diff --git a/go.mod b/go.mod index 7d3619fc5b..cb1c4f96f7 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,8 @@ module k8s.io/client-go go 1.19 require ( + github.com/Azure/go-autorest/autorest v0.11.27 + github.com/Azure/go-autorest/autorest/adal v0.9.20 github.com/davecgh/go-spew v1.1.1 github.com/evanphx/json-patch v4.12.0+incompatible github.com/gogo/protobuf v1.3.2 @@ -24,8 +26,8 @@ require ( golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 google.golang.org/protobuf v1.28.0 - k8s.io/api v0.0.0-20220807235320-860821164923 - k8s.io/apimachinery v0.0.0-20220805001719-117bd9b56ec3 + k8s.io/api v0.0.0 + k8s.io/apimachinery v0.0.0 k8s.io/klog/v2 v2.70.1 k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed @@ -34,6 +36,11 @@ require ( ) require ( + cloud.google.com/go v0.97.0 // indirect + github.com/Azure/go-autorest v14.2.0+incompatible // indirect + github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect + github.com/Azure/go-autorest/logger v0.2.1 // indirect + github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect github.com/emicklei/go-restful/v3 v3.8.0 // indirect @@ -41,6 +48,7 @@ require ( github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.19.5 // indirect github.com/go-openapi/swag v0.19.14 // indirect + github.com/golang-jwt/jwt/v4 v4.2.0 // indirect github.com/google/btree v1.0.1 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect @@ -51,6 +59,7 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect + golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd // indirect golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect golang.org/x/text v0.3.7 // indirect google.golang.org/appengine v1.6.7 // indirect @@ -61,6 +70,7 @@ require ( ) replace ( - k8s.io/api => k8s.io/api v0.0.0-20220807235320-860821164923 - k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20220805001719-117bd9b56ec3 + k8s.io/api => ../api + k8s.io/apimachinery => ../apimachinery + k8s.io/client-go => ../client-go ) diff --git a/go.sum b/go.sum index eae15591cb..a4a22add39 100644 --- a/go.sum +++ b/go.sum @@ -13,6 +13,19 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= +cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= +cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= +cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= +cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= +cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= +cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= +cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= +cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= +cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= +cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= +cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= +cloud.google.com/go v0.97.0 h1:3DXvAyifywvq64LfkKaMOmkWPS1CikIQdMe2lY9vxU8= +cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -31,19 +44,41 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= +github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= +github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= +github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= +github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= +github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg= +github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= +github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= +github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= +github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw= +github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= +github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= +github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= +github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -55,9 +90,14 @@ github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= +github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -75,6 +115,9 @@ github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5F github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU= +github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -88,6 +131,8 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= +github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= +github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -101,9 +146,12 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= @@ -117,6 +165,9 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= @@ -125,6 +176,8 @@ github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -132,17 +185,27 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= @@ -183,7 +246,9 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= @@ -199,16 +264,24 @@ github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= +go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= +go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38= +golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -231,6 +304,8 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= @@ -239,6 +314,9 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -267,6 +345,15 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b h1:PxfKdU9lEEDYjdIzOtC4qFWgkU2rGHdKlKowJSMN9h0= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -274,6 +361,16 @@ golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -285,6 +382,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -310,9 +409,30 @@ golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -320,6 +440,9 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -368,7 +491,18 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= +golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= +golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -390,6 +524,18 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= +google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= +google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= +google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= +google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= +google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= +google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= +google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= +google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= +google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= +google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= +google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= +google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -421,13 +567,39 @@ google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= +google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= +google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= +google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= +google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= +google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= +google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -440,6 +612,20 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= +google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= +google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= +google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= +google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= +google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -452,6 +638,7 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -463,6 +650,7 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= @@ -477,10 +665,6 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.0.0-20220807235320-860821164923 h1:nDGbaAze/PQhS5Br0Q506rBEBVOlniVO7Mzjq1h9eOY= -k8s.io/api v0.0.0-20220807235320-860821164923/go.mod h1:cuE2+aKfcxEMeHx/NuUKIL3aRJhth7/K9wlCf+3Q3+s= -k8s.io/apimachinery v0.0.0-20220805001719-117bd9b56ec3 h1:Ru2oqar5qMV68dM0G6OEZs2C7qtydpReZ2dHsXpu/Kw= -k8s.io/apimachinery v0.0.0-20220805001719-117bd9b56ec3/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB0= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ= k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= diff --git a/plugin/pkg/client/auth/azure/README.md b/plugin/pkg/client/auth/azure/README.md new file mode 100644 index 0000000000..096f99e1d2 --- /dev/null +++ b/plugin/pkg/client/auth/azure/README.md @@ -0,0 +1,56 @@ +# Azure Active Directory plugin for client authentication + +This plugin provides an integration with Azure Active Directory device flow. If no tokens are present in the kubectl configuration, it will prompt a device code which can be used to login in a browser. After login it will automatically fetch the tokens and store them in the kubectl configuration. In addition it will refresh and update the tokens in the configuration when expired. + +## Usage + +1. Create an Azure Active Directory *Web App / API* application for `apiserver` following these [instructions](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-app-registration). The callback URL does not matter (just cannot be empty). + +2. Create a second Azure Active Directory native application for `kubectl`. The callback URL does not matter (just cannot be empty). + +3. On `kubectl` application's configuration page in Azure portal grant permissions to `apiserver` application by clicking on *Required Permissions*, click the *Add* button and search for the apiserver application created in step 1. Select "Access apiserver" under the *DELEGATED PERMISSIONS*. Once added click the *Grant Permissions* button to apply the changes. + +4. Configure the `apiserver` to use the Azure Active Directory as an OIDC provider with following options + + ``` + --oidc-client-id="spn:APISERVER_APPLICATION_ID" \ + --oidc-issuer-url="https://sts.windows.net/TENANT_ID/" + --oidc-username-claim="sub" + ``` + + * Replace the `APISERVER_APPLICATION_ID` with the application ID of `apiserver` application + * Replace `TENANT_ID` with your tenant ID. +   * For a list of alternative username claims that are supported by the OIDC issuer check the JSON response at `https://sts.windows.net/TENANT_ID/.well-known/openid-configuration`. + +5. Configure `kubectl` to use the `azure` authentication provider + + ``` + kubectl config set-credentials "USER_NAME" --auth-provider=azure \ + --auth-provider-arg=environment=AzurePublicCloud \ + --auth-provider-arg=client-id=APPLICATION_ID \ + --auth-provider-arg=tenant-id=TENANT_ID \ + --auth-provider-arg=apiserver-id=APISERVER_APPLICATION_ID + ``` + + * Supported environments: `AzurePublicCloud`, `AzureUSGovernmentCloud`, `AzureChinaCloud`, `AzureGermanCloud` + * Replace `USER_NAME` and `TENANT_ID` with your user name and tenant ID + * Replace `APPLICATION_ID` with the application ID of your`kubectl` application ID + * Replace `APISERVER_APPLICATION_ID` with the application ID of your `apiserver` application ID + * Be sure to also (create and) select a context that uses above user + +6. (Optionally) the AAD token has `aud` claim with `spn:` prefix. To omit that, add following auth configuration: + + ``` + --auth-provider-arg=config-mode="1" + ``` + + 7. The access token is acquired when first `kubectl` command is executed + + ``` + kubectl get pods + + To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code DEC7D48GA to authenticate. + ``` + + * After signing in a web browser, the token is stored in the configuration, and it will be reused when executing further commands. + * The resulting username in Kubernetes depends on your [configuration of the `--oidc-username-claim` and `--oidc-username-prefix` flags on the API server](https://kubernetes.io/docs/admin/authentication/#configuring-the-api-server). If you are using any authorization method you need to give permissions to that user, e.g. by binding the user to a role in the case of RBAC. diff --git a/plugin/pkg/client/auth/azure/azure.go b/plugin/pkg/client/auth/azure/azure.go new file mode 100644 index 0000000000..5b679b16dc --- /dev/null +++ b/plugin/pkg/client/auth/azure/azure.go @@ -0,0 +1,477 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package azure + +import ( + "encoding/json" + "errors" + "fmt" + "net/http" + "os" + "strconv" + "sync" + + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/adal" + "github.com/Azure/go-autorest/autorest/azure" + "k8s.io/klog/v2" + + "k8s.io/apimachinery/pkg/util/net" + restclient "k8s.io/client-go/rest" +) + +type configMode int + +const ( + azureTokenKey = "azureTokenKey" + tokenType = "Bearer" + authHeader = "Authorization" + + cfgClientID = "client-id" + cfgTenantID = "tenant-id" + cfgAccessToken = "access-token" + cfgRefreshToken = "refresh-token" + cfgExpiresIn = "expires-in" + cfgExpiresOn = "expires-on" + cfgEnvironment = "environment" + cfgApiserverID = "apiserver-id" + cfgConfigMode = "config-mode" + + configModeDefault configMode = 0 + configModeOmitSPNPrefix configMode = 1 +) + +func init() { + if err := restclient.RegisterAuthProviderPlugin("azure", newAzureAuthProvider); err != nil { + klog.Fatalf("Failed to register azure auth plugin: %v", err) + } +} + +var cache = newAzureTokenCache() + +type azureTokenCache struct { + lock sync.Mutex + cache map[string]*azureToken +} + +func newAzureTokenCache() *azureTokenCache { + return &azureTokenCache{cache: make(map[string]*azureToken)} +} + +func (c *azureTokenCache) getToken(tokenKey string) *azureToken { + c.lock.Lock() + defer c.lock.Unlock() + return c.cache[tokenKey] +} + +func (c *azureTokenCache) setToken(tokenKey string, token *azureToken) { + c.lock.Lock() + defer c.lock.Unlock() + c.cache[tokenKey] = token +} + +var warnOnce sync.Once + +func newAzureAuthProvider(_ string, cfg map[string]string, persister restclient.AuthProviderConfigPersister) (restclient.AuthProvider, error) { + // deprecated in v1.22, remove in v1.25 + warnOnce.Do(func() { + klog.Warningf(`WARNING: the azure auth plugin is deprecated in v1.22+, unavailable in v1.25+; use https://github.com/Azure/kubelogin instead. +To learn more, consult https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins`) + }) + + var ( + ts tokenSource + environment azure.Environment + err error + mode configMode + ) + + environment, err = azure.EnvironmentFromName(cfg[cfgEnvironment]) + if err != nil { + environment = azure.PublicCloud + } + + mode = configModeDefault + if cfg[cfgConfigMode] != "" { + configModeInt, err := strconv.Atoi(cfg[cfgConfigMode]) + if err != nil { + return nil, fmt.Errorf("failed to parse %s, error: %s", cfgConfigMode, err) + } + mode = configMode(configModeInt) + switch mode { + case configModeOmitSPNPrefix: + case configModeDefault: + default: + return nil, fmt.Errorf("%s:%s is not a valid mode", cfgConfigMode, cfg[cfgConfigMode]) + } + } + ts, err = newAzureTokenSourceDeviceCode(environment, cfg[cfgClientID], cfg[cfgTenantID], cfg[cfgApiserverID], mode) + if err != nil { + return nil, fmt.Errorf("creating a new azure token source for device code authentication: %v", err) + } + cacheSource := newAzureTokenSource(ts, cache, cfg, mode, persister) + + return &azureAuthProvider{ + tokenSource: cacheSource, + }, nil +} + +type azureAuthProvider struct { + tokenSource tokenSource +} + +func (p *azureAuthProvider) Login() error { + return errors.New("not yet implemented") +} + +func (p *azureAuthProvider) WrapTransport(rt http.RoundTripper) http.RoundTripper { + return &azureRoundTripper{ + tokenSource: p.tokenSource, + roundTripper: rt, + } +} + +type azureRoundTripper struct { + tokenSource tokenSource + roundTripper http.RoundTripper +} + +var _ net.RoundTripperWrapper = &azureRoundTripper{} + +func (r *azureRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { + if len(req.Header.Get(authHeader)) != 0 { + return r.roundTripper.RoundTrip(req) + } + + token, err := r.tokenSource.Token() + if err != nil { + klog.Errorf("Failed to acquire a token: %v", err) + return nil, fmt.Errorf("acquiring a token for authorization header: %v", err) + } + + // clone the request in order to avoid modifying the headers of the original request + req2 := new(http.Request) + *req2 = *req + req2.Header = make(http.Header, len(req.Header)) + for k, s := range req.Header { + req2.Header[k] = append([]string(nil), s...) + } + + req2.Header.Set(authHeader, fmt.Sprintf("%s %s", tokenType, token.token.AccessToken)) + + return r.roundTripper.RoundTrip(req2) +} + +func (r *azureRoundTripper) WrappedRoundTripper() http.RoundTripper { return r.roundTripper } + +type azureToken struct { + token adal.Token + environment string + clientID string + tenantID string + apiserverID string +} + +type tokenSource interface { + Token() (*azureToken, error) + Refresh(*azureToken) (*azureToken, error) +} + +type azureTokenSource struct { + source tokenSource + cache *azureTokenCache + lock sync.Mutex + configMode configMode + cfg map[string]string + persister restclient.AuthProviderConfigPersister +} + +func newAzureTokenSource(source tokenSource, cache *azureTokenCache, cfg map[string]string, configMode configMode, persister restclient.AuthProviderConfigPersister) tokenSource { + return &azureTokenSource{ + source: source, + cache: cache, + cfg: cfg, + persister: persister, + configMode: configMode, + } +} + +// Token fetches a token from the cache of configuration if present otherwise +// acquires a new token from the configured source. Automatically refreshes +// the token if expired. +func (ts *azureTokenSource) Token() (*azureToken, error) { + ts.lock.Lock() + defer ts.lock.Unlock() + + var err error + token := ts.cache.getToken(azureTokenKey) + + if token != nil && !token.token.IsExpired() { + return token, nil + } + + // retrieve from config if no cache + if token == nil { + tokenFromCfg, err := ts.retrieveTokenFromCfg() + + if err == nil { + token = tokenFromCfg + } + } + + if token != nil { + // cache and return if the token is as good + // avoids frequent persistor calls + if !token.token.IsExpired() { + ts.cache.setToken(azureTokenKey, token) + return token, nil + } + + klog.V(4).Info("Refreshing token.") + tokenFromRefresh, err := ts.Refresh(token) + switch { + case err == nil: + token = tokenFromRefresh + case autorest.IsTokenRefreshError(err): + klog.V(4).Infof("Failed to refresh expired token, proceed to auth: %v", err) + // reset token to nil so that the token source will be used to acquire new + token = nil + default: + return nil, fmt.Errorf("unexpected error when refreshing token: %v", err) + } + } + + if token == nil { + tokenFromSource, err := ts.source.Token() + if err != nil { + return nil, fmt.Errorf("failed acquiring new token: %v", err) + } + token = tokenFromSource + } + + // sanity check + if token == nil { + return nil, fmt.Errorf("unable to acquire token") + } + + // corner condition, newly got token is valid but expired + if token.token.IsExpired() { + return nil, fmt.Errorf("newly acquired token is expired") + } + + err = ts.storeTokenInCfg(token) + if err != nil { + return nil, fmt.Errorf("storing the refreshed token in configuration: %v", err) + } + ts.cache.setToken(azureTokenKey, token) + + return token, nil +} + +func (ts *azureTokenSource) retrieveTokenFromCfg() (*azureToken, error) { + accessToken := ts.cfg[cfgAccessToken] + if accessToken == "" { + return nil, fmt.Errorf("no access token in cfg: %s", cfgAccessToken) + } + refreshToken := ts.cfg[cfgRefreshToken] + if refreshToken == "" { + return nil, fmt.Errorf("no refresh token in cfg: %s", cfgRefreshToken) + } + environment := ts.cfg[cfgEnvironment] + if environment == "" { + return nil, fmt.Errorf("no environment in cfg: %s", cfgEnvironment) + } + clientID := ts.cfg[cfgClientID] + if clientID == "" { + return nil, fmt.Errorf("no client ID in cfg: %s", cfgClientID) + } + tenantID := ts.cfg[cfgTenantID] + if tenantID == "" { + return nil, fmt.Errorf("no tenant ID in cfg: %s", cfgTenantID) + } + resourceID := ts.cfg[cfgApiserverID] + if resourceID == "" { + return nil, fmt.Errorf("no apiserver ID in cfg: %s", cfgApiserverID) + } + expiresIn := ts.cfg[cfgExpiresIn] + if expiresIn == "" { + return nil, fmt.Errorf("no expiresIn in cfg: %s", cfgExpiresIn) + } + expiresOn := ts.cfg[cfgExpiresOn] + if expiresOn == "" { + return nil, fmt.Errorf("no expiresOn in cfg: %s", cfgExpiresOn) + } + tokenAudience := resourceID + if ts.configMode == configModeDefault { + tokenAudience = fmt.Sprintf("spn:%s", resourceID) + } + + return &azureToken{ + token: adal.Token{ + AccessToken: accessToken, + RefreshToken: refreshToken, + ExpiresIn: json.Number(expiresIn), + ExpiresOn: json.Number(expiresOn), + NotBefore: json.Number(expiresOn), + Resource: tokenAudience, + Type: tokenType, + }, + environment: environment, + clientID: clientID, + tenantID: tenantID, + apiserverID: resourceID, + }, nil +} + +func (ts *azureTokenSource) storeTokenInCfg(token *azureToken) error { + newCfg := make(map[string]string) + newCfg[cfgAccessToken] = token.token.AccessToken + newCfg[cfgRefreshToken] = token.token.RefreshToken + newCfg[cfgEnvironment] = token.environment + newCfg[cfgClientID] = token.clientID + newCfg[cfgTenantID] = token.tenantID + newCfg[cfgApiserverID] = token.apiserverID + newCfg[cfgExpiresIn] = string(token.token.ExpiresIn) + newCfg[cfgExpiresOn] = string(token.token.ExpiresOn) + newCfg[cfgConfigMode] = strconv.Itoa(int(ts.configMode)) + + err := ts.persister.Persist(newCfg) + if err != nil { + return fmt.Errorf("persisting the configuration: %v", err) + } + ts.cfg = newCfg + return nil +} + +func (ts *azureTokenSource) Refresh(token *azureToken) (*azureToken, error) { + return ts.source.Refresh(token) +} + +// refresh outdated token with adal. +func (ts *azureTokenSourceDeviceCode) Refresh(token *azureToken) (*azureToken, error) { + env, err := azure.EnvironmentFromName(token.environment) + if err != nil { + return nil, err + } + + var oauthConfig *adal.OAuthConfig + if ts.configMode == configModeOmitSPNPrefix { + oauthConfig, err = adal.NewOAuthConfigWithAPIVersion(env.ActiveDirectoryEndpoint, token.tenantID, nil) + if err != nil { + return nil, fmt.Errorf("building the OAuth configuration without api-version for token refresh: %v", err) + } + } else { + oauthConfig, err = adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, token.tenantID) + if err != nil { + return nil, fmt.Errorf("building the OAuth configuration for token refresh: %v", err) + } + } + + callback := func(t adal.Token) error { + return nil + } + spt, err := adal.NewServicePrincipalTokenFromManualToken( + *oauthConfig, + token.clientID, + token.apiserverID, + token.token, + callback) + if err != nil { + return nil, fmt.Errorf("creating new service principal for token refresh: %v", err) + } + + if err := spt.Refresh(); err != nil { + // Caller expects IsTokenRefreshError(err) to trigger prompt. + return nil, fmt.Errorf("refreshing token: %w", err) + } + + return &azureToken{ + token: spt.Token(), + environment: token.environment, + clientID: token.clientID, + tenantID: token.tenantID, + apiserverID: token.apiserverID, + }, nil +} + +type azureTokenSourceDeviceCode struct { + environment azure.Environment + clientID string + tenantID string + apiserverID string + configMode configMode +} + +func newAzureTokenSourceDeviceCode(environment azure.Environment, clientID string, tenantID string, apiserverID string, configMode configMode) (tokenSource, error) { + if clientID == "" { + return nil, errors.New("client-id is empty") + } + if tenantID == "" { + return nil, errors.New("tenant-id is empty") + } + if apiserverID == "" { + return nil, errors.New("apiserver-id is empty") + } + return &azureTokenSourceDeviceCode{ + environment: environment, + clientID: clientID, + tenantID: tenantID, + apiserverID: apiserverID, + configMode: configMode, + }, nil +} + +func (ts *azureTokenSourceDeviceCode) Token() (*azureToken, error) { + var ( + oauthConfig *adal.OAuthConfig + err error + ) + if ts.configMode == configModeOmitSPNPrefix { + oauthConfig, err = adal.NewOAuthConfigWithAPIVersion(ts.environment.ActiveDirectoryEndpoint, ts.tenantID, nil) + if err != nil { + return nil, fmt.Errorf("building the OAuth configuration without api-version for device code authentication: %v", err) + } + } else { + oauthConfig, err = adal.NewOAuthConfig(ts.environment.ActiveDirectoryEndpoint, ts.tenantID) + if err != nil { + return nil, fmt.Errorf("building the OAuth configuration for device code authentication: %v", err) + } + } + client := &autorest.Client{} + deviceCode, err := adal.InitiateDeviceAuth(client, *oauthConfig, ts.clientID, ts.apiserverID) + if err != nil { + return nil, fmt.Errorf("initialing the device code authentication: %v", err) + } + + _, err = fmt.Fprintln(os.Stderr, *deviceCode.Message) + if err != nil { + return nil, fmt.Errorf("prompting the device code message: %v", err) + } + + token, err := adal.WaitForUserCompletion(client, deviceCode) + if err != nil { + return nil, fmt.Errorf("waiting for device code authentication to complete: %v", err) + } + + return &azureToken{ + token: *token, + environment: ts.environment.Name, + clientID: ts.clientID, + tenantID: ts.tenantID, + apiserverID: ts.apiserverID, + }, nil +} diff --git a/plugin/pkg/client/auth/azure/azure_stub.go b/plugin/pkg/client/auth/azure/azure_stub.go deleted file mode 100644 index 22d3c6b3fe..0000000000 --- a/plugin/pkg/client/auth/azure/azure_stub.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package azure - -import ( - "errors" - - "k8s.io/client-go/rest" - "k8s.io/klog/v2" -) - -func init() { - if err := rest.RegisterAuthProviderPlugin("azure", newAzureAuthProvider); err != nil { - klog.Fatalf("Failed to register azure auth plugin: %v", err) - } -} - -func newAzureAuthProvider(_ string, _ map[string]string, _ rest.AuthProviderConfigPersister) (rest.AuthProvider, error) { - return nil, errors.New(`The azure auth plugin has been removed. -Please use the https://github.com/Azure/kubelogin kubectl/client-go credential plugin instead. -See https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins for further details`) -} diff --git a/plugin/pkg/client/auth/azure/azure_test.go b/plugin/pkg/client/auth/azure/azure_test.go new file mode 100644 index 0000000000..aa3f098910 --- /dev/null +++ b/plugin/pkg/client/auth/azure/azure_test.go @@ -0,0 +1,534 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package azure + +import ( + "encoding/json" + "errors" + "fmt" + "net/http" + "strconv" + "strings" + "sync" + "testing" + "time" + + "github.com/Azure/go-autorest/autorest/adal" + "github.com/Azure/go-autorest/autorest/azure" +) + +func TestAzureAuthProvider(t *testing.T) { + t.Run("validate against invalid configurations", func(t *testing.T) { + vectors := []struct { + cfg map[string]string + expectedError string + }{ + { + cfg: map[string]string{ + cfgClientID: "foo", + cfgApiserverID: "foo", + cfgTenantID: "foo", + cfgConfigMode: "-1", + }, + expectedError: "config-mode:-1 is not a valid mode", + }, + { + cfg: map[string]string{ + cfgClientID: "foo", + cfgApiserverID: "foo", + cfgTenantID: "foo", + cfgConfigMode: "2", + }, + expectedError: "config-mode:2 is not a valid mode", + }, + { + cfg: map[string]string{ + cfgClientID: "foo", + cfgApiserverID: "foo", + cfgTenantID: "foo", + cfgConfigMode: "foo", + }, + expectedError: "failed to parse config-mode, error: strconv.Atoi: parsing \"foo\": invalid syntax", + }, + } + + for _, v := range vectors { + persister := &fakePersister{} + _, err := newAzureAuthProvider("", v.cfg, persister) + if !strings.Contains(err.Error(), v.expectedError) { + t.Errorf("cfg %v should fail with message containing '%s'. actual: '%s'", v.cfg, v.expectedError, err) + } + } + }) + + t.Run("it should return non-nil provider in happy cases", func(t *testing.T) { + vectors := []struct { + cfg map[string]string + expectedConfigMode configMode + }{ + { + cfg: map[string]string{ + cfgClientID: "foo", + cfgApiserverID: "foo", + cfgTenantID: "foo", + }, + expectedConfigMode: configModeDefault, + }, + { + cfg: map[string]string{ + cfgClientID: "foo", + cfgApiserverID: "foo", + cfgTenantID: "foo", + cfgConfigMode: "0", + }, + expectedConfigMode: configModeDefault, + }, + { + cfg: map[string]string{ + cfgClientID: "foo", + cfgApiserverID: "foo", + cfgTenantID: "foo", + cfgConfigMode: "1", + }, + expectedConfigMode: configModeOmitSPNPrefix, + }, + } + + for _, v := range vectors { + persister := &fakePersister{} + provider, err := newAzureAuthProvider("", v.cfg, persister) + if err != nil { + t.Errorf("newAzureAuthProvider should not fail with '%s'", err) + } + if provider == nil { + t.Fatalf("newAzureAuthProvider should return non-nil provider") + } + azureProvider := provider.(*azureAuthProvider) + if azureProvider == nil { + t.Fatalf("newAzureAuthProvider should return an instance of type azureAuthProvider") + } + ts := azureProvider.tokenSource.(*azureTokenSource) + if ts == nil { + t.Fatalf("azureAuthProvider should be an instance of azureTokenSource") + } + if ts.configMode != v.expectedConfigMode { + t.Errorf("expected configMode: %d, actual: %d", v.expectedConfigMode, ts.configMode) + } + } + }) +} + +func TestTokenSourceDeviceCode(t *testing.T) { + var ( + clientID = "clientID" + tenantID = "tenantID" + apiserverID = "apiserverID" + configMode = configModeDefault + azureEnv = azure.Environment{} + ) + t.Run("validate to create azureTokenSourceDeviceCode", func(t *testing.T) { + if _, err := newAzureTokenSourceDeviceCode(azureEnv, clientID, tenantID, apiserverID, configModeDefault); err != nil { + t.Errorf("newAzureTokenSourceDeviceCode should not have failed. err: %s", err) + } + + if _, err := newAzureTokenSourceDeviceCode(azureEnv, clientID, tenantID, apiserverID, configModeOmitSPNPrefix); err != nil { + t.Errorf("newAzureTokenSourceDeviceCode should not have failed. err: %s", err) + } + + _, err := newAzureTokenSourceDeviceCode(azureEnv, "", tenantID, apiserverID, configMode) + actual := "client-id is empty" + if err.Error() != actual { + t.Errorf("newAzureTokenSourceDeviceCode should have failed. expected: %s, actual: %s", actual, err) + } + + _, err = newAzureTokenSourceDeviceCode(azureEnv, clientID, "", apiserverID, configMode) + actual = "tenant-id is empty" + if err.Error() != actual { + t.Errorf("newAzureTokenSourceDeviceCode should have failed. expected: %s, actual: %s", actual, err) + } + + _, err = newAzureTokenSourceDeviceCode(azureEnv, clientID, tenantID, "", configMode) + actual = "apiserver-id is empty" + if err.Error() != actual { + t.Errorf("newAzureTokenSourceDeviceCode should have failed. expected: %s, actual: %s", actual, err) + } + }) +} +func TestAzureTokenSource(t *testing.T) { + configModes := []configMode{configModeOmitSPNPrefix, configModeDefault} + expectedConfigModes := []string{"1", "0"} + + for i, configMode := range configModes { + t.Run(fmt.Sprintf("validate token from cfg with configMode %v", configMode), func(t *testing.T) { + const ( + serverID = "fakeServerID" + clientID = "fakeClientID" + tenantID = "fakeTenantID" + accessToken = "fakeToken" + environment = "fakeEnvironment" + refreshToken = "fakeToken" + expiresIn = "foo" + expiresOn = "foo" + ) + cfg := map[string]string{ + cfgConfigMode: strconv.Itoa(int(configMode)), + cfgApiserverID: serverID, + cfgClientID: clientID, + cfgTenantID: tenantID, + cfgEnvironment: environment, + cfgAccessToken: accessToken, + cfgRefreshToken: refreshToken, + cfgExpiresIn: expiresIn, + cfgExpiresOn: expiresOn, + } + fakeSource := fakeTokenSource{token: newFakeAzureToken("fakeToken", time.Now().Add(3600*time.Second))} + persiter := &fakePersister{cache: make(map[string]string)} + tokenCache := newAzureTokenCache() + tokenSource := newAzureTokenSource(&fakeSource, tokenCache, cfg, configMode, persiter) + azTokenSource := tokenSource.(*azureTokenSource) + token, err := azTokenSource.retrieveTokenFromCfg() + if err != nil { + t.Errorf("failed to retrieve the token form cfg: %s", err) + } + if token.apiserverID != serverID { + t.Errorf("expecting token.apiserverID: %s, actual: %s", serverID, token.apiserverID) + } + if token.clientID != clientID { + t.Errorf("expecting token.clientID: %s, actual: %s", clientID, token.clientID) + } + if token.tenantID != tenantID { + t.Errorf("expecting token.tenantID: %s, actual: %s", tenantID, token.tenantID) + } + expectedAudience := serverID + if configMode == configModeDefault { + expectedAudience = fmt.Sprintf("spn:%s", serverID) + } + if token.token.Resource != expectedAudience { + t.Errorf("expecting adal token.Resource: %s, actual: %s", expectedAudience, token.token.Resource) + } + }) + + t.Run("validate token against cache", func(t *testing.T) { + fakeAccessToken := "fake token 1" + fakeSource := fakeTokenSource{token: newFakeAzureToken(fakeAccessToken, time.Now().Add(3600*time.Second))} + cfg := make(map[string]string) + persiter := &fakePersister{cache: make(map[string]string)} + tokenCache := newAzureTokenCache() + tokenSource := newAzureTokenSource(&fakeSource, tokenCache, cfg, configMode, persiter) + token, err := tokenSource.Token() + if err != nil { + t.Errorf("failed to retrieve the token form cache: %v", err) + } + + wantCacheLen := 1 + if len(tokenCache.cache) != wantCacheLen { + t.Errorf("Token() cache length error: got %v, want %v", len(tokenCache.cache), wantCacheLen) + } + + if token != tokenCache.cache[azureTokenKey] { + t.Error("Token() returned token != cached token") + } + + wantCfg := token2Cfg(token) + wantCfg[cfgConfigMode] = expectedConfigModes[i] + persistedCfg := persiter.Cache() + + wantCfgLen := len(wantCfg) + persistedCfgLen := len(persistedCfg) + if wantCfgLen != persistedCfgLen { + t.Errorf("wantCfgLen and persistedCfgLen do not match, wantCfgLen=%v, persistedCfgLen=%v", wantCfgLen, persistedCfgLen) + } + + for k, v := range persistedCfg { + if strings.Compare(v, wantCfg[k]) != 0 { + t.Errorf("Token() persisted cfg %s: got %v, want %v", k, v, wantCfg[k]) + } + } + + fakeSource.token = newFakeAzureToken("fake token 2", time.Now().Add(3600*time.Second)) + token, err = tokenSource.Token() + if err != nil { + t.Errorf("failed to retrieve the cached token: %v", err) + } + + if token.token.AccessToken != fakeAccessToken { + t.Errorf("Token() didn't return the cached token") + } + }) + } +} + +func TestAzureTokenSourceScenarios(t *testing.T) { + expiredToken := newFakeAzureToken("expired token", time.Now().Add(-time.Second)) + extendedToken := newFakeAzureToken("extend token", time.Now().Add(1000*time.Second)) + fakeToken := newFakeAzureToken("fake token", time.Now().Add(1000*time.Second)) + wrongToken := newFakeAzureToken("wrong token", time.Now().Add(1000*time.Second)) + tests := []struct { + name string + sourceToken *azureToken + refreshToken *azureToken + cachedToken *azureToken + configToken *azureToken + expectToken *azureToken + tokenErr error + refreshErr error + expectErr string + tokenCalls uint + refreshCalls uint + persistCalls uint + }{ + { + name: "new config", + sourceToken: fakeToken, + expectToken: fakeToken, + tokenCalls: 1, + persistCalls: 1, + }, + { + name: "load token from cache", + sourceToken: wrongToken, + cachedToken: fakeToken, + configToken: wrongToken, + expectToken: fakeToken, + }, + { + name: "load token from config", + sourceToken: wrongToken, + configToken: fakeToken, + expectToken: fakeToken, + }, + { + name: "cached token timeout, extend success, config token should never load", + cachedToken: expiredToken, + refreshToken: extendedToken, + configToken: wrongToken, + expectToken: extendedToken, + refreshCalls: 1, + persistCalls: 1, + }, + { + name: "config token timeout, extend failure, acquire new token", + configToken: expiredToken, + refreshErr: fakeTokenRefreshError{message: "FakeError happened when refreshing"}, + sourceToken: fakeToken, + expectToken: fakeToken, + refreshCalls: 1, + tokenCalls: 1, + persistCalls: 1, + }, + { + name: "extend failure with fmt.Errorf nested tokenRefreshError", + configToken: expiredToken, + refreshErr: fmt.Errorf("refreshing token: %w", fakeTokenRefreshError{message: "nested FakeError happened when refreshing"}), + sourceToken: fakeToken, + expectToken: fakeToken, + refreshCalls: 1, + tokenCalls: 1, + persistCalls: 1, + }, + { + name: "unexpected error when extend", + configToken: expiredToken, + refreshErr: errors.New("unexpected refresh error"), + sourceToken: fakeToken, + expectErr: "unexpected refresh error", + refreshCalls: 1, + }, + { + name: "token error", + tokenErr: errors.New("tokenerr"), + expectErr: "tokenerr", + tokenCalls: 1, + }, + { + name: "Token() got expired token", + sourceToken: expiredToken, + expectErr: "newly acquired token is expired", + tokenCalls: 1, + }, + { + name: "Token() got nil but no error", + sourceToken: nil, + expectErr: "unable to acquire token", + tokenCalls: 1, + }, + } + for _, tc := range tests { + configModes := []configMode{configModeOmitSPNPrefix, configModeDefault} + + for _, configMode := range configModes { + t.Run(fmt.Sprintf("%s with configMode: %v", tc.name, configMode), func(t *testing.T) { + persister := newFakePersister() + + cfg := map[string]string{ + cfgConfigMode: strconv.Itoa(int(configMode)), + } + if tc.configToken != nil { + cfg = token2Cfg(tc.configToken) + } + + tokenCache := newAzureTokenCache() + if tc.cachedToken != nil { + tokenCache.setToken(azureTokenKey, tc.cachedToken) + } + + fakeSource := fakeTokenSource{ + token: tc.sourceToken, + tokenErr: tc.tokenErr, + refreshToken: tc.refreshToken, + refreshErr: tc.refreshErr, + } + + tokenSource := newAzureTokenSource(&fakeSource, tokenCache, cfg, configMode, &persister) + token, err := tokenSource.Token() + + if token != nil && fakeSource.token != nil && token.apiserverID != fakeSource.token.apiserverID { + t.Errorf("expecting apiservierID: %s, got: %s", fakeSource.token.apiserverID, token.apiserverID) + } + if fakeSource.tokenCalls != tc.tokenCalls { + t.Errorf("expecting tokenCalls: %v, got: %v", tc.tokenCalls, fakeSource.tokenCalls) + } + + if fakeSource.refreshCalls != tc.refreshCalls { + t.Errorf("expecting refreshCalls: %v, got: %v", tc.refreshCalls, fakeSource.refreshCalls) + } + + if persister.calls != tc.persistCalls { + t.Errorf("expecting persister calls: %v, got: %v", tc.persistCalls, persister.calls) + } + + if tc.expectErr != "" { + if !strings.Contains(err.Error(), tc.expectErr) { + t.Errorf("expecting error %v, got %v", tc.expectErr, err) + } + if token != nil { + t.Errorf("token should be nil in err situation, got %v", token) + } + } else { + if err != nil { + t.Fatalf("error should be nil, got %v", err) + } + if token.token.AccessToken != tc.expectToken.token.AccessToken { + t.Errorf("token should have accessToken %v, got %v", token.token.AccessToken, tc.expectToken.token.AccessToken) + } + } + }) + } + } +} + +type fakePersister struct { + lock sync.Mutex + cache map[string]string + calls uint +} + +func newFakePersister() fakePersister { + return fakePersister{cache: make(map[string]string), calls: 0} +} + +func (p *fakePersister) Persist(cache map[string]string) error { + p.lock.Lock() + defer p.lock.Unlock() + p.calls++ + p.cache = map[string]string{} + for k, v := range cache { + p.cache[k] = v + } + return nil +} + +func (p *fakePersister) Cache() map[string]string { + ret := map[string]string{} + p.lock.Lock() + defer p.lock.Unlock() + for k, v := range p.cache { + ret[k] = v + } + return ret +} + +// a simple token source simply always returns the token property +type fakeTokenSource struct { + token *azureToken + tokenCalls uint + tokenErr error + refreshToken *azureToken + refreshCalls uint + refreshErr error +} + +func (ts *fakeTokenSource) Token() (*azureToken, error) { + ts.tokenCalls++ + return ts.token, ts.tokenErr +} + +func (ts *fakeTokenSource) Refresh(*azureToken) (*azureToken, error) { + ts.refreshCalls++ + return ts.refreshToken, ts.refreshErr +} + +func token2Cfg(token *azureToken) map[string]string { + cfg := make(map[string]string) + cfg[cfgAccessToken] = token.token.AccessToken + cfg[cfgRefreshToken] = token.token.RefreshToken + cfg[cfgEnvironment] = token.environment + cfg[cfgClientID] = token.clientID + cfg[cfgTenantID] = token.tenantID + cfg[cfgApiserverID] = token.apiserverID + cfg[cfgExpiresIn] = string(token.token.ExpiresIn) + cfg[cfgExpiresOn] = string(token.token.ExpiresOn) + return cfg +} + +func newFakeAzureToken(accessToken string, expiresOnTime time.Time) *azureToken { + return &azureToken{ + token: newFakeADALToken(accessToken, strconv.FormatInt(expiresOnTime.Unix(), 10)), + environment: "testenv", + clientID: "fake", + tenantID: "fake", + apiserverID: "fake", + } +} + +func newFakeADALToken(accessToken string, expiresOn string) adal.Token { + return adal.Token{ + AccessToken: accessToken, + RefreshToken: "fake", + ExpiresIn: "3600", + ExpiresOn: json.Number(expiresOn), + NotBefore: json.Number(expiresOn), + Resource: "fake", + Type: "fake", + } +} + +// copied from go-autorest/adal +type fakeTokenRefreshError struct { + message string + resp *http.Response +} + +// Error implements the error interface which is part of the TokenRefreshError interface. +func (tre fakeTokenRefreshError) Error() string { + return tre.message +} + +// Response implements the TokenRefreshError interface, it returns the raw HTTP response from the refresh operation. +func (tre fakeTokenRefreshError) Response() *http.Response { + return tre.resp +} diff --git a/plugin/pkg/client/auth/gcp/OWNERS b/plugin/pkg/client/auth/gcp/OWNERS new file mode 100644 index 0000000000..727c970aec --- /dev/null +++ b/plugin/pkg/client/auth/gcp/OWNERS @@ -0,0 +1,8 @@ +# See the OWNERS docs at https://go.k8s.io/owners + +approvers: + - cjcullen +reviewers: + - cjcullen +emeritus_approvers: + - jlowdermilk diff --git a/plugin/pkg/client/auth/gcp/gcp.go b/plugin/pkg/client/auth/gcp/gcp.go new file mode 100644 index 0000000000..209376bc29 --- /dev/null +++ b/plugin/pkg/client/auth/gcp/gcp.go @@ -0,0 +1,390 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package gcp + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "net/http" + "os/exec" + "strings" + "sync" + "time" + + "golang.org/x/oauth2" + "golang.org/x/oauth2/google" + "k8s.io/apimachinery/pkg/util/net" + "k8s.io/apimachinery/pkg/util/yaml" + restclient "k8s.io/client-go/rest" + "k8s.io/client-go/util/jsonpath" + "k8s.io/klog/v2" +) + +func init() { + if err := restclient.RegisterAuthProviderPlugin("gcp", newGCPAuthProvider); err != nil { + klog.Fatalf("Failed to register gcp auth plugin: %v", err) + } +} + +var ( + // Stubbable for testing + execCommand = exec.Command + + // defaultScopes: + // - cloud-platform is the base scope to authenticate to GCP. + // - userinfo.email is used to authenticate to GKE APIs with gserviceaccount + // email instead of numeric uniqueID. + defaultScopes = []string{ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/userinfo.email"} +) + +// gcpAuthProvider is an auth provider plugin that uses GCP credentials to provide +// tokens for kubectl to authenticate itself to the apiserver. A sample json config +// is provided below with all recognized options described. +// +// { +// 'auth-provider': { +// # Required +// "name": "gcp", +// +// 'config': { +// # Authentication options +// # These options are used while getting a token. +// +// # comma-separated list of GCP API scopes. default value of this field +// # is "https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/userinfo.email". +// # to override the API scopes, specify this field explicitly. +// "scopes": "https://www.googleapis.com/auth/cloud-platform" +// +// # Caching options +// +// # Raw string data representing cached access token. +// "access-token": "ya29.CjWdA4GiBPTt", +// # RFC3339Nano expiration timestamp for cached access token. +// "expiry": "2016-10-31 22:31:9.123", +// +// # Command execution options +// # These options direct the plugin to execute a specified command and parse +// # token and expiry time from the output of the command. +// +// # Command to execute for access token. Command output will be parsed as JSON. +// # If "cmd-args" is not present, this value will be split on whitespace, with +// # the first element interpreted as the command, remaining elements as args. +// "cmd-path": "/usr/bin/gcloud", +// +// # Arguments to pass to command to execute for access token. +// "cmd-args": "config config-helper --output=json" +// +// # JSONPath to the string field that represents the access token in +// # command output. If omitted, defaults to "{.access_token}". +// "token-key": "{.credential.access_token}", +// +// # JSONPath to the string field that represents expiration timestamp +// # of the access token in the command output. If omitted, defaults to +// # "{.token_expiry}" +// "expiry-key": ""{.credential.token_expiry}", +// +// # golang reference time in the format that the expiration timestamp uses. +// # If omitted, defaults to time.RFC3339Nano +// "time-fmt": "2006-01-02 15:04:05.999999999" +// } +// } +// } +// +type gcpAuthProvider struct { + tokenSource oauth2.TokenSource + persister restclient.AuthProviderConfigPersister +} + +var warnOnce sync.Once + +func newGCPAuthProvider(_ string, gcpConfig map[string]string, persister restclient.AuthProviderConfigPersister) (restclient.AuthProvider, error) { + warnOnce.Do(func() { + klog.Warningf(`WARNING: the gcp auth plugin is deprecated in v1.22+, unavailable in v1.25+; use gcloud instead. +To learn more, consult https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke`) + }) + + ts, err := tokenSource(isCmdTokenSource(gcpConfig), gcpConfig) + if err != nil { + return nil, err + } + cts, err := newCachedTokenSource(gcpConfig["access-token"], gcpConfig["expiry"], persister, ts, gcpConfig) + if err != nil { + return nil, err + } + return &gcpAuthProvider{cts, persister}, nil +} + +func isCmdTokenSource(gcpConfig map[string]string) bool { + _, ok := gcpConfig["cmd-path"] + return ok +} + +func tokenSource(isCmd bool, gcpConfig map[string]string) (oauth2.TokenSource, error) { + // Command-based token source + if isCmd { + cmd := gcpConfig["cmd-path"] + if len(cmd) == 0 { + return nil, fmt.Errorf("missing access token cmd") + } + if gcpConfig["scopes"] != "" { + return nil, fmt.Errorf("scopes can only be used when kubectl is using a gcp service account key") + } + var args []string + if cmdArgs, ok := gcpConfig["cmd-args"]; ok { + args = strings.Fields(cmdArgs) + } else { + fields := strings.Fields(cmd) + cmd = fields[0] + args = fields[1:] + } + return newCmdTokenSource(cmd, args, gcpConfig["token-key"], gcpConfig["expiry-key"], gcpConfig["time-fmt"]), nil + } + + // Google Application Credentials-based token source + scopes := parseScopes(gcpConfig) + ts, err := google.DefaultTokenSource(context.Background(), scopes...) + if err != nil { + return nil, fmt.Errorf("cannot construct google default token source: %v", err) + } + return ts, nil +} + +// parseScopes constructs a list of scopes that should be included in token source +// from the config map. +func parseScopes(gcpConfig map[string]string) []string { + scopes, ok := gcpConfig["scopes"] + if !ok { + return defaultScopes + } + if scopes == "" { + return []string{} + } + return strings.Split(gcpConfig["scopes"], ",") +} + +func (g *gcpAuthProvider) WrapTransport(rt http.RoundTripper) http.RoundTripper { + var resetCache map[string]string + if cts, ok := g.tokenSource.(*cachedTokenSource); ok { + resetCache = cts.baseCache() + } else { + resetCache = make(map[string]string) + } + return &conditionalTransport{&oauth2.Transport{Source: g.tokenSource, Base: rt}, g.persister, resetCache} +} + +func (g *gcpAuthProvider) Login() error { return nil } + +type cachedTokenSource struct { + lk sync.Mutex + source oauth2.TokenSource + accessToken string `datapolicy:"token"` + expiry time.Time + persister restclient.AuthProviderConfigPersister + cache map[string]string +} + +func newCachedTokenSource(accessToken, expiry string, persister restclient.AuthProviderConfigPersister, ts oauth2.TokenSource, cache map[string]string) (*cachedTokenSource, error) { + var expiryTime time.Time + if parsedTime, err := time.Parse(time.RFC3339Nano, expiry); err == nil { + expiryTime = parsedTime + } + if cache == nil { + cache = make(map[string]string) + } + return &cachedTokenSource{ + source: ts, + accessToken: accessToken, + expiry: expiryTime, + persister: persister, + cache: cache, + }, nil +} + +func (t *cachedTokenSource) Token() (*oauth2.Token, error) { + tok := t.cachedToken() + if tok.Valid() && !tok.Expiry.IsZero() { + return tok, nil + } + tok, err := t.source.Token() + if err != nil { + return nil, err + } + cache := t.update(tok) + if t.persister != nil { + if err := t.persister.Persist(cache); err != nil { + klog.V(4).Infof("Failed to persist token: %v", err) + } + } + return tok, nil +} + +func (t *cachedTokenSource) cachedToken() *oauth2.Token { + t.lk.Lock() + defer t.lk.Unlock() + return &oauth2.Token{ + AccessToken: t.accessToken, + TokenType: "Bearer", + Expiry: t.expiry, + } +} + +func (t *cachedTokenSource) update(tok *oauth2.Token) map[string]string { + t.lk.Lock() + defer t.lk.Unlock() + t.accessToken = tok.AccessToken + t.expiry = tok.Expiry + ret := map[string]string{} + for k, v := range t.cache { + ret[k] = v + } + ret["access-token"] = t.accessToken + ret["expiry"] = t.expiry.Format(time.RFC3339Nano) + return ret +} + +// baseCache is the base configuration value for this TokenSource, without any cached ephemeral tokens. +func (t *cachedTokenSource) baseCache() map[string]string { + t.lk.Lock() + defer t.lk.Unlock() + ret := map[string]string{} + for k, v := range t.cache { + ret[k] = v + } + delete(ret, "access-token") + delete(ret, "expiry") + return ret +} + +type commandTokenSource struct { + cmd string + args []string + tokenKey string `datapolicy:"token"` + expiryKey string `datapolicy:"secret-key"` + timeFmt string +} + +func newCmdTokenSource(cmd string, args []string, tokenKey, expiryKey, timeFmt string) *commandTokenSource { + if len(timeFmt) == 0 { + timeFmt = time.RFC3339Nano + } + if len(tokenKey) == 0 { + tokenKey = "{.access_token}" + } + if len(expiryKey) == 0 { + expiryKey = "{.token_expiry}" + } + return &commandTokenSource{ + cmd: cmd, + args: args, + tokenKey: tokenKey, + expiryKey: expiryKey, + timeFmt: timeFmt, + } +} + +func (c *commandTokenSource) Token() (*oauth2.Token, error) { + fullCmd := strings.Join(append([]string{c.cmd}, c.args...), " ") + cmd := execCommand(c.cmd, c.args...) + var stderr bytes.Buffer + cmd.Stderr = &stderr + output, err := cmd.Output() + if err != nil { + return nil, fmt.Errorf("error executing access token command %q: err=%v output=%s stderr=%s", fullCmd, err, output, string(stderr.Bytes())) + } + token, err := c.parseTokenCmdOutput(output) + if err != nil { + return nil, fmt.Errorf("error parsing output for access token command %q: %v", fullCmd, err) + } + return token, nil +} + +func (c *commandTokenSource) parseTokenCmdOutput(output []byte) (*oauth2.Token, error) { + output, err := yaml.ToJSON(output) + if err != nil { + return nil, err + } + var data interface{} + if err := json.Unmarshal(output, &data); err != nil { + return nil, err + } + + accessToken, err := parseJSONPath(data, "token-key", c.tokenKey) + if err != nil { + return nil, fmt.Errorf("error parsing token-key %q from %q: %v", c.tokenKey, string(output), err) + } + expiryStr, err := parseJSONPath(data, "expiry-key", c.expiryKey) + if err != nil { + return nil, fmt.Errorf("error parsing expiry-key %q from %q: %v", c.expiryKey, string(output), err) + } + var expiry time.Time + if t, err := time.Parse(c.timeFmt, expiryStr); err != nil { + klog.V(4).Infof("Failed to parse token expiry from %s (fmt=%s): %v", expiryStr, c.timeFmt, err) + } else { + expiry = t + } + + return &oauth2.Token{ + AccessToken: accessToken, + TokenType: "Bearer", + Expiry: expiry, + }, nil +} + +func parseJSONPath(input interface{}, name, template string) (string, error) { + j := jsonpath.New(name) + buf := new(bytes.Buffer) + if err := j.Parse(template); err != nil { + return "", err + } + if err := j.Execute(buf, input); err != nil { + return "", err + } + return buf.String(), nil +} + +type conditionalTransport struct { + oauthTransport *oauth2.Transport + persister restclient.AuthProviderConfigPersister + resetCache map[string]string +} + +var _ net.RoundTripperWrapper = &conditionalTransport{} + +func (t *conditionalTransport) RoundTrip(req *http.Request) (*http.Response, error) { + if len(req.Header.Get("Authorization")) != 0 { + return t.oauthTransport.Base.RoundTrip(req) + } + + res, err := t.oauthTransport.RoundTrip(req) + + if err != nil { + return nil, err + } + + if res.StatusCode == 401 { + klog.V(4).Infof("The credentials that were supplied are invalid for the target cluster") + t.persister.Persist(t.resetCache) + } + + return res, nil +} + +func (t *conditionalTransport) WrappedRoundTripper() http.RoundTripper { return t.oauthTransport.Base } diff --git a/plugin/pkg/client/auth/gcp/gcp_stub.go b/plugin/pkg/client/auth/gcp/gcp_stub.go deleted file mode 100644 index 99585f9391..0000000000 --- a/plugin/pkg/client/auth/gcp/gcp_stub.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright 2022 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package gcp - -import ( - "errors" - - "k8s.io/client-go/rest" - "k8s.io/klog/v2" -) - -func init() { - if err := rest.RegisterAuthProviderPlugin("gcp", newGCPAuthProvider); err != nil { - klog.Fatalf("Failed to register gcp auth plugin: %v", err) - } -} - -func newGCPAuthProvider(_ string, _ map[string]string, _ rest.AuthProviderConfigPersister) (rest.AuthProvider, error) { - return nil, errors.New(`The gcp auth plugin has been removed. -Please use the "gke-gcloud-auth-plugin" kubectl/client-go credential plugin instead. -See https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke for further details`) -} diff --git a/plugin/pkg/client/auth/gcp/gcp_test.go b/plugin/pkg/client/auth/gcp/gcp_test.go new file mode 100644 index 0000000000..f49385a2cf --- /dev/null +++ b/plugin/pkg/client/auth/gcp/gcp_test.go @@ -0,0 +1,527 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package gcp + +import ( + "fmt" + "io/ioutil" + "net/http" + "os" + "os/exec" + "reflect" + "strings" + "sync" + "testing" + "time" + + "golang.org/x/oauth2" +) + +type fakeOutput struct { + args []string + output string +} + +var ( + wantCmd []string + // Output for fakeExec, keyed by command + execOutputs = map[string]fakeOutput{ + "/default/no/args": { + args: []string{}, + output: `{ + "access_token": "faketoken", + "token_expiry": "2016-10-31T22:31:09.123000000Z" +}`}, + "/default/legacy/args": { + args: []string{"arg1", "arg2", "arg3"}, + output: `{ + "access_token": "faketoken", + "token_expiry": "2016-10-31T22:31:09.123000000Z" +}`}, + "/space in path/customkeys": { + args: []string{"can", "haz", "auth"}, + output: `{ + "token": "faketoken", + "token_expiry": { + "datetime": "2016-10-31 22:31:09.123" + } +}`}, + "missing/tokenkey/noargs": { + args: []string{}, + output: `{ + "broken": "faketoken", + "token_expiry": { + "datetime": "2016-10-31 22:31:09.123000000Z" + } +}`}, + "missing/expirykey/legacyargs": { + args: []string{"split", "on", "whitespace"}, + output: `{ + "access_token": "faketoken", + "expires": "2016-10-31T22:31:09.123000000Z" +}`}, + "invalid expiry/timestamp": { + args: []string{"foo", "--bar", "--baz=abc,def"}, + output: `{ + "access_token": "faketoken", + "token_expiry": "sometime soon, idk" +}`}, + "badjson": { + args: []string{}, + output: `{ + "access_token": "faketoken", + "token_expiry": "sometime soon, idk" + ------ +`}, + } +) + +func fakeExec(command string, args ...string) *exec.Cmd { + cs := []string{"-test.run=TestHelperProcess", "--", command} + cs = append(cs, args...) + cmd := exec.Command(os.Args[0], cs...) + cmd.Env = []string{"GO_WANT_HELPER_PROCESS=1"} + return cmd +} + +func TestHelperProcess(t *testing.T) { + if os.Getenv("GO_WANT_HELPER_PROCESS") != "1" { + return + } + // Strip out the leading args used to exec into this function. + gotCmd := os.Args[3] + gotArgs := os.Args[4:] + output, ok := execOutputs[gotCmd] + if !ok { + fmt.Fprintf(os.Stdout, "unexpected call cmd=%q args=%v\n", gotCmd, gotArgs) + os.Exit(1) + } else if !reflect.DeepEqual(output.args, gotArgs) { + fmt.Fprintf(os.Stdout, "call cmd=%q got args %v, want: %v\n", gotCmd, gotArgs, output.args) + os.Exit(1) + } + fmt.Fprintf(os.Stdout, output.output) + os.Exit(0) +} + +func Test_isCmdTokenSource(t *testing.T) { + c1 := map[string]string{"cmd-path": "foo"} + if v := isCmdTokenSource(c1); !v { + t.Fatalf("cmd-path present in config (%+v), but got %v", c1, v) + } + + c2 := map[string]string{"cmd-args": "foo bar"} + if v := isCmdTokenSource(c2); v { + t.Fatalf("cmd-path not present in config (%+v), but got %v", c2, v) + } +} + +func Test_tokenSource_cmd(t *testing.T) { + if _, err := tokenSource(true, map[string]string{}); err == nil { + t.Fatalf("expected error, cmd-args not present in config") + } + + c := map[string]string{ + "cmd-path": "foo", + "cmd-args": "bar"} + ts, err := tokenSource(true, c) + if err != nil { + t.Fatalf("failed to return cmd token source: %+v", err) + } + if ts == nil { + t.Fatal("returned nil token source") + } + if _, ok := ts.(*commandTokenSource); !ok { + t.Fatalf("returned token source type:(%T) expected:(*commandTokenSource)", ts) + } +} + +func Test_tokenSource_cmdCannotBeUsedWithScopes(t *testing.T) { + c := map[string]string{ + "cmd-path": "foo", + "scopes": "A,B"} + if _, err := tokenSource(true, c); err == nil { + t.Fatal("expected error when scopes is used with cmd-path") + } +} + +func Test_tokenSource_applicationDefaultCredentials_fails(t *testing.T) { + // try to use empty ADC file + fakeTokenFile, err := ioutil.TempFile("", "adctoken") + if err != nil { + t.Fatalf("failed to create fake token file: +%v", err) + } + fakeTokenFile.Close() + defer os.Remove(fakeTokenFile.Name()) + + os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", fakeTokenFile.Name()) + defer os.Unsetenv("GOOGLE_APPLICATION_CREDENTIALS") + if _, err := tokenSource(false, map[string]string{}); err == nil { + t.Fatalf("expected error because specified ADC token file is not a JSON") + } +} + +func Test_tokenSource_applicationDefaultCredentials(t *testing.T) { + fakeTokenFile, err := ioutil.TempFile("", "adctoken") + if err != nil { + t.Fatalf("failed to create fake token file: +%v", err) + } + fakeTokenFile.Close() + defer os.Remove(fakeTokenFile.Name()) + if err := ioutil.WriteFile(fakeTokenFile.Name(), []byte(`{"type":"service_account"}`), 0600); err != nil { + t.Fatalf("failed to write to fake token file: %+v", err) + } + + os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", fakeTokenFile.Name()) + defer os.Unsetenv("GOOGLE_APPLICATION_CREDENTIALS") + ts, err := tokenSource(false, map[string]string{}) + if err != nil { + t.Fatalf("failed to get a token source: %+v", err) + } + if ts == nil { + t.Fatal("returned nil token source") + } +} + +func Test_parseScopes(t *testing.T) { + cases := []struct { + in map[string]string + out []string + }{ + { + map[string]string{}, + []string{ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/userinfo.email"}, + }, + { + map[string]string{"scopes": ""}, + []string{}, + }, + { + map[string]string{"scopes": "A,B,C"}, + []string{"A", "B", "C"}, + }, + } + + for _, c := range cases { + got := parseScopes(c.in) + if !reflect.DeepEqual(got, c.out) { + t.Errorf("expected=%v, got=%v", c.out, got) + } + } +} + +func errEquiv(got, want error) bool { + if got == want { + return true + } + if got != nil && want != nil { + return strings.Contains(got.Error(), want.Error()) + } + return false +} + +func TestCmdTokenSource(t *testing.T) { + execCommand = fakeExec + fakeExpiry := time.Date(2016, 10, 31, 22, 31, 9, 123000000, time.UTC) + customFmt := "2006-01-02 15:04:05.999999999" + + tests := []struct { + name string + gcpConfig map[string]string + tok *oauth2.Token + newErr, tokenErr error + }{ + { + "default", + map[string]string{ + "cmd-path": "/default/no/args", + }, + &oauth2.Token{ + AccessToken: "faketoken", + TokenType: "Bearer", + Expiry: fakeExpiry, + }, + nil, + nil, + }, + { + "default legacy args", + map[string]string{ + "cmd-path": "/default/legacy/args arg1 arg2 arg3", + }, + &oauth2.Token{ + AccessToken: "faketoken", + TokenType: "Bearer", + Expiry: fakeExpiry, + }, + nil, + nil, + }, + + { + "custom keys", + map[string]string{ + "cmd-path": "/space in path/customkeys", + "cmd-args": "can haz auth", + "token-key": "{.token}", + "expiry-key": "{.token_expiry.datetime}", + "time-fmt": customFmt, + }, + &oauth2.Token{ + AccessToken: "faketoken", + TokenType: "Bearer", + Expiry: fakeExpiry, + }, + nil, + nil, + }, + { + "missing cmd", + map[string]string{ + "cmd-path": "", + }, + nil, + fmt.Errorf("missing access token cmd"), + nil, + }, + { + "missing token-key", + map[string]string{ + "cmd-path": "missing/tokenkey/noargs", + "token-key": "{.token}", + }, + nil, + nil, + fmt.Errorf("error parsing token-key %q", "{.token}"), + }, + + { + "missing expiry-key", + map[string]string{ + "cmd-path": "missing/expirykey/legacyargs split on whitespace", + "expiry-key": "{.expiry}", + }, + nil, + nil, + fmt.Errorf("error parsing expiry-key %q", "{.expiry}"), + }, + { + "invalid expiry timestamp", + map[string]string{ + "cmd-path": "invalid expiry/timestamp", + "cmd-args": "foo --bar --baz=abc,def", + }, + &oauth2.Token{ + AccessToken: "faketoken", + TokenType: "Bearer", + Expiry: time.Time{}, + }, + nil, + nil, + }, + { + "bad JSON", + map[string]string{ + "cmd-path": "badjson", + }, + nil, + nil, + fmt.Errorf("invalid character '-' after object key:value pair"), + }, + } + + for _, tc := range tests { + provider, err := newGCPAuthProvider("", tc.gcpConfig, nil /* persister */) + if !errEquiv(err, tc.newErr) { + t.Errorf("%q newGCPAuthProvider error: got %v, want %v", tc.name, err, tc.newErr) + continue + } + if err != nil { + continue + } + ts := provider.(*gcpAuthProvider).tokenSource.(*cachedTokenSource).source.(*commandTokenSource) + wantCmd = append([]string{ts.cmd}, ts.args...) + tok, err := ts.Token() + if !errEquiv(err, tc.tokenErr) { + t.Errorf("%q Token() error: got %v, want %v", tc.name, err, tc.tokenErr) + } + if !reflect.DeepEqual(tok, tc.tok) { + t.Errorf("%q Token() got %v, want %v", tc.name, tok, tc.tok) + } + } +} + +type fakePersister struct { + lk sync.Mutex + cache map[string]string +} + +func (f *fakePersister) Persist(cache map[string]string) error { + f.lk.Lock() + defer f.lk.Unlock() + f.cache = map[string]string{} + for k, v := range cache { + f.cache[k] = v + } + return nil +} + +func (f *fakePersister) read() map[string]string { + ret := map[string]string{} + f.lk.Lock() + defer f.lk.Unlock() + for k, v := range f.cache { + ret[k] = v + } + return ret +} + +type fakeTokenSource struct { + token *oauth2.Token + err error +} + +func (f *fakeTokenSource) Token() (*oauth2.Token, error) { + return f.token, f.err +} + +func TestCachedTokenSource(t *testing.T) { + tok := &oauth2.Token{AccessToken: "fakeaccesstoken"} + persister := &fakePersister{} + source := &fakeTokenSource{ + token: tok, + err: nil, + } + cache := map[string]string{ + "foo": "bar", + "baz": "bazinga", + } + ts, err := newCachedTokenSource("fakeaccesstoken", "", persister, source, cache) + if err != nil { + t.Fatal(err) + } + var wg sync.WaitGroup + wg.Add(10) + for i := 0; i < 10; i++ { + go func() { + _, err := ts.Token() + if err != nil { + t.Errorf("unexpected error: %s", err) + } + wg.Done() + }() + } + wg.Wait() + cache["access-token"] = "fakeaccesstoken" + cache["expiry"] = tok.Expiry.Format(time.RFC3339Nano) + if got := persister.read(); !reflect.DeepEqual(got, cache) { + t.Errorf("got cache %v, want %v", got, cache) + } +} + +type MockTransport struct { + res *http.Response +} + +func (t *MockTransport) RoundTrip(req *http.Request) (*http.Response, error) { + return t.res, nil +} + +func Test_cmdTokenSource_roundTrip(t *testing.T) { + + accessToken := "fakeToken" + fakeExpiry := time.Now().Add(time.Hour) + fakeExpiryStr := fakeExpiry.Format(time.RFC3339Nano) + fs := &fakeTokenSource{ + token: &oauth2.Token{ + AccessToken: accessToken, + Expiry: fakeExpiry, + }, + } + + cmdCache := map[string]string{ + "cmd-path": "/path/to/tokensource/cmd", + "cmd-args": "--output=json", + } + cmdCacheUpdated := map[string]string{ + "cmd-path": "/path/to/tokensource/cmd", + "cmd-args": "--output=json", + "access-token": accessToken, + "expiry": fakeExpiryStr, + } + simpleCacheUpdated := map[string]string{ + "access-token": accessToken, + "expiry": fakeExpiryStr, + } + + tests := []struct { + name string + res http.Response + baseCache, expectedCache map[string]string + }{ + { + "Unauthorized", + http.Response{StatusCode: http.StatusUnauthorized}, + make(map[string]string), + make(map[string]string), + }, + { + "Unauthorized, nonempty defaultCache", + http.Response{StatusCode: http.StatusUnauthorized}, + cmdCache, + cmdCache, + }, + { + "Authorized", + http.Response{StatusCode: http.StatusOK}, + make(map[string]string), + simpleCacheUpdated, + }, + { + "Authorized, nonempty defaultCache", + http.Response{StatusCode: http.StatusOK}, + cmdCache, + cmdCacheUpdated, + }, + } + + persister := &fakePersister{} + req := http.Request{Header: http.Header{}} + + for _, tc := range tests { + cts, err := newCachedTokenSource(accessToken, fakeExpiry.String(), persister, fs, tc.baseCache) + if err != nil { + t.Fatalf("unexpected error from newCachedTokenSource: %v", err) + } + authProvider := gcpAuthProvider{cts, persister} + + fakeTransport := MockTransport{&tc.res} + transport := (authProvider.WrapTransport(&fakeTransport)) + // call Token to persist/update cache + if _, err := cts.Token(); err != nil { + t.Fatalf("unexpected error from cachedTokenSource.Token(): %v", err) + } + + transport.RoundTrip(&req) + + if got := persister.read(); !reflect.DeepEqual(got, tc.expectedCache) { + t.Errorf("got cache %v, want %v", got, tc.expectedCache) + } + } + +}