From da8c303d83d74edc721c009ee71762b777f5f9fe Mon Sep 17 00:00:00 2001 From: Bartosz Majsak Date: Tue, 27 Aug 2024 15:39:47 +0200 Subject: [PATCH] deps: aligns with latest ODH (#64) Opendatahub Operator bumped their k8s, ctrl-runtime and ctrl-tools dependencies. We should be aligned with those. --- Makefile | 6 +- .../authorino.kuadrant.io_authconfigs.yaml | 1455 +++++++---------- .../external/route.openshift.io_routes.yaml | 486 +++--- config/rbac/role.yaml | 11 - go.mod | 84 +- go.sum | 232 +-- main.go | 5 +- tools.go | 1 - 8 files changed, 962 insertions(+), 1318 deletions(-) diff --git a/Makefile b/Makefile index 118b980..3544c22 100644 --- a/Makefile +++ b/Makefile @@ -50,7 +50,7 @@ lint: tools format ## Concurrently runs a whole bunch of static analysis tools test: generate test: test-unit+kube-envtest ## Run all tests. You can also select a category by running e.g. make test-unit or make test-kube-envtest -ENVTEST_K8S_VERSION = 1.26 # refers to the version of kubebuilder assets to be downloaded by envtest binary. +ENVTEST_K8S_VERSION = 1.28 # refers to the version of kubebuilder assets to be downloaded by envtest binary. test-%: $(eval test-type:=$(subst +,||,$(subst test-,,$@))) KUBEBUILDER_ASSETS="$(shell $(LOCALBIN)/setup-envtest use $(ENVTEST_K8S_VERSION) -p path)" \ @@ -157,12 +157,12 @@ $(LOCALBIN)/kustomize: tar xzvf /tmp/kustomize.tar.gz -C $(LOCALBIN) chmod +x $(LOCALBIN)/kustomize -CONTROLLER_TOOLS_VERSION?=$(call go-mod-version,'controller-tools') +CONTROLLER_TOOLS_VERSION?=v0.16.1 # Cannot be pulled as dependency from go.mod, as it will bump go requirements to 1.22 $(LOCALBIN)/controller-gen: $(call header,"Installing $(notdir $@)") $(call go-get-tool,controller-gen,sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)) -ENVTEST_PACKAGE_VERSION = v0.0.0-20240320141353-395cfc7486e6 +ENVTEST_PACKAGE_VERSION = v0.0.0-20240813183042-b901db121e1f $(LOCALBIN)/setup-envtest: $(call header,"Installing $(notdir $@)") GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@$(ENVTEST_PACKAGE_VERSION) diff --git a/config/crd/external/authorino.kuadrant.io_authconfigs.yaml b/config/crd/external/authorino.kuadrant.io_authconfigs.yaml index 1ff389e..a0ade94 100644 --- a/config/crd/external/authorino.kuadrant.io_authconfigs.yaml +++ b/config/crd/external/authorino.kuadrant.io_authconfigs.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.1 name: authconfigs.authorino.kuadrant.io spec: group: authorino.kuadrant.io @@ -55,14 +54,19 @@ spec: description: AuthConfig is the schema for Authorino's AuthConfig API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -83,10 +87,9 @@ spec: properties: allNamespaces: default: false - description: Whether Authorino should look for API key secrets - in all namespaces or only in the same namespace as the - AuthConfig. Enabling this option in namespaced Authorino - instances has no effect. + description: |- + Whether Authorino should look for API key secrets in all namespaces or only in the same namespace as the AuthConfig. + Enabling this option in namespaced Authorino instances has no effect. type: boolean selector: description: Label selector used by Authorino to match secrets @@ -97,8 +100,8 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: @@ -106,17 +109,16 @@ spec: applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -128,11 +130,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -140,24 +141,20 @@ spec: - selector type: object cache: - description: Caching options for the resolved object returned - when applying this config. Omit it to avoid caching objects - for this config. + description: |- + Caching options for the resolved object returned when applying this config. + Omit it to avoid caching objects for this config. properties: key: - description: Key used to store the entry in the cache. The - resolved key must be unique within the scope of this particular - config. + description: |- + Key used to store the entry in the cache. + The resolved key must be unique within the scope of this particular config. properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve to - patterns (e.g. "Hello, {auth.identity.name}!"). Any - pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -172,11 +169,9 @@ spec: - key type: object credentials: - description: Defines where credentials are required to be passed - in the request for authentication based on this config. If - omitted, it defaults to credentials passed in the HTTP Authorization - header and the "Bearer" prefix prepended to the secret credential - value. + description: |- + Defines where credentials are required to be passed in the request for authentication based on this config. + If omitted, it defaults to credentials passed in the HTTP Authorization header and the "Bearer" prefix prepended to the secret credential value. properties: authorizationHeader: properties: @@ -209,54 +204,45 @@ spec: additionalProperties: properties: selector: - description: 'Simple path selector to fetch content from - the authorization JSON (e.g. ''request.method'') or - a string template with variables that resolve to patterns - (e.g. "Hello, {auth.identity.name}!"). Any pattern supported - by https://pkg.go.dev/github.com/tidwall/gjson can be - used. The following Authorino custom modifiers are supported: - @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, - @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value x-kubernetes-preserve-unknown-fields: true type: object - description: Set default property values (claims) for the resolved - identity object, that are set before appending the object - to the authorization JSON. If the property is already present - in the resolved identity object, the default value is ignored. - It requires the resolved identity object to always be a JSON - object. Do not use this option with identity objects of other - JSON types (array, string, etc). + description: |- + Set default property values (claims) for the resolved identity object, that are set before appending the object to + the authorization JSON. If the property is already present in the resolved identity object, the default value is ignored. + It requires the resolved identity object to always be a JSON object. + Do not use this option with identity objects of other JSON types (array, string, etc). type: object jwt: description: Authentication based on JWT tokens. properties: issuerUrl: - description: URL of the issuer of the JWT. If `jwksUrl` - is omitted, Authorino will append the path to the OpenID - Connect Well-Known Discovery endpoint (i.e. "/.well-known/openid-configuration") - to this URL, to discover the OIDC configuration where - to obtain the "jkws_uri" claim from. The value must coincide - with the value of the "iss" (issuer) claim of the discovered - OpenID Connect configuration. + description: |- + URL of the issuer of the JWT. + If `jwksUrl` is omitted, Authorino will append the path to the OpenID Connect Well-Known Discovery endpoint + (i.e. "/.well-known/openid-configuration") to this URL, to discover the OIDC configuration where to obtain + the "jkws_uri" claim from. + The value must coincide with the value of the "iss" (issuer) claim of the discovered OpenID Connect configuration. type: string ttl: - description: Decides how long to wait before refreshing - the JWKS (in seconds). If omitted, Authorino will never - refresh the JWKS. + description: |- + Decides how long to wait before refreshing the JWKS (in seconds). + If omitted, Authorino will never refresh the JWKS. type: integer type: object kubernetesTokenReview: description: Authentication by Kubernetes token review. properties: audiences: - description: The list of audiences (scopes) that must be - claimed in a Kubernetes authentication token supplied - in the request, and reviewed by Authorino. If omitted, - Authorino will review tokens expecting the host name of - the requested protected service amongst the audiences. + description: |- + The list of audiences (scopes) that must be claimed in a Kubernetes authentication token supplied in the request, and reviewed by Authorino. + If omitted, Authorino will review tokens expecting the host name of the requested protected service amongst the audiences. items: type: string type: array @@ -275,8 +261,9 @@ spec: server. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic @@ -284,7 +271,8 @@ spec: description: The full URL of the token introspection endpoint. type: string tokenTypeHint: - description: The token type hint for the token introspection. + description: |- + The token type hint for the token introspection. If omitted, it defaults to "access_token". type: string required: @@ -295,56 +283,46 @@ spec: additionalProperties: properties: selector: - description: 'Simple path selector to fetch content from - the authorization JSON (e.g. ''request.method'') or - a string template with variables that resolve to patterns - (e.g. "Hello, {auth.identity.name}!"). Any pattern supported - by https://pkg.go.dev/github.com/tidwall/gjson can be - used. The following Authorino custom modifiers are supported: - @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, - @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value x-kubernetes-preserve-unknown-fields: true type: object - description: Overrides the resolved identity object by setting - the additional properties (claims) specified in this config, - before appending the object to the authorization JSON. It - requires the resolved identity object to always be a JSON - object. Do not use this option with identity objects of other - JSON types (array, string, etc). + description: |- + Overrides the resolved identity object by setting the additional properties (claims) specified in this config, + before appending the object to the authorization JSON. + It requires the resolved identity object to always be a JSON object. + Do not use this option with identity objects of other JSON types (array, string, etc). type: object plain: - description: Identity object extracted from the context. Use - this method when authentication is performed beforehand by - a proxy and the resulting object passed to Authorino as JSON - in the auth request. + description: |- + Identity object extracted from the context. + Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request. properties: selector: - description: 'Simple path selector to fetch content from - the authorization JSON (e.g. ''request.method'') or a - string template with variables that resolve to patterns - (e.g. "Hello, {auth.identity.name}!"). Any pattern supported - by https://pkg.go.dev/github.com/tidwall/gjson can be - used. The following Authorino custom modifiers are supported: - @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, - @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string required: - selector type: object priority: default: 0 - description: Priority group of the config. All configs in the - same priority group are evaluated concurrently; consecutive - priority groups are evaluated sequentially. + description: |- + Priority group of the config. + All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. type: integer when: - description: Conditions for Authorino to enforce this config. + description: |- + Conditions for Authorino to enforce this config. If omitted, the config will be enforced for all requests. - If present, all conditions must match for the config to be - enforced; otherwise, the config will be skipped. + If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. items: properties: all: @@ -362,11 +340,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: array operator: - description: 'The binary operator to be applied to the - content fetched from the authorization JSON, for comparison - with "value". Possible values are: "eq" (equal to), - "neq" (not equal to), "incl" (includes; for arrays), - "excl" (excludes; for arrays), "matches" (regex)' + description: |- + The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) enum: - eq - neq @@ -378,43 +354,40 @@ spec: description: Reference to a named set of pattern expressions type: string selector: - description: Path selector to fetch content from the authorization - JSON (e.g. 'request.method'). Any pattern supported - by https://pkg.go.dev/github.com/tidwall/gjson can be - used. Authorino custom JSON path modifiers are also - supported. + description: |- + Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + Authorino custom JSON path modifiers are also supported. type: string value: - description: The value of reference for the comparison - with the content fetched from the authorization JSON. - If used with the "matches" operator, the value must - compile to a valid Golang regex. + description: |- + The value of reference for the comparison with the content fetched from the authorization JSON. + If used with the "matches" operator, the value must compile to a valid Golang regex. type: string type: object type: array x509: - description: Authentication based on client X.509 certificates. - The certificates presented by the clients must be signed by - a trusted CA whose certificates are stored in Kubernetes secrets. + description: |- + Authentication based on client X.509 certificates. + The certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets. properties: allNamespaces: default: false - description: Whether Authorino should look for TLS secrets - in all namespaces or only in the same namespace as the - AuthConfig. Enabling this option in namespaced Authorino - instances has no effect. + description: |- + Whether Authorino should look for TLS secrets in all namespaces or only in the same namespace as the AuthConfig. + Enabling this option in namespaced Authorino instances has no effect. type: boolean selector: - description: Label selector used by Authorino to match secrets - from the cluster storing trusted CA certificates to validate + description: |- + Label selector used by Authorino to match secrets from the cluster storing trusted CA certificates to validate clients trying to authenticate to this service properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: @@ -422,17 +395,16 @@ spec: applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -444,11 +416,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -456,31 +427,28 @@ spec: - selector type: object type: object - description: Authentication configs. At least one config MUST evaluate - to a valid identity object for the auth request to be successful. + description: |- + Authentication configs. + At least one config MUST evaluate to a valid identity object for the auth request to be successful. type: object authorization: additionalProperties: properties: cache: - description: Caching options for the resolved object returned - when applying this config. Omit it to avoid caching objects - for this config. + description: |- + Caching options for the resolved object returned when applying this config. + Omit it to avoid caching objects for this config. properties: key: - description: Key used to store the entry in the cache. The - resolved key must be unique within the scope of this particular - config. + description: |- + Key used to store the entry in the cache. + The resolved key must be unique within the scope of this particular config. properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve to - patterns (e.g. "Hello, {auth.identity.name}!"). Any - pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -505,42 +473,35 @@ spec: type: string type: array resourceAttributes: - description: Use resourceAttributes to check permissions - on Kubernetes resources. If omitted, it performs a non-resource - SubjectAccessReview, with verb and path inferred from - the request. + description: |- + Use resourceAttributes to check permissions on Kubernetes resources. + If omitted, it performs a non-resource SubjectAccessReview, with verb and path inferred from the request. properties: group: - description: API group of the resource. Use '*' for - all API groups. + description: |- + API group of the resource. + Use '*' for all API groups. properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value x-kubernetes-preserve-unknown-fields: true type: object name: - description: Resource name Omit it to check for authorization - on all resources of the specified kind. + description: |- + Resource name + Omit it to check for authorization on all resources of the specified kind. properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -551,32 +512,25 @@ spec: on the resource. properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value x-kubernetes-preserve-unknown-fields: true type: object resource: - description: Resource kind Use '*' for all resource - kinds. + description: |- + Resource kind + Use '*' for all resource kinds. properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -586,32 +540,25 @@ spec: description: Subresource kind properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value x-kubernetes-preserve-unknown-fields: true type: object verb: - description: Verb to check for authorization on the - resource. Use '*' for all verbs. + description: |- + Verb to check for authorization on the resource. + Use '*' for all verbs. properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -619,18 +566,15 @@ spec: type: object type: object user: - description: User to check for authorization in the Kubernetes - RBAC. Omit it to check for group authorization only. + description: |- + User to check for authorization in the Kubernetes RBAC. + Omit it to check for group authorization only. properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve to - patterns (e.g. "Hello, {auth.identity.name}!"). Any - pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -647,37 +591,29 @@ spec: properties: allValues: default: false - description: Returns the value of all Rego rules in the - virtual document. Values can be read in subsequent evaluators/phases - of the Auth Pipeline. Otherwise, only the default `allow` - rule will be exposed. Returning all Rego rules can affect - performance of OPA policies during reconciliation (policy - precompile) and at runtime. + description: |- + Returns the value of all Rego rules in the virtual document. Values can be read in subsequent evaluators/phases of the Auth Pipeline. + Otherwise, only the default `allow` rule will be exposed. + Returning all Rego rules can affect performance of OPA policies during reconciliation (policy precompile) and at runtime. type: boolean externalPolicy: - description: 'Settings for fetching the OPA policy from - an external registry. Use it alternatively to ''rego''. - For the configurations of the HTTP request, the following - options are not implemented: ''method'', ''body'', ''bodyParameters'', - ''contentType'', ''headers'', ''oauth2''. Use it only - with: ''url'', ''sharedSecret'', ''credentials''.' + description: |- + Settings for fetching the OPA policy from an external registry. + Use it alternatively to 'rego'. + For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', + 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. properties: body: - description: Raw body of the HTTP request. Supersedes - 'bodyParameters'; use either one or the other. Use - it with method=POST; for GET requests, set parameters - as query string in the 'endpoint' (placeholders can - be used). + description: |- + Raw body of the HTTP request. + Supersedes 'bodyParameters'; use either one or the other. + Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -687,42 +623,33 @@ spec: additionalProperties: properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom - modifiers are supported: @extract:{sep:" ",pos:0}, - @replace{old:"",new:""}, @case:upper|lower, - @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value x-kubernetes-preserve-unknown-fields: true type: object - description: Custom parameters to encode in the body - of the HTTP request. Superseded by 'body'; use either - one or the other. Use it with method=POST; for GET - requests, set parameters as query string in the 'endpoint' - (placeholders can be used). + description: |- + Custom parameters to encode in the body of the HTTP request. + Superseded by 'body'; use either one or the other. + Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). type: object contentType: default: application/x-www-form-urlencoded - description: Content-Type of the request body. Shapes - how 'bodyParameters' are encoded. Use it with method=POST; - for GET requests, Content-Type is automatically set - to 'text/plain'. + description: |- + Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. enum: - application/x-www-form-urlencoded - application/json type: string credentials: - description: Defines where client credentials will be - passed in the request to the service. If omitted, - it defaults to client credentials passed in the HTTP - Authorization header and the "Bearer" prefix expected - prepended to the secret value. + description: |- + Defines where client credentials will be passed in the request to the service. + If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. properties: authorizationHeader: properties: @@ -755,15 +682,10 @@ spec: additionalProperties: properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom - modifiers are supported: @extract:{sep:" ",pos:0}, - @replace{old:"",new:""}, @case:upper|lower, - @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -773,10 +695,9 @@ spec: type: object method: default: GET - description: 'HTTP verb used in the request to the service. - Accepted values: GET (default), POST. When the request - method is POST, the authorization JSON is passed in - the body of the request.' + description: |- + HTTP verb used in the request to the service. Accepted values: GET (default), POST. + When the request method is POST, the authorization JSON is passed in the body of the request. enum: - GET - POST @@ -794,9 +715,9 @@ spec: properties: cache: default: true - description: Caches and reuses the token until expired. - Set it to false to force fetch the token at every - authorization request regardless of expiration. + description: |- + Caches and reuses the token until expired. + Set it to false to force fetch the token at every authorization request regardless of expiration. type: boolean clientId: description: OAuth2 Client ID. @@ -839,10 +760,10 @@ spec: - tokenUrl type: object sharedSecretRef: - description: Reference to a Secret key whose value will - be passed by Authorino in the request. The HTTP service - can use the shared secret to authenticate the origin - of the request. Ignored if used together with oauth2. + description: |- + Reference to a Secret key whose value will be passed by Authorino in the request. + The HTTP service can use the shared secret to authenticate the origin of the request. + Ignored if used together with oauth2. properties: key: description: The key of the secret to select from. Must @@ -861,21 +782,20 @@ spec: in the cache before pulled again from the source. type: integer url: - description: Endpoint URL of the HTTP service. The value - can include variable placeholders in the format "{selector}", - where "selector" is any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - and selects value from the authorization JSON. E.g. - https://ext-auth-server.io/metadata?p={request.path} + description: |- + Endpoint URL of the HTTP service. + The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + E.g. https://ext-auth-server.io/metadata?p={request.path} type: string required: - url type: object rego: - description: Authorization policy as a Rego language document. - The Rego document must include the "allow" condition, - set by Authorino to "false" by default (i.e. requests - are unauthorized unless changed). The Rego document must - NOT include the "package" declaration in line 1. + description: |- + Authorization policy as a Rego language document. + The Rego document must include the "allow" condition, set by Authorino to "false" by default (i.e. requests are unauthorized unless changed). + The Rego document must NOT include the "package" declaration in line 1. type: string type: object patternMatching: @@ -899,12 +819,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: array operator: - description: 'The binary operator to be applied to - the content fetched from the authorization JSON, - for comparison with "value". Possible values are: - "eq" (equal to), "neq" (not equal to), "incl" (includes; - for arrays), "excl" (excludes; for arrays), "matches" - (regex)' + description: |- + The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) enum: - eq - neq @@ -916,17 +833,15 @@ spec: description: Reference to a named set of pattern expressions type: string selector: - description: Path selector to fetch content from the - authorization JSON (e.g. 'request.method'). Any - pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. Authorino custom JSON path modifiers - are also supported. + description: |- + Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + Authorino custom JSON path modifiers are also supported. type: string value: - description: The value of reference for the comparison - with the content fetched from the authorization - JSON. If used with the "matches" operator, the value - must compile to a valid Golang regex. + description: |- + The value of reference for the comparison with the content fetched from the authorization JSON. + If used with the "matches" operator, the value must compile to a valid Golang regex. type: string type: object type: array @@ -935,9 +850,9 @@ spec: type: object priority: default: 0 - description: Priority group of the config. All configs in the - same priority group are evaluated concurrently; consecutive - priority groups are evaluated sequentially. + description: |- + Priority group of the config. + All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. type: integer spicedb: description: Authorization decision delegated to external Authzed/SpiceDB @@ -956,14 +871,10 @@ spec: which to execute the check. properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve to - patterns (e.g. "Hello, {auth.identity.name}!"). Any - pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -976,14 +887,10 @@ spec: kind: properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -992,14 +899,10 @@ spec: name: properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -1030,14 +933,10 @@ spec: kind: properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -1046,14 +945,10 @@ spec: name: properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -1064,10 +959,10 @@ spec: - endpoint type: object when: - description: Conditions for Authorino to enforce this config. + description: |- + Conditions for Authorino to enforce this config. If omitted, the config will be enforced for all requests. - If present, all conditions must match for the config to be - enforced; otherwise, the config will be skipped. + If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. items: properties: all: @@ -1085,11 +980,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: array operator: - description: 'The binary operator to be applied to the - content fetched from the authorization JSON, for comparison - with "value". Possible values are: "eq" (equal to), - "neq" (not equal to), "incl" (includes; for arrays), - "excl" (excludes; for arrays), "matches" (regex)' + description: |- + The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) enum: - eq - neq @@ -1101,46 +994,41 @@ spec: description: Reference to a named set of pattern expressions type: string selector: - description: Path selector to fetch content from the authorization - JSON (e.g. 'request.method'). Any pattern supported - by https://pkg.go.dev/github.com/tidwall/gjson can be - used. Authorino custom JSON path modifiers are also - supported. + description: |- + Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + Authorino custom JSON path modifiers are also supported. type: string value: - description: The value of reference for the comparison - with the content fetched from the authorization JSON. - If used with the "matches" operator, the value must - compile to a valid Golang regex. + description: |- + The value of reference for the comparison with the content fetched from the authorization JSON. + If used with the "matches" operator, the value must compile to a valid Golang regex. type: string type: object type: array type: object - description: Authorization policies. All policies MUST evaluate to - "allowed = true" for the auth request be successful. + description: |- + Authorization policies. + All policies MUST evaluate to "allowed = true" for the auth request be successful. type: object callbacks: additionalProperties: properties: cache: - description: Caching options for the resolved object returned - when applying this config. Omit it to avoid caching objects - for this config. + description: |- + Caching options for the resolved object returned when applying this config. + Omit it to avoid caching objects for this config. properties: key: - description: Key used to store the entry in the cache. The - resolved key must be unique within the scope of this particular - config. + description: |- + Key used to store the entry in the cache. + The resolved key must be unique within the scope of this particular config. properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve to - patterns (e.g. "Hello, {auth.identity.name}!"). Any - pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -1158,20 +1046,16 @@ spec: description: Settings of the external HTTP request properties: body: - description: Raw body of the HTTP request. Supersedes 'bodyParameters'; - use either one or the other. Use it with method=POST; - for GET requests, set parameters as query string in the - 'endpoint' (placeholders can be used). + description: |- + Raw body of the HTTP request. + Supersedes 'bodyParameters'; use either one or the other. + Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve to - patterns (e.g. "Hello, {auth.identity.name}!"). Any - pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -1181,41 +1065,33 @@ spec: additionalProperties: properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value x-kubernetes-preserve-unknown-fields: true type: object - description: Custom parameters to encode in the body of - the HTTP request. Superseded by 'body'; use either one - or the other. Use it with method=POST; for GET requests, - set parameters as query string in the 'endpoint' (placeholders - can be used). + description: |- + Custom parameters to encode in the body of the HTTP request. + Superseded by 'body'; use either one or the other. + Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). type: object contentType: default: application/x-www-form-urlencoded - description: Content-Type of the request body. Shapes how - 'bodyParameters' are encoded. Use it with method=POST; - for GET requests, Content-Type is automatically set to - 'text/plain'. + description: |- + Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. enum: - application/x-www-form-urlencoded - application/json type: string credentials: - description: Defines where client credentials will be passed - in the request to the service. If omitted, it defaults - to client credentials passed in the HTTP Authorization - header and the "Bearer" prefix expected prepended to the - secret value. + description: |- + Defines where client credentials will be passed in the request to the service. + If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. properties: authorizationHeader: properties: @@ -1248,14 +1124,10 @@ spec: additionalProperties: properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -1265,10 +1137,9 @@ spec: type: object method: default: GET - description: 'HTTP verb used in the request to the service. - Accepted values: GET (default), POST. When the request - method is POST, the authorization JSON is passed in the - body of the request.' + description: |- + HTTP verb used in the request to the service. Accepted values: GET (default), POST. + When the request method is POST, the authorization JSON is passed in the body of the request. enum: - GET - POST @@ -1286,9 +1157,9 @@ spec: properties: cache: default: true - description: Caches and reuses the token until expired. - Set it to false to force fetch the token at every - authorization request regardless of expiration. + description: |- + Caches and reuses the token until expired. + Set it to false to force fetch the token at every authorization request regardless of expiration. type: boolean clientId: description: OAuth2 Client ID. @@ -1331,10 +1202,10 @@ spec: - tokenUrl type: object sharedSecretRef: - description: Reference to a Secret key whose value will - be passed by Authorino in the request. The HTTP service - can use the shared secret to authenticate the origin of - the request. Ignored if used together with oauth2. + description: |- + Reference to a Secret key whose value will be passed by Authorino in the request. + The HTTP service can use the shared secret to authenticate the origin of the request. + Ignored if used together with oauth2. properties: key: description: The key of the secret to select from. Must @@ -1349,10 +1220,11 @@ spec: - name type: object url: - description: Endpoint URL of the HTTP service. The value - can include variable placeholders in the format "{selector}", - where "selector" is any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - and selects value from the authorization JSON. E.g. https://ext-auth-server.io/metadata?p={request.path} + description: |- + Endpoint URL of the HTTP service. + The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + E.g. https://ext-auth-server.io/metadata?p={request.path} type: string required: - url @@ -1364,15 +1236,15 @@ spec: type: boolean priority: default: 0 - description: Priority group of the config. All configs in the - same priority group are evaluated concurrently; consecutive - priority groups are evaluated sequentially. + description: |- + Priority group of the config. + All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. type: integer when: - description: Conditions for Authorino to enforce this config. + description: |- + Conditions for Authorino to enforce this config. If omitted, the config will be enforced for all requests. - If present, all conditions must match for the config to be - enforced; otherwise, the config will be skipped. + If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. items: properties: all: @@ -1390,11 +1262,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: array operator: - description: 'The binary operator to be applied to the - content fetched from the authorization JSON, for comparison - with "value". Possible values are: "eq" (equal to), - "neq" (not equal to), "incl" (includes; for arrays), - "excl" (excludes; for arrays), "matches" (regex)' + description: |- + The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) enum: - eq - neq @@ -1406,31 +1276,29 @@ spec: description: Reference to a named set of pattern expressions type: string selector: - description: Path selector to fetch content from the authorization - JSON (e.g. 'request.method'). Any pattern supported - by https://pkg.go.dev/github.com/tidwall/gjson can be - used. Authorino custom JSON path modifiers are also - supported. + description: |- + Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + Authorino custom JSON path modifiers are also supported. type: string value: - description: The value of reference for the comparison - with the content fetched from the authorization JSON. - If used with the "matches" operator, the value must - compile to a valid Golang regex. + description: |- + The value of reference for the comparison with the content fetched from the authorization JSON. + If used with the "matches" operator, the value must compile to a valid Golang regex. type: string type: object type: array required: - http type: object - description: Callback functions. Authorino sends callbacks at the - end of the auth pipeline to the endpoints specified in this config. + description: |- + Callback functions. + Authorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config. type: object hosts: - description: The list of public host names of the services protected - by this authentication/authorization scheme. Authorino uses the - requested host to lookup for the corresponding authentication/authorization - configs to enforce. + description: |- + The list of public host names of the services protected by this authentication/authorization scheme. + Authorino uses the requested host to lookup for the corresponding authentication/authorization configs to enforce. items: type: string type: array @@ -1438,24 +1306,20 @@ spec: additionalProperties: properties: cache: - description: Caching options for the resolved object returned - when applying this config. Omit it to avoid caching objects - for this config. + description: |- + Caching options for the resolved object returned when applying this config. + Omit it to avoid caching objects for this config. properties: key: - description: Key used to store the entry in the cache. The - resolved key must be unique within the scope of this particular - config. + description: |- + Key used to store the entry in the cache. + The resolved key must be unique within the scope of this particular config. properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve to - patterns (e.g. "Hello, {auth.identity.name}!"). Any - pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -1473,20 +1337,16 @@ spec: description: External source of auth metadata via HTTP request properties: body: - description: Raw body of the HTTP request. Supersedes 'bodyParameters'; - use either one or the other. Use it with method=POST; - for GET requests, set parameters as query string in the - 'endpoint' (placeholders can be used). + description: |- + Raw body of the HTTP request. + Supersedes 'bodyParameters'; use either one or the other. + Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve to - patterns (e.g. "Hello, {auth.identity.name}!"). Any - pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -1496,41 +1356,33 @@ spec: additionalProperties: properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value x-kubernetes-preserve-unknown-fields: true type: object - description: Custom parameters to encode in the body of - the HTTP request. Superseded by 'body'; use either one - or the other. Use it with method=POST; for GET requests, - set parameters as query string in the 'endpoint' (placeholders - can be used). + description: |- + Custom parameters to encode in the body of the HTTP request. + Superseded by 'body'; use either one or the other. + Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). type: object contentType: default: application/x-www-form-urlencoded - description: Content-Type of the request body. Shapes how - 'bodyParameters' are encoded. Use it with method=POST; - for GET requests, Content-Type is automatically set to - 'text/plain'. + description: |- + Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. enum: - application/x-www-form-urlencoded - application/json type: string credentials: - description: Defines where client credentials will be passed - in the request to the service. If omitted, it defaults - to client credentials passed in the HTTP Authorization - header and the "Bearer" prefix expected prepended to the - secret value. + description: |- + Defines where client credentials will be passed in the request to the service. + If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. properties: authorizationHeader: properties: @@ -1563,14 +1415,10 @@ spec: additionalProperties: properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -1580,10 +1428,9 @@ spec: type: object method: default: GET - description: 'HTTP verb used in the request to the service. - Accepted values: GET (default), POST. When the request - method is POST, the authorization JSON is passed in the - body of the request.' + description: |- + HTTP verb used in the request to the service. Accepted values: GET (default), POST. + When the request method is POST, the authorization JSON is passed in the body of the request. enum: - GET - POST @@ -1601,9 +1448,9 @@ spec: properties: cache: default: true - description: Caches and reuses the token until expired. - Set it to false to force fetch the token at every - authorization request regardless of expiration. + description: |- + Caches and reuses the token until expired. + Set it to false to force fetch the token at every authorization request regardless of expiration. type: boolean clientId: description: OAuth2 Client ID. @@ -1646,10 +1493,10 @@ spec: - tokenUrl type: object sharedSecretRef: - description: Reference to a Secret key whose value will - be passed by Authorino in the request. The HTTP service - can use the shared secret to authenticate the origin of - the request. Ignored if used together with oauth2. + description: |- + Reference to a Secret key whose value will be passed by Authorino in the request. + The HTTP service can use the shared secret to authenticate the origin of the request. + Ignored if used together with oauth2. properties: key: description: The key of the secret to select from. Must @@ -1664,10 +1511,11 @@ spec: - name type: object url: - description: Endpoint URL of the HTTP service. The value - can include variable placeholders in the format "{selector}", - where "selector" is any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - and selects value from the authorization JSON. E.g. https://ext-auth-server.io/metadata?p={request.path} + description: |- + Endpoint URL of the HTTP service. + The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + E.g. https://ext-auth-server.io/metadata?p={request.path} type: string required: - url @@ -1679,9 +1527,9 @@ spec: type: boolean priority: default: 0 - description: Priority group of the config. All configs in the - same priority group are evaluated concurrently; consecutive - priority groups are evaluated sequentially. + description: |- + Priority group of the config. + All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. type: integer uma: description: User-Managed Access (UMA) source of resource data. @@ -1692,15 +1540,16 @@ spec: registration API of the UMA server. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic endpoint: - description: The endpoint of the UMA server. The value must - coincide with the "issuer" claim of the UMA config discovered - from the well-known uma configuration endpoint. + description: |- + The endpoint of the UMA server. + The value must coincide with the "issuer" claim of the UMA config discovered from the well-known uma configuration endpoint. type: string required: - credentialsRef @@ -1719,10 +1568,10 @@ spec: - identitySource type: object when: - description: Conditions for Authorino to enforce this config. + description: |- + Conditions for Authorino to enforce this config. If omitted, the config will be enforced for all requests. - If present, all conditions must match for the config to be - enforced; otherwise, the config will be skipped. + If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. items: properties: all: @@ -1740,11 +1589,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: array operator: - description: 'The binary operator to be applied to the - content fetched from the authorization JSON, for comparison - with "value". Possible values are: "eq" (equal to), - "neq" (not equal to), "incl" (includes; for arrays), - "excl" (excludes; for arrays), "matches" (regex)' + description: |- + The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) enum: - eq - neq @@ -1756,34 +1603,31 @@ spec: description: Reference to a named set of pattern expressions type: string selector: - description: Path selector to fetch content from the authorization - JSON (e.g. 'request.method'). Any pattern supported - by https://pkg.go.dev/github.com/tidwall/gjson can be - used. Authorino custom JSON path modifiers are also - supported. + description: |- + Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + Authorino custom JSON path modifiers are also supported. type: string value: - description: The value of reference for the comparison - with the content fetched from the authorization JSON. - If used with the "matches" operator, the value must - compile to a valid Golang regex. + description: |- + The value of reference for the comparison with the content fetched from the authorization JSON. + If used with the "matches" operator, the value must compile to a valid Golang regex. type: string type: object type: array type: object - description: Metadata sources. Authorino fetches auth metadata as - JSON from sources specified in this config. + description: |- + Metadata sources. + Authorino fetches auth metadata as JSON from sources specified in this config. type: object patterns: additionalProperties: items: properties: operator: - description: 'The binary operator to be applied to the content - fetched from the authorization JSON, for comparison with - "value". Possible values are: "eq" (equal to), "neq" (not - equal to), "incl" (includes; for arrays), "excl" (excludes; - for arrays), "matches" (regex)' + description: |- + The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) enum: - eq - neq @@ -1792,16 +1636,15 @@ spec: - matches type: string selector: - description: Path selector to fetch content from the authorization - JSON (e.g. 'request.method'). Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. Authorino custom JSON path modifiers are also - supported. + description: |- + Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + Authorino custom JSON path modifiers are also supported. type: string value: - description: The value of reference for the comparison with - the content fetched from the authorization JSON. If used - with the "matches" operator, the value must compile to a - valid Golang regex. + description: |- + The value of reference for the comparison with the content fetched from the authorization JSON. + If used with the "matches" operator, the value must compile to a valid Golang regex. type: string type: object type: array @@ -1809,40 +1652,34 @@ spec: conditions and in pattern-matching authorization policy rules. type: object response: - description: Response items. Authorino builds custom responses to - the client of the auth request. + description: |- + Response items. + Authorino builds custom responses to the client of the auth request. properties: success: - description: Response items to be included in the auth response - when the request is authenticated and authorized. For integration - of Authorino via proxy, the proxy must use these settings to - propagate dynamic metadata and/or inject data in the request. + description: |- + Response items to be included in the auth response when the request is authenticated and authorized. + For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request. properties: dynamicMetadata: additionalProperties: description: Settings of the success custom response item. properties: cache: - description: Caching options for the resolved object - returned when applying this config. Omit it to avoid - caching objects for this config. + description: |- + Caching options for the resolved object returned when applying this config. + Omit it to avoid caching objects for this config. properties: key: - description: Key used to store the entry in the - cache. The resolved key must be unique within - the scope of this particular config. + description: |- + Key used to store the entry in the cache. + The resolved key must be unique within the scope of this particular config. properties: selector: - description: 'Simple path selector to fetch - content from the authorization JSON (e.g. - ''request.method'') or a string template with - variables that resolve to patterns (e.g. "Hello, - {auth.identity.name}!"). Any pattern supported - by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom - modifiers are supported: @extract:{sep:" ",pos:0}, - @replace{old:"",new:""}, @case:upper|lower, - @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -1858,24 +1695,18 @@ spec: - key type: object json: - description: JSON object Specify it as the list of properties - of the object, whose values can combine static values - and values selected from the authorization JSON. + description: |- + JSON object + Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. properties: properties: additionalProperties: properties: selector: - description: 'Simple path selector to fetch - content from the authorization JSON (e.g. - ''request.method'') or a string template - with variables that resolve to patterns - (e.g. "Hello, {auth.identity.name}!"). Any - pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom - modifiers are supported: @extract:{sep:" - ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, - @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -1886,10 +1717,9 @@ spec: - properties type: object key: - description: The key used to add the custom response - item (name of the HTTP header or root property of - the Dynamic Metadata object). If omitted, it will - be set to the name of the response config. + description: |- + The key used to add the custom response item (name of the HTTP header or root property of the Dynamic Metadata object). + If omitted, it will be set to the name of the response config. type: string metrics: default: false @@ -1900,14 +1730,10 @@ spec: description: Plain text content properties: selector: - description: 'Simple path selector to fetch content - from the authorization JSON (e.g. ''request.method'') - or a string template with variables that resolve - to patterns (e.g. "Hello, {auth.identity.name}!"). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom modifiers - are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, - @case:upper|lower, @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -1915,16 +1741,15 @@ spec: type: object priority: default: 0 - description: Priority group of the config. All configs - in the same priority group are evaluated concurrently; - consecutive priority groups are evaluated sequentially. + description: |- + Priority group of the config. + All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. type: integer when: - description: Conditions for Authorino to enforce this - config. If omitted, the config will be enforced for - all requests. If present, all conditions must match - for the config to be enforced; otherwise, the config - will be skipped. + description: |- + Conditions for Authorino to enforce this config. + If omitted, the config will be enforced for all requests. + If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. items: properties: all: @@ -1942,12 +1767,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: array operator: - description: 'The binary operator to be applied - to the content fetched from the authorization - JSON, for comparison with "value". Possible - values are: "eq" (equal to), "neq" (not equal - to), "incl" (includes; for arrays), "excl" (excludes; - for arrays), "matches" (regex)' + description: |- + The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) enum: - eq - neq @@ -1960,17 +1782,15 @@ spec: expressions type: string selector: - description: Path selector to fetch content from - the authorization JSON (e.g. 'request.method'). - Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. Authorino custom JSON path modifiers - are also supported. + description: |- + Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + Authorino custom JSON path modifiers are also supported. type: string value: - description: The value of reference for the comparison - with the content fetched from the authorization - JSON. If used with the "matches" operator, the - value must compile to a valid Golang regex. + description: |- + The value of reference for the comparison with the content fetched from the authorization JSON. + If used with the "matches" operator, the value must compile to a valid Golang regex. type: string type: object type: array @@ -1981,16 +1801,10 @@ spec: additionalProperties: properties: selector: - description: 'Simple path selector to fetch - content from the authorization JSON (e.g. - ''request.method'') or a string template - with variables that resolve to patterns - (e.g. "Hello, {auth.identity.name}!"). Any - pattern supported by https://pkg.go.dev/github.com/tidwall/gjson - can be used. The following Authorino custom - modifiers are supported: @extract:{sep:" - ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, - @base64:encode|decode and @strip.' + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. type: string value: description: Static value @@ -2006,10 +1820,9 @@ spec: where = / = / k8s.io/api v0.26.0 - k8s.io/client-go => k8s.io/client-go v0.26.0 - k8s.io/kube-openapi => k8s.io/kube-openapi v0.0.0-20230113010536-ace3e4a52ca1 - sigs.k8s.io/controller-runtime => sigs.k8s.io/controller-runtime v0.14.6 + k8s.io/api => k8s.io/api v0.28.4 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.28.4 + k8s.io/apimachinery => k8s.io/apimachinery v0.28.4 + k8s.io/client-go => k8s.io/client-go v0.28.4 + k8s.io/code-generator => k8s.io/code-generator v0.28.4 + k8s.io/component-base => k8s.io/component-base v0.28.4 + sigs.k8s.io/controller-runtime => sigs.k8s.io/controller-runtime v0.17.5 ) require ( @@ -20,88 +23,79 @@ require ( go.uber.org/zap v1.26.0 istio.io/api v1.20.2-0.20231213020515-8655fab91d5d istio.io/client-go v1.20.2 - k8s.io/api v0.28.3 - k8s.io/apiextensions-apiserver v0.28.3 - k8s.io/apimachinery v0.28.3 - k8s.io/client-go v0.28.3 - k8s.io/code-generator v0.28.3 - k8s.io/utils v0.0.0-20230726121419-3b25d923346b - sigs.k8s.io/controller-runtime v0.16.3 - sigs.k8s.io/controller-tools v0.9.2 + k8s.io/api v0.31.0 + k8s.io/apiextensions-apiserver v0.31.0 + k8s.io/apimachinery v0.31.0 + k8s.io/client-go v0.31.0 + k8s.io/code-generator v0.31.0 + k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 + sigs.k8s.io/controller-runtime v0.17.5 sigs.k8s.io/yaml v1.4.0 ) // Testing deps require ( github.com/onsi/ginkgo/v2 v2.19.1 - github.com/onsi/gomega v1.34.0 + github.com/onsi/gomega v1.34.1 ) require ( github.com/beorn7/perks v1.0.1 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect - github.com/fatih/color v1.16.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-openapi/swag v0.22.4 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect - github.com/gobuffalo/flect v1.0.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect - github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect - github.com/google/uuid v1.3.1 // indirect + github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af // indirect + github.com/google/uuid v1.6.0 // indirect github.com/imdario/mergo v0.3.13 // indirect - github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.16.0 // indirect - github.com/prometheus/client_model v0.4.0 // indirect - github.com/prometheus/common v0.44.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect - github.com/spf13/cobra v1.8.0 // indirect + github.com/prometheus/client_golang v1.19.1 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/tidwall/gjson v1.14.0 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.25.0 // indirect - golang.org/x/oauth2 v0.12.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.21.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect + golang.org/x/mod v0.20.0 // indirect + golang.org/x/net v0.28.0 // indirect + golang.org/x/oauth2 v0.21.0 // indirect + golang.org/x/sync v0.8.0 // indirect + golang.org/x/sys v0.23.0 // indirect + golang.org/x/term v0.23.0 // indirect + golang.org/x/text v0.17.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.21.0 // indirect + golang.org/x/tools v0.24.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13 // indirect - google.golang.org/protobuf v1.34.1 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 // indirect + google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/component-base v0.28.3 // indirect + k8s.io/component-base v0.31.0 // indirect k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect - k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect + k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect diff --git a/go.sum b/go.sum index 9fadcc8..3856dbe 100644 --- a/go.sum +++ b/go.sum @@ -1,27 +1,18 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= -github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= @@ -33,40 +24,20 @@ github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= +github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/gobuffalo/flect v1.0.2 h1:eqjPGSo2WmjgY2XlpGwo2NXgL3RucAKo4k4qQMNA5sA= -github.com/gobuffalo/flect v1.0.2/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= -github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -74,14 +45,12 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= -github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= -github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= -github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= -github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= @@ -100,13 +69,6 @@ github.com/kuadrant/authorino v0.15.0 h1:Xw/buh/wTINdL+IpLSxhlpet4hpleMxZzfx39c4 github.com/kuadrant/authorino v0.15.0/go.mod h1:vXkHKrntn8DR7kt8a8Ohxq+2lgAD0jWivThoP+7ASew= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= -github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= -github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -114,47 +76,37 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= -github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= -github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.19.1 h1:QXgq3Z8Crl5EL1WBAC98A5sEBHARrAJNzAmMxzLcRF0= github.com/onsi/ginkgo/v2 v2.19.1/go.mod h1:O3DtEWQkPa/F7fBMgmZQKKsluAy8pd3rEQdrjkPb9zA= -github.com/onsi/gomega v1.34.0 h1:eSSPsPNp6ZpsG8X1OVmOTxig+CblTc4AxpPBykhe2Os= -github.com/onsi/gomega v1.34.0/go.mod h1:MIKI8c+f+QLWk+hxbePD4i0LMJSExPaZOVfkoex4cAo= +github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= +github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/openshift/api v0.0.0-20230918194705-55e9a6dcc436 h1:mCh7661fpX91NCbB1+NfogNHE2luiskEwErY9uKie5A= github.com/openshift/api v0.0.0-20230918194705-55e9a6dcc436/go.mod h1:qNtV0315F+f8ld52TLtPvrfivZpdimOzTi3kn9IVbtU= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= -github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= -github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= -github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= -github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= +github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= -github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= -github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tidwall/gjson v1.14.0 h1:6aeJ0bzojgWLa82gDQHcx3S0Lr/O51I9bJ5nv6JFx5w= github.com/tidwall/gjson v1.14.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= @@ -163,8 +115,8 @@ github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= -go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= @@ -172,147 +124,99 @@ go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= -golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= +golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= -golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= +golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= +golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= +golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= +golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 h1:SeZZZx0cP0fqUyA+oRzP9k7cSwJlvDFiROO72uwD6i0= -google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk= -google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13 h1:U7+wNaVuSTaUqNvK2+osJ9ejEZxbjHHk8F2b6Hpx0AE= -google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:RdyHbowztCGQySiCvQPgWQWgWhGnouTdCflKoDBt32U= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= -google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 h1:7whR9kGa5LUwFtpLm2ArCEejtnxlGeLbAyjFY8sGNFw= +google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= istio.io/api v1.20.2-0.20231213020515-8655fab91d5d h1:Yz1kAzxwyJtzI6FmXiWl95I6KaCKVLXS1leQpv4o/pY= istio.io/api v1.20.2-0.20231213020515-8655fab91d5d/go.mod h1:hm1PE/mGdIAsjCDkTIAplP53H7TjO5LUQCiVvF26SVg= istio.io/client-go v1.20.2 h1:FL99qw5f5W+QFPHutLpGOoPmoKgLwNFrGCEemAvLm00= istio.io/client-go v1.20.2/go.mod h1:mub0nwPDAj98cjns7KYLzbvDk0Fg9rx0k2o+KZ4UIUY= -k8s.io/api v0.26.0 h1:IpPlZnxBpV1xl7TGk/X6lFtpgjgntCg8PJ+qrPHAC7I= -k8s.io/api v0.26.0/go.mod h1:k6HDTaIFC8yn1i6pSClSqIwLABIcLV9l5Q4EcngKnQg= -k8s.io/apiextensions-apiserver v0.28.3 h1:Od7DEnhXHnHPZG+W9I97/fSQkVpVPQx2diy+2EtmY08= -k8s.io/apiextensions-apiserver v0.28.3/go.mod h1:NE1XJZ4On0hS11aWWJUTNkmVB03j9LM7gJSisbRt8Lc= -k8s.io/apimachinery v0.28.3 h1:B1wYx8txOaCQG0HmYF6nbpU8dg6HvA06x5tEffvOe7A= -k8s.io/apimachinery v0.28.3/go.mod h1:uQTKmIqs+rAYaq+DFaoD2X7pcjLOqbQX2AOiO0nIpb8= -k8s.io/client-go v0.26.0 h1:lT1D3OfO+wIi9UFolCrifbjUUgu7CpLca0AD8ghRLI8= -k8s.io/client-go v0.26.0/go.mod h1:I2Sh57A79EQsDmn7F7ASpmru1cceh3ocVT9KlX2jEZg= -k8s.io/code-generator v0.28.3 h1:I847QvdpYx7xKiG2KVQeCSyNF/xU9TowaDAg601mvlw= -k8s.io/code-generator v0.28.3/go.mod h1:A2EAHTRYvCvBrb/MM2zZBNipeCk3f8NtpdNIKawC43M= -k8s.io/component-base v0.28.3 h1:rDy68eHKxq/80RiMb2Ld/tbH8uAE75JdCqJyi6lXMzI= -k8s.io/component-base v0.28.3/go.mod h1:fDJ6vpVNSk6cRo5wmDa6eKIG7UlIQkaFmZN2fYgIUD8= +k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY= +k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0= +k8s.io/apiextensions-apiserver v0.28.4 h1:AZpKY/7wQ8n+ZYDtNHbAJBb+N4AXXJvyZx6ww6yAJvU= +k8s.io/apiextensions-apiserver v0.28.4/go.mod h1:pgQIZ1U8eJSMQcENew/0ShUTlePcSGFq6dxSxf2mwPM= +k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8= +k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg= +k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY= +k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4= +k8s.io/code-generator v0.28.4 h1:tcOSNIZQvuAvXhOwpbuJkKbAABJQeyCcQBCN/3uI18c= +k8s.io/code-generator v0.28.4/go.mod h1:OQAfl6bZikQ/tK6faJ18Vyzo54rUII2NmjurHyiN1g4= +k8s.io/component-base v0.28.4 h1:c/iQLWPdUgI90O+T9TeECg8o7N3YJTiuz2sKxILYcYo= +k8s.io/component-base v0.28.4/go.mod h1:m9hR0uvqXDybiGL2nf/3Lf0MerAfQXzkfWhUY58JUbU= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d h1:U9tB195lKdzwqicbJvyJeOXV7Klv+wNAWENRnXEGi08= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 h1:NGrVE502P0s0/1hudf8zjgwki1X/TByhmAoILTarmzo= +k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= -k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20230113010536-ace3e4a52ca1 h1:hoNFU8otQDVH5xJiqsJ2E86d8v87t2Uz1K2WuiNSNDY= -k8s.io/kube-openapi v0.0.0-20230113010536-ace3e4a52ca1/go.mod h1:/BYxry62FuDzmI+i9B+X2pqfySRmSOW2ARmj5Zbqhj0= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.14.6 h1:oxstGVvXGNnMvY7TAESYk+lzr6S3V5VFxQ6d92KcwQA= -sigs.k8s.io/controller-runtime v0.14.6/go.mod h1:WqIdsAY6JBsjfc/CqO0CORmNtoCtE4S6qbPc9s68h+0= -sigs.k8s.io/controller-tools v0.9.2 h1:AkTE3QAdz9LS4iD3EJvHyYxBkg/g9fTbgiYsrcsFCcM= -sigs.k8s.io/controller-tools v0.9.2/go.mod h1:NUkn8FTV3Sad3wWpSK7dt/145qfuQ8CKJV6j4jHC5rM= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.17.5 h1:1FI9Lm7NiOOmBsgTV36/s2XrEFXnO2C4sbg/Zme72Rw= +sigs.k8s.io/controller-runtime v0.17.5/go.mod h1:N0jpP5Lo7lMTF9aL56Z/B2oWBJjey6StQM0jRbKQXtY= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/main.go b/main.go index aea4428..b779494 100644 --- a/main.go +++ b/main.go @@ -15,6 +15,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/log/zap" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" ) //nolint:gochecknoglobals //reason: used only here @@ -50,7 +51,9 @@ func main() { HealthProbeBindAddress: probeAddr, LeaderElection: enableLeaderElection, LeaderElectionID: "odh-platform", - MetricsBindAddress: "0", + Metrics: metricsserver.Options{ + BindAddress: metricsAddr, + }, }) if err != nil { setupLog.Error(err, "unable to create manager") diff --git a/tools.go b/tools.go index 5842811..78d05c9 100644 --- a/tools.go +++ b/tools.go @@ -8,5 +8,4 @@ import ( _ "github.com/onsi/ginkgo/v2/ginkgo" _ "github.com/onsi/ginkgo/v2/ginkgo/generators" _ "k8s.io/code-generator" - _ "sigs.k8s.io/controller-tools/cmd/controller-gen" )