From 7d48fad3854b4a19eabf1366705f3132c811f6a4 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Thu, 2 Mar 2023 10:58:12 -0600 Subject: [PATCH 01/17] Bump k8s.io deps to 0.26.2 --- go.mod | 20 ++++++++++---------- go.sum | 40 ++++++++++++++++++++-------------------- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/go.mod b/go.mod index 1b38de9a..d4c56358 100644 --- a/go.mod +++ b/go.mod @@ -38,16 +38,16 @@ require ( golang.org/x/term v0.5.0 golang.org/x/text v0.7.0 gopkg.in/square/go-jose.v2 v2.6.0 - k8s.io/api v0.26.1 - k8s.io/apiextensions-apiserver v0.26.1 - k8s.io/apimachinery v0.26.1 - k8s.io/apiserver v0.26.1 - k8s.io/client-go v0.26.1 - k8s.io/component-base v0.26.1 + k8s.io/api v0.26.2 + k8s.io/apiextensions-apiserver v0.26.2 + k8s.io/apimachinery v0.26.2 + k8s.io/apiserver v0.26.2 + k8s.io/client-go v0.26.2 + k8s.io/component-base v0.26.2 k8s.io/gengo v0.0.0-20221011193443-fad74ee6edd9 - k8s.io/klog/v2 v2.90.0 - k8s.io/kube-aggregator v0.26.1 - k8s.io/kube-openapi v0.0.0-20230224204730-66828de6f33b + k8s.io/klog/v2 v2.90.1 + k8s.io/kube-aggregator v0.26.2 + k8s.io/kube-openapi v0.0.0-20230228151317-19cbebb19cb7 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 sigs.k8s.io/yaml v1.3.0 ) @@ -153,7 +153,7 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/kms v0.26.1 // indirect + k8s.io/kms v0.26.2 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect diff --git a/go.sum b/go.sum index add425f4..f826ac70 100644 --- a/go.sum +++ b/go.sum @@ -1177,29 +1177,29 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.26.1 h1:f+SWYiPd/GsiWwVRz+NbFyCgvv75Pk9NK6dlkZgpCRQ= -k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg= -k8s.io/apiextensions-apiserver v0.26.1 h1:cB8h1SRk6e/+i3NOrQgSFij1B2S0Y0wDoNl66bn8RMI= -k8s.io/apiextensions-apiserver v0.26.1/go.mod h1:AptjOSXDGuE0JICx/Em15PaoO7buLwTs0dGleIHixSM= -k8s.io/apimachinery v0.26.1 h1:8EZ/eGJL+hY/MYCNwhmDzVqq2lPl3N3Bo8rvweJwXUQ= -k8s.io/apimachinery v0.26.1/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= -k8s.io/apiserver v0.26.1 h1:6vmnAqCDO194SVCPU3MU8NcDgSqsUA62tBUSWrFXhsc= -k8s.io/apiserver v0.26.1/go.mod h1:wr75z634Cv+sifswE9HlAo5FQ7UoUauIICRlOE+5dCg= -k8s.io/client-go v0.26.1 h1:87CXzYJnAMGaa/IDDfRdhTzxk/wzGZ+/HUQpqgVSZXU= -k8s.io/client-go v0.26.1/go.mod h1:IWNSglg+rQ3OcvDkhY6+QLeasV4OYHDjdqeWkDQZwGE= -k8s.io/component-base v0.26.1 h1:4ahudpeQXHZL5kko+iDHqLj/FSGAEUnSVO0EBbgDd+4= -k8s.io/component-base v0.26.1/go.mod h1:VHrLR0b58oC035w6YQiBSbtsf0ThuSwXP+p5dD/kAWU= +k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ= +k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU= +k8s.io/apiextensions-apiserver v0.26.2 h1:/yTG2B9jGY2Q70iGskMf41qTLhL9XeNN2KhI0uDgwko= +k8s.io/apiextensions-apiserver v0.26.2/go.mod h1:Y7UPgch8nph8mGCuVk0SK83LnS8Esf3n6fUBgew8SH8= +k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ= +k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= +k8s.io/apiserver v0.26.2 h1:Pk8lmX4G14hYqJd1poHGC08G03nIHVqdJMR0SD3IH3o= +k8s.io/apiserver v0.26.2/go.mod h1:GHcozwXgXsPuOJ28EnQ/jXEM9QeG6HT22YxSNmpYNh8= +k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI= +k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU= +k8s.io/component-base v0.26.2 h1:IfWgCGUDzrD6wLLgXEstJKYZKAFS2kO+rBRi0p3LqcI= +k8s.io/component-base v0.26.2/go.mod h1:DxbuIe9M3IZPRxPIzhch2m1eT7uFrSBJUBuVCQEBivs= k8s.io/gengo v0.0.0-20221011193443-fad74ee6edd9 h1:iu3o/SxaHVI7tKPtkGzD3M9IzrE21j+CUKH98NQJ8Ms= k8s.io/gengo v0.0.0-20221011193443-fad74ee6edd9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.90.0 h1:VkTxIV/FjRXn1fgNNcKGM8cfmL1Z33ZjXRTVxKCoF5M= -k8s.io/klog/v2 v2.90.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kms v0.26.1 h1:JE0n4J4+8/Z+egvXz2BTJeJ9ecsm4ZSLKF7ttVXXm/4= -k8s.io/kms v0.26.1/go.mod h1:ReC1IEGuxgfN+PDCIpR6w8+XMmDE7uJhxcCwMZFdIYc= -k8s.io/kube-aggregator v0.26.1 h1:TqDWwuaUJpyhWGWw4JrXR8ZAAaHa9qrsXxR41aR3igw= -k8s.io/kube-aggregator v0.26.1/go.mod h1:E6dnKoQ6f4eFl8QQXHxTASZKXBX6+XcjROWl7GRltl4= -k8s.io/kube-openapi v0.0.0-20230224204730-66828de6f33b h1:4dkmFEDQj0ZBLKCxJ0R+qzhvZmEvRdRaaZAE06tR/Lg= -k8s.io/kube-openapi v0.0.0-20230224204730-66828de6f33b/go.mod h1:y5VtZWM9sHHc2ZodIH/6SHzXj+TPU5USoA8lcIeKEKY= +k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= +k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/kms v0.26.2 h1:GM1gg3tFK3OUU/QQFi93yGjG3lJT8s8l3Wkn2+VxBLM= +k8s.io/kms v0.26.2/go.mod h1:69qGnf1NsFOQP07fBYqNLZklqEHSJF024JqYCaeVxHg= +k8s.io/kube-aggregator v0.26.2 h1:WtcLGisa5aCKBbBI1/Xe7gdjPlVb5Xhvs4a8Rdk8EXs= +k8s.io/kube-aggregator v0.26.2/go.mod h1:swDTw0k/XghVLR+PCWnP6Y36wR2+DsqL2HUVq8eu0RI= +k8s.io/kube-openapi v0.0.0-20230228151317-19cbebb19cb7 h1:GGNnJLiG6Dk4o75ZHMD40IVsodq/s4kiR0Va5orFZco= +k8s.io/kube-openapi v0.0.0-20230228151317-19cbebb19cb7/go.mod h1:y5VtZWM9sHHc2ZodIH/6SHzXj+TPU5USoA8lcIeKEKY= k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk= k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= From daf4be03cefe6e8e791466122ccad5bf99c587bf Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Thu, 2 Mar 2023 11:32:57 -0600 Subject: [PATCH 02/17] Update generated kubernetes API files --- generated/1.23/apis/go.mod | 4 +- generated/1.23/apis/go.sum | 31 ++++++++---- .../concierge/openapi/zz_generated.openapi.go | 10 ++-- generated/1.23/client/go.mod | 4 +- generated/1.23/client/go.sum | 47 ++++++++++++------- .../openapi/zz_generated.openapi.go | 4 +- generated/1.24/apis/go.mod | 4 +- generated/1.24/apis/go.sum | 24 +++++----- .../concierge/openapi/zz_generated.openapi.go | 10 ++-- generated/1.24/client/go.mod | 4 +- generated/1.24/client/go.sum | 32 ++++++------- .../openapi/zz_generated.openapi.go | 4 +- generated/1.25/apis/go.mod | 4 +- generated/1.25/apis/go.sum | 20 ++++---- generated/1.25/client/go.mod | 4 +- generated/1.25/client/go.sum | 28 +++++------ generated/1.26/apis/go.mod | 4 +- generated/1.26/apis/go.sum | 20 ++++---- .../concierge/openapi/zz_generated.openapi.go | 5 +- generated/1.26/client/go.mod | 4 +- generated/1.26/client/go.sum | 28 +++++------ .../concierge/openapi/zz_generated.openapi.go | 5 +- hack/lib/kube-versions.txt | 8 ++-- 23 files changed, 168 insertions(+), 140 deletions(-) diff --git a/generated/1.23/apis/go.mod b/generated/1.23/apis/go.mod index 291de5dd..6e8dcdd1 100644 --- a/generated/1.23/apis/go.mod +++ b/generated/1.23/apis/go.mod @@ -4,6 +4,6 @@ module go.pinniped.dev/generated/1.23/apis go 1.13 require ( - k8s.io/api v0.23.15 - k8s.io/apimachinery v0.23.15 + k8s.io/api v0.23.17 + k8s.io/apimachinery v0.23.17 ) diff --git a/generated/1.23/apis/go.sum b/generated/1.23/apis/go.sum index 121d72d0..a721b368 100644 --- a/generated/1.23/apis/go.sum +++ b/generated/1.23/apis/go.sum @@ -109,9 +109,11 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -119,6 +121,7 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -130,9 +133,11 @@ golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY= -golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -140,6 +145,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -152,17 +158,21 @@ golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -173,6 +183,7 @@ golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -222,10 +233,10 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.23.15 h1:czl3QbP3Jb3J/gR5seTTKafYA5YQhkZLerQQUBhkpBk= -k8s.io/api v0.23.15/go.mod h1:hxtVWhlKGalIP4YXHxg8nzDlRd1ciyIkgEKTlvXjSMs= -k8s.io/apimachinery v0.23.15 h1:IyYaHIVN2OL1QKXXye0IWNI/EpOBicMVRkj34rIdyPk= -k8s.io/apimachinery v0.23.15/go.mod h1:mbefzm1H5rPdyibAc8rmzLAbr/oG60tDHQFj0FTqrZU= +k8s.io/api v0.23.17 h1:gC11V5AIsNXUUa/xd5RQo7djukvl5O1ZDQKwEYu0H7g= +k8s.io/api v0.23.17/go.mod h1:upM9VIzXUjEyLTmGGi0KnH8kdlPnvgv+fEJ3tggDHfE= +k8s.io/apimachinery v0.23.17 h1:ipJ0SrpI6EzH8zVw0WhCBldgJhzIamiYIumSGTdFExY= +k8s.io/apimachinery v0.23.17/go.mod h1:87v5Wl9qpHbnapX1PSNgln4oO3dlyjAU3NSIwNhT4Lo= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= diff --git a/generated/1.23/client/concierge/openapi/zz_generated.openapi.go b/generated/1.23/client/concierge/openapi/zz_generated.openapi.go index 58108365..7d617c3b 100644 --- a/generated/1.23/client/concierge/openapi/zz_generated.openapi.go +++ b/generated/1.23/client/concierge/openapi/zz_generated.openapi.go @@ -2784,7 +2784,7 @@ func schema_k8sio_api_core_v1_EndpointSubset(ref common.ReferenceCallback) commo return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "EndpointSubset is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given:\n {\n Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n }\nThe resulting set of endpoints can be viewed as:\n a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],\n b: [ 10.10.1.1:309, 10.10.2.2:309 ]", + Description: "EndpointSubset is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given:\n\n\t{\n\t Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n\t}\n\nThe resulting set of endpoints can be viewed as:\n\n\ta: [ 10.10.1.1:8675, 10.10.2.2:8675 ],\n\tb: [ 10.10.1.1:309, 10.10.2.2:309 ]", Type: []string{"object"}, Properties: map[string]spec.Schema{ "addresses": { @@ -2841,7 +2841,7 @@ func schema_k8sio_api_core_v1_Endpoints(ref common.ReferenceCallback) common.Ope return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Endpoints is a collection of endpoints that implement the actual service. Example:\n Name: \"mysvc\",\n Subsets: [\n {\n Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n },\n {\n Addresses: [{\"ip\": \"10.10.3.3\"}],\n Ports: [{\"name\": \"a\", \"port\": 93}, {\"name\": \"b\", \"port\": 76}]\n },\n ]", + Description: "Endpoints is a collection of endpoints that implement the actual service. Example:\n\n\t Name: \"mysvc\",\n\t Subsets: [\n\t {\n\t Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n\t },\n\t {\n\t Addresses: [{\"ip\": \"10.10.3.3\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 93}, {\"name\": \"b\", \"port\": 76}]\n\t },\n\t]", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -7691,7 +7691,7 @@ func schema_k8sio_api_core_v1_PodIP(ref common.ReferenceCallback) common.OpenAPI return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "IP address information for entries in the (plural) PodIPs field. Each entry includes:\n IP: An IP address allocated to the pod. Routable at least within the cluster.", + Description: "IP address information for entries in the (plural) PodIPs field. Each entry includes:\n\n\tIP: An IP address allocated to the pod. Routable at least within the cluster.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "ip": { @@ -14711,7 +14711,7 @@ func schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref common.ReferenceCall return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.\n\n// Internal package: type MyAPIObject struct {\n\truntime.TypeMeta `json:\",inline\"`\n\tMyPlugin runtime.Object `json:\"myPlugin\"`\n} type PluginA struct {\n\tAOption string `json:\"aOption\"`\n}\n\n// External package: type MyAPIObject struct {\n\truntime.TypeMeta `json:\",inline\"`\n\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n} type PluginA struct {\n\tAOption string `json:\"aOption\"`\n}\n\n// On the wire, the JSON will look something like this: {\n\t\"kind\":\"MyAPIObject\",\n\t\"apiVersion\":\"v1\",\n\t\"myPlugin\": {\n\t\t\"kind\":\"PluginA\",\n\t\t\"aOption\":\"foo\",\n\t},\n}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)", + Description: "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.\n\n// Internal package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.Object `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// External package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// On the wire, the JSON will look something like this:\n\n\t{\n\t\t\"kind\":\"MyAPIObject\",\n\t\t\"apiVersion\":\"v1\",\n\t\t\"myPlugin\": {\n\t\t\t\"kind\":\"PluginA\",\n\t\t\t\"aOption\":\"foo\",\n\t\t},\n\t}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)", Type: []string{"object"}, }, }, @@ -14722,7 +14722,7 @@ func schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref common.ReferenceCallback return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, like this: type MyAwesomeAPIObject struct {\n runtime.TypeMeta `json:\",inline\"`\n ... // other fields\n} func (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind\n\nTypeMeta is provided here for convenience. You may use it directly from this package or define your own with the same fields.", + Description: "TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, like this:\n\n\ttype MyAwesomeAPIObject struct {\n\t runtime.TypeMeta `json:\",inline\"`\n\t ... // other fields\n\t}\n\nfunc (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind\n\nTypeMeta is provided here for convenience. You may use it directly from this package or define your own with the same fields.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "apiVersion": { diff --git a/generated/1.23/client/go.mod b/generated/1.23/client/go.mod index df4860fb..6c0a7311 100644 --- a/generated/1.23/client/go.mod +++ b/generated/1.23/client/go.mod @@ -5,8 +5,8 @@ go 1.13 require ( go.pinniped.dev/generated/1.23/apis v0.0.0 - k8s.io/apimachinery v0.23.15 - k8s.io/client-go v0.23.15 + k8s.io/apimachinery v0.23.17 + k8s.io/client-go v0.23.17 k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 ) diff --git a/generated/1.23/client/go.sum b/generated/1.23/client/go.sum index ace979be..ce9022a9 100644 --- a/generated/1.23/client/go.sum +++ b/generated/1.23/client/go.sum @@ -242,6 +242,7 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -255,7 +256,8 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -290,6 +292,7 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -327,8 +330,10 @@ golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY= -golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -340,8 +345,8 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f h1:Qmd2pbz05z7z6lm0DrgQVVPuBm92jqujBKMHMOlOQEw= -golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg= +golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -353,6 +358,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -397,11 +403,14 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e h1:XMgFehsDnnLGtjvjOfqWSUzt0alpTR1RSEuznObga2c= -golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b h1:9zKuko04nR4gjZ4+DNjHqRlAJqbJETHwiNKDqTfOjfE= -golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -410,13 +419,14 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac h1:7zkz7BUtwNFFqcowJ+RIgu2MaV/MapERkDIy+mwPyjs= -golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= +golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -467,6 +477,7 @@ golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -603,12 +614,12 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.23.15 h1:czl3QbP3Jb3J/gR5seTTKafYA5YQhkZLerQQUBhkpBk= -k8s.io/api v0.23.15/go.mod h1:hxtVWhlKGalIP4YXHxg8nzDlRd1ciyIkgEKTlvXjSMs= -k8s.io/apimachinery v0.23.15 h1:IyYaHIVN2OL1QKXXye0IWNI/EpOBicMVRkj34rIdyPk= -k8s.io/apimachinery v0.23.15/go.mod h1:mbefzm1H5rPdyibAc8rmzLAbr/oG60tDHQFj0FTqrZU= -k8s.io/client-go v0.23.15 h1:raIR9U0gmZwX2kkwR4PtLghcNfYTiB9QYdodlycmT1s= -k8s.io/client-go v0.23.15/go.mod h1:ar8V/vcyQD28dkxGURvv2JTteCUL9PMW5DZXpNrJBTY= +k8s.io/api v0.23.17 h1:gC11V5AIsNXUUa/xd5RQo7djukvl5O1ZDQKwEYu0H7g= +k8s.io/api v0.23.17/go.mod h1:upM9VIzXUjEyLTmGGi0KnH8kdlPnvgv+fEJ3tggDHfE= +k8s.io/apimachinery v0.23.17 h1:ipJ0SrpI6EzH8zVw0WhCBldgJhzIamiYIumSGTdFExY= +k8s.io/apimachinery v0.23.17/go.mod h1:87v5Wl9qpHbnapX1PSNgln4oO3dlyjAU3NSIwNhT4Lo= +k8s.io/client-go v0.23.17 h1:MbW05RO5sy+TFw2ds36SDdNSkJbr8DFVaaVrClSA8Vs= +k8s.io/client-go v0.23.17/go.mod h1:X5yz7nbJHS7q8977AKn8BWKgxeAXjl1sFsgstczUsCM= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= diff --git a/generated/1.23/client/supervisor/openapi/zz_generated.openapi.go b/generated/1.23/client/supervisor/openapi/zz_generated.openapi.go index 5ba0cc55..72fc64c4 100644 --- a/generated/1.23/client/supervisor/openapi/zz_generated.openapi.go +++ b/generated/1.23/client/supervisor/openapi/zz_generated.openapi.go @@ -2512,7 +2512,7 @@ func schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref common.ReferenceCall return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.\n\n// Internal package: type MyAPIObject struct {\n\truntime.TypeMeta `json:\",inline\"`\n\tMyPlugin runtime.Object `json:\"myPlugin\"`\n} type PluginA struct {\n\tAOption string `json:\"aOption\"`\n}\n\n// External package: type MyAPIObject struct {\n\truntime.TypeMeta `json:\",inline\"`\n\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n} type PluginA struct {\n\tAOption string `json:\"aOption\"`\n}\n\n// On the wire, the JSON will look something like this: {\n\t\"kind\":\"MyAPIObject\",\n\t\"apiVersion\":\"v1\",\n\t\"myPlugin\": {\n\t\t\"kind\":\"PluginA\",\n\t\t\"aOption\":\"foo\",\n\t},\n}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)", + Description: "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.\n\n// Internal package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.Object `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// External package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// On the wire, the JSON will look something like this:\n\n\t{\n\t\t\"kind\":\"MyAPIObject\",\n\t\t\"apiVersion\":\"v1\",\n\t\t\"myPlugin\": {\n\t\t\t\"kind\":\"PluginA\",\n\t\t\t\"aOption\":\"foo\",\n\t\t},\n\t}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)", Type: []string{"object"}, }, }, @@ -2523,7 +2523,7 @@ func schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref common.ReferenceCallback return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, like this: type MyAwesomeAPIObject struct {\n runtime.TypeMeta `json:\",inline\"`\n ... // other fields\n} func (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind\n\nTypeMeta is provided here for convenience. You may use it directly from this package or define your own with the same fields.", + Description: "TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, like this:\n\n\ttype MyAwesomeAPIObject struct {\n\t runtime.TypeMeta `json:\",inline\"`\n\t ... // other fields\n\t}\n\nfunc (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind\n\nTypeMeta is provided here for convenience. You may use it directly from this package or define your own with the same fields.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "apiVersion": { diff --git a/generated/1.24/apis/go.mod b/generated/1.24/apis/go.mod index 43410cc4..0bad8ff1 100644 --- a/generated/1.24/apis/go.mod +++ b/generated/1.24/apis/go.mod @@ -4,6 +4,6 @@ module go.pinniped.dev/generated/1.24/apis go 1.13 require ( - k8s.io/api v0.24.9 - k8s.io/apimachinery v0.24.9 + k8s.io/api v0.24.11 + k8s.io/apimachinery v0.24.11 ) diff --git a/generated/1.24/apis/go.sum b/generated/1.24/apis/go.sum index 58347043..6e9864e0 100644 --- a/generated/1.24/apis/go.sum +++ b/generated/1.24/apis/go.sum @@ -136,8 +136,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10 h1:Frnccbp+ok2GkUS2tC84yAq/U9Vg+0sIO7aRL3T4Xnc= -golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -162,16 +162,16 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= -golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -232,10 +232,10 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.24.9 h1:KKFyOydOohfc7EZrQ4u3kPUV14DgN4b2O85KxWV+yz0= -k8s.io/api v0.24.9/go.mod h1:qQOu7t0mNvyvT5NE5rngeVHpBovp8Fd/FEI7CFZrlYY= -k8s.io/apimachinery v0.24.9 h1:/oZ2GmA681mpKdt1WlLDIj0YzFRofIDZQZgSEPm7i7A= -k8s.io/apimachinery v0.24.9/go.mod h1:f8XxPIMUqMHz3z8gD6dsTYIjg1Sy02y2YNaTYY2HEjk= +k8s.io/api v0.24.11 h1:fyKC53FxEbRpd7sn4Z/T8HIBVChIN+7FgtiKMe3qmX8= +k8s.io/api v0.24.11/go.mod h1:YH1vQls490acgEr/bfoQSsu1wqmAUif6TsJ2/JBsmXk= +k8s.io/apimachinery v0.24.11 h1:Iv6uO3O4wDCN93p/ehg2u3/Y6q1fti43zgJmAy9DVvs= +k8s.io/apimachinery v0.24.11/go.mod h1:Yg8GIoNnVG9af59MrlKMm4Unsw3EBj+MfEBvfSid2/4= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= @@ -248,7 +248,7 @@ k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/ sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y= -sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= diff --git a/generated/1.24/client/concierge/openapi/zz_generated.openapi.go b/generated/1.24/client/concierge/openapi/zz_generated.openapi.go index a9c5060f..17c08396 100644 --- a/generated/1.24/client/concierge/openapi/zz_generated.openapi.go +++ b/generated/1.24/client/concierge/openapi/zz_generated.openapi.go @@ -2784,7 +2784,7 @@ func schema_k8sio_api_core_v1_EndpointSubset(ref common.ReferenceCallback) commo return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "EndpointSubset is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given:\n {\n Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n }\nThe resulting set of endpoints can be viewed as:\n a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],\n b: [ 10.10.1.1:309, 10.10.2.2:309 ]", + Description: "EndpointSubset is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given:\n\n\t{\n\t Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n\t}\n\nThe resulting set of endpoints can be viewed as:\n\n\ta: [ 10.10.1.1:8675, 10.10.2.2:8675 ],\n\tb: [ 10.10.1.1:309, 10.10.2.2:309 ]", Type: []string{"object"}, Properties: map[string]spec.Schema{ "addresses": { @@ -2841,7 +2841,7 @@ func schema_k8sio_api_core_v1_Endpoints(ref common.ReferenceCallback) common.Ope return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Endpoints is a collection of endpoints that implement the actual service. Example:\n Name: \"mysvc\",\n Subsets: [\n {\n Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n },\n {\n Addresses: [{\"ip\": \"10.10.3.3\"}],\n Ports: [{\"name\": \"a\", \"port\": 93}, {\"name\": \"b\", \"port\": 76}]\n },\n ]", + Description: "Endpoints is a collection of endpoints that implement the actual service. Example:\n\n\t Name: \"mysvc\",\n\t Subsets: [\n\t {\n\t Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n\t },\n\t {\n\t Addresses: [{\"ip\": \"10.10.3.3\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 93}, {\"name\": \"b\", \"port\": 76}]\n\t },\n\t]", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -7691,7 +7691,7 @@ func schema_k8sio_api_core_v1_PodIP(ref common.ReferenceCallback) common.OpenAPI return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "IP address information for entries in the (plural) PodIPs field. Each entry includes:\n IP: An IP address allocated to the pod. Routable at least within the cluster.", + Description: "IP address information for entries in the (plural) PodIPs field. Each entry includes:\n\n\tIP: An IP address allocated to the pod. Routable at least within the cluster.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "ip": { @@ -14718,7 +14718,7 @@ func schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref common.ReferenceCall return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.\n\n// Internal package: type MyAPIObject struct {\n\truntime.TypeMeta `json:\",inline\"`\n\tMyPlugin runtime.Object `json:\"myPlugin\"`\n} type PluginA struct {\n\tAOption string `json:\"aOption\"`\n}\n\n// External package: type MyAPIObject struct {\n\truntime.TypeMeta `json:\",inline\"`\n\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n} type PluginA struct {\n\tAOption string `json:\"aOption\"`\n}\n\n// On the wire, the JSON will look something like this: {\n\t\"kind\":\"MyAPIObject\",\n\t\"apiVersion\":\"v1\",\n\t\"myPlugin\": {\n\t\t\"kind\":\"PluginA\",\n\t\t\"aOption\":\"foo\",\n\t},\n}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)", + Description: "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.\n\n// Internal package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.Object `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// External package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// On the wire, the JSON will look something like this:\n\n\t{\n\t\t\"kind\":\"MyAPIObject\",\n\t\t\"apiVersion\":\"v1\",\n\t\t\"myPlugin\": {\n\t\t\t\"kind\":\"PluginA\",\n\t\t\t\"aOption\":\"foo\",\n\t\t},\n\t}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)", Type: []string{"object"}, }, }, @@ -14729,7 +14729,7 @@ func schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref common.ReferenceCallback return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, like this: type MyAwesomeAPIObject struct {\n runtime.TypeMeta `json:\",inline\"`\n ... // other fields\n} func (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind\n\nTypeMeta is provided here for convenience. You may use it directly from this package or define your own with the same fields.", + Description: "TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, like this:\n\n\ttype MyAwesomeAPIObject struct {\n\t runtime.TypeMeta `json:\",inline\"`\n\t ... // other fields\n\t}\n\nfunc (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind\n\nTypeMeta is provided here for convenience. You may use it directly from this package or define your own with the same fields.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "apiVersion": { diff --git a/generated/1.24/client/go.mod b/generated/1.24/client/go.mod index a46d2246..169381b7 100644 --- a/generated/1.24/client/go.mod +++ b/generated/1.24/client/go.mod @@ -5,8 +5,8 @@ go 1.13 require ( go.pinniped.dev/generated/1.24/apis v0.0.0 - k8s.io/apimachinery v0.24.9 - k8s.io/client-go v0.24.9 + k8s.io/apimachinery v0.24.11 + k8s.io/client-go v0.24.11 k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 ) diff --git a/generated/1.24/client/go.sum b/generated/1.24/client/go.sum index 0bfffc48..9f97fff2 100644 --- a/generated/1.24/client/go.sum +++ b/generated/1.24/client/go.sum @@ -340,8 +340,8 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10 h1:Frnccbp+ok2GkUS2tC84yAq/U9Vg+0sIO7aRL3T4Xnc= -golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -413,12 +413,12 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= -golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= +golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -428,8 +428,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= -golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -622,12 +622,12 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.24.9 h1:KKFyOydOohfc7EZrQ4u3kPUV14DgN4b2O85KxWV+yz0= -k8s.io/api v0.24.9/go.mod h1:qQOu7t0mNvyvT5NE5rngeVHpBovp8Fd/FEI7CFZrlYY= -k8s.io/apimachinery v0.24.9 h1:/oZ2GmA681mpKdt1WlLDIj0YzFRofIDZQZgSEPm7i7A= -k8s.io/apimachinery v0.24.9/go.mod h1:f8XxPIMUqMHz3z8gD6dsTYIjg1Sy02y2YNaTYY2HEjk= -k8s.io/client-go v0.24.9 h1:iOTws1W4aUBbC6OROIQmx5qiRWgeyyqUITVQnPOEP4A= -k8s.io/client-go v0.24.9/go.mod h1:be0fCcgenPyCTGJSFtexn+dMr4jJoUX36Y5UAb1vmls= +k8s.io/api v0.24.11 h1:fyKC53FxEbRpd7sn4Z/T8HIBVChIN+7FgtiKMe3qmX8= +k8s.io/api v0.24.11/go.mod h1:YH1vQls490acgEr/bfoQSsu1wqmAUif6TsJ2/JBsmXk= +k8s.io/apimachinery v0.24.11 h1:Iv6uO3O4wDCN93p/ehg2u3/Y6q1fti43zgJmAy9DVvs= +k8s.io/apimachinery v0.24.11/go.mod h1:Yg8GIoNnVG9af59MrlKMm4Unsw3EBj+MfEBvfSid2/4= +k8s.io/client-go v0.24.11 h1:Rzh2y3pAzquiKXOIw6Gb7JKQEIagkgt4/WJ4xhymOl4= +k8s.io/client-go v0.24.11/go.mod h1:siv8qBAK/AOperwUM0E6poDMTfByCORycs5C+JmIMrA= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= @@ -644,7 +644,7 @@ rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y= -sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= diff --git a/generated/1.24/client/supervisor/openapi/zz_generated.openapi.go b/generated/1.24/client/supervisor/openapi/zz_generated.openapi.go index 127d9aff..61903bf1 100644 --- a/generated/1.24/client/supervisor/openapi/zz_generated.openapi.go +++ b/generated/1.24/client/supervisor/openapi/zz_generated.openapi.go @@ -2512,7 +2512,7 @@ func schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref common.ReferenceCall return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.\n\n// Internal package: type MyAPIObject struct {\n\truntime.TypeMeta `json:\",inline\"`\n\tMyPlugin runtime.Object `json:\"myPlugin\"`\n} type PluginA struct {\n\tAOption string `json:\"aOption\"`\n}\n\n// External package: type MyAPIObject struct {\n\truntime.TypeMeta `json:\",inline\"`\n\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n} type PluginA struct {\n\tAOption string `json:\"aOption\"`\n}\n\n// On the wire, the JSON will look something like this: {\n\t\"kind\":\"MyAPIObject\",\n\t\"apiVersion\":\"v1\",\n\t\"myPlugin\": {\n\t\t\"kind\":\"PluginA\",\n\t\t\"aOption\":\"foo\",\n\t},\n}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)", + Description: "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.\n\n// Internal package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.Object `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// External package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// On the wire, the JSON will look something like this:\n\n\t{\n\t\t\"kind\":\"MyAPIObject\",\n\t\t\"apiVersion\":\"v1\",\n\t\t\"myPlugin\": {\n\t\t\t\"kind\":\"PluginA\",\n\t\t\t\"aOption\":\"foo\",\n\t\t},\n\t}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)", Type: []string{"object"}, }, }, @@ -2523,7 +2523,7 @@ func schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref common.ReferenceCallback return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, like this: type MyAwesomeAPIObject struct {\n runtime.TypeMeta `json:\",inline\"`\n ... // other fields\n} func (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind\n\nTypeMeta is provided here for convenience. You may use it directly from this package or define your own with the same fields.", + Description: "TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, like this:\n\n\ttype MyAwesomeAPIObject struct {\n\t runtime.TypeMeta `json:\",inline\"`\n\t ... // other fields\n\t}\n\nfunc (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind\n\nTypeMeta is provided here for convenience. You may use it directly from this package or define your own with the same fields.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "apiVersion": { diff --git a/generated/1.25/apis/go.mod b/generated/1.25/apis/go.mod index 90e32a18..47609f2b 100644 --- a/generated/1.25/apis/go.mod +++ b/generated/1.25/apis/go.mod @@ -4,6 +4,6 @@ module go.pinniped.dev/generated/1.25/apis go 1.13 require ( - k8s.io/api v0.25.5 - k8s.io/apimachinery v0.25.5 + k8s.io/api v0.25.7 + k8s.io/apimachinery v0.25.7 ) diff --git a/generated/1.25/apis/go.sum b/generated/1.25/apis/go.sum index 9b337f5f..4fc8ca02 100644 --- a/generated/1.25/apis/go.sum +++ b/generated/1.25/apis/go.sum @@ -150,8 +150,8 @@ golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10 h1:Frnccbp+ok2GkUS2tC84yAq/U9Vg+0sIO7aRL3T4Xnc= -golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -180,17 +180,17 @@ golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= -golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -251,10 +251,10 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.25.5 h1:mqyHf7aoaYMpdvO87mqpol+Qnsmo+y09S0PMIXwiZKo= -k8s.io/api v0.25.5/go.mod h1:RzplZX0Z8rV/WhSTfEvnyd91bBhBQTRWo85qBQwRmb8= -k8s.io/apimachinery v0.25.5 h1:SQomYHvv+aO43qdu3QKRf9YuI0oI8w3RrOQ1qPbAUGY= -k8s.io/apimachinery v0.25.5/go.mod h1:1S2i1QHkmxc8+EZCIxe/fX5hpldVXk4gvnJInMEb8D4= +k8s.io/api v0.25.7 h1:r+J8U7CPhPNNTvyow1yw6IzdLt6nBCvPQEW8Cdglep8= +k8s.io/api v0.25.7/go.mod h1:9epkK0wROSVQJKaKW3eY/thGtfbILsLqweTq99qKynk= +k8s.io/apimachinery v0.25.7 h1:kDtoW8uvDkwKc9Lq2sablqWTMZUloRjJVZWURFrdAiI= +k8s.io/apimachinery v0.25.7/go.mod h1:ZTl0drTQaFi5gMM3snYI5tWV1XJmRH1gfnDx2QCLsxk= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= diff --git a/generated/1.25/client/go.mod b/generated/1.25/client/go.mod index a28964c1..2fe7f21b 100644 --- a/generated/1.25/client/go.mod +++ b/generated/1.25/client/go.mod @@ -5,8 +5,8 @@ go 1.13 require ( go.pinniped.dev/generated/1.25/apis v0.0.0 - k8s.io/apimachinery v0.25.5 - k8s.io/client-go v0.25.5 + k8s.io/apimachinery v0.25.7 + k8s.io/client-go v0.25.7 k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 ) diff --git a/generated/1.25/client/go.sum b/generated/1.25/client/go.sum index 2adbaa18..2a598bea 100644 --- a/generated/1.25/client/go.sum +++ b/generated/1.25/client/go.sum @@ -380,8 +380,8 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10 h1:Frnccbp+ok2GkUS2tC84yAq/U9Vg+0sIO7aRL3T4Xnc= -golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -468,12 +468,12 @@ golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= -golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= +golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -483,8 +483,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= -golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -713,12 +713,12 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.25.5 h1:mqyHf7aoaYMpdvO87mqpol+Qnsmo+y09S0PMIXwiZKo= -k8s.io/api v0.25.5/go.mod h1:RzplZX0Z8rV/WhSTfEvnyd91bBhBQTRWo85qBQwRmb8= -k8s.io/apimachinery v0.25.5 h1:SQomYHvv+aO43qdu3QKRf9YuI0oI8w3RrOQ1qPbAUGY= -k8s.io/apimachinery v0.25.5/go.mod h1:1S2i1QHkmxc8+EZCIxe/fX5hpldVXk4gvnJInMEb8D4= -k8s.io/client-go v0.25.5 h1:7QWVK0Ph4bLn0UwotPTc2FTgm8shreQXyvXnnHDd8rE= -k8s.io/client-go v0.25.5/go.mod h1:bOeoaUUdpyz3WDFGo+Xm3nOQFh2KuYXRDwrvbAPtFQA= +k8s.io/api v0.25.7 h1:r+J8U7CPhPNNTvyow1yw6IzdLt6nBCvPQEW8Cdglep8= +k8s.io/api v0.25.7/go.mod h1:9epkK0wROSVQJKaKW3eY/thGtfbILsLqweTq99qKynk= +k8s.io/apimachinery v0.25.7 h1:kDtoW8uvDkwKc9Lq2sablqWTMZUloRjJVZWURFrdAiI= +k8s.io/apimachinery v0.25.7/go.mod h1:ZTl0drTQaFi5gMM3snYI5tWV1XJmRH1gfnDx2QCLsxk= +k8s.io/client-go v0.25.7 h1:yERmM57CweHC13+wRek/LjScnL5kw6EnVvjoGwS6F7Y= +k8s.io/client-go v0.25.7/go.mod h1:+msAWrAey/u++r/ij0HISJs3QA+RrqXsIa/LqBAT23o= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= diff --git a/generated/1.26/apis/go.mod b/generated/1.26/apis/go.mod index be6b8dd1..dd5ea1c8 100644 --- a/generated/1.26/apis/go.mod +++ b/generated/1.26/apis/go.mod @@ -4,6 +4,6 @@ module go.pinniped.dev/generated/1.26/apis go 1.13 require ( - k8s.io/api v0.26.0 - k8s.io/apimachinery v0.26.0 + k8s.io/api v0.26.2 + k8s.io/apimachinery v0.26.2 ) diff --git a/generated/1.26/apis/go.sum b/generated/1.26/apis/go.sum index a4ed0d98..0e82547b 100644 --- a/generated/1.26/apis/go.sum +++ b/generated/1.26/apis/go.sum @@ -156,8 +156,8 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10 h1:Frnccbp+ok2GkUS2tC84yAq/U9Vg+0sIO7aRL3T4Xnc= -golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -187,19 +187,19 @@ golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= -golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -262,10 +262,10 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.26.0 h1:IpPlZnxBpV1xl7TGk/X6lFtpgjgntCg8PJ+qrPHAC7I= -k8s.io/api v0.26.0/go.mod h1:k6HDTaIFC8yn1i6pSClSqIwLABIcLV9l5Q4EcngKnQg= -k8s.io/apimachinery v0.26.0 h1:1feANjElT7MvPqp0JT6F3Ss6TWDwmcjLypwoPpEf7zg= -k8s.io/apimachinery v0.26.0/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= +k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ= +k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU= +k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ= +k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= diff --git a/generated/1.26/client/concierge/openapi/zz_generated.openapi.go b/generated/1.26/client/concierge/openapi/zz_generated.openapi.go index 067270df..a2545e6a 100644 --- a/generated/1.26/client/concierge/openapi/zz_generated.openapi.go +++ b/generated/1.26/client/concierge/openapi/zz_generated.openapi.go @@ -10109,7 +10109,10 @@ func schema_k8sio_api_core_v1_ResourceRequirements(ref common.ReferenceCallback) "claims": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ - "x-kubernetes-list-type": "set", + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ diff --git a/generated/1.26/client/go.mod b/generated/1.26/client/go.mod index 5543e346..3acaecb1 100644 --- a/generated/1.26/client/go.mod +++ b/generated/1.26/client/go.mod @@ -5,8 +5,8 @@ go 1.13 require ( go.pinniped.dev/generated/1.26/apis v0.0.0 - k8s.io/apimachinery v0.26.0 - k8s.io/client-go v0.26.0 + k8s.io/apimachinery v0.26.2 + k8s.io/client-go v0.26.2 k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 ) diff --git a/generated/1.26/client/go.sum b/generated/1.26/client/go.sum index 1f3d513f..0a12c08c 100644 --- a/generated/1.26/client/go.sum +++ b/generated/1.26/client/go.sum @@ -312,8 +312,8 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10 h1:Frnccbp+ok2GkUS2tC84yAq/U9Vg+0sIO7aRL3T4Xnc= -golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -373,13 +373,13 @@ golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= -golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= +golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -388,8 +388,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= -golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -556,12 +556,12 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.26.0 h1:IpPlZnxBpV1xl7TGk/X6lFtpgjgntCg8PJ+qrPHAC7I= -k8s.io/api v0.26.0/go.mod h1:k6HDTaIFC8yn1i6pSClSqIwLABIcLV9l5Q4EcngKnQg= -k8s.io/apimachinery v0.26.0 h1:1feANjElT7MvPqp0JT6F3Ss6TWDwmcjLypwoPpEf7zg= -k8s.io/apimachinery v0.26.0/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= -k8s.io/client-go v0.26.0 h1:lT1D3OfO+wIi9UFolCrifbjUUgu7CpLca0AD8ghRLI8= -k8s.io/client-go v0.26.0/go.mod h1:I2Sh57A79EQsDmn7F7ASpmru1cceh3ocVT9KlX2jEZg= +k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ= +k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU= +k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ= +k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= +k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI= +k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= diff --git a/generated/latest/client/concierge/openapi/zz_generated.openapi.go b/generated/latest/client/concierge/openapi/zz_generated.openapi.go index d72417ac..a9a87181 100644 --- a/generated/latest/client/concierge/openapi/zz_generated.openapi.go +++ b/generated/latest/client/concierge/openapi/zz_generated.openapi.go @@ -10109,7 +10109,10 @@ func schema_k8sio_api_core_v1_ResourceRequirements(ref common.ReferenceCallback) "claims": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ - "x-kubernetes-list-type": "set", + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ diff --git a/hack/lib/kube-versions.txt b/hack/lib/kube-versions.txt index 0e4a1607..2ce34238 100644 --- a/hack/lib/kube-versions.txt +++ b/hack/lib/kube-versions.txt @@ -1,7 +1,7 @@ -1.26.0 -1.25.5 -1.24.9 -1.23.15 +1.26.2 +1.25.7 +1.24.11 +1.23.17 1.22.17 1.21.14 1.20.15 From 1c8ab72f4f965aefcc53715df31e2b9a6c543991 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Sun, 5 Mar 2023 21:45:13 -0600 Subject: [PATCH 03/17] Update test asserts for Golang 1.19 and 1.20 TLS error messages --- .../oidc_upstream_watcher_test.go | 9 ++--- internal/plog/config_test.go | 35 +++++++++++-------- internal/testutil/assertions.go | 5 +-- internal/testutil/tlsassertions/assertions.go | 10 ++++++ .../tlsassertions/assertions_before_go1.20.go | 10 ++++++ .../testutil/tlsassertions/assertions_test.go | 22 ++++++++++++ internal/upstreamldap/upstreamldap_test.go | 3 +- 7 files changed, 73 insertions(+), 21 deletions(-) create mode 100644 internal/testutil/tlsassertions/assertions.go create mode 100644 internal/testutil/tlsassertions/assertions_before_go1.20.go create mode 100644 internal/testutil/tlsassertions/assertions_test.go diff --git a/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go b/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go index aad7b1d4..0efb6822 100644 --- a/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go +++ b/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go @@ -15,6 +15,7 @@ import ( "time" "github.com/stretchr/testify/require" + "go.pinniped.dev/internal/testutil/tlsassertions" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -595,11 +596,11 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "msg"="failed to perform OIDC discovery" "error"="Get \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": x509: certificate signed by unknown authority" "issuer"="` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" "name"="test-name" "namespace"="test-namespace"`, + `oidc-upstream-observer "msg"="failed to perform OIDC discovery" "error"="Get \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": ` + tlsassertions.GetTlsErrorPrefix() + `x509: certificate signed by unknown authority" "issuer"="` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" "name"="test-name" "namespace"="test-namespace"`, `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\":\nGet \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": x509: certificate signed by unknown authority" "reason"="Unreachable" "status"="False" "type"="OIDCDiscoverySucceeded"`, + `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\":\nGet \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": ` + tlsassertions.GetTlsErrorPrefix() + `x509: certificate signed by unknown authority" "reason"="Unreachable" "status"="False" "type"="OIDCDiscoverySucceeded"`, `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\":\nGet \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": x509: certificate signed by unknown authority" "name"="test-name" "namespace"="test-namespace" "reason"="Unreachable" "type"="OIDCDiscoverySucceeded"`, + `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\":\nGet \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": ` + tlsassertions.GetTlsErrorPrefix() + `x509: certificate signed by unknown authority" "name"="test-name" "namespace"="test-namespace" "reason"="Unreachable" "type"="OIDCDiscoverySucceeded"`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []v1alpha1.OIDCIdentityProvider{{ @@ -621,7 +622,7 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { LastTransitionTime: now, Reason: "Unreachable", Message: `failed to perform OIDC discovery against "` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee": -Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration": x509: certificate signed by unknown authority`, +Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration": ` + tlsassertions.GetTlsErrorPrefix() + `x509: certificate signed by unknown authority`, }, }, }, diff --git a/internal/plog/config_test.go b/internal/plog/config_test.go index 25cafadc..a3e7425e 100644 --- a/internal/plog/config_test.go +++ b/internal/plog/config_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package plog @@ -11,6 +11,7 @@ import ( "os" "runtime" "strconv" + "strings" "testing" "time" @@ -43,7 +44,7 @@ func TestFormat(t *testing.T) { wd, err := os.Getwd() require.NoError(t, err) - const startLogLine = 46 // make this match the current line number + const startLogLine = 47 // make this match the current line number Info("hello", "happy", "day", "duration", time.Hour+time.Minute) require.True(t, scanner.Scan()) @@ -122,6 +123,12 @@ func TestFormat(t *testing.T) { WithName("stacky").WithName("does").Info("has a stack trace!") require.True(t, scanner.Scan()) require.NoError(t, scanner.Err()) + + line := "1576" + if strings.Contains(runtime.Version(), "1.19") { + line = "1446" + } + require.JSONEq(t, fmt.Sprintf(` { "level": "info", @@ -136,8 +143,8 @@ func TestFormat(t *testing.T) { `go.pinniped.dev/internal/plog.TestFormat %s/config_test.go:%d testing.tRunner - %s/src/testing/testing.go:1446`, - wd, startLogLine+2+13+14+11+12+24, runtime.GOROOT(), + %s/src/testing/testing.go:%s`, + wd, startLogLine+2+13+14+11+12+24, runtime.GOROOT(), line, ), ), ), scanner.Text()) @@ -151,13 +158,13 @@ testing.tRunner require.True(t, scanner.Scan()) require.NoError(t, scanner.Err()) require.Equal(t, fmt.Sprintf(nowStr+` plog/config_test.go:%d something happened {"error": "invalid log format, valid choices are the empty string, json and text", "an": "item"}`, - startLogLine+2+13+14+11+12+24+28), scanner.Text()) + startLogLine+2+13+14+11+12+24+28+6), scanner.Text()) Logr().WithName("burrito").Error(errInvalidLogLevel, "wee", "a", "b", "slightly less than a year", 363*24*time.Hour, "slightly more than 2 years", 2*367*24*time.Hour) require.True(t, scanner.Scan()) require.NoError(t, scanner.Err()) require.Equal(t, fmt.Sprintf(nowStr+` burrito plog/config_test.go:%d wee {"a": "b", "slightly less than a year": "363d", "slightly more than 2 years": "2y4d", "error": "invalid log level, valid choices are the empty string, info, debug, trace and all"}`, - startLogLine+2+13+14+11+12+24+28+6), scanner.Text()) + startLogLine+2+13+14+11+12+24+28+6+6), scanner.Text()) origTimeNow := textlogger.TimeNow t.Cleanup(func() { @@ -183,19 +190,19 @@ testing.tRunner require.True(t, scanner.Scan()) require.NoError(t, scanner.Err()) require.Equal(t, fmt.Sprintf(`I1121 23:37:26.953313%8d config_test.go:%d] "what is happening" does klog="work?"`, - pid, startLogLine+2+13+14+11+12+24+28+6+26), scanner.Text()) + pid, startLogLine+2+13+14+11+12+24+28+6+26+6), scanner.Text()) Logr().WithName("panda").V(KlogLevelDebug).Info("are the best", "yes?", "yes.") require.True(t, scanner.Scan()) require.NoError(t, scanner.Err()) require.Equal(t, fmt.Sprintf(`I1121 23:37:26.953313%8d config_test.go:%d] "panda: are the best" yes?="yes."`, - pid, startLogLine+2+13+14+11+12+24+28+6+26+6), scanner.Text()) + pid, startLogLine+2+13+14+11+12+24+28+6+26+6+6), scanner.Text()) New().WithName("hi").WithName("there").WithValues("a", 1, "b", 2).Always("do it") require.True(t, scanner.Scan()) require.NoError(t, scanner.Err()) require.Equal(t, fmt.Sprintf(`I1121 23:37:26.953313%8d config_test.go:%d] "hi/there: do it" a=1 b=2`, - pid, startLogLine+2+13+14+11+12+24+28+6+26+6+6), scanner.Text()) + pid, startLogLine+2+13+14+11+12+24+28+6+26+6+6+6), scanner.Text()) l := WithValues("x", 33, "z", 22) l.Debug("what to do") @@ -203,17 +210,17 @@ testing.tRunner require.True(t, scanner.Scan()) require.NoError(t, scanner.Err()) require.Equal(t, fmt.Sprintf(`I1121 23:37:26.953313%8d config_test.go:%d] "what to do" x=33 z=22`, - pid, startLogLine+2+13+14+11+12+24+28+6+26+6+6+7), scanner.Text()) + pid, startLogLine+2+13+14+11+12+24+28+6+26+6+6+7+6), scanner.Text()) require.True(t, scanner.Scan()) require.NoError(t, scanner.Err()) require.Equal(t, fmt.Sprintf(`I1121 23:37:26.953313%8d config_test.go:%d] "and why" x=33 z=22`, - pid, startLogLine+2+13+14+11+12+24+28+6+26+6+6+7+1), scanner.Text()) + pid, startLogLine+2+13+14+11+12+24+28+6+26+6+6+7+1+6), scanner.Text()) old.Always("should be klog text format", "for", "sure") require.True(t, scanner.Scan()) require.NoError(t, scanner.Err()) require.Equal(t, fmt.Sprintf(`I1121 23:37:26.953313%8d config_test.go:%d] "created before mode change: should be klog text format" is="old" for="sure"`, - pid, startLogLine+2+13+14+11+12+24+28+6+26+6+6+7+1+10), scanner.Text()) + pid, startLogLine+2+13+14+11+12+24+28+6+26+6+6+7+1+10+6), scanner.Text()) // make sure child loggers do not share state old1 := old.WithValues("i am", "old1") @@ -223,11 +230,11 @@ testing.tRunner require.True(t, scanner.Scan()) require.NoError(t, scanner.Err()) require.Equal(t, fmt.Sprintf(`I1121 23:37:26.953313%8d config_test.go:%d] "created before mode change: warn" is="old" i am="old1" warning=true`, - pid, startLogLine+2+13+14+11+12+24+28+6+26+6+6+7+1+10+9), scanner.Text()) + pid, startLogLine+2+13+14+11+12+24+28+6+26+6+6+7+1+10+9+6), scanner.Text()) require.True(t, scanner.Scan()) require.NoError(t, scanner.Err()) require.Equal(t, fmt.Sprintf(`I1121 23:37:26.953313%8d config_test.go:%d] "created before mode change/old2: info" is="old"`, - pid, startLogLine+2+13+14+11+12+24+28+6+26+6+6+7+1+10+9+1), scanner.Text()) + pid, startLogLine+2+13+14+11+12+24+28+6+26+6+6+7+1+10+9+1+6), scanner.Text()) Trace("should not be logged", "for", "sure") require.Empty(t, buf.String()) diff --git a/internal/testutil/assertions.go b/internal/testutil/assertions.go index 5d1909a2..8db7ec2e 100644 --- a/internal/testutil/assertions.go +++ b/internal/testutil/assertions.go @@ -12,6 +12,7 @@ import ( "time" "github.com/stretchr/testify/require" + "go.pinniped.dev/internal/testutil/tlsassertions" v12 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/selection" @@ -179,8 +180,8 @@ func WantX509UntrustedCertErrorString(expectedErrorFormatSpecifier string, expec // This is the normal Go x509 library error string. standardErr := `x509: certificate signed by unknown authority` allowedErrorStrings := []string{ - fmt.Sprintf(expectedErrorFormatSpecifier, macOSErr), - fmt.Sprintf(expectedErrorFormatSpecifier, standardErr), + fmt.Sprintf(expectedErrorFormatSpecifier, tlsassertions.GetTlsErrorPrefix()+macOSErr), + fmt.Sprintf(expectedErrorFormatSpecifier, tlsassertions.GetTlsErrorPrefix()+standardErr), } // Allow either. require.Contains(t, allowedErrorStrings, actualErrorStr) diff --git a/internal/testutil/tlsassertions/assertions.go b/internal/testutil/tlsassertions/assertions.go new file mode 100644 index 00000000..80b2ddb5 --- /dev/null +++ b/internal/testutil/tlsassertions/assertions.go @@ -0,0 +1,10 @@ +// Copyright 2023 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +//go:build go1.20 + +package tlsassertions + +func GetTlsErrorPrefix() string { + return "tls: failed to verify certificate: " +} diff --git a/internal/testutil/tlsassertions/assertions_before_go1.20.go b/internal/testutil/tlsassertions/assertions_before_go1.20.go new file mode 100644 index 00000000..f710dba8 --- /dev/null +++ b/internal/testutil/tlsassertions/assertions_before_go1.20.go @@ -0,0 +1,10 @@ +// Copyright 2023 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +//go:build !go1.20 + +package tlsassertions + +func GetTlsErrorPrefix() string { + return "" +} diff --git a/internal/testutil/tlsassertions/assertions_test.go b/internal/testutil/tlsassertions/assertions_test.go new file mode 100644 index 00000000..17b57787 --- /dev/null +++ b/internal/testutil/tlsassertions/assertions_test.go @@ -0,0 +1,22 @@ +// Copyright 2023 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package tlsassertions + +import ( + "runtime" + "strings" + "testing" + + "github.com/stretchr/testify/require" +) + +func TestGetTlsErrorPrefix(t *testing.T) { + expected := "tls: failed to verify certificate: " + + if strings.Contains(runtime.Version(), "1.19") { + expected = "" + } + + require.Equal(t, expected, GetTlsErrorPrefix()) +} diff --git a/internal/upstreamldap/upstreamldap_test.go b/internal/upstreamldap/upstreamldap_test.go index 8c0a5fbf..39f7e4cc 100644 --- a/internal/upstreamldap/upstreamldap_test.go +++ b/internal/upstreamldap/upstreamldap_test.go @@ -19,6 +19,7 @@ import ( "github.com/go-ldap/ldap/v3" "github.com/golang/mock/gomock" "github.com/stretchr/testify/require" + "go.pinniped.dev/internal/testutil/tlsassertions" "k8s.io/apiserver/pkg/authentication/user" "go.pinniped.dev/internal/authenticators" @@ -2025,7 +2026,7 @@ func TestRealTLSDialing(t *testing.T) { caBundle: caForTestServerWithBadCertName.Bundle(), connProto: TLS, context: context.Background(), - wantError: testutil.WantExactErrorString(`LDAP Result Code 200 "Network Error": x509: certificate is valid for 10.2.3.4, not 127.0.0.1`), + wantError: testutil.WantExactErrorString(fmt.Sprintf(`LDAP Result Code 200 "Network Error": %sx509: certificate is valid for 10.2.3.4, not 127.0.0.1`, tlsassertions.GetTlsErrorPrefix())), }, { name: "invalid CA bundle with TLS", From 72d537f8b4eb2411785d25e43f8cffb0a72cd178 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Sun, 5 Mar 2023 22:15:15 -0600 Subject: [PATCH 04/17] Bump all golang deps --- go.mod | 31 +++++++++++++++----------- go.sum | 47 ++++++++++++++++++++------------------- hack/update-go-mod/go.mod | 2 +- 3 files changed, 43 insertions(+), 37 deletions(-) diff --git a/go.mod b/go.mod index d4c56358..6a485c15 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,11 @@ module go.pinniped.dev -go 1.18 +go 1.19 + +// replace required because https://github.com/kubernetes/apiserver/blob/v0.26.2/pkg/server/routes/openapi.go#L44 +// is not updated to use k8s.io/kube-openapi@4b54b81d. +// See https://github.com/kubernetes/kube-openapi/commit/4b54b81dd9c724d5b77bb1582a103bb175cf5a04 +replace k8s.io/kube-openapi => k8s.io/kube-openapi v0.0.0-20230307230338-69ee2d25a840 require ( github.com/MakeNowJust/heredoc/v2 v2.0.1 @@ -31,12 +36,12 @@ require ( github.com/stretchr/testify v1.8.2 github.com/tdewolff/minify/v2 v2.12.4 go.uber.org/zap v1.24.0 - golang.org/x/crypto v0.6.0 - golang.org/x/net v0.7.0 - golang.org/x/oauth2 v0.5.0 + golang.org/x/crypto v0.7.0 + golang.org/x/net v0.8.0 + golang.org/x/oauth2 v0.6.0 golang.org/x/sync v0.1.0 - golang.org/x/term v0.5.0 - golang.org/x/text v0.7.0 + golang.org/x/term v0.6.0 + golang.org/x/text v0.8.0 gopkg.in/square/go-jose.v2 v2.6.0 k8s.io/api v0.26.2 k8s.io/apiextensions-apiserver v0.26.2 @@ -44,11 +49,11 @@ require ( k8s.io/apiserver v0.26.2 k8s.io/client-go v0.26.2 k8s.io/component-base v0.26.2 - k8s.io/gengo v0.0.0-20221011193443-fad74ee6edd9 + k8s.io/gengo v0.0.0-20230306165830-ab3349d207d4 k8s.io/klog/v2 v2.90.1 k8s.io/kube-aggregator v0.26.2 - k8s.io/kube-openapi v0.0.0-20230228151317-19cbebb19cb7 - k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 + k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a + k8s.io/utils v0.0.0-20230313181309-38a27ef9d749 sigs.k8s.io/yaml v1.3.0 ) @@ -63,7 +68,7 @@ require ( github.com/cenkalti/backoff/v4 v4.1.3 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/coreos/go-oidc v2.2.1+incompatible // indirect - github.com/coreos/go-semver v0.3.0 // indirect + github.com/coreos/go-semver v0.3.1 // indirect github.com/coreos/go-systemd/v22 v22.3.2 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/cristalhq/jwt/v4 v4.0.2 // indirect @@ -140,10 +145,10 @@ require ( go.opentelemetry.io/proto/otlp v0.19.0 // indirect go.uber.org/atomic v1.10.0 // indirect go.uber.org/multierr v1.8.0 // indirect - golang.org/x/mod v0.7.0 // indirect - golang.org/x/sys v0.5.0 // indirect + golang.org/x/mod v0.8.0 // indirect + golang.org/x/sys v0.6.0 // indirect golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect - golang.org/x/tools v0.4.0 // indirect + golang.org/x/tools v0.6.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 // indirect google.golang.org/grpc v1.49.0 // indirect diff --git a/go.sum b/go.sum index f826ac70..728631a1 100644 --- a/go.sum +++ b/go.sum @@ -118,8 +118,9 @@ github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHo github.com/coreos/go-oidc/v3 v3.5.0 h1:VxKtbccHZxs8juq7RdJntSqtXFtde9YpNpGn0yqgEHw= github.com/coreos/go-oidc/v3 v3.5.0/go.mod h1:ecXRtV4romGPeO6ieExAsUK9cb/3fp9hXNz1tlv8PIM= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= +github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= @@ -641,8 +642,8 @@ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= -golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -679,8 +680,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA= -golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -735,8 +736,8 @@ golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= -golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -758,8 +759,8 @@ golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= -golang.org/x/oauth2 v0.5.0 h1:HuArIo48skDwlrvM3sEdHXElYslAMsf3KwRkkW4MC4s= -golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= +golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw= +golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -857,13 +858,13 @@ golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= -golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -874,8 +875,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -942,8 +943,8 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4= -golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= +golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1189,8 +1190,8 @@ k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI= k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU= k8s.io/component-base v0.26.2 h1:IfWgCGUDzrD6wLLgXEstJKYZKAFS2kO+rBRi0p3LqcI= k8s.io/component-base v0.26.2/go.mod h1:DxbuIe9M3IZPRxPIzhch2m1eT7uFrSBJUBuVCQEBivs= -k8s.io/gengo v0.0.0-20221011193443-fad74ee6edd9 h1:iu3o/SxaHVI7tKPtkGzD3M9IzrE21j+CUKH98NQJ8Ms= -k8s.io/gengo v0.0.0-20221011193443-fad74ee6edd9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/gengo v0.0.0-20230306165830-ab3349d207d4 h1:aClvVG6GbX10ISHcc24J+tqbr0S7fEe1MWkFJ7cWWCI= +k8s.io/gengo v0.0.0-20230306165830-ab3349d207d4/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= @@ -1198,10 +1199,10 @@ k8s.io/kms v0.26.2 h1:GM1gg3tFK3OUU/QQFi93yGjG3lJT8s8l3Wkn2+VxBLM= k8s.io/kms v0.26.2/go.mod h1:69qGnf1NsFOQP07fBYqNLZklqEHSJF024JqYCaeVxHg= k8s.io/kube-aggregator v0.26.2 h1:WtcLGisa5aCKBbBI1/Xe7gdjPlVb5Xhvs4a8Rdk8EXs= k8s.io/kube-aggregator v0.26.2/go.mod h1:swDTw0k/XghVLR+PCWnP6Y36wR2+DsqL2HUVq8eu0RI= -k8s.io/kube-openapi v0.0.0-20230228151317-19cbebb19cb7 h1:GGNnJLiG6Dk4o75ZHMD40IVsodq/s4kiR0Va5orFZco= -k8s.io/kube-openapi v0.0.0-20230228151317-19cbebb19cb7/go.mod h1:y5VtZWM9sHHc2ZodIH/6SHzXj+TPU5USoA8lcIeKEKY= -k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk= -k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20230307230338-69ee2d25a840 h1:1Q4XWtrQQh04ZweCpL7aMNYafFMoPEiST4dl5b4PmYw= +k8s.io/kube-openapi v0.0.0-20230307230338-69ee2d25a840/go.mod h1:y5VtZWM9sHHc2ZodIH/6SHzXj+TPU5USoA8lcIeKEKY= +k8s.io/utils v0.0.0-20230313181309-38a27ef9d749 h1:xMMXJlJbsU8w3V5N2FLDQ8YgU8s1EoULdbQBcAeNJkY= +k8s.io/utils v0.0.0-20230313181309-38a27ef9d749/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/hack/update-go-mod/go.mod b/hack/update-go-mod/go.mod index 29351324..d518b1b2 100644 --- a/hack/update-go-mod/go.mod +++ b/hack/update-go-mod/go.mod @@ -1,5 +1,5 @@ module go.pinniped.dev/update-go-mod -go 1.18 +go 1.19 require golang.org/x/mod v0.8.0 From a783a5d6b2e2c87d351499f1ba59aa097c31b933 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Mon, 13 Mar 2023 18:31:12 -0500 Subject: [PATCH 05/17] Bump to golang 1.20.2 --- Dockerfile | 2 +- hack/Dockerfile_fips | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 797f9445..6d8448af 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ # Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -FROM golang:1.20.1 as build-env +FROM golang:1.20.2 as build-env WORKDIR /work COPY . . diff --git a/hack/Dockerfile_fips b/hack/Dockerfile_fips index 798c89a8..a2086b0a 100644 --- a/hack/Dockerfile_fips +++ b/hack/Dockerfile_fips @@ -15,7 +15,7 @@ # hidden behind a `GOEXPERIMENT=boringcrypto` env var. # See https://go.googlesource.com/go/+/dev.boringcrypto/README.boringcrypto.md # and https://kupczynski.info/posts/fips-golang/ for details. -FROM golang:1.20.1 as build-env +FROM golang:1.20.2 as build-env WORKDIR /work COPY . . From 6ee05611a17fb6a34ef7ab54ba7419ab675e31b5 Mon Sep 17 00:00:00 2001 From: Jamie Klassen Date: Thu, 16 Mar 2023 15:51:17 -0400 Subject: [PATCH 06/17] use apiGroup without version in webapp auth howto --- site/content/docs/howto/configure-auth-for-webapps.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/content/docs/howto/configure-auth-for-webapps.md b/site/content/docs/howto/configure-auth-for-webapps.md index 1b535eb6..182b2807 100644 --- a/site/content/docs/howto/configure-auth-for-webapps.md +++ b/site/content/docs/howto/configure-auth-for-webapps.md @@ -374,7 +374,7 @@ kind: TokenCredentialRequest spec: token: authenticator: - apiGroup: authentication.concierge.pinniped.dev/v1alpha1 + apiGroup: authentication.concierge.pinniped.dev kind: JWTAuthenticator name: ``` From fc0f9d959abdc8b11de7ee7bb82608271b014367 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Thu, 16 Mar 2023 13:13:49 -0500 Subject: [PATCH 07/17] Bump golangci-lint to 1.51.2 and fix lint issues --- hack/install-linter.sh | 4 ++-- hack/module.sh | 2 ++ hack/update-go-mod/main.go | 4 ++-- .../oidcupstreamwatcher/oidc_upstream_watcher_test.go | 10 +++++----- internal/testutil/assertions.go | 7 ++++--- internal/testutil/testlogger/stdr_copied.go | 4 ++-- internal/testutil/tlsassertions/assertions.go | 2 +- internal/testutil/tlsassertions/assertions_test.go | 4 ++-- internal/upstreamldap/upstreamldap_test.go | 4 ++-- test/testlib/cli.go | 3 ++- 10 files changed, 24 insertions(+), 20 deletions(-) diff --git a/hack/install-linter.sh b/hack/install-linter.sh index a631f50d..a06755c8 100755 --- a/hack/install-linter.sh +++ b/hack/install-linter.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright 2022 the Pinniped contributors. All Rights Reserved. +# Copyright 2022-2023 the Pinniped contributors. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 set -euo pipefail @@ -15,7 +15,7 @@ go version # so you can get the same results when running the linter locally. # Whenever the linter is updated in the CI pipelines, it should also be # updated here to make local development more convenient. -go install -v github.com/golangci/golangci-lint/cmd/golangci-lint@v1.49.0 +go install -v github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.2 golangci-lint --version echo "Finished. You may need to run 'rehash' in your current shell before using the new version (e.g. if you are using gvm)." diff --git a/hack/module.sh b/hack/module.sh index 6fce51e2..3d94a98e 100755 --- a/hack/module.sh +++ b/hack/module.sh @@ -70,6 +70,8 @@ function main() { with_modules 'tidy_cmd' ;; 'lint' | 'linter' | 'linters') + golangci-lint --version + echo with_modules 'lint_cmd' ;; 'test' | 'tests') diff --git a/hack/update-go-mod/main.go b/hack/update-go-mod/main.go index ce61031c..790b78e2 100644 --- a/hack/update-go-mod/main.go +++ b/hack/update-go-mod/main.go @@ -1,8 +1,8 @@ -package main - // Copyright 2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 +package main + import ( "fmt" "log" diff --git a/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go b/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go index 0efb6822..ae8a2973 100644 --- a/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go +++ b/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go @@ -15,7 +15,6 @@ import ( "time" "github.com/stretchr/testify/require" - "go.pinniped.dev/internal/testutil/tlsassertions" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -34,6 +33,7 @@ import ( "go.pinniped.dev/internal/testutil" "go.pinniped.dev/internal/testutil/oidctestutil" "go.pinniped.dev/internal/testutil/testlogger" + "go.pinniped.dev/internal/testutil/tlsassertions" "go.pinniped.dev/internal/upstreamoidc" ) @@ -596,11 +596,11 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { }}, wantErr: controllerlib.ErrSyntheticRequeue.Error(), wantLogs: []string{ - `oidc-upstream-observer "msg"="failed to perform OIDC discovery" "error"="Get \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": ` + tlsassertions.GetTlsErrorPrefix() + `x509: certificate signed by unknown authority" "issuer"="` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" "name"="test-name" "namespace"="test-namespace"`, + `oidc-upstream-observer "msg"="failed to perform OIDC discovery" "error"="Get \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": ` + tlsassertions.GetTLSErrorPrefix() + `x509: certificate signed by unknown authority" "issuer"="` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" "name"="test-name" "namespace"="test-namespace"`, `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsValid"`, - `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\":\nGet \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": ` + tlsassertions.GetTlsErrorPrefix() + `x509: certificate signed by unknown authority" "reason"="Unreachable" "status"="False" "type"="OIDCDiscoverySucceeded"`, + `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\":\nGet \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": ` + tlsassertions.GetTLSErrorPrefix() + `x509: certificate signed by unknown authority" "reason"="Unreachable" "status"="False" "type"="OIDCDiscoverySucceeded"`, `oidc-upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="additionalAuthorizeParameters parameter names are allowed" "reason"="Success" "status"="True" "type"="AdditionalAuthorizeParametersValid"`, - `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\":\nGet \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": ` + tlsassertions.GetTlsErrorPrefix() + `x509: certificate signed by unknown authority" "name"="test-name" "namespace"="test-namespace" "reason"="Unreachable" "type"="OIDCDiscoverySucceeded"`, + `oidc-upstream-observer "msg"="found failing condition" "error"="OIDCIdentityProvider has a failing condition" "message"="failed to perform OIDC discovery against \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\":\nGet \"` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration\": ` + tlsassertions.GetTLSErrorPrefix() + `x509: certificate signed by unknown authority" "name"="test-name" "namespace"="test-namespace" "reason"="Unreachable" "type"="OIDCDiscoverySucceeded"`, }, wantResultingCache: []*oidctestutil.TestUpstreamOIDCIdentityProvider{}, wantResultingUpstreams: []v1alpha1.OIDCIdentityProvider{{ @@ -622,7 +622,7 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { LastTransitionTime: now, Reason: "Unreachable", Message: `failed to perform OIDC discovery against "` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee": -Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration": ` + tlsassertions.GetTlsErrorPrefix() + `x509: certificate signed by unknown authority`, +Get "` + testIssuerURL + `/valid-url-that-is-really-really-long-nanananananananannanananan-batman-nanananananananananananananana-batman-lalalalalalalalalal-batman-weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/.well-known/openid-configuration": ` + tlsassertions.GetTLSErrorPrefix() + `x509: certificate signed by unknown authority`, }, }, }, diff --git a/internal/testutil/assertions.go b/internal/testutil/assertions.go index 8db7ec2e..abf380c7 100644 --- a/internal/testutil/assertions.go +++ b/internal/testutil/assertions.go @@ -12,11 +12,12 @@ import ( "time" "github.com/stretchr/testify/require" - "go.pinniped.dev/internal/testutil/tlsassertions" v12 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/selection" v1 "k8s.io/client-go/kubernetes/typed/core/v1" + + "go.pinniped.dev/internal/testutil/tlsassertions" ) func RequireTimeInDelta(t *testing.T, t1 time.Time, t2 time.Time, delta time.Duration) { @@ -180,8 +181,8 @@ func WantX509UntrustedCertErrorString(expectedErrorFormatSpecifier string, expec // This is the normal Go x509 library error string. standardErr := `x509: certificate signed by unknown authority` allowedErrorStrings := []string{ - fmt.Sprintf(expectedErrorFormatSpecifier, tlsassertions.GetTlsErrorPrefix()+macOSErr), - fmt.Sprintf(expectedErrorFormatSpecifier, tlsassertions.GetTlsErrorPrefix()+standardErr), + fmt.Sprintf(expectedErrorFormatSpecifier, tlsassertions.GetTLSErrorPrefix()+macOSErr), + fmt.Sprintf(expectedErrorFormatSpecifier, tlsassertions.GetTLSErrorPrefix()+standardErr), } // Allow either. require.Contains(t, allowedErrorStrings, actualErrorStr) diff --git a/internal/testutil/testlogger/stdr_copied.go b/internal/testutil/testlogger/stdr_copied.go index 33713c54..af04ced6 100644 --- a/internal/testutil/testlogger/stdr_copied.go +++ b/internal/testutil/testlogger/stdr_copied.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package testlogger @@ -33,7 +33,7 @@ type logger struct { func (l logger) clone() logger { out := l - l.values = copySlice(l.values) //nolint:staticcheck // ignore ineffective assignment warning + l.values = copySlice(l.values) return out } diff --git a/internal/testutil/tlsassertions/assertions.go b/internal/testutil/tlsassertions/assertions.go index 80b2ddb5..e9fc3187 100644 --- a/internal/testutil/tlsassertions/assertions.go +++ b/internal/testutil/tlsassertions/assertions.go @@ -5,6 +5,6 @@ package tlsassertions -func GetTlsErrorPrefix() string { +func GetTLSErrorPrefix() string { return "tls: failed to verify certificate: " } diff --git a/internal/testutil/tlsassertions/assertions_test.go b/internal/testutil/tlsassertions/assertions_test.go index 17b57787..706fb21d 100644 --- a/internal/testutil/tlsassertions/assertions_test.go +++ b/internal/testutil/tlsassertions/assertions_test.go @@ -11,12 +11,12 @@ import ( "github.com/stretchr/testify/require" ) -func TestGetTlsErrorPrefix(t *testing.T) { +func TestGetTLSErrorPrefix(t *testing.T) { expected := "tls: failed to verify certificate: " if strings.Contains(runtime.Version(), "1.19") { expected = "" } - require.Equal(t, expected, GetTlsErrorPrefix()) + require.Equal(t, expected, GetTLSErrorPrefix()) } diff --git a/internal/upstreamldap/upstreamldap_test.go b/internal/upstreamldap/upstreamldap_test.go index 39f7e4cc..469b5bff 100644 --- a/internal/upstreamldap/upstreamldap_test.go +++ b/internal/upstreamldap/upstreamldap_test.go @@ -19,7 +19,6 @@ import ( "github.com/go-ldap/ldap/v3" "github.com/golang/mock/gomock" "github.com/stretchr/testify/require" - "go.pinniped.dev/internal/testutil/tlsassertions" "k8s.io/apiserver/pkg/authentication/user" "go.pinniped.dev/internal/authenticators" @@ -29,6 +28,7 @@ import ( "go.pinniped.dev/internal/mocks/mockldapconn" "go.pinniped.dev/internal/oidc/provider" "go.pinniped.dev/internal/testutil" + "go.pinniped.dev/internal/testutil/tlsassertions" "go.pinniped.dev/internal/testutil/tlsserver" ) @@ -2026,7 +2026,7 @@ func TestRealTLSDialing(t *testing.T) { caBundle: caForTestServerWithBadCertName.Bundle(), connProto: TLS, context: context.Background(), - wantError: testutil.WantExactErrorString(fmt.Sprintf(`LDAP Result Code 200 "Network Error": %sx509: certificate is valid for 10.2.3.4, not 127.0.0.1`, tlsassertions.GetTlsErrorPrefix())), + wantError: testutil.WantExactErrorString(fmt.Sprintf(`LDAP Result Code 200 "Network Error": %sx509: certificate is valid for 10.2.3.4, not 127.0.0.1`, tlsassertions.GetTLSErrorPrefix())), }, { name: "invalid CA bundle with TLS", diff --git a/test/testlib/cli.go b/test/testlib/cli.go index b347bf9c..303087d7 100644 --- a/test/testlib/cli.go +++ b/test/testlib/cli.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package testlib @@ -37,6 +37,7 @@ func PinnipedCLIPath(t *testing.T) string { path := filepath.Join(testutil.TempDir(t), "pinniped") if pinnipedCLIBinaryCache.buf != nil { t.Log("using previously built pinniped CLI binary") + //nolint:gosec // this is test code. require.NoError(t, os.WriteFile(path, pinnipedCLIBinaryCache.buf, 0500)) return path } From 255f51f75b3fac2c868d51efc77b357778b2b761 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Mon, 20 Mar 2023 10:50:53 -0500 Subject: [PATCH 08/17] Bump all golang dependencies --- go.mod | 24 ++++++++++---------- go.sum | 48 +++++++++++++++++++-------------------- hack/update-go-mod/go.mod | 2 +- hack/update-go-mod/go.sum | 4 ++-- 4 files changed, 39 insertions(+), 39 deletions(-) diff --git a/go.mod b/go.mod index 6a485c15..53c4efef 100644 --- a/go.mod +++ b/go.mod @@ -34,7 +34,7 @@ require ( github.com/spf13/cobra v1.6.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.2 - github.com/tdewolff/minify/v2 v2.12.4 + github.com/tdewolff/minify/v2 v2.12.5 go.uber.org/zap v1.24.0 golang.org/x/crypto v0.7.0 golang.org/x/net v0.8.0 @@ -43,15 +43,15 @@ require ( golang.org/x/term v0.6.0 golang.org/x/text v0.8.0 gopkg.in/square/go-jose.v2 v2.6.0 - k8s.io/api v0.26.2 - k8s.io/apiextensions-apiserver v0.26.2 - k8s.io/apimachinery v0.26.2 - k8s.io/apiserver v0.26.2 - k8s.io/client-go v0.26.2 - k8s.io/component-base v0.26.2 + k8s.io/api v0.26.3 + k8s.io/apiextensions-apiserver v0.26.3 + k8s.io/apimachinery v0.26.3 + k8s.io/apiserver v0.26.3 + k8s.io/client-go v0.26.3 + k8s.io/component-base v0.26.3 k8s.io/gengo v0.0.0-20230306165830-ab3349d207d4 k8s.io/klog/v2 v2.90.1 - k8s.io/kube-aggregator v0.26.2 + k8s.io/kube-aggregator v0.26.3 k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a k8s.io/utils v0.0.0-20230313181309-38a27ef9d749 sigs.k8s.io/yaml v1.3.0 @@ -74,7 +74,7 @@ require ( github.com/cristalhq/jwt/v4 v4.0.2 // indirect github.com/dave/jennifer v1.4.0 // indirect github.com/dgraph-io/ristretto v0.1.0 // indirect - github.com/dustin/go-humanize v1.0.0 // indirect + github.com/dustin/go-humanize v1.0.1 // indirect github.com/ecordell/optgen v0.0.6 // indirect github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect @@ -129,7 +129,7 @@ require ( github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/stoewer/go-strcase v1.2.0 // indirect github.com/subosito/gotenv v1.4.0 // indirect - github.com/tdewolff/parse/v2 v2.6.4 // indirect + github.com/tdewolff/parse/v2 v2.6.5 // indirect go.etcd.io/etcd/api/v3 v3.5.5 // indirect go.etcd.io/etcd/client/pkg/v3 v3.5.5 // indirect go.etcd.io/etcd/client/v3 v3.5.5 // indirect @@ -158,8 +158,8 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/kms v0.26.2 // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35 // indirect + k8s.io/kms v0.26.3 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect ) diff --git a/go.sum b/go.sum index 728631a1..8c40010b 100644 --- a/go.sum +++ b/go.sum @@ -148,8 +148,9 @@ github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUn github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/djherbis/atime v1.1.0/go.mod h1:28OF6Y8s3NQWwacXc5eZTsEsiMzp7LF8MbXE+XJPdBE= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/ecordell/optgen v0.0.6 h1:aSknPe6ZUBrjwHGp2+6XfmfCGYGD6W0ZDfCmmsrS7s4= github.com/ecordell/optgen v0.0.6/go.mod h1:bAPkLVWcBlTX5EkXW0UTPRj3+yjq2I6VLgH8OasuQEM= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc= @@ -175,7 +176,6 @@ github.com/form3tech-oss/jwt-go v3.2.5+incompatible/go.mod h1:pbq4aXjuKjdthFRnoD github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -554,10 +554,10 @@ github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/subosito/gotenv v1.4.0 h1:yAzM1+SmVcz5R4tXGsNMu1jUl2aOJXoiWUCEwwnGrvs= github.com/subosito/gotenv v1.4.0/go.mod h1:mZd6rFysKEcUhUHXJk0C/08wAgyDBFuwEYL7vWWGaGo= -github.com/tdewolff/minify/v2 v2.12.4 h1:kejsHQMM17n6/gwdw53qsi6lg0TGddZADVyQOz1KMdE= -github.com/tdewolff/minify/v2 v2.12.4/go.mod h1:h+SRvSIX3kwgwTFOpSckvSxgax3uy8kZTSF1Ojrr3bk= -github.com/tdewolff/parse/v2 v2.6.4 h1:KCkDvNUMof10e3QExio9OPZJT8SbdKojLBumw8YZycQ= -github.com/tdewolff/parse/v2 v2.6.4/go.mod h1:woz0cgbLwFdtbjJu8PIKxhW05KplTFQkOdX78o+Jgrs= +github.com/tdewolff/minify/v2 v2.12.5 h1:s2KDBt/D/3ayE3gcqQF8VIgTmYgkx+btuLvVAeePzZM= +github.com/tdewolff/minify/v2 v2.12.5/go.mod h1:i8QXtVyL7Ddwc4I5gqzvgBqKlTMgMNTbiXaPO4Iqg+A= +github.com/tdewolff/parse/v2 v2.6.5 h1:lYvWBk55GkqKl0JJenGpmrgu/cPHQQ6/Mm1hBGswoGQ= +github.com/tdewolff/parse/v2 v2.6.5/go.mod h1:woz0cgbLwFdtbjJu8PIKxhW05KplTFQkOdX78o+Jgrs= github.com/tdewolff/test v1.0.7 h1:8Vs0142DmPFW/bQeHRP3MV19m1gvndjUb1sn8yy74LM= github.com/tdewolff/test v1.0.7/go.mod h1:6DAvZliBAAnD7rhVgwaM7DE5/d9NMOAJ09SqYqeK4QE= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= @@ -1178,27 +1178,27 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ= -k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU= -k8s.io/apiextensions-apiserver v0.26.2 h1:/yTG2B9jGY2Q70iGskMf41qTLhL9XeNN2KhI0uDgwko= -k8s.io/apiextensions-apiserver v0.26.2/go.mod h1:Y7UPgch8nph8mGCuVk0SK83LnS8Esf3n6fUBgew8SH8= -k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ= -k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= -k8s.io/apiserver v0.26.2 h1:Pk8lmX4G14hYqJd1poHGC08G03nIHVqdJMR0SD3IH3o= -k8s.io/apiserver v0.26.2/go.mod h1:GHcozwXgXsPuOJ28EnQ/jXEM9QeG6HT22YxSNmpYNh8= -k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI= -k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU= -k8s.io/component-base v0.26.2 h1:IfWgCGUDzrD6wLLgXEstJKYZKAFS2kO+rBRi0p3LqcI= -k8s.io/component-base v0.26.2/go.mod h1:DxbuIe9M3IZPRxPIzhch2m1eT7uFrSBJUBuVCQEBivs= +k8s.io/api v0.26.3 h1:emf74GIQMTik01Aum9dPP0gAypL8JTLl/lHa4V9RFSU= +k8s.io/api v0.26.3/go.mod h1:PXsqwPMXBSBcL1lJ9CYDKy7kIReUydukS5JiRlxC3qE= +k8s.io/apiextensions-apiserver v0.26.3 h1:5PGMm3oEzdB1W/FTMgGIDmm100vn7IaUP5er36dB+YE= +k8s.io/apiextensions-apiserver v0.26.3/go.mod h1:jdA5MdjNWGP+njw1EKMZc64xAT5fIhN6VJrElV3sfpQ= +k8s.io/apimachinery v0.26.3 h1:dQx6PNETJ7nODU3XPtrwkfuubs6w7sX0M8n61zHIV/k= +k8s.io/apimachinery v0.26.3/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= +k8s.io/apiserver v0.26.3 h1:blBpv+yOiozkPH2aqClhJmJY+rp53Tgfac4SKPDJnU4= +k8s.io/apiserver v0.26.3/go.mod h1:CJe/VoQNcXdhm67EvaVjYXxR3QyfwpceKPuPaeLibTA= +k8s.io/client-go v0.26.3 h1:k1UY+KXfkxV2ScEL3gilKcF7761xkYsSD6BC9szIu8s= +k8s.io/client-go v0.26.3/go.mod h1:ZPNu9lm8/dbRIPAgteN30RSXea6vrCpFvq+MateTUuQ= +k8s.io/component-base v0.26.3 h1:oC0WMK/ggcbGDTkdcqefI4wIZRYdK3JySx9/HADpV0g= +k8s.io/component-base v0.26.3/go.mod h1:5kj1kZYwSC6ZstHJN7oHBqcJC6yyn41eR+Sqa/mQc8E= k8s.io/gengo v0.0.0-20230306165830-ab3349d207d4 h1:aClvVG6GbX10ISHcc24J+tqbr0S7fEe1MWkFJ7cWWCI= k8s.io/gengo v0.0.0-20230306165830-ab3349d207d4/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kms v0.26.2 h1:GM1gg3tFK3OUU/QQFi93yGjG3lJT8s8l3Wkn2+VxBLM= -k8s.io/kms v0.26.2/go.mod h1:69qGnf1NsFOQP07fBYqNLZklqEHSJF024JqYCaeVxHg= -k8s.io/kube-aggregator v0.26.2 h1:WtcLGisa5aCKBbBI1/Xe7gdjPlVb5Xhvs4a8Rdk8EXs= -k8s.io/kube-aggregator v0.26.2/go.mod h1:swDTw0k/XghVLR+PCWnP6Y36wR2+DsqL2HUVq8eu0RI= +k8s.io/kms v0.26.3 h1:+rC4BMeMBkH5hrfZt9WFMRrs2m3vY2rXymisNactcTY= +k8s.io/kms v0.26.3/go.mod h1:69qGnf1NsFOQP07fBYqNLZklqEHSJF024JqYCaeVxHg= +k8s.io/kube-aggregator v0.26.3 h1:nc4H5ymGkWPU3c9U9UM468JcmNENY/s/mDYVW3t3uRo= +k8s.io/kube-aggregator v0.26.3/go.mod h1:SgBESB/+PfZAyceTPIanfQ7GtX9G/+mjfUbTHg3Twbo= k8s.io/kube-openapi v0.0.0-20230307230338-69ee2d25a840 h1:1Q4XWtrQQh04ZweCpL7aMNYafFMoPEiST4dl5b4PmYw= k8s.io/kube-openapi v0.0.0-20230307230338-69ee2d25a840/go.mod h1:y5VtZWM9sHHc2ZodIH/6SHzXj+TPU5USoA8lcIeKEKY= k8s.io/utils v0.0.0-20230313181309-38a27ef9d749 h1:xMMXJlJbsU8w3V5N2FLDQ8YgU8s1EoULdbQBcAeNJkY= @@ -1206,8 +1206,8 @@ k8s.io/utils v0.0.0-20230313181309-38a27ef9d749/go.mod h1:OLgZIPagt7ERELqWJFomSt rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35 h1:+xBL5uTc+BkPBwmMi3vYfUJjq+N3K+H6PXeETwf5cPI= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35/go.mod h1:WxjusMwXlKzfAs4p9km6XJRndVt2FROgMVCE4cdohFo= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 h1:PUuX1qIFv309AT8hF/CdPKDmsG/hn/L8zRX7VvISM3A= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36/go.mod h1:WxjusMwXlKzfAs4p9km6XJRndVt2FROgMVCE4cdohFo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= diff --git a/hack/update-go-mod/go.mod b/hack/update-go-mod/go.mod index d518b1b2..f487e0ad 100644 --- a/hack/update-go-mod/go.mod +++ b/hack/update-go-mod/go.mod @@ -2,4 +2,4 @@ module go.pinniped.dev/update-go-mod go 1.19 -require golang.org/x/mod v0.8.0 +require golang.org/x/mod v0.9.0 diff --git a/hack/update-go-mod/go.sum b/hack/update-go-mod/go.sum index 083110b4..54b6b68c 100644 --- a/hack/update-go-mod/go.sum +++ b/hack/update-go-mod/go.sum @@ -1,2 +1,2 @@ -golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs= +golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= From 1699a9995e1bf40eaa518753eab5f640fdb53186 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Mon, 20 Mar 2023 11:00:42 -0500 Subject: [PATCH 09/17] Update generated K8s API files --- generated/1.24/apis/go.mod | 4 ++-- generated/1.24/apis/go.sum | 8 ++++---- generated/1.24/client/go.mod | 4 ++-- generated/1.24/client/go.sum | 12 ++++++------ generated/1.25/apis/go.mod | 4 ++-- generated/1.25/apis/go.sum | 8 ++++---- generated/1.25/client/go.mod | 4 ++-- generated/1.25/client/go.sum | 12 ++++++------ generated/1.26/apis/go.mod | 4 ++-- generated/1.26/apis/go.sum | 8 ++++---- .../client/concierge/openapi/zz_generated.openapi.go | 2 +- generated/1.26/client/go.mod | 4 ++-- generated/1.26/client/go.sum | 12 ++++++------ .../client/concierge/openapi/zz_generated.openapi.go | 2 +- hack/lib/kube-versions.txt | 6 +++--- 15 files changed, 47 insertions(+), 47 deletions(-) diff --git a/generated/1.24/apis/go.mod b/generated/1.24/apis/go.mod index 0bad8ff1..42145c8e 100644 --- a/generated/1.24/apis/go.mod +++ b/generated/1.24/apis/go.mod @@ -4,6 +4,6 @@ module go.pinniped.dev/generated/1.24/apis go 1.13 require ( - k8s.io/api v0.24.11 - k8s.io/apimachinery v0.24.11 + k8s.io/api v0.24.12 + k8s.io/apimachinery v0.24.12 ) diff --git a/generated/1.24/apis/go.sum b/generated/1.24/apis/go.sum index 6e9864e0..e540a007 100644 --- a/generated/1.24/apis/go.sum +++ b/generated/1.24/apis/go.sum @@ -232,10 +232,10 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.24.11 h1:fyKC53FxEbRpd7sn4Z/T8HIBVChIN+7FgtiKMe3qmX8= -k8s.io/api v0.24.11/go.mod h1:YH1vQls490acgEr/bfoQSsu1wqmAUif6TsJ2/JBsmXk= -k8s.io/apimachinery v0.24.11 h1:Iv6uO3O4wDCN93p/ehg2u3/Y6q1fti43zgJmAy9DVvs= -k8s.io/apimachinery v0.24.11/go.mod h1:Yg8GIoNnVG9af59MrlKMm4Unsw3EBj+MfEBvfSid2/4= +k8s.io/api v0.24.12 h1:Ksw4BtqjN8IZaUMLsLCZsget/RfBgHXYmahscAqobd8= +k8s.io/api v0.24.12/go.mod h1:hR/v44Wm3fe/pLCaPpREMZ55ZJB/sX8ROv9HpiuKAxM= +k8s.io/apimachinery v0.24.12 h1:S6jCrT+2FWhG9aGl6jue+7rywlRO8f+XpkhmlQ8aV5I= +k8s.io/apimachinery v0.24.12/go.mod h1:Yg8GIoNnVG9af59MrlKMm4Unsw3EBj+MfEBvfSid2/4= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= diff --git a/generated/1.24/client/go.mod b/generated/1.24/client/go.mod index 169381b7..e0c3feac 100644 --- a/generated/1.24/client/go.mod +++ b/generated/1.24/client/go.mod @@ -5,8 +5,8 @@ go 1.13 require ( go.pinniped.dev/generated/1.24/apis v0.0.0 - k8s.io/apimachinery v0.24.11 - k8s.io/client-go v0.24.11 + k8s.io/apimachinery v0.24.12 + k8s.io/client-go v0.24.12 k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 ) diff --git a/generated/1.24/client/go.sum b/generated/1.24/client/go.sum index 9f97fff2..d955f1af 100644 --- a/generated/1.24/client/go.sum +++ b/generated/1.24/client/go.sum @@ -622,12 +622,12 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.24.11 h1:fyKC53FxEbRpd7sn4Z/T8HIBVChIN+7FgtiKMe3qmX8= -k8s.io/api v0.24.11/go.mod h1:YH1vQls490acgEr/bfoQSsu1wqmAUif6TsJ2/JBsmXk= -k8s.io/apimachinery v0.24.11 h1:Iv6uO3O4wDCN93p/ehg2u3/Y6q1fti43zgJmAy9DVvs= -k8s.io/apimachinery v0.24.11/go.mod h1:Yg8GIoNnVG9af59MrlKMm4Unsw3EBj+MfEBvfSid2/4= -k8s.io/client-go v0.24.11 h1:Rzh2y3pAzquiKXOIw6Gb7JKQEIagkgt4/WJ4xhymOl4= -k8s.io/client-go v0.24.11/go.mod h1:siv8qBAK/AOperwUM0E6poDMTfByCORycs5C+JmIMrA= +k8s.io/api v0.24.12 h1:Ksw4BtqjN8IZaUMLsLCZsget/RfBgHXYmahscAqobd8= +k8s.io/api v0.24.12/go.mod h1:hR/v44Wm3fe/pLCaPpREMZ55ZJB/sX8ROv9HpiuKAxM= +k8s.io/apimachinery v0.24.12 h1:S6jCrT+2FWhG9aGl6jue+7rywlRO8f+XpkhmlQ8aV5I= +k8s.io/apimachinery v0.24.12/go.mod h1:Yg8GIoNnVG9af59MrlKMm4Unsw3EBj+MfEBvfSid2/4= +k8s.io/client-go v0.24.12 h1:i38g1SL83zs4CBCY9vQqtBfx+evsghBoBGz5u6lwtKs= +k8s.io/client-go v0.24.12/go.mod h1:yY5hsSExZV2ZWwBANP/eBhB3SorSf0nkADD7/KYgPmU= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= diff --git a/generated/1.25/apis/go.mod b/generated/1.25/apis/go.mod index 47609f2b..9a76d025 100644 --- a/generated/1.25/apis/go.mod +++ b/generated/1.25/apis/go.mod @@ -4,6 +4,6 @@ module go.pinniped.dev/generated/1.25/apis go 1.13 require ( - k8s.io/api v0.25.7 - k8s.io/apimachinery v0.25.7 + k8s.io/api v0.25.8 + k8s.io/apimachinery v0.25.8 ) diff --git a/generated/1.25/apis/go.sum b/generated/1.25/apis/go.sum index 4fc8ca02..8c1a50cc 100644 --- a/generated/1.25/apis/go.sum +++ b/generated/1.25/apis/go.sum @@ -251,10 +251,10 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.25.7 h1:r+J8U7CPhPNNTvyow1yw6IzdLt6nBCvPQEW8Cdglep8= -k8s.io/api v0.25.7/go.mod h1:9epkK0wROSVQJKaKW3eY/thGtfbILsLqweTq99qKynk= -k8s.io/apimachinery v0.25.7 h1:kDtoW8uvDkwKc9Lq2sablqWTMZUloRjJVZWURFrdAiI= -k8s.io/apimachinery v0.25.7/go.mod h1:ZTl0drTQaFi5gMM3snYI5tWV1XJmRH1gfnDx2QCLsxk= +k8s.io/api v0.25.8 h1:pcbnWkCcmjNhp6OEKqR+ojO0CJydpOOw7WiWedjLJAU= +k8s.io/api v0.25.8/go.mod h1:FaJqAtI13XOERtpLOQTkW3SiSf0lqsUohYqaxCyHI18= +k8s.io/apimachinery v0.25.8 h1:c4kI9xm0U5nid8sBpBvM+2VHlv4Af8KnbhZIodZF/54= +k8s.io/apimachinery v0.25.8/go.mod h1:ZTl0drTQaFi5gMM3snYI5tWV1XJmRH1gfnDx2QCLsxk= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= diff --git a/generated/1.25/client/go.mod b/generated/1.25/client/go.mod index 2fe7f21b..d9f8470b 100644 --- a/generated/1.25/client/go.mod +++ b/generated/1.25/client/go.mod @@ -5,8 +5,8 @@ go 1.13 require ( go.pinniped.dev/generated/1.25/apis v0.0.0 - k8s.io/apimachinery v0.25.7 - k8s.io/client-go v0.25.7 + k8s.io/apimachinery v0.25.8 + k8s.io/client-go v0.25.8 k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 ) diff --git a/generated/1.25/client/go.sum b/generated/1.25/client/go.sum index 2a598bea..2121732c 100644 --- a/generated/1.25/client/go.sum +++ b/generated/1.25/client/go.sum @@ -713,12 +713,12 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.25.7 h1:r+J8U7CPhPNNTvyow1yw6IzdLt6nBCvPQEW8Cdglep8= -k8s.io/api v0.25.7/go.mod h1:9epkK0wROSVQJKaKW3eY/thGtfbILsLqweTq99qKynk= -k8s.io/apimachinery v0.25.7 h1:kDtoW8uvDkwKc9Lq2sablqWTMZUloRjJVZWURFrdAiI= -k8s.io/apimachinery v0.25.7/go.mod h1:ZTl0drTQaFi5gMM3snYI5tWV1XJmRH1gfnDx2QCLsxk= -k8s.io/client-go v0.25.7 h1:yERmM57CweHC13+wRek/LjScnL5kw6EnVvjoGwS6F7Y= -k8s.io/client-go v0.25.7/go.mod h1:+msAWrAey/u++r/ij0HISJs3QA+RrqXsIa/LqBAT23o= +k8s.io/api v0.25.8 h1:pcbnWkCcmjNhp6OEKqR+ojO0CJydpOOw7WiWedjLJAU= +k8s.io/api v0.25.8/go.mod h1:FaJqAtI13XOERtpLOQTkW3SiSf0lqsUohYqaxCyHI18= +k8s.io/apimachinery v0.25.8 h1:c4kI9xm0U5nid8sBpBvM+2VHlv4Af8KnbhZIodZF/54= +k8s.io/apimachinery v0.25.8/go.mod h1:ZTl0drTQaFi5gMM3snYI5tWV1XJmRH1gfnDx2QCLsxk= +k8s.io/client-go v0.25.8 h1:PruqsI6qccbowI5wjeNosyE1BiKViChRWVOvCZtYnXY= +k8s.io/client-go v0.25.8/go.mod h1:Wiu5CQCaOqWugLrdvl04HK90P0QMc4oxQ3BXoJGjD+A= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= diff --git a/generated/1.26/apis/go.mod b/generated/1.26/apis/go.mod index dd5ea1c8..9436c895 100644 --- a/generated/1.26/apis/go.mod +++ b/generated/1.26/apis/go.mod @@ -4,6 +4,6 @@ module go.pinniped.dev/generated/1.26/apis go 1.13 require ( - k8s.io/api v0.26.2 - k8s.io/apimachinery v0.26.2 + k8s.io/api v0.26.3 + k8s.io/apimachinery v0.26.3 ) diff --git a/generated/1.26/apis/go.sum b/generated/1.26/apis/go.sum index 0e82547b..d76b952a 100644 --- a/generated/1.26/apis/go.sum +++ b/generated/1.26/apis/go.sum @@ -262,10 +262,10 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ= -k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU= -k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ= -k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= +k8s.io/api v0.26.3 h1:emf74GIQMTik01Aum9dPP0gAypL8JTLl/lHa4V9RFSU= +k8s.io/api v0.26.3/go.mod h1:PXsqwPMXBSBcL1lJ9CYDKy7kIReUydukS5JiRlxC3qE= +k8s.io/apimachinery v0.26.3 h1:dQx6PNETJ7nODU3XPtrwkfuubs6w7sX0M8n61zHIV/k= +k8s.io/apimachinery v0.26.3/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= diff --git a/generated/1.26/client/concierge/openapi/zz_generated.openapi.go b/generated/1.26/client/concierge/openapi/zz_generated.openapi.go index a2545e6a..9a909adc 100644 --- a/generated/1.26/client/concierge/openapi/zz_generated.openapi.go +++ b/generated/1.26/client/concierge/openapi/zz_generated.openapi.go @@ -10116,7 +10116,7 @@ func schema_k8sio_api_core_v1_ResourceRequirements(ref common.ReferenceCallback) }, }, SchemaProps: spec.SchemaProps{ - Description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable.", + Description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ diff --git a/generated/1.26/client/go.mod b/generated/1.26/client/go.mod index 3acaecb1..9e2f0e13 100644 --- a/generated/1.26/client/go.mod +++ b/generated/1.26/client/go.mod @@ -5,8 +5,8 @@ go 1.13 require ( go.pinniped.dev/generated/1.26/apis v0.0.0 - k8s.io/apimachinery v0.26.2 - k8s.io/client-go v0.26.2 + k8s.io/apimachinery v0.26.3 + k8s.io/client-go v0.26.3 k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 ) diff --git a/generated/1.26/client/go.sum b/generated/1.26/client/go.sum index 0a12c08c..db6a4fe5 100644 --- a/generated/1.26/client/go.sum +++ b/generated/1.26/client/go.sum @@ -556,12 +556,12 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ= -k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU= -k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ= -k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= -k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI= -k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU= +k8s.io/api v0.26.3 h1:emf74GIQMTik01Aum9dPP0gAypL8JTLl/lHa4V9RFSU= +k8s.io/api v0.26.3/go.mod h1:PXsqwPMXBSBcL1lJ9CYDKy7kIReUydukS5JiRlxC3qE= +k8s.io/apimachinery v0.26.3 h1:dQx6PNETJ7nODU3XPtrwkfuubs6w7sX0M8n61zHIV/k= +k8s.io/apimachinery v0.26.3/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= +k8s.io/client-go v0.26.3 h1:k1UY+KXfkxV2ScEL3gilKcF7761xkYsSD6BC9szIu8s= +k8s.io/client-go v0.26.3/go.mod h1:ZPNu9lm8/dbRIPAgteN30RSXea6vrCpFvq+MateTUuQ= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= diff --git a/generated/latest/client/concierge/openapi/zz_generated.openapi.go b/generated/latest/client/concierge/openapi/zz_generated.openapi.go index a9a87181..c56fbcc6 100644 --- a/generated/latest/client/concierge/openapi/zz_generated.openapi.go +++ b/generated/latest/client/concierge/openapi/zz_generated.openapi.go @@ -10116,7 +10116,7 @@ func schema_k8sio_api_core_v1_ResourceRequirements(ref common.ReferenceCallback) }, }, SchemaProps: spec.SchemaProps{ - Description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable.", + Description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ diff --git a/hack/lib/kube-versions.txt b/hack/lib/kube-versions.txt index 2ce34238..6d416aa0 100644 --- a/hack/lib/kube-versions.txt +++ b/hack/lib/kube-versions.txt @@ -1,6 +1,6 @@ -1.26.2 -1.25.7 -1.24.11 +1.26.3 +1.25.8 +1.24.12 1.23.17 1.22.17 1.21.14 From 2ba378904d3cd424e986db393bc721f87aced446 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Tue, 28 Mar 2023 15:15:27 -0500 Subject: [PATCH 10/17] Bump dependencies to latest Signed-off-by: Joshua T Casey --- go.mod | 2 +- hack/update-go-mod/update-go-mod.sh | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 53c4efef..73b262c4 100644 --- a/go.mod +++ b/go.mod @@ -52,7 +52,7 @@ require ( k8s.io/gengo v0.0.0-20230306165830-ab3349d207d4 k8s.io/klog/v2 v2.90.1 k8s.io/kube-aggregator v0.26.3 - k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a + k8s.io/kube-openapi v0.0.0-20230327201221-f5883ff37f0c k8s.io/utils v0.0.0-20230313181309-38a27ef9d749 sigs.k8s.io/yaml v1.3.0 ) diff --git a/hack/update-go-mod/update-go-mod.sh b/hack/update-go-mod/update-go-mod.sh index 7abde96c..75ea7890 100755 --- a/hack/update-go-mod/update-go-mod.sh +++ b/hack/update-go-mod/update-go-mod.sh @@ -6,9 +6,14 @@ set -euo pipefail SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +ROOT_DIR="$SCRIPT_DIR/../.." -GO_MOD="${SCRIPT_DIR}/../../go.mod" +GO_MOD="${ROOT_DIR}/go.mod" pushd "${SCRIPT_DIR}" > /dev/null - go run . "${GO_MOD}" + script=$(go run . "${GO_MOD}") +popd > /dev/null + +pushd "${ROOT_DIR}" > /dev/null + eval "$script" popd > /dev/null From d659b90e19990b77fd28000203a11d9b03ebc118 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Wed, 29 Mar 2023 13:55:00 -0700 Subject: [PATCH 11/17] `pinniped get kubeconfig` discovers support for username/groups scopes --- cmd/pinniped/cmd/kubeconfig.go | 93 ++++- cmd/pinniped/cmd/kubeconfig_test.go | 520 +++++++++++++++++++++------- pkg/oidcclient/login.go | 14 +- 3 files changed, 474 insertions(+), 153 deletions(-) diff --git a/cmd/pinniped/cmd/kubeconfig.go b/cmd/pinniped/cmd/kubeconfig.go index e4e73f61..9e4a53b5 100644 --- a/cmd/pinniped/cmd/kubeconfig.go +++ b/cmd/pinniped/cmd/kubeconfig.go @@ -23,6 +23,7 @@ import ( _ "k8s.io/client-go/plugin/pkg/client/auth" // Adds handlers for various dynamic auth plugins in client-go "k8s.io/client-go/tools/clientcmd" clientcmdapi "k8s.io/client-go/tools/clientcmd/api" + "k8s.io/utils/strings/slices" conciergev1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1" @@ -97,6 +98,11 @@ type getKubeconfigParams struct { installHint string } +type discoveryResponseScopesSupported struct { + // Same as ScopesSupported in the Supervisor's discovery handler's struct. + ScopesSupported []string `json:"scopes_supported"` +} + func kubeconfigCommand(deps kubeconfigDeps) *cobra.Command { var ( cmd = &cobra.Command{ @@ -232,11 +238,9 @@ func runGetKubeconfig(ctx context.Context, out io.Writer, deps kubeconfigDeps, f cluster.CertificateAuthorityData = flags.concierge.caBundle } - // If there is an issuer, and if any upstream IDP flags are not already set, then try to discover Supervisor upstream IDP details. - // When all the upstream IDP flags are set by the user, then skip discovery and don't validate their input. Maybe they know something - // that we can't know, like the name of an IDP that they are going to define in the future. - if len(flags.oidc.issuer) > 0 && (flags.oidc.upstreamIDPType == "" || flags.oidc.upstreamIDPName == "" || flags.oidc.upstreamIDPFlow == "") { - if err := discoverSupervisorUpstreamIDP(ctx, &flags, deps.log); err != nil { + if len(flags.oidc.issuer) > 0 { + err = pinnipedSupervisorDiscovery(ctx, &flags, deps.log) + if err != nil { return err } } @@ -733,21 +737,75 @@ func hasPendingStrategy(credentialIssuer *configv1alpha1.CredentialIssuer) bool return false } -func discoverSupervisorUpstreamIDP(ctx context.Context, flags *getKubeconfigParams, log plog.MinLogger) error { - httpClient, err := newDiscoveryHTTPClient(flags.oidc.caBundle) +func pinnipedSupervisorDiscovery(ctx context.Context, flags *getKubeconfigParams, log plog.MinLogger) error { + // Make a client suitable for calling the provider, which may or may not be a Pinniped Supervisor. + oidcProviderHTTPClient, err := newDiscoveryHTTPClient(flags.oidc.caBundle) if err != nil { return err } - pinnipedIDPsEndpoint, err := discoverIDPsDiscoveryEndpointURL(ctx, flags.oidc.issuer, httpClient) + // Call the provider's discovery endpoint, but don't parse the results yet. + discoveredProvider, err := discoverOIDCProvider(ctx, flags.oidc.issuer, oidcProviderHTTPClient) + if err != nil { + return err + } + + // Parse the discovery response to find the Supervisor IDP discovery endpoint. + pinnipedIDPsEndpoint, err := discoverIDPsDiscoveryEndpointURL(discoveredProvider) if err != nil { return err } if pinnipedIDPsEndpoint == "" { // The issuer is not advertising itself as a Pinniped Supervisor which supports upstream IDP discovery. + // Since this field is not present, then assume that the provider is not a Pinniped Supervisor. This field + // was added to the discovery response in v0.9.0, which is so long ago that we can assume there are no such + // old Supervisors in the wild which need to work with this CLI command anymore. Since the issuer is not a + // Supervisor, then there is no need to do the rest of the Supervisor-specific business logic below related + // to username/groups scopes or IDP types/names/flows. return nil } + // Now that we know that the provider is a Supervisor, perform an additional check based on its response. + // The username and groups scopes were added to the Supervisor in v0.20.0, and were also added to the + // "scopes_supported" field in the discovery response in that same version. If this CLI command is talking + // to an older Supervisor, then remove the username and groups scopes from the list of requested scopes + // since they will certainly cause an error from the old Supervisor during authentication. + supervisorSupportsBothUsernameAndGroupsScopes, err := discoverScopesSupportedIncludesBothUsernameAndGroups(discoveredProvider) + if err != nil { + return err + } + if !supervisorSupportsBothUsernameAndGroupsScopes { + flags.oidc.scopes = slices.Filter(nil, flags.oidc.scopes, func(scope string) bool { + if scope == oidcapi.ScopeUsername || scope == oidcapi.ScopeGroups { + log.Info("removed scope from --oidc-scopes list because it is not supported by this Supervisor", "scope", scope) + return false // Remove username and groups scopes if there were present in the flags. + } + return true // Keep any other scopes in the flag list. + }) + } + + // If any upstream IDP flags are not already set, then try to discover Supervisor upstream IDP details. + // When all the upstream IDP flags are set by the user, then skip discovery and don't validate their input. + // Maybe they know something that we can't know, like the name of an IDP that they are going to define in the + // future. + if flags.oidc.upstreamIDPType == "" || flags.oidc.upstreamIDPName == "" || flags.oidc.upstreamIDPFlow == "" { + if err := discoverSupervisorUpstreamIDP(ctx, pinnipedIDPsEndpoint, oidcProviderHTTPClient, flags, log); err != nil { + return err + } + } + + return nil +} + +func discoverOIDCProvider(ctx context.Context, issuer string, httpClient *http.Client) (*coreosoidc.Provider, error) { + discoveredProvider, err := coreosoidc.NewProvider(coreosoidc.ClientContext(ctx, httpClient), issuer) + if err != nil { + return nil, fmt.Errorf("while fetching OIDC discovery data from issuer: %w", err) + } + return discoveredProvider, nil +} + +func discoverSupervisorUpstreamIDP(ctx context.Context, pinnipedIDPsEndpoint string, httpClient *http.Client, flags *getKubeconfigParams, log plog.MinLogger) error { discoveredUpstreamIDPs, err := discoverAllAvailableSupervisorUpstreamIDPs(ctx, pinnipedIDPsEndpoint, httpClient) if err != nil { return err @@ -787,21 +845,24 @@ func newDiscoveryHTTPClient(caBundleFlag caBundleFlag) (*http.Client, error) { return phttp.Default(rootCAs), nil } -func discoverIDPsDiscoveryEndpointURL(ctx context.Context, issuer string, httpClient *http.Client) (string, error) { - discoveredProvider, err := coreosoidc.NewProvider(coreosoidc.ClientContext(ctx, httpClient), issuer) - if err != nil { - return "", fmt.Errorf("while fetching OIDC discovery data from issuer: %w", err) - } - +func discoverIDPsDiscoveryEndpointURL(discoveredProvider *coreosoidc.Provider) (string, error) { var body idpdiscoveryv1alpha1.OIDCDiscoveryResponse - err = discoveredProvider.Claims(&body) + err := discoveredProvider.Claims(&body) if err != nil { return "", fmt.Errorf("while fetching OIDC discovery data from issuer: %w", err) } - return body.SupervisorDiscovery.PinnipedIDPsEndpoint, nil } +func discoverScopesSupportedIncludesBothUsernameAndGroups(discoveredProvider *coreosoidc.Provider) (bool, error) { + var body discoveryResponseScopesSupported + err := discoveredProvider.Claims(&body) + if err != nil { + return false, fmt.Errorf("while fetching OIDC discovery data from issuer: %w", err) + } + return slices.Contains(body.ScopesSupported, oidcapi.ScopeUsername) && slices.Contains(body.ScopesSupported, oidcapi.ScopeGroups), nil +} + func discoverAllAvailableSupervisorUpstreamIDPs(ctx context.Context, pinnipedIDPsEndpoint string, httpClient *http.Client) ([]idpdiscoveryv1alpha1.PinnipedIDP, error) { request, err := http.NewRequestWithContext(ctx, http.MethodGet, pinnipedIDPsEndpoint, nil) if err != nil { diff --git a/cmd/pinniped/cmd/kubeconfig_test.go b/cmd/pinniped/cmd/kubeconfig_test.go index eb629849..ca8b762c 100644 --- a/cmd/pinniped/cmd/kubeconfig_test.go +++ b/cmd/pinniped/cmd/kubeconfig_test.go @@ -81,6 +81,7 @@ func TestGetKubeconfig(t *testing.T) { "discovery.supervisor.pinniped.dev/v1alpha1": { "pinniped_identity_providers_endpoint": "%s/v1alpha1/pinniped_identity_providers" }, + "scopes_supported": ["openid", "offline_access", "pinniped:request-audience", "username", "groups"], "another-key": "another-value" }`, issuerURL, issuerURL) } @@ -1086,7 +1087,8 @@ func TestGetKubeconfig(t *testing.T) { "issuer": "%s", "discovery.supervisor.pinniped.dev/v1alpha1": { "pinniped_identity_providers_endpoint": "https%%://illegal_url" - } + }, + "scopes_supported": ["openid", "offline_access", "pinniped:request-audience", "username", "groups"] }`, issuerURL) }, wantLogs: func(issuerCABundle string, issuerURL string) []string { @@ -1369,7 +1371,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, issuerURL, @@ -1406,41 +1408,41 @@ func TestGetKubeconfig(t *testing.T) { }, wantStdout: func(issuerCABundle string, issuerURL string) string { return here.Doc(` - apiVersion: v1 - clusters: - - cluster: - certificate-authority-data: ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== - server: https://fake-server-url-value - name: kind-cluster-pinniped - contexts: - - context: - cluster: kind-cluster-pinniped - user: kind-user-pinniped - name: kind-context-pinniped - current-context: kind-context-pinniped - kind: Config - preferences: {} - users: - - name: kind-user-pinniped - user: - exec: - apiVersion: client.authentication.k8s.io/v1beta1 - args: - - login - - static - - --enable-concierge - - --concierge-api-group-suffix=pinniped.dev - - --concierge-authenticator-name=test-authenticator - - --concierge-authenticator-type=webhook - - --concierge-endpoint=https://fake-server-url-value - - --concierge-ca-bundle-data=ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== - - --token=test-token - command: '.../path/to/pinniped' - env: [] - installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details - provideClusterInfo: true - `) + apiVersion: v1 + clusters: + - cluster: + certificate-authority-data: ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== + server: https://fake-server-url-value + name: kind-cluster-pinniped + contexts: + - context: + cluster: kind-cluster-pinniped + user: kind-user-pinniped + name: kind-context-pinniped + current-context: kind-context-pinniped + kind: Config + preferences: {} + users: + - name: kind-user-pinniped + user: + exec: + apiVersion: client.authentication.k8s.io/v1beta1 + args: + - login + - static + - --enable-concierge + - --concierge-api-group-suffix=pinniped.dev + - --concierge-authenticator-name=test-authenticator + - --concierge-authenticator-type=webhook + - --concierge-endpoint=https://fake-server-url-value + - --concierge-ca-bundle-data=ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== + - --token=test-token + command: '.../path/to/pinniped' + env: [] + installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli + for more details + provideClusterInfo: true + `) }, }, { @@ -1470,42 +1472,42 @@ func TestGetKubeconfig(t *testing.T) { }, wantStdout: func(issuerCABundle string, issuerURL string) string { return here.Doc(` - apiVersion: v1 - clusters: - - cluster: - certificate-authority-data: ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== - server: https://fake-server-url-value - name: kind-cluster-pinniped - contexts: - - context: - cluster: kind-cluster-pinniped - user: kind-user-pinniped - name: kind-context-pinniped - current-context: kind-context-pinniped - kind: Config - preferences: {} - users: - - name: kind-user-pinniped - user: - exec: - apiVersion: client.authentication.k8s.io/v1beta1 - args: - - login - - static - - --enable-concierge - - --concierge-api-group-suffix=pinniped.dev - - --concierge-authenticator-name=test-authenticator - - --concierge-authenticator-type=webhook - - --concierge-endpoint=https://fake-server-url-value - - --concierge-ca-bundle-data=ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== - - --credential-cache= - - --token-env=TEST_TOKEN - command: '.../path/to/pinniped' - env: [] - installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details - provideClusterInfo: true - `) + apiVersion: v1 + clusters: + - cluster: + certificate-authority-data: ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== + server: https://fake-server-url-value + name: kind-cluster-pinniped + contexts: + - context: + cluster: kind-cluster-pinniped + user: kind-user-pinniped + name: kind-context-pinniped + current-context: kind-context-pinniped + kind: Config + preferences: {} + users: + - name: kind-user-pinniped + user: + exec: + apiVersion: client.authentication.k8s.io/v1beta1 + args: + - login + - static + - --enable-concierge + - --concierge-api-group-suffix=pinniped.dev + - --concierge-authenticator-name=test-authenticator + - --concierge-authenticator-type=webhook + - --concierge-endpoint=https://fake-server-url-value + - --concierge-ca-bundle-data=ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== + - --credential-cache= + - --token-env=TEST_TOKEN + command: '.../path/to/pinniped' + env: [] + installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli + for more details + provideClusterInfo: true + `) }, }, { @@ -1573,7 +1575,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, issuerURL, @@ -1659,7 +1661,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, base64.StdEncoding.EncodeToString(testConciergeCA.Bundle()), @@ -1772,7 +1774,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, base64.StdEncoding.EncodeToString(testConciergeCA.Bundle()), @@ -1881,7 +1883,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, issuerURL, @@ -1960,7 +1962,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, issuerURL, @@ -2039,7 +2041,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, issuerURL, @@ -2114,7 +2116,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, issuerURL, @@ -2187,7 +2189,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, issuerURL, @@ -2267,7 +2269,272 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details + provideClusterInfo: true + `, + issuerURL, + base64.StdEncoding.EncodeToString([]byte(issuerCABundle))) + }, + }, + { + name: "IDP discovery endpoint is listed in OIDC discovery document but scopes_supported does not include username or groups, so do not request username or groups in kubeconfig's --scopes", + args: func(issuerCABundle string, issuerURL string) []string { + return []string{ + "--kubeconfig", "./testdata/kubeconfig.yaml", + "--skip-validation", + } + }, + conciergeObjects: func(issuerCABundle string, issuerURL string) []runtime.Object { + return []runtime.Object{ + credentialIssuer(), + jwtAuthenticator(issuerCABundle, issuerURL), + } + }, + oidcDiscoveryResponse: func(issuerURL string) string { + return here.Docf(`{ + "issuer": "%s", + "discovery.supervisor.pinniped.dev/v1alpha1": { + "pinniped_identity_providers_endpoint": "%s/v1alpha1/pinniped_identity_providers" + }, + "scopes_supported": ["openid", "offline_access", "pinniped:request-audience"] + }`, issuerURL, issuerURL) + }, + idpsDiscoveryResponse: here.Docf(`{ + "pinniped_identity_providers": [ + {"name": "some-oidc-idp", "type": "oidc"} + ] + }`), + wantLogs: func(issuerCABundle string, issuerURL string) []string { + return []string{ + `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, + `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, + `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, + `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, + `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, + fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), + `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, + `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `"level"=0 "msg"="removed scope from --oidc-scopes list because it is not supported by this Supervisor" "scope"="username"`, + `"level"=0 "msg"="removed scope from --oidc-scopes list because it is not supported by this Supervisor" "scope"="groups"`, + } + }, + wantStdout: func(issuerCABundle string, issuerURL string) string { + return here.Docf(` + apiVersion: v1 + clusters: + - cluster: + certificate-authority-data: ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== + server: https://fake-server-url-value + name: kind-cluster-pinniped + contexts: + - context: + cluster: kind-cluster-pinniped + user: kind-user-pinniped + name: kind-context-pinniped + current-context: kind-context-pinniped + kind: Config + preferences: {} + users: + - name: kind-user-pinniped + user: + exec: + apiVersion: client.authentication.k8s.io/v1beta1 + args: + - login + - oidc + - --enable-concierge + - --concierge-api-group-suffix=pinniped.dev + - --concierge-authenticator-name=test-authenticator + - --concierge-authenticator-type=jwt + - --concierge-endpoint=https://fake-server-url-value + - --concierge-ca-bundle-data=ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== + - --issuer=%s + - --client-id=pinniped-cli + - --scopes=offline_access,openid,pinniped:request-audience + - --ca-bundle-data=%s + - --request-audience=test-audience + - --upstream-identity-provider-name=some-oidc-idp + - --upstream-identity-provider-type=oidc + command: '.../path/to/pinniped' + env: [] + installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli + for more details + provideClusterInfo: true + `, + issuerURL, + base64.StdEncoding.EncodeToString([]byte(issuerCABundle))) + }, + }, + { + name: "IDP discovery endpoint is listed in OIDC discovery document but scopes_supported is not listed (which shouldn't really happen), so do not request username or groups in kubeconfig's --scopes", + args: func(issuerCABundle string, issuerURL string) []string { + return []string{ + "--kubeconfig", "./testdata/kubeconfig.yaml", + "--skip-validation", + } + }, + conciergeObjects: func(issuerCABundle string, issuerURL string) []runtime.Object { + return []runtime.Object{ + credentialIssuer(), + jwtAuthenticator(issuerCABundle, issuerURL), + } + }, + oidcDiscoveryResponse: func(issuerURL string) string { + return here.Docf(`{ + "issuer": "%s", + "discovery.supervisor.pinniped.dev/v1alpha1": { + "pinniped_identity_providers_endpoint": "%s/v1alpha1/pinniped_identity_providers" + } + }`, issuerURL, issuerURL) + }, + idpsDiscoveryResponse: here.Docf(`{ + "pinniped_identity_providers": [ + {"name": "some-oidc-idp", "type": "oidc"} + ] + }`), + wantLogs: func(issuerCABundle string, issuerURL string) []string { + return []string{ + `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, + `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, + `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, + `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, + `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, + fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), + `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, + `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + `"level"=0 "msg"="removed scope from --oidc-scopes list because it is not supported by this Supervisor" "scope"="username"`, + `"level"=0 "msg"="removed scope from --oidc-scopes list because it is not supported by this Supervisor" "scope"="groups"`, + } + }, + wantStdout: func(issuerCABundle string, issuerURL string) string { + return here.Docf(` + apiVersion: v1 + clusters: + - cluster: + certificate-authority-data: ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== + server: https://fake-server-url-value + name: kind-cluster-pinniped + contexts: + - context: + cluster: kind-cluster-pinniped + user: kind-user-pinniped + name: kind-context-pinniped + current-context: kind-context-pinniped + kind: Config + preferences: {} + users: + - name: kind-user-pinniped + user: + exec: + apiVersion: client.authentication.k8s.io/v1beta1 + args: + - login + - oidc + - --enable-concierge + - --concierge-api-group-suffix=pinniped.dev + - --concierge-authenticator-name=test-authenticator + - --concierge-authenticator-type=jwt + - --concierge-endpoint=https://fake-server-url-value + - --concierge-ca-bundle-data=ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== + - --issuer=%s + - --client-id=pinniped-cli + - --scopes=offline_access,openid,pinniped:request-audience + - --ca-bundle-data=%s + - --request-audience=test-audience + - --upstream-identity-provider-name=some-oidc-idp + - --upstream-identity-provider-type=oidc + command: '.../path/to/pinniped' + env: [] + installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli + for more details + provideClusterInfo: true + `, + issuerURL, + base64.StdEncoding.EncodeToString([]byte(issuerCABundle))) + }, + }, + { + name: "IDP discovery endpoint is listed in OIDC discovery document but scopes_supported does not include username or groups, and scopes username and groups were also not requested by flags", + args: func(issuerCABundle string, issuerURL string) []string { + return []string{ + "--kubeconfig", "./testdata/kubeconfig.yaml", + "--skip-validation", + "--oidc-scopes", "foo,bar,baz", + } + }, + conciergeObjects: func(issuerCABundle string, issuerURL string) []runtime.Object { + return []runtime.Object{ + credentialIssuer(), + jwtAuthenticator(issuerCABundle, issuerURL), + } + }, + oidcDiscoveryResponse: func(issuerURL string) string { + return here.Docf(`{ + "issuer": "%s", + "discovery.supervisor.pinniped.dev/v1alpha1": { + "pinniped_identity_providers_endpoint": "%s/v1alpha1/pinniped_identity_providers" + }, + "scopes_supported": ["openid", "offline_access", "pinniped:request-audience"] + }`, issuerURL, issuerURL) + }, + idpsDiscoveryResponse: here.Docf(`{ + "pinniped_identity_providers": [ + {"name": "some-oidc-idp", "type": "oidc"} + ] + }`), + wantLogs: func(issuerCABundle string, issuerURL string) []string { + return []string{ + `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, + `"level"=0 "msg"="discovered Concierge operating in TokenCredentialRequest API mode"`, + `"level"=0 "msg"="discovered Concierge endpoint" "endpoint"="https://fake-server-url-value"`, + `"level"=0 "msg"="discovered Concierge certificate authority bundle" "roots"=0`, + `"level"=0 "msg"="discovered JWTAuthenticator" "name"="test-authenticator"`, + fmt.Sprintf(`"level"=0 "msg"="discovered OIDC issuer" "issuer"="%s"`, issuerURL), + `"level"=0 "msg"="discovered OIDC audience" "audience"="test-audience"`, + `"level"=0 "msg"="discovered OIDC CA bundle" "roots"=1`, + } + }, + wantStdout: func(issuerCABundle string, issuerURL string) string { + return here.Docf(` + apiVersion: v1 + clusters: + - cluster: + certificate-authority-data: ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== + server: https://fake-server-url-value + name: kind-cluster-pinniped + contexts: + - context: + cluster: kind-cluster-pinniped + user: kind-user-pinniped + name: kind-context-pinniped + current-context: kind-context-pinniped + kind: Config + preferences: {} + users: + - name: kind-user-pinniped + user: + exec: + apiVersion: client.authentication.k8s.io/v1beta1 + args: + - login + - oidc + - --enable-concierge + - --concierge-api-group-suffix=pinniped.dev + - --concierge-authenticator-name=test-authenticator + - --concierge-authenticator-type=jwt + - --concierge-endpoint=https://fake-server-url-value + - --concierge-ca-bundle-data=ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== + - --issuer=%s + - --client-id=pinniped-cli + - --scopes=foo,bar,baz + - --ca-bundle-data=%s + - --request-audience=test-audience + - --upstream-identity-provider-name=some-oidc-idp + - --upstream-identity-provider-type=oidc + command: '.../path/to/pinniped' + env: [] + installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli + for more details provideClusterInfo: true `, issuerURL, @@ -2291,7 +2558,8 @@ func TestGetKubeconfig(t *testing.T) { jwtAuthenticator(issuerCABundle, issuerURL), } }, - oidcDiscoveryStatusCode: http.StatusNotFound, // should not get called by the client in this case + oidcDiscoveryResponse: happyOIDCDiscoveryResponse, // still called to check for support of username and groups scopes + idpsDiscoveryStatusCode: http.StatusNotFound, // should not get called by the client in this case wantLogs: func(issuerCABundle string, issuerURL string) []string { return []string{ `"level"=0 "msg"="discovered CredentialIssuer" "name"="test-credential-issuer"`, @@ -2345,7 +2613,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, issuerURL, @@ -2428,7 +2696,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, issuerURL, @@ -2486,7 +2754,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, issuerURL, @@ -2547,7 +2815,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, issuerURL, @@ -2608,7 +2876,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, issuerURL, @@ -2670,7 +2938,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, issuerURL, @@ -2733,7 +3001,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, issuerURL, @@ -2794,7 +3062,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, issuerURL, @@ -2854,7 +3122,7 @@ func TestGetKubeconfig(t *testing.T) { command: '.../path/to/pinniped' env: [] installHint: The pinniped CLI does not appear to be installed. See https://get.pinniped.dev/cli - for more details + for more details provideClusterInfo: true `, issuerURL, @@ -2888,40 +3156,40 @@ func TestGetKubeconfig(t *testing.T) { }, wantStdout: func(issuerCABundle string, issuerURL string) string { return here.Doc(` - apiVersion: v1 - clusters: - - cluster: - certificate-authority-data: ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== - server: https://fake-server-url-value - name: kind-cluster-pinniped - contexts: - - context: - cluster: kind-cluster-pinniped - user: kind-user-pinniped - name: kind-context-pinniped - current-context: kind-context-pinniped - kind: Config - preferences: {} - users: - - name: kind-user-pinniped - user: - exec: - apiVersion: client.authentication.k8s.io/v1beta1 - args: - - login - - static - - --enable-concierge - - --concierge-api-group-suffix=pinniped.dev - - --concierge-authenticator-name=test-authenticator - - --concierge-authenticator-type=webhook - - --concierge-endpoint=https://fake-server-url-value - - --concierge-ca-bundle-data=ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== - - --token=test-token - command: '.../path/to/pinniped' - env: [] - installHint: Test installHint message - provideClusterInfo: true - `) + apiVersion: v1 + clusters: + - cluster: + certificate-authority-data: ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== + server: https://fake-server-url-value + name: kind-cluster-pinniped + contexts: + - context: + cluster: kind-cluster-pinniped + user: kind-user-pinniped + name: kind-context-pinniped + current-context: kind-context-pinniped + kind: Config + preferences: {} + users: + - name: kind-user-pinniped + user: + exec: + apiVersion: client.authentication.k8s.io/v1beta1 + args: + - login + - static + - --enable-concierge + - --concierge-api-group-suffix=pinniped.dev + - --concierge-authenticator-name=test-authenticator + - --concierge-authenticator-type=webhook + - --concierge-endpoint=https://fake-server-url-value + - --concierge-ca-bundle-data=ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ== + - --token=test-token + command: '.../path/to/pinniped' + env: [] + installHint: Test installHint message + provideClusterInfo: true + `) }, }, } diff --git a/pkg/oidcclient/login.go b/pkg/oidcclient/login.go index 69ddd33f..b75f743e 100644 --- a/pkg/oidcclient/login.go +++ b/pkg/oidcclient/login.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 // Package oidcclient implements a CLI OIDC login flow. @@ -27,6 +27,7 @@ import ( "golang.org/x/oauth2" "golang.org/x/term" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/strings/slices" oidcapi "go.pinniped.dev/generated/latest/apis/supervisor/oidc" "go.pinniped.dev/internal/httputil/httperr" @@ -741,7 +742,7 @@ func (h *handlerState) initOIDCDiscovery() error { if err := h.provider.Claims(&discoveryClaims); err != nil { return fmt.Errorf("could not decode response_modes_supported in OIDC discovery from %q: %w", h.issuer, err) } - h.useFormPost = stringSliceContains(discoveryClaims.ResponseModesSupported, "form_post") + h.useFormPost = slices.Contains(discoveryClaims.ResponseModesSupported, "form_post") return nil } @@ -756,15 +757,6 @@ func validateURLUsesHTTPS(uri string, uriName string) error { return nil } -func stringSliceContains(slice []string, s string) bool { - for _, item := range slice { - if item == s { - return true - } - } - return false -} - func (h *handlerState) tokenExchangeRFC8693(baseToken *oidctypes.Token) (*oidctypes.Token, error) { h.logger.V(plog.KlogLevelDebug).Info("Pinniped: Performing RFC8693 token exchange", "requestedAudience", h.requestedAudience) // Perform OIDC discovery. This may have already been performed if there was not a cached base token. From f99ca61bba127333bdf66bc2c9aad42a637291ab Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Fri, 31 Mar 2023 10:23:58 -0700 Subject: [PATCH 12/17] Upgrade dep github.com/go-logr/logr@v1.2.3 to v1.2.4 --- go.mod | 2 +- go.sum | 4 ++-- internal/plog/plog_test.go | 24 ++++++++++++------------ 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 73b262c4..6be90c62 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/davecgh/go-spew v1.1.1 github.com/felixge/httpsnoop v1.0.3 github.com/go-ldap/ldap/v3 v3.4.4 - github.com/go-logr/logr v1.2.3 + github.com/go-logr/logr v1.2.4 github.com/go-logr/stdr v1.2.2 github.com/go-logr/zapr v1.2.3 github.com/gofrs/flock v0.8.1 diff --git a/go.sum b/go.sum index 8c40010b..ec486c59 100644 --- a/go.sum +++ b/go.sum @@ -199,8 +199,8 @@ github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KE github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= -github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A= diff --git a/internal/plog/plog_test.go b/internal/plog/plog_test.go index d66b8871..fb15bcd8 100644 --- a/internal/plog/plog_test.go +++ b/internal/plog/plog_test.go @@ -1,4 +1,4 @@ -// Copyright 2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2022-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package plog @@ -232,7 +232,7 @@ func TestPlog(t *testing.T) { testAllPlogMethods(l.withDepth(-2)) }, want: ` -{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.3/logr.go:$logr.Logger.Error","message":"e","panda":2,"error":"some err"} +{"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.4/logr.go:$logr.Logger.Error","message":"e","panda":2,"error":"some err"} {"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"plog/plog.go:$plog.pLogger.warningDepth","message":"w","warning":true,"panda":2} {"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"plog/plog.go:$plog.pLogger.warningDepth","message":"we","warning":true,"error":"some err","panda":2} {"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"plog/plog.go:$plog.pLogger.infoDepth","message":"i","panda":2} @@ -241,8 +241,8 @@ func TestPlog(t *testing.T) { {"level":"debug","timestamp":"2099-08-08T13:57:36.123456Z","caller":"plog/plog.go:$plog.pLogger.debugDepth","message":"de","error":"some err","panda":2} {"level":"trace","timestamp":"2099-08-08T13:57:36.123456Z","caller":"plog/plog.go:$plog.pLogger.traceDepth","message":"t","panda":2} {"level":"trace","timestamp":"2099-08-08T13:57:36.123456Z","caller":"plog/plog.go:$plog.pLogger.traceDepth","message":"te","error":"some err","panda":2} -{"level":"all","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.3/logr.go:$logr.Logger.Info","message":"all","panda":2} -{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.3/logr.go:$logr.Logger.Info","message":"always","panda":2} +{"level":"all","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.4/logr.go:$logr.Logger.Info","message":"all","panda":2} +{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.4/logr.go:$logr.Logger.Info","message":"always","panda":2} `, }, { @@ -252,14 +252,14 @@ func TestPlog(t *testing.T) { }, want: ` {"level":"error","timestamp":"2099-08-08T13:57:36.123456Z","caller":"zapr@v1.2.3/zapr.go:$zapr.(*zapLogger).Error","message":"e","panda":2,"error":"some err"} -{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.3/logr.go:$logr.Logger.Info","message":"w","warning":true,"panda":2} -{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.3/logr.go:$logr.Logger.Info","message":"we","warning":true,"error":"some err","panda":2} -{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.3/logr.go:$logr.Logger.Info","message":"i","panda":2} -{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.3/logr.go:$logr.Logger.Info","message":"ie","error":"some err","panda":2} -{"level":"debug","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.3/logr.go:$logr.Logger.Info","message":"d","panda":2} -{"level":"debug","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.3/logr.go:$logr.Logger.Info","message":"de","error":"some err","panda":2} -{"level":"trace","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.3/logr.go:$logr.Logger.Info","message":"t","panda":2} -{"level":"trace","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.3/logr.go:$logr.Logger.Info","message":"te","error":"some err","panda":2} +{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.4/logr.go:$logr.Logger.Info","message":"w","warning":true,"panda":2} +{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.4/logr.go:$logr.Logger.Info","message":"we","warning":true,"error":"some err","panda":2} +{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.4/logr.go:$logr.Logger.Info","message":"i","panda":2} +{"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.4/logr.go:$logr.Logger.Info","message":"ie","error":"some err","panda":2} +{"level":"debug","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.4/logr.go:$logr.Logger.Info","message":"d","panda":2} +{"level":"debug","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.4/logr.go:$logr.Logger.Info","message":"de","error":"some err","panda":2} +{"level":"trace","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.4/logr.go:$logr.Logger.Info","message":"t","panda":2} +{"level":"trace","timestamp":"2099-08-08T13:57:36.123456Z","caller":"logr@v1.2.4/logr.go:$logr.Logger.Info","message":"te","error":"some err","panda":2} {"level":"all","timestamp":"2099-08-08T13:57:36.123456Z","caller":"zapr@v1.2.3/zapr.go:$zapr.(*zapLogger).Info","message":"all","panda":2} {"level":"info","timestamp":"2099-08-08T13:57:36.123456Z","caller":"zapr@v1.2.3/zapr.go:$zapr.(*zapLogger).Info","message":"always","panda":2} `, From f7fac330f5c172bfb0ede76dc53db396575775d4 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Mon, 3 Apr 2023 10:55:37 -0700 Subject: [PATCH 13/17] Fix typo that prevented compiling with Go 1.19 --- .../tlsassertions/assertions_before_go1.20.go | 2 +- .../testutil/tlsassertions/assertions_test.go | 22 ------------------- 2 files changed, 1 insertion(+), 23 deletions(-) delete mode 100644 internal/testutil/tlsassertions/assertions_test.go diff --git a/internal/testutil/tlsassertions/assertions_before_go1.20.go b/internal/testutil/tlsassertions/assertions_before_go1.20.go index f710dba8..ce94fc07 100644 --- a/internal/testutil/tlsassertions/assertions_before_go1.20.go +++ b/internal/testutil/tlsassertions/assertions_before_go1.20.go @@ -5,6 +5,6 @@ package tlsassertions -func GetTlsErrorPrefix() string { +func GetTLSErrorPrefix() string { return "" } diff --git a/internal/testutil/tlsassertions/assertions_test.go b/internal/testutil/tlsassertions/assertions_test.go deleted file mode 100644 index 706fb21d..00000000 --- a/internal/testutil/tlsassertions/assertions_test.go +++ /dev/null @@ -1,22 +0,0 @@ -// Copyright 2023 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package tlsassertions - -import ( - "runtime" - "strings" - "testing" - - "github.com/stretchr/testify/require" -) - -func TestGetTLSErrorPrefix(t *testing.T) { - expected := "tls: failed to verify certificate: " - - if strings.Contains(runtime.Version(), "1.19") { - expected = "" - } - - require.Equal(t, expected, GetTLSErrorPrefix()) -} From a04129548f6a659f297dc3a42e3c76de513aaa64 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Mon, 3 Apr 2023 11:45:31 -0700 Subject: [PATCH 14/17] Increase some test timeouts that failed once on Kind jobs in CI --- test/integration/supervisor_oidc_client_test.go | 6 +++--- test/integration/supervisor_oidcclientsecret_test.go | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/test/integration/supervisor_oidc_client_test.go b/test/integration/supervisor_oidc_client_test.go index 382caa4c..9a80697d 100644 --- a/test/integration/supervisor_oidc_client_test.go +++ b/test/integration/supervisor_oidc_client_test.go @@ -1,4 +1,4 @@ -// Copyright 2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2022-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package integration @@ -34,7 +34,7 @@ func TestOIDCClientStaticValidation_Parallel(t *testing.T) { groupFix := strings.NewReplacer(".supervisor.pinniped.dev", ".supervisor."+env.APIGroupSuffix) errFix := strings.NewReplacer(makeErrFix(reallyOld)...) - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute) t.Cleanup(cancel) namespaceClient := adminClient.CoreV1().Namespaces() @@ -516,7 +516,7 @@ func makeErrFix(reallyOld bool) []string { func TestOIDCClientControllerValidations_Parallel(t *testing.T) { env := testlib.IntegrationEnv(t) - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute) t.Cleanup(cancel) secrets := testlib.NewKubernetesClientset(t).CoreV1().Secrets(env.SupervisorNamespace) diff --git a/test/integration/supervisor_oidcclientsecret_test.go b/test/integration/supervisor_oidcclientsecret_test.go index 0ba2c42c..753527d9 100644 --- a/test/integration/supervisor_oidcclientsecret_test.go +++ b/test/integration/supervisor_oidcclientsecret_test.go @@ -211,7 +211,7 @@ func TestKubectlOIDCClientSecretRequest_Parallel(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute) + ctx, cancel := context.WithTimeout(context.Background(), 13*time.Minute) t.Cleanup(cancel) supervisorClient := testlib.NewSupervisorClientset(t) @@ -877,7 +877,7 @@ func TestCreateOIDCClientSecretRequest_Parallel(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute) + ctx, cancel := context.WithTimeout(context.Background(), 13*time.Minute) t.Cleanup(cancel) kubeClient := testlib.NewKubernetesClientset(t) @@ -1020,7 +1020,7 @@ func prependSecret(list []string, newItem string) []string { func TestOIDCClientSecretRequestUnauthenticated_Parallel(t *testing.T) { env := testlib.IntegrationEnv(t) - ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) + ctx, cancel := context.WithTimeout(context.Background(), 3*time.Minute) t.Cleanup(cancel) client := testlib.NewAnonymousSupervisorClientset(t) From 7cd16b179c5e29b395c6b52bfb6ff5efa3ec78f5 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Mon, 3 Apr 2023 14:16:02 -0700 Subject: [PATCH 15/17] Fix integration tests to pass with Kube 1.27/1.28 pre-release builds Fix test failures that occurred in the k8s-main integration test CI job when using Kube 1.27 and 1.28 pre-release builds. --- test/integration/kube_api_discovery_test.go | 15 +++++++++++--- test/integration/rbac_test.go | 22 +++++++++++++++++---- 2 files changed, 30 insertions(+), 7 deletions(-) diff --git a/test/integration/kube_api_discovery_test.go b/test/integration/kube_api_discovery_test.go index 538e0a50..71b8219d 100644 --- a/test/integration/kube_api_discovery_test.go +++ b/test/integration/kube_api_discovery_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package integration @@ -458,10 +458,19 @@ func TestGetAPIResourceList(t *testing.T) { //nolint:gocyclo // each t.Run is pr } require.NotNilf(t, actualResourceList, "could not find groupVersion %s", groupVersion) - // Because its hard to predict the storage version hash (e.g. "t/+v41y+3e4="), we just don't - // worry about comparing that field. for i := range actualResourceList.APIResources { + // Because its hard to predict the storage version hash (e.g. "t/+v41y+3e4="), we just don't + // worry about comparing that field. actualResourceList.APIResources[i].StorageVersionHash = "" + + // These fields were empty for a long time but started to be non-empty at some Kubernetes version. + // The filled-in fields were first noticed when CI tested against a 1.27 pre-release. + // To make this test pass on all versions of Kube, just ignore these fields for now. + actualResourceList.APIResources[i].Group = "" + actualResourceList.APIResources[i].Version = "" + if strings.HasSuffix(actualResourceList.APIResources[i].Name, "/status") { + actualResourceList.APIResources[i].SingularName = "" + } } require.ElementsMatch(t, expectedResources, actualResourceList.APIResources, "unexpected API resources") } diff --git a/test/integration/rbac_test.go b/test/integration/rbac_test.go index 598efbc7..e8e01cfb 100644 --- a/test/integration/rbac_test.go +++ b/test/integration/rbac_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package integration @@ -47,9 +47,6 @@ func TestServiceAccountPermissions(t *testing.T) { // the impersonation proxy SA has the same permissions for all checks because it should only be authorized via cluster role bindings expectedResourceRules := []authorizationv1.ResourceRule{ - // system:basic-user is bound to system:authenticated by default - {Verbs: []string{"create"}, APIGroups: []string{"authorization.k8s.io"}, Resources: []string{"selfsubjectaccessreviews", "selfsubjectrulesreviews"}}, - // the expected impersonation permissions {Verbs: []string{"impersonate"}, APIGroups: []string{""}, Resources: []string{"users", "groups", "serviceaccounts"}}, {Verbs: []string{"impersonate"}, APIGroups: []string{"authentication.k8s.io"}, Resources: []string{"*"}}, @@ -59,6 +56,23 @@ func TestServiceAccountPermissions(t *testing.T) { {Verbs: []string{"create", "list"}, APIGroups: []string{"identity.concierge." + env.APIGroupSuffix}, Resources: []string{"whoamirequests"}}, } + // system:basic-user is bound to system:authenticated by default, so the SA gets these permissions too. + // See https://kubernetes.io/docs/reference/access-authn-authz/rbac/#discovery-roles. + // Note that this list previously only included "selfsubjectaccessreviews" and "selfsubjectrulesreviews", + // but later was updated in Kubernetes to also include "selfsubjectreviews". + // Rather than explicitly listing them all as expectations, dynamically append them here, so this test + // can pass against all versions of Kubernetes. + basicUserClusterRole, err := testlib.NewKubernetesClientset(t).RbacV1().ClusterRoles().Get(ctx, "system:basic-user", metav1.GetOptions{}) + require.NoError(t, err) + for _, policyRule := range basicUserClusterRole.Rules { + expectedResourceRules = append(expectedResourceRules, authorizationv1.ResourceRule{ + Verbs: policyRule.Verbs, + APIGroups: policyRule.APIGroups, + Resources: policyRule.Resources, + ResourceNames: policyRule.ResourceNames, + }) + } + if otherPinnipedGroupSuffix := getOtherPinnipedGroupSuffix(t); len(otherPinnipedGroupSuffix) > 0 { expectedResourceRules = append(expectedResourceRules, // we bind these to system:authenticated in the other instance of pinniped From 19b60fe56348a3e8f5f89d517b888bd4d83ef0a1 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Mon, 3 Apr 2023 16:22:21 -0700 Subject: [PATCH 16/17] Clarify audience value in Concierge-only auth doc, and other doc updates Also renamed a couple of integration test files to make their names more clear. --- .../docs/howto/configure-concierge-jwt.md | 93 ++++++++++++++++++- ...nfigure-supervisor-with-activedirectory.md | 2 +- ...configure-supervisor-with-jumpcloudldap.md | 2 +- .../configure-supervisor-with-openldap.md | 2 +- site/content/docs/howto/install-concierge.md | 5 + site/content/docs/howto/install-supervisor.md | 5 + ...hoami_test.go => concierge_whoami_test.go} | 2 +- ...oncierge_kubectl_test.go => smoke_test.go} | 2 +- 8 files changed, 103 insertions(+), 10 deletions(-) rename test/integration/{whoami_test.go => concierge_whoami_test.go} (99%) rename test/integration/{concierge_kubectl_test.go => smoke_test.go} (86%) diff --git a/site/content/docs/howto/configure-concierge-jwt.md b/site/content/docs/howto/configure-concierge-jwt.md index b502e5ca..ddd58dee 100644 --- a/site/content/docs/howto/configure-concierge-jwt.md +++ b/site/content/docs/howto/configure-concierge-jwt.md @@ -15,11 +15,12 @@ This guide shows you how to use this capability _without_ the Pinniped Superviso This is most useful if you have only a single cluster and want to authenticate to it via an existing OIDC provider. If you have multiple clusters, you may want to [install]({{< ref "install-supervisor" >}}) and [configure]({{< ref "configure-supervisor" >}}) the Pinniped Supervisor. -Then you can [configure the Concierge to use the Supervisor for authentication]({{< ref "configure-concierge-supervisor-jwt" >}}). +Then you can [configure the Concierge to use the Supervisor for authentication]({{< ref "configure-concierge-supervisor-jwt" >}}) +instead of following the guide below. ## Prerequisites -Before starting, you should have the [command-line tool installed]({{< ref "install-cli" >}}) locally and [Concierge running in your cluster]({{< ref "install-concierge" >}}). +Before starting, you should have the [Pinniped command-line tool installed]({{< ref "install-cli" >}}) locally and [Concierge running in your cluster]({{< ref "install-concierge" >}}). You should also have some existing OIDC issuer configuration: @@ -37,6 +38,7 @@ metadata: name: my-jwt-authenticator spec: issuer: https://my-issuer.example.com/any/path + # This audience value must be the same as your OIDC client's ID. audience: my-client-id claims: username: email @@ -60,6 +62,9 @@ pinniped get kubeconfig \ > my-cluster.yaml ``` +Note that the value for the `--oidc-client-id` flag must be your OIDC client's ID, which must also be the same +value declared as the `audience` in the JWTAuthenticator. + This creates a kubeconfig YAML file `my-cluster.yaml` that targets your JWTAuthenticator using `pinniped login oidc` as an [ExecCredential plugin](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins). It should look something like below: @@ -126,6 +131,82 @@ You should see: --user my-username@example.com ``` +## Including group membership + +If your OIDC provider supports adding user group memberships as a claim in the ID tokens, then you can +use Pinniped to transmit those group memberships into Kubernetes. + +For example, one popular OIDC provider can include group memberships in an ID token claim called `groups`, +if the client requests the scope called `groups` at authorization time. + +Unfortunately, each OIDC provider handles scopes a little differently, so please refer to your provider's documentation +to see if it is possible for the provider to add group membership information to the ID token. + +### Update the JWTAuthenticator + +Update the JWTAuthenticator to describe the name of the ID token claim where groups names will reside: + +```yaml +apiVersion: authentication.concierge.pinniped.dev/v1alpha1 +kind: JWTAuthenticator +metadata: + name: my-jwt-authenticator +spec: + issuer: https://my-issuer.example.com/any/path + audience: my-client-id + claims: + username: email + # Tell the JWTAuthenticator the name of the ID token claim + # where groups names will reside. For example, the name of + # the ID token claim is "groups", then set it as the value + # here. The name of this key is always "groups". + groups: groups +``` + +If you've saved this into a file `my-jwt-authenticator.yaml`, then update it into your cluster using: + +```sh +kubectl apply -f my-jwt-authenticator.yaml +``` + +### Generate an updated kubeconfig file + +Generate a kubeconfig file to target the updated JWTAuthenticator. Note that this is almost the same command +as before, but since our particular OIDC issuer requires that we also request the `groups` scope at +authorization time, then we add it to the list of scopes here. + +```sh +pinniped get kubeconfig \ + --oidc-client-id my-client-id \ + --oidc-scopes openid,email,groups \ + --oidc-listen-port 12345 \ + > my-cluster.yaml +``` + +### Use the kubeconfig file + +Use the kubeconfig with `kubectl` to access your cluster, as before: + +```sh +# Remove the client-side session cache, which is equivalent to +# performing a client-side logout. +rm -rf ~/.config/pinniped + +# Log in again by issuing a kubectl command. +kubectl --kubeconfig my-cluster.yaml get namespaces +``` + +To see the username and group membership as understood by the Kubernetes cluster, you can use +this command: + +```sh +pinniped whoami --kubeconfig my-cluster.yaml +``` + +If your groups configuration worked, then you should see your list of group names from your OIDC provider +included in the output. These group names may now be used with Kubernetes RBAC to provide authorization to +resources on the cluster. + ## Other notes - Pinniped kubeconfig files do not contain secrets and are safe to share between users. @@ -137,7 +218,9 @@ You should see: - If your OIDC provider supports [wildcard port number matching](https://tools.ietf.org/html/draft-ietf-oauth-security-topics-16#section-2.1) for localhost URIs, you can omit the `--oidc-listen-port` flag to use a randomly chosen ephemeral TCP port. - The Pinniped command-line tool can only act as a public client with no client secret. - If your provider only supports non-public clients, consider using the Pinniped Supervisor. + If your provider only supports non-public clients, consider using the Pinniped Supervisor instead of following this guide. -- In general, it is not safe to use the same OIDC client across multiple clusters. - If you need to access multiple clusters, please [install the Pinniped Supervisor]({{< ref "install-supervisor" >}}). +- In general, it is not safe to use the same OIDC client across multiple clusters. Each cluster should use its own OIDC client + to ensure that tokens sent to one cluster cannot also be used for another cluster. + If you need to provide access to multiple clusters, please consider [installing the Pinniped Supervisor]({{< ref "install-supervisor" >}}) + instead of following this guide. diff --git a/site/content/docs/howto/configure-supervisor-with-activedirectory.md b/site/content/docs/howto/configure-supervisor-with-activedirectory.md index 37beadfc..68adcc02 100644 --- a/site/content/docs/howto/configure-supervisor-with-activedirectory.md +++ b/site/content/docs/howto/configure-supervisor-with-activedirectory.md @@ -104,7 +104,7 @@ spec: base: "OU=my-department,OU=Users,DC=activedirectory,DC=example,DC=com" # Specify how to filter the search to find the specific user by username. - # "{}" will be replaced # by the username that the end-user had typed + # "{}" will be replaced by the username that the end-user had typed # when they tried to log in. filter: "&(objectClass=person)(userPrincipalName={})" diff --git a/site/content/docs/howto/configure-supervisor-with-jumpcloudldap.md b/site/content/docs/howto/configure-supervisor-with-jumpcloudldap.md index 7faa2e7c..afd22e6d 100644 --- a/site/content/docs/howto/configure-supervisor-with-jumpcloudldap.md +++ b/site/content/docs/howto/configure-supervisor-with-jumpcloudldap.md @@ -71,7 +71,7 @@ spec: base: "ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" # Specify how to filter the search to find the specific user by username. - # "{}" will be replaced # by the username that the end-user had typed + # "{}" will be replaced by the username that the end-user had typed # when they tried to log in. filter: "&(objectClass=inetOrgPerson)(uid={})" diff --git a/site/content/docs/howto/configure-supervisor-with-openldap.md b/site/content/docs/howto/configure-supervisor-with-openldap.md index aafb635f..286c0ebe 100644 --- a/site/content/docs/howto/configure-supervisor-with-openldap.md +++ b/site/content/docs/howto/configure-supervisor-with-openldap.md @@ -219,7 +219,7 @@ spec: base: "ou=users,dc=pinniped,dc=dev" # Specify how to filter the search to find the specific user by username. - # "{}" will be replaced # by the username that the end-user had typed + # "{}" will be replaced by the username that the end-user had typed # when they tried to log in. filter: "&(objectClass=inetOrgPerson)(uid={})" diff --git a/site/content/docs/howto/install-concierge.md b/site/content/docs/howto/install-concierge.md index 570dd1d3..4fac95ef 100644 --- a/site/content/docs/howto/install-concierge.md +++ b/site/content/docs/howto/install-concierge.md @@ -90,6 +90,11 @@ Pinniped uses [ytt](https://carvel.dev/ytt/) from [Carvel](https://carvel.dev/) - `ytt --file . --file site/dev-env.yaml | kapp deploy --app pinniped-concierge --file -` +## Other notes + +_Important:_ Configure Kubernetes authorization policies (i.e. RBAC) to prevent non-admin users from reading the +resources, especially the Secrets, in the Concierge's namespace. + ## Next steps Next, configure the Concierge for diff --git a/site/content/docs/howto/install-supervisor.md b/site/content/docs/howto/install-supervisor.md index d24ab6c9..15c38766 100644 --- a/site/content/docs/howto/install-supervisor.md +++ b/site/content/docs/howto/install-supervisor.md @@ -91,6 +91,11 @@ Pinniped uses [ytt](https://carvel.dev/ytt/) from [Carvel](https://carvel.dev/) `ytt --file . --file site/dev-env.yaml | kapp deploy --app pinniped-supervisor --file -` +## Other notes + +_Important:_ Configure Kubernetes authorization policies (i.e. RBAC) to prevent non-admin users from reading the +resources, especially the Secrets, in the Supervisor's namespace. + ## Next steps Next, [configure the Supervisor as an OIDC issuer]({{< ref "configure-supervisor" >}})! diff --git a/test/integration/whoami_test.go b/test/integration/concierge_whoami_test.go similarity index 99% rename from test/integration/whoami_test.go rename to test/integration/concierge_whoami_test.go index d8eb7de5..7fb5a909 100644 --- a/test/integration/whoami_test.go +++ b/test/integration/concierge_whoami_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package integration diff --git a/test/integration/concierge_kubectl_test.go b/test/integration/smoke_test.go similarity index 86% rename from test/integration/concierge_kubectl_test.go rename to test/integration/smoke_test.go index a113c465..b9108a97 100644 --- a/test/integration/concierge_kubectl_test.go +++ b/test/integration/smoke_test.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package integration From eb4254b1c2d3df4e2a1d33acbc76cb3fc73455a1 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Mon, 3 Apr 2023 16:53:37 -0700 Subject: [PATCH 17/17] Update team members on website --- MAINTAINERS.md | 6 ------ site/themes/pinniped/layouts/partials/team.html | 14 +++++++------- .../themes/pinniped/static/img/joshua-casey.png | Bin 0 -> 25214 bytes site/themes/pinniped/static/img/nigel-brown.png | Bin 9225 -> 0 bytes 4 files changed, 7 insertions(+), 13 deletions(-) create mode 100644 site/themes/pinniped/static/img/joshua-casey.png delete mode 100644 site/themes/pinniped/static/img/nigel-brown.png diff --git a/MAINTAINERS.md b/MAINTAINERS.md index 7d71d56f..5026925d 100644 --- a/MAINTAINERS.md +++ b/MAINTAINERS.md @@ -16,9 +16,3 @@ | Matt Moyer | [mattmoyer](https://github.com/mattmoyer) | | Mo Khan | [enj](https://github.com/enj) | | Pablo Schuhmacher | [pabloschuhmacher](https://github.com/pabloschuhmacher) | - -## Pinniped Community Management - -| Community Manager | GitHub ID | -|-------------------|---------------------------------------| -| Nigel Brown | [pnbrown](https://github.com/pnbrown) | \ No newline at end of file diff --git a/site/themes/pinniped/layouts/partials/team.html b/site/themes/pinniped/layouts/partials/team.html index 0f8561f6..3fdc4877 100644 --- a/site/themes/pinniped/layouts/partials/team.html +++ b/site/themes/pinniped/layouts/partials/team.html @@ -2,13 +2,6 @@

The Pinniped Project Team:

-
-
-
-

Nigel Brown

-

Community Manager

-
-
@@ -16,6 +9,13 @@

Engineer

+
+
+
+

Joshua Casey

+

Engineer

+
+
diff --git a/site/themes/pinniped/static/img/joshua-casey.png b/site/themes/pinniped/static/img/joshua-casey.png new file mode 100644 index 0000000000000000000000000000000000000000..21c78530ed4dde100e33b66c68842d828af24dae GIT binary patch literal 25214 zcmY(p19T?Avj_Ucw*AG~*tTukw!Lw_IN5k(TN~Tj*xA_T#(w+1_r81I>p4ADUGuA| zu0GRq`qWgEvZ53cJU%=C06>zF7FYd8z5ml;q5s`^%sJ=(5imDZDN#V}G~wyLL70WM zjHQACfc75`3xEPc2SEG>^6vtG;RB%liw6K?!3h4BR|TW_9}GAE5NQK|{2z?&Kl-00 z{jdMi{vQgF5B7f+^TGcY?VS(tfBb*c-d4FU{}DK6X&pBJ00HAa9Sra@8~2|z9UFCR zcWniEUNa{LMiX-55eH(^L!Vr6~%{BZ>S+mf|myO#8@VN#X)O=Qh+ znktt^Ot)&*xg^trri@2{@=5Ml>DEVu_KWxHYwvfmvajinORi_Waxkao+@!_w!16@+ zr{D}O=WKAE644#x;&zYDJ?7h3Ax06$R%Ka<`NTA(JCZ%jdPUYOCtctH&KZIDSV!j70~ z21!3#MYBVVud+I{A)^9{E$yKz-Fywtk`(QKh92u5_)j6DDbrwX2Jo*ixC^b*VSlF- z_&W~cYE!ql4aRTi$Kn6smw>evZUjNMt#CNfN~cW^?xZ7M?2Ebt{8=*;(B1@?z}neE zpBdI@STS`f6>Y%$rkCS*mRLH}squFo>`B6r#}h4X16e$aPX?l2VuDf#m2g;$laBvW zzE1fy^Zp@0Xz<0(v8bc2rpEj3Ef9a~Q@=GaK8UhlORA9Co=p5v^nffg+;fjhITWaP zD4KO{S&6A@z96GOe8q$_-|x$zVb{z)WLUMLRy8MIV@Y1avAkg0nY^s~je!&1rqMv& z;Zd|AyW8K7D>-k@QT0_qUP&Pp5ZBx-N-gLf{@(^^u*0p9AnY*N@i5 z<4X$g8>S&b5;A`5clIBgEP(nnk_$ml#CaQze;Mpm)T&}-@Xoj_lY)lo8kefl8x{5Z zT>+%v4S3M{+L~+@L6%M2{=6ldf$o-cOjb@)$C3g9f}Kr)j{L-l2~T@X zFqJ{D6i+v~3@Lte^i>~^)U_LmM7`p0AYWY0+aLF@kHo1~uQyKe=k(}P52IJB{3|hG z$r!F6Y^lET@+Iywa06vrVFnsaH3U>KfWc1WGei0=ZDOE(amr)D()?C|EH5w1Pvl=S z@o^;uCg|$x6`B>6*5o||z!vGPAK`EFBbvJUcEt~pTnvo0#c~8W?k+`HX(FHe8$GM` zq1I$5qID}ly+X?Y?^jw3r;zp_sQv`a>~N_BZN%M1xdrdzWrM;Yc*hB0KuQ-ds;b{uC(&Cn`rTa=Tw zvUWP@PcG27Dvu-l%xlwOVJ^`Co@t>%#A_t|XnseOD5*tXqA=NRq?qtA_cb!86|i10 zRi$x1C3K_M_xZ-|n}_X~&z=Zl&JjPv-~s0!*@I<$qRH*iwgTWoy0?~%l#HC8yVd1o zVM}|ALn^D-Enw%=S2#qsK`Uv--z-!`L+i@yIMEjWUa3hN)#G~BM2YHyWZu%ETGW8G zVIb?8@Z8nN<;mZnQ~XhTtAQP2W1tH9b?ZV0Z4G9I4upocRf_9*{ zUf!A6*guYU81CM%!tgHb`;PL(D&*r4__pMY1ur&(t%(vCvK&YP%-1JC4mngN4ROAs z@CMpyfNviH;>p@)wPluE`G^QeWLl@?i}zv5=5u$!v-M=jo5?_zCGh%`e|??vii=J) zsuxkW1zfL-8TXoWcXK;_+`+?c+q0|IeJP@_DA6v0XHTwQQvDVY(5o)>K;_xKDp@!= zwmRmTXG0)3{ln4L%MK}Z%nDzFy0I2e(CA>27gI#UnW+0A<8(0jX2kIEeg=Ggcvch(^hCIxhfE$#2UH)d z)SM#R3ciaz8$0;|*R_G&`_@LT8sqF9b<9zHvSZ5KhGfdoVhijZZdg*yw&Q43t8&ni zc3fGLEY|yDOIhRgYq_?p@y_nFYDQnyNXp+SHBzln9*X6+xHXO$Gosxz)^@NtTqXl~ zS1U4CuaLm)xYFp9)2VbVMfn+3&!as^<$Zs*rhr{buqqgTSPpA`z~3ViXudHcBuDXmDWmwU8x)W zLOV!Po-}VNDKWK*{mzu$CCGME&|Xo^NyKmVF8EVT4_hhl7L@L8tV+yVuNXG2?b)pF`U78S4w_$jjYMDlIYK?nm70v2a##Z0ja^of+Mb+t95q`c9j&N{e%0cM4 z>aZ0GpHQGOLUG8D7*wW*CjF=Wkw0n`DqVa6A5kU!-CBR2Yj$_^uKf7I-chk~ntydB z@s+udLoF?6f$ttNF0*X@0@pw(WPj5!G7%I4X0n7oaQF3?yoRddd(B8-co0II;^r+M*UX9c6u$qz3E>KO6{ z)SvU_CmFt{9g*-|#%a0w9isV91dtSyl9VZYC?30^>8q|-Ha*r%Uc^;Cw9GsE@eqmU zblSq6YOj%L3GhQ&P4q8I*yKl6fun)c+coIfg`1W=(ZEr8`ZqzxrP(ug(ko}h zEQwrlIMoqYy*wa&hj$}b$l7s@vDEx;^_e0f;_KR%7-Vu+%9)}&#icu$E&pNd;Iyt#=+AT%UV zT6y)D=>U>5nlgGYI?-FarmfmgJKX&DC|WEb;`uMX+c7Ybg9*`21H9UsVMTuff4{X0 z9?<aWHM44#ZuNRf^U`D8tcU(K{ouoz>29ai}QliybyKb)+%YwgNLq zx$#i1!AFJplO62Swzn~38|(=E%6$BvaMyjx-w$q zVj#I^fa<(<2(Pd<#m=bEWh{1|{eL%|N#uU;02qpt%XFCfbK9 zFZ26EEe=ijO_!oqg(&N0>0WJ6U1wZa1=dg0C2v~fxYCz6D)bV#V309`_rwHXHx)=P zRnuZ(VUm=86Tf%C@Fx71YVpgk`P5j2N^Ikxs6BKnQTwV6k^&JOyw!BUFI#DxdX|B_c_R{@4 zILdwELY+6ls#13--`2kG4-ht}9jQQVl-ZINI7^Rtbtc)avPn}&Bwk*m^q?J%brH}2 zfe2-W>)ExL%=Z@5oORH??BdLtIhsh0i#QHs`I)x)hKx7h#Uq4DU5fPrg}QvozT;ku zMqCTm)+X0_dVeV4zc>bWw)~A5+*DwQ6%w8Bo$y@}eZtS|XSW45#h1+2^aQWJ8*CsE zZ>#omWIu0!IdURC=t|25rk^ys(4`-1(-QyOzIf%DNQO(ERl3i(Uz>{Uo>xqs6ccu6u+1kI3=i$)d$8AA>yGjfjP<2(16}p zqUq^U&1(R^ObC%QESy2)rbk?@bh5`J1uo-#X(6pbpzqw7af_wH*TOxpGIfDXjt&)| z32lH-DQb{psZM8qk^d~HKUv)CH}Xi8s1GroH=fS)@pMT3y!`Y%vEx0NE>Z3!dc5i$ ze!QA7u3n?Gz=qOY6K($_B1*Qy=GRZ;#d=8*Mt=az{e1Cq!yaBSQjt;>;$3FAHoDDY zfd`l6X64)5yPFI+S{kGYu4M74EBiJg`}I?&C1EF#|I8-t7K%&ec0*_Q1lv|9b1@?8 z5*>CLyH;8%(Kl46gitgQXB=>6TvszQ%7?|N^62Io%Z{!}v(orlNvwltb7V&iB=cXks59*q%!WCm4M9@Sw`-M!V}315|q_7bPtNl75LGtzbX9ru+EN zC5Vkd-%Q*b>3yJfRqOn94-I&uahQbkw}mk87I@e25|=%-Bm!74mL7~H zh_AhIH?Zts=87HTl8|fA*iEI&);|B3z)2?liXjAnZ#8D8=WVW;G z%@wvm3j_T{ZUl+rq+1NZfki7Ei^D^CD7p5o>cbvSC(no^7X0=3W%~;oQ(0cNj&0&n z3{MXliblbc4UqEGK&S4!E6>Bp5%OIMLj-pkK)Uo#qZFA89e=0rb-P z=;nkR6Zoq#`gDgKM|6g|NprR|GWD%6M&WO%t%rROyrcSiRs}rQ%)l`9Q|x|re-y-4 zSTF=B6vKr9=yEgwOfwIm?h{+y=-GXq?-`vdWk7C2_mJrhx)$`=QboL&QHnx?Lh*`| zPW3mez(bJ_bo7Upg{NqkecnL9A%A{=8-HXir{Jp+iZ(NSu1u%vRge!-W7(&V1(5&@ zYiz$fj2WwMZjPxc+%~q56p>r5XnM+s!PX8F0s^SydnqbRfgl>K!uWR%82Upb;~IB* z0oqA>0<|2Jn*1P;93D&fqd@Y5PS31jUOd)`u>?)O;om`gAzY5mW?ay(U9rX{D6{&@>0S`XuUN7Uc+mk-xhA12YqmZjrv8@$GaeMA83WE zjpV;pxNHP~TF5l*;}}6fD0FEntRc5VqPJ5dC*oC}{a z0&dX!k<>q=f& z{xzc;5H#)xDNFIS6y^Ru8vdZQwQOv`9tVvPj;earfn&X6fVra)UWo*m@PsPF-|}`T z1{d|aT}fy~Awq)mEo;WqYGdaLgjvypSmSoaUUjCiP7Bq-CK^IUssvRfe!U#53&Ims zk9m@4-!G5r)6O9~0NS(#mdxF&*A&#G8D4{>zg?-MZ(iaz%@j>N{4w748ObrcMfnjN z&1CAQ0?TO65VBz?&e!9dOGZXMDBCeCk`rknIup#OOyq>l3p&RSv;aF(G5TeyT&LPK zD#Cczo==<&0}e^i3Hp`oZ1}93N8nMc?Yv9~9({ji6VDPCUgXP95q3%=m60|5F5s1L zrPV92HS=QLHxa%85|9=Nres-13SEzkVwhh|Uf{cA==i?L&L(P<>&*%moOa85-CH~r zU6M3#bgR^rv0{kZ-}-sOH-6I1MAZm}8hU0e3=%Y!wF`!NMGjIg(2abOmjlPolky)( zKxAGNFhIm5XKPaBdo<%PZ}XfGJ`!(x1QPa&?V>On0#5v^FiLdi!|P zZk`=%Hr21ugKexXFO}?D9zs05QAnEFu2qRl0f|G4++DgzLk=O%JybGW@8j4L|9~tR z*+n8Qx#!T=-~GqPi4ERc{II4*!}9KgQ5X7&yZcCT0v^iw?tT4^ z{5hWF(}(xr?P3+>G5@cDPxO2&z{wXXNPhe4JR){+3a0t4Oym&NnCN@s$1thBkCdAVuTNYPHx1_} zZP3AXRQA<@ITi_E#+B%y)aFZ)#GaF^Ic>vv8qW%J2%clXpovl^K@Q|DXSry{<}CDG zHG~idC)?wv0G~o+&NRBv`60rizit^bejIup#Mkg~+VXGeBt}k+5i5TJqpZ4(x~2z@ z+Zj|h_>b;(kZX(m<7jS30;b{P(mF1$X^&WoUgL$s#SgGO+nHm5eb4rE+8>C$ z0V(3)QZ+gW)~6@S8R|?Lill{YyCVW#6Tc9XOuMIMSc_Y#ZL6!W+gC1t14Y-~ga`d_ zEA0k7PQ2?Ue)yTM-3{8LG{f8$Mh!@{Fr#$Djz$M9R=CRJM)ETH27aAaq3-KipLiad zF4p>QA8mX=OP)XEby9HHSzC zupZFpsa;k0M3AoXbY!?mspBUuvJR)K+wL_4QW z(xzmxtR0~SxBXWukwZ}m&V-Kuf^i-F@hB6W5Mv_ZE39(egUZlQIY8lbbcg{0fV_Ch z2xt+C&|rxl+-*=get?;jD8WqKRR;_0103Rgq5j#}A3=Y5z8HK?Czx{bTe7e!(ABQC=MVQS8Y^iNo0jV_H(+V{qss8oNVP!!yYNrCqbv)W zwrNld($t5+$8fY660S!bNF~8ysJx&!88scC?wE$UQFwjI7cH3d0|6e=hiS+GHR>>i z#_O1q5tp+!tLG z0T&Z{l__*z?Sti0Cf$qFPRiq6{RNy4Jvz>`?5?Nm%b&2Nt0=0|94#VowYMjgdf+rp z*d~_11S6uWvqBSSyogLOih;#AaF#7tV+iGVFz&56QnU@}kl=G=$ktUegx|;X`A|4! zz~T6Q^*+(*eX@2D6%4p>-diS7Xj5KC

Xy1C`bjx{0J>w(kkS_6m+IlkJ((A;L1` ze~DD0>+=NXvA#SI|82>E5*xc_1)Bco#;1hbwfMHtT?t3^x6lcAXG@L)+5+&o3Z$6`ZTih7+JdH#t27f#KR9^!D=#pSbjXuB3Dt5^-D zGx?DGp83-{BdRyC5Gc)YHsGjL&)_l*>`i4dZb#0QpWO_y$ z>}$RzE)N4C9MnN)W4#3t(YfnQnN9i4i!y57L2tlisyhkt3LLXDFzi!9Z}+&iz}y&$HR;07~myYL{s8ne9AOSiwZ5n3lw z?Vie1K5Eh_cv6W(dcD>Dq@+pxxn2!uR9UPfb?M?>#{jRaQ*$2(WDkiDM}qcjI&6AaccI_n(U*o`7oHRrgpS9)lpzy`M*A{Nc6`GeiqOLNgfKFqR`4n<{f+*R zsO+peYmq;LT_hP_FIpv0kFj}4^k!;+rESq96|PP`1?%-96GJ%? zf|X~panEE#+1Kdvvn6Dwe`vtbk@FL%2Eugf7aAsTD}ey`Fm zX=M)kt_u_I)PAfVFlamb_w%Z`J{fjXAi?i8EAK(ci-egAJaYXh(N4>LJ79QeqOCq8 z^f#hmt1YYMmEAx$OPshO5-w^~h81c`JK82zJxxAT=#}WTlu%}u3~FbGSGiy;DTFI{ zyKJc7-)~A{<(Rz41AFayiCc_-5rMh@Dyd!nF-RStdAf$RnhA{c;{f3P3IDl+o2~ScCI%MVu5Z~Ai`CuW&|8HY znYh{<2oBeE&bMrol&ygZ8AGzhV$R^nv#Cw5@)hj_S3uQO8q-l%3a!6pmV6bC(hg6GUBx6j$ z^s6JR2NwqlGE{HSlsc~*jPR)303ZP94b`4doov}XJAp`+w~Sq-tM&=Sy3o~#8e|;k z=kW%}n0CV;XOt(Mk=YK=Eh8nxKExWx2fl7e_)S+y2U0%5r}?HD2BTL?eHiRXJe!mK zma@fYzf0yiv=;Fy2(uV*oy}-6aSqPBW%OQLS}^>&3~ZTB2lEB^z@_hAj&2NR3eUf%%SEwpE%P2@C;_BAmf=3rp(>#Dqv z^t<80qpG|x@QK#ob=g%><7K{e)xq+s6E` zE9Q<%{fAxk#OM*};S!n_g+TDN$we@?I(xuHKzC3g;Uf8&JTXfsSuG`^9H#?xw&W5j zF+UNJMtmjN#~*an@l?cBo+A3S5PTY&aJ}pF-YJlp(G0BO6w1R(fL5AjZ7Pa zZ@pzGxIH0K!|n^ORceK<7)WNb?fA?yNxVtMrWm6!GE>gHNJ6<3HD>x{Rq=Y1J`hm$ z9K&C9rYd;4(dNWkmK6qd5pxkTj(LmhQ~5=KT*py8V0(lMY9YjcF@4PrC*~MXz3sB{ zWD0iI{yZvZ2ouM@-`sEZt~2tO?k)qXkf>qu&1hK@aIaPU^9Yu#ERfw&p$zlv5rig} zEUmRYDM_`H!thJvYokn>DC1yP5Rn-Xz`c|HiRNPCOK_7Nmj%ud$|2Ou5cDmf6qwc# zR;|6v&2~GIAx~A3B}ox!Vt#&rjcN|XFuG|)fsBHQ(>2)qFa7A_tRS0|TGFqWRS5W7 z??}e-8%^k9saFguPlWFoM!L@_ zn3}c?`WoLh`xSmymiW(zZ{QA z=ryWAD7>UxfOAdU-;m#RznQ6PUpn2%GeD`p!>=Q=J1SC~cNZ(!x+2OMme>?^Cd z(8e;EfIMOv|)!JhzuJKcOvU*n1e60{)D&-+Y?3g*SY9U>*1py6iq_&v>jK)i5X-qqeNet1 znGJ@3KK@A5#-UJXa%BwV+~NBMfrI6{m8dIxO!7ff)l?9^swY-n6Qto_(7L&;O@ru7 zXYxfh^^~nZZ7KDS2E=kE?%i&pkr?~hFN~_e-&yb16@0Ls1NJi=Nu)A=c-y3#&_ty306KlV1buEnaBF|~c2Uc5}tLNF6L+0Bh zk7~Rr!Ng5IV{^fdK%d2k3COProLUP{+b(V$x24H8nUvo?_o|f2m~uDe$tU~Pf!F=g zYULsMD1T$fg&x7)o}(k4zS}o{1rVkUF~kgb2niG9Hu}f`DidJZkx;V{I$p7|D$mjS z$bF?y#j2_%Yyuz>Q0=6q(^^3{k(HU#Dt)Gmze+KSQ6Ew;#Cj#uIO8z_MVnkx;w|Qd zvx3A@9Dl9ppKzh>N-H71ut4pEO-w0WC+Xo(M_+4+gk+cAiMv$a7Kt1+ZydLauMT`G zNbpN~WvX*3*3i7v(bg{%sHzD6^7C+E*+T1Qtl%DKN->j4C=pojGtS(=Ho-ar+atg= zZ5ankZ}82O*pNMKF@u@!cX=Jbcqbwq8}z=kk6=_?*W{q6B*RKTWMaA<74=g{n|A$u{+A8PfczA;;epfdFNeAnyy zrQB8~UqB5b10zkO??+>Ec-A|`&E46Ac+>8=S+iup?LF~?w)Ztyr)7{WA(4imK)YSxf-je3Z z?IKlZh;<1qNvlrB?)3QxZ0DNRFM&%FaHO9u86|mNVD}$|(e8Jm35c`AYG*2d z0f09I?A)XLQDSaOr_3EsDKNpk-v+~^)*yQeO_5>BuiNq@zd5tgGKv%yH*Z+g@I60I zC|OBh^J8Wx7JHMNSGexr3-BmSC-%SCRmcDLw_iYld}K<9oUogS3_S@B40ERs*Rv>u z%mD3WtSF&`S}A}$VvA7R$iNIK_N85Wa*}kAidRF1xf-6?$VLEBNStZEz6vN8-`L68 zV@3Nq) zQ7|X`MpG+oA+t=ezrp+Bj0+~DiJ&?;B9A*+Ih9c?J}mfV0_RxOjG@7Qkt#t4Dc!T& ztO2$BquD;Es(^9YoS9`qNcI3Py*Ats_bzkY5%L&*T;NuGIgbBTDCzTzq*EY9zJ{N3 z>IcHT+wu&5PQ>%$`0N2Ocu(X!ffG-EAq9wkNM|wU)ro01A4DbA$%Sul78tV#(>2Z- zf+BG5{Q4IHWdwEq;$FSll8ujNu&{V^FZYxHXpw9IwGPt9q(@FA%Vy7f{26GU{qBGg zK?IpU?I~%BQsm?Tu@85^$Vgwz0UB|q9P$l+lG0Ij0r99Yjvu^|@ak5&ud746E=iS9 zEkMTqtY}Dbza1EELR?{DVhFttZ?dvf;+7WO;N`+y0-l`}!`$q4+o|Qz4%L#DZ$Dt3$CrR}GSdw}xk}PT?fJJVKI&{O{uDt1J`%p# zW21S1cDoiO{CBmzO8ap4Tv3uc(^r&6i?3N@ew>6Q^ib4ALLu!e&S96T8RN}8FG&$A zBm{gUu`A?`DrL(@K9Rs0uNcT+BX1bv4QPn(lNGvRP;`nr6BvJ!k8n{|FD=z(={wCv z1_sreSmPhG=^7vntQB`Xo~f?s<|-kD;t9dqpL zA%?5OO8qj?$TNvQWS^pNYWKVPThiowN>7Kixc@k}aY+uK7V*>58 zj}c)SgFoESh_|+YQ5JGVN{#?v<&KkAsE}M=-k2k~(@o8~uz|XX0MD)l7P4~O=`K+${TsO=D1w!QXq`c{+;!b!-Zc$7)W7BjwR8+xXtsqpC72{+{Obo*5GlN$#R-yn$ z0I<1yTj=X4Pu7VqFcE5vYJqt{iIGjNppRC>GZUFm@JDHxPA&#okC)|75B4Zd6Nd?t zsEsL0QRzqKY_2X5zIE+Yvwg7&X8vK0?dw0H3;>}69DVwv-kTP^GedHY=Bpw`Aw+sZ z7pvpF_OYpJX=vBZ?sP+Z=mxuUgS0WHQYdt7>kAm`B>FG-xCtC=?rUZKsmT(6QruI=p4 zy6<<_^GJM6LiDBOyrlsv ze_l~q-td3yr4-4MnHVJ%7|u+aFbg3rvJK$vf29b;RjdOmA{r^+|a3^H5irljjl$yS_aD zn*_Wwk(VMC{5$XEwR=lc`i!n$vd0+ufu4!%a3kny@P+<;i{>%!8edLDkB)COF2~ znDa>-zs~#n9`rMnQ1^Z+^Sb;^V-I{1uOxRR3dueu$7fg`c%EzB%(T>|uZe8-M>Dg5 zM8;e1C4qp03t1r7kJPYDfJfb(!%5Su;rFNjzenRfOG_S|4-So7FdVu;U7_CgmeTFK z<(Agp5rC1+4%vSv=WYrYiP|^yb&ch%4o~=#R7fkSk0qvXtrO{siA1HWs$9!Cik;mp z`{kRR09tI2)Ac7PoEmaYW9;{nRNbx3NPc_9LFUs__dWjGVTG3Bw^?RxJMBme^M*w^ zyg-xFbhe|gnSqOA6nG@htJE4y95KjdGX}k&Eaur{O3sIW9R*27-A>%dhIA>p8VN-> zm#$y3?s}C;ZFc(E`;mJsm#o%U!O8k_`LvbM3=s(1u9yD` z)=?I|D=HKD9~(#m-CTSXKS_eaMXH&~Rj?KwY>D&MrN<8aTX-MjqVICm(JQnLP+exu z657x~VLW;}CR`hDPj?H)FR7ue3{_S0GD}yX3Xbrszr(M6(Nm-LMDnqZCvW~0FYblA zr}dm8nbAj?vpoA}G4!Z4b;Tl@O3()_>=Q_J*S?nH=N3RmB){U17`r73qa??8dCdny zye%}CMcTCRc4GglH6}emDL~1>6+H)yxhy}g7I!Z6?bd1ZhMSrDG7aUo#eQ0QR>JZZ zu~a!XLi^D(AON(2+Z6Y;eJltp*r0>c%$1;xO+&@w+Ik4VB1Xd7sjS?npcHu7p;{A2iN$DaRGkd6 zl&#D{MfdPZPXu@>$AzE6W&}U$4nJ!7ffhBBC5BpWlFVj#G76h7f+Uf}^ShmU?4(;s zyQnrB6hza1N+ZAsW8?KX11V8T*K`47rZDROoX~R|kK$nv0#tX}SSkUYqg8KKa={@T z_gi!;1@?wh53EMuVME!%ZwIbon+R9~n^JI|_WYB?JuGwXUERpuIdp97-8w=d@dOd% z-*L`F@xIxMQ?6ds9mv5=07tx?;dIx>acuo+dF;w7@X!s~};mw74FAX)dJ; zF2E#-MNA`Own4r?c+2O5s;-qrS6Kr&ZF#6>eyAk0ngQ5Gy36jWVH*C7L_Nc{0>`@a zR=`~)YXv=P#4aOMI!nXF#0-6@99`Dw7-X#&bQ@8Li{=N-bSUL(b)_(xJ_JbBhn|Qg z4ut8RGeJrNEg>CDN%FkR^dqRp+_^{u%v}nYmLU*ywM5NemD(V`i{IMZvl(NOS)eWY@$EA7t4ydQe==dP1Q4TZ=<_7@3}gBw-Q)vH~aSs9j&a zE=g$L1%q{10d1nL#Z@z%nN1*Ay56WVkg6kc6GzCr1p!X;fYKh%ARL;4NE`#~+V%IN zWHcRW&&SRywMcg?RWRu%8gf>1Q?-|*<62?Axls*LiA?nx+p!WGxA0TcRfMN7y$#^z z;VA-l>GTS@EXV>CvTSw~Gb37^hRXfdv7UEcwOuOOPeM0^UVLdA%Bu52pgP$%tcQ4G zQr$ySe3Z3{s*Q_Z@0EagWfTd=h6CB#vo-o<3GF3bn|e4}SWV0@d>fj;x3Lm_**IT1 z<^e%x35XtB+jQmoROj^gOM#)nL^XfjYa39+%=caMB;J960)fTo6vz5qta7{!tsmFE zi5O4cA--23;~4HBQ>x^}K4u5u>}#-j&y8K-lxi3L6s9rgqicdvCVF$gxGe}BbR5Ul zKhF=+M?IGukm%z~RNcjpvp}tRpvA{*mWU-5Gg$IdQEDp({1^xJe9jdif|-Uw*-Dlr zk#MHa1(6813Q*J=)p}fc*PxL`Y#!8;4N;k{Hy8=n>NPWDGx9R*aGzl`EJV-l?!Oya9Khk$-zwHCRgfd_W6%r;H*EDTBB z*xE#1?@DkN!}@Jxml*>7KyGVV=ZG2=sG7=%i<4sEg|ZLFWr00}iaBGB5mkinBx|p* zsDpaiBr1nK)csqgDqMXW-~pstYP$&TP*Twbht)Cl%2PyF(C_;cQkTO%y=ilhs; zT-S}F>U^>9zmjvQ#sj$po3kuFq#%!6CKPaQ@B4SMxN53*&wHy|x`O~ummvU{$*@YvRVIw2({`dQZ z=rDVn{gT5BF*+xVh@eX) z9I?8Uz-92AmI%c4EnZmjRBbaL>(-W#Y|*?C5W2r0gw|qk2ysU01AA``eq~h(3GJ_; z_`1F1uU@y&%*1}U`N^gX`aXJ%lK3|3U z8g^sDf{jJ1zmR%E4DkY-zFK5kD`oRm#-xatEV!GIMeyPMt}fc$qh@nFx|C`)9Jt24 znTi8ZBdeh9XP1JNryp`6Yw~TA&K>eE=c)3Mc}?M~AH4z{S#orWW*oR?C_K9pA%nAz z_lw6aU%nSkioWa*-|t-Wi*PjlS*{ywFszt+|k&&}Y_2Qmf1`mMPTvV24UD+ObPJ>fuf zm_8AyVFSvU!1;>G4b(-+TBFw{$b;NA$eO|tPo=<`cs<|in-Ni-yj;^`IvPKLs!AlT z-{nkdV9fl5&Z0X3xp7*2Q&VintEf@P^C%;GJS!=&E0Ul+=XA!Mcbd&-i32u){RZd~Whwg{aapcci zCAad74zX{M4Pa4kaR$&X3wZ+f=DNZLduov(mnaJ~<$B%a66Y%d0@0J$_eY>;;U|J1 zBAsx33vpU(boIf>6L>g8fza!pP6&)_#IalMv%T_K6>@lI7Q@%&p?}+eW@$jphHU&> zogO)Z+xEoVS5eFkbfR5a8U2)9d2unzbjFzyN-~bv8Qb}(&=4BE&d?*f0~Mlmixn9P zx^L{X5}rYkkYu`KPR8slF|kc1%JBTv2=O47^_L&Uc_w?;sd`RxcGZwAqOb71+gQjD zb`wagX8(Ov_xgnVTa}$3NYt=a_UKgUU93DST0}6bxO(s?RiOVKM*lA`T9=7_(Fl{PJ zxz;kx7n&V9I~eEOas2o+3n3|a>`S!5v#XFfeAE`pQT*Wh0cq;QP;v&GEU;TJ zALIMIR=Z*bOyb86VdjSy3XbPm`Zu?h+usi~%JIFXL%A@oO5on-urpxq2Oc-UL4ukqQBakN7PY-oGDX_gm&%GY8Q+=v0W4r zX$CZ5-3*M`ZA?8;3fS0o(VIIPWp&PGnNR9-TY>Nrl?}5+-1@ZsSCU4LC30@38<_~F z^BaV*GM}hf%~{AmqEf16Fw7OeAJH*tToL6tw z1f&JLf~Pr?{hM2(8A?O1ge!yPG6DEZM{cf&j1N8SY6z5FTDo0~B*nH`IOjskBHh;~ zbLwV@t<8ZvL0$1Zu{PPxfds}cGCw&bQ@g1Il*D|CxouA%!TKFt4Z(zYR%b_e9Z~yQ zZ4ue#qLBY3Ngs}$tBFui8cxeje4QIeTW5j#ATU@QBTw}hE3?JXpvOj>>A`-hz2uuf zgPO?WDHrRSJ){SQ4^LVQGGg{pLIoU$61+B2C_WUDKh1KjApe!Do}b1E z3C?g7U2Jcp$%r4wA+`&z6oMby5GktB^9bTsm4%iAqW8v{h`F8i8Ww8@}E3aDzph4A8FX+KDjbRskOxJ zNb5bzAzvpfoWJXn4v5Vhgl(ZTb{SRB{|b`VU$7?qU8a@i|A>wj$gWeHzoM(&WGQhaOHw5&@3&jb~^YkhYBP{ zK`XNbRnApLif$?k3T=TzId-kZzpay5bj+|i9KuHMU-!F;eCQ8V7knl`)6bz8BDLF4 zEiy(eDBn3;ZE|%}8z6Kgm6#L`nP*5wln)_`OdX;ffk z#*j%rO-jWPk5*eEp~pDm)^~V~9KK#xrNZz3^mh|MKF!zN?D(MZd!PD_3WKLkX0O*F zj{Vi^T+nXF`~I%_I=`Y=;2O3g>WJA;&hr<5uL4d_zv6q{ekz z>rZMZQE|VLe|x`TY;|BHjdE9g!CgpglYnZP~ z@_JVb`pFaZeYQ6s-+ASGLEY*Wmt8B1pe7x0qWKXHyoD4HEt@ZdDf2W|0ic5nBJ*pPvP?8o5P0>gsV_}SmdKxew|d;=P2XE zLl{dUYGY%IFfl&)N_WR^D2(w;5q|OTrL?{<&oq*1^plq9Kg1)Oh1W%%9R1gON7Q*GZKoa8)u;BaTV0>Qmr`Dd_TevrpmLWFMENqo(-jK%E= zdScTYsPJ{22QdghW4Ev*%OjI%3M6c?bb%Gx!0?J01WG1ESPau4PIW^{wc)ZPpDM0R z9Al(kPb=$7yt9?2XPhB`pBbQ84fUZu@D}@Mbr`*hXR6Y~HOg`kM0YwAX@EU;I?Fbr z6MM|Xt&D_4zRAP~ny57Z03aesL_t)w6~b)cedb@&MZ(aNdzUoQAQFt;v@TH~+Beu| z_Yr_kp~Dczp_^|^V@!`h{--ul$-Z1Haw>u9KZQ^N!TgxVA{KguGE5VH0)o8a5J2V~ z{`Ky~&A8`}DabCwdYp!o%x96F>`Ff~xb}Djg3|;4`k8dk-#^X$qgQ6k9U&Oo)rIzN z51v}FT#v{ipMr9zynwN^iQ%!%h{-Cz+dvlrvO=vpT_OP4<3?hTk4e7bCIfsRc7Yjlv7Her`Wh2h%eISY%EWpsQn)CFg0r{bK!_bn#Ar9ays&k*1_Xc1G zz5&;OZy&(k+r|qQg~I9dWpKD_yAr`ZC=@=-TfZJP+LbVuWX4wHiU<7*pXCRh1@jNm zA#V#E9Rj&xbq3NkR9uFniKtscgx2X2RiSppqAgLB>G`p{)Incs^*ULsUK&l~TjN-< zTZGImM>k2pZoy?|pFIm`7&u>_OW*Tf{#ZJ&|3I2sScDT9!J!PjO{0kEO=d?Z!gZ>w zsIPgewjbvRl4S`lo?_CBHId%%h8xo@Hy%yJdXcFz ze9#L7k6@%Zs^rwu82N&Dlq%Uz9uNznbk@Wi;(f72JFyuuas<)(@8wlm442i5J$WPmtn&wr5{DT5kq zAeJ%CX7x%$KhW7X`m%tv#@EvE15@dq+wV@tW@ppX6ydpASM@1^`*6l! z5W1+FP8Zv*G?A2jH?IZ8l-L>}#jx3(o`)%IKjlK>$9HbUZmh_spMu6RvzKQ;=plKu^l=M%Y&2Z0dyF+50U zC(_9MbTzPWD{#On-Iz5-AJ*xEHV~6_TzYxUN+TxVcyiDu9e@A;*q))c?9+Nr4mPaS z@zkS-52pirkHloNGX&kY5#`T3bt>I->uva@$LPZnbO6_mVbB!`%pU@|4s`5iO6v@k zbroG|l*vJsV_2M<3nCa7ad3O#?D_QFZ+;tLy_4bmC=y%c$E`N}3_TOumKLc8-YLcI z26^afxAlQ&0Ft|XDa|jfrbU7r{GMKjvasVg@GfcR% z>&b8T6I^k)CW7gk{VaXYpCqpc#xs`ya{txs)nB~Mq?S3;lG(sTE*Rv%jBJQpe6Ifa zu*?khMY=G!8*qXkw&oX@-idV!H^7iITptI0S>KGtlTV!U!+ilr-9itG;1+~pC=GrQ zbmJ^O-$G2vo;!b@ykIC6wxzqwRl-jW{&afGVqnjJVWS_Icu=}eaqtq(r< zaQeT0_ur;A{pmN|_QrGoSLR)ZkJEjs5xdM99k|828@!J}wZa-6b%g)nxov~1YaJyFH=!Ni?-d%|FCP4d zar3Gl%Xsc~{{C({boYKTc(V@!Z~O$eQZcX@yLu;|OKos*>^p_?G-}aD59j&Jp)nl= zNBOk-6fV4B`a;g-siB8$_F%m$Lvv8W>>Q`PSBGNKb+1y@dP0`^XcNLC(|h=mT$6b!^N*Z zmLB`Fzf61S3f*(#>(d?v;z#MfPwEJvd$+JSA4KYEbQ0eJuFz$cLaH*e!ETZR3=QhE z$+-6h^OfxZplO(Y+)PV^#XdRTrJKl76mW10ZnrhjRSG~!*@7{{Qox183p9G}WH1alT(MCg5PpgX%xPv@4Pjl6;&^cVDJ|eSo+Gd2qPt|o1m}A(n0o7*sSJk|K|qHtP?53U5<&P)xO*7) z>5T`Dq~m*Wd@#^4%C5~|Jhzj}msts*M0c%-q?yC(brxsK5`^XmRf8SNA>6X-bivk0 z-)?O%`Ms0o5%VnXkuGjl(_Fg_g6#wMqfr7_a&1;c!O^=Q2&jY>VB6W_4%gWACXuLmBo3 zXd{Tn8~5TPrq9`=yAtk7UW{)FJ77->98l2cGD<`@;zh)+L}2{%29X;V;k*Whm+!h_ z?F4ge>a)kXz1u)^2rdM#sMUfe9F zOIuj!OjT=APFGJI>Pb~A(GUJIly*Ze!*KAMyOH@SjI2WM7t+~}e0K2s>f`eu7#N-Z z^5@c_d;U8rKtEttp;000m8t5=Ofwoyo+}M<nx8VhiqY z%84R3KD|TQ@E$?gE}$a9ns}}nIvqGp5+x!amoT(0U!F&=F-irJCzzY78#0zf1VLKq z1J&XB&*RL(pWt1e8;FOJ#Bh>07_&uMG}$$g98wgqtIRc;TUi9DxIEFj>yGuJXFI42 zcb6C*4Z^X@ho2m!=-eddD6KFa+y9^v4u|nQwvxC{=PKKP!p2E zXdsfkW~1%9*)!m7I_M_-&A-_3Jm%C_{5~&&Bjw?{|C$W{zSxOE%opIh54N52AV;2M zD>9OhEJSzcQ0v4W-H|$-dYVd9#CqDlXOuzxVmg2REU{Y963urhg@_@xzeIj(7&H-q z3E+)mmb+az#c-MxM4;UfKXy4mP`yhgHb9R3=pmdSU_J&sbblH_>HP+xeH8>KS{oo{ zgY=u^y$<&;V+qgW`dngUX^ADF*5SrBYQ(+hpaTI3OU`2CJzIpwBF3&IV3%Urz@V}X zrrYRN()smb=-zeK9BP2zSZq{62f@L?0#a~hF}HK>eYdM%9qytIC zrOvDbt@9SbclEEA(}i(`RHHnx^>Od7e+9z_1c9WWO2_$5UiOi zIQZivV>l|T7zqooUraXNy`W+~(_cj8Z9vr@rjD*7#+q1{8*t#rL@k{>aWY-%FGb{c z7*^pR+hy#PuFE#uW#3ZHiI^?8#98(;dx%p&XO6OZ&6Z9RjISDExsRTHblr?KI5aF>YA9mmWMOOGP6`{r_1MMZWF(4#a!MF|Zz~Xn%QGs8ToJ%UW3-kH zEpizor_n@!JH)hxHNCpYWN${eSeu6+JJQDpl2Fk`##I@B5>9<^S_xqsTsuIjunu7J zkOa82Dc3QB7u;T0M4N@(ro(UjBBlOaeN6+sk*j3EyDQ+OT%Gku5CXSs4CEVKpc<2% zE3GA5dzaHK69pUyEb{=MoMq@Y4Q->7)FKKJ1ciQOBu8#jbg#pCsxARJf(X{=atT65 zjU9-IMgD@7DWZCq9@@cs=fVmC zo|f?j?IjPg&6_8IWKJO3yn8;_0d24FzVyY9J~4RZ`Hn9R!RB!Gi>Hc*-*h7-y+QuH z*0x)O=lUqBNlAmCcQps3m)VMrm4w4Ar7YYgNgs$If3IN1Rd`nl_+ zv2+pRYK0;8PMJ|F2KXavPzyby7SEg|UA6UZS&Lkgo#$NtUhfOP`H`JF&wuu!MD!qw z?qC1bj~CwZ-@l#f6N7s%e56V=wgC55nD$xi5`@-bEsYjI-<`R1>z#L{4Xo4)1OZG; z?+Gu{rSs=vS$juHUF1xEv>~*P`WRXxknR4|=|jhK6uMAGXBg?&W=zpZZN1KDn#O%u zq`S2R7dtMjl|IWTkkB0>!(4#dMYtpweO{2$6hUz38k{M27C3k0XN&T+A<6{B zE0)*n4pFueL_c=PpgY7&QwI!U<1CZ97x+kb1ILCF!;SGCNHkeQOZxiEvIAMgcuv=Q zy8BnZ`S*67yztpeLa^EO8kM_Ky>X7y7xnRI-!VYF#1LVT)y;bh>D4QXP?#>gO(j)t+O! zY|9{W6Xb%oERi^|E)tBve-Xuj^l*gBFkAx-=9pDEJb8pQC`ZzAi{Spqlgu1XRv+ zD$Er9+i3;^3>vVT;-V<7_5A3Q-$)k_;n-Pl5S-7b&)5hNB%rb3G7{vsg?Gy+5Piw2 z0L8tZ!EyA-1=LoyI_cDle0boJ5^Y>r>}=;!eC{3I2_ zwxB;p<93_zAx6i zhe8~#;!j?}pDZvGb6dC=?amk!KT70AzMJr5jR%r+U!KR6SVbD>U2^ToRhC#>!Z*Dz zzl5iX1mr425+ z!f$+TaO0&MUmk)fq4QV2`P;ZLe-*<5-vL7eR5Iq|nxhLtuq)_lRBss0t2I{G7Z6!Q zSuid-0vA2TuwJvd0bon%@QIt#$=lz=;@gZe(SIDK|63*iz!>RG44I1KuB`jGB^QG* zy+^~uS#99#Un8JScqkg3Y~F(d=jiJWf$XuVJ&5`S`7Uz=G1RkZ@El#PGDC!QMu`ko zU&Ibr#((S}e}m=a}_bX#@>Q3sRrZ-$1~-mgFCY7_%{A@ z7Yjdr?1pp@3A7K-T7rP8=;#znBsph^?vi`g8ItsiQ6oWEc(@4FgfZw|w|#7G2Uej1;&4krCadO@`$b8IL8C z;4(SaWe*jbHN?NJ#1--|G)N<784uJ3oR8v$a8Mmcpb2!egZt+Qo?pR%;>F9Y5k*>dR#`_`k3IUhQ5m}xDe^bm-f*nB8e+e`S~H!w6I zEcCDjonKl}_4s)M-M5aSl_7*O1m=(?SpMhfuYThn3G0`;eNzaILO=VP|A03Bu0vlD z&m^Kja2ad1j5S+q^L>NXJV;gt+ecI!Db{lj?a3#f22qTWq7x^Gw)pPvzb_qQ99EH7 zL5w@1qyweJj6t0Uu6LoxyvU&Z61uTWIO`;wvPG=ZdDg4cbs1x^5SME=FFIlbAZyGp z)YGMjK7JW7vB$lzCuoa@e}FjoAyD9_rk`YgGw?SSOU4F?mP%yrr!&K33GAj zgn~2Z;DmW5aZO<*zvV4&1Hkl!d3g-cd-TL{0@E)uTkt{}WyXM0L7cI`n_)5QVvM!0 z6xsBbog=h&FKbAHL|vWgIXNok3vrZ~w3xwZgv~}j7#(U_2Q=)8Nl3luBtY8esv#wGZ5n8o%WAW1@hss#$J3D$Cu8P>0~Y`3i=W5f>k>x9 z(uxqW{_v1QNFB=sAP{*DvelgA*+)B{`;DJ`K9IlIXRi!`E$!Ja{&Df>owZ`G^$x^P zq1vYVg2gOyD;@MMmUJwyZ{y%78#p;Np1$z;ze?Zxz2BRT0u=j@4$;-ozekC@xWI(6 z(`U{S)JB(v^p5e)LJ*j^q%#iLiPkL3gdrvJo%(qh|FweCBm}5ri>h>i7`PQ8FaSQ5XYxo20}dvc zDtibuv-iM}NGkz6{>UTg=|`Vpso^nf4h&93Foq`MSBP~iZefG1q0*t~Uj@1UvmkvX zwpR|p)Ta0B1D_c>@Ve9W_S*X@jrn379)5_ZOIN%^6M_gwgY3F2B7*&v!#Xj|`m+_6F`9!Y z_n4Pq$cvC>!<^|bo-+@;G93{y$LwzK_X*#$Vxd=&Fx z!BZ!7uu-3f4jtk<4%4CckDRy(-@3sEa&|90@%R(zYmYsa_7Z`Kj$tuW206AC*>U*b zwk_+rW$8O||B0>7|EqucN+5QS$193pGi{yy>I1A3`I&Na82ZRNz+U%dG^#P0Lh0l=%TFP2ez+j zw?q-Uhy!DjZj%v?u2JdqPlMGZ0u3VLq3m8+n22#HM8|GTvkoz6nd^$&B!7{;Kz{2O zZ@LxrUfB&=Lswh2A-M4YFC+k>fxV40W-1+K1WX+|IX#<>96u3jh&X)Vx|!d2`k8e9 z0}r#1_ypEAs*ApGsk51i7@u7RTzZ@9o889xcdb7B$DbS^=9M}M=~sNa^tCU1?)Y)m zzAu-*46B}?=O0c4jS49~e?J(D6Qs-%yZpd|52gnmxF2NRgib$89QC+XQI9|QOd%-hvMpbg==Ds`sof-J7E zY7UmNi;o*z;3su-H7ahkg6-S73XZx~(Z1#oB@PUYEiLn51|FOZ>6g@6Abe(WJRLiD zkQIU~zmtv}JsysjEey=IlENqv)P$Quk6SoEYGua1b*4Z7<<{0yboK6DU3wY^(ks8c z;v77vB0=C=OA8DC$KHvN8^PEeSk5srrXJHO21Ec|1IU4Ux+aL*zxD3F6|O|Znh_Tg zgvN(f_g?1i9zJm#E^DXDr_Y3_RFAu&jsW)yDYCr=nO3%aYiA8QqtImt+bo%{-dx6V z7Evvbv4%ml4#%#O$7jY{$RR`*)|$JpJyit);x&&;WR^ z;PG3A;6WYdmsb7&5%zgH?jHbA)j%%d(mr!I_W{&_0|(NV?*C%CxTE zg~!p;gKrq>;hN)fJ)i#5|AYh~;2k2Q@4Jqqc;8dcKJ|*~+X2jXAHU@YwlLPtICbKN z8$P_X(YS}p8^y1{0t_H0`*I!7e-b_W*0;Vj?LV*&E&&h#S7ZoX3B#_4W3xvNA5Djk zpFrT{FP~}sq8K3cL_199<4F?TyK%CQm2L*2oEN)knwC$ zH^sHHCbYCQ@U-CFF@%WWuB97JoaBC;uHF(}wvlxEUH7mw|D;Y?sKt>Z2m-bQUb=JfNdQ*Z?cf0X&=`CquFU}S_IUv<8n9{>b7gN(a_J@D;sf*QadhguI>OZCx zO8!@6d({v;Xbrmg*@dOWe>y!m$+vZS@4)rPNFc*?bbn@MX3{4<@rm^AcfUIwKTf|G z?v`_Xu11cYD9FX_8;%SYFxxY;7j8b8h7sGYhhg`~HL5g_T)=w>cclxV)mTD8L(D(9 zQys5Pb%|qx0+bkzQcd8|^0`YXDNg;MbIsrZbnkw~k`FLT!jFm=&1uZl9rwO9?LET0 zCc97|HH&k|QPED_AtHiGHh$s%`NSW+f2-Yob^wQ0>-ef8c+jwgrKQi&9r?$5#wQJ^ zx)aY6{sTlF&V?ES@%O&z&4|{q;6Cso=y+A0X9sxdOXmT1K!zXam|@iE@ZlqPz8Eru zEA2~@BmnMoP`Mj33Ch6Gjy|%31QHfpiYLkuEX&X<=17%6f7)$Mr#Ub?$_b0T z`Sg=drVD3JrzOr^nQoJ*CoKkr7g-6M`(FRAz~ zhbow+NC>3JOa_J<={w*1Hu~+@0yxZ}8HfjI02NWa!aDZEZ=af5|Jk4Vsh`pX_HEr> z6A0c7ftzo>`KKR${PCar(I5RgM}GN#`Q^esrjfWQUIWR9*62%v4EwI0YkYZBwMhhO zK)W%1*~BsAIacDi$U0a{7({FIgEw(}Y~d`avV>6?qA=Q{fT(sdevkK@@i&ZER_AM+ z8EeH!=yr!5Z++W4(%yrI86&_`mBkA~*~QbvPVd8i`-gx0Ia4^T|F>&<%^`RfAddaZ zfBCO|?E@e9q3?z(#`Q$WCF*0(MW~!Ba`T4479u z0pltoUM{!a377h(?OMA570a z@@1BE+DemH+=dJF%C*k?YGa`^KJ%4Z?t1elhmH<^?9MyCH&&3_U8mRb`F9+GuLaEI zOUpO0Ue*WD!1oY7bP`nZRrB5$3|xcT4IsiRNS_8NY`+_enGM5?eo(j5Xv5V^c-UNh z=J7`^eEqLKd#bf^`Tn7L`Q!iXhh0niJA3>80E*>4cN)v8wg3PC07*qoM6N<$f`+ag A#{d8T literal 0 HcmV?d00001 diff --git a/site/themes/pinniped/static/img/nigel-brown.png b/site/themes/pinniped/static/img/nigel-brown.png deleted file mode 100644 index 63124eb95130b0a883428c865e44354648d660c6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9225 zcmV+kB=*~hP)r$SSr=qBps+DT(`&<0Kw(j=TKEx^t zEm*forBt6{tx#M*kVQmXaDjyE+a#HpOfviW&iPG#lV2vknfc9RG8z2j@)?rM@BZ#` zzW1Da?>Xn5D}u@Nji!L;8{NCf&cP(W-|#^&3GgJq-*5_i!@D=h!IJ=g!zqx!?rkp4 zzo#N2{Sl@}zuzJDd1{t4cD5$4ikOR<Z7D5$Rgnf)vX7eVj$IY$vRw*^#Ho@< z^gh484ARm>4OZLIDurTM6so&?hQZuRjK+bO(MiAylK}G&ad&mO3qh3jx?GSZ8YYnh zHys+8G+wf|FRgDW!_xfm77)*SlK}Hj?Ix9~>Z<(g`aT4hn{-ksh&X_UBe>V^2XUBu zKEHSIB@ONS;sGn3cP0T2L$zJi8LKXAhcS>gi}!h4VQJvzHaeRs<*PkZsPm_R1c%m;9@ z%?2F~XRwswbU9RHWH5i*yk0nN4y>)FD>FgICjtEaJqYr}v49p!-bsK%sP&J>YOkMC zu6pjH&keJGci(5t>#NHLSuW-Sn7EXPn1iBt+9**x5@h1)(8QGO2g9|kT{*D;Cp7OQ zz#)`6{K9vRs50T)8Oz^eXhU-`Et*KU z3KmMdSn_4dWV3M8pQy;s_Tr*vluSf|)AwSp*Y~7YoVK>7Z(ym_;~BHqd#p^tU`qco9ORPQA|^!5l5OXqtgWobz0^- zn!gX@99*YSgPbGYX|Q;FzK+#x`jU9tB;>u616YGJ$}Z3{8%v+xXG#;Ljb3^R=~+mg zKEvRRgKqauxkU0Sr^j-yypfvOIp# z4B{M|L(Mqq)nn{a%&%uj{4nSVkV1r;(oC@z(m6&21etkwdrsD6mu72UCx9ZUEh9C6 z#C)s6@%b(7J#%7iXdEvj1z+-?tA_tKDi`S+?Gd@hknhTic*4%!M`_?>L%I~HJ;i>VJL+`nog=%&N9nFa@n zW-(XvkF|f1-cJg^bIY_gnOLN7;5yg<_5pms9%e2tJBH0%M|*ROAJ>UyL9l zFC&mNkABr=Sd6M^#sajfy6g_*^T!D&v<-tShPG09KW*un-{^LKl&t=Z8^A@{tY_si z>FP9zY*)6#z08lIk2|+f2U(!)-Zb3sPaLS>h^@oz zev!!4*kuSJxh_w8@nUt>Zj;*u+0yVPL~aAf@bJUN_HmM4!in(p>JPPAO6GV+p5Ln227-S!cdh z2EYATe_UPn0IwZ zoNFDEqH)aqOh^IqXJ)~Z>uO-{M}2qAo~C}Rai{)-_!-e*nyA zY!{O3n2(hGnHlL!85Q|Cj9N4so!-!xz;G)mU1%_cOP`$lnjwr6Xpc*()qnwl)oiiv z^%#t2Tix*K@28aAIa3T9*44M>e>P;85YpCU#Z#mpQVPGYoncEOB!XTv8) zjzVQgNm#=J73xMqLR(jRuzcFXM@nd{c&g1XaQo8fI=|H$Ug_cTdhh$NvG4v^`aIUW zaRFSOuQ`f__&TcGgK9@w^n}w)+0na!3<~KYH*+YbFt?DI3&SN6>pcbo6jzi(Uq=_{ zve5;AlPt*HWa;6OoXXD(GgxSzzG%gAxM1-@$P%2NVHQ$|7$I ztLx5zWmjGfnYaidh1b8{*aaW$c{gS;%MxJz((l0!mR~lC9=ESp4O(=g37294xHv1e z18H`b`{c0}V^WL`aRJP(nnM>I;fO`X1~x?kxC>XXn|8bak`UeQTd%zdhyEG6?;LHV z9(iUX@8Ed&?q7ow7jF{*Fx6=ou&(?{Z`m%C6XVSn7r?l3HsV4?u&4AEEY#oXN<+v({b>Ax#;JhgnaQnKS^LC>jSJ98HyEmpT-nV%Jth(gi;l(%hKuLKK zbatK$zW>p|Be3(iZM@~#?RMzu9o`&70yteF0-YkdHHojHlm!^);G;MPGm9)CNhrW2 zHC3?Y7i)t>YPBVhlT!wDmH9AZ?rd=Nn}t*t%+t^k;KC`>YGBnZH$ctIn&7j)Kfet= z```#~dEE%E4MAoT7hsx}D6tkXIeOXUWPHN_rVfVVVjsGLlG;zg*)IwOxT~iZw!Aiy zt6q5eFR<(NR~VwsJ9`cc44v~4f;0;-)86W-@bJdq))dyRyaBSqcs+6#SoAInu)~2n zf^->pao0e5ZkNmR8$8ghn3|)!M@V}@^Q0^XQ$tI0HJ@Z;W}I|694n%Ajtg*cK@sYZ z!|#6|_|qRo6nFK~V5khpLhVz2j_^ZxT!71`PJ!P(y*^m>Z`Pn|RhYyFun)Iyq!#5S zbQE0M-fP-;K~uTvS6;UB| zl{yEmwd7J90HMwdq!;%LiFL}0j`zWOQyyS!sRBhco(PGYxExH%hRV|NurJUY_u!T% z1OY5Z-7-0vGe$oA=|Uy6hob@E0=({#d*R4|gXjk4hm*%X0c99nbg!Wo2CbH0{Z!__ z$WR^3vrreF`IWk0&BV>5)+D9P;v6gN?Hjflo@oFxosG7tCXWtUZL%qvvO|G}flIIb z5m+r&IDN7nHBYYv-z5&tz_JuL$2)PpFG=^qJk(d5LQER$Xj#IXboyY>?Spz;WK|az zKn7~LSbuC{CiZt48NMN70)2-FSI)XTPY5}9^~No_E*t3it{|KZBl6YQ;RfLczhCb8u;Gjt6PFp*T|y-Y`0k< z15e76f?q`ch!gNN`biv0Dp4tlI4X%TC^(()9W9-(1u#23@S)KUN|l;f%W26u^0Om5YaZf>)MaoP5hhw7yyixH6Z}Al|{slV*# z0X+v$>Lgi#$X%Bb0ZgD$3IdFE1O^2_tA6Ah+++2A(bCgDD;zOjDl9C2xn@nX(`fbyEH<^i`xW!+6wzDIqC$pl(?!x0Q0RY*gL5o$1Rs}jV88&nq zpu-eUO;+Y+qp=@>7!ucq8v^@fD$9cdCLc9Z9`CTIwK|;-eA#K?)w1Bpw9NJ8g_d2# z{|;uE7G|tEk15NGj(FzgKIqurz!*772G+wD*1%yjv&FvQ^R9ur!geZw4-yJ+XuF7` zz2JWl;X9P8NP9X+c$Jnhx}VlF$CY4SWii;CZpcOh1Bv9XJA1)kvB9^dS1<#B{oh)@y<0 zU4aNmeO)_1>@x(*P8Ro4h2sh^ms+&Sq{GlAN95soUR5a^ZER5C98`h17a4ow zp(g#Xx-OQ+#E~~?09O@i87*IUVLQ6@HHA5lug+pX?L{usC>4;7M@5)M4*|`*MPCd7 zM+>o2=;KvckQNU-&ZZ6L*aB-}_;vs_Di zOIk>E8jLvS`k3!A5&)<(6rjVwkRcCf$=Fpg4XSQ53!d!ii(~u`zaqtXMol{b6b5>*4*pfL9L$Ej;IV%dbP8-S4Hmcc+2Rf(5l;sa3h=ao%5Wq@d8Vm#1DLDHu{z!N zf7v;3A5~USptWEn32^{lbXFz9vBXBqPrlaE%6Ld#ThKUgtf_;SW+ck#;I|C--H{U4 zsp08@q8%dZ;8m2LoQ48B@_@8p1Df%b^;Vh>UTPYD+b>_;2?2P11xCQZ@I|M(%omv* zo_DCCLXGT)CD~c8MDu5g=adsxgAzabRGS^ccM? zX^viq^E1~2?+ET`okI$Zh^!gI!`sr+VKygpQlwWMI4xL)=49H&nS6fd9qszj0kmSM ze=J!O!ol1I%q~@LPM1i2f{yBIPU&r1qUou}(s+8eDqjZ;xK$djRE>M)yN0623a!J2 z>P{PStqE<6YukF_^9B%FS(JPU1-J+;fyFtx-j<%hxjj}FI{62ZR-ss+Rx1uBsLe?$ z24w@>frgLtFo8z-8bVxaM89eh+07pJreAj&ZcAE&c`8aMz>zwFyO*k>Y;FBSb~e_! zmm&9F9wYa%E9!}yce(vc8o+F&<1Mm=>V7Hsvbw_HGpQbU-Pve1BnKV5K+PtkqZo&_ed2;(d(k+ z=hj7gUrOQjzYn6g5elw*DDoYZN2*w}&*yl)y+?H{e5k|(z$Uziqyx-0t*WXj*K0A3 zG`tQyBt5i~!sz2(Cmk(C$xLML`CWwV5Ze}Zu4Vu3N1!{M?zbN4FHSC32v1lG)PjdG8aO{g8CnqF72nS&Je&30u{ince!7FNN>DxEbU14yD15z_?!QNUqA3LJb`xP3t!yaVC;&9Y+JKiz$KdQ7j9(|Dx`VTXHvhf*neJKgB`yKGJ2O~s_LG)B^u5#95 z`(Wuj7aZEG8zD{&C^|cEi?Rt-o#dkU2L!bInw3!eZ-Mje@n-LW) z9Pe<-T$xmz~Dhd19EmGmxL!f)+rE7@s_Km32xN|Kl% zWdSA{`1c0P2!H)?K3u+0kN(Z00Van$S_I`ytpZ!iNZaoPFFpqcSFL8qsjQj`=K2O^ zfRFzP9ZC_o)+>@|$ zOUnojCU@HYAr9q>z`peG0oZ;1g+X|vcu_`IS2yEgD59PE_9!F!8GxXI||%m&fd!-uO?r(U#%!olV!|;M@yR<^%;lNd~>1)~gyjMlS%y1C<1pnUVlswEz@P-vhREn+TKz z!{F|@wG@1wG+rO5aF=9+ifN+V(7g#v-|xxM-Ze8*&YUZacF{(!!*ThlHvP^7(tq5G zN=bn4D=E<~ndUZ}vrZ4jkK|B%LEtbLt)RKeeJ*vvfpgLO@50-QzB_`D6moEv(X?iZ z*|ud%S>c9ax%AF}J}cl~6^@H(frbG_Q<7%kMoP*x7H?=&zKB=4QiCNK9`M*u!IQQ-jo?%TWI-HVou=)Vc$YHby{z=?;~xG4`oUWI|oFt}=1&bqC> zMS~mV*kVbHJD-NHAmspltE!w%agIuJexirMItRRTeIcDr@U3d?65pJa`Jdm`s;@ev2zDthm0vxn+>;Dc>*)148R!Fq3AEw<)b_xXwIbr zX>cflAj7%lmig(q?G2(36&*d}u%XYr(f*V@?+I_X+ngpt+d##%kOrC*v~b1mYSjDkT7Zro8BIu}m5` zIn7C|)@idWmNSVc>oLg7jcxj1Nej1cgAaamHEhR#W%ahEtdB4q*Qx}nAja7lS3T+pEhtu1icyc})A2M_FrH|&A!t0E&4DBw$^B*huw zCR|CM$>37kQv%@o^0Hq%U#+^9OK>tI(5%~!|Gyl={996539T)S=sV?us;Sk`Sbqw< zL%pQ4Op)%8;MV^=jEz-2v{ZYzyKCB4PB^2S_SwFq1i)KMa~GAQXY5M^z-$?GeQg>B zagk8u9sHfK0b_6J(0FJfBCz3&=o$H3|I`yWQq*R5{^p(@<+*zED=+ z&*SV}Sq?TK2X7b1!2}H1h>7#5V{Fhd0+<_Nj^bvqmp}6n+U52A?$cJ&x@3Vcp7o>* zz)zOu`?HbDbhsrUWj_lrM(Keq5dbE2B!S9C++k1or*n>bh5}3>A1G#)1#eZMg!esI zaYRrQL}#zjerMZ&{jcLm^kkNuG62`f<(I9_)4Z-hkOQI4hJ9uJkmee}fh>XC=xj%K z8nKCDYf+#y(q+py*UW_i%!*+e7?fIi%*%SL6Lam&c!QlX08>XFE6!_@rim)(unLhr zofbv-c@Zr?bbBu=W-0at`7V!46frblZ;*vVeIL~r7@s%e zj^dp6GSULEsMJinN)bGTAoCq`peuGt^1bkn^%gky1|3rpcfO^+31A9|$mgCz&n5v* zBEX?lJ$`=eRz*kqO?Uw$w4vaBO&rii<6P^<@P++Z8FD5()2=5B@aBFQ{ONy3M{BZD zcnGusPXauFKt`(??Si=&!h3`wnH$+B9o3od|Iq~Bx_LMV8C&K6-oKEEEA&Z#qft4< zo^t`FdH1S|Eb#YtMtgkFwkV4eEr;6;asX)7_fIaeQVd%_hOC)Wr2Cq0Q5D)&D_*ac z873YUE!Y|-0Zuh|0nRDY97VNbUFeFLucdZWdn&?QCQX-Mo$j9G;FLp{#B=CsIb0(h z=!wBqe1zsZ)oGX%(W!>;1y#9tmCdlVCsO-t$iW#Au7jThIK|K{&63|$UZ5Gi1SvxM z@H$t<*O`si%$Ic%;1mNG#j_2?GZW4?T4F3o6on_ukraA=65wc5O!D)Ec+*(8(+8nV z5dv^yy*?9zI7hwzDaqYTNOdWtix$$O*(IuL)C$F4gyf|>LI9>a6fT-K=lr5vb$&y; zzVqN0rzi~L$YT#eD@?I`XB@x_kbB89LufKvZIFf0;3J7>Rdx>a^0?E^o;&B*pI>`V z@GYxC+my_F!YP%^Rz;}m!s>j%{#J^$?D9Q(_MCBkSt$eXf&~i{Yu2p!@uEeGhHs_}A^Y{qE)ariFb@Ho zrP9FQKtHd;0A&>6l{^l|@MX|^70B>9+}rPY1hzfb1dl&+9g}7E?%lsXaNxjiw{6>I zim6da&OD(27vhz0`}XZSfx$$T(fVz~`viY}?G@3o1)sCx`K4V4;Tjwm;j~`ly2IY_ z5U%i&vUzBW4h$|9U~XQ#Le~1wLk}%^;e{6t32tDLGENA4KhAFF(vFS|Ng!95h4BhvfC2z9}@000BTNklQ|~gOwMZi-*_v zU1lj?q*Pc`1AgfeCd+@`dnuHZX(Q(E@9%%Jwzl@tXnjl8^P~d2fB*h}78MnJUr6U3 z`uQ3-@%bmCveIHni2<{m&hS^Lky9PH$G-gbhr#y=Wa=z?i8C#}_^!s|R+v{X6Qrso zP_v>Ime-YoPAUBA1zb0LR##UyS4dySGfz?hZfI!u87e47-r>&EyO%aS4sX1&En>gJ ziCj`kl8rZ8mkXP=zd53e|GD>W_y~if2?>3r*4Ba|YXN-!&hNs~*(GsfaO~JI$%+*# zM&6nkcWJS|m{fqNc?f`{v9XanGc@6vyZX{axbTU5$)OmX=s0&y2a94wE|+`x>M@&) zU@`%c;8Z|C#uJo$Q>RW%SYffYDd_;S4Mc9v!{6JHqnTT|4D(m-K{|coQQ)8vYc;$EEwE^nt>goy6j7=E8EH#^( zo9E#wlqO5@oj1KOg2+DC`_R)Byu3va09Ran1FXC;dQ3_|g$c-niz?9Ip>v*uQHcH1 zFtUAkEsB8h$C_or0cJaZ#E|dU_KxGlE&D_I0dAQ=;6I|e+(tsXO-sMU0}Epwluzp}Ct&y9;FY~JOzJ!Jr98@1u#R|>le z6bC#`&y-Vt!(a)R(nMzHY{tmVVbbmQJOCGdZ)B(>Hfvj38{Wq4g^G%buvZ4moi0yC>#65KEOCHJqlLoa5~!Iu7p}N^bwn}}aI{z= z?zE%ptl4a4Kw<_BZnp?{0ue!hj*bqdj2 zXG4B|{#sl_rR-Uzlm?iKUQ<)kO602b_z6&6Kw^O