regexs = {} - # Search for "YEAR" which exists in the boilerplate, but shouldn't in the real thing - regexs["year"] = re.compile('YEAR') - # dates can be 2014, 2015, 2016, or 2017; company holder names can be anything - regexs["date"] = re.compile('(2014|2015|2016|2017|2018|2019|2020|2021|2022|2023)') - # strip the following build constraints/tags: - # //go:build - # // +build \n\n - regexs["go_build_constraints"] = re.compile( - r"^(//(go:build| \+build).*\n)+\n", re.MULTILINE) - # strip #!.* from shell scripts - regexs["shebang"] = re.compile(r"^(#!.*\n)\n*", re.MULTILINE) - return regexs - - -def main(): - regexs = get_regexs() - refs = get_refs() - filenames = get_files(refs.keys()) - - for filename in filenames: - if not file_passes(filename, refs, regexs): - print(filename, file=sys.stdout) - - return 0 - - -if __name__ == "__main__": - sys.exit(main()) diff --git a/hack/boilerplate/boilerplate_test.py b/hack/boilerplate/boilerplate_test.py deleted file mode 100644 index b8d5b8e9..00000000 --- a/hack/boilerplate/boilerplate_test.py +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/env python - -# Copyright 2016 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import boilerplate -import unittest -import StringIO -import os -import sys - -class TestBoilerplate(unittest.TestCase): - """ - Note: run this test from the hack/boilerplate directory. - - $ python -m unittest boilerplate_test - """ - - def test_boilerplate(self): - os.chdir("test/") - - class Args(object): - def __init__(self): - self.filenames = [] - self.rootdir = "." - self.boilerplate_dir = "../" - self.verbose = True - - # capture stdout - old_stdout = sys.stdout - sys.stdout = StringIO.StringIO() - - boilerplate.args = Args() - ret = boilerplate.main() - - output = sorted(sys.stdout.getvalue().split()) - - sys.stdout = old_stdout - - self.assertEquals( - output, ['././fail.go', '././fail.py']) diff --git a/hack/ci/create-cluster.sh b/hack/ci/create-cluster.sh deleted file mode 100755 index 9174997f..00000000 --- a/hack/ci/create-cluster.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/usr/bin/env bash - -set -o errexit - -REPO_ROOT="${REPO_ROOT:-$(dirname "${BASH_SOURCE}")/../..}" -KUBECTL_BIN="${KUBECTL_BIN:-$REPO_ROOT/_bin/kubectl}" -HELM_BIN="${HELM_BIN:-$REPO_ROOT/_bin/helm}" -KIND_BIN="${KIND_BIN:-$REPO_ROOT/_bin/kind}" -POLICY_APPROVER_TAG="${POLICY_APPROVER_TAG:-smoke}" -POLICY_APPROVER_REPO="${POLICY_APPROVER_REPO:-quay.io/jetstack/cert-manager-approver-policy}" -POLICY_APPROVER_IMAGE="$POLICY_APPROVER_REPO:$POLICY_APPROVER_TAG" - -echo ">> building approver-policy binary..." -GOARCH=$(go env GOARCH) GOOS=linux CGO_ENABLED=0 go build -o $REPO_ROOT/_bin/approver-policy-linux $REPO_ROOT/cmd/. - -echo ">> building docker image..." -docker build -t $POLICY_APPROVER_IMAGE . - -echo ">> pre-creating 'kind' docker network to avoid networking issues in CI" -# When running in our CI environment the Docker network's subnet choice will cause issues with routing -# This works around this till we have a way to properly patch this. -docker network create --driver=bridge --subnet=192.168.0.0/16 --gateway 192.168.0.1 kind || true -# Sleep for 2s to avoid any races between docker's network subcommand and 'kind create' -sleep 2 - -echo ">> creating kind cluster..." -$KIND_BIN delete cluster --name approver-policy -$KIND_BIN create cluster --name approver-policy - -echo ">> loading docker image..." -$KIND_BIN load docker-image $POLICY_APPROVER_IMAGE --name approver-policy - -echo ">> installing cert-manager..." -$HELM_BIN repo add jetstack https://charts.jetstack.io --force-update -$HELM_BIN upgrade -i -n cert-manager cert-manager jetstack/cert-manager --set installCRDs=true --wait --create-namespace --set extraArgs={--controllers='*\,-certificaterequests-approver'} --set global.logLevel=2 - -echo ">> installing approver-policy..." -$HELM_BIN upgrade -i -n cert-manager cert-manager-approver-policy ./deploy/charts/approver-policy --wait --set app.logLevel=2 --set image.repository=$POLICY_APPROVER_REPO --set image.tag=$POLICY_APPROVER_TAG diff --git a/hack/ci/delete-cluster.sh b/hack/ci/delete-cluster.sh deleted file mode 100755 index 8c8dab2d..00000000 --- a/hack/ci/delete-cluster.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash - -set -o errexit - -REPO_ROOT="${REPO_ROOT:-$(dirname "${BASH_SOURCE}")/../..}" -KIND_BIN="${KIND_BIN:-$REPO_ROOT/_bin/kind}" - -echo ">> exporting kind cluster logs..." -$KIND_BIN export logs --name approver-policy _artifacts - -echo ">> deleting kind cluster..." -$KIND_BIN delete cluster --name approver-policy diff --git a/hack/ci/run-smoke-test.sh b/hack/ci/run-smoke-test.sh deleted file mode 100755 index 18211b14..00000000 --- a/hack/ci/run-smoke-test.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env bash - -set -o errexit - -REPO_ROOT="${REPO_ROOT:-$(dirname "${BASH_SOURCE}")/../..}" -BINDIR="${BINDIR:-$(pwd)/_bin}" - -echo ">> running smoke tests" -${BINDIR}/kind get kubeconfig --name approver-policy > ${BINDIR}/kubeconfig.yaml -${BINDIR}/ginkgo $REPO_ROOT/test/smoke/ -- --kubeconfig-path ${BINDIR}/kubeconfig.yaml diff --git a/hack/helm/sample-chart-values.yaml b/hack/helm/sample-chart-values.yaml deleted file mode 100644 index 37263e0f..00000000 --- a/hack/helm/sample-chart-values.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# An example values file, which will be used when linting the Helm chart, to -# verify that the templates can be rendered. -# See make verify-helm-lint -# -# Volumes and volume mounts can be overridden -volumeMounts: - - name: ca-cert-example-volume - mountPath: "/etc/ssl/certs/ca-cert-example-ca.crt" - subPath: ca.crt - readOnly: true -volumes: - - name: ca-cert-example-volume - configMap: - name: ca-cert-example - optional: false diff --git a/hack/tools/go.mod b/hack/tools/go.mod deleted file mode 100644 index 91b8d96f..00000000 --- a/hack/tools/go.mod +++ /dev/null @@ -1,123 +0,0 @@ -module github.com/cert-manager/approver-policy/hack/tools - -go 1.20 - -require ( - github.com/norwoodj/helm-docs v1.11.0 - github.com/onsi/ginkgo/v2 v2.9.5 - github.com/princjef/gomarkdoc v0.4.1 - google.golang.org/protobuf v1.31.0 - k8s.io/code-generator v0.28.3 - sigs.k8s.io/controller-tools v0.13.0 - sigs.k8s.io/kind v0.20.0 - sigs.k8s.io/kustomize/kustomize/v5 v5.2.1 -) - -require ( - github.com/BurntSushi/toml v1.3.2 // indirect - github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Masterminds/semver/v3 v3.2.1 // indirect - github.com/Masterminds/sprig/v3 v3.2.3 // indirect - github.com/Microsoft/go-winio v0.6.1 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230426101702-58e86b294756 // indirect - github.com/VividCortex/ewma v1.2.0 // indirect - github.com/acomagu/bufpipe v1.0.4 // indirect - github.com/alessio/shellescape v1.4.2 // indirect - github.com/cheggaaa/pb/v3 v3.1.2 // indirect - github.com/cloudflare/circl v1.3.3 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect - github.com/emirpasic/gods v1.18.1 // indirect - github.com/evanphx/json-patch/v5 v5.7.0 // indirect - github.com/fatih/color v1.15.0 // indirect - github.com/fsnotify/fsnotify v1.6.0 // indirect - github.com/go-errors/errors v1.5.1 // indirect - github.com/go-git/gcfg v1.5.0 // indirect - github.com/go-git/go-billy/v5 v5.4.1 // indirect - github.com/go-git/go-git/v5 v5.6.1 // indirect - github.com/go-logr/logr v1.2.4 // indirect - github.com/go-openapi/jsonpointer v0.20.0 // indirect - github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/swag v0.22.4 // indirect - github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect - github.com/gobuffalo/flect v1.0.2 // indirect - github.com/gobwas/glob v0.2.3 // indirect - github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/protobuf v1.5.3 // indirect - github.com/google/gnostic-models v0.6.8 // indirect - github.com/google/go-cmp v0.6.0 // indirect - github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20230510103437-eeec1cb781c3 // indirect - github.com/google/safetext v0.0.0-20230106111101-7156a760e523 // indirect - github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect - github.com/google/uuid v1.3.0 // indirect - github.com/hashicorp/hcl v1.0.0 // indirect - github.com/huandu/xstrings v1.4.0 // indirect - github.com/imdario/mergo v0.3.16 // indirect - github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect - github.com/josharian/intern v1.0.0 // indirect - github.com/json-iterator/go v1.1.12 // indirect - github.com/kevinburke/ssh_config v1.2.0 // indirect - github.com/magiconair/properties v1.8.7 // indirect - github.com/mailru/easyjson v0.7.7 // indirect - github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mattn/go-runewidth v0.0.14 // indirect - github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect - github.com/mitchellh/copystructure v1.2.0 // indirect - github.com/mitchellh/mapstructure v1.5.0 // indirect - github.com/mitchellh/reflectwalk v1.0.2 // indirect - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect - github.com/pelletier/go-toml v1.9.5 // indirect - github.com/pelletier/go-toml/v2 v2.0.7 // indirect - github.com/pjbgf/sha1cd v0.3.0 // indirect - github.com/pkg/errors v0.9.1 // indirect - github.com/princjef/mageutil v1.0.0 // indirect - github.com/rivo/uniseg v0.4.4 // indirect - github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/sergi/go-diff v1.3.1 // indirect - github.com/shopspring/decimal v1.3.1 // indirect - github.com/sirupsen/logrus v1.9.0 // indirect - github.com/skeema/knownhosts v1.1.1 // indirect - github.com/spf13/afero v1.9.5 // indirect - github.com/spf13/cast v1.5.1 // indirect - github.com/spf13/cobra v1.7.0 // indirect - github.com/spf13/jwalterweatherman v1.1.0 // indirect - github.com/spf13/pflag v1.0.5 // indirect - github.com/spf13/viper v1.15.0 // indirect - github.com/subosito/gotenv v1.4.2 // indirect - github.com/x-cray/logrus-prefixed-formatter v0.5.2 // indirect - github.com/xanzy/ssh-agent v0.3.3 // indirect - github.com/xlab/treeprint v1.2.0 // indirect - go.starlark.net v0.0.0-20231016134836-22325403fcb3 // indirect - golang.org/x/crypto v0.14.0 // indirect - golang.org/x/mod v0.13.0 // indirect - golang.org/x/net v0.17.0 // indirect - golang.org/x/sys v0.13.0 // indirect - golang.org/x/term v0.13.0 // indirect - golang.org/x/text v0.13.0 // indirect - golang.org/x/tools v0.14.0 // indirect - gopkg.in/evanphx/json-patch.v5 v5.7.0 // indirect - gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/ini.v1 v1.67.0 // indirect - gopkg.in/warnings.v0 v0.1.2 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.28.0 // indirect - k8s.io/apiextensions-apiserver v0.28.0 // indirect - k8s.io/apimachinery v0.28.0 // indirect - k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect - k8s.io/helm v2.17.0+incompatible // indirect - k8s.io/klog/v2 v2.100.1 // indirect - k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect - k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect - mvdan.cc/xurls/v2 v2.5.0 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.15.0 // indirect - sigs.k8s.io/kustomize/cmd/config v0.12.0 // indirect - sigs.k8s.io/kustomize/kyaml v0.15.0 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect - sigs.k8s.io/yaml v1.3.0 // indirect -) diff --git a/hack/tools/go.sum b/hack/tools/go.sum deleted file mode 100644 index 9100e9e1..00000000 --- a/hack/tools/go.sum +++ /dev/null @@ -1,926 +0,0 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= -github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= -github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= -github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= -github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= -github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= -github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= -github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= -github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= -github.com/ProtonMail/go-crypto v0.0.0-20230426101702-58e86b294756 h1:L6S7kR7SlhQKplIBpkra3s6yhcZV51lhRnXmYc4HohI= -github.com/ProtonMail/go-crypto v0.0.0-20230426101702-58e86b294756/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE= -github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA= -github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow= -github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4= -github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= -github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= -github.com/alessio/shellescape v1.4.2 h1:MHPfaU+ddJ0/bYWpgIeUnQUqKrlJ1S7BfEYPM4uEoM0= -github.com/alessio/shellescape v1.4.2/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= -github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= -github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= -github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= -github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= -github.com/cheggaaa/pb v2.0.7+incompatible/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s= -github.com/cheggaaa/pb/v3 v3.0.4/go.mod h1:7rgWxLrAUcFMkvJuv09+DYi7mMUYi8nO9iOWcvGJPfw= -github.com/cheggaaa/pb/v3 v3.1.2 h1:FIxT3ZjOj9XJl0U4o2XbEhjFfZl7jCVCDOGq1ZAB7wQ= -github.com/cheggaaa/pb/v3 v3.1.2/go.mod h1:SNjnd0yKcW+kw0brSusraeDd5Bf1zBfxAzTL2ss3yQ4= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= -github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= -github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= -github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= -github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= -github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= -github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= -github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc= -github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= -github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= -github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= -github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= -github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= -github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4= -github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk= -github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= -github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= -github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= -github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= -github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4= -github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= -github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ= -github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo= -github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk= -github.com/go-git/go-git/v5 v5.6.1/go.mod h1:mvyoL6Unz0PiTQrGQfSfiLFhBH1c1e84ylC2MDs4ee8= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= -github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ= -github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA= -github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= -github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= -github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= -github.com/gobuffalo/flect v1.0.2 h1:eqjPGSo2WmjgY2XlpGwo2NXgL3RucAKo4k4qQMNA5sA= -github.com/gobuffalo/flect v1.0.2/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= -github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= -github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= -github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= -github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20230510103437-eeec1cb781c3 h1:2XF1Vzq06X+inNqgJ9tRnGuw+ZVCB3FazXODD6JE1R8= -github.com/google/pprof v0.0.0-20230510103437-eeec1cb781c3/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2/go.mod h1:Tv1PlzqC9t8wNnpPdctvtSUOPUUg4SHeE6vR1Ir2hmg= -github.com/google/safetext v0.0.0-20230106111101-7156a760e523 h1:i4NsbmB9pD5+Ggp5GZKyvYY6MkjvPE8CIMlkvXFF8gA= -github.com/google/safetext v0.0.0-20230106111101-7156a760e523/go.mod h1:mJNEy0r5YPHC7ChQffpOszlGB4L1iqjXWpIEKcFpr9s= -github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= -github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= -github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= -github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= -github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= -github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= -github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= -github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= -github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= -github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= -github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= -github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= -github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= -github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= -github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= -github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= -github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= -github.com/matryer/is v1.3.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= -github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE= -github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= -github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= -github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= -github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= -github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= -github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU= -github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI= -github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= -github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= -github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= -github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= -github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= -github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/mmcloughlin/avo v0.5.0/go.mod h1:ChHFdoV7ql95Wi7vuq2YT1bwCJqiWdZrQ1im3VujLYM= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= -github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= -github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/norwoodj/helm-docs v1.11.0 h1:y6pakrWOPTfe1Mpt0UyR4KrDzIV3V7EDTu5NW4a2BS8= -github.com/norwoodj/helm-docs v1.11.0/go.mod h1:rLqec59NO7YF57Rq9VlubQHMp7wcRTJhzpkcgs4lOG4= -github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q= -github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k= -github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= -github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= -github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml/v2 v2.0.7 h1:muncTPStnKRos5dpVKULv2FVd4bMOhNePj9CjgDb8Us= -github.com/pelletier/go-toml/v2 v2.0.7/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek= -github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= -github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/princjef/gomarkdoc v0.4.1 h1:Ubt5OiHYi2PdxrDkWMeWM4ROrbvAGkIXBz3PquxglBM= -github.com/princjef/gomarkdoc v0.4.1/go.mod h1:+o04FW4GNL2vPr/35yxMV/8eXjhsdNBBPMVVDOOTLec= -github.com/princjef/mageutil v1.0.0 h1:1OfZcJUMsooPqieOz2ooLjI+uHUo618pdaJsbCXcFjQ= -github.com/princjef/mageutil v1.0.0/go.mod h1:mkShhaUomCYfAoVvTKRcbAs8YSVPdtezI5j6K+VXhrs= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= -github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= -github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= -github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= -github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= -github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= -github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= -github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= -github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/skeema/knownhosts v1.1.0/go.mod h1:sKFq3RD6/TKZkSWn8boUbDC7Qkgcv+8XXijpFO6roag= -github.com/skeema/knownhosts v1.1.1 h1:MTk78x9FPgDFVFkDLTrsnnfCJl7g1C/nnKvePgrIngE= -github.com/skeema/knownhosts v1.1.1/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= -github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM= -github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= -github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA= -github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48= -github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= -github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= -github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= -github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= -github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= -github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= -github.com/spf13/viper v1.15.0 h1:js3yy885G8xwJa6iOISGFwd+qlUo5AvyXb7CiihdtiU= -github.com/spf13/viper v1.15.0/go.mod h1:fFcTBJxvhhzSJiZy8n+PeW6t8l+KeT/uTARa0jHOQLA= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8= -github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= -github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= -github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= -github.com/x-cray/logrus-prefixed-formatter v0.5.2 h1:00txxvfBM9muc0jiLIEAkAcIMJzfthRT6usrui8uGmg= -github.com/x-cray/logrus-prefixed-formatter v0.5.2/go.mod h1:2duySbKsL6M18s5GU7VPsoEPHyzalCE06qoARUCeBBE= -github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= -github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= -github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= -github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= -github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.starlark.net v0.0.0-20231016134836-22325403fcb3 h1:CKbpFNZNfaNyEWd6C+F1vLZ0WJjukoU45zDErBmRKPs= -go.starlark.net v0.0.0-20231016134836-22325403fcb3/go.mod h1:LcLNIzVOMp4oV+uusnpk+VU+SzXaJakUuBjoCSWH5dM= -go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -golang.org/x/arch v0.1.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= -golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= -golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= -golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220330033206-e17cdc41300f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= -golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= -golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= -google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -gopkg.in/VividCortex/ewma.v1 v1.1.1/go.mod h1:TekXuFipeiHWiAlO1+wSS23vTcyFau5u3rxXUSXj710= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/cheggaaa/pb.v2 v2.0.7/go.mod h1:0CiZ1p8pvtxBlQpLXkHuUTpdJ1shm3OqCF1QugkjHL4= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/evanphx/json-patch.v5 v5.7.0 h1:dGKGylPlZ/jus2g1YqhhyzfH0gPy2R8/MYUpW/OslTY= -gopkg.in/evanphx/json-patch.v5 v5.7.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk= -gopkg.in/fatih/color.v1 v1.7.0/go.mod h1:P7yosIhqIl/sX8J8UypY5M+dDpD2KmyfP5IRs5v/fo0= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= -gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/mattn/go-colorable.v0 v0.1.0/go.mod h1:BVJlBXzARQxdi3nZo6f6bnl5yR20/tOL6p+V0KejgSY= -gopkg.in/mattn/go-isatty.v0 v0.0.4/go.mod h1:wt691ab7g0X4ilKZNmMII3egK0bTxl37fEn/Fwbd8gc= -gopkg.in/mattn/go-runewidth.v0 v0.0.4/go.mod h1:BmXejnxvhwdaATwiJbB1vZ2dtXkQKZGu9yLFCZb4msQ= -gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= -gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= -gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= -gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.28.0 h1:3j3VPWmN9tTDI68NETBWlDiA9qOiGJ7sdKeufehBYsM= -k8s.io/api v0.28.0/go.mod h1:0l8NZJzB0i/etuWnIXcwfIv+xnDOhL3lLW919AWYDuY= -k8s.io/apiextensions-apiserver v0.28.0 h1:CszgmBL8CizEnj4sj7/PtLGey6Na3YgWyGCPONv7E9E= -k8s.io/apiextensions-apiserver v0.28.0/go.mod h1:uRdYiwIuu0SyqJKriKmqEN2jThIJPhVmOWETm8ud1VE= -k8s.io/apimachinery v0.28.0 h1:ScHS2AG16UlYWk63r46oU3D5y54T53cVI5mMJwwqFNA= -k8s.io/apimachinery v0.28.0/go.mod h1:X0xh/chESs2hP9koe+SdIAcXWcQ+RM5hy0ZynB+yEvw= -k8s.io/code-generator v0.28.3 h1:I847QvdpYx7xKiG2KVQeCSyNF/xU9TowaDAg601mvlw= -k8s.io/code-generator v0.28.3/go.mod h1:A2EAHTRYvCvBrb/MM2zZBNipeCk3f8NtpdNIKawC43M= -k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 h1:pWEwq4Asjm4vjW7vcsmijwBhOr1/shsbSYiWXmNGlks= -k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/helm v2.14.3+incompatible/go.mod h1:LZzlS4LQBHfciFOurYBFkCMTaZ0D1l+p0teMg7TSULI= -k8s.io/helm v2.17.0+incompatible h1:Bpn6o1wKLYqKM3+Osh8e+1/K2g/GsQJ4F4yNF2+deao= -k8s.io/helm v2.17.0+incompatible/go.mod h1:LZzlS4LQBHfciFOurYBFkCMTaZ0D1l+p0teMg7TSULI= -k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= -k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU= -k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -mvdan.cc/xurls/v2 v2.5.0 h1:lyBNOm8Wo71UknhUs4QTFUNNMyxy2JEIaKKo0RWOh+8= -mvdan.cc/xurls/v2 v2.5.0/go.mod h1:yQgaGQ1rFtJUzkmKiHYSSfuQxqfYmd//X6PxvholpeE= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-tools v0.13.0 h1:NfrvuZ4bxyolhDBt/rCZhDnx3M2hzlhgo5n3Iv2RykI= -sigs.k8s.io/controller-tools v0.13.0/go.mod h1:5vw3En2NazbejQGCeWKRrE7q4P+CW8/klfVqP8QZkgA= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kind v0.20.0 h1:f0sc3v9mQbGnjBUaqSFST1dwIuiikKVGgoTwpoP33a8= -sigs.k8s.io/kind v0.20.0/go.mod h1:aBlbxg08cauDgZ612shr017/rZwqd7AS563FvpWKPVs= -sigs.k8s.io/kustomize/api v0.15.0 h1:6Ca88kEOBVotHDw+y2IsIMYtg9Pvv7MKpW9JMyF/OH4= -sigs.k8s.io/kustomize/api v0.15.0/go.mod h1:p19kb+E14gN7zcIBR/nhByJDAfUa7N8mp6ZdH/mMXbg= -sigs.k8s.io/kustomize/cmd/config v0.12.0 h1:EXkXg7Bq/wPaEe5sdNbLRI5J6eG+WarKNo5LRD+gCWU= -sigs.k8s.io/kustomize/cmd/config v0.12.0/go.mod h1:Ct/f74OFOVCO4KQ8PVGUXHQDjZO6yqwxhrvL/b/DkBM= -sigs.k8s.io/kustomize/kustomize/v5 v5.2.1 h1:bI0UnT+UJiEEl1BaomL71ESl3w5rJo2Aw6CpqxX4aS4= -sigs.k8s.io/kustomize/kustomize/v5 v5.2.1/go.mod h1:qzRni4VPV6LxTEY5eC5qH3+995Atdi9E46jiwArROik= -sigs.k8s.io/kustomize/kyaml v0.15.0 h1:ynlLMAxDhrY9otSg5GYE2TcIz31XkGZ2Pkj7SdolD84= -sigs.k8s.io/kustomize/kyaml v0.15.0/go.mod h1:+uMkBahdU1KNOj78Uta4rrXH+iH7wvg+nW7+GULvREA= -sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk= -sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= -sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/hack/tools/tools.go b/hack/tools/tools.go deleted file mode 100644 index 129ae2d5..00000000 --- a/hack/tools/tools.go +++ /dev/null @@ -1,18 +0,0 @@ -//go:build tools -// +build tools - -// This file exists to force 'go mod' to fetch tool dependencies -// See: https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module - -package bin - -import ( - _ "github.com/norwoodj/helm-docs/cmd/helm-docs" - _ "github.com/onsi/ginkgo/v2/ginkgo" - _ "github.com/princjef/gomarkdoc/cmd/gomarkdoc" - _ "google.golang.org/protobuf/cmd/protoc-gen-go" - _ "k8s.io/code-generator/cmd/deepcopy-gen" - _ "sigs.k8s.io/controller-tools/cmd/controller-gen" - _ "sigs.k8s.io/kind" - _ "sigs.k8s.io/kustomize/kustomize/v5" -) diff --git a/hack/verify-boilerplate.sh b/hack/verify-boilerplate.sh deleted file mode 100755 index f687b77b..00000000 --- a/hack/verify-boilerplate.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/usr/bin/env bash - -# Copyright 2014 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -o errexit -set -o nounset -set -o pipefail - -KUBE_ROOT=$(dirname "${BASH_SOURCE}")/.. - -boilerDir="${KUBE_ROOT}/hack/boilerplate" -boiler="${boilerDir}/boilerplate.py" - -files_need_boilerplate=($(${boiler} "$@")) - -# Run boilerplate check -if [[ ${#files_need_boilerplate[@]} -gt 0 ]]; then - for file in "${files_need_boilerplate[@]}"; do - echo "Boilerplate header is wrong for: ${file}" - done - - exit 1 -fi diff --git a/klone.json b/klone.json new file mode 100644 index 00000000..f5a3c92e --- /dev/null +++ b/klone.json @@ -0,0 +1,83 @@ +{ + "targets": { + "make/_shared": [ + { + "folder_name": "api-docs", + "repo_url": "https://github.com/inteon/makefile-modules.git", + "repo_ref": "main", + "repo_hash": "a4b8798c835ee774c8277e85cf9a122dd38386f2", + "repo_path": "modules/api-docs" + }, + { + "folder_name": "boilerplate", + "repo_url": "https://github.com/inteon/makefile-modules.git", + "repo_ref": "main", + "repo_hash": "a4b8798c835ee774c8277e85cf9a122dd38386f2", + "repo_path": "modules/boilerplate" + }, + { + "folder_name": "controller-gen", + "repo_url": "https://github.com/inteon/makefile-modules.git", + "repo_ref": "main", + "repo_hash": "a4b8798c835ee774c8277e85cf9a122dd38386f2", + "repo_path": "modules/controller-gen" + }, + { + "folder_name": "generate-verify", + "repo_url": "https://github.com/inteon/makefile-modules.git", + "repo_ref": "main", + "repo_hash": "a4b8798c835ee774c8277e85cf9a122dd38386f2", + "repo_path": "modules/generate-verify" + }, + { + "folder_name": "helm", + "repo_url": "https://github.com/inteon/makefile-modules.git", + "repo_ref": "main", + "repo_hash": "a4b8798c835ee774c8277e85cf9a122dd38386f2", + "repo_path": "modules/helm" + }, + { + "folder_name": "help", + "repo_url": "https://github.com/inteon/makefile-modules.git", + "repo_ref": "main", + "repo_hash": "a4b8798c835ee774c8277e85cf9a122dd38386f2", + "repo_path": "modules/help" + }, + { + "folder_name": "kind", + "repo_url": "https://github.com/inteon/makefile-modules.git", + "repo_ref": "main", + "repo_hash": "a4b8798c835ee774c8277e85cf9a122dd38386f2", + "repo_path": "modules/kind" + }, + { + "folder_name": "klone", + "repo_url": "https://github.com/inteon/makefile-modules.git", + "repo_ref": "main", + "repo_hash": "a4b8798c835ee774c8277e85cf9a122dd38386f2", + "repo_path": "modules/klone" + }, + { + "folder_name": "oci-image", + "repo_url": "https://github.com/inteon/makefile-modules.git", + "repo_ref": "main", + "repo_hash": "a4b8798c835ee774c8277e85cf9a122dd38386f2", + "repo_path": "modules/oci-image" + }, + { + "folder_name": "repository-base", + "repo_url": "https://github.com/inteon/makefile-modules.git", + "repo_ref": "main", + "repo_hash": "a4b8798c835ee774c8277e85cf9a122dd38386f2", + "repo_path": "modules/repository-base" + }, + { + "folder_name": "tools", + "repo_url": "https://github.com/inteon/makefile-modules.git", + "repo_ref": "main", + "repo_hash": "a4b8798c835ee774c8277e85cf9a122dd38386f2", + "repo_path": "modules/tools" + } + ] + } +} diff --git a/make/00_images.mk b/make/00_images.mk new file mode 100644 index 00000000..560e8e40 --- /dev/null +++ b/make/00_images.mk @@ -0,0 +1,28 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +images_amd64 := +images_arm64 := + +images_amd64 += docker.io/kindest/node:v1.27.3@sha256:9dd3392d79af1b084671b05bcf65b21de476256ad1dcc853d9f3b10b4ac52dde +images_amd64 += quay.io/jetstack/cert-manager-controller:v1.12.3@sha256:6b9b696c2e56aaef5bf7e0b659ee91a773d0bb8f72b0eb4914a9db7e87578d47 +images_amd64 += quay.io/jetstack/cert-manager-cainjector:v1.12.3@sha256:31ffa7640020640345a34f3fe6964560665e7ca89d818a6c455e63f5c4f5eb14 +images_amd64 += quay.io/jetstack/cert-manager-webhook:v1.12.3@sha256:292facf28fd4f0db074fed12437669eef9c0ab8c1b9812d2c91e42b4a7448a36 +images_amd64 += quay.io/jetstack/cert-manager-ctl:v1.12.3@sha256:5c985c4ebd8da6592cbe0249936f7513c0527488d754198699b3be9389b8b587 + +images_arm64 += docker.io/kindest/node:v1.27.3@sha256:de0b3dfe848ccf07e24f4278eaf93edb857b6231b39773f46b36a2b1a6543ae9 +images_arm64 += quay.io/jetstack/cert-manager-controller:v1.12.3@sha256:3a218da3db0b05bf487729b07374662b73805a44e6568a2661bba659b22110b2 +images_arm64 += quay.io/jetstack/cert-manager-cainjector:v1.12.3@sha256:118b985b0f0051ee9c428a3736c47bea92c3d8e7cb7c6eda881f7ecd4430cbed +images_arm64 += quay.io/jetstack/cert-manager-webhook:v1.12.3@sha256:0195441dc0f7f81e7514e6497bf68171bc54ef8481efc5fa0efe51892bd28c36 +images_arm64 += quay.io/jetstack/cert-manager-ctl:v1.12.3@sha256:f376994ae17c519b12dd59c406a0abf8c6265c5f0c57431510eee15eaa40e4eb diff --git a/make/00_mod.mk b/make/00_mod.mk new file mode 100644 index 00000000..d3062f12 --- /dev/null +++ b/make/00_mod.mk @@ -0,0 +1,49 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +repo_name := github.com/cert-manager/approver-policy + +kind_cluster_name := approver-policy +kind_cluster_config := $(bin_dir)/scratch/kind_cluster.yaml + +oci_platforms := linux/amd64,linux/arm64 + +build_names := manager + +go_manager_source_path := cmd/main.go +go_manager_ldflags := -X $(repo_name)/pkg/internal/version.AppVersion=$(VERSION) -X $(repo_name)/pkg/internal/version.GitCommit=$(GITCOMMIT) +oci_manager_image_name := github.com/cert-manager/approver-policy +oci_manager_image_tag := $(VERSION) +oci_manager_image_name_development := cert-manager.local/approver-policy + +deploy_name := approver-policy +deploy_namespace := cert-manager + +api_docs_outfile := docs/api/api.md +api_docs_package := $(repo_name)/pkg/apis/policy/v1alpha1 +api_docs_branch := main + +go_header_file := make/boilerplate/boilerplate.go.txt + +helm_chart_source_dir := deploy/charts/approver-policy +helm_chart_name := approver-policy +helm_chart_version := $(VERSION) +define helm_values_mutation_function +$(YQ) \ + '( .image.repository = "$(oci_manager_image_name)" ) | \ + ( .image.tag = "$(oci_manager_image_tag)" )' \ + $1 --inplace +endef + +include make/00_images.mk diff --git a/make/02_mod.mk b/make/02_mod.mk new file mode 100644 index 00000000..a46d479b --- /dev/null +++ b/make/02_mod.mk @@ -0,0 +1,40 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +$(kind_cluster_config): make/config/kind/cluster.yaml | $(bin_dir)/scratch + cat $< | \ + sed -e 's|{{KIND_IMAGES}}|$(CURDIR)/$(images_tar_dir)|g' \ + > $@ + +include make/test-smoke.mk +include make/test-unit.mk + +.PHONY: release +## Publish all release artifacts (image + helm chart) +## @category [shared] Release +release: | $(NEEDS_CRANE) + if $(CRANE) manifest digest $(oci_manager_image_name):$(oci_manager_image_tag) > /dev/null 2>&1; then \ + echo "Image $(oci_manager_image_name):$(oci_manager_image_tag) already exists in registry"; \ + else \ + echo "Image $(oci_manager_image_name):$(oci_manager_image_tag) does not exist in registry"; \ + $(MAKE) oci-push-manager; \ + fi + + @echo "RELEASE_OCI_MANAGER_IMAGE=$(oci_manager_image_name)" >> "$(GITHUB_OUTPUT)" + @echo "RELEASE_OCI_MANAGER_TAG=$(oci_manager_image_tag)" >> "$(GITHUB_OUTPUT)" + @echo "RELEASE_HELM_CHART_NAME=$(helm_chart_name)" >> "$(GITHUB_OUTPUT)" + @echo "RELEASE_HELM_CHART_VERSION=$(helm_chart_version)" >> "$(GITHUB_OUTPUT)" + @echo "RELEASE_HELM_CHART_TAR=$(helm_chart_archive)" >> "$(GITHUB_OUTPUT)" + + @echo "Release complete!" diff --git a/make/_shared/api-docs/01_mod.mk b/make/_shared/api-docs/01_mod.mk new file mode 100644 index 00000000..e395aad1 --- /dev/null +++ b/make/_shared/api-docs/01_mod.mk @@ -0,0 +1,55 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ifndef repo_name +$(error repo_name is not set) +endif + +ifndef api_docs_outfile +$(error api_docs_outfile is not set) +endif + +ifndef api_docs_package +$(error api_docs_package is not set) +endif + +ifndef api_docs_branch +$(error api_docs_branch is not set) +endif + +########################################## + +GOMARKDOC_FLAGS=--format github --repository.url "https://$(repo_name)" --repository.default-branch $(api_docs_branch) --repository.path / + +.PHONY: generate-api-docs +## Generate API docs for the API types. +## @category [shared] Generate/ Verify +generate-api-docs: | $(NEEDS_GOMARKDOC) + $(GOMARKDOC) \ + $(GOMARKDOC_FLAGS) \ + --output $(api_docs_outfile) \ + $(api_docs_package) + +.PHONY: verify-generate-api-docs +## Verify that the API docs are up to date. +## @category [shared] Generate/ Verify +verify-generate-api-docs: | $(NEEDS_GOMARKDOC) + $(GOMARKDOC) \ + --check \ + $(GOMARKDOC_FLAGS) \ + --output $(api_docs_outfile) \ + $(api_docs_package) \ + || (echo "docs are not up to date; run 'make generate' and commit the result" && exit 1) + +shared_generate_targets += generate-api-docs diff --git a/make/_shared/boilerplate/01_mod.mk b/make/_shared/boilerplate/01_mod.mk new file mode 100644 index 00000000..677fdff9 --- /dev/null +++ b/make/_shared/boilerplate/01_mod.mk @@ -0,0 +1,21 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +.PHONY: verify-boilerplate +## Verify that all files have the correct boilerplate. +## @category [shared] Generate/ Verify +verify-boilerplate: | $(NEEDS_BOILERSUITE) + $(BOILERSUITE) . + +shared_verify_targets += verify-boilerplate diff --git a/make/_shared/controller-gen/01_mod.mk b/make/_shared/controller-gen/01_mod.mk new file mode 100644 index 00000000..c586bac9 --- /dev/null +++ b/make/_shared/controller-gen/01_mod.mk @@ -0,0 +1,35 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################ +# Check Inputs # +################ + +shared_generate_targets ?= # empty + +ifndef go_header_file +$(error go_header_file is not set) +endif + +################ +# Add targets # +################ + +.PHONY: generate-deepcopy +## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. +## @category [shared] Generate/ Verify +generate-deepcopy: | $(NEEDS_CONTROLLER-GEN) + $(CONTROLLER-GEN) object:headerFile=$(go_header_file) paths="./..." + +shared_generate_targets += generate-deepcopy diff --git a/hack/boilerplate/boilerplate.py.txt b/make/_shared/generate-verify/01_mod.mk similarity index 81% rename from hack/boilerplate/boilerplate.py.txt rename to make/_shared/generate-verify/01_mod.mk index 0a45273f..f0f10e07 100644 --- a/hack/boilerplate/boilerplate.py.txt +++ b/make/_shared/generate-verify/01_mod.mk @@ -1,4 +1,4 @@ -# Copyright YEAR The cert-manager Authors. +# Copyright 2023 The cert-manager Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,3 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. +extra_generate_targets ?= +extra_verify_targets ?= +extra_verify_targets_dirty ?= diff --git a/make/_shared/generate-verify/02_mod.mk b/make/_shared/generate-verify/02_mod.mk new file mode 100644 index 00000000..c5e2a96e --- /dev/null +++ b/make/_shared/generate-verify/02_mod.mk @@ -0,0 +1,31 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +.PHONY: generate +## Generate all generate targets. +## @category [shared] Generate/ Verify +generate: $(shared_generate_targets) $(extra_generate_targets) + +verify_script := $(dir $(lastword $(MAKEFILE_LIST)))/util/verify.sh + +# Run the supplied make target argument in a temporary workspace and diff the results. +verify-%: FORCE + $(verify_script) $(MAKE) -s $* + +.PHONY: verify +## Verify code and generate targets. +## @category [shared] Generate/ Verify +verify: $(shared_generate_targets:%=verify-%) $(extra_generate_targets:%=verify-%) $(shared_verify_targets) $(extra_verify_targets) + @echo "The following targets create temporary files in the current directory, that is why they have to be run last:" + $(MAKE) noop $(shared_verify_targets_dirty) $(extra_verify_targets_dirty) diff --git a/hack/util/verify.sh b/make/_shared/generate-verify/util/verify.sh similarity index 63% rename from hack/util/verify.sh rename to make/_shared/generate-verify/util/verify.sh index 8a9e3c19..206d3e63 100755 --- a/hack/util/verify.sh +++ b/make/_shared/generate-verify/util/verify.sh @@ -1,5 +1,19 @@ #!/usr/bin/env bash + +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + # Verify that the supplied command does not make any changes to the repository. # # This is called from the Makefile to verify that all code generation scripts @@ -17,7 +31,7 @@ set -o errexit set -o nounset set -o pipefail -projectdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../.." && pwd )" +projectdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../../../.." && pwd )" cd "${projectdir}" @@ -40,7 +54,6 @@ popd >/dev/null if ! diff \ --exclude=".git" \ --exclude="_bin" \ - --exclude="helm_jsonschema" \ --new-file --unified --show-c-function --recursive "${projectdir}" "${tmp}" then echo diff --git a/hack/boilerplate/boilerplate.Dockerfile.txt b/make/_shared/helm/01_mod.mk similarity index 73% rename from hack/boilerplate/boilerplate.Dockerfile.txt rename to make/_shared/helm/01_mod.mk index 0a45273f..8b365a0c 100644 --- a/hack/boilerplate/boilerplate.Dockerfile.txt +++ b/make/_shared/helm/01_mod.mk @@ -1,4 +1,4 @@ -# Copyright YEAR The cert-manager Authors. +# Copyright 2023 The cert-manager Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,3 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. +include $(dir $(lastword $(MAKEFILE_LIST)))/crds.mk +include $(dir $(lastword $(MAKEFILE_LIST)))/helm.mk +include $(dir $(lastword $(MAKEFILE_LIST)))/deploy.mk diff --git a/make/_shared/helm/crds.mk b/make/_shared/helm/crds.mk new file mode 100644 index 00000000..c085f632 --- /dev/null +++ b/make/_shared/helm/crds.mk @@ -0,0 +1,47 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################ +# Check Inputs # +################ + +shared_generate_targets ?= # empty + +ifndef helm_chart_source_dir +$(error helm_chart_source_dir is not set) +endif + +################ +# Add targets # +################ + +.PHONY: generate-crds +## Generate CRD manifests. +## @category [shared] Generate/ Verify +generate-crds: | $(NEEDS_CONTROLLER-GEN) $(bin_dir)/scratch + $(eval crds_gen_temp := $(bin_dir)/scratch/crds) + + $(CONTROLLER-GEN) crd \ + paths="./..." \ + output:crd:artifacts:config=$(crds_gen_temp) + + echo "Updating CRDs with helm templating, writing to $(helm_chart_source_dir)/templates" + + for i in $$(ls $(crds_gen_temp)); do \ + echo "{{ if .Values.crds.enabled }}" > $(helm_chart_source_dir)/templates/$$i; \ + cat $(crds_gen_temp)/$$i >> $(helm_chart_source_dir)/templates/$$i; \ + echo "{{ end }}" >> $(helm_chart_source_dir)/templates/$$i; \ + done + +shared_generate_targets += generate-crds diff --git a/make/_shared/helm/deploy.mk b/make/_shared/helm/deploy.mk new file mode 100644 index 00000000..2d02723e --- /dev/null +++ b/make/_shared/helm/deploy.mk @@ -0,0 +1,51 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ifndef deploy_name +$(error deploy_name is not set) +endif + +ifndef deploy_namespace +$(error deploy_namespace is not set) +endif + +########################################## + +.PHONY: install +## Install controller helm chart on the current active K8S cluster. +## @category [shared] Deployment +install: $(helm_chart_archive) | $(NEEDS_HELM) + $(HELM) upgrade $(deploy_name) $(helm_chart_archive) \ + --wait \ + --install \ + --create-namespace \ + $(INSTALL_OPTIONS) \ + --namespace $(deploy_namespace) + +.PHONY: uninstall +## Uninstall controller helm chart from the current active K8S cluster. +## @category [shared] Deployment +uninstall: | $(NEEDS_HELM) + $(HELM) uninstall $(deploy_name) \ + --wait \ + --namespace $(deploy_namespace) + +.PHONY: template +## Template the helm chart. +## @category [shared] Deployment +template: $(helm_chart_archive) | $(NEEDS_HELM) + @$(HELM) template $(deploy_name) $(helm_chart_archive) \ + --create-namespace \ + $(INSTALL_OPTIONS) \ + --namespace $(deploy_namespace) diff --git a/make/_shared/helm/helm.mk b/make/_shared/helm/helm.mk new file mode 100644 index 00000000..d512ffca --- /dev/null +++ b/make/_shared/helm/helm.mk @@ -0,0 +1,91 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ifndef bin_dir +$(error bin_dir is not set) +endif + +ifndef repo_name +$(error repo_name is not set) +endif + +ifndef helm_chart_source_dir +$(error helm_chart_source_dir is not set) +endif + +ifndef helm_chart_name +$(error helm_chart_name is not set) +endif + +ifndef helm_chart_version +$(error helm_chart_version is not set) +endif + +ifndef helm_values_mutation_function +$(error helm_values_mutation_function is not set) +endif + +########################################## + +helm_chart_sources := $(shell find $(helm_chart_source_dir) -maxdepth 1 -type f) $(shell find $(helm_chart_source_dir)/templates -type f) +helm_chart_archive := $(bin_dir)/scratch/image/$(helm_chart_name)-$(helm_chart_version).tgz + +$(helm_chart_archive): $(helm_chart_sources) | $(NEEDS_HELM) $(NEEDS_YQ) $(bin_dir)/scratch/image + $(eval helm_chart_source_dir_versioned := $@.tmp) + rm -rf $(helm_chart_source_dir_versioned) + mkdir -p $(dir $(helm_chart_source_dir_versioned)) + cp -a $(helm_chart_source_dir) $(helm_chart_source_dir_versioned) + + $(call helm_values_mutation_function,$(helm_chart_source_dir_versioned)/values.yaml) + + @if ! $(YQ) -oy '.name' $(helm_chart_source_dir_versioned)/Chart.yaml | grep -q '^$(helm_chart_name)$$'; then \ + echo "Chart name does not match the name in the helm_chart_name variable"; \ + exit 1; \ + fi + + mkdir -p $(dir $@) + $(HELM) package $(helm_chart_source_dir_versioned) \ + --app-version $(helm_chart_version) \ + --version $(helm_chart_version) \ + --destination $(dir $@) + +.PHONY: helm-chart +## Create a helm chart +## @category [shared] Helm Chart +helm-chart: $(helm_chart_archive) + +.PHONY: generate-helm-docs +## Generate Helm chart documentation. +## @category [shared] Generate/ Verify +generate-helm-docs: | $(NEEDS_HELM-DOCS) + $(HELM-DOCS) $(helm_chart_source_dir)/ + +shared_generate_targets += generate-helm-docs + +.PHONY: verify-pod-security-standards +## Verify that the Helm chart complies with the pod security standards. +## @category [shared] Generate/ Verify +verify-pod-security-standards: $(helm_chart_archive) | $(NEEDS_KYVERNO) $(NEEDS_KUSTOMIZE) $(NEEDS_HELM) + $(KYVERNO) apply <($(KUSTOMIZE) build https://github.com/kyverno/policies/pod-security/enforce) \ + --resource <($(HELM) template $(helm_chart_archive)) 2>/dev/null + +shared_verify_targets_dirty += verify-pod-security-standards + +.PHONY: verify-helm-lint +## Verify that the Helm chart is linted. +## @category [shared] Generate/ Verify +verify-helm-lint: $(helm_chart_archive) | $(NEEDS_HELM) + $(HELM) lint $(helm_chart_archive) + +shared_verify_targets_dirty += verify-helm-lint diff --git a/make/_shared/help/01_mod.mk b/make/_shared/help/01_mod.mk new file mode 100644 index 00000000..01307a4c --- /dev/null +++ b/make/_shared/help/01_mod.mk @@ -0,0 +1,118 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Inspired from +# https://github.com/Mischback/django-calingen/blob/3f0e6db6/Makefile +# and https://gist.github.com/klmr/575726c7e05d8780505a + +# fancy colors +cyan := "$$(tput setaf 6)" +green := "$$(tput setaf 2)" +red := "$$(tput setaf 1)" +yel := "$$(tput setaf 3)" +gray := "$$(tput setaf 8)" +grayb := "$$(printf "\033[1m"; tput setaf 8)" +end := "$$(tput sgr0)" +TARGET_STYLED_HELP_NAME = "$(cyan)TARGET$(end)" +ARGUMENTS_HELP_NAME = "$(green)ARGUMENT$(end)=$(red)VALUE$(end)" + +# This mountrous sed is compatible with both GNU sed and BSD sed (for macOS). +# That's why "-E", "|", "+", "\s", "?", and "\t" aren't used. See the details +# about BSD sed vs. GNU sed: https://riptutorial.com/sed/topic/9436 + +target_regex := [a-zA-Z0-9%_\/%-][a-zA-Z0-9%_\/%-]* +variable_regex := [^:= ][^:= ]* +variable_assignment_regex := [ ]*:*[+:!\?]*= * +value_regex := .* +category_annotation_regex := @category * +category_regex := [^<][^<]* + +# We first parse and markup with these ad-hoc tags, and then we turn the markup +# into a colorful output. +target_tag_start := +target_tag_end := +target_variable_tag_start := +target_variable_tag_end := +variable_tag_start := +variable_tag_end := +global_variable_tag_start := +global_variable_tag_end := +value_tag_start := +value_tag_end := +prerequisites_tag_start := +prerequisites_tag_end := +doc_tag_start := +doc_tag_indented_start := +doc_tag_indented_end := +doc_tag_end := +category_tag_start := +category_tag_end := +default_category_tag_start := +default_category_tag_end := + +DEFAULT_CATEGORY = General + +.PHONY: help +help: + @echo "Usage: make [$(TARGET_STYLED_HELP_NAME) [$(TARGET_STYLED_HELP_NAME) ...]] [$(ARGUMENTS_HELP_NAME) [$(ARGUMENTS_HELP_NAME) ...]]" + @cat ${MAKEFILE_LIST} \ + | tr '\t' ' ' \ + | sed -n -e "/^## / { \ + h; \ + s/.*/##/; \ + :doc" \ + -e "H; \ + n; \ + s|^## *\(.*\)|$(doc_tag_start)$(doc_tag_indented_start)\1$(doc_tag_indented_end)$(doc_tag_end)|; \ + s|^## *\(.*\)|$(doc_tag_start)\1$(doc_tag_end)|; \ + t doc" \ + -e "s| *#[^#].*||; " \ + -e "s|^\(define *\)\($(variable_regex)\)$(variable_assignment_regex)\($(value_regex)\)|$(global_variable_tag_start)\2$(global_variable_tag_end)$(value_tag_start)\3$(value_tag_end)|;" \ + -e "s|^\($(variable_regex)\)$(variable_assignment_regex)\($(value_regex)\)|$(global_variable_tag_start)\1$(global_variable_tag_end)$(value_tag_start)\2$(value_tag_end)|;" \ + -e "s|^\($(target_regex)\) *: *\(\($(variable_regex)\)$(variable_assignment_regex)\($(value_regex)\)\)|$(target_variable_tag_start)\1$(target_variable_tag_end)$(variable_tag_start)\3$(variable_tag_end)$(value_tag_start)\4$(value_tag_end)|;" \ + -e "s|^\($(target_regex)\) *: *\($(target_regex)\( *$(target_regex)\)*\) *\(\| *\( *$(target_regex)\)*\)|$(target_tag_start)\1$(target_tag_end)$(prerequisites_tag_start)\2$(prerequisites_tag_end)|;" \ + -e "s|^\($(target_regex)\) *: *\($(target_regex)\( *$(target_regex)\)*\)|$(target_tag_start)\1$(target_tag_end)$(prerequisites_tag_start)\2$(prerequisites_tag_end)|;" \ + -e "s|^\($(target_regex)\) *: *\(\| *\( *$(target_regex)\)*\)|$(target_tag_start)\1$(target_tag_end)|;" \ + -e "s|^\($(target_regex)\) *: *|$(target_tag_start)\1$(target_tag_end)|;" \ + -e " \ + G; \ + s|## *\(.*\) *##|$(doc_tag_start)\1$(doc_tag_end)|; \ + s|\\n||g;" \ + -e "/$(category_annotation_regex)/!s|.*|$(default_category_tag_start)$(DEFAULT_CATEGORY)$(default_category_tag_end)&|" \ + -e "s|^\(.*\)$(doc_tag_start)$(category_annotation_regex)\($(category_regex)\)$(doc_tag_end)|$(category_tag_start)\2$(category_tag_end)\1|" \ + -e "p; \ + }" \ + | sort \ + | sed -n \ + -e "s|$(default_category_tag_start)|$(category_tag_start)|" \ + -e "s|$(default_category_tag_end)|$(category_tag_end)|" \ + -e "{G; s|\($(category_tag_start)$(category_regex)$(category_tag_end)\)\(.*\)\n\1|\2|; s|\n.*||; H; }" \ + -e "s|$(category_tag_start)||" \ + -e "s|$(category_tag_end)|:\n|" \ + -e "s|$(target_variable_tag_start)|$(target_tag_start)|" \ + -e "s|$(target_variable_tag_end)|$(target_tag_end)|" \ + -e "s|$(target_tag_start)| $(cyan)|" \ + -e "s|$(target_tag_end)|$(end) |" \ + -e "s|$(prerequisites_tag_start).*$(prerequisites_tag_end)||" \ + -e "s|$(variable_tag_start)|$(green)|g" \ + -e "s|$(variable_tag_end)|$(end)|" \ + -e "s|$(global_variable_tag_start)| $(green)|g" \ + -e "s|$(global_variable_tag_end)|$(end)|" \ + -e "s|$(value_tag_start)| (default: $(red)|" \ + -e "s|$(value_tag_end)|$(end))|" \ + -e "s|$(doc_tag_indented_start)|$(grayb)|g" \ + -e "s|$(doc_tag_indented_end)|$(end)|g" \ + -e "s|$(doc_tag_start)|\n |g" \ + -e "s|$(doc_tag_end)||g" \ + -e "p" diff --git a/hack/boilerplate/boilerplate.sh.txt b/make/_shared/kind/01_mod.mk similarity index 77% rename from hack/boilerplate/boilerplate.sh.txt rename to make/_shared/kind/01_mod.mk index 0a45273f..a7eb1b2b 100644 --- a/hack/boilerplate/boilerplate.sh.txt +++ b/make/_shared/kind/01_mod.mk @@ -1,4 +1,4 @@ -# Copyright YEAR The cert-manager Authors. +# Copyright 2023 The cert-manager Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,3 +12,5 @@ # See the License for the specific language governing permissions and # limitations under the License. +include $(dir $(lastword $(MAKEFILE_LIST)))/kind.mk +include $(dir $(lastword $(MAKEFILE_LIST)))/kind-image-preload.mk diff --git a/make/_shared/kind/kind-image-preload.mk b/make/_shared/kind/kind-image-preload.mk new file mode 100644 index 00000000..e4d5eedc --- /dev/null +++ b/make/_shared/kind/kind-image-preload.mk @@ -0,0 +1,56 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ifndef bin_dir +$(error bin_dir is not set) +endif + +ifndef images_amd64 +$(error images_amd64 is not set) +endif + +ifndef images_arm64 +$(error images_arm64 is not set) +endif + +########################################## + +images := $(images_$(HOST_ARCH)) +images_files := $(foreach image,$(images),$(subst :,+,$(image))) + +images_tar_dir := $(bin_dir)/downloaded/containers/$(HOST_ARCH) +images_tars := $(images_files:%=$(images_tar_dir)/%.tar) + +$(images_tars): $(images_tar_dir)/%.tar: | $(NEEDS_CRANE) + @$(eval IMAGE=$(subst +,:,$*)) + @$(eval IMAGE_WITHOUT_DIGEST=$(shell cut -d@ -f1 <<<"$(IMAGE)")) + @$(eval DIGEST=$(subst $(IMAGE_WITHOUT_DIGEST)@,,$(IMAGE))) + @mkdir -p $(dir $@) + diff <(echo "$(DIGEST) -" | cut -d: -f2) <($(CRANE) manifest $(IMAGE) | sha256sum) + $(CRANE) pull $(IMAGE_WITHOUT_DIGEST) $@ --platform=linux/$(HOST_ARCH) + +images_tar_envs := $(images_files:%=env-%) + +.PHONY: $(images_tar_envs) +$(images_tar_envs): env-%: $(images_tar_dir)/%.tar | $(NEEDS_GOJQ) + @$(eval image_without_tag=$(shell cut -d+ -f1 <<<"$*")) + @$(eval $(image_without_tag).TAR="$(images_tar_dir)/$*.tar") + @$(eval $(image_without_tag).REPO=$(shell tar xfO "$(images_tar_dir)/$*.tar" manifest.json | $(GOJQ) '.[0].RepoTags[0]' -r | cut -d: -f1)) + @$(eval $(image_without_tag).TAG=$(shell tar xfO "$(images_tar_dir)/$*.tar" manifest.json | $(GOJQ) '.[0].RepoTags[0]' -r | cut -d: -f2)) + @$(eval $(image_without_tag).FULL=$($(image_without_tag).REPO):$($(image_without_tag).TAG)) + +.PHONY: images-preload +## Preload images. +## @category [shared] Kind cluster +images-preload: | $(images_tar_envs) diff --git a/make/_shared/kind/kind.mk b/make/_shared/kind/kind.mk new file mode 100644 index 00000000..09bdf922 --- /dev/null +++ b/make/_shared/kind/kind.mk @@ -0,0 +1,78 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ifndef bin_dir +$(error bin_dir is not set) +endif + +ifndef kind_cluster_name +$(error kind_cluster_name is not set) +endif + +ifndef kind_cluster_config +$(error kind_cluster_config is not set) +endif + +########################################## + +kind_kubeconfig := $(bin_dir)/scratch/kube.config +export KUBECONFIG := $(kind_kubeconfig) + +$(bin_dir)/scratch/cluster-check: FORCE | $(NEEDS_KIND) $(bin_dir)/scratch + @if ! $(KIND) get clusters -q | grep -q "^$(kind_cluster_name)\$$"; then \ + echo "❌ cluster $(kind_cluster_name) not found. Starting ..."; \ + echo "trigger" > $@; \ + else \ + echo "✅ existing cluster $(kind_cluster_name) found"; \ + fi + +kind_post_create_hook ?= +$(kind_kubeconfig): $(kind_cluster_config) $(bin_dir)/scratch/cluster-check | images-preload $(bin_dir)/scratch $(NEEDS_KIND) $(NEEDS_KUBECTL) + @[ -f "$(bin_dir)/scratch/cluster-check" ] && ( \ + $(KIND) delete cluster --name $(kind_cluster_name); \ + $(CTR) load -i $(docker.io/kindest/node.TAR); \ + $(KIND) create cluster \ + --image $(docker.io/kindest/node.FULL) \ + --name $(kind_cluster_name) \ + --config "$<"; \ + $(CTR) exec $(kind_cluster_name)-control-plane find /mounted_images/ -name "*.tar" -exec echo {} \; -exec ctr --namespace=k8s.io images import --all-platforms --no-unpack --digests {} \; ; \ + $(MAKE) --no-print-directory noop $(kind_post_create_hook); \ + $(KUBECTL) config use-context kind-$(kind_cluster_name); \ + ) || true + + $(KIND) get kubeconfig --name $(kind_cluster_name) > $@ + +.PHONY: kind-cluster +## Create Kind cluster and wait for nodes to be ready +## @category [shared] Kind cluster +kind-cluster: $(kind_kubeconfig) | $(NEEDS_KUBECTL) + mkdir -p ~/.kube + KUBECONFIG=~/.kube/config:$(kind_kubeconfig) $(KUBECTL) config view --flatten > ~/.kube/config + $(KUBECTL) config use-context kind-$(kind_cluster_name) + +.PHONY: kind-cluster-clean +## Delete the Kind cluster +## @category [shared] Kind cluster +kind-cluster-clean: $(NEEDS_KIND) + $(KIND) delete cluster --name $(kind_cluster_name) + rm -rf $(kind_kubeconfig) + $(MAKE) --no-print-directory noop $(kind_post_create_hook) + +.PHONY: kind-logs +## Get the Kind cluster +## @category [shared] Kind cluster +kind-logs: | kind-cluster $(NEEDS_KIND) $(bin_dir)/artifacts + rm -rf $(bin_dir)/artifacts/e2e-logs + mkdir -p $(bin_dir)/artifacts/e2e-logs + $(KIND) export logs $(bin_dir)/artifacts/e2e-logs --name=$(kind_cluster_name) diff --git a/make/_shared/klone/01_mod.mk b/make/_shared/klone/01_mod.mk new file mode 100644 index 00000000..a3d07dd2 --- /dev/null +++ b/make/_shared/klone/01_mod.mk @@ -0,0 +1,27 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +.PHONY: generate-klone +## Generate klone shared Makefiles +## @category [shared] Generate/ Verify +generate-klone: | $(NEEDS_KLONE) + $(KLONE) sync + +shared_generate_targets += generate-klone + +.PHONY: upgrade-klone +## Upgrade klone Makefile modules to latest version +## @category [shared] Self-upgrade +upgrade-klone: | $(NEEDS_KLONE) + $(KLONE) upgrade diff --git a/make/_shared/oci-image/01_mod.mk b/make/_shared/oci-image/01_mod.mk new file mode 100644 index 00000000..d8ea8533 --- /dev/null +++ b/make/_shared/oci-image/01_mod.mk @@ -0,0 +1,130 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ifndef bin_dir +$(error bin_dir is not set) +endif + +ifndef oci_platforms +$(error oci_platforms is not set) +endif + +ifndef build_names +$(error build_names is not set) +endif + +fatal_if_undefined = $(if $(findstring undefined,$(origin $1)),$(error $1 is not set)) + +define check_variables +$(call fatal_if_undefined,go_$1_ldflags) +$(call fatal_if_undefined,go_$1_source_path) +$(call fatal_if_undefined,oci_$1_image_name) +$(call fatal_if_undefined,oci_$1_image_name_development) +endef + +$(foreach build_name,$(build_names),$(eval $(call check_variables,$(build_name)))) + +########################################## + +CGO_ENABLED ?= 0 + +build_targets := $(build_names:%=$(bin_dir)/bin/%) +run_targets := $(build_names:%=run-%) +oci_build_targets := $(build_names:%=oci-build-%) +oci_push_targets := $(build_names:%=oci-push-%) +oci_load_targets := $(build_names:%=oci-load-%) + +image_tool_dir := $(dir $(lastword $(MAKEFILE_LIST)))/image_tool/ + +$(bin_dir)/bin: + mkdir -p $@ + +## Build manager binary. +## @category [shared] Build +$(build_targets): $(bin_dir)/bin/%: FORCE | $(NEEDS_GO) $(bin_dir)/bin + CGO_ENABLED=$(CGO_ENABLED) \ + $(GO) build \ + -ldflags '$(go_$*_ldflags)' \ + -o $@ \ + $(go_$*_source_path) + +.PHONY: $(run_targets) +ARGS ?= # default empty +## Run a controller from your host. +## @category [shared] Build +$(run_targets): run-%: | $(NEEDS_GO) + $(GO) run \ + -ldflags '$(go_$*_ldflags)' \ + $(go_$*_source_path) $(ARGS) + +.PHONY: $(oci_build_targets) +## Build the oci image. +## @category [shared] Build +$(oci_build_targets): oci-build-%: | $(NEEDS_KO) $(NEEDS_GO) $(NEEDS_YQ) $(bin_dir)/scratch/image + $(eval oci_layout_path := $(bin_dir)/scratch/image/oci-layout-$*.$(oci_$*_image_tag)) + rm -rf $(CURDIR)/$(oci_layout_path) + + echo '{}' | \ + $(YQ) '.builds[0].id = "$*"' | \ + $(YQ) '.builds[0].main = "$(go_$*_source_path)"' | \ + $(YQ) '.builds[0].env[0] = "CGO_ENABLED={{.Env.CGO_ENABLED}}"' | \ + $(YQ) '.builds[0].ldflags[0] = "-s"' | \ + $(YQ) '.builds[0].ldflags[1] = "-w"' | \ + $(YQ) '.builds[0].ldflags[2] = "{{.Env.LDFLAGS}}"' \ + > $(CURDIR)/$(oci_layout_path).ko_config.yaml + + KOCACHE=$(bin_dir)/scratch/image/ko_cache \ + KO_CONFIG_PATH=$(CURDIR)/$(oci_layout_path).ko_config.yaml \ + LDFLAGS="$(go_$*_ldflags)" \ + CGO_ENABLED=$(CGO_ENABLED) \ + $(KO) build $(go_$*_source_path) \ + --platform=$(oci_platforms) \ + --oci-layout-path=$(CURDIR)/$(oci_layout_path) \ + --sbom-dir=$(CURDIR)/$(oci_layout_path).sbom \ + --sbom=spdx \ + --push=false \ + --base-import-paths + + cd $(image_tool_dir) && $(GO) run . list-digests \ + $(CURDIR)/$(oci_layout_path) \ + > $(CURDIR)/$(oci_layout_path).digests + +.PHONY: $(oci_push_targets) +## Push docker image with the manager. +## Expected pushed images: +## - :v1.2.3, @sha256:0000001 +## - :v1.2.3.sig, :sha256-0000001.sig +## @category [shared] Build +$(oci_push_targets): oci-push-%: oci-build-% | $(NEEDS_CRANE) $(NEEDS_COSIGN) $(NEEDS_YQ) $(bin_dir)/scratch/image + $(eval oci_layout_path := $(bin_dir)/scratch/image/oci-layout-$*.$(oci_$*_image_tag)) + $(eval image_ref := $(shell head -1 $(CURDIR)/$(oci_layout_path).digests)) + + if $(CRANE) image digest $(oci_$*_image_name)@$(image_ref) >/dev/null 2>&1; then \ + echo "Tag already exists, exiting"; \ + exit 1; \ + else \ + echo "Tag does not yet exist, pushing image"; \ + fi + + $(CRANE) push "$(oci_layout_path)" "$(oci_$*_image_name):$(oci_$*_image_tag)" + $(COSIGN) sign --yes=true "$(oci_$*_image_name)@$(image_ref)" + +.PHONY: $(oci_load_targets) +## Load docker image with the manager. +## @category [shared] Build +$(oci_load_targets): oci-load-%: oci-build-% | kind-cluster $(NEEDS_KIND) + $(eval oci_layout_path := $(bin_dir)/scratch/image/oci-layout-$*.$(oci_$*_image_tag)) + + cd $(image_tool_dir) && $(GO) run . convert-to-docker-tar $(CURDIR)/$(oci_layout_path) $(CURDIR)/$(oci_layout_path).docker.tar $(oci_$*_image_name_development):$(oci_$*_image_tag) + $(KIND) load image-archive --name $(kind_cluster_name) $(oci_layout_path).docker.tar diff --git a/make/_shared/oci-image/image_tool/go.mod b/make/_shared/oci-image/image_tool/go.mod new file mode 100644 index 00000000..73840742 --- /dev/null +++ b/make/_shared/oci-image/image_tool/go.mod @@ -0,0 +1,50 @@ +module image_tool + +go 1.21.1 + +require ( + github.com/google/go-containerregistry v0.15.2 + github.com/sigstore/cosign/v2 v2.1.1 +) + +require ( + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect + github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect + github.com/docker/docker v24.0.2+incompatible // indirect + github.com/go-openapi/analysis v0.21.4 // indirect + github.com/go-openapi/errors v0.20.3 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.1 // indirect + github.com/go-openapi/loads v0.21.2 // indirect + github.com/go-openapi/runtime v0.26.0 // indirect + github.com/go-openapi/spec v0.20.9 // indirect + github.com/go-openapi/strfmt v0.21.7 // indirect + github.com/go-openapi/swag v0.22.4 // indirect + github.com/go-openapi/validate v0.22.1 // indirect + github.com/golang/protobuf v1.5.3 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/klauspost/compress v1.16.5 // indirect + github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/mitchellh/mapstructure v1.5.0 // indirect + github.com/oklog/ulid v1.3.1 // indirect + github.com/opencontainers/go-digest v1.0.0 // indirect + github.com/opencontainers/image-spec v1.1.0-rc3 // indirect + github.com/sigstore/rekor v1.2.2-0.20230530122220-67cc9e58bd23 // indirect + github.com/sigstore/sigstore v1.7.1 // indirect + github.com/theupdateframework/go-tuf v0.5.2 // indirect + github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect + github.com/vbatts/tar-split v0.11.3 // indirect + go.mongodb.org/mongo-driver v1.11.3 // indirect + golang.org/x/crypto v0.10.0 // indirect + golang.org/x/net v0.11.0 // indirect + golang.org/x/sync v0.3.0 // indirect + golang.org/x/sys v0.9.0 // indirect + golang.org/x/term v0.9.0 // indirect + golang.org/x/text v0.10.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect + google.golang.org/grpc v1.56.0 // indirect + google.golang.org/protobuf v1.30.0 // indirect + gopkg.in/square/go-jose.v2 v2.6.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect +) diff --git a/make/_shared/oci-image/image_tool/go.sum b/make/_shared/oci-image/image_tool/go.sum new file mode 100644 index 00000000..4b016629 --- /dev/null +++ b/make/_shared/oci-image/image_tool/go.sum @@ -0,0 +1,306 @@ +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= +github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k= +github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o= +github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/docker/cli v23.0.5+incompatible h1:ufWmAOuD3Vmr7JP2G5K3cyuNC4YZWiAsuDEvFVVDafE= +github.com/docker/cli v23.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= +github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/docker v24.0.2+incompatible h1:eATx+oLz9WdNVkQrr0qjQ8HvRJ4bOOxfzEo8R+dA3cg= +github.com/docker/docker v24.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= +github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= +github.com/facebookgo/clock v0.0.0-20150410010913-600d898af40a h1:yDWHCSQ40h88yih2JAcL6Ls/kVkSE8GFACTGVnMPruw= +github.com/facebookgo/clock v0.0.0-20150410010913-600d898af40a/go.mod h1:7Ga40egUymuWXxAe151lTNnCv97MddSOVsjpPPkityA= +github.com/facebookgo/limitgroup v0.0.0-20150612190941-6abd8d71ec01 h1:IeaD1VDVBPlx3viJT9Md8if8IxxJnO+x0JCGb054heg= +github.com/facebookgo/limitgroup v0.0.0-20150612190941-6abd8d71ec01/go.mod h1:ypD5nozFk9vcGw1ATYefw6jHe/jZP++Z15/+VTMcWhc= +github.com/facebookgo/muster v0.0.0-20150708232844-fd3d7953fd52 h1:a4DFiKFJiDRGFD1qIcqGLX/WlUMD9dyLSLDt+9QZgt8= +github.com/facebookgo/muster v0.0.0-20150708232844-fd3d7953fd52/go.mod h1:yIquW87NGRw1FU5p5lEkpnt/QxoH5uPAOUlOVkAUuMg= +github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY= +github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc= +github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo= +github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc= +github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk= +github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= +github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= +github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns= +github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= +github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8= +github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= +github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro= +github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw= +github.com/go-openapi/runtime v0.26.0 h1:HYOFtG00FM1UvqrcxbEJg/SwvDRvYLQKGhw2zaQjTcc= +github.com/go-openapi/runtime v0.26.0/go.mod h1:QgRGeZwrUcSHdeh4Ka9Glvo0ug1LC5WyE+EV88plZrQ= +github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I= +github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= +github.com/go-openapi/spec v0.20.9 h1:xnlYNQAwKd2VQRRfwTEI0DcK+2cbuvI/0c7jx3gA8/8= +github.com/go-openapi/spec v0.20.9/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= +github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg= +github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= +github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg= +github.com/go-openapi/strfmt v0.21.7 h1:rspiXgNWgeUzhjo1YU01do6qsahtJNByjLVbPLNHb8k= +github.com/go-openapi/strfmt v0.21.7/go.mod h1:adeGTkxE44sPyLk0JV235VQAO/ZXUr8KAzYjclFs3ew= +github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= +github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= +github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU= +github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= +github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY= +github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg= +github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= +github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= +github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs= +github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= +github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= +github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk= +github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28= +github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo= +github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk= +github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw= +github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360= +github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg= +github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE= +github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8= +github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc= +github.com/gobuffalo/mapi v1.0.2/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc= +github.com/gobuffalo/packd v0.0.0-20190315124812-a385830c7fc0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4= +github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4= +github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ= +github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0= +github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6VUEAZgy3a+TQE= +github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/honeycombio/beeline-go v1.10.0 h1:cUDe555oqvw8oD76BQJ8alk7FP0JZ/M/zXpNvOEDLDc= +github.com/honeycombio/beeline-go v1.10.0/go.mod h1:Zz5WMeQCJzFt2Mvf8t6HC1X8RLskLVR/e8rvcmXB1G8= +github.com/honeycombio/libhoney-go v1.16.0 h1:kPpqoz6vbOzgp7jC6SR7SkNj7rua7rgxvznI6M3KdHc= +github.com/honeycombio/libhoney-go v1.16.0/go.mod h1:izP4fbREuZ3vqC4HlCAmPrcPT9gxyxejRjGtCYpmBn0= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548 h1:dYTbLf4m0a5u0KLmPfB6mgxbcV7588bOCx79hxa5Sr4= +github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548/go.mod h1:hGT6jSUVzF6no3QaDSMLGLEHtHSBSefs+MgcDWnmhmo= +github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= +github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA= +github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= +github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= +github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf h1:ndns1qx/5dL43g16EQkPV/i8+b3l5bYQwLeoSBe7tS8= +github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf/go.mod h1:aGkAgvWY/IUcVFfuly53REpfv5edu25oij+qHRFaraA= +github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= +github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= +github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= +github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= +github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= +github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= +github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= +github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8= +github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= +github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v1.15.1 h1:8tXpTmJbyH5lydzFPoxSIJ0J46jdh3tylbvM1xCv0LI= +github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk= +github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= +github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= +github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM= +github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= +github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI= +github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY= +github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/sigstore/cosign/v2 v2.1.1 h1:HOI6pWaEie0wLituDWWaqC5U9MaXablKNf6QroVhj6k= +github.com/sigstore/cosign/v2 v2.1.1/go.mod h1:S9KGmdQ/Dd29TdgUwGCNeXR7scJWZwREh4A9Za2PRPY= +github.com/sigstore/rekor v1.2.2-0.20230530122220-67cc9e58bd23 h1:eZY7mQFcc0VvNr0fiAK3/n7kh73+T06KzBEIUYzFSDQ= +github.com/sigstore/rekor v1.2.2-0.20230530122220-67cc9e58bd23/go.mod h1:h1tOLhldpfILtziWpUDgGBu0vulWk9Kh72t6XzBGJok= +github.com/sigstore/sigstore v1.7.1 h1:fCATemikcBK0cG4+NcM940MfoIgmioY1vC6E66hXxks= +github.com/sigstore/sigstore v1.7.1/go.mod h1:0PmMzfJP2Y9+lugD0wer4e7TihR5tM7NcIs3bQNk5xg= +github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/theupdateframework/go-tuf v0.5.2 h1:habfDzTmpbzBLIFGWa2ZpVhYvFBoK0C1onC3a4zuPRA= +github.com/theupdateframework/go-tuf v0.5.2/go.mod h1:SyMV5kg5n4uEclsyxXJZI2UxPFJNDc4Y+r7wv+MlvTA= +github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= +github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= +github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= +github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= +github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= +github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= +github.com/vbatts/tar-split v0.11.3 h1:hLFqsOLQ1SsppQNTMpkpPXClLDfC2A3Zgy9OUU+RVck= +github.com/vbatts/tar-split v0.11.3/go.mod h1:9QlHN18E+fEH7RdG+QAJJcuya3rqT7eXSTY7wGrAokY= +github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU= +github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc= +github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= +github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds= +github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= +github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs= +github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g= +github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= +github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8= +github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA= +go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg= +go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng= +go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8= +go.mongodb.org/mongo-driver v1.11.3 h1:Ql6K6qYHEzB6xvu4+AU0BoRoqf9vFPcc4o7MUIdPW8Y= +go.mongodb.org/mongo-driver v1.11.3/go.mod h1:PTSz5yu21bkT/wXpkS7WR5f0ddqw5quethTUn9WM+2g= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= +golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= +golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= +golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= +golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28= +golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= +golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/grpc v1.56.0 h1:+y7Bs8rtMd07LeXmL3NxcTLn7mUkbKZqEpPhMNkwJEE= +google.golang.org/grpc v1.56.0/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= +google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +gopkg.in/alexcesaro/statsd.v2 v2.0.0 h1:FXkZSCZIH17vLCO5sO2UucTHsH9pc+17F6pl3JVCwMc= +gopkg.in/alexcesaro/statsd.v2 v2.0.0/go.mod h1:i0ubccKGzBVNBpdGV5MocxyA/XlLUJzA7SLonnE4drU= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= +gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/make/_shared/oci-image/image_tool/main.go b/make/_shared/oci-image/image_tool/main.go new file mode 100644 index 00000000..ce1f6766 --- /dev/null +++ b/make/_shared/oci-image/image_tool/main.go @@ -0,0 +1,145 @@ +/* +Copyright 2023 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "context" + "fmt" + "os" + "runtime" + + "github.com/google/go-containerregistry/pkg/name" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/layout" + "github.com/google/go-containerregistry/pkg/v1/tarball" + "github.com/sigstore/cosign/v2/pkg/oci" + "github.com/sigstore/cosign/v2/pkg/oci/mutate" + "github.com/sigstore/cosign/v2/pkg/oci/signed" +) + +func main() { + if len(os.Args) < 2 { + fmt.Println("Usage: image_tool [args]") + os.Exit(1) + } + + switch os.Args[1] { + case "list-digests": + if len(os.Args) != 3 { + fmt.Println("Usage: image_tool list-digests ") + os.Exit(1) + } + err := listDigests(os.Args[2]) + if err != nil { + fmt.Println(err) + os.Exit(1) + } + case "convert-to-docker-tar": + if len(os.Args) != 5 { + fmt.Println("Usage: image_tool convert-to-docker-tar ") + os.Exit(1) + } + err := convertToDockerTar(os.Args[2], os.Args[3], os.Args[4]) + if err != nil { + fmt.Println(err) + os.Exit(1) + } + default: + fmt.Println("Unknown command:", os.Args[1]) + os.Exit(1) + } +} + +func listDigests(path string) error { + ociLayout, err := layout.FromPath(path) + if err != nil { + return err + } + + imageIndex, err := ociLayout.ImageIndex() + if err != nil { + return err + } + + indexManifest, err := imageIndex.IndexManifest() + if err != nil { + return err + } + + for _, man := range indexManifest.Manifests { + fmt.Println(man.Digest) + } + + return nil +} + +func convertToDockerTar(path string, output string, imageName string) error { + ociLayout, err := layout.FromPath(path) + if err != nil { + return err + } + + imageIndex, err := ociLayout.ImageIndex() + if err != nil { + return err + } + + matchingImages := []v1.Image{} + _, err = mutate.Map(context.TODO(), signed.ImageIndex(imageIndex), func(_ context.Context, se oci.SignedEntity) (oci.SignedEntity, error) { + switch obj := se.(type) { + case oci.SignedImage: + config, err := obj.ConfigFile() + if err != nil { + return nil, err + } + + if config.Platform().OS == runtime.GOOS && config.Platform().Architecture == runtime.GOARCH { + matchingImages = append(matchingImages, obj) + } + case oci.SignedImageIndex: + // don't do anything + default: + return nil, fmt.Errorf("unrecognized type: %T", se) + } + + return se, nil + }) + if err != nil { + return err + } + + if len(matchingImages) == 0 { + return fmt.Errorf("no matching images found") + } + + if len(matchingImages) > 1 { + return fmt.Errorf("multiple matching images found") + } + + matchingImage := matchingImages[0] + + ref, err := name.ParseReference(imageName) + if err != nil { + return err + } + + if err := tarball.WriteToFile(output, ref, matchingImage); err != nil { + return err + } + + return nil +} diff --git a/make/_shared/repository-base/01_mod.mk b/make/_shared/repository-base/01_mod.mk new file mode 100644 index 00000000..9f0ef808 --- /dev/null +++ b/make/_shared/repository-base/01_mod.mk @@ -0,0 +1,23 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +base_dir := $(dir $(lastword $(MAKEFILE_LIST)))/base/ + +.PHONY: generate-base +## Generate base files in the repository +## @category [shared] Generate/ Verify +generate-base: + cp -r $(base_dir)/* ./ + +shared_generate_targets += generate-base diff --git a/make/_shared/repository-base/base/.gitignore b/make/_shared/repository-base/base/.gitignore new file mode 100644 index 00000000..dea47876 --- /dev/null +++ b/make/_shared/repository-base/base/.gitignore @@ -0,0 +1,31 @@ +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib +bin +testbin/* + +# Test binary, build with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# Kubernetes Generated files - skip generated files, except for vendored files +!vendor/**/zz_generated.* + +# editor and IDE paraphernalia +.idea +*.swp +*.swo +*~ + +_bin +_certs +_artifacts +.vscode + +# direnv files +.envrc diff --git a/make/_shared/repository-base/base/CONTRIBUTING.md b/make/_shared/repository-base/base/CONTRIBUTING.md new file mode 100644 index 00000000..156378c9 --- /dev/null +++ b/make/_shared/repository-base/base/CONTRIBUTING.md @@ -0,0 +1,3 @@ +# Contributing + +Please refer to the [cert-manager Contributing guide](https://cert-manager.io/docs/contributing/). diff --git a/make/_shared/repository-base/base/LICENSE b/make/_shared/repository-base/base/LICENSE new file mode 100644 index 00000000..261eeb9e --- /dev/null +++ b/make/_shared/repository-base/base/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/make/_shared/repository-base/base/Makefile b/make/_shared/repository-base/base/Makefile new file mode 100644 index 00000000..98bcd5f8 --- /dev/null +++ b/make/_shared/repository-base/base/Makefile @@ -0,0 +1,63 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +MAKEFLAGS += --warn-undefined-variables --no-builtin-rules +SHELL := /usr/bin/env bash +.SHELLFLAGS := -uo pipefail -c +.DEFAULT_GOAL := help +.DELETE_ON_ERROR: +.SUFFIXES: +FORCE: + +noop: # do nothing + +################################## +# Host OS and architecture setup # +################################## + +# The reason we don't use "go env GOOS" or "go env GOARCH" is that the "go" +# binary may not be available in the PATH yet when the Makefiles are +# evaluated. HOST_OS and HOST_ARCH only support Linux, *BSD and macOS (M1 +# and Intel). +HOST_OS ?= $(shell uname -s | tr A-Z a-z) +HOST_ARCH ?= $(shell uname -m) +ifeq (x86_64, $(HOST_ARCH)) + HOST_ARCH = amd64 +endif + +################################## +# Git and versioning information # +################################## + +VERSION ?= $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty) +GITCOMMIT := $(shell git rev-parse HEAD) + +################################## +# Global variables and dirs # +################################## + +bin_dir := _bin + +$(bin_dir) $(bin_dir)/scratch: + mkdir -p $@ + +################################## +# Include all the Makefiles # +################################## + +-include make/00_mod.mk +-include make/_shared/*/00_mod.mk +-include make/_shared/*/01_mod.mk +-include make/02_mod.mk +-include make/_shared/*/02_mod.mk diff --git a/make/_shared/repository-base/base/OWNERS_ALIASES b/make/_shared/repository-base/base/OWNERS_ALIASES new file mode 100644 index 00000000..8226c2d9 --- /dev/null +++ b/make/_shared/repository-base/base/OWNERS_ALIASES @@ -0,0 +1,10 @@ +aliases: + cert-manager-maintainers: + - munnerz + - joshvanl + - wallrj + - jakexks + - maelvls + - irbekrm + - sgtcodfish + - inteon diff --git a/make/_shared/repository-base/base/SECURITY.md b/make/_shared/repository-base/base/SECURITY.md new file mode 100644 index 00000000..3b96b8a7 --- /dev/null +++ b/make/_shared/repository-base/base/SECURITY.md @@ -0,0 +1,3 @@ +# Security + +Please refer to the [cert-manager organisation security document](https://github.com/cert-manager/community/blob/main/SECURITY.md). diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk new file mode 100644 index 00000000..d958a265 --- /dev/null +++ b/make/_shared/tools/00_mod.mk @@ -0,0 +1,480 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ifndef bin_dir +$(error bin_dir is not set) +endif + +########################################## + +$(bin_dir)/scratch/image $(bin_dir)/tools $(bin_dir)/downloaded $(bin_dir)/downloaded/tools: + @mkdir -p $@ + +checkhash_script := $(dir $(lastword $(MAKEFILE_LIST)))/util/checkhash.sh + +# To make sure we use the right version of each tool, we put symlink in +# $(bin_dir)/tools, and the actual binaries are in $(bin_dir)/downloaded. When bumping +# the version of the tools, this symlink gets updated. + +# Let's have $(bin_dir)/tools in front of the PATH so that we don't inavertedly +# pick up the wrong binary somewhere. Watch out, $(shell echo $$PATH) will +# still print the original PATH, since GNU make does not honor exported +# variables: https://stackoverflow.com/questions/54726457 +export PATH := $(CURDIR)/$(bin_dir)/tools:$(PATH) + +CTR=docker + +TOOLS := +# https://github.com/helm/helm/releases +TOOLS += helm=v3.12.1 +# https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl +TOOLS += kubectl=v1.27.3 +# https://github.com/kubernetes-sigs/kind/releases +TOOLS += kind=v0.20.0 +# https://www.vaultproject.io/downloads +TOOLS += vault=1.14.0 +# https://github.com/Azure/azure-workload-identity/releases +TOOLS += azwi=v1.1.0 +# https://github.com/kyverno/kyverno/releases +TOOLS += kyverno=v1.10.1 +# https://github.com/mikefarah/yq/releases +TOOLS += yq=v4.34.1 +# https://github.com/ko-build/ko/releases +TOOLS += ko=0.14.1 +# https://github.com/protocolbuffers/protobuf/releases +TOOLS += protoc=23.4 + +### go packages +# https://pkg.go.dev/sigs.k8s.io/controller-tools/cmd/controller-gen?tab=versions +TOOLS += controller-gen=v0.13.0 +# https://pkg.go.dev/golang.org/x/tools/cmd/goimports?tab=versions +TOOLS += goimports=v0.14.0 +# https://pkg.go.dev/github.com/google/go-licenses/licenses?tab=versions +TOOLS += go-licenses=v1.6.0 +# https://pkg.go.dev/gotest.tools/gotestsum?tab=versions +TOOLS += gotestsum=v1.11.0 +# https://pkg.go.dev/sigs.k8s.io/kustomize/kustomize/v4?tab=versions +TOOLS += kustomize=v4.5.7 +# https://pkg.go.dev/github.com/itchyny/gojq?tab=versions +TOOLS += gojq=v0.12.13 +# https://pkg.go.dev/github.com/google/go-containerregistry/pkg/crane?tab=versions +TOOLS += crane=v0.16.1 +# https://pkg.go.dev/google.golang.org/protobuf/cmd/protoc-gen-go?tab=versions +TOOLS += protoc-gen-go=v1.31.0 +# https://pkg.go.dev/github.com/norwoodj/helm-docs/cmd/helm-docs?tab=versions +TOOLS += helm-docs=v1.11.2 +# https://pkg.go.dev/github.com/sigstore/cosign/v2/cmd/cosign?tab=versions +TOOLS += cosign=v2.2.0 +# https://pkg.go.dev/github.com/cert-manager/boilersuite?tab=versions +TOOLS += boilersuite=v0.1.0 +# https://pkg.go.dev/github.com/princjef/gomarkdoc/cmd/gomarkdoc?tab=versions +TOOLS += gomarkdoc=v1.1.0 +# https://pkg.go.dev/oras.land/oras/cmd/oras?tab=versions +TOOLS += oras=v1.1.0 +# https://pkg.go.dev/github.com/onsi/ginkgo/v2/ginkgo?tab=versions +TOOLS += ginkgo=$(shell awk '/ginkgo\/v2/ {print $$2}' go.mod) +# https://pkg.go.dev/github.com/go418/klone?tab=versions +TOOLS += klone=v0.0.1-alpha.1 + +# https://pkg.go.dev/k8s.io/code-generator/cmd?tab=versions +K8S_CODEGEN_VERSION=v0.28.2 + +# https://github.com/kubernetes-sigs/kubebuilder/blob/tools-releases/build/cloudbuild_tools.yaml +KUBEBUILDER_ASSETS_VERSION=1.28.0 +TOOLS += etcd=$(KUBEBUILDER_ASSETS_VERSION) +TOOLS += kube-apiserver=$(KUBEBUILDER_ASSETS_VERSION) + +# https://go.dev/dl/ +VENDORED_GO_VERSION := $(shell awk '/^go / {print $$2}' go.mod) + +# When switching branches which use different versions of the tools, we +# need a way to re-trigger the symlinking from $(bin_dir)/downloaded to $(bin_dir)/tools. +$(bin_dir)/scratch/%_VERSION: FORCE | $(bin_dir)/scratch + @test "$($*_VERSION)" == "$(shell cat $@ 2>/dev/null)" || echo $($*_VERSION) > $@ + +# --silent = don't print output like progress meters +# --show-error = but do print errors when they happen +# --fail = exit with a nonzero error code without the response from the server when there's an HTTP error +# --location = follow redirects from the server +# --retry = the number of times to retry a failed attempt to connect +# --retry-connrefused = retry even if the initial connection was refused +CURL = curl --silent --show-error --fail --location --retry 10 --retry-connrefused + +# In Prow, the pod has the folder "$(bin_dir)/downloaded" mounted into the +# container. For some reason, even though the permissions are correct, +# binaries that are mounted with hostPath can't be executed. When in CI, we +# copy the binaries to work around that. Using $(LN) is only required when +# dealing with binaries. Other files and folders can be symlinked. +# +# Details on how "$(bin_dir)/downloaded" gets cached are available in the +# description of the PR https://github.com/jetstack/testing/pull/651. +# +# We use "printenv CI" instead of just "ifeq ($(CI),)" because otherwise we +# would get "warning: undefined variable 'CI'". +ifeq ($(shell printenv CI),) +LN := ln -f -s +else +LN := cp -f -r +endif + +UC = $(shell echo '$1' | tr a-z A-Z) +LC = $(shell echo '$1' | tr A-Z a-z) + +TOOL_NAMES := + +# for each item `xxx` in the TOOLS variable: +# - a $(XXX_VERSION) variable is generated +# -> this variable contains the version of the tool +# - a $(NEEDS_XXX) variable is generated +# -> this variable contains the target name for the tool, +# which is the relative path of the binary, this target +# should be used when adding the tool as a dependency to +# your target, you can't use $(XXX) as a dependency because +# make does not support an absolute path as a dependency +# - a $(XXX) variable is generated +# -> this variable contains the absolute path of the binary, +# the absolute path should be used when executing the binary +# in targets or in scripts, because it is agnostic to the +# working directory +# - an unversioned target $(bin_dir)/tools/xxx is generated that +# creates a copy/ link to the corresponding versioned target: +# $(bin_dir)/tools/xxx@$(XXX_VERSION)_$(HOST_OS)_$(HOST_ARCH) +define tool_defs +TOOL_NAMES += $1 + +$(call UC,$1)_VERSION ?= $2 +NEEDS_$(call UC,$1) := $$(bin_dir)/tools/$1 +$(call UC,$1) := $$(CURDIR)/$$(bin_dir)/tools/$1 + +$$(bin_dir)/tools/$1: $$(bin_dir)/scratch/$(call UC,$1)_VERSION | $$(bin_dir)/downloaded/tools/$1@$$($(call UC,$1)_VERSION)_$$(HOST_OS)_$$(HOST_ARCH) $$(bin_dir)/tools + cd $$(dir $$@) && $$(LN) $$(patsubst $$(bin_dir)/%,../%,$$(word 1,$$|)) $$(notdir $$@) + @touch $$@ # making sure the target of the symlink is newer than *_VERSION +endef + +$(foreach TOOL,$(TOOLS),$(eval $(call tool_defs,$(word 1,$(subst =, ,$(TOOL))),$(word 2,$(subst =, ,$(TOOL)))))) + +TOOLS_PATHS := $(TOOL_NAMES:%=$(bin_dir)/tools/%) + +###### +# Go # +###### + +# $(NEEDS_GO) is a target that is set as an order-only prerequisite in +# any target that calls $(GO), e.g.: +# +# $(bin_dir)/tools/crane: $(NEEDS_GO) +# $(GO) build -o $(bin_dir)/tools/crane +# +# $(NEEDS_GO) is empty most of the time, except when running "make vendor-go" +# or when "make vendor-go" was previously run, in which case $(NEEDS_GO) is set +# to $(bin_dir)/tools/go, since $(bin_dir)/tools/go is a prerequisite of +# any target depending on Go when "make vendor-go" was run. +NEEDS_GO := $(if $(findstring vendor-go,$(MAKECMDGOALS))$(shell [ -f $(bin_dir)/tools/go ] && echo yes), $(bin_dir)/tools/go,) +ifeq ($(NEEDS_GO),) +GO := go +else +export GOROOT := $(CURDIR)/$(bin_dir)/tools/goroot +export PATH := $(CURDIR)/$(bin_dir)/tools/goroot/bin:$(PATH) +GO := $(CURDIR)/$(bin_dir)/tools/go +endif + +.PHONY: vendor-go +## By default, this Makefile uses the system's Go. You can use a "vendored" +## version of Go that will get downloaded by running this command once. To +## disable vendoring, run "make unvendor-go". When vendoring is enabled, +## you will want to set the following: +## +## export PATH="$PWD/$(bin_dir)/tools:$PATH" +## export GOROOT="$PWD/$(bin_dir)/tools/goroot" +## @category [shared] Tools +vendor-go: $(bin_dir)/tools/go + +.PHONY: unvendor-go +unvendor-go: $(bin_dir)/tools/go + rm -rf $(bin_dir)/tools/go $(bin_dir)/tools/goroot + +.PHONY: which-go +## Print the version and path of go which will be used for building and +## testing in Makefile commands. Vendored go will have a path in ./bin +## @category [shared] Tools +which-go: | $(NEEDS_GO) + @$(GO) version + @echo "go binary used for above version information: $(GO)" + +# The "_" in "_go "prevents "go mod tidy" from trying to tidy the vendored +# goroot. +$(bin_dir)/tools/go: $(bin_dir)/downloaded/tools/_go-$(VENDORED_GO_VERSION)-$(HOST_OS)-$(HOST_ARCH)/goroot/bin/go $(bin_dir)/tools/goroot $(bin_dir)/scratch/VENDORED_GO_VERSION | $(bin_dir)/tools + cd $(dir $@) && $(LN) $(patsubst $(bin_dir)/%,../%,$<) . + @touch $@ # making sure the target of the symlink is newer than *_VERSION + +$(bin_dir)/tools/goroot: $(bin_dir)/downloaded/tools/_go-$(VENDORED_GO_VERSION)-$(HOST_OS)-$(HOST_ARCH)/goroot $(bin_dir)/scratch/VENDORED_GO_VERSION | $(bin_dir)/tools + @rm -rf $(bin_dir)/tools/goroot + cd $(dir $@) && $(LN) $(patsubst $(bin_dir)/%,../%,$<) . + @touch $@ # making sure the target of the symlink is newer than *_VERSION + +$(bin_dir)/downloaded/tools/_go-$(VENDORED_GO_VERSION)-%/goroot $(bin_dir)/downloaded/tools/_go-$(VENDORED_GO_VERSION)-%/goroot/bin/go: $(bin_dir)/downloaded/tools/go-$(VENDORED_GO_VERSION)-%.tar.gz + @mkdir -p $(dir $@) + rm -rf $(bin_dir)/downloaded/tools/_go-$(VENDORED_GO_VERSION)-$*/goroot + tar xzf $< -C $(bin_dir)/downloaded/tools/_go-$(VENDORED_GO_VERSION)-$* + mv $(bin_dir)/downloaded/tools/_go-$(VENDORED_GO_VERSION)-$*/go $(bin_dir)/downloaded/tools/_go-$(VENDORED_GO_VERSION)-$*/goroot + +$(bin_dir)/downloaded/tools/go-$(VENDORED_GO_VERSION)-%.tar.gz: | $(bin_dir)/downloaded/tools + $(CURL) https://go.dev/dl/go$(VENDORED_GO_VERSION).$*.tar.gz -o $@ + +################### +# go dependencies # +################### + +GO_DEPENDENCIES := +GO_DEPENDENCIES += ginkgo=github.com/onsi/ginkgo/v2/ginkgo +GO_DEPENDENCIES += controller-gen=sigs.k8s.io/controller-tools/cmd/controller-gen +GO_DEPENDENCIES += goimports=golang.org/x/tools/cmd/goimports +GO_DEPENDENCIES += go-licenses=github.com/google/go-licenses +GO_DEPENDENCIES += gotestsum=gotest.tools/gotestsum +GO_DEPENDENCIES += kustomize=sigs.k8s.io/kustomize/kustomize/v4 +GO_DEPENDENCIES += gojq=github.com/itchyny/gojq/cmd/gojq +GO_DEPENDENCIES += crane=github.com/google/go-containerregistry/cmd/crane +GO_DEPENDENCIES += protoc-gen-go=google.golang.org/protobuf/cmd/protoc-gen-go +GO_DEPENDENCIES += helm-docs=github.com/norwoodj/helm-docs/cmd/helm-docs +GO_DEPENDENCIES += cosign=github.com/sigstore/cosign/v2/cmd/cosign +GO_DEPENDENCIES += boilersuite=github.com/cert-manager/boilersuite +GO_DEPENDENCIES += gomarkdoc=github.com/princjef/gomarkdoc/cmd/gomarkdoc +GO_DEPENDENCIES += oras=oras.land/oras/cmd/oras +GO_DEPENDENCIES += klone=github.com/go418/klone + +define go_dependency +$$(bin_dir)/downloaded/tools/$1@$($(call UC,$1)_VERSION)_%: | $$(NEEDS_GO) $$(bin_dir)/downloaded/tools + GOBIN=$$(CURDIR)/$$(dir $$@) $$(GO) install $2@$($(call UC,$1)_VERSION) + @mv $$(CURDIR)/$$(dir $$@)/$1 $$@ +endef + +$(foreach GO_DEPENDENCY,$(GO_DEPENDENCIES),$(eval $(call go_dependency,$(word 1,$(subst =, ,$(GO_DEPENDENCY))),$(word 2,$(subst =, ,$(GO_DEPENDENCY)))))) + +######## +# Helm # +######## + +HELM_linux_amd64_SHA256SUM=1a7074f58ef7190f74ce6db5db0b70e355a655e2013c4d5db2317e63fa9e3dea +HELM_darwin_amd64_SHA256SUM=f487b5d8132bd2091378258a3029e33ee10f71575b2167cdfeaf6d0144d20938 +HELM_darwin_arm64_SHA256SUM=e82e0433589b1b5170807d6fec75baedba40620458510bbd30cdb9d2246415fe + +$(bin_dir)/downloaded/tools/helm@$(HELM_VERSION)_%: | $(bin_dir)/downloaded/tools + $(CURL) https://get.helm.sh/helm-$(HELM_VERSION)-$(subst _,-,$*).tar.gz -o $@.tar.gz + $(checkhash_script) $@.tar.gz $(HELM_$*_SHA256SUM) + @# O writes the specified file to stdout + tar xfO $@.tar.gz $(subst _,-,$*)/helm > $@ + chmod +x $@ + rm -f $@.tar.gz + +########### +# kubectl # +########### + +KUBECTL_linux_amd64_SHA256SUM=fba6c062e754a120bc8105cde1344de200452fe014a8759e06e4eec7ed258a09 +KUBECTL_darwin_amd64_SHA256SUM=10662b3859fe302903e5d4f665d74c243bdb3a709b120c5c49434659a81942c5 +KUBECTL_darwin_arm64_SHA256SUM=795af693fc168351132e127d75b03ace039e4bb40d67001790db77f7b7a37a7e + +$(bin_dir)/downloaded/tools/kubectl@$(KUBECTL_VERSION)_%: | $(bin_dir)/downloaded/tools + $(CURL) https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/$(subst _,/,$*)/kubectl -o $@ + $(checkhash_script) $@ $(KUBECTL_$*_SHA256SUM) + chmod +x $@ + +######## +# kind # +######## + +KIND_linux_amd64_SHA256SUM=513a7213d6d3332dd9ef27c24dab35e5ef10a04fa27274fe1c14d8a246493ded +KIND_darwin_amd64_SHA256SUM=bffd8fb2006dc89fa0d1dde5ba6bf48caacb707e4df8551528f49145ebfeb7ad +KIND_darwin_arm64_SHA256SUM=8df041a5cae55471f3b039c3c9942226eb909821af63b5677fc80904caffaabf + +$(bin_dir)/downloaded/tools/kind@$(KIND_VERSION)_%: | $(bin_dir)/downloaded/tools $(bin_dir)/tools + $(CURL) -sSfL https://github.com/kubernetes-sigs/kind/releases/download/$(KIND_VERSION)/kind-$(subst _,-,$*) -o $@ + $(checkhash_script) $@ $(KIND_$*_SHA256SUM) + chmod +x $@ + +######### +# vault # +######### + +VAULT_linux_amd64_SHA256SUM=3d5c27e35d8ed43d861e892fc7d8f888f2fda4319a36f344f8c09603fb184b50 +VAULT_darwin_amd64_SHA256SUM=5f1f9c548bffee8d843a08551aa018eb97ea15fd3215ecc8f97d6be3f15e29ba +VAULT_darwin_arm64_SHA256SUM=6d39460059b4a3ba723099c07f019af73687f3c05f4c390f155ad32127702fd4 + +$(bin_dir)/downloaded/tools/vault@$(VAULT_VERSION)_%: | $(bin_dir)/downloaded/tools + $(CURL) https://releases.hashicorp.com/vault/$(VAULT_VERSION)/vault_$(VAULT_VERSION)_$*.zip -o $@.zip + $(checkhash_script) $@.zip $(VAULT_$*_SHA256SUM) + unzip -qq -c $@.zip > $@ + chmod +x $@ + rm -f $@.zip + +######## +# azwi # +######## + +AZWI_linux_amd64_SHA256SUM=db91a0daf693909d82d5f7958bebdc8e8eb9c674f9b55acf73d8156eb2777c03 +AZWI_darwin_amd64_SHA256SUM=2fa7588a23231f7a47a34d94cc29406c8dedbfd9e3049cca40c2b3f698c5e7fd +AZWI_darwin_arm64_SHA256SUM=4a813f6b108ea1d735073788d89e186eff6291d3e00858f3b4d34db7d54fb14e + +$(bin_dir)/downloaded/tools/azwi@$(AZWI_VERSION)_%: | $(bin_dir)/downloaded/tools + $(CURL) https://github.com/Azure/azure-workload-identity/releases/download/$(AZWI_VERSION)/azwi-$(AZWI_VERSION)-$(subst _,-,$*).tar.gz -o $@.tar.gz + $(checkhash_script) $@.tar.gz $(AZWI_$*_SHA256SUM) + @# O writes the specified file to stdout + tar xfO $@.tar.gz azwi > $@ && chmod 775 $@ + rm -f $@.tar.gz + +##################### +# k8s codegen tools # +##################### + +K8S_CODEGEN_TOOLS := applyconfiguration-gen openapi-gen +K8S_CODEGEN_TOOLS_PATHS := $(K8S_CODEGEN_TOOLS:%=$(bin_dir)/tools/%) +K8S_CODEGEN_TOOLS_DOWNLOADS := $(K8S_CODEGEN_TOOLS:%=$(bin_dir)/downloaded/tools/%@$(K8S_CODEGEN_VERSION)) + +k8s-codegen-tools: $(K8S_CODEGEN_TOOLS_PATHS) + +$(K8S_CODEGEN_TOOLS_PATHS): $(bin_dir)/tools/%-gen: $(bin_dir)/scratch/K8S_CODEGEN_VERSION | $(bin_dir)/downloaded/tools/%-gen@$(K8S_CODEGEN_VERSION) $(bin_dir)/tools + cd $(dir $@) && $(LN) $(patsubst $(bin_dir)/%,../%,$(word 1,$|)) $(notdir $@) + @touch $@ # making sure the target of the symlink is newer than *_VERSION + +$(K8S_CODEGEN_TOOLS_DOWNLOADS): $(bin_dir)/downloaded/tools/%-gen@$(K8S_CODEGEN_VERSION): $(NEEDS_GO) | $(bin_dir)/downloaded/tools + GOBIN=$(CURDIR)/$(dir $@) $(GO) install k8s.io/code-generator/cmd/$(notdir $@) + @mv $(subst @$(K8S_CODEGEN_VERSION),,$@) $@ + +############################ +# kubebuilder-tools assets # +# kube-apiserver / etcd # +############################ + +KUBEBUILDER_TOOLS_linux_amd64_SHA256SUM=8c816871604cbe119ca9dd8072b576552ae369b96eebc3cdaaf50edd7e3c0c7b +KUBEBUILDER_TOOLS_darwin_amd64_SHA256SUM=a02e33a3981712c8d2702520f95357bd6c7d03d24b83a4f8ac1c89a9ba4d78c1 +KUBEBUILDER_TOOLS_darwin_arm64_SHA256SUM=c87c6b3c0aec4233e68a12dc9690bcbe2f8d6cd72c23e670602b17b2d7118325 + +$(bin_dir)/downloaded/tools/etcd@$(KUBEBUILDER_ASSETS_VERSION)_%: $(bin_dir)/downloaded/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_%.tar.gz | $(bin_dir)/downloaded/tools + $(checkhash_script) $< $(KUBEBUILDER_TOOLS_$*_SHA256SUM) + @# O writes the specified file to stdout + tar xfO $< kubebuilder/bin/etcd > $@ && chmod 775 $@ + +$(bin_dir)/downloaded/tools/kube-apiserver@$(KUBEBUILDER_ASSETS_VERSION)_%: $(bin_dir)/downloaded/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_%.tar.gz | $(bin_dir)/downloaded/tools + $(checkhash_script) $< $(KUBEBUILDER_TOOLS_$*_SHA256SUM) + @# O writes the specified file to stdout + tar xfO $< kubebuilder/bin/kube-apiserver > $@ && chmod 775 $@ + +$(bin_dir)/downloaded/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(bin_dir)/downloaded/tools + $(CURL) https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-$(KUBEBUILDER_ASSETS_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $@ + +########### +# kyverno # +########### + +KYVERNO_linux_amd64_SHA256SUM=83bc607515cf9a7324f9fe28ef498393848349ab3c75f89adbd015288ac37e02 +KYVERNO_darwin_amd64_SHA256SUM=b18c78846c2b5bf75d5fb25ad0fa01381d822fae4a1269ed31a8f04395b49d1a +KYVERNO_darwin_arm64_SHA256SUM=8a190e21aa8f56c47d12aa69abf2496f62a9ad733e186676696993175c79d851 + +$(bin_dir)/downloaded/tools/kyverno@$(KYVERNO_VERSION)_%: | $(bin_dir)/downloaded/tools + $(CURL) https://github.com/kyverno/kyverno/releases/download/$(KYVERNO_VERSION)/kyverno-cli_$(KYVERNO_VERSION)_$(subst amd64,x86_64,$*).tar.gz -fsSL -o $@.tar.gz + $(checkhash_script) $@.tar.gz $(KYVERNO_$*_SHA256SUM) + @# O writes the specified file to stdout + tar xfO $@.tar.gz kyverno > $@ + chmod +x $@ + rm -f $@.tar.gz + +###### +# yq # +###### + +YQ_linux_amd64_SHA256SUM=c5a92a572b3bd0024c7b1fe8072be3251156874c05f017c23f9db7b3254ae71a +YQ_darwin_amd64_SHA256SUM=25ccdecfd02aa37e07c985ac9612f17e5fd2c9eb40b051d43936bf3b99c9c2f5 +YQ_darwin_arm64_SHA256SUM=30e8c7c52647f26312d8709193a269ec0ba4f384712775f87241b2abdc46de85 + +$(bin_dir)/downloaded/tools/yq@$(YQ_VERSION)_%: | $(bin_dir)/downloaded/tools + $(CURL) https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_$* -o $@ + $(checkhash_script) $@ $(YQ_$*_SHA256SUM) + chmod +x $@ + +###### +# ko # +###### + +KO_linux_amd64_SHA256SUM=3f8f8e3fb4b78a4dfc0708df2b58f202c595a66c34195786f9a279ea991f4eae +KO_darwin_amd64_SHA256SUM=b879ea58255c9f2be2d4d6c4f6bd18209c78e9e0b890dbce621954ee0d63c4e5 +KO_darwin_arm64_SHA256SUM=8d41c228da3e04e3de293f0f5bfe1775a4c74582ba21c86ad32244967095189f + +$(bin_dir)/downloaded/tools/ko@$(KO_VERSION)_%: | $(bin_dir)/downloaded/tools + $(CURL) https://github.com/ko-build/ko/releases/download/v$(KO_VERSION)/ko_$(KO_VERSION)_$(subst linux,Linux,$(subst darwin,Darwin,$(subst amd64,x86_64,$*))).tar.gz -o $@.tar.gz + $(checkhash_script) $@.tar.gz $(KO_$*_SHA256SUM) + tar xfO $@.tar.gz ko > $@ + chmod +x $@ + rm -f $@.tar.gz + +########## +# protoc # +########## + +PROTOC_linux_amd64_SHA256SUM=0502f286ac9ed860b629a7965a14527b1f2dd131e4283fa23c2d7f184672aa9a +PROTOC_darwin_amd64_SHA256SUM=07e5fdcf1b0708d3367dc5e6eb8d135de7e407d75316c93155cfd8ab362eec80 +PROTOC_darwin_arm64_SHA256SUM=8c7afae8626b6811e7b5897d16d940c2dbf50b1e135ed958a01db6566bdda726 + +$(bin_dir)/downloaded/tools/protoc@$(PROTOC_VERSION)_%: | $(bin_dir)/downloaded/tools + $(CURL) https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/protoc-$(PROTOC_VERSION)-$(subst darwin,osx,$(subst arm64,aarch_64,$(subst amd64,x86_64,$(subst _,-,$*)))).zip -o $@.zip + $(checkhash_script) $@.zip $(PROTOC_$*_SHA256SUM) + unzip -qq -c $@.zip bin/protoc > $@ + chmod +x $@ + rm -f $@.zip + +################# +# Other Targets # +################# + +# Although we "vendor" most tools in $(bin_dir)/tools, we still require some binaries +# to be available on the system. The vendor-go MAKECMDGOALS trick prevents the +# check for the presence of Go when 'make vendor-go' is run. + +# Gotcha warning: MAKECMDGOALS only contains what the _top level_ make invocation used, and doesn't look at target dependencies +# i.e. if we have a target "abc: vendor-go test" and run "make abc", we'll get an error +# about go being missing even though abc itself depends on vendor-go! +# That means we need to pass vendor-go at the top level if go is not installed (i.e. "make vendor-go abc") + +MISSING=$(shell (command -v curl >/dev/null || echo curl) \ + && (command -v sha256sum >/dev/null || echo sha256sum) \ + && (command -v git >/dev/null || echo git) \ + && ([ -n "$(findstring vendor-go,$(MAKECMDGOALS),)" ] \ + || command -v $(GO) >/dev/null || echo "$(GO) (or run 'make vendor-go')") \ + && (command -v $(CTR) >/dev/null || echo "$(CTR) (or set CTR to a docker-compatible tool)")) +ifneq ($(MISSING),) +$(error Missing required tools: $(MISSING)) +endif + +.PHONY: tools +## Download and setup all tools +## @category [shared] Tools +tools: $(TOOLS_PATHS) $(K8S_CODEGEN_TOOLS_PATHS) + +self_file := $(dir $(lastword $(MAKEFILE_LIST)))/00_mod.mk + +.PHONY: tools-learn-sha +## re-download all tools and learn the sha values, useful after upgrading +## @category [shared] Tools +tools-learn-sha: + rm -rf ./_bin/ + mkdir -p ./_bin/scratch/ + $(eval export LEARN_FILE=$(CURDIR)/$(bin_dir)/scratch/learn_file) + echo -n "" > "$(LEARN_FILE)" + + HOST_OS=linux HOST_ARCH=amd64 $(MAKE) tools + HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) tools + HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) tools + + while read p; do \ + sed -i "$$p" $(self_file); \ + done <"$(LEARN_FILE)" diff --git a/make/_shared/tools/util/checkhash.sh b/make/_shared/tools/util/checkhash.sh new file mode 100755 index 00000000..1787cb28 --- /dev/null +++ b/make/_shared/tools/util/checkhash.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash + +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -eu -o pipefail + +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" + +# This script takes the hash of its first argument and verifies it against the +# hex hash given in its second argument + +SHASUM=$("${SCRIPT_DIR}/hash.sh" "$1") + +# When running 'make learn-sha-tools', we don't want this script to fail. +# Instead we log what sha values are wrong, so the make.mk file can be updated. +if [ "$SHASUM" != "$2" ] && [ "${LEARN_FILE:-}" != "" ]; then + echo "s/$2/$SHASUM/g" >> "${LEARN_FILE:-}" + exit 0 +fi + +if [ "$SHASUM" != "$2" ]; then + echo "invalid checksum for \"$1\": wanted \"$2\" but got \"$SHASUM\"" + exit 1 +fi diff --git a/hack/boilerplate/boilerplate.Makefile.txt b/make/_shared/tools/util/hash.sh old mode 100644 new mode 100755 similarity index 70% rename from hack/boilerplate/boilerplate.Makefile.txt rename to make/_shared/tools/util/hash.sh index 0a45273f..91d84fe4 --- a/hack/boilerplate/boilerplate.Makefile.txt +++ b/make/_shared/tools/util/hash.sh @@ -1,4 +1,6 @@ -# Copyright YEAR The cert-manager Authors. +#!/usr/bin/env bash + +# Copyright 2023 The cert-manager Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,3 +14,9 @@ # See the License for the specific language governing permissions and # limitations under the License. +set -eu -o pipefail + +# This script is a wrapper for outputting purely the sha256 hash of the input file, +# ideally in a portable way. + +sha256sum "$1" | cut -d" " -f1 diff --git a/hack/boilerplate/boilerplate.go.txt b/make/boilerplate/boilerplate.go.txt similarity index 92% rename from hack/boilerplate/boilerplate.go.txt rename to make/boilerplate/boilerplate.go.txt index b2bca057..f0214588 100644 --- a/hack/boilerplate/boilerplate.go.txt +++ b/make/boilerplate/boilerplate.go.txt @@ -1,5 +1,5 @@ /* -Copyright YEAR The cert-manager Authors. +Copyright The cert-manager Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -12,5 +12,4 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -*/ - +*/ \ No newline at end of file diff --git a/make/config/kind/cluster.yaml b/make/config/kind/cluster.yaml new file mode 100644 index 00000000..507f1f9e --- /dev/null +++ b/make/config/kind/cluster.yaml @@ -0,0 +1,19 @@ +apiVersion: kind.x-k8s.io/v1alpha4 +kind: Cluster +kubeadmConfigPatches: + - | + kind: ClusterConfiguration + metadata: + name: config + etcd: + local: + extraArgs: + unsafe-no-fsync: "true" + networking: + serviceSubnet: 10.0.0.0/16 +nodes: +- role: control-plane + + extraMounts: + - hostPath: {{KIND_IMAGES}} + containerPath: /mounted_images diff --git a/make/test-smoke.mk b/make/test-smoke.mk new file mode 100644 index 00000000..3651af2f --- /dev/null +++ b/make/test-smoke.mk @@ -0,0 +1,62 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +.PHONY: smoke-setup-cert-manager +smoke-setup-cert-manager: | kind-cluster $(NEEDS_HELM) $(NEEDS_KUBECTL) + $(HELM) upgrade \ + --install \ + --create-namespace \ + --wait \ + --version $(quay.io/jetstack/cert-manager-controller.TAG) \ + --namespace cert-manager \ + --repo https://charts.jetstack.io \ + --set installCRDs=true \ + --set extraArgs={--controllers='*\,-certificaterequests-approver'} \ + --set image.repository=$(quay.io/jetstack/cert-manager-controller.REPO) \ + --set image.tag=$(quay.io/jetstack/cert-manager-controller.TAG) \ + --set image.pullPolicy=Never \ + --set cainjector.image.repository=$(quay.io/jetstack/cert-manager-cainjector.REPO) \ + --set cainjector.image.tag=$(quay.io/jetstack/cert-manager-cainjector.TAG) \ + --set cainjector.image.pullPolicy=Never \ + --set webhook.image.repository=$(quay.io/jetstack/cert-manager-webhook.REPO) \ + --set webhook.image.tag=$(quay.io/jetstack/cert-manager-webhook.TAG) \ + --set webhook.image.pullPolicy=Never \ + --set startupapicheck.image.repository=$(quay.io/jetstack/cert-manager-ctl.REPO) \ + --set startupapicheck.image.tag=$(quay.io/jetstack/cert-manager-ctl.TAG) \ + --set startupapicheck.image.pullPolicy=Never \ + cert-manager cert-manager >/dev/null + +# The "install" target can be run on its own with any currently active cluster, +# we can't use any other cluster then a target containing "test-smoke" is run. +# When a "test-smoke" target is run, the currently active cluster must be the kind +# cluster created by the "kind-cluster" target. +ifeq ($(findstring test-smoke,$(MAKECMDGOALS)),test-smoke) +install: kind-cluster oci-load-manager +endif + +test-smoke-deps: INSTALL_OPTIONS := +test-smoke-deps: INSTALL_OPTIONS += --set image.repository=$(oci_manager_image_name_development) +test-smoke-deps: smoke-setup-cert-manager +test-smoke-deps: cert_manager_crds +test-smoke-deps: install + +.PHONY: test-smoke +## Smoke end-to-end tests +## @category Testing +test-smoke: test-smoke-deps | kind-cluster $(NEEDS_GINKGO) + $(GINKGO) \ + ./test/smoke/ \ + -ldflags $(go_manager_ldflags) \ + -- \ + --kubeconfig-path $(CURDIR)/$(kind_kubeconfig) diff --git a/make/test-unit.mk b/make/test-unit.mk new file mode 100644 index 00000000..08f2640a --- /dev/null +++ b/make/test-unit.mk @@ -0,0 +1,30 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +cert_manager_crds: $(bin_dir)/scratch/test-crds/cert-manager-crds.yaml +$(bin_dir)/scratch/test-crds/cert-manager-crds.yaml: | $(bin_dir)/scratch + mkdir -p $(dir $@) + curl -sSLo $@ https://github.com/cert-manager/cert-manager/releases/download/$(shell curl --silent "https://api.github.com/repos/cert-manager/cert-manager/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')/cert-manager.crds.yaml + +.PHONY: test-unit +## Unit tests +## @category Testing +test-unit: cert_manager_crds | $(NEEDS_GINKGO) $(NEEDS_ETCD) $(NEEDS_KUBE-APISERVER) $(NEEDS_KUBECTL) + KUBEBUILDER_ASSETS=$(CURDIR)/$(bin_dir)/tools \ + ROOTDIR=$(CURDIR) \ + $(GINKGO) \ + ./cmd/... ./pkg/... \ + -procs=1 \ + -v \ + -ldflags $(go_manager_ldflags) diff --git a/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go index 09c6dc2a..3235b41a 100644 --- a/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go @@ -1,7 +1,7 @@ //go:build !ignore_autogenerated /* -Copyright The cert-manager Authors. +Copyright The cert-manager Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/pkg/internal/approver/manager/predicate/predicate_test.go b/pkg/internal/approver/manager/predicate/predicate_test.go index aba8f24d..8744ed73 100644 --- a/pkg/internal/approver/manager/predicate/predicate_test.go +++ b/pkg/internal/approver/manager/predicate/predicate_test.go @@ -45,7 +45,7 @@ func Test_RBACBound(t *testing.T) { rootDir := env.RootDirOrSkip(t) env := env.RunControlPlane(t, ctx, - filepath.Join(rootDir, "_bin/cert-manager"), + filepath.Join(rootDir, "_bin/scratch/test-crds"), filepath.Join(rootDir, "deploy/charts/approver-policy/templates/crds"), ) diff --git a/pkg/internal/approver/manager/review_test.go b/pkg/internal/approver/manager/review_test.go index 828192a3..2b28da5a 100644 --- a/pkg/internal/approver/manager/review_test.go +++ b/pkg/internal/approver/manager/review_test.go @@ -43,7 +43,7 @@ func Test_Review(t *testing.T) { rootDir := env.RootDirOrSkip(t) env := env.RunControlPlane(t, ctx, - filepath.Join(rootDir, "_bin/cert-manager"), + filepath.Join(rootDir, "_bin/scratch/test-crds"), filepath.Join(rootDir, "deploy/charts/approver-policy/templates/crds"), ) diff --git a/pkg/internal/controllers/test/controllers_test.go b/pkg/internal/controllers/test/controllers_test.go index 82c5709f..56024844 100644 --- a/pkg/internal/controllers/test/controllers_test.go +++ b/pkg/internal/controllers/test/controllers_test.go @@ -35,7 +35,7 @@ func Test_Controllers(t *testing.T) { rootDir := testenv.RootDirOrSkip(t) env = testenv.RunControlPlane(t, ctx, - filepath.Join(rootDir, "_bin/cert-manager"), + filepath.Join(rootDir, "_bin/scratch/test-crds"), filepath.Join(rootDir, "deploy/charts/approver-policy/templates/crds"), ) testenv.RunSuite(t, "approver-policy-controllers", "../../../../_artifacts") diff --git a/pkg/internal/version/version.go b/pkg/internal/version/version.go new file mode 100644 index 00000000..69290929 --- /dev/null +++ b/pkg/internal/version/version.go @@ -0,0 +1,41 @@ +package version + +import ( + "fmt" + "os" + "runtime" +) + +func init() { + if AppVersion == "" || GitCommit == "" { + fmt.Fprintf(os.Stderr, "warning: AppVersion or GitCommit not set, this binary was built without -ldflags \"-X internal/version.AppVersion=... -X internal/version.GitCommit=...\"\n") + } +} + +type Version struct { + AppVersion string `json:"appVersion"` + GitCommit string `json:"gitCommit"` + GoVersion string `json:"goVersion"` + Compiler string `json:"compiler"` + Platform string `json:"platform"` +} + +// This variable block holds information used to build up the version string +var ( + AppVersion = "" + GitCommit = "" +) + +func VersionInfo() Version { + return Version{ + AppVersion: AppVersion, + GitCommit: GitCommit, + GoVersion: runtime.Version(), + Compiler: runtime.Compiler, + Platform: fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH), + } +} + +func (v Version) UserAgent() string { + return fmt.Sprintf("venafi-enhanced-issuer/%s", v.AppVersion) +}