From f9e9f8af9cd6f281a69d3d6e580b075786367a07 Mon Sep 17 00:00:00 2001 From: Andreas Kupries Date: Wed, 14 Aug 2024 14:46:30 +0200 Subject: [PATCH 01/10] fix: get a wrangler context to where we need it; extraction of a token wrangler client --- pkg/service/handlers/kube-api-handlers.go | 6 +++++- pkg/service/server.go | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/pkg/service/handlers/kube-api-handlers.go b/pkg/service/handlers/kube-api-handlers.go index 98fb234..0475a75 100644 --- a/pkg/service/handlers/kube-api-handlers.go +++ b/pkg/service/handlers/kube-api-handlers.go @@ -1,9 +1,11 @@ package handlers import ( + mgmtcontrollers "github.com/rancher/rancher/pkg/generated/controllers/management.cattle.io/v3" clusterv3 "github.com/rancher/rancher/pkg/generated/norman/cluster.cattle.io/v3" corev1 "github.com/rancher/rancher/pkg/generated/norman/core/v1" "github.com/rancher/rancher/pkg/types/config" + "github.com/rancher/rancher/pkg/wrangler" ) type KubeAPIHandlers struct { @@ -13,9 +15,10 @@ type KubeAPIHandlers struct { clusterUserAttribute clusterv3.ClusterUserAttributeInterface clusterUserAttributeLister clusterv3.ClusterUserAttributeLister configMapLister corev1.ConfigMapLister + tokenWClient mgmtcontrollers.TokenController } -func NewKubeAPIHandlers(namespace string, apiContext *config.UserOnlyContext) *KubeAPIHandlers { +func NewKubeAPIHandlers(namespace string, apiContext *config.UserOnlyContext, wranglerCtx *wrangler.Context) *KubeAPIHandlers { return &KubeAPIHandlers{ namespace: namespace, clusterAuthTokens: apiContext.Cluster.ClusterAuthTokens(namespace), @@ -23,5 +26,6 @@ func NewKubeAPIHandlers(namespace string, apiContext *config.UserOnlyContext) *K clusterUserAttribute: apiContext.Cluster.ClusterUserAttributes(namespace), clusterUserAttributeLister: apiContext.Cluster.ClusterUserAttributes(namespace).Controller().Lister(), configMapLister: apiContext.Core.ConfigMaps(namespace).Controller().Lister(), + tokenWClient: wranglerCtx.Mgmt.Token(), } } diff --git a/pkg/service/server.go b/pkg/service/server.go index f48b3bd..4abc5f9 100644 --- a/pkg/service/server.go +++ b/pkg/service/server.go @@ -39,7 +39,7 @@ func Serve(listen, namespace, kubeConfig string) error { return err } - router := RouteContext(mux.NewRouter().StrictSlash(true), namespace, apiContext) + router := RouteContext(mux.NewRouter().StrictSlash(true), namespace, apiContext, wranglerCtx) go func() { for { @@ -55,9 +55,9 @@ func Serve(listen, namespace, kubeConfig string) error { return http.ListenAndServe(listen, router) } -func RouteContext(router *mux.Router, namespace string, apiContext *config.UserOnlyContext) *mux.Router { +func RouteContext(router *mux.Router, namespace string, apiContext *config.UserOnlyContext, wranglerCtx *wrangler.Context) *mux.Router { // API framework routes - kubeAPIHandlers := handlers.NewKubeAPIHandlers(namespace, apiContext) + kubeAPIHandlers := handlers.NewKubeAPIHandlers(namespace, apiContext, wranglerCtx) // Healthcheck endpoint router.Methods("GET").Path("/healthcheck").Handler(handlers.HealthcheckHandler()) // V1 Authenticate endpoint From d4177785db00a90d81c3e5c82b0900639b99284a Mon Sep 17 00:00:00 2001 From: Andreas Kupries Date: Wed, 14 Aug 2024 14:49:42 +0200 Subject: [PATCH 02/10] feat: management of lastUsedAt (lua) for cluster auth tokens (cat) beware: figure out how to distinguish cat's supporting lua vs not note: likely requires proper init of lua on cat creation note: find the places creating cats --- pkg/service/handlers/v1-kube-api-authn.go | 78 +++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/pkg/service/handlers/v1-kube-api-authn.go b/pkg/service/handlers/v1-kube-api-authn.go index 6f35079..ded9e2e 100644 --- a/pkg/service/handlers/v1-kube-api-authn.go +++ b/pkg/service/handlers/v1-kube-api-authn.go @@ -14,8 +14,14 @@ import ( "github.com/rancher/kube-api-auth/pkg/api/v1/types" "github.com/rancher/rancher/pkg/controllers/managementuser/clusterauthtoken/common" log "github.com/sirupsen/logrus" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + ktypes "k8s.io/apimachinery/pkg/types" ) +// Do not record lastUsedAt at the full possible precision +const lastUsedAtGranularity = time.Minute + func (kube *KubeAPIHandlers) V1AuthenticateHandler() http.HandlerFunc { return kube.v1Authenticate } @@ -136,9 +142,81 @@ func (kube *KubeAPIHandlers) v1getAndVerifyUser(accessKey, secretKey string) (*t Groups: clusterUserAttribute.Groups, } + // Manage LastUsedAt + + // Check for token client supporting Patch method + if kube.tokenWClient == nil { + log.Errorf("ClusterAuthToken %v, lastUsedAt: skipping update, no wrangler client", + clusterAuthToken.ObjectMeta.Name) + return response, nil + } + + now := time.Now().Truncate(lastUsedAtGranularity) + log.Debugf("ClusterAuthToken %v, lastUsedAt: now is %v", clusterAuthToken.ObjectMeta.Name, now) + + // TODO XXX How do we distinguish between an uninitialized CAT supporting LUA, versus + // TODO XXX an old CAT not supporting LUA ? + // TODO XXX Both should appear here as `clusterAuthToken.LastUsedAt == nil`. + + // TODO XXX Maybe creation of a CAT supporting LUA should set an initial LUA ? + // TODO XXX Where would that happen ? + + if clusterAuthToken.LastUsedAt != nil { + lastRecorded := clusterAuthToken.LastUsedAt.Time.Truncate(lastUsedAtGranularity) + log.Debugf("ClusterAuthToken %v, lastUsedAt: recorded %v", + clusterAuthToken.ObjectMeta.Name, lastRecorded) + + // throttle ... skip update if the recorded/known last use is not + // strictly in the past, relative to us. IOW if the token is already + // at the minute we want, or even ahead, then we have nothing to do. + + if now.Before(lastRecorded) || now.Equal(lastRecorded) { + log.Debugf("ClusterAuthToken %v, lastUsedAt: now <= recorded, skipped update", + clusterAuthToken.ObjectMeta.Name) + return response, nil + } + } + + // green light for patch + + lastUsed := metav1.NewTime(now) + patch, err := makeLastUsedPatch(lastUsed) + if err != nil { + // Just logging this error, not reporting it. Operation was ok, do not wish to force a retry. + // IOW the field lastUsedAt is updated only with best effort. + log.Errorf("ClusterAuthToken %v, lastUsedAt: patch creation failed: %v", + clusterAuthToken.ObjectMeta.Name, err) + return response, nil + } + + _, err = kube.tokenWClient.Patch(clusterAuthToken.ObjectMeta.Name, ktypes.JSONPatchType, patch) + if err != nil { + // Just logging this error, not reporting it. Operation was ok, do not wish to force a retry. + // IOW the field lastUsedAt is updated only with best effort. + log.Errorf("ClusterAuthToken %v, lastUsedAt: patch application failed: %v", + clusterAuthToken.ObjectMeta.Name, err) + return response, nil + } + + log.Debugf("ClusterAuthToken %v, lastUsedAt: successfully completed update", + clusterAuthToken.ObjectMeta.Name) + return response, nil } +func makeLastUsedPatch(lu metav1.Time) ([]byte, error) { + operations := []struct { + Op string `json:"op"` + Path string `json:"path"` + Value metav1.Time `json:"value"` + }{{ + Op: "replace", + Path: "/lastUsedAt", + Value: lu, + }} + return json.Marshal(operations) +} + func (kube *KubeAPIHandlers) getRefreshPeriod() time.Duration { const noDefault = time.Duration(-1) configMap, err := kube.configMapLister.Get(kube.namespace, common.AuthProviderRefreshDebounceSettingName) From b8e7c5cbf9b1a5567e70d31f60b747a0b591d13b Mon Sep 17 00:00:00 2001 From: Andreas Kupries Date: Wed, 14 Aug 2024 15:37:49 +0200 Subject: [PATCH 03/10] fixup go.mod --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 2d82d76..e5af051 100644 --- a/go.mod +++ b/go.mod @@ -58,6 +58,7 @@ require ( github.com/rancher/rancher v0.0.0-20240730202829-9e0cc54e7e3a github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.14 + k8s.io/apimachinery v0.30.3 ) require ( @@ -226,7 +227,6 @@ require ( helm.sh/helm/v3 v3.15.1 // indirect k8s.io/api v0.30.3 // indirect k8s.io/apiextensions-apiserver v0.30.1 // indirect - k8s.io/apimachinery v0.30.3 // indirect k8s.io/apiserver v0.30.3 // indirect k8s.io/cli-runtime v0.30.3 // indirect k8s.io/client-go v12.0.0+incompatible // indirect From a87ccea8f6180cab23e2f63b072d19e8ced21a1c Mon Sep 17 00:00:00 2001 From: Andreas Kupries Date: Fri, 16 Aug 2024 09:50:16 +0200 Subject: [PATCH 04/10] fix: logic error in the field update. finalize: internal docs about code reasoning. --- pkg/service/handlers/v1-kube-api-authn.go | 72 +++++++++++++++-------- 1 file changed, 49 insertions(+), 23 deletions(-) diff --git a/pkg/service/handlers/v1-kube-api-authn.go b/pkg/service/handlers/v1-kube-api-authn.go index ded9e2e..11cbfb9 100644 --- a/pkg/service/handlers/v1-kube-api-authn.go +++ b/pkg/service/handlers/v1-kube-api-authn.go @@ -154,27 +154,45 @@ func (kube *KubeAPIHandlers) v1getAndVerifyUser(accessKey, secretKey string) (*t now := time.Now().Truncate(lastUsedAtGranularity) log.Debugf("ClusterAuthToken %v, lastUsedAt: now is %v", clusterAuthToken.ObjectMeta.Name, now) - // TODO XXX How do we distinguish between an uninitialized CAT supporting LUA, versus - // TODO XXX an old CAT not supporting LUA ? - // TODO XXX Both should appear here as `clusterAuthToken.LastUsedAt == nil`. - - // TODO XXX Maybe creation of a CAT supporting LUA should set an initial LUA ? - // TODO XXX Where would that happen ? - - if clusterAuthToken.LastUsedAt != nil { - lastRecorded := clusterAuthToken.LastUsedAt.Time.Truncate(lastUsedAtGranularity) - log.Debugf("ClusterAuthToken %v, lastUsedAt: recorded %v", - clusterAuthToken.ObjectMeta.Name, lastRecorded) - - // throttle ... skip update if the recorded/known last use is not - // strictly in the past, relative to us. IOW if the token is already - // at the minute we want, or even ahead, then we have nothing to do. - - if now.Before(lastRecorded) || now.Equal(lastRecorded) { - log.Debugf("ClusterAuthToken %v, lastUsedAt: now <= recorded, skipped update", - clusterAuthToken.ObjectMeta.Name) - return response, nil - } + // __WARNING__ + // kube-api-auth (KAA) is unversioned, the same sources are used across all Rancher + // versions making use of the KAA executable. This means that we have to be careful + // about the data we are getting, and writing. + // + // Even with knowledge of the `ClusterAuthToken.LastUsedAt` (CAT.LUA) field compiled + // into KAA we may run in an environment where this field does not exist. + // + // To ensure that the field is read and written if and only if the field is actually + // supported the functions `createClusterAuthToken` [1] and `NewClusterAuthToken` [2] + // were modified to ensure that CAT.LUA is properly initialized to a sensible value in + // all newly created CATs. + // + // With this in place the check `clusterAuthToken.LastUsedAt == nil` below is a proper + // distinguisher between CATs supporting LUA and older CATs without the field. + // + // [1] `rancher/pkg/controllers/managementuser/clusterauthtoken/token.go` + // [2] `rancher/pkg/controllers/managementuser/clusterauthtoken/common/user.go` + + if clusterAuthToken.LastUsedAt == nil { + // CAT does not support LUA. Do not touch the field. + return response, nil + } + + // CAT supports LUA. See if we should update it, and if yes, perform the necessary patching. + + lastRecorded := clusterAuthToken.LastUsedAt.Time.Truncate(lastUsedAtGranularity) + log.Debugf("ClusterAuthToken %v, lastUsedAt: recorded %v", + clusterAuthToken.ObjectMeta.Name, lastRecorded) + + // throttle ... skip update if the recorded/known last use is not strictly in the past, + // relative to us. IOW if the token is already at the minute we want, or even ahead, then we + // have nothing to do. + + if now.Before(lastRecorded) || now.Equal(lastRecorded) { + log.Debugf("ClusterAuthToken %v, lastUsedAt: now <= recorded, skipped update", + clusterAuthToken.ObjectMeta.Name) + + return response, nil } // green light for patch @@ -182,19 +200,27 @@ func (kube *KubeAPIHandlers) v1getAndVerifyUser(accessKey, secretKey string) (*t lastUsed := metav1.NewTime(now) patch, err := makeLastUsedPatch(lastUsed) if err != nil { - // Just logging this error, not reporting it. Operation was ok, do not wish to force a retry. + // Failed to create a proper patch. + // Just logging this error, not reporting it. + // The actual operation was ok and we do not wish to force a retry. // IOW the field lastUsedAt is updated only with best effort. + log.Errorf("ClusterAuthToken %v, lastUsedAt: patch creation failed: %v", clusterAuthToken.ObjectMeta.Name, err) + return response, nil } _, err = kube.tokenWClient.Patch(clusterAuthToken.ObjectMeta.Name, ktypes.JSONPatchType, patch) if err != nil { - // Just logging this error, not reporting it. Operation was ok, do not wish to force a retry. + // Failed to apply the patch + // Just logging this error, not reporting it. + // The actual operation was ok and we do not wish to force a retry. // IOW the field lastUsedAt is updated only with best effort. + log.Errorf("ClusterAuthToken %v, lastUsedAt: patch application failed: %v", clusterAuthToken.ObjectMeta.Name, err) + return response, nil } From 643ebd8ed3a98b10a77032d90b05afb6ac2155c1 Mon Sep 17 00:00:00 2001 From: Andreas Kupries Date: Fri, 16 Aug 2024 11:34:43 +0200 Subject: [PATCH 05/10] test: redirect rancher packages to the branch/PR declaring LastUsedAt support. note: commit had to be in rancher reppo itself, not in a forked repo for go to pick it up. --- go.mod | 5 +++-- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index e5af051..8b07434 100644 --- a/go.mod +++ b/go.mod @@ -7,8 +7,9 @@ toolchain go1.23.1 replace ( github.com/docker/docker => github.com/docker/docker v20.10.27+incompatible // oras dep requires a replace is set - github.com/rancher/rancher/pkg/apis => github.com/rancher/rancher/pkg/apis v0.0.0-20240730202829-9e0cc54e7e3a - github.com/rancher/rancher/pkg/client => github.com/rancher/rancher/pkg/client v0.0.0-20240730202829-9e0cc54e7e3a + github.com/rancher/rancher => github.com/rancher/rancher v0.0.0-20240816072802-e7ccd8987e43 + github.com/rancher/rancher/pkg/apis => github.com/rancher/rancher/pkg/apis v0.0.0-20240816072802-e7ccd8987e43 + github.com/rancher/rancher/pkg/client => github.com/rancher/rancher/pkg/client v0.0.0-20240816072802-e7ccd8987e43 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc => go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.44.0 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp => go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 diff --git a/go.sum b/go.sum index 4f525c3..d878e26 100644 --- a/go.sum +++ b/go.sum @@ -1832,12 +1832,12 @@ github.com/rancher/lasso v0.0.0-20240705194423-b2a060d103c1 h1:vv1jDlYbd4KhGbPNx github.com/rancher/lasso v0.0.0-20240705194423-b2a060d103c1/go.mod h1:A/y3BLQkxZXYD60MNDRwAG9WGxXfvd6Z6gWR/a8wPw8= github.com/rancher/norman v0.0.0-20240708202514-a0127673d1b9 h1:AlRMRs5mHJcdiK83KKJyFVeybPMZ7dOUzC0l3k9aUa8= github.com/rancher/norman v0.0.0-20240708202514-a0127673d1b9/go.mod h1:dyjfXBsNiroPWOdUZe7diUOUSLf6HQ/r2kEpwH/8zas= -github.com/rancher/rancher v0.0.0-20240730202829-9e0cc54e7e3a h1:15fSa23a0Z9fb15kSswaTRoSKES3CGFV5X3ejohCwAc= -github.com/rancher/rancher v0.0.0-20240730202829-9e0cc54e7e3a/go.mod h1:rDxM1FxJJwfq4mXERAZekp1xsh+lGoaZ0hAQ0R6Dg9U= -github.com/rancher/rancher/pkg/apis v0.0.0-20240730202829-9e0cc54e7e3a h1:lt95F9b2O7b3f1nRA3hehv2KH0vI0pjbQFDkKvfiE0k= -github.com/rancher/rancher/pkg/apis v0.0.0-20240730202829-9e0cc54e7e3a/go.mod h1:aQ7WsDz/lGZlBVr2g5V7N0zViuXnDFdo2TYXFKYDBQ4= -github.com/rancher/rancher/pkg/client v0.0.0-20240730202829-9e0cc54e7e3a h1:QvqoJnnmdJq64ha6eaDGp2kFxF4LPIUiyi/Dh3qz6E4= -github.com/rancher/rancher/pkg/client v0.0.0-20240730202829-9e0cc54e7e3a/go.mod h1:A+DTKG05BZs1mOoCIB6UpiKo7j0dC6kSz3mgYju9Q20= +github.com/rancher/rancher v0.0.0-20240816072802-e7ccd8987e43 h1:JZn0gqfwU9rSdADO449DRVw08JNshQ7Ls+oNd586bKY= +github.com/rancher/rancher v0.0.0-20240816072802-e7ccd8987e43/go.mod h1:8/izftiVUTgiW28E2MdSwt8YR4sElL0GZ4BgMCHA0Rg= +github.com/rancher/rancher/pkg/apis v0.0.0-20240816072802-e7ccd8987e43 h1:RiZIfvAKgbUzEBCRUn7WR1ZaixXZhZb0yS3dAA7tUYU= +github.com/rancher/rancher/pkg/apis v0.0.0-20240816072802-e7ccd8987e43/go.mod h1:aQ7WsDz/lGZlBVr2g5V7N0zViuXnDFdo2TYXFKYDBQ4= +github.com/rancher/rancher/pkg/client v0.0.0-20240816072802-e7ccd8987e43 h1:UONulfCd8/E1TiJAnDfY+0SSl3ANdrwWAQOiZ1a+A3A= +github.com/rancher/rancher/pkg/client v0.0.0-20240816072802-e7ccd8987e43/go.mod h1:A+DTKG05BZs1mOoCIB6UpiKo7j0dC6kSz3mgYju9Q20= github.com/rancher/remotedialer v0.4.0 h1:T9yC5bFMsZFVQ6rK0dNrRg6rRb6Zr/4vsig8S0IJ7ak= github.com/rancher/remotedialer v0.4.0/go.mod h1:Ys004RpJuTLSm+k4aYUCoFiOOad37ubYev3TkOFg/5w= github.com/rancher/rke v1.6.0 h1:fHdygmtPF1cWXuiYXfwgG4hKvt0n4l57SwCxquRJSfs= From f8983897c964a7e9d7be4c2cfeecf076b6ba524d Mon Sep 17 00:00:00 2001 From: Andreas Kupries Date: Fri, 16 Aug 2024 12:21:19 +0200 Subject: [PATCH 06/10] fixup: linter error --- pkg/service/handlers/v1-kube-api-authn.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/service/handlers/v1-kube-api-authn.go b/pkg/service/handlers/v1-kube-api-authn.go index 11cbfb9..241d42b 100644 --- a/pkg/service/handlers/v1-kube-api-authn.go +++ b/pkg/service/handlers/v1-kube-api-authn.go @@ -62,7 +62,11 @@ func (kube *KubeAPIHandlers) v1Authenticate(w http.ResponseWriter, r *http.Reque ReturnHTTPError(w, r, http.StatusServiceUnavailable, fmt.Sprintf("%v", err)) return } +<<<<<<< HEAD log.Info(string(responseJSON)) +======= + log.Infof(" json: %s", string(responseJSON)) +>>>>>>> 3e9854e (fixup: linter error) log.Infof(" ...authenticated %s!", accessKey) } From ba86dee8a84094f7fa782b930484ad3c0eb47c8a Mon Sep 17 00:00:00 2001 From: Peter Matseykanets Date: Mon, 30 Sep 2024 08:33:56 -0400 Subject: [PATCH 07/10] Use existing logic for updating ClusterAuthToken --- pkg/service/handlers/kube-api-handlers.go | 6 +- pkg/service/handlers/v1-kube-api-authn.go | 144 +++++----------------- pkg/service/server.go | 6 +- 3 files changed, 37 insertions(+), 119 deletions(-) diff --git a/pkg/service/handlers/kube-api-handlers.go b/pkg/service/handlers/kube-api-handlers.go index 0475a75..98fb234 100644 --- a/pkg/service/handlers/kube-api-handlers.go +++ b/pkg/service/handlers/kube-api-handlers.go @@ -1,11 +1,9 @@ package handlers import ( - mgmtcontrollers "github.com/rancher/rancher/pkg/generated/controllers/management.cattle.io/v3" clusterv3 "github.com/rancher/rancher/pkg/generated/norman/cluster.cattle.io/v3" corev1 "github.com/rancher/rancher/pkg/generated/norman/core/v1" "github.com/rancher/rancher/pkg/types/config" - "github.com/rancher/rancher/pkg/wrangler" ) type KubeAPIHandlers struct { @@ -15,10 +13,9 @@ type KubeAPIHandlers struct { clusterUserAttribute clusterv3.ClusterUserAttributeInterface clusterUserAttributeLister clusterv3.ClusterUserAttributeLister configMapLister corev1.ConfigMapLister - tokenWClient mgmtcontrollers.TokenController } -func NewKubeAPIHandlers(namespace string, apiContext *config.UserOnlyContext, wranglerCtx *wrangler.Context) *KubeAPIHandlers { +func NewKubeAPIHandlers(namespace string, apiContext *config.UserOnlyContext) *KubeAPIHandlers { return &KubeAPIHandlers{ namespace: namespace, clusterAuthTokens: apiContext.Cluster.ClusterAuthTokens(namespace), @@ -26,6 +23,5 @@ func NewKubeAPIHandlers(namespace string, apiContext *config.UserOnlyContext, wr clusterUserAttribute: apiContext.Cluster.ClusterUserAttributes(namespace), clusterUserAttributeLister: apiContext.Cluster.ClusterUserAttributes(namespace).Controller().Lister(), configMapLister: apiContext.Core.ConfigMaps(namespace).Controller().Lister(), - tokenWClient: wranglerCtx.Mgmt.Token(), } } diff --git a/pkg/service/handlers/v1-kube-api-authn.go b/pkg/service/handlers/v1-kube-api-authn.go index 241d42b..9d4a2fd 100644 --- a/pkg/service/handlers/v1-kube-api-authn.go +++ b/pkg/service/handlers/v1-kube-api-authn.go @@ -14,14 +14,9 @@ import ( "github.com/rancher/kube-api-auth/pkg/api/v1/types" "github.com/rancher/rancher/pkg/controllers/managementuser/clusterauthtoken/common" log "github.com/sirupsen/logrus" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - ktypes "k8s.io/apimachinery/pkg/types" ) -// Do not record lastUsedAt at the full possible precision -const lastUsedAtGranularity = time.Minute - func (kube *KubeAPIHandlers) V1AuthenticateHandler() http.HandlerFunc { return kube.v1Authenticate } @@ -126,140 +121,67 @@ func (kube *KubeAPIHandlers) v1getAndVerifyUser(accessKey, secretKey string) (*t return nil, err } + now := time.Now() + var shouldUpdate bool + refreshPeriod := kube.getRefreshPeriod() - if refreshPeriod >= time.Duration(0) && clusterUserAttribute.LastRefresh != "" && !clusterUserAttribute.NeedsRefresh { + if refreshPeriod >= 0 && clusterUserAttribute.LastRefresh != "" && !clusterUserAttribute.NeedsRefresh { refresh, err := time.Parse(time.RFC3339, clusterUserAttribute.LastRefresh) if err != nil { - return nil, err + return nil, fmt.Errorf("error parsing lastRefresh: %w", err) } - if refresh.Add(refreshPeriod).Before(time.Now()) { + + if refresh.Add(refreshPeriod).Before(now) { clusterUserAttribute.NeedsRefresh = true - _, err := kube.clusterUserAttribute.Update(clusterUserAttribute) - if err != nil { - return nil, err - } + shouldUpdate = true } } - response := &types.V1AuthnResponseUser{ - UserName: userName, - Groups: clusterUserAttribute.Groups, - } - - // Manage LastUsedAt - - // Check for token client supporting Patch method - if kube.tokenWClient == nil { - log.Errorf("ClusterAuthToken %v, lastUsedAt: skipping update, no wrangler client", - clusterAuthToken.ObjectMeta.Name) - return response, nil - } - - now := time.Now().Truncate(lastUsedAtGranularity) - log.Debugf("ClusterAuthToken %v, lastUsedAt: now is %v", clusterAuthToken.ObjectMeta.Name, now) - - // __WARNING__ - // kube-api-auth (KAA) is unversioned, the same sources are used across all Rancher - // versions making use of the KAA executable. This means that we have to be careful - // about the data we are getting, and writing. - // - // Even with knowledge of the `ClusterAuthToken.LastUsedAt` (CAT.LUA) field compiled - // into KAA we may run in an environment where this field does not exist. - // - // To ensure that the field is read and written if and only if the field is actually - // supported the functions `createClusterAuthToken` [1] and `NewClusterAuthToken` [2] - // were modified to ensure that CAT.LUA is properly initialized to a sensible value in - // all newly created CATs. - // - // With this in place the check `clusterAuthToken.LastUsedAt == nil` below is a proper - // distinguisher between CATs supporting LUA and older CATs without the field. - // - // [1] `rancher/pkg/controllers/managementuser/clusterauthtoken/token.go` - // [2] `rancher/pkg/controllers/managementuser/clusterauthtoken/common/user.go` - - if clusterAuthToken.LastUsedAt == nil { - // CAT does not support LUA. Do not touch the field. - return response, nil - } - - // CAT supports LUA. See if we should update it, and if yes, perform the necessary patching. - - lastRecorded := clusterAuthToken.LastUsedAt.Time.Truncate(lastUsedAtGranularity) - log.Debugf("ClusterAuthToken %v, lastUsedAt: recorded %v", - clusterAuthToken.ObjectMeta.Name, lastRecorded) - - // throttle ... skip update if the recorded/known last use is not strictly in the past, - // relative to us. IOW if the token is already at the minute we want, or even ahead, then we - // have nothing to do. - - if now.Before(lastRecorded) || now.Equal(lastRecorded) { - log.Debugf("ClusterAuthToken %v, lastUsedAt: now <= recorded, skipped update", - clusterAuthToken.ObjectMeta.Name) - - return response, nil - } + func() { // Deliberately using an anonymous function with an early return here to simplify the logic. + now = now.Truncate(time.Second) // Use the second precision. - // green light for patch - - lastUsed := metav1.NewTime(now) - patch, err := makeLastUsedPatch(lastUsed) - if err != nil { - // Failed to create a proper patch. - // Just logging this error, not reporting it. - // The actual operation was ok and we do not wish to force a retry. - // IOW the field lastUsedAt is updated only with best effort. - - log.Errorf("ClusterAuthToken %v, lastUsedAt: patch creation failed: %v", - clusterAuthToken.ObjectMeta.Name, err) - - return response, nil - } - - _, err = kube.tokenWClient.Patch(clusterAuthToken.ObjectMeta.Name, ktypes.JSONPatchType, patch) - if err != nil { - // Failed to apply the patch - // Just logging this error, not reporting it. - // The actual operation was ok and we do not wish to force a retry. - // IOW the field lastUsedAt is updated only with best effort. + if clusterAuthToken.LastUsedAt != nil { + if now.Equal(clusterAuthToken.LastUsedAt.Time.Truncate(time.Second)) { + // Throttle subsecond updates. + return + } + } - log.Errorf("ClusterAuthToken %v, lastUsedAt: patch application failed: %v", - clusterAuthToken.ObjectMeta.Name, err) + lastUsedAt := metav1.NewTime(now) + clusterAuthToken.LastUsedAt = &lastUsedAt + shouldUpdate = true + }() - return response, nil + if shouldUpdate { + _, err = kube.clusterAuthTokens.Update(clusterAuthToken) + if err != nil { + return nil, fmt.Errorf("error updating clusterAuthToken %s: %w", clusterAuthToken.Name, err) + } } - log.Debugf("ClusterAuthToken %v, lastUsedAt: successfully completed update", - clusterAuthToken.ObjectMeta.Name) - - return response, nil -} - -func makeLastUsedPatch(lu metav1.Time) ([]byte, error) { - operations := []struct { - Op string `json:"op"` - Path string `json:"path"` - Value metav1.Time `json:"value"` - }{{ - Op: "replace", - Path: "/lastUsedAt", - Value: lu, - }} - return json.Marshal(operations) + return &types.V1AuthnResponseUser{ + UserName: userName, + Groups: clusterUserAttribute.Groups, + }, nil } func (kube *KubeAPIHandlers) getRefreshPeriod() time.Duration { const noDefault = time.Duration(-1) + configMap, err := kube.configMapLister.Get(kube.namespace, common.AuthProviderRefreshDebounceSettingName) if err != nil || configMap.Data == nil { return noDefault } + refreshStr := configMap.Data["value"] if refreshStr == "" { return noDefault } + refreshSeconds, err := strconv.ParseInt(refreshStr, 10, 64) if err != nil { return noDefault } + return time.Duration(refreshSeconds) * time.Second } diff --git a/pkg/service/server.go b/pkg/service/server.go index 4abc5f9..f48b3bd 100644 --- a/pkg/service/server.go +++ b/pkg/service/server.go @@ -39,7 +39,7 @@ func Serve(listen, namespace, kubeConfig string) error { return err } - router := RouteContext(mux.NewRouter().StrictSlash(true), namespace, apiContext, wranglerCtx) + router := RouteContext(mux.NewRouter().StrictSlash(true), namespace, apiContext) go func() { for { @@ -55,9 +55,9 @@ func Serve(listen, namespace, kubeConfig string) error { return http.ListenAndServe(listen, router) } -func RouteContext(router *mux.Router, namespace string, apiContext *config.UserOnlyContext, wranglerCtx *wrangler.Context) *mux.Router { +func RouteContext(router *mux.Router, namespace string, apiContext *config.UserOnlyContext) *mux.Router { // API framework routes - kubeAPIHandlers := handlers.NewKubeAPIHandlers(namespace, apiContext, wranglerCtx) + kubeAPIHandlers := handlers.NewKubeAPIHandlers(namespace, apiContext) // Healthcheck endpoint router.Methods("GET").Path("/healthcheck").Handler(handlers.HealthcheckHandler()) // V1 Authenticate endpoint From 0d109c08f3b2e8c66e184331fb1ca4bb2efefc4e Mon Sep 17 00:00:00 2001 From: Peter Matseykanets Date: Mon, 30 Sep 2024 10:45:31 -0400 Subject: [PATCH 08/10] Refactor receiver name --- pkg/service/handlers/v1-kube-api-authn.go | 28 ++++++++++++++--------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/pkg/service/handlers/v1-kube-api-authn.go b/pkg/service/handlers/v1-kube-api-authn.go index 9d4a2fd..f43604b 100644 --- a/pkg/service/handlers/v1-kube-api-authn.go +++ b/pkg/service/handlers/v1-kube-api-authn.go @@ -17,11 +17,11 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -func (kube *KubeAPIHandlers) V1AuthenticateHandler() http.HandlerFunc { - return kube.v1Authenticate +func (h *KubeAPIHandlers) V1AuthenticateHandler() http.HandlerFunc { + return h.v1Authenticate } -func (kube *KubeAPIHandlers) v1Authenticate(w http.ResponseWriter, r *http.Request) { +func (h *KubeAPIHandlers) v1Authenticate(w http.ResponseWriter, r *http.Request) { log.Info("Processing v1Authenticate request...") response := types.V1AuthnResponse{ @@ -39,7 +39,7 @@ func (kube *KubeAPIHandlers) v1Authenticate(w http.ResponseWriter, r *http.Reque } log.Infof(" ...looking up token for %s", accessKey) - user, err := kube.v1getAndVerifyUser(accessKey, secretKey) + user, err := h.v1getAndVerifyUser(accessKey, secretKey) if err != nil { ReturnHTTPError(w, r, http.StatusUnauthorized, fmt.Sprintf("%v", err)) return @@ -70,6 +70,7 @@ func v1parseBody(r *http.Request) (string, string, error) { if err != nil { return "", "", err } + authnReq, err := v1getBodyAuthnRequest(bytes) if err != nil { return "", "", err @@ -79,8 +80,10 @@ func v1parseBody(r *http.Request) (string, string, error) { if len(tokenParts) != 2 { return "", "", fmt.Errorf("found %d parts of token", len(tokenParts)) } + accessKey := tokenParts[0] secretKey := tokenParts[1] + return accessKey, secretKey, nil } @@ -89,17 +92,20 @@ func v1getBodyAuthnRequest(bytes []byte) (*types.V1AuthnRequest, error) { if err := json.Unmarshal(bytes, authnReq); err != nil { return nil, err } + if authnReq.Kind != kubeapiauth.DefaultAuthnKind { return nil, errors.New("authentication request kind is not TokenReview") } + if authnReq.Spec.Token == "" { return nil, errors.New("authentication request is missing Token") } + return authnReq, nil } -func (kube *KubeAPIHandlers) v1getAndVerifyUser(accessKey, secretKey string) (*types.V1AuthnResponseUser, error) { - clusterAuthToken, err := kube.clusterAuthTokensLister.Get(kube.namespace, accessKey) +func (h *KubeAPIHandlers) v1getAndVerifyUser(accessKey, secretKey string) (*types.V1AuthnResponseUser, error) { + clusterAuthToken, err := h.clusterAuthTokensLister.Get(h.namespace, accessKey) if err != nil { return nil, err } @@ -108,7 +114,7 @@ func (kube *KubeAPIHandlers) v1getAndVerifyUser(accessKey, secretKey string) (*t } userName := clusterAuthToken.UserName - clusterUserAttribute, err := kube.clusterUserAttributeLister.Get(kube.namespace, userName) + clusterUserAttribute, err := h.clusterUserAttributeLister.Get(h.namespace, userName) if err != nil { return nil, err } @@ -124,7 +130,7 @@ func (kube *KubeAPIHandlers) v1getAndVerifyUser(accessKey, secretKey string) (*t now := time.Now() var shouldUpdate bool - refreshPeriod := kube.getRefreshPeriod() + refreshPeriod := h.getRefreshPeriod() if refreshPeriod >= 0 && clusterUserAttribute.LastRefresh != "" && !clusterUserAttribute.NeedsRefresh { refresh, err := time.Parse(time.RFC3339, clusterUserAttribute.LastRefresh) if err != nil { @@ -153,7 +159,7 @@ func (kube *KubeAPIHandlers) v1getAndVerifyUser(accessKey, secretKey string) (*t }() if shouldUpdate { - _, err = kube.clusterAuthTokens.Update(clusterAuthToken) + _, err = h.clusterAuthTokens.Update(clusterAuthToken) if err != nil { return nil, fmt.Errorf("error updating clusterAuthToken %s: %w", clusterAuthToken.Name, err) } @@ -165,10 +171,10 @@ func (kube *KubeAPIHandlers) v1getAndVerifyUser(accessKey, secretKey string) (*t }, nil } -func (kube *KubeAPIHandlers) getRefreshPeriod() time.Duration { +func (h *KubeAPIHandlers) getRefreshPeriod() time.Duration { const noDefault = time.Duration(-1) - configMap, err := kube.configMapLister.Get(kube.namespace, common.AuthProviderRefreshDebounceSettingName) + configMap, err := h.configMapLister.Get(h.namespace, common.AuthProviderRefreshDebounceSettingName) if err != nil || configMap.Data == nil { return noDefault } From 0e3a0d1e2355f99ee42bf802a22e942ac6079070 Mon Sep 17 00:00:00 2001 From: Peter Matseykanets Date: Mon, 7 Oct 2024 22:25:12 -0400 Subject: [PATCH 09/10] Fix conflict --- pkg/service/handlers/v1-kube-api-authn.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/pkg/service/handlers/v1-kube-api-authn.go b/pkg/service/handlers/v1-kube-api-authn.go index f43604b..33ad305 100644 --- a/pkg/service/handlers/v1-kube-api-authn.go +++ b/pkg/service/handlers/v1-kube-api-authn.go @@ -57,11 +57,7 @@ func (h *KubeAPIHandlers) v1Authenticate(w http.ResponseWriter, r *http.Request) ReturnHTTPError(w, r, http.StatusServiceUnavailable, fmt.Sprintf("%v", err)) return } -<<<<<<< HEAD - log.Info(string(responseJSON)) -======= log.Infof(" json: %s", string(responseJSON)) ->>>>>>> 3e9854e (fixup: linter error) log.Infof(" ...authenticated %s!", accessKey) } From 7fe9e45b2c253fdbcab55361e7192af35a26c4f6 Mon Sep 17 00:00:00 2001 From: Peter Matseykanets Date: Tue, 8 Oct 2024 09:42:40 -0400 Subject: [PATCH 10/10] Bump rancher dependencies --- go.mod | 77 +++++++++++++++---------------- go.sum | 140 ++++++++++++++++++++++++++++++--------------------------- 2 files changed, 113 insertions(+), 104 deletions(-) diff --git a/go.mod b/go.mod index 8b07434..080413f 100644 --- a/go.mod +++ b/go.mod @@ -7,9 +7,9 @@ toolchain go1.23.1 replace ( github.com/docker/docker => github.com/docker/docker v20.10.27+incompatible // oras dep requires a replace is set - github.com/rancher/rancher => github.com/rancher/rancher v0.0.0-20240816072802-e7ccd8987e43 - github.com/rancher/rancher/pkg/apis => github.com/rancher/rancher/pkg/apis v0.0.0-20240816072802-e7ccd8987e43 - github.com/rancher/rancher/pkg/client => github.com/rancher/rancher/pkg/client v0.0.0-20240816072802-e7ccd8987e43 + github.com/rancher/rancher => github.com/rancher/rancher v0.0.0-20241004204441-d3c434633444 + github.com/rancher/rancher/pkg/apis => github.com/rancher/rancher/pkg/apis v0.0.0-20241004204441-d3c434633444 + github.com/rancher/rancher/pkg/client => github.com/rancher/rancher/pkg/client v0.0.0-20241004204441-d3c434633444 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc => go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.44.0 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp => go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 @@ -55,10 +55,10 @@ replace ( require ( github.com/gorilla/mux v1.8.1 - github.com/rancher/norman v0.0.0-20240708202514-a0127673d1b9 + github.com/rancher/norman v0.0.0-20240822182819-60ccfabc4ac5 github.com/rancher/rancher v0.0.0-20240730202829-9e0cc54e7e3a github.com/sirupsen/logrus v1.9.3 - github.com/urfave/cli v1.22.14 + github.com/urfave/cli v1.22.15 k8s.io/apimachinery v0.30.3 ) @@ -69,13 +69,13 @@ require ( github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver v1.5.0 // indirect - github.com/Masterminds/semver/v3 v3.2.1 // indirect + github.com/Masterminds/semver/v3 v3.3.0 // indirect github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect github.com/Microsoft/hcsshim v0.12.0-rc.3 // indirect - github.com/adrg/xdg v0.4.0 // indirect + github.com/adrg/xdg v0.5.0 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/aws/aws-sdk-go v1.50.38 // indirect + github.com/aws/aws-sdk-go v1.55.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/blang/semver/v4 v4.0.0 // indirect @@ -83,12 +83,12 @@ require ( github.com/bugsnag/bugsnag-go v2.1.2+incompatible // indirect github.com/bugsnag/panicwrap v0.0.0-20160118154447-aceac81c6e2f // indirect github.com/cenkalti/backoff/v4 v4.2.1 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect github.com/containerd/containerd v1.7.12 // indirect github.com/containerd/log v0.1.0 // indirect github.com/coreos/go-semver v0.3.1 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/cyphar/filepath-securejoin v0.2.5 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.5.0 // indirect @@ -101,14 +101,14 @@ require ( github.com/docker/go-units v0.5.0 // indirect github.com/dustin/go-humanize v1.0.1 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect - github.com/evanphx/json-patch v5.7.0+incompatible // indirect + github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect github.com/fatih/color v1.16.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect - github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect @@ -174,18 +174,18 @@ require ( github.com/prometheus/procfs v0.12.0 // indirect github.com/rancher/aks-operator v1.9.0 // indirect github.com/rancher/apiserver v0.0.0-20240708202538-39a6f2535146 // indirect - github.com/rancher/dynamiclistener v0.6.0 // indirect + github.com/rancher/dynamiclistener v0.6.1-rc.1 // indirect github.com/rancher/eks-operator v1.9.0 // indirect github.com/rancher/fleet/pkg/apis v0.10.0 // indirect github.com/rancher/gke-operator v1.9.0 // indirect github.com/rancher/kubernetes-provider-detector v0.1.5 // indirect - github.com/rancher/lasso v0.0.0-20240705194423-b2a060d103c1 // indirect + github.com/rancher/lasso v0.0.0-20240923125127-ae858d002589 // indirect github.com/rancher/rancher/pkg/apis v0.0.0-20240719121207-baeda6b89fe3 // indirect github.com/rancher/rancher/pkg/client v0.0.0 // indirect github.com/rancher/remotedialer v0.4.0 // indirect github.com/rancher/rke v1.6.0 // indirect - github.com/rancher/steve v0.0.0-20240709130809-47871606146c // indirect - github.com/rancher/wrangler/v3 v3.0.0 // indirect + github.com/rancher/steve v0.0.0-20240913181958-99e479ba0f08 // indirect + github.com/rancher/wrangler/v3 v3.0.1-rc.1 // indirect github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect github.com/rivo/uniseg v0.4.4 // indirect github.com/rubenv/sql-migrate v1.5.2 // indirect @@ -198,29 +198,30 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/xlab/treeprint v1.2.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.0 // indirect - go.opentelemetry.io/otel v1.23.1 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect + go.opentelemetry.io/otel v1.29.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.23.1 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.20.0 // indirect - go.opentelemetry.io/otel/metric v1.23.1 // indirect + go.opentelemetry.io/otel/metric v1.29.0 // indirect go.opentelemetry.io/otel/sdk v1.23.1 // indirect - go.opentelemetry.io/otel/trace v1.23.1 // indirect + go.opentelemetry.io/otel/trace v1.29.0 // indirect go.opentelemetry.io/proto/otlp v1.1.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect - golang.org/x/crypto v0.25.0 // indirect - golang.org/x/mod v0.19.0 // indirect - golang.org/x/net v0.27.0 // indirect - golang.org/x/oauth2 v0.21.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.22.0 // indirect - golang.org/x/term v0.22.0 // indirect - golang.org/x/text v0.16.0 // indirect - golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.23.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect - google.golang.org/grpc v1.61.0 // indirect - google.golang.org/protobuf v1.33.0 // indirect + golang.org/x/crypto v0.26.0 // indirect + golang.org/x/mod v0.20.0 // indirect + golang.org/x/net v0.28.0 // indirect + golang.org/x/oauth2 v0.22.0 // indirect + golang.org/x/sync v0.8.0 // indirect + golang.org/x/sys v0.25.0 // indirect + golang.org/x/term v0.23.0 // indirect + golang.org/x/text v0.17.0 // indirect + golang.org/x/time v0.6.0 // indirect + golang.org/x/tools v0.24.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect + google.golang.org/grpc v1.66.0 // indirect + google.golang.org/protobuf v1.34.2 // indirect + gopkg.in/evanphx/json-patch.v5 v5.6.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect @@ -239,7 +240,7 @@ require ( k8s.io/kube-openapi v0.0.0-20240411171206-dc4e619f62f3 // indirect k8s.io/kubectl v0.30.1 // indirect k8s.io/kubernetes v1.30.1 // indirect - k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect + k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 // indirect modernc.org/libc v1.49.3 // indirect modernc.org/mathutil v1.6.0 // indirect @@ -250,11 +251,11 @@ require ( oras.land/oras-go v1.2.4 // indirect oras.land/oras-go/v2 v2.4.0 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect - sigs.k8s.io/cli-utils v0.35.0 // indirect + sigs.k8s.io/cli-utils v0.37.2 // indirect sigs.k8s.io/cluster-api v1.7.3 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect - sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect + sigs.k8s.io/kustomize/api v0.15.0 // indirect + sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index d878e26..7830630 100644 --- a/go.sum +++ b/go.sum @@ -1181,8 +1181,8 @@ github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy86 github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= -github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= +github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM= @@ -1195,8 +1195,8 @@ github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb0 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= -github.com/adrg/xdg v0.4.0 h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls= -github.com/adrg/xdg v0.4.0/go.mod h1:N6ag73EX4wyxeaoeHctc1mas01KZgsj5tYiAIwqJE/E= +github.com/adrg/xdg v0.5.0 h1:dDaZvhMXatArP1NPHhnfaQUqWBLBsmx1h1HXQdMoFCY= +github.com/adrg/xdg v0.5.0/go.mod h1:dDdY4M4DF9Rjy4kHPeNL+ilVF+p2lK8IdM9/rTSGcI4= github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm/4RlzPXRlREEwqTHAN3T56Bv2ITsFT3gY= github.com/ajstarks/deck/generate v0.0.0-20210309230005-c3f852c02e19/go.mod h1:T13YZdzov6OU0A1+RfKZiZN9ca6VeKdBdyDV+BY97Tk= github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= @@ -1214,8 +1214,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/aws/aws-sdk-go v1.50.38 h1:h8wxaLin7sFGK4sKassc1VpNcDbgAAEQJ5PHjqLAvXQ= -github.com/aws/aws-sdk-go v1.50.38/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= +github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -1242,8 +1242,9 @@ github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= @@ -1278,9 +1279,9 @@ github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= @@ -1340,8 +1341,8 @@ github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6Ni github.com/envoyproxy/protoc-gen-validate v1.0.1/go.mod h1:0vj8bNkYbSTNS2PIyH87KZaeN4x9zpL9Qt8fQC7d+vs= github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= -github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= +github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= @@ -1383,8 +1384,9 @@ github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= @@ -1786,8 +1788,9 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY= github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= @@ -1816,8 +1819,8 @@ github.com/rancher/aks-operator v1.9.0 h1:5/IzRP1mOcDncZMTP67n9OFviXqNKlhrxQL8lm github.com/rancher/aks-operator v1.9.0/go.mod h1:JPkilTHa1Exq8VILHOmcxapgHcr9RfPVm7BqjzveMXg= github.com/rancher/apiserver v0.0.0-20240708202538-39a6f2535146 h1:6I4Z7PAGmned9+EYxbMS7kvajId3r8+ZwAR5wB7X3kg= github.com/rancher/apiserver v0.0.0-20240708202538-39a6f2535146/go.mod h1:ZNk+LcRGwQYHqgbsJijRrI49KFbX31/QzoUBq4rAeV0= -github.com/rancher/dynamiclistener v0.6.0 h1:M7x8Nq+GY0UORULANuW/AH1ocnyZaqlmTuviMQAHL1Q= -github.com/rancher/dynamiclistener v0.6.0/go.mod h1:7VNEQhAwzbYJ08S1MYb6B4vili6K7CcrG4cNZXq1j+s= +github.com/rancher/dynamiclistener v0.6.1-rc.1 h1:EGmTpPzSI5LHj35Wg3NHFmKSbZdzNuh5zptws1jo/yo= +github.com/rancher/dynamiclistener v0.6.1-rc.1/go.mod h1:7VNEQhAwzbYJ08S1MYb6B4vili6K7CcrG4cNZXq1j+s= github.com/rancher/eks-operator v1.9.0 h1:48BthcGhZa9GAXcQgY9bZctfWBhh4Ii3wt4BOOtEWrk= github.com/rancher/eks-operator v1.9.0/go.mod h1:W2BZXb5DJP9q34hgTey0MWOzdMU526fAdGI0iVGGhhU= github.com/rancher/fleet/pkg/apis v0.10.0 h1:0f8OEghEDJNzvUAR2fpg2dw8EnAgfWvkhnwsYFS9G+w= @@ -1828,24 +1831,24 @@ github.com/rancher/helm/v3 v3.15.1-rancher2 h1:yrMhOjghReT3O+xt/Yb6hhmZgQrgWgBWJ github.com/rancher/helm/v3 v3.15.1-rancher2/go.mod h1:fvfoRcB8UKRUV5jrIfOTaN/pG1TPhuqSb56fjYdTKXg= github.com/rancher/kubernetes-provider-detector v0.1.5 h1:hWRAsWuJOemzGjz/XrbTlM7QmfO4OedvFE3QwXiH60I= github.com/rancher/kubernetes-provider-detector v0.1.5/go.mod h1:ypuJS7kP7rUiAn330xG46mj+Nhvym05GM8NqMVekpH0= -github.com/rancher/lasso v0.0.0-20240705194423-b2a060d103c1 h1:vv1jDlYbd4KhGbPNxmjs8CYgEHUrQm2bMtmULfXJ6iw= -github.com/rancher/lasso v0.0.0-20240705194423-b2a060d103c1/go.mod h1:A/y3BLQkxZXYD60MNDRwAG9WGxXfvd6Z6gWR/a8wPw8= -github.com/rancher/norman v0.0.0-20240708202514-a0127673d1b9 h1:AlRMRs5mHJcdiK83KKJyFVeybPMZ7dOUzC0l3k9aUa8= -github.com/rancher/norman v0.0.0-20240708202514-a0127673d1b9/go.mod h1:dyjfXBsNiroPWOdUZe7diUOUSLf6HQ/r2kEpwH/8zas= -github.com/rancher/rancher v0.0.0-20240816072802-e7ccd8987e43 h1:JZn0gqfwU9rSdADO449DRVw08JNshQ7Ls+oNd586bKY= -github.com/rancher/rancher v0.0.0-20240816072802-e7ccd8987e43/go.mod h1:8/izftiVUTgiW28E2MdSwt8YR4sElL0GZ4BgMCHA0Rg= -github.com/rancher/rancher/pkg/apis v0.0.0-20240816072802-e7ccd8987e43 h1:RiZIfvAKgbUzEBCRUn7WR1ZaixXZhZb0yS3dAA7tUYU= -github.com/rancher/rancher/pkg/apis v0.0.0-20240816072802-e7ccd8987e43/go.mod h1:aQ7WsDz/lGZlBVr2g5V7N0zViuXnDFdo2TYXFKYDBQ4= -github.com/rancher/rancher/pkg/client v0.0.0-20240816072802-e7ccd8987e43 h1:UONulfCd8/E1TiJAnDfY+0SSl3ANdrwWAQOiZ1a+A3A= -github.com/rancher/rancher/pkg/client v0.0.0-20240816072802-e7ccd8987e43/go.mod h1:A+DTKG05BZs1mOoCIB6UpiKo7j0dC6kSz3mgYju9Q20= +github.com/rancher/lasso v0.0.0-20240923125127-ae858d002589 h1:c3IIzpVo5Jhd1T7Dih/kbEueWC21j4xTZ5EQO9rhTUg= +github.com/rancher/lasso v0.0.0-20240923125127-ae858d002589/go.mod h1:+GJaJqWpk1MZYCDrMC+4Jee0M/aScoru5T8V2A//rgg= +github.com/rancher/norman v0.0.0-20240822182819-60ccfabc4ac5 h1:Z34NXcW0ymdpVBfd1R0vvqTXBh1gCOdPNFtB+RUahQw= +github.com/rancher/norman v0.0.0-20240822182819-60ccfabc4ac5/go.mod h1:dyjfXBsNiroPWOdUZe7diUOUSLf6HQ/r2kEpwH/8zas= +github.com/rancher/rancher v0.0.0-20241004204441-d3c434633444 h1:zR+6WlM4XP5J8sqWgQ+gha9mv8PDMP30lXopQzg5swU= +github.com/rancher/rancher v0.0.0-20241004204441-d3c434633444/go.mod h1:SsFO8CrIdOZI8aQIza6xz3mAQVxps0xq3faXw+gSMaA= +github.com/rancher/rancher/pkg/apis v0.0.0-20241004204441-d3c434633444 h1:LaX543Dc3nCVk4cdGtP//VUEIrwvPpyUHBJxqQjsHh8= +github.com/rancher/rancher/pkg/apis v0.0.0-20241004204441-d3c434633444/go.mod h1:jf7wsL96vcuYNcW6qwyMybO/nucgp2Tx1xvu3cBP/qk= +github.com/rancher/rancher/pkg/client v0.0.0-20241004204441-d3c434633444 h1:gOUjkqVGq8M5glHK2xSbSoUX/oLyxe3NLnb6ULTYQm4= +github.com/rancher/rancher/pkg/client v0.0.0-20241004204441-d3c434633444/go.mod h1:A+DTKG05BZs1mOoCIB6UpiKo7j0dC6kSz3mgYju9Q20= github.com/rancher/remotedialer v0.4.0 h1:T9yC5bFMsZFVQ6rK0dNrRg6rRb6Zr/4vsig8S0IJ7ak= github.com/rancher/remotedialer v0.4.0/go.mod h1:Ys004RpJuTLSm+k4aYUCoFiOOad37ubYev3TkOFg/5w= github.com/rancher/rke v1.6.0 h1:fHdygmtPF1cWXuiYXfwgG4hKvt0n4l57SwCxquRJSfs= github.com/rancher/rke v1.6.0/go.mod h1:5xRbf3L8PxqJRhABjYRfaBqbpVqAnqyH3maUNQEuwvk= -github.com/rancher/steve v0.0.0-20240709130809-47871606146c h1:PIaN0/KUyGcqEcT6GyjUidld2lgGkGxS4dmC3Je3dFs= -github.com/rancher/steve v0.0.0-20240709130809-47871606146c/go.mod h1:Za4nSt0V6kIHRfUo6jTXKkv6ABMMCHINA8EzhzygCfk= -github.com/rancher/wrangler/v3 v3.0.0 h1:IHHCA+vrghJDPxjtLk4fmeSCFhNe9fFzLFj3m2B0YpA= -github.com/rancher/wrangler/v3 v3.0.0/go.mod h1:Dfckuuq7MJk2JWVBDywRlZXMxEyPxHy4XqGrPEzu5Eg= +github.com/rancher/steve v0.0.0-20240913181958-99e479ba0f08 h1:USBSXHQ76GeX6AFsqO9VvtjT8C5zOBFdqWHkrWbRD40= +github.com/rancher/steve v0.0.0-20240913181958-99e479ba0f08/go.mod h1:lrDjQ2gl+66qIThaaJXl2auC16Ng8Rg9r5ty6ms50P8= +github.com/rancher/wrangler/v3 v3.0.1-rc.1 h1:urJtho0sL4bZxgw7w1P9tabzDVcZyzzReFw+znCaqWc= +github.com/rancher/wrangler/v3 v3.0.1-rc.1/go.mod h1:cGBYMrchAW13we6LlubfXAv1EJ3z0QzsXiGKTPr+IXg= github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE= github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= @@ -1905,8 +1908,8 @@ github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk= -github.com/urfave/cli v1.22.14/go.mod h1:X0eDS6pD6Exaclxm99NJ3FiCDRED7vIHpx2mDOHLvkA= +github.com/urfave/cli v1.22.15 h1:nuqt+pdC/KqswQKhETJjo7pvn/k4xMUxgW6liI7XpnM= +github.com/urfave/cli v1.22.15/go.mod h1:wSan1hmo5zeyLGBjRJbzRTNk8gwoYa2B9n4q9dmRIc0= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= @@ -1961,6 +1964,8 @@ go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93V go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU= +go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -1984,8 +1989,8 @@ golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= -golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= +golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= +golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2051,8 +2056,8 @@ golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= -golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= +golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2128,8 +2133,8 @@ golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= -golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= +golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= +golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2164,8 +2169,8 @@ golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQ golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= -golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= -golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA= +golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2187,8 +2192,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2251,7 +2256,6 @@ golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2291,8 +2295,8 @@ golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240208230135-b75ee8823808/go.mod h1:KG1lNk5ZFNssSZLrpVb4sMXKMpGwGXOxSG3rnu2gZQQ= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -2313,8 +2317,8 @@ golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= -golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= +golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= +golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2336,16 +2340,16 @@ golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= +golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -2422,8 +2426,8 @@ golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58 golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= -golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= -golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= +golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= +golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -2665,7 +2669,6 @@ google.golang.org/genproto v0.0.0-20231030173426-d783a09b4405/go.mod h1:3WDQMjmJ google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY= google.golang.org/genproto v0.0.0-20231120223509-83a465c0220f/go.mod h1:nWSwAFPb+qfNJXsoeO3Io7zf4tMSfN8EA8RlDA04GhY= google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3/go.mod h1:5RBcpGRxr25RbDzY5w+dmaqpSEvl8Gwl1x2CICf60ic= -google.golang.org/genproto v0.0.0-20231212172506-995d672761c0 h1:YJ5pD9rF8o9Qtta0Cmy9rdBwkSjrTCT6XTiUQVOtIos= google.golang.org/genproto v0.0.0-20231212172506-995d672761c0/go.mod h1:l/k7rMz0vFTBPy+tFSGvXEd3z+BcoG1k7EHbqm+YBsY= google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= @@ -2686,8 +2689,9 @@ google.golang.org/genproto/googleapis/api v0.0.0-20231030173426-d783a09b4405/go. google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4= google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f/go.mod h1:Uy9bTZJqmfrw2rIBxgGLnamc78euZULUBrLZ9XTITKI= google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3/go.mod h1:k2dtGpRrbsSyKcNPKKI5sstZkrNCZwpU/ns96JoHbGg= -google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 h1:rcS6EyEaoCO52hQDupoSfrxI3R6C2Tq741is7X8OvnM= google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917/go.mod h1:CmlNWB9lSezaYELKS5Ym1r44VrrbPUa7JTvw+6MbpJ0= +google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed h1:3RgNmBoI9MZhsj3QxC+AP/qQhNwpCLOvYDYYsFrhFt0= +google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:OCdP9MfskevB/rbYvHTsXTtKC+3bHWajPdoKgjcYkfo= google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA= google.golang.org/genproto/googleapis/bytestream v0.0.0-20230807174057-1744710a1577/go.mod h1:NjCQG/D8JandXxM57PZbAJL1DCNL6EypA0vPPwfsc7c= google.golang.org/genproto/googleapis/bytestream v0.0.0-20231030173426-d783a09b4405/go.mod h1:GRUCuLdzVqZte8+Dl/D4N25yLzcGqqWaYkeVOwulFqw= @@ -2711,8 +2715,9 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go. google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f/go.mod h1:L9KNLi232K1/xB6f7AlSX692koaRnKaWSR0stBki0Yc= google.golang.org/genproto/googleapis/rpc v0.0.0-20231211222908-989df2bf70f3/go.mod h1:eJVxU6o+4G1PSczBr85xmyvSNYAKvAYgkub40YGomFM= google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0/go.mod h1:FUoWkonphQm3RhTS+kOEhF8h0iDpm4tdXolVCeZ9KKA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 h1:6G8oQ016D88m1xAKljMlBOOGWDZkes4kMhgGFlf8WcQ= google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -2761,8 +2766,8 @@ google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSs google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= google.golang.org/grpc v1.60.0/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM= google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM= -google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0= -google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= +google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -2783,14 +2788,17 @@ google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/evanphx/json-patch.v5 v5.6.0 h1:BMT6KIwBD9CaU91PJCZIe46bDmBWa9ynTQgJIOpfQBk= +gopkg.in/evanphx/json-patch.v5 v5.6.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= @@ -2849,8 +2857,8 @@ k8s.io/kubectl v0.30.3/go.mod h1:IcR0I9RN2+zzTRUa1BzZCm4oM0NLOawE6RzlDvd1Fpo= k8s.io/kubernetes v1.30.3 h1:A0qoXI1YQNzrQZiff33y5zWxYHFT/HeZRK98/sRDJI0= k8s.io/kubernetes v1.30.3/go.mod h1:yPbIk3MhmhGigX62FLJm+CphNtjxqCvAIFQXup6RKS0= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= lukechampine.com/uint128 v1.2.0/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= modernc.org/cc/v3 v3.36.0/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= @@ -2936,16 +2944,16 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4= -sigs.k8s.io/cli-utils v0.35.0 h1:dfSJaF1W0frW74PtjwiyoB4cwdRygbHnC7qe7HF0g/Y= -sigs.k8s.io/cli-utils v0.35.0/go.mod h1:ITitykCJxP1vaj1Cew/FZEaVJ2YsTN9Q71m02jebkoE= +sigs.k8s.io/cli-utils v0.37.2 h1:GOfKw5RV2HDQZDJlru5KkfLO1tbxqMoyn1IYUxqBpNg= +sigs.k8s.io/cli-utils v0.37.2/go.mod h1:V+IZZr4UoGj7gMJXklWBg6t5xbdThFBcpj4MrZuCYco= sigs.k8s.io/cluster-api v1.7.3 h1:DsSRxsA+18jxLqPAo29abZ9kOPK1/xwhSuQb/MROzSs= sigs.k8s.io/cluster-api v1.7.3/go.mod h1:V9ZhKLvQtsDODwjXOKgbitjyCmC71yMBwDcMyNNIov0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0= -sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3/go.mod h1:9n16EZKMhXBNSiUC5kSdFQJkdH3zbxS/JoO619G1VAY= -sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 h1:W6cLQc5pnqM7vh3b7HvGNfXrJ/xL6BDMS0v1V/HHg5U= -sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3/go.mod h1:JWP1Fj0VWGHyw3YUPjXSQnRnrwezrZSrApfX5S0nIag= +sigs.k8s.io/kustomize/api v0.15.0 h1:6Ca88kEOBVotHDw+y2IsIMYtg9Pvv7MKpW9JMyF/OH4= +sigs.k8s.io/kustomize/api v0.15.0/go.mod h1:p19kb+E14gN7zcIBR/nhByJDAfUa7N8mp6ZdH/mMXbg= +sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ= +sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=