From 89a4058fd809d83fecd93affe1b4c8f74b7723ec Mon Sep 17 00:00:00 2001 From: Deepak Gupta <70094361+yoursnerdly@users.noreply.github.com> Date: Tue, 7 Jan 2025 10:02:05 -0500 Subject: [PATCH] ENG-14743: Fix repo level policy examples (#605) * ENG-14743: Fix repo level policy examples * bump dependencies * update changelog * fix release date --- CHANGELOG.md | 14 ++++- docs/guides/repo_level_policy.md | 16 ++--- docs/resources/rego_policy_instance.md | 63 +++++++++++++++---- .../repo_level_policies/data_firewall.tf | 2 +- .../repo_level_policies/data_masking.tf | 2 +- .../repo_level_policies/data_protection.tf | 2 +- .../guides/repo_level_policies/rate_limit.tf | 2 +- .../guides/repo_level_policies/read_limit.tf | 2 +- .../repository_protection.tf | 2 +- .../service_account_abuse.tf | 2 +- .../repo_level_policies/user_segmentation.tf | 2 +- .../cyral_rego_policy_instance/resource.tf | 63 +++++++++++++++---- go.mod | 20 +++--- go.sum | 56 ++++++++--------- 14 files changed, 168 insertions(+), 80 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2bc63ab8..13efce8d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,13 @@ +## 4.16.1 (January 7, 2025) + +### Improvements: + +- ENG-14743: Bump all dependencies ([#605](https://github.com/cyralinc/terraform-provider-cyral/pull/605)) + +### Documentation: + +- ENG-14743: Fix repo level policy examples ([#605](https://github.com/cyralinc/terraform-provider-cyral/pull/605)) + ## 4.16.0 (January 2, 2025) It is safe to use this version with all `v4` control planes as long @@ -11,11 +21,11 @@ Data source incompatible with control planes previous to `v4.18`: - `cyral_policy_wizards` -## Features: +### Features: - ENG-14612: Implement cyral_policy_wizards datasource ([#593](https://github.com/cyralinc/terraform-provider-cyral/pull/593)) -## Improvements: +### Improvements: - Bump golang.org/x/crypto from 0.30.0 to 0.31.0 ([#590](https://github.com/cyralinc/terraform-provider-cyral/pull/590)) - Bump google.golang.org/grpc from 1.68.1 to 1.69.0 ([#592](https://github.com/cyralinc/terraform-provider-cyral/pull/592)) diff --git a/docs/guides/repo_level_policy.md b/docs/guides/repo_level_policy.md index 472c559b..698918f1 100644 --- a/docs/guides/repo_level_policy.md +++ b/docs/guides/repo_level_policy.md @@ -36,7 +36,7 @@ resource "cyral_policy_set" "data_firewall_policy" { name = "data firewall policy" description = "Returns only data where finance.cards.country = 'US' in table 'finance.cards' for users not in 'Admin' group" wizard_id = "data-firewall" - parameters = jsonencode( + wizard_parameters = jsonencode( { "dataset" = "finance.cards" "dataFilter" = " finance.cards.country = 'US' " @@ -74,7 +74,7 @@ resource "cyral_policy_set" "data_masking_policy" { name = "data masking policy" description = "Apply null masking to any data labeled as CCN for users in group 'Marketing'" wizard_id = "data-masking" - parameters = jsonencode( + wizard_parameters = jsonencode( { "maskType" = "null" "labels" = ["CCN"] @@ -111,7 +111,7 @@ resource "cyral_policy_set" "data_protection_policy" { name = "data protection policy" description = "Raise an alert and block updates and deletes on label CCN" wizard_id = "data-protection" - parameters = jsonencode( + wizard_parameters = jsonencode( { "block" = true "alertSeverity" = "high" @@ -150,7 +150,7 @@ resource "cyral_policy_set" "rate_limit_policy" { name = "rate limit policy" description = "Raise an alert and set a rate limit of 500 rows per hour for group 'Marketing' and any data labeled as CCN" wizard_id = "rate-limit" - parameters = jsonencode( + wizard_parameters = jsonencode( { "rateLimit" = 500 "enforce" = true @@ -189,7 +189,7 @@ resource "cyral_policy_set" "read_limit_policy" { name = "read limit policy" description = "Limits to 100 the amount of rows that can be read per query on the entire repository for group 'Devs'" wizard_id = "read-limit" - parameters = jsonencode( + wizard_parameters = jsonencode( { "rowLimit" = 100 "enforce" = true @@ -226,7 +226,7 @@ resource "cyral_policy_set" "repository_protection_policy" { name = "repository protection policy" description = "Alert if more than 100 rows are updated or deleted per query on all repository data by anyone except group 'Admin'" wizard_id = "repository-protection" - parameters = jsonencode( + wizard_parameters = jsonencode( { "rowLimit" = 100 "datasets" = "*" @@ -263,7 +263,7 @@ resource "cyral_policy_set" "service_account_abuse_policy" { name = "service account abuse policy" description = "Alert and block whenever the service accounts john is used without end user attribution" wizard_id = "service-account-abuse" - parameters = jsonencode( + wizard_parameters = jsonencode( { "block" = true "alertSeverity" = "high" @@ -300,7 +300,7 @@ resource "cyral_policy_set" "user_segmentation_policy" { name = "user segmentation policy" description = "Filter table 'finance.cards' when users in group 'Marketing' read label CCN, returning only data where finance.cards.country = 'US'" wizard_id = "user-segmentation" - parameters = jsonencode( + wizard_parameters = jsonencode( { "dataset" = "finance.cards" "dataFilter" = " finance.cards.country = 'US' " diff --git a/docs/resources/rego_policy_instance.md b/docs/resources/rego_policy_instance.md index b62367b7..65e9d8de 100644 --- a/docs/resources/rego_policy_instance.md +++ b/docs/resources/rego_policy_instance.md @@ -11,11 +11,24 @@ Manages a Rego Policy instance. ```terraform ### Global rego policy instance resource "cyral_rego_policy_instance" "policy" { - name = "some-rate-limit-policy" + name = "User Management" category = "SECURITY" - description = "Some policy description." - template_id = "rate-limit" - parameters = "{\"rateLimit\":7,\"labels\":[\"EMAIL\"],\"alertSeverity\":\"high\",\"block\":false,\"identities\":{\"included\":{\"groups\":[\"analysts\"]}},\"dbAccounts\":{\"included\":[\"admin\"]}}" + description = "Policy to govern user management operations" + template_id = "object-protection" + parameters = jsonencode( + { + "objectType" = "role/user" + "block" = true + "monitorCreates" = true + "monitorAlters" = true + "monitorDrops" = true + "identities" = { + "excluded" = { + "groups" = ["dba"] + } + } + } + ) enabled = true tags = ["tag1", "tag2"] } @@ -40,11 +53,24 @@ resource "cyral_repository" "repo" { } resource "cyral_rego_policy_instance" "policy" { - name = "some-data-masking-policy" + name = "User Management" category = "SECURITY" - description = "Some policy description." - template_id = "data-masking" - parameters = "{\"labels\":[\"ADDRESS\"],\"maskType\":\"NULL_MASK\"}" + description = "Policy to govern user management operations" + template_id = "object-protection" + parameters = jsonencode( + { + "objectType" = "role/user" + "block" = true + "monitorCreates" = true + "monitorAlters" = true + "monitorDrops" = true + "identities" = { + "excluded" = { + "groups" = ["dba"] + } + } + } + ) enabled = true scope { repo_ids = [cyral_repository.repo.id] @@ -54,11 +80,24 @@ resource "cyral_rego_policy_instance" "policy" { ### Rego policy instance with duration resource "cyral_rego_policy_instance" "policy" { - name = "some-data-masking-policy" + name = "User Management" category = "SECURITY" - description = "Some policy description." - template_id = "data-masking" - parameters = "{\"labels\":[\"ADDRESS\"],\"maskType\":\"NULL_MASK\"}" + description = "Policy to govern user management operations" + template_id = "object-protection" + parameters = jsonencode( + { + "objectType" = "role/user" + "block" = true + "monitorCreates" = true + "monitorAlters" = true + "monitorDrops" = true + "identities" = { + "excluded" = { + "groups" = ["dba"] + } + } + } + ) enabled = true tags = ["tag1", "tag2"] duration = "10s" diff --git a/examples/guides/repo_level_policies/data_firewall.tf b/examples/guides/repo_level_policies/data_firewall.tf index 73bcbf31..2bb8365a 100644 --- a/examples/guides/repo_level_policies/data_firewall.tf +++ b/examples/guides/repo_level_policies/data_firewall.tf @@ -16,7 +16,7 @@ resource "cyral_policy_set" "data_firewall_policy" { name = "data firewall policy" description = "Returns only data where finance.cards.country = 'US' in table 'finance.cards' for users not in 'Admin' group" wizard_id = "data-firewall" - parameters = jsonencode( + wizard_parameters = jsonencode( { "dataset" = "finance.cards" "dataFilter" = " finance.cards.country = 'US' " diff --git a/examples/guides/repo_level_policies/data_masking.tf b/examples/guides/repo_level_policies/data_masking.tf index 61ed9dfe..8a0aa34d 100644 --- a/examples/guides/repo_level_policies/data_masking.tf +++ b/examples/guides/repo_level_policies/data_masking.tf @@ -15,7 +15,7 @@ resource "cyral_policy_set" "data_masking_policy" { name = "data masking policy" description = "Apply null masking to any data labeled as CCN for users in group 'Marketing'" wizard_id = "data-masking" - parameters = jsonencode( + wizard_parameters = jsonencode( { "maskType" = "null" "labels" = ["CCN"] diff --git a/examples/guides/repo_level_policies/data_protection.tf b/examples/guides/repo_level_policies/data_protection.tf index 1721ab06..5c2129ef 100644 --- a/examples/guides/repo_level_policies/data_protection.tf +++ b/examples/guides/repo_level_policies/data_protection.tf @@ -15,7 +15,7 @@ resource "cyral_policy_set" "data_protection_policy" { name = "data protection policy" description = "Raise an alert and block updates and deletes on label CCN" wizard_id = "data-protection" - parameters = jsonencode( + wizard_parameters = jsonencode( { "block" = true "alertSeverity" = "high" diff --git a/examples/guides/repo_level_policies/rate_limit.tf b/examples/guides/repo_level_policies/rate_limit.tf index 604997cb..bab0e38a 100644 --- a/examples/guides/repo_level_policies/rate_limit.tf +++ b/examples/guides/repo_level_policies/rate_limit.tf @@ -16,7 +16,7 @@ resource "cyral_policy_set" "rate_limit_policy" { name = "rate limit policy" description = "Raise an alert and set a rate limit of 500 rows per hour for group 'Marketing' and any data labeled as CCN" wizard_id = "rate-limit" - parameters = jsonencode( + wizard_parameters = jsonencode( { "rateLimit" = 500 "enforce" = true diff --git a/examples/guides/repo_level_policies/read_limit.tf b/examples/guides/repo_level_policies/read_limit.tf index be8f8035..7ae21191 100644 --- a/examples/guides/repo_level_policies/read_limit.tf +++ b/examples/guides/repo_level_policies/read_limit.tf @@ -16,7 +16,7 @@ resource "cyral_policy_set" "read_limit_policy" { name = "read limit policy" description = "Limits to 100 the amount of rows that can be read per query on the entire repository for group 'Devs'" wizard_id = "read-limit" - parameters = jsonencode( + wizard_parameters = jsonencode( { "rowLimit" = 100 "enforce" = true diff --git a/examples/guides/repo_level_policies/repository_protection.tf b/examples/guides/repo_level_policies/repository_protection.tf index f7fc3736..41e62fec 100644 --- a/examples/guides/repo_level_policies/repository_protection.tf +++ b/examples/guides/repo_level_policies/repository_protection.tf @@ -15,7 +15,7 @@ resource "cyral_policy_set" "repository_protection_policy" { name = "repository protection policy" description = "Alert if more than 100 rows are updated or deleted per query on all repository data by anyone except group 'Admin'" wizard_id = "repository-protection" - parameters = jsonencode( + wizard_parameters = jsonencode( { "rowLimit" = 100 "datasets" = "*" diff --git a/examples/guides/repo_level_policies/service_account_abuse.tf b/examples/guides/repo_level_policies/service_account_abuse.tf index f3250f1f..14277ca1 100644 --- a/examples/guides/repo_level_policies/service_account_abuse.tf +++ b/examples/guides/repo_level_policies/service_account_abuse.tf @@ -15,7 +15,7 @@ resource "cyral_policy_set" "service_account_abuse_policy" { name = "service account abuse policy" description = "Alert and block whenever the service accounts john is used without end user attribution" wizard_id = "service-account-abuse" - parameters = jsonencode( + wizard_parameters = jsonencode( { "block" = true "alertSeverity" = "high" diff --git a/examples/guides/repo_level_policies/user_segmentation.tf b/examples/guides/repo_level_policies/user_segmentation.tf index e3adb4b3..853a01cf 100644 --- a/examples/guides/repo_level_policies/user_segmentation.tf +++ b/examples/guides/repo_level_policies/user_segmentation.tf @@ -16,7 +16,7 @@ resource "cyral_policy_set" "user_segmentation_policy" { name = "user segmentation policy" description = "Filter table 'finance.cards' when users in group 'Marketing' read label CCN, returning only data where finance.cards.country = 'US'" wizard_id = "user-segmentation" - parameters = jsonencode( + wizard_parameters = jsonencode( { "dataset" = "finance.cards" "dataFilter" = " finance.cards.country = 'US' " diff --git a/examples/resources/cyral_rego_policy_instance/resource.tf b/examples/resources/cyral_rego_policy_instance/resource.tf index a93866ac..c3cbf5cd 100644 --- a/examples/resources/cyral_rego_policy_instance/resource.tf +++ b/examples/resources/cyral_rego_policy_instance/resource.tf @@ -1,10 +1,23 @@ ### Global rego policy instance resource "cyral_rego_policy_instance" "policy" { - name = "some-rate-limit-policy" + name = "User Management" category = "SECURITY" - description = "Some policy description." - template_id = "rate-limit" - parameters = "{\"rateLimit\":7,\"labels\":[\"EMAIL\"],\"alertSeverity\":\"high\",\"block\":false,\"identities\":{\"included\":{\"groups\":[\"analysts\"]}},\"dbAccounts\":{\"included\":[\"admin\"]}}" + description = "Policy to govern user management operations" + template_id = "object-protection" + parameters = jsonencode( + { + "objectType" = "role/user" + "block" = true + "monitorCreates" = true + "monitorAlters" = true + "monitorDrops" = true + "identities" = { + "excluded" = { + "groups" = ["dba"] + } + } + } + ) enabled = true tags = ["tag1", "tag2"] } @@ -29,11 +42,24 @@ resource "cyral_repository" "repo" { } resource "cyral_rego_policy_instance" "policy" { - name = "some-data-masking-policy" + name = "User Management" category = "SECURITY" - description = "Some policy description." - template_id = "data-masking" - parameters = "{\"labels\":[\"ADDRESS\"],\"maskType\":\"NULL_MASK\"}" + description = "Policy to govern user management operations" + template_id = "object-protection" + parameters = jsonencode( + { + "objectType" = "role/user" + "block" = true + "monitorCreates" = true + "monitorAlters" = true + "monitorDrops" = true + "identities" = { + "excluded" = { + "groups" = ["dba"] + } + } + } + ) enabled = true scope { repo_ids = [cyral_repository.repo.id] @@ -43,11 +69,24 @@ resource "cyral_rego_policy_instance" "policy" { ### Rego policy instance with duration resource "cyral_rego_policy_instance" "policy" { - name = "some-data-masking-policy" + name = "User Management" category = "SECURITY" - description = "Some policy description." - template_id = "data-masking" - parameters = "{\"labels\":[\"ADDRESS\"],\"maskType\":\"NULL_MASK\"}" + description = "Policy to govern user management operations" + template_id = "object-protection" + parameters = jsonencode( + { + "objectType" = "role/user" + "block" = true + "monitorCreates" = true + "monitorAlters" = true + "monitorDrops" = true + "identities" = { + "excluded" = { + "groups" = ["dba"] + } + } + } + ) enabled = true tags = ["tag1", "tag2"] duration = "10s" diff --git a/go.mod b/go.mod index a61af808..b23720e0 100644 --- a/go.mod +++ b/go.mod @@ -13,8 +13,8 @@ require ( github.com/hashicorp/terraform-plugin-log v0.9.0 github.com/hashicorp/terraform-plugin-sdk/v2 v2.35.0 github.com/stretchr/testify v1.10.0 - golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 - golang.org/x/oauth2 v0.24.0 + golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8 + golang.org/x/oauth2 v0.25.0 google.golang.org/grpc v1.69.2 google.golang.org/protobuf v1.36.1 ) @@ -51,7 +51,7 @@ require ( github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/go-version v1.7.0 // indirect - github.com/hashicorp/hc-install v0.9.0 // indirect + github.com/hashicorp/hc-install v0.9.1 // indirect github.com/hashicorp/hcl/v2 v2.23.0 // indirect github.com/hashicorp/logutils v1.0.0 // indirect github.com/hashicorp/terraform-exec v0.21.0 // indirect @@ -80,18 +80,18 @@ require ( github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/yuin/goldmark v1.7.1 // indirect github.com/yuin/goldmark-meta v1.1.0 // indirect - github.com/zclconf/go-cty v1.15.1 // indirect + github.com/zclconf/go-cty v1.16.0 // indirect go.abhg.dev/goldmark/frontmatter v0.2.0 // indirect - golang.org/x/crypto v0.31.0 // indirect + golang.org/x/crypto v0.32.0 // indirect golang.org/x/mod v0.22.0 // indirect - golang.org/x/net v0.33.0 // indirect + golang.org/x/net v0.34.0 // indirect golang.org/x/sync v0.10.0 // indirect - golang.org/x/sys v0.28.0 // indirect + golang.org/x/sys v0.29.0 // indirect golang.org/x/text v0.21.0 // indirect - golang.org/x/tools v0.28.0 // indirect + golang.org/x/tools v0.29.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241223144023-3abc09e42ca8 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 // indirect gopkg.in/yaml.v2 v2.3.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 4a515b31..048fa2da 100644 --- a/go.sum +++ b/go.sum @@ -43,8 +43,8 @@ github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZ github.com/bufbuild/protocompile v0.4.0/go.mod h1:3v93+mbWn/v3xzN+31nwkJfrEpAUwp+BagBSZWx+TP8= github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys= github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= -github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= -github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo= +github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -57,10 +57,10 @@ github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3 github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= -github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= -github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys= -github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= +github.com/go-git/go-billy/v5 v5.6.0 h1:w2hPNtoehvJIxR00Vb4xX94qHQi/ApZfX+nBE2Cjio8= +github.com/go-git/go-billy/v5 v5.6.0/go.mod h1:sFDq7xD3fn3E0GOwUSZqHo9lrkmx8xJhA0ZrfvjBRGM= +github.com/go-git/go-git/v5 v5.13.0 h1:vLn5wlGIh/X78El6r3Jr+30W16Blk0CTcxTYcYPWi5E= +github.com/go-git/go-git/v5 v5.13.0/go.mod h1:Wjo7/JyVKtQgUNdXYXIepzWfJQkUEIGvkvVkiXRR/zw= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= @@ -107,8 +107,8 @@ github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/C github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/hc-install v0.9.0 h1:2dIk8LcvANwtv3QZLckxcjyF5w8KVtiMxu6G6eLhghE= -github.com/hashicorp/hc-install v0.9.0/go.mod h1:+6vOP+mf3tuGgMApVYtmsnDoKWMDcFXeTxCACYZ8SFg= +github.com/hashicorp/hc-install v0.9.1 h1:gkqTfE3vVbafGQo6VZXcy2v5yoz2bE0+nhZXruCuODQ= +github.com/hashicorp/hc-install v0.9.1/go.mod h1:pWWvN/IrfeBK4XPeXXYkL6EjMufHkCK5DvwxeLKuBf0= github.com/hashicorp/hcl/v2 v2.23.0 h1:Fphj1/gCylPxHutVSEOf2fBOh1VE4AuLV7+kbJf3qos= github.com/hashicorp/hcl/v2 v2.23.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= @@ -189,8 +189,8 @@ github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= -github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= -github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= +github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY= +github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= @@ -215,8 +215,8 @@ github.com/yuin/goldmark v1.7.1 h1:3bajkSilaCbjdKVsKdZjZCLBNPL9pYzrCakKaf4U49U= github.com/yuin/goldmark v1.7.1/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E= github.com/yuin/goldmark-meta v1.1.0 h1:pWw+JLHGZe8Rk0EGsMVssiNb/AaPMHfSRszZeUeiOUc= github.com/yuin/goldmark-meta v1.1.0/go.mod h1:U4spWENafuA7Zyg+Lj5RqK/MF+ovMYtBvXi1lBb2VP0= -github.com/zclconf/go-cty v1.15.1 h1:RgQYm4j2EvoBRXOPxhUvxPzRrGDo1eCOhHXuGfrj5S0= -github.com/zclconf/go-cty v1.15.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty v1.16.0 h1:xPKEhst+BW5D0wxebMZkxgapvOE/dw7bFTlgSc9nD6w= +github.com/zclconf/go-cty v1.16.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= go.abhg.dev/goldmark/frontmatter v0.2.0 h1:P8kPG0YkL12+aYk2yU3xHv4tcXzeVnN+gU0tJ5JnxRw= @@ -234,10 +234,10 @@ go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06F golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= -golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= -golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 h1:1UoZQm6f0P/ZO0w1Ri+f+ifG/gXhegadRdwBIXEFWDo= -golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= +golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8 h1:yqrTHse8TCMW1M1ZCP+VAR/l0kKxwaAIqN/il7x4voA= +golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8/go.mod h1:tujkw807nyEEAamNbDrEGzRav+ilXA7PCRAd6xsmwiU= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= @@ -246,10 +246,10 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= -golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= -golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= -golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= +golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= +golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70= +golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -268,8 +268,8 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -284,17 +284,17 @@ golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= -golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= +golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE= +golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= -google.golang.org/genproto/googleapis/api v0.0.0-20241223144023-3abc09e42ca8 h1:st3LcW/BPi75W4q1jJTEor/QWwbNlPlDG0JTn6XhZu0= -google.golang.org/genproto/googleapis/api v0.0.0-20241223144023-3abc09e42ca8/go.mod h1:klhJGKFyG8Tn50enBn7gizg4nXGXJ+jqEREdCWaPcV4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 h1:TqExAhdPaB60Ux47Cn0oLV07rGnxZzIsaRhQaqS666A= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= +google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422 h1:GVIKPyP/kLIyVOgOnTwFOrvQaQUzOzGMCxgFUOEmm24= +google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422/go.mod h1:b6h1vNKhxaSoEI+5jc3PJUCustfli/mRab7295pY7rw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 h1:3UsHvIr4Wc2aW4brOaSCmcxh9ksica6fHEr8P1XhkYw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4= google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=