diff --git a/admission/exporter/http_exporter.go b/admission/exporter/http_exporter.go new file mode 100644 index 0000000..ba5883b --- /dev/null +++ b/admission/exporter/http_exporter.go @@ -0,0 +1,207 @@ +package exporters + +import ( + "bytes" + "encoding/json" + "fmt" + "io" + "net/http" + "sync" + "time" + + "github.com/kubescape/go-logger" + "github.com/kubescape/go-logger/helpers" + "github.com/kubescape/operator/admission/rules" + + apitypes "github.com/armosec/armoapi-go/armotypes" +) + +type HTTPExporterConfig struct { + // URL is the URL to send the HTTP request to + URL string `json:"url"` + // Headers is a map of headers to send in the HTTP request + Headers map[string]string `json:"headers"` + // Timeout is the timeout for the HTTP request + TimeoutSeconds int `json:"timeoutSeconds"` + // Method is the HTTP method to use for the HTTP request + Method string `json:"method"` + MaxAlertsPerMinute int `json:"maxAlertsPerMinute"` +} + +// we will have a CRD-like json struct to send in the HTTP request +type HTTPExporter struct { + config HTTPExporterConfig + Host string `json:"host"` + ClusterName string `json:"clusterName"` + httpClient *http.Client + // alertCount is the number of alerts sent in the last minute, used to limit the number of alerts sent, so we don't overload the system or reach the rate limit + alertCount int + alertCountLock sync.Mutex + alertCountStart time.Time + alertLimitNotified bool +} + +type HTTPAlertsList struct { + Kind string `json:"kind"` + ApiVersion string `json:"apiVersion"` + Spec HTTPAlertsListSpec `json:"spec"` +} + +type HTTPAlertsListSpec struct { + Alerts []apitypes.RuntimeAlert `json:"alerts"` + ProcessTree apitypes.ProcessTree `json:"processTree"` +} + +func (config *HTTPExporterConfig) Validate() error { + if config.Method == "" { + config.Method = "POST" + } else if config.Method != "POST" && config.Method != "PUT" { + return fmt.Errorf("method must be POST or PUT") + } + if config.TimeoutSeconds == 0 { + config.TimeoutSeconds = 5 + } + if config.MaxAlertsPerMinute == 0 { + config.MaxAlertsPerMinute = 100 + } + if config.Headers == nil { + config.Headers = make(map[string]string) + } + if config.URL == "" { + return fmt.Errorf("URL is required") + } + return nil +} + +// InitHTTPExporter initializes an HTTPExporter with the given URL, headers, timeout, and method +func InitHTTPExporter(config HTTPExporterConfig, clusterName string) (*HTTPExporter, error) { + if err := config.Validate(); err != nil { + return nil, err + } + + return &HTTPExporter{ + ClusterName: clusterName, + config: config, + httpClient: &http.Client{ + Timeout: time.Duration(config.TimeoutSeconds) * time.Second, + }, + }, nil +} + +func (exporter *HTTPExporter) sendAlertLimitReached() { + httpAlert := apitypes.RuntimeAlert{ + Message: "Alert limit reached", + HostName: exporter.Host, + AlertType: apitypes.AlertTypeRule, // TODO: change this to a new alert type. @bez + BaseRuntimeAlert: apitypes.BaseRuntimeAlert{ + AlertName: "AlertLimitReached", + Severity: 1000, // Replace with ruleengine.RulePrioritySystemIssue once node agent is bumping the types pkg @amitschendel. + FixSuggestions: "Check logs for more information", + }, + RuntimeAlertK8sDetails: apitypes.RuntimeAlertK8sDetails{ + ClusterName: exporter.ClusterName, + NodeName: "Operator", + }, + } + + logger.L().Error("Alert limit reached", helpers.Int("alerts", exporter.alertCount), helpers.String("since", exporter.alertCountStart.Format(time.RFC3339))) + exporter.sendInAlertList(httpAlert, apitypes.ProcessTree{}) +} + +func (exporter *HTTPExporter) SendAdmissionAlert(ruleFailure rules.RuleFailure) { + isLimitReached := exporter.checkAlertLimit() + if isLimitReached && !exporter.alertLimitNotified { + exporter.sendAlertLimitReached() + exporter.alertLimitNotified = true + return + } + // populate the RuntimeAlert struct with the data from the failedRule + k8sDetails := apitypes.RuntimeAlertK8sDetails{ + ClusterName: exporter.ClusterName, + } + + httpAlert := apitypes.RuntimeAlert{ + Message: ruleFailure.GetRuleAlert().RuleDescription, + HostName: exporter.Host, + AlertType: apitypes.AlertTypeAdmission, + BaseRuntimeAlert: apitypes.BaseRuntimeAlert{ + Timestamp: time.Now(), + }, + AdmissionAlert: ruleFailure.GetAdmissionsAlert(), + RuntimeAlertK8sDetails: k8sDetails, + RuleAlert: apitypes.RuleAlert{ + RuleDescription: ruleFailure.GetRuleAlert().RuleDescription, + }, + RuleID: ruleFailure.GetRuleId(), + } + exporter.sendInAlertList(httpAlert, apitypes.ProcessTree{}) +} + +func (exporter *HTTPExporter) sendInAlertList(httpAlert apitypes.RuntimeAlert, processTree apitypes.ProcessTree) { + // create the HTTPAlertsListSpec struct + // TODO: accumulate alerts and send them in a batch + httpAlertsListSpec := HTTPAlertsListSpec{ + Alerts: []apitypes.RuntimeAlert{httpAlert}, + ProcessTree: processTree, + } + // create the HTTPAlertsList struct + httpAlertsList := HTTPAlertsList{ + Kind: "RuntimeAlerts", + ApiVersion: "kubescape.io/v1", + Spec: httpAlertsListSpec, + } + + // create the JSON representation of the HTTPAlertsList struct + bodyBytes, err := json.Marshal(httpAlertsList) + if err != nil { + logger.L().Error("failed to marshal HTTPAlertsList", helpers.Error(err)) + return + } + bodyReader := bytes.NewReader(bodyBytes) + + // send the HTTP request + req, err := http.NewRequest(exporter.config.Method, + exporter.config.URL+"/v1/runtimealerts", bodyReader) + if err != nil { + logger.L().Error("failed to create HTTP request", helpers.Error(err)) + return + } + for key, value := range exporter.config.Headers { + req.Header.Set(key, value) + } + + resp, err := exporter.httpClient.Do(req) + if err != nil { + logger.L().Error("failed to send HTTP request", helpers.Error(err)) + return + } + defer resp.Body.Close() + + if resp.StatusCode < 200 || resp.StatusCode >= 300 { + logger.L().Error("Received non-2xx status code", helpers.Int("status", resp.StatusCode)) + return + } + + // discard the body + if _, err := io.Copy(io.Discard, resp.Body); err != nil { + logger.L().Error("failed to clear response body", helpers.Error(err)) + } +} + +func (exporter *HTTPExporter) checkAlertLimit() bool { + exporter.alertCountLock.Lock() + defer exporter.alertCountLock.Unlock() + + if exporter.alertCountStart.IsZero() { + exporter.alertCountStart = time.Now() + } + + if time.Since(exporter.alertCountStart) > time.Minute { + exporter.alertCountStart = time.Now() + exporter.alertCount = 0 + exporter.alertLimitNotified = false + } + + exporter.alertCount++ + return exporter.alertCount > exporter.config.MaxAlertsPerMinute +} diff --git a/admission/rulebinding/cache/cache.go b/admission/rulebinding/cache/cache.go new file mode 100644 index 0000000..ef50e82 --- /dev/null +++ b/admission/rulebinding/cache/cache.go @@ -0,0 +1,269 @@ +package cache + +import ( + "context" + "strings" + + "github.com/kubescape/node-agent/pkg/rulebindingmanager/types" + typesv1 "github.com/kubescape/node-agent/pkg/rulebindingmanager/types/v1" + "github.com/kubescape/node-agent/pkg/watcher" + + "github.com/kubescape/node-agent/pkg/k8sclient" + + "github.com/kubescape/node-agent/pkg/rulebindingmanager" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/labels" + + "github.com/goradd/maps" + "github.com/kubescape/go-logger" + "github.com/kubescape/go-logger/helpers" + "github.com/kubescape/operator/admission/rulebinding" + "github.com/kubescape/operator/admission/rules" + rulesv1 "github.com/kubescape/operator/admission/rules/v1" +) + +const ( + IncludeClusterObjects = "includeClusterObjects" +) + +var _ rulebinding.RuleBindingCache = (*RBCache)(nil) +var _ watcher.Adaptor = (*RBCache)(nil) + +type RBCache struct { + k8sClient k8sclient.K8sClientInterface + rbNameToRB maps.SafeMap[string, typesv1.RuntimeAlertRuleBinding] // rule binding name -> rule binding + rbNameToRules maps.SafeMap[string, []rules.RuleEvaluator] // rule binding name -> []created rules + ruleCreator rules.RuleCreator + watchResources []watcher.WatchResource + notifiers []*chan rulebindingmanager.RuleBindingNotify +} + +func NewCache(k8sClient k8sclient.K8sClientInterface) *RBCache { + return &RBCache{ + k8sClient: k8sClient, + ruleCreator: rulesv1.NewRuleCreator(), + rbNameToRB: maps.SafeMap[string, typesv1.RuntimeAlertRuleBinding]{}, + watchResources: resourcesToWatch(), + } +} + +// ----------------- watcher.WatchResources methods ----------------- + +func (c *RBCache) WatchResources() []watcher.WatchResource { + return c.watchResources +} + +// ------------------ rulebindingmanager.RuleBindingCache methods ----------------------- + +func (c *RBCache) ListRulesForObject(ctx context.Context, object *unstructured.Unstructured) []rules.RuleEvaluator { + var rulesSlice []rules.RuleEvaluator + var rbNames []string + + for _, rb := range c.rbNameToRB.Values() { + rbName := uniqueName(&rb) + // check if the object is cluster object + if object.GetNamespace() == "" { + includeClusterObjects, ok := object.GetLabels()[IncludeClusterObjects] + if !ok { + includeClusterObjects = "true" + } + + if includeClusterObjects == "false" { + continue + } + + rbNames = append(rbNames, rbName) + continue + } + + // check pod selectors + podSelector, _ := metav1.LabelSelectorAsSelector(&rb.Spec.PodSelector) + if !podSelector.Matches(labels.Set(object.GetLabels())) { + // pod selectors doesnt match + continue + } + + // check namespace selectors + nsSelector, _ := metav1.LabelSelectorAsSelector(&rb.Spec.NamespaceSelector) + nsSelectorStr := nsSelector.String() + if len(nsSelectorStr) != 0 { + // get related namespaces + namespaces, err := c.k8sClient.GetKubernetesClient().CoreV1().Namespaces().List(ctx, metav1.ListOptions{LabelSelector: nsSelectorStr}) + if err != nil { + logger.L().Error("failed to list namespaces", helpers.String("ruleBiding", uniqueName(&rb)), helpers.String("nsSelector", nsSelectorStr), helpers.Error(err)) + continue + } + if !strings.Contains(namespaces.String(), object.GetNamespace()) { + // namespace selectors dont match + continue + } + } + + rbNames = append(rbNames, rbName) + } + + for _, ruleName := range rbNames { + if c.rbNameToRules.Has(ruleName) { + rulesSlice = append(rulesSlice, c.rbNameToRules.Get(ruleName)...) + } + } + + return rulesSlice +} + +func (c *RBCache) AddNotifier(n *chan rulebindingmanager.RuleBindingNotify) { + c.notifiers = append(c.notifiers, n) +} + +// ------------------ watcher.Watcher methods ----------------------- + +func (c *RBCache) AddHandler(ctx context.Context, obj *unstructured.Unstructured) { + var rbs []rulebindingmanager.RuleBindingNotify + + switch obj.GetKind() { + case types.RuntimeRuleBindingAlertKind: + ruleBinding, err := unstructuredToRuleBinding(obj) + if err != nil { + logger.L().Error("failed to convert unstructured to rule binding", helpers.Error(err)) + return + } + rbs = c.addRuleBinding(ruleBinding) + } + // notify + for n := range c.notifiers { + for i := range rbs { + *c.notifiers[n] <- rbs[i] + } + } +} +func (c *RBCache) ModifyHandler(ctx context.Context, obj *unstructured.Unstructured) { + var rbs []rulebindingmanager.RuleBindingNotify + + switch obj.GetKind() { + case types.RuntimeRuleBindingAlertKind: + ruleBinding, err := unstructuredToRuleBinding(obj) + if err != nil { + logger.L().Error("failed to convert unstructured to rule binding", helpers.Error(err)) + return + } + rbs = c.modifiedRuleBinding(ruleBinding) + } + // notify + for n := range c.notifiers { + for i := range rbs { + *c.notifiers[n] <- rbs[i] + } + } +} +func (c *RBCache) DeleteHandler(_ context.Context, obj *unstructured.Unstructured) { + var rbs []rulebindingmanager.RuleBindingNotify + switch obj.GetKind() { + case types.RuntimeRuleBindingAlertKind: + rbs = c.deleteRuleBinding(uniqueName(obj)) + } + + // notify + for n := range c.notifiers { + for i := range rbs { + *c.notifiers[n] <- rbs[i] + } + } +} + +// ----------------- RuleBinding manager methods ----------------- + +// AddRuleBinding adds a rule binding to the cache +func (c *RBCache) addRuleBinding(ruleBinding *typesv1.RuntimeAlertRuleBinding) []rulebindingmanager.RuleBindingNotify { + var rbs []rulebindingmanager.RuleBindingNotify + rbName := uniqueName(ruleBinding) + logger.L().Info("RuleBinding added/modified", helpers.String("name", rbName)) + + // add the rule binding to the cache + c.rbNameToRB.Set(rbName, *ruleBinding) + c.rbNameToRules.Set(rbName, c.createRules(ruleBinding.Spec.Rules)) + + return rbs +} +func (c *RBCache) deleteRuleBinding(uniqueName string) []rulebindingmanager.RuleBindingNotify { + logger.L().Info("RuleBinding deleted", helpers.String("name", uniqueName)) + var rbs []rulebindingmanager.RuleBindingNotify + + // remove the rule binding from the cache + c.rbNameToRB.Delete(uniqueName) + c.rbNameToRules.Delete(uniqueName) + + logger.L().Info("DeleteRuleBinding", helpers.String("name", uniqueName)) + return rbs +} + +func (c *RBCache) modifiedRuleBinding(ruleBinding *typesv1.RuntimeAlertRuleBinding) []rulebindingmanager.RuleBindingNotify { + rbsD := c.deleteRuleBinding(uniqueName(ruleBinding)) + rbsA := c.addRuleBinding(ruleBinding) + + return diff(rbsD, rbsA) +} + +func (c *RBCache) createRules(rulesForPod []typesv1.RuntimeAlertRuleBindingRule) []rules.RuleEvaluator { + var rules []rules.RuleEvaluator + // Get the rules that are bound to the container + for _, ruleParams := range rulesForPod { + rules = append(rules, c.createRule(&ruleParams)...) + } + return rules +} + +func (c *RBCache) createRule(r *typesv1.RuntimeAlertRuleBindingRule) []rules.RuleEvaluator { + if r.RuleID != "" { + if ruleDesc := c.ruleCreator.CreateRuleByID(r.RuleID); ruleDesc != nil { + if r.Parameters != nil { + ruleDesc.SetParameters(r.Parameters) + } + return []rules.RuleEvaluator{ruleDesc} + } + } + if r.RuleName != "" { + if ruleDesc := c.ruleCreator.CreateRuleByName(r.RuleName); ruleDesc != nil { + if r.Parameters != nil { + ruleDesc.SetParameters(r.Parameters) + } + return []rules.RuleEvaluator{ruleDesc} + } + } + if len(r.RuleTags) > 0 { + if ruleTagsDescs := c.ruleCreator.CreateRulesByTags(r.RuleTags); ruleTagsDescs != nil { + for _, ruleDesc := range ruleTagsDescs { + if r.Parameters != nil { + ruleDesc.SetParameters(r.Parameters) + } + } + return ruleTagsDescs + } + } + return []rules.RuleEvaluator{} +} + +func diff(a, b []rulebindingmanager.RuleBindingNotify) []rulebindingmanager.RuleBindingNotify { + m := make(map[string]rulebindingmanager.RuleBindingNotify) + diff := make([]rulebindingmanager.RuleBindingNotify, 0) + + for i := range a { + m[uniqueName(&a[i].Pod)] = a[i] + } + + for i := range b { + n := uniqueName(&b[i].Pod) + if _, found := m[n]; !found { + diff = append(diff, b[i]) + } else { + delete(m, n) + } + } + + for i := range m { + diff = append(diff, m[i]) + } + + return diff +} diff --git a/admission/rulebinding/cache/cache_test.go b/admission/rulebinding/cache/cache_test.go new file mode 100644 index 0000000..70d5b7b --- /dev/null +++ b/admission/rulebinding/cache/cache_test.go @@ -0,0 +1,256 @@ +package cache + +import ( + "context" + "testing" + + typesv1 "github.com/kubescape/node-agent/pkg/rulebindingmanager/types/v1" + + "github.com/goradd/maps" + "github.com/kubescape/k8s-interface/k8sinterface" + "github.com/kubescape/operator/admission/rules" + "github.com/kubescape/operator/utils" + "github.com/stretchr/testify/assert" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" +) + +func NewCacheMock() *RBCache { + return &RBCache{ + k8sClient: k8sinterface.NewKubernetesApiMock(), + ruleCreator: &rules.RuleCreatorMock{}, + rbNameToRules: maps.SafeMap[string, []rules.RuleEvaluator]{}, // rule binding name -> []created rules + } +} + +func TestNewCache(t *testing.T) { + tests := []struct { + name string + }{ + { + name: "Initialize NewCache", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + k8sAPI := utils.NewK8sInterfaceFake(nil) + cache := NewCache(k8sAPI) + + assert.NotNil(t, cache) + assert.Equal(t, k8sAPI, cache.k8sClient) + assert.NotNil(t, cache.ruleCreator) + assert.NotNil(t, cache.watchResources) + }) + } +} + +func TestRuntimeObjAddHandler(t *testing.T) { + type rules struct { + ruleID string + } + type args struct { + c *RBCache + pod *unstructured.Unstructured + rb []typesv1.RuntimeAlertRuleBinding + } + tests := []struct { + name string + args args + expectedRules []rules + }{ + { + name: "Add a pod to the cache", + args: args{ + c: NewCacheMock(), + pod: &unstructured.Unstructured{ + Object: map[string]interface{}{ + "metadata": map[string]interface{}{ + "name": "testPod", + "namespace": "testNamespace", + "labels": map[string]interface{}{ + "app": "testPod", + }, + }, + }, + }, + rb: []typesv1.RuntimeAlertRuleBinding{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "testRB", + Namespace: "testNamespace", + }, + Spec: typesv1.RuntimeAlertRuleBindingSpec{ + PodSelector: metav1.LabelSelector{ + MatchLabels: map[string]string{ + "app": "testPod", + }, + }, + Rules: []typesv1.RuntimeAlertRuleBindingRule{ + { + RuleID: "R2000", + }, + }, + }, + }, + }, + }, + expectedRules: []rules{ + { + ruleID: "R2000", + }, + }, + }, + { + name: "Pod with MatchExpressions", + args: args{ + c: NewCacheMock(), + pod: &unstructured.Unstructured{ + Object: map[string]interface{}{ + "metadata": map[string]interface{}{ + "name": "testPod", + "namespace": "testNamespace", + "labels": map[string]interface{}{ + "app": "testPod", + }, + }, + }, + }, + rb: []typesv1.RuntimeAlertRuleBinding{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "testRB", + Namespace: "testNamespace", + }, + Spec: typesv1.RuntimeAlertRuleBindingSpec{ + PodSelector: metav1.LabelSelector{ + MatchExpressions: []metav1.LabelSelectorRequirement{ + { + Key: "app", + Operator: metav1.LabelSelectorOpIn, + Values: []string{"testPod"}, + }, + }, + }, + Rules: []typesv1.RuntimeAlertRuleBindingRule{ + { + RuleID: "R2000", + }, + }, + }, + }, + }, + }, + expectedRules: []rules{ + { + ruleID: "R2000", + }, + }, + }, + { + name: "Pod with mismatch labels", + args: args{ + c: NewCacheMock(), + pod: &unstructured.Unstructured{ + Object: map[string]interface{}{ + "metadata": map[string]interface{}{ + "name": "testPod", + "namespace": "testNamespace", + "labels": map[string]interface{}{ + "app": "testPod", + }, + }, + }, + }, + rb: []typesv1.RuntimeAlertRuleBinding{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "testRB", + Namespace: "testNamespace", + }, + Spec: typesv1.RuntimeAlertRuleBindingSpec{ + PodSelector: metav1.LabelSelector{ + MatchLabels: map[string]string{ + "app": "testPod1", + }, + }, + Rules: []typesv1.RuntimeAlertRuleBindingRule{ + { + RuleID: "R2000", + }, + }, + }, + }, + }, + }, + expectedRules: []rules{}, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + for i := range tt.args.rb { + tt.args.c.addRuleBinding(&tt.args.rb[i]) + } + tt.args.c.AddHandler(context.Background(), tt.args.pod) + r := tt.args.c.ListRulesForObject(context.Background(), tt.args.pod) + assert.Equal(t, len(tt.expectedRules), len(r)) + for i := range r { + assert.Equal(t, tt.expectedRules[i].ruleID, r[i].ID()) + + } + }) + + } +} + +func TestCreateRule(t *testing.T) { + c := NewCacheMock() + tests := []struct { + name string + rule *typesv1.RuntimeAlertRuleBindingRule + expected []rules.RuleEvaluator + }{ + { + name: "Test with RuleID", + rule: &typesv1.RuntimeAlertRuleBindingRule{ + RuleID: "rule-1", + Parameters: map[string]interface{}{"param1": "value1"}, + }, + expected: []rules.RuleEvaluator{&rules.RuleMock{RuleID: "rule-1", RuleParameters: map[string]interface{}{"param1": "value1"}}}, + }, + { + name: "Test with RuleName", + rule: &typesv1.RuntimeAlertRuleBindingRule{ + RuleName: "rule-1", + Parameters: map[string]interface{}{"param1": "value1"}, + }, + expected: []rules.RuleEvaluator{&rules.RuleMock{RuleName: "rule-1", RuleParameters: map[string]interface{}{"param1": "value1"}}}, + }, + { + name: "Test with RuleTags", + rule: &typesv1.RuntimeAlertRuleBindingRule{ + RuleTags: []string{"tag1", "tag2"}, + Parameters: map[string]interface{}{"param1": "value1"}, + }, + expected: []rules.RuleEvaluator{&rules.RuleMock{RuleName: "tag1", RuleParameters: map[string]interface{}{"param1": "value1"}}, &rules.RuleMock{RuleName: "tag2", RuleParameters: map[string]interface{}{"param1": "value1"}}}, + }, + { + name: "Test with no RuleID, RuleName, or RuleTags", + rule: &typesv1.RuntimeAlertRuleBindingRule{}, + expected: []rules.RuleEvaluator{}, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := c.createRule(tt.rule) + assert.Equal(t, len(tt.expected), len(result)) + for i := range result { + assert.Equal(t, tt.expected[i].Name(), result[i].Name()) + assert.Equal(t, tt.expected[i].ID(), result[i].ID()) + assert.Equal(t, tt.expected[i].GetParameters(), result[i].GetParameters()) + } + }) + } +} diff --git a/admission/rulebinding/cache/helpers.go b/admission/rulebinding/cache/helpers.go new file mode 100644 index 0000000..9de591e --- /dev/null +++ b/admission/rulebinding/cache/helpers.go @@ -0,0 +1,44 @@ +package cache + +import ( + typesv1 "github.com/kubescape/node-agent/pkg/rulebindingmanager/types/v1" + "github.com/kubescape/node-agent/pkg/utils" + "github.com/kubescape/node-agent/pkg/watcher" + + k8sruntime "k8s.io/apimachinery/pkg/runtime" + + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" +) + +func uniqueName(obj metav1.Object) string { + return utils.CreateK8sPodID(obj.GetNamespace(), obj.GetName()) +} + +func unstructuredToPod(obj *unstructured.Unstructured) (*corev1.Pod, error) { + pod := &corev1.Pod{} + if err := k8sruntime.DefaultUnstructuredConverter.FromUnstructured(obj.Object, pod); err != nil { + return nil, err + } + return pod, nil + +} + +func unstructuredToRuleBinding(obj *unstructured.Unstructured) (*typesv1.RuntimeAlertRuleBinding, error) { + rb := &typesv1.RuntimeAlertRuleBinding{} + if err := k8sruntime.DefaultUnstructuredConverter.FromUnstructured(obj.Object, rb); err != nil { + return nil, err + } + return rb, nil +} + +func resourcesToWatch() []watcher.WatchResource { + var w []watcher.WatchResource + + // add rule binding + rb := watcher.NewWatchResource(typesv1.RuleBindingAlertGvr, metav1.ListOptions{}) + w = append(w, rb) + + return w +} diff --git a/admission/rulebinding/cache/helpers_test.go b/admission/rulebinding/cache/helpers_test.go new file mode 100644 index 0000000..6e5f062 --- /dev/null +++ b/admission/rulebinding/cache/helpers_test.go @@ -0,0 +1,287 @@ +package cache + +import ( + "testing" + + typesv1 "github.com/kubescape/node-agent/pkg/rulebindingmanager/types/v1" + + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" +) + +func TestResourcesToWatch(t *testing.T) { + tests := []struct { + name string + }{ + { + name: "Test with valid resources", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := resourcesToWatch() + + assert.Equal(t, 1, len(result)) + + rbResource := result[0] + assert.Equal(t, typesv1.RuleBindingAlertGvr, rbResource.GroupVersionResource()) + assert.Equal(t, metav1.ListOptions{}, rbResource.ListOptions()) + }) + } +} + +func TestUnstructuredToPod(t *testing.T) { + tests := []struct { + obj *unstructured.Unstructured + name string + wantErr bool + }{ + { + name: "Test with valid pod", + obj: &unstructured.Unstructured{ + Object: map[string]interface{}{ + "apiVersion": "v1", + "kind": "Pod", + "metadata": map[string]interface{}{ + "name": "pod-1", + "namespace": "default", + }, + "spec": map[string]interface{}{ + "containers": []interface{}{ + map[string]interface{}{ + "name": "container-1", + "image": "image-1", + }, + }, + }, + }, + }, + wantErr: false, + }, + { + name: "Test with invalid pod", + obj: &unstructured.Unstructured{ + Object: map[string]interface{}{ + "apiVersion": "v1", + "kind": "Pod", + "metadata": map[string]interface{}{ + "name": "pod-1", + "namespace": "default", + }, + "spec": map[string]interface{}{ + "containers": "invalid", + }, + }, + }, + wantErr: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + _, err := unstructuredToPod(tt.obj) + if (err != nil) != tt.wantErr { + t.Errorf("unstructuredToPod() error = %v, wantErr %v", err, tt.wantErr) + return + } + }) + } +} + +func TestUnstructuredToRuleBinding(t *testing.T) { + tests := []struct { + obj *unstructured.Unstructured + name string + wantErr bool + }{ + { + name: "Test with valid rule binding", + obj: &unstructured.Unstructured{ + Object: map[string]interface{}{ + "apiVersion": "v1", + "kind": "RuntimeAlertRuleBinding", + "metadata": map[string]interface{}{ + "name": "rule-1", + "namespace": "default", + }, + "spec": map[string]interface{}{ + "ruleName": "rule-1", + }, + }, + }, + wantErr: false, + }, + { + name: "Test with invalid rule binding", + obj: &unstructured.Unstructured{ + Object: map[string]interface{}{ + "apiVersion": "v1", + "kind": "RuntimeAlertRuleBinding", + "metadata": map[string]interface{}{ + "name": "rule-1", + "namespace": "default", + }, + "spec": "invalid", + }, + }, + wantErr: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + _, err := unstructuredToRuleBinding(tt.obj) + if (err != nil) != tt.wantErr { + t.Errorf("unstructuredToRuleBinding() error = %v, wantErr %v", err, tt.wantErr) + return + } + }) + } +} + +func TestUniqueName(t *testing.T) { + tests := []struct { + name string + obj metav1.Object + expected string + }{ + { + name: "Pod with valid namespace and name", + obj: &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: "pod-1", + Namespace: "default", + }, + }, + expected: "default/pod-1", + }, + { + name: "Pod with empty namespace", + obj: &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: "pod-1", + Namespace: "", + }, + }, + expected: "/pod-1", + }, + { + name: "Pod with empty name", + obj: &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: "", + Namespace: "default", + }, + }, + expected: "default/", + }, + { + name: "Pod with empty namespace and name", + obj: &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: "", + Namespace: "", + }, + }, + expected: "/", + }, + { + name: "RuntimeAlertRuleBinding with valid namespace and name", + obj: &typesv1.RuntimeAlertRuleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name-1", + Namespace: "default", + }, + }, + expected: "default/name-1", + }, + { + name: "RuntimeAlertRuleBinding with empty namespace", + obj: &typesv1.RuntimeAlertRuleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name-1", + Namespace: "", + }, + }, + expected: "/name-1", + }, + { + name: "RuntimeAlertRuleBinding with empty name", + obj: &typesv1.RuntimeAlertRuleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: "", + Namespace: "default", + }, + }, + expected: "default/", + }, + { + name: "RuntimeAlertRuleBinding with empty namespace and name", + obj: &typesv1.RuntimeAlertRuleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: "", + Namespace: "", + }, + }, + expected: "/", + }, + { + name: "Unstructured with valid namespace and name", + obj: &unstructured.Unstructured{ + Object: map[string]interface{}{ + "metadata": map[string]interface{}{ + "name": "name-1", + "namespace": "default", + }, + }, + }, + expected: "default/name-1", + }, + { + name: "Unstructured with empty namespace", + obj: &unstructured.Unstructured{ + Object: map[string]interface{}{ + "metadata": map[string]interface{}{ + "name": "name-1", + "namespace": "", + }, + }, + }, + expected: "/name-1", + }, + { + name: "Unstructured with empty name", + obj: &unstructured.Unstructured{ + Object: map[string]interface{}{ + "metadata": map[string]interface{}{ + "name": "", + "namespace": "default", + }, + }, + }, + expected: "default/", + }, + { + name: "Unstructured with empty namespace and name", + obj: &unstructured.Unstructured{ + Object: map[string]interface{}{ + "metadata": map[string]interface{}{ + "name": "", + "namespace": "", + }, + }, + }, + expected: "/", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := uniqueName(tt.obj) + assert.Equal(t, tt.expected, result) + }) + } +} diff --git a/admission/rulebinding/rulebinding_interface.go b/admission/rulebinding/rulebinding_interface.go new file mode 100644 index 0000000..2fff8cc --- /dev/null +++ b/admission/rulebinding/rulebinding_interface.go @@ -0,0 +1,12 @@ +package rulebinding + +import ( + "context" + + "github.com/kubescape/operator/admission/rules" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" +) + +type RuleBindingCache interface { + ListRulesForObject(ctx context.Context, object *unstructured.Unstructured) []rules.RuleEvaluator +} diff --git a/admission/rulebinding/rulebinding_interface_mock.go b/admission/rulebinding/rulebinding_interface_mock.go new file mode 100644 index 0000000..cef644a --- /dev/null +++ b/admission/rulebinding/rulebinding_interface_mock.go @@ -0,0 +1,17 @@ +package rulebinding + +import ( + "context" + + "github.com/kubescape/operator/admission/rules" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" +) + +var _ RuleBindingCache = (*RuleBindingCacheMock)(nil) + +type RuleBindingCacheMock struct { +} + +func (r *RuleBindingCacheMock) ListRulesForObject(_ context.Context, _ *unstructured.Unstructured) []rules.RuleEvaluator { + return []rules.RuleEvaluator{} +} diff --git a/admission/rules/rule_interface.go b/admission/rules/rule_interface.go new file mode 100644 index 0000000..f5cfb02 --- /dev/null +++ b/admission/rules/rule_interface.go @@ -0,0 +1,63 @@ +package rules + +import ( + apitypes "github.com/armosec/armoapi-go/armotypes" + "k8s.io/apiserver/pkg/admission" +) + +const ( + RulePriorityNone = 0 + RulePriorityLow = 1 + RulePriorityMed = 5 + RulePriorityHigh = 8 + RulePriorityCritical = 10 + RulePrioritySystemIssue = 1000 +) + +// RuleCreator is an interface for creating rules by tags, IDs, and names +type RuleCreator interface { + CreateRulesByTags(tags []string) []RuleEvaluator + CreateRuleByID(id string) RuleEvaluator + CreateRuleByName(name string) RuleEvaluator +} + +type RuleEvaluator interface { + // Rule ID - this is the rules unique identifier + ID() string + // Rule Name + Name() string + // Rule processing + ProcessEvent(event admission.Attributes, access interface{}) RuleFailure + // Set rule parameters + SetParameters(parameters map[string]interface{}) + // Get rule parameters + GetParameters() map[string]interface{} +} + +type RuleFailure interface { + // Get Base Runtime Alert + GetBaseRuntimeAlert() apitypes.BaseRuntimeAlert + // Get Runtime Process Details + GetRuntimeProcessDetails() apitypes.ProcessTree + // Get Rule Description + GetRuleAlert() apitypes.RuleAlert + // Get Admissions Details + GetAdmissionsAlert() apitypes.AdmissionAlert + // Get K8s Runtime Details + GetRuntimeAlertK8sDetails() apitypes.RuntimeAlertK8sDetails + // Get Rule ID + GetRuleId() string + + // Set Workload Details + SetWorkloadDetails(workloadDetails string) + // Set Base Runtime Alert + SetBaseRuntimeAlert(baseRuntimeAlert apitypes.BaseRuntimeAlert) + // Set Runtime Process Details + SetRuntimeProcessDetails(runtimeProcessDetails apitypes.ProcessTree) + // Set Rule Description + SetRuleAlert(ruleAlert apitypes.RuleAlert) + // Set Admissions Details + SetAdmissionsAlert(admissionsAlert apitypes.AdmissionAlert) + // Set K8s Runtime Details + SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails apitypes.RuntimeAlertK8sDetails) +} diff --git a/admission/rules/rule_interface_mock.go b/admission/rules/rule_interface_mock.go new file mode 100644 index 0000000..a101804 --- /dev/null +++ b/admission/rules/rule_interface_mock.go @@ -0,0 +1,53 @@ +package rules + +import "k8s.io/apiserver/pkg/admission" + +var _ RuleCreator = (*RuleCreatorMock)(nil) + +type RuleCreatorMock struct { +} + +func (r *RuleCreatorMock) CreateRulesByTags(tags []string) []RuleEvaluator { + var rl []RuleEvaluator + for _, t := range tags { + rl = append(rl, &RuleMock{RuleName: t}) + } + return rl +} +func (r *RuleCreatorMock) CreateRuleByID(id string) RuleEvaluator { + return &RuleMock{RuleID: id} +} + +func (r *RuleCreatorMock) CreateRuleByName(name string) RuleEvaluator { + return &RuleMock{RuleName: name} +} + +var _ RuleEvaluator = (*RuleMock)(nil) + +type RuleMock struct { + RuleParameters map[string]interface{} + RuleName string + RuleID string +} + +func (rule *RuleMock) Name() string { + return rule.RuleName +} + +func (rule *RuleMock) ID() string { + return rule.RuleID +} + +func (rule *RuleMock) DeleteRule() { +} + +func (rule *RuleMock) ProcessEvent(event admission.Attributes, access interface{}) RuleFailure { + return nil +} + +func (rule *RuleMock) GetParameters() map[string]interface{} { + return rule.RuleParameters +} +func (rule *RuleMock) SetParameters(p map[string]interface{}) { + rule.RuleParameters = p +} diff --git a/admission/rules/v1/factory.go b/admission/rules/v1/factory.go new file mode 100644 index 0000000..588d400 --- /dev/null +++ b/admission/rules/v1/factory.go @@ -0,0 +1,52 @@ +package rules + +import ( + "github.com/kubescape/operator/admission/rules" +) + +var _ rules.RuleCreator = (*RuleCreatorImpl)(nil) + +type RuleCreatorImpl struct { + ruleDescriptions []RuleDescriptor +} + +func NewRuleCreator() *RuleCreatorImpl { + return &RuleCreatorImpl{ + ruleDescriptions: []RuleDescriptor{ + R2000ExecToPodRuleDescriptor, + R2001PortForwardRuleDescriptor, + }, + } +} + +func (r *RuleCreatorImpl) CreateRulesByTags(tags []string) []rules.RuleEvaluator { + var rules []rules.RuleEvaluator + for _, rule := range r.ruleDescriptions { + if rule.HasTags(tags) { + rules = append(rules, rule.RuleCreationFunc()) + } + } + return rules +} + +func (r *RuleCreatorImpl) CreateRuleByID(id string) rules.RuleEvaluator { + for _, rule := range r.ruleDescriptions { + if rule.ID == id { + return rule.RuleCreationFunc() + } + } + return nil +} + +func (r *RuleCreatorImpl) CreateRuleByName(name string) rules.RuleEvaluator { + for _, rule := range r.ruleDescriptions { + if rule.Name == name { + return rule.RuleCreationFunc() + } + } + return nil +} + +func (r *RuleCreatorImpl) GetAllRuleDescriptors() []RuleDescriptor { + return r.ruleDescriptions +} diff --git a/admission/rules/v1/failureobject.go b/admission/rules/v1/failureobject.go new file mode 100644 index 0000000..1b37815 --- /dev/null +++ b/admission/rules/v1/failureobject.go @@ -0,0 +1,73 @@ +package rules + +import ( + apitypes "github.com/armosec/armoapi-go/armotypes" + "github.com/armosec/utils-k8s-go/wlid" + "github.com/kubescape/operator/admission/rules" +) + +var _ rules.RuleFailure = (*GenericRuleFailure)(nil) + +type GenericRuleFailure struct { + BaseRuntimeAlert apitypes.BaseRuntimeAlert + RuntimeProcessDetails apitypes.ProcessTree + RuleAlert apitypes.RuleAlert + AdmissionAlert apitypes.AdmissionAlert + RuntimeAlertK8sDetails apitypes.RuntimeAlertK8sDetails + RuleID string +} + +func (rule *GenericRuleFailure) GetBaseRuntimeAlert() apitypes.BaseRuntimeAlert { + return rule.BaseRuntimeAlert +} + +func (rule *GenericRuleFailure) GetRuntimeProcessDetails() apitypes.ProcessTree { + return rule.RuntimeProcessDetails +} + +func (rule *GenericRuleFailure) GetAdmissionsAlert() apitypes.AdmissionAlert { + return rule.AdmissionAlert +} + +func (rule *GenericRuleFailure) GetRuleAlert() apitypes.RuleAlert { + return rule.RuleAlert +} + +func (rule *GenericRuleFailure) GetRuntimeAlertK8sDetails() apitypes.RuntimeAlertK8sDetails { + return rule.RuntimeAlertK8sDetails +} + +func (rule *GenericRuleFailure) GetRuleId() string { + return rule.RuleID +} + +func (rule *GenericRuleFailure) SetBaseRuntimeAlert(baseRuntimeAlert apitypes.BaseRuntimeAlert) { + rule.BaseRuntimeAlert = baseRuntimeAlert +} + +func (rule *GenericRuleFailure) SetRuntimeProcessDetails(runtimeProcessDetails apitypes.ProcessTree) { + rule.RuntimeProcessDetails = runtimeProcessDetails +} + +func (rule *GenericRuleFailure) SetAdmissionsAlert(admissionsAlert apitypes.AdmissionAlert) { + rule.AdmissionAlert = admissionsAlert +} + +func (rule *GenericRuleFailure) SetRuleAlert(ruleAlert apitypes.RuleAlert) { + rule.RuleAlert = ruleAlert +} + +func (rule *GenericRuleFailure) SetRuntimeAlertK8sDetails(runtimeAlertK8sDetails apitypes.RuntimeAlertK8sDetails) { + rule.RuntimeAlertK8sDetails = runtimeAlertK8sDetails +} + +func (rule *GenericRuleFailure) SetWorkloadDetails(workloadDetails string) { + if workloadDetails == "" { + return + } + + rule.RuntimeAlertK8sDetails.ClusterName = wlid.GetClusterFromWlid(workloadDetails) + rule.RuntimeAlertK8sDetails.WorkloadKind = wlid.GetKindFromWlid(workloadDetails) + rule.RuntimeAlertK8sDetails.WorkloadNamespace = wlid.GetNamespaceFromWlid(workloadDetails) + rule.RuntimeAlertK8sDetails.WorkloadName = wlid.GetNameFromWlid(workloadDetails) +} diff --git a/admission/rules/v1/r2000_exec_to_pod.go b/admission/rules/v1/r2000_exec_to_pod.go new file mode 100644 index 0000000..c5a1f45 --- /dev/null +++ b/admission/rules/v1/r2000_exec_to_pod.go @@ -0,0 +1,105 @@ +package rules + +import ( + "fmt" + "time" + + "github.com/kubescape/operator/admission/rules" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apiserver/pkg/admission" + "k8s.io/apiserver/pkg/authentication/user" + + apitypes "github.com/armosec/armoapi-go/armotypes" +) + +const ( + R2000ID = "R2000" + R2000Name = "Exec to pod" +) + +var R2000ExecToPodRuleDescriptor = RuleDescriptor{ + ID: R2000ID, + Name: R2000Name, + Description: "Detecting exec to pod", + Tags: []string{"exec"}, + Priority: RulePriorityLow, + RuleCreationFunc: func() rules.RuleEvaluator { + return CreateRuleR2000ExecToPod() + }, +} + +type R2000ExecToPod struct { + BaseRule +} + +func CreateRuleR2000ExecToPod() *R2000ExecToPod { + return &R2000ExecToPod{} +} +func (rule *R2000ExecToPod) Name() string { + return R2000Name +} + +func (rule *R2000ExecToPod) ID() string { + return R2000ID +} + +func (rule *R2000ExecToPod) DeleteRule() { +} + +func (rule *R2000ExecToPod) ProcessEvent(event admission.Attributes, access interface{}) rules.RuleFailure { + if event == nil { + return nil + } + + if event.GetKind().Kind != "PodExecOptions" { + return nil + } + + var oldObject *unstructured.Unstructured + if event.GetOldObject() != nil { + oldObject = event.GetOldObject().(*unstructured.Unstructured) + } + + var options *unstructured.Unstructured + if event.GetOperationOptions() != nil { + options = event.GetOperationOptions().(*unstructured.Unstructured) + } + + ruleFailure := GenericRuleFailure{ + BaseRuntimeAlert: apitypes.BaseRuntimeAlert{ + AlertName: rule.Name(), + FixSuggestions: "If this is a legitimate action, please consider removing this workload from the binding of this rule", + Severity: R2000ExecToPodRuleDescriptor.Priority, + Timestamp: time.Unix(0, time.Now().UnixNano()), + }, + AdmissionAlert: apitypes.AdmissionAlert{ + Kind: event.GetKind(), + ObjectName: event.GetName(), + RequestNamespace: event.GetNamespace(), + Resource: event.GetResource(), + Operation: event.GetOperation(), + Object: event.GetObject().(*unstructured.Unstructured), + Subresource: event.GetSubresource(), + UserInfo: &user.DefaultInfo{ + Name: event.GetUserInfo().GetName(), + UID: event.GetUserInfo().GetUID(), + Groups: event.GetUserInfo().GetGroups(), + Extra: event.GetUserInfo().GetExtra(), + }, + + DryRun: event.IsDryRun(), + Options: options, + OldObject: oldObject, + }, + RuleAlert: apitypes.RuleAlert{ + RuleDescription: fmt.Sprintf("Exec to pod detected on pod %s", event.GetName()), + }, + RuntimeAlertK8sDetails: apitypes.RuntimeAlertK8sDetails{ + PodName: event.GetName(), + Namespace: event.GetNamespace(), + }, + RuleID: R2000ID, + } + + return &ruleFailure +} diff --git a/admission/rules/v1/r2000_exec_to_pod_test.go b/admission/rules/v1/r2000_exec_to_pod_test.go new file mode 100644 index 0000000..aacfcc0 --- /dev/null +++ b/admission/rules/v1/r2000_exec_to_pod_test.go @@ -0,0 +1,46 @@ +package rules + +import ( + "testing" + + "github.com/zeebo/assert" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apiserver/pkg/admission" + "k8s.io/apiserver/pkg/authentication/user" +) + +func TestR2000(t *testing.T) { + event := admission.NewAttributesRecord( + &unstructured.Unstructured{ + Object: map[string]interface{}{ + "kind": "PodExecOptions", + }, + }, + nil, + schema.GroupVersionKind{ + Kind: "PodExecOptions", + }, + "test-namespace", + "test-pod", + schema.GroupVersionResource{ + Resource: "pods", + }, + "", + admission.Create, + nil, + false, + &user.DefaultInfo{ + Name: "test-user", + Groups: []string{"test-group"}, + }, + ) + + rule := CreateRuleR2000ExecToPod() + result := rule.ProcessEvent(event, nil) + + assert.NotNil(t, result) + assert.Equal(t, "Exec to pod detected on pod test-pod", result.GetRuleAlert().RuleDescription) + assert.Equal(t, "test-pod", result.GetRuntimeAlertK8sDetails().PodName) + assert.Equal(t, "test-namespace", result.GetRuntimeAlertK8sDetails().Namespace) +} diff --git a/admission/rules/v1/r2001_portforward.go b/admission/rules/v1/r2001_portforward.go new file mode 100644 index 0000000..69871cc --- /dev/null +++ b/admission/rules/v1/r2001_portforward.go @@ -0,0 +1,105 @@ +package rules + +import ( + "fmt" + "time" + + "github.com/kubescape/operator/admission/rules" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apiserver/pkg/admission" + "k8s.io/apiserver/pkg/authentication/user" + + apitypes "github.com/armosec/armoapi-go/armotypes" +) + +const ( + R2001ID = "R2001" + R2001Name = "Port forward" +) + +var R2001PortForwardRuleDescriptor = RuleDescriptor{ + ID: R2001ID, + Name: R2001Name, + Description: "Detecting port forward", + Tags: []string{"portforward"}, + Priority: RulePriorityLow, + RuleCreationFunc: func() rules.RuleEvaluator { + return CreateRuleR2001PortForward() + }, +} + +type R2001PortForward struct { + BaseRule +} + +func CreateRuleR2001PortForward() *R2001PortForward { + return &R2001PortForward{} +} +func (rule *R2001PortForward) Name() string { + return R2001Name +} + +func (rule *R2001PortForward) ID() string { + return R2001ID +} + +func (rule *R2001PortForward) DeleteRule() { +} + +func (rule *R2001PortForward) ProcessEvent(event admission.Attributes, access interface{}) rules.RuleFailure { + if event == nil { + return nil + } + + if event.GetKind().Kind != "PodPortForwardOptions" { + return nil + } + + var oldObject *unstructured.Unstructured + if event.GetOldObject() != nil { + oldObject = event.GetOldObject().(*unstructured.Unstructured) + } + + var options *unstructured.Unstructured + if event.GetOperationOptions() != nil { + options = event.GetOperationOptions().(*unstructured.Unstructured) + } + + ruleFailure := GenericRuleFailure{ + BaseRuntimeAlert: apitypes.BaseRuntimeAlert{ + AlertName: rule.Name(), + FixSuggestions: "If this is a legitimate action, please consider removing this workload from the binding of this rule", + Severity: R2001PortForwardRuleDescriptor.Priority, + Timestamp: time.Unix(0, time.Now().UnixNano()), + }, + AdmissionAlert: apitypes.AdmissionAlert{ + Kind: event.GetKind(), + ObjectName: event.GetName(), + RequestNamespace: event.GetNamespace(), + Resource: event.GetResource(), + Operation: event.GetOperation(), + Object: event.GetObject().(*unstructured.Unstructured), + Subresource: event.GetSubresource(), + UserInfo: &user.DefaultInfo{ + Name: event.GetUserInfo().GetName(), + UID: event.GetUserInfo().GetUID(), + Groups: event.GetUserInfo().GetGroups(), + Extra: event.GetUserInfo().GetExtra(), + }, + + DryRun: event.IsDryRun(), + Options: options, + OldObject: oldObject, + }, + RuleAlert: apitypes.RuleAlert{ + RuleDescription: fmt.Sprintf("Port forward detected on pod %s", event.GetName()), + }, + RuntimeAlertK8sDetails: apitypes.RuntimeAlertK8sDetails{ + PodName: event.GetName(), + Namespace: event.GetNamespace(), + }, + RuleID: R2001ID, + } + + return &ruleFailure +} diff --git a/admission/rules/v1/r2001_portforward_test.go b/admission/rules/v1/r2001_portforward_test.go new file mode 100644 index 0000000..459dde3 --- /dev/null +++ b/admission/rules/v1/r2001_portforward_test.go @@ -0,0 +1,46 @@ +package rules + +import ( + "testing" + + "github.com/zeebo/assert" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apiserver/pkg/admission" + "k8s.io/apiserver/pkg/authentication/user" +) + +func TestR2001(t *testing.T) { + event := admission.NewAttributesRecord( + &unstructured.Unstructured{ + Object: map[string]interface{}{ + "kind": "PodPortForwardOptions", + }, + }, + nil, + schema.GroupVersionKind{ + Kind: "PodPortForwardOptions", + }, + "test-namespace", + "test-pod", + schema.GroupVersionResource{ + Resource: "pods", + }, + "", + admission.Create, + nil, + false, + &user.DefaultInfo{ + Name: "test-user", + Groups: []string{"test-group"}, + }, + ) + + rule := CreateRuleR2001PortForward() + result := rule.ProcessEvent(event, nil) + + assert.NotNil(t, result) + assert.Equal(t, "Port forward detected on pod test-pod", result.GetRuleAlert().RuleDescription) + assert.Equal(t, "test-pod", result.GetRuntimeAlertK8sDetails().PodName) + assert.Equal(t, "test-namespace", result.GetRuntimeAlertK8sDetails().Namespace) +} diff --git a/admission/rules/v1/rule.go b/admission/rules/v1/rule.go new file mode 100644 index 0000000..ed1e220 --- /dev/null +++ b/admission/rules/v1/rule.go @@ -0,0 +1,67 @@ +package rules + +import ( + "github.com/kubescape/operator/admission/rules" + + "github.com/goradd/maps" +) + +const ( + RulePriorityNone = 0 + RulePriorityLow = 1 + RulePriorityMed = 5 + RulePriorityHigh = 8 + RulePriorityCritical = 10 + RulePrioritySystemIssue = 1000 +) + +type RuleDescriptor struct { + // Rule ID + ID string + // Rule Name + Name string + // Rule Description + Description string + // Priority + Priority int + // Tags + Tags []string + // Create a rule function + RuleCreationFunc func() rules.RuleEvaluator +} + +func (r *RuleDescriptor) HasTags(tags []string) bool { + for _, tag := range tags { + for _, ruleTag := range r.Tags { + if tag == ruleTag { + return true + } + } + } + return false +} + +type BaseRule struct { + // Mutex for protecting rule parameters. + parameters maps.SafeMap[string, interface{}] +} + +func (br *BaseRule) SetParameters(parameters map[string]interface{}) { + for k, v := range parameters { + br.parameters.Set(k, v) + } +} + +func (br *BaseRule) GetParameters() map[string]interface{} { + + // Create a copy to avoid returning a reference to the internal map + parametersCopy := make(map[string]interface{}, br.parameters.Len()) + + br.parameters.Range( + func(key string, value interface{}) bool { + parametersCopy[key] = value + return true + }, + ) + return parametersCopy +} diff --git a/admission/webhook/server.go b/admission/webhook/server.go new file mode 100644 index 0000000..0332a04 --- /dev/null +++ b/admission/webhook/server.go @@ -0,0 +1,404 @@ +package webhook + +import ( + "bytes" + "context" + "encoding/json" + "errors" + "fmt" + "net/http" + "os" + "reflect" + "sync" + "time" + + "github.com/kubescape/node-agent/pkg/watcher" + + "github.com/kubescape/go-logger" + "github.com/kubescape/go-logger/helpers" + admissionv1 "k8s.io/api/admission/v1" + authenticationv1 "k8s.io/api/authentication/v1" + k8serrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/runtime/serializer" + "k8s.io/apimachinery/pkg/types" + "k8s.io/apiserver/pkg/admission" + "k8s.io/apiserver/pkg/authentication/user" +) + +type AdmissionWebhookInterface interface { + // Runs the webhook server until the passed context is cancelled, or it + // experiences an internal error. + // + // Error is always non-nil and will always be one of: + // deadline exceeded + // context cancelled + // or http listen error + Run(ctx context.Context) error +} + +type webhook struct { + validator admission.ValidationInterface + objectInferfaces admission.ObjectInterfaces + decoder runtime.Decoder + addr string + certFile string + keyFile string + watcher watcher.Watcher +} + +func New(addr string, certFile, keyFile string, scheme *runtime.Scheme, validator admission.ValidationInterface, watcher watcher.Watcher) AdmissionWebhookInterface { + codecs := serializer.NewCodecFactory(scheme) + return &webhook{ + objectInferfaces: admission.NewObjectInterfacesFromScheme(scheme), + decoder: codecs.UniversalDeserializer(), + validator: validator, + addr: addr, + certFile: certFile, + keyFile: keyFile, + watcher: watcher, + } +} + +func notifyChanges(ctx context.Context, paths ...string) <-chan struct{} { + type info struct { + modTime time.Time + err string + } + infos := map[string]info{} + getInfos := func() map[string]info { + res := map[string]info{} + for _, v := range paths { + fileInfo, err := os.Stat(v) + if err != nil { + infos[v] = info{err: err.Error()} + } else { + infos[v] = info{modTime: fileInfo.ModTime()} + } + } + return res + } + lastInfos := getInfos() + + res := make(chan struct{}) + go func() { + defer close(res) + + for { + select { + case <-ctx.Done(): + // context cancelled, stop watching + return + + case <-time.After(2 * time.Second): + newInfos := getInfos() + if reflect.DeepEqual(lastInfos, newInfos) { + continue + } + + lastInfos = newInfos + + // skip event if client has not read last change + select { + case res <- struct{}{}: + default: + } + } + } + }() + return res +} + +func (wh *webhook) Run(ctx context.Context) error { + var serverError error + var wg sync.WaitGroup + + logger.L().Info("starting webhook HTTP server") + defer logger.L().Info("stopping webhook HTTP server") + defer wg.Wait() + + wg.Add(1) + defer wg.Done() + + launchServer := func() (*http.Server, <-chan error) { + mux := http.NewServeMux() + mux.HandleFunc("/health", wh.handleHealth) + mux.HandleFunc("/validate", wh.handleWebhookValidate) + srv := &http.Server{} + srv.Handler = mux + srv.Addr = wh.addr + + errChan := make(chan error) + + wg.Add(1) + go func() { + defer wg.Done() + defer close(errChan) + + err := srv.ListenAndServeTLS(wh.certFile, wh.keyFile) + errChan <- err + // ListenAndServeTLS always returns non-nil error + }() + + return srv, errChan + } + + watchCtx, cancelWatches := context.WithCancel(ctx) + defer cancelWatches() + + keyWatch := notifyChanges(watchCtx, wh.certFile, wh.keyFile) + + currentServer, currentErrorChannel := launchServer() +loop: + for { + select { + case <-ctx.Done(): + // If the caller closed their context, rather than the server having errored, + // close the server. srv.Close() is safe to call on an already-closed server + // + // note: should we prefer to use Shutdown with a deadline for graceful close + // rather than Close? + if err := currentServer.Close(); err != nil { + // Errors with gracefully shutting down connections. Not fatal. Server + // is still closed. + logger.L().Error("error closing server", helpers.Error(err)) + } + serverError = ctx.Err() + break loop + case serverError = <-currentErrorChannel: + // Server was closed independently of being restarted + break loop + + case _, ok := <-keyWatch: + if !ok { + serverError = watchCtx.Err() + break loop + } + + logger.L().Info("TLS input has changed, restarting HTTP server") + + // Graceful shutdown, ignore any errors + wg.Add(1) + + webhookServer := currentServer + go func() { + defer wg.Done() + + //!TOOD: add shutdown timeout, requests to a webhook should + // not be long-lived + shutdownCtx, shutdownCancel := context.WithTimeout(watchCtx, 5*time.Second) + defer shutdownCancel() + + webhookServer.Shutdown(shutdownCtx) + }() + currentServer, currentErrorChannel = launchServer() + } + } + return serverError +} + +func (wh *webhook) handleHealth(w http.ResponseWriter, req *http.Request) { + fmt.Fprint(w, "OK") +} + +func (wh *webhook) handleWebhookValidate(w http.ResponseWriter, req *http.Request) { + parsed, err := parseRequest(req) + if err != nil { + http.Error(w, err.Error(), http.StatusBadRequest) + return + } + + failure := func(err error, status int) { + http.Error(w, err.Error(), status) + logger.L().Error("review response", helpers.String("uid", string(parsed.Request.UID)), helpers.Int("status", status), helpers.Error(err)) + } + + err = nil + + var attrs admission.Attributes + + if wh.validator.Handles(admission.Operation(parsed.Request.Operation)) { + var object runtime.Object + var oldObject runtime.Object + + if len(parsed.Request.OldObject.Raw) > 0 { + obj, gvk, err := wh.decoder.Decode(parsed.Request.OldObject.Raw, nil, nil) + switch { + case gvk == nil || *gvk != schema.GroupVersionKind(parsed.Request.Kind): + // GVK case first. If object type is unknown it is parsed to + // unstructured, but + failure(fmt.Errorf("unexpected GVK %v. Expected %v", gvk, parsed.Request.Kind), http.StatusBadRequest) + return + case err != nil && runtime.IsNotRegisteredError(err): + var oldUnstructured unstructured.Unstructured + err = json.Unmarshal(parsed.Request.OldObject.Raw, &oldUnstructured) + if err != nil { + failure(err, http.StatusInternalServerError) + return + } + + oldObject = &oldUnstructured + case err != nil: + failure(err, http.StatusBadRequest) + return + default: + oldObject = obj + } + } + + if len(parsed.Request.Object.Raw) > 0 { + obj, gvk, err := wh.decoder.Decode(parsed.Request.Object.Raw, nil, nil) + switch { + case gvk == nil || *gvk != schema.GroupVersionKind(parsed.Request.Kind): + // GVK case first. If object type is unknown it is parsed to + // unstructured, but + failure(fmt.Errorf("unexpected GVK %v. Expected %v", gvk, parsed.Request.Kind), http.StatusBadRequest) + return + case err != nil && runtime.IsNotRegisteredError(err): + var objUnstructured unstructured.Unstructured + err = json.Unmarshal(parsed.Request.Object.Raw, &objUnstructured) + if err != nil { + failure(err, http.StatusInternalServerError) + return + } + + object = &objUnstructured + case err != nil: + failure(err, http.StatusBadRequest) + return + default: + object = obj + } + } + + // Parse into native types if possible + convertExtra := func(input map[string]authenticationv1.ExtraValue) map[string][]string { + if input == nil { + return nil + } + + res := map[string][]string{} + for k, v := range input { + var converted []string + for _, s := range v { + converted = append(converted, string(s)) + } + res[k] = converted + } + return res + } + + //!TODO: Parse options as v1.CreateOptions, v1.DeleteOptions, or v1.PatchOptions + + attrs = admission.NewAttributesRecord( + object, + oldObject, + schema.GroupVersionKind(parsed.Request.Kind), + parsed.Request.Namespace, + parsed.Request.Name, + schema.GroupVersionResource{ + Group: parsed.Request.Resource.Group, + Version: parsed.Request.Resource.Version, + Resource: parsed.Request.Resource.Resource, + }, + parsed.Request.SubResource, + admission.Operation(parsed.Request.Operation), + nil, // operation options? + false, + &user.DefaultInfo{ + Name: parsed.Request.UserInfo.Username, + UID: parsed.Request.UserInfo.UID, + Groups: parsed.Request.UserInfo.Groups, + Extra: convertExtra(parsed.Request.UserInfo.Extra), + }) + + err = wh.validator.Validate(context.TODO(), attrs, wh.objectInferfaces) + } + + response := wh.reviewResponse( + parsed.Request.UID, + err, + attrs, + ) + + out, err := json.Marshal(response) + if err != nil { + failure(err, http.StatusInternalServerError) + return + } + + w.Header().Set("Content-Type", "application/json") + w.Write(out) +} + +func (wh *webhook) reviewResponse(uid types.UID, err error, attrs admission.Attributes) *admissionv1.AdmissionReview { + var status int32 = http.StatusAccepted + if err != nil { + status = http.StatusForbidden + } + reason := metav1.StatusReasonUnknown + message := "valid" + if err != nil { + message = err.Error() + } + + var statusErr *k8serrors.StatusError + if ok := errors.As(err, &statusErr); ok { + reason = statusErr.ErrStatus.Reason + message = statusErr.ErrStatus.Message + status = statusErr.ErrStatus.Code + } + + // If the request is denied, we want to log the request and the reason for the denial. (denied == allowed but we want to audit). + if status != http.StatusAccepted { + logger.L().Debug("admission audit", helpers.Error(err), helpers.Interface("attrs", attrs)) + } + + // We don't want to deny the requests. + return &admissionv1.AdmissionReview{ + TypeMeta: metav1.TypeMeta{ + Kind: "AdmissionReview", + APIVersion: "admission.k8s.io/v1", + }, + Response: &admissionv1.AdmissionResponse{ + UID: uid, + Allowed: true, + Result: &metav1.Status{ + Code: http.StatusAccepted, + Message: message, + Reason: reason, + }, + }, + } +} + +// parseRequest extracts an AdmissionReview from an http.Request if possible +func parseRequest(r *http.Request) (*admissionv1.AdmissionReview, error) { + if r.Header.Get("Content-Type") != "application/json" { + return nil, fmt.Errorf("Content-Type: %q should be %q", + r.Header.Get("Content-Type"), "application/json") + } + + bodybuf := new(bytes.Buffer) + bodybuf.ReadFrom(r.Body) + body := bodybuf.Bytes() + + if len(body) == 0 { + return nil, fmt.Errorf("admission request body is empty") + } + + var admissionReview admissionv1.AdmissionReview + + if err := json.Unmarshal(body, &admissionReview); err != nil { + return nil, fmt.Errorf("could not parse admission review request: %v", err) + } + + if admissionReview.Request == nil { + return nil, fmt.Errorf("admission review can't be used: Request field is nil") + } + + return &admissionReview, nil +} diff --git a/admission/webhook/server_test.go b/admission/webhook/server_test.go new file mode 100644 index 0000000..a19283b --- /dev/null +++ b/admission/webhook/server_test.go @@ -0,0 +1,131 @@ +package webhook + +import ( + "bytes" + "context" + "crypto/tls" + "encoding/json" + "io" + "net/http" + "net/http/httptest" + "testing" + "time" + + "github.com/kubescape/node-agent/pkg/watcher" + "github.com/stretchr/testify/assert" + admissionv1 "k8s.io/api/admission/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/serializer" + "k8s.io/apiserver/pkg/admission" +) + +// MockValidator is a mock implementation of the admission.ValidationInterface for testing purposes +type MockValidator struct{} + +func (v *MockValidator) Handles(o admission.Operation) bool { + return true +} + +func (v *MockValidator) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error { + return nil +} + +func TestHandleHealth(t *testing.T) { + wh := &webhook{} + req := httptest.NewRequest("GET", "http://localhost/health", nil) + w := httptest.NewRecorder() + + wh.handleHealth(w, req) + + resp := w.Result() + body, _ := io.ReadAll(resp.Body) + + assert.Equal(t, "OK", string(body)) + assert.Equal(t, http.StatusOK, resp.StatusCode) +} + +func TestHandleWebhookValidate(t *testing.T) { + scheme := runtime.NewScheme() + codecs := serializer.NewCodecFactory(scheme) + decoder := codecs.UniversalDeserializer() + + wh := &webhook{ + validator: &MockValidator{}, + objectInferfaces: admission.NewObjectInterfacesFromScheme(scheme), + decoder: decoder, + } + + review := admissionv1.AdmissionReview{ + Request: &admissionv1.AdmissionRequest{ + UID: "12345", + Kind: v1.GroupVersionKind{Group: "apps", Version: "v1", Kind: "Deployment"}, + Object: runtime.RawExtension{ + Raw: []byte(`{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"name":"test"}}`), + }, + }, + } + reviewBytes, _ := json.Marshal(review) + req := httptest.NewRequest("POST", "http://localhost/validate", bytes.NewReader(reviewBytes)) + req.Header.Set("Content-Type", "application/json") + w := httptest.NewRecorder() + + wh.handleWebhookValidate(w, req) + + resp := w.Result() + body, _ := io.ReadAll(resp.Body) + + assert.Equal(t, http.StatusOK, resp.StatusCode) + + var admissionReview admissionv1.AdmissionReview + err := json.Unmarshal(body, &admissionReview) + assert.NoError(t, err) + assert.Equal(t, review.Request.UID, admissionReview.Response.UID) + assert.True(t, admissionReview.Response.Allowed) +} + +func TestRun(t *testing.T) { + admissionController := New(":8443", "testdata/cert.pem", "testdata/key.pem", runtime.NewScheme(), &MockValidator{}, watcher.NewWatcherMock()) + + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + errChan := make(chan error) + go func() { + errChan <- admissionController.Run(ctx) + }() + + // Allow more time for the server to start + time.Sleep(5 * time.Second) + + // Make a health check request + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + }, + } + resp, err := client.Get("https://localhost:8443/health") + if err != nil { + t.Fatalf("failed to get health check: %v", err) + } + defer resp.Body.Close() + + body, _ := io.ReadAll(resp.Body) + assert.Equal(t, "OK", string(body)) + assert.Equal(t, http.StatusOK, resp.StatusCode) + + // Cancel the context to stop the server + cancel() + + // Wait for the server to shut down + select { + case err := <-errChan: + if err != nil && err != http.ErrServerClosed && err != context.Canceled { + t.Fatalf("Run method returned error: %v", err) + } + case <-time.After(15 * time.Second): + t.Fatal("server did not shut down in time") + default: + return + } +} diff --git a/admission/webhook/testdata/cert.pem b/admission/webhook/testdata/cert.pem new file mode 100644 index 0000000..49a2555 --- /dev/null +++ b/admission/webhook/testdata/cert.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFCTCCAvGgAwIBAgIUOfw+ItKo9OUpC1cyG8vTJ8LOXdYwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI0MDcxNDExMDkwM1oXDTI1MDcx +NDExMDkwM1owFDESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEAs1Jv3j2RSkjKJg6q51C2h1HKkf1u50cWxsTYaQv+U7O5 +nnQVwDiuozdbQrIbCBwr/BTkZvfnIsOHdLL3pKWau7Bq/4KhIYbFM/1CHBFtFwzv +hBmqV69GWE1/RAsSR8T3P1hdWXdYgvwaba36mrKOA63BdpENkCgA3zL+t6U2ggKs +QqFontT0yw/BCMrA81DSJCsrPcn698qLErZaIXvYMvPkGyUgebNlICzFugiWAqAQ +dZTsisQMmQAoJo0NByOK96QPuOmj0w4ZxN1R/Ug/hGUpmBLwz7ngv2/HMWkpSgJk +pIenUtYHE9rCg7Uy7oP+bft/HsptKz8sHJJfoF+t/aR8UfomKCD64MMpPBMHg3Ko +2fE2q27Rnl8+6rYymdQQ7KN0NZsLdbNAN3Xxdl0TB/jmbEXHRd/iY+6BDfdv89s2 ++U5bW1qJS+QuSX7IS1N6hWp4GP6hlK1T/rGIJpxAyOB2XzgUrU/lDsi//hUo6wXN +paPHUKnqTV9DQeTPK5vSzHqYt8Foemr2pJn0KwdQMTDxwl0jhVqZtIa3CPOT5Av3 +1lW/BMAOEIfsepkq0oOx2mg0HmzhRQtqPhmcXCmXm4dEbwe2p0lFC/QskYqa43sk +QfljMrVOfpN0Gxac7wX/HFqX2mREBNzIg4hWVPcOQm96yHYNyhgjVwqFKlaj698C +AwEAAaNTMFEwHQYDVR0OBBYEFNWsRaReo4K9ddebIDSAls38o/DXMB8GA1UdIwQY +MBaAFNWsRaReo4K9ddebIDSAls38o/DXMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggIBACpYdNrRijZjHDzv3W8xQuhjn5Sn4ImfD0c6CZ6ENlm9vuhK +/4EwzBofd1pec3hA+CNKvIU7D6VkfroTlVF1us1Xnq0W1CorT2k4muALT8yIPtL7 +T41ZNiD7+ULhBxqrFlOXMs5TRlMP1sx0A9muggKuCzreKnDf8rkTTOIj+XiPt8j2 +xYRiCsg94o/TV6cL+XMQ5QztpYzliehwfNAupal8IvwOjlg8OyOZb0GqcFirZ5pS +N8Ofhrelonl3fAoGSN9Ey9RPoetcFobjj4sHp+hLXoKzPmn+gjXAoLymm0hZahWz +gIijbSeV8plbPKd2YAEm1sQ8hq+6K3ze95g1YWepvhzlxbOxPNpZX5CEAFe9nqqq +mxgbim75gWKqB2Bm6QqQpo2RePPw3ZqJwvHjGDMfihw6FONCE2P1KulYcK95SZ9l +Rn2Av3g5b2uBYwJ0aEjKj30gO2KUCxFhESlhCjKQSBAn0SGQTB2DrW2gMzrq/yhN +X2oBa6CZeZXWXJzaVKxweZbSylNtfTT8m+5B7CrVxE7ikv3IcHbTzgBF0rqxRpmt +/vlulSUwejq2f5YWLy7JwS8pS1dZoW902JhjaxvHti9gDJeQ6b/oSERF0ymgQts8 +PdXeP9ik0cJSP0UGOiqdfzE23SnZorAuS2ymmQLr2xd2/jLZMB0gwm9WQ17x +-----END CERTIFICATE----- diff --git a/admission/webhook/testdata/key.pem b/admission/webhook/testdata/key.pem new file mode 100644 index 0000000..7020325 --- /dev/null +++ b/admission/webhook/testdata/key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCzUm/ePZFKSMom +DqrnULaHUcqR/W7nRxbGxNhpC/5Ts7medBXAOK6jN1tCshsIHCv8FORm9+ciw4d0 +svekpZq7sGr/gqEhhsUz/UIcEW0XDO+EGapXr0ZYTX9ECxJHxPc/WF1Zd1iC/Bpt +rfqaso4DrcF2kQ2QKADfMv63pTaCAqxCoWie1PTLD8EIysDzUNIkKys9yfr3yosS +tlohe9gy8+QbJSB5s2UgLMW6CJYCoBB1lOyKxAyZACgmjQ0HI4r3pA+46aPTDhnE +3VH9SD+EZSmYEvDPueC/b8cxaSlKAmSkh6dS1gcT2sKDtTLug/5t+38eym0rPywc +kl+gX639pHxR+iYoIPrgwyk8EweDcqjZ8TarbtGeXz7qtjKZ1BDso3Q1mwt1s0A3 +dfF2XRMH+OZsRcdF3+Jj7oEN92/z2zb5TltbWolL5C5JfshLU3qFangY/qGUrVP+ +sYgmnEDI4HZfOBStT+UOyL/+FSjrBc2lo8dQqepNX0NB5M8rm9LMepi3wWh6avak +mfQrB1AxMPHCXSOFWpm0hrcI85PkC/fWVb8EwA4Qh+x6mSrSg7HaaDQebOFFC2o+ +GZxcKZebh0RvB7anSUUL9CyRiprjeyRB+WMytU5+k3QbFpzvBf8cWpfaZEQE3MiD +iFZU9w5Cb3rIdg3KGCNXCoUqVqPr3wIDAQABAoICAA3ZwjZCPySjtql13JF9VHvj +P2hDUPugLAwyTBzhBkXkzeOFR+DO//4vWmcuZpQbyPHxkyq43yt6Os4yvJoFCIyS +tdECf/uc80Juv1p3phtvrlhfux6GtUJAyiGxUTol5osIAj3U0Atd+ZSbKY4lWH7E +PvsvfQKzdE3JHI+GvU0Rc8i5uuD5xeahUuGg94JTrceJZg+huDbHeDJ7zz5i2HIn +EGlgVr/PsXHow2T5IM0XG+5ZEGQvfGGc93zyzBzPC/7Qtz4rHbJBlo/0IE8V84IA +ZlQOsnb4/nkK4zHX046Z3LgwmiX1zhokfX260zJFE7PfBxSTwhbjDD8wtx4mBcQ+ +gndBnk+pDYdQehtCg7+thWEv1co3Jfb/VAqyOMhpV7lubbmOmHMhuqgDsIzHTof8 +6/PTyeObbmBz2/TygspQG3vxymr9GfdsGsH65SzXkylN/3vdxg21LRiMGpy9y/ge +TilEN66VgS0RAHai21OZeVZ0oszPkVvJ4R4fsfq3YbpZr/PvuKYYoyRTS3lbm2DO +14OBMA/U4nBz42la3BbcJfwcLwSvugkJKTo6Spjpdu648abP63DMhJ9e545mBw/P +b/+kH0fF7dHfChPEfXssiLaQ0Z0Tote8gj8Qewmbnl73Sm7hZZVk/Vk+TeZCFbTF +++zwQ/v0zDeP+tNzmvLRAoIBAQDbiJEMw6SfaV5BCCNmjA1DAFfnD571oBdf/QOL +nIzCHP9gogWAaUcJdGQ0njZyOs1oAXJnupw9d6xODxlygW7NQKP2n+zF4WtpefDF +a00T3Za7EIwo71aTKPBsH8Gc9hNlq8ucxdeus7tLU/AsN/7dxXWoUS0hz2L1W72R +0y6T+LFzZW6z0yMOA/PbVWhoRHESD6AeMnEH61Z20UhH2/7fpUrX0BcTb6GhY5f5 +1BqtOgwUzqGKoGk+OEMEo8YEtk9JWxoG/s2cCZed1YP1NyZderVE4eAB7v+4nYGZ +7U1GAjOC2TayIcSoKsAcGqQDouZFBqlE/qPgzs3neoKszVRtAoIBAQDRG+ubRrwu +ECAxv2chqMPnLzLH9Ct6TAUpYfcIbNpJ4Sz5oli/mhq6fvemcUQsOEB1ylY6AV1n +pueot+hByMAt70AjhckHglNGtNkYe6dTid9agNfsJ5kSPPj4RquTiR7CL6SUe7Pj +Wqp3YIrCGl6DBAtEhsEzCHBEowqA5jijSmQVv/+JWzEQnxhlnzujW6J5SpmP+z5a +DRLLBihU3Ln4y+giCS6sYU12P+OOm6OBG9rfxJPDsc1W/C1GLqIzktEfRiEb4Tlm +jUqfKuml6hPMCxmGEfeBT1gMMsPUk5wnXCjItFBcPM/nm1L3WhuPL4oaCFrbpT0J +GQszTnONMZn7AoIBAAI6Q4aGobAAaLVuOLW8rBHG+h1dGjbR1griTVvoTcFWe/zm +B/pClzbwWGf0Rwcns5ffk+KbkSRKh5QPMSnpSE+K3V8ORl/HpsheNWQ7b3/JGtNx +Gor7yrwZiT7/n35RPOcmNB22IDckmbzs8B3yv4JOk6AOms+iBBYLRUQqiWl094/9 +Mn9eoBdvUNUj67hLIX6WbACCcIUtDSaNfxdDkzV/vt+ru+A1nMU/dnZRgafKU/8O +DbOTZx37giqU4th/ZRSQeRYjFcEEk+ZFGV6unZQLP7WgOR6r5ypfZsZCEyunsBAe +1iA+mXk/Xc2rM4jZ6U5AAA20K8OHNa2on5TTTI0CggEANCyjPLsJePTNE5yOPve8 +6ZH9OabSslEFeK3Y1WFTldt5PVAklKn+wUmswPrB58ahTsKNgSuWAqbCZnZ8nO1a +BhwMBND8t8LsxFebU2CG/3EHKa28MlAvAT31YP1BEi7EXe9FQUccOz4ECoUsGgI6 +UrZPmWmGCxWv7XBAzqiiuRt2nXaqa7s1ItCPZcu1Na1HfLwAVMx7Yjyg08dViNcK +D+nQoa1o19nvWfHW9V4gDbbFhc+mjs1uTqXdJgW8suGPDB6TZEFt8QiP9ebfJWai +Seb7F1ikSL9jWKfR9NhfvfJgurNC2cDSnxdCPDVfavqRmq06/lLcR8jX4pVQf4pA +wQKCAQEAzDxSk2sxeYI0diP37XrkoYt55O+I0UpBcbHcwMoMqhp6iwLjw1HGyA7m +0dXMcPUMX7YsPceAaOUPcB9fVZ4v4xo/340UG5zXdSF/A10xbIEiGUaJL1KpJDvh +L/0+uks8wNOxJ+mhkZQUBAn/mMX4tv+csrvtSitV16zdFgaWSd/Xbn1R115wmJJB +4GDnIyP0IO3aqA33H4jYRm/w5WFVexhaf88BmC4A7mqkxT8hrsUXZe8lqcOMWXj+ +3YL5n9RNhDTtZO6MMG+0oVQqRxieqHLtpQztgy/qzkataZBIN3al3pJxx3jNSTqf +28dMm0OdcR0nHv95X8iDumIn5HsFlw== +-----END PRIVATE KEY----- diff --git a/admission/webhook/validator.go b/admission/webhook/validator.go new file mode 100644 index 0000000..418aadd --- /dev/null +++ b/admission/webhook/validator.go @@ -0,0 +1,82 @@ +package webhook + +import ( + "context" + "fmt" + + "github.com/kubescape/go-logger" + "github.com/kubescape/go-logger/helpers" + "github.com/kubescape/k8s-interface/k8sinterface" + exporters "github.com/kubescape/operator/admission/exporter" + "github.com/kubescape/operator/admission/rulebinding" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apiserver/pkg/admission" +) + +type AdmissionValidator struct { + kubernetesClient *k8sinterface.KubernetesApi + exporter *exporters.HTTPExporter + ruleBindingCache rulebinding.RuleBindingCache +} + +func NewAdmissionValidator(kubernetesClient *k8sinterface.KubernetesApi, exporter *exporters.HTTPExporter, ruleBindingCache rulebinding.RuleBindingCache) *AdmissionValidator { + return &AdmissionValidator{ + kubernetesClient: kubernetesClient, + exporter: exporter, + ruleBindingCache: ruleBindingCache, + } +} + +// We are implementing the Validate method from the ValidationInterface interface. +func (av *AdmissionValidator) Validate(ctx context.Context, attrs admission.Attributes, o admission.ObjectInterfaces) (err error) { + if attrs.GetObject() != nil { + var object *unstructured.Unstructured + // Fetch the resource if it is a pod and the object is not a pod. + if attrs.GetResource().Resource == "pods" && attrs.GetKind().Kind != "Pod" { + object, err = av.fetchResource(ctx, attrs) + if err != nil { + return admission.NewForbidden(attrs, fmt.Errorf("failed to fetch resource: %w", err)) + } + } else { + object = attrs.GetObject().(*unstructured.Unstructured) + } + + rules := av.ruleBindingCache.ListRulesForObject(ctx, object) + for _, rule := range rules { + failure := rule.ProcessEvent(attrs, nil) + if failure != nil { + logger.L().Info("Rule failed", helpers.Interface("failure", failure)) + av.exporter.SendAdmissionAlert(failure) + return admission.NewForbidden(attrs, nil) + } + } + } + + return nil +} + +// Fetch resource/objects from the Kubernetes API based on the given attributes. +func (av *AdmissionValidator) fetchResource(ctx context.Context, attrs admission.Attributes) (*unstructured.Unstructured, error) { + // Get the GVR + gvr := schema.GroupVersionResource{ + Group: attrs.GetResource().Group, + Version: attrs.GetResource().Version, + Resource: attrs.GetResource().Resource, + } + + // Fetch the resource + resource, err := av.kubernetesClient.DynamicClient.Resource(gvr).Namespace(attrs.GetNamespace()).Get(ctx, attrs.GetName(), metav1.GetOptions{}) + if err != nil { + return nil, fmt.Errorf("failed to fetch resource: %w", err) + } + + return resource, nil +} + +// We are implementing the Handles method from the ValidationInterface interface. +// This method returns true if this admission controller can handle the given operation, we accept all operations. +func (av *AdmissionValidator) Handles(operation admission.Operation) bool { + return true +} diff --git a/config/config.go b/config/config.go index cdeb202..2a416ca 100644 --- a/config/config.go +++ b/config/config.go @@ -13,6 +13,7 @@ import ( "github.com/kubescape/backend/pkg/utils" "github.com/kubescape/go-logger" "github.com/kubescape/go-logger/helpers" + exporters "github.com/kubescape/operator/admission/exporter" "github.com/spf13/viper" ) @@ -30,6 +31,7 @@ type Capabilities struct { RuntimeObservability string `json:"runtimeObservability"` Seccomp string `json:"seccomp"` VulnerabilityScan string `json:"vulnerabilityScan"` + AdmissionController string `json:"admissionController"` } type Components struct { @@ -96,9 +98,10 @@ type Config struct { TriggerSecurityFramework bool `mapstructure:"triggerSecurityFramework"` MatchingRulesFilename string `mapstructure:"matchingRulesFilename"` // EventDeduplicationInterval is the interval during which duplicate events will be silently dropped from processing via continuous scanning - EventDeduplicationInterval time.Duration `mapstructure:"eventDeduplicationInterval"` - ExcludeNamespaces []string `mapstructure:"excludeNamespaces"` - IncludeNamespaces []string `mapstructure:"includeNamespaces"` + EventDeduplicationInterval time.Duration `mapstructure:"eventDeduplicationInterval"` + HTTPExporterConfig *exporters.HTTPExporterConfig `mapstructure:"httpExporterConfig"` + ExcludeNamespaces []string `mapstructure:"excludeNamespaces"` + IncludeNamespaces []string `mapstructure:"includeNamespaces"` } // IConfig is an interface for all config types used in the operator @@ -147,6 +150,10 @@ func (c *OperatorConfig) ContinuousScanEnabled() bool { return c.components.Capabilities.ContinuousScan == "enable" } +func (c *OperatorConfig) AdmissionControllerEnabled() bool { + return c.components.Capabilities.AdmissionController == "enable" +} + func (c *OperatorConfig) KubevulnURL() string { return c.clusterConfig.KubevulnURL } @@ -159,6 +166,10 @@ func (c *OperatorConfig) TriggerSecurityFramework() bool { return c.serviceConfig.TriggerSecurityFramework } +func (c *OperatorConfig) HttpExporterConfig() *exporters.HTTPExporterConfig { + return c.serviceConfig.HTTPExporterConfig +} + func (c *OperatorConfig) Namespace() string { return c.serviceConfig.Namespace } diff --git a/config/config_test.go b/config/config_test.go index 05b61f8..97a2703 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -26,11 +26,12 @@ func TestLoadCapabilities(t *testing.T) { }, want: CapabilitiesConfig{ Capabilities: Capabilities{ - ConfigurationScan: "enable", - ContinuousScan: "disable", - NodeScan: "enable", - Relevancy: "enable", - VulnerabilityScan: "enable", + ConfigurationScan: "enable", + ContinuousScan: "disable", + NodeScan: "enable", + Relevancy: "enable", + VulnerabilityScan: "enable", + AdmissionController: "enable", }, Components: Components{ Gateway: Component{Enabled: true}, diff --git a/configuration/capabilities.json b/configuration/capabilities.json index 15c1269..c07066e 100644 --- a/configuration/capabilities.json +++ b/configuration/capabilities.json @@ -4,7 +4,8 @@ "continuousScan": "disable", "nodeScan": "enable", "relevancy": "enable", - "vulnerabilityScan": "enable" + "vulnerabilityScan": "enable", + "admissionController": "enable" }, "components": { "gateway": { diff --git a/go.mod b/go.mod index eae2931..0c4cbb2 100644 --- a/go.mod +++ b/go.mod @@ -1,46 +1,54 @@ module github.com/kubescape/operator -go 1.21.3 +go 1.22.3 require ( - github.com/armosec/armoapi-go v0.0.330 + github.com/armosec/armoapi-go v0.0.430 github.com/armosec/cluster-notifier-api-go v0.0.5 github.com/armosec/registryx v0.0.15 github.com/armosec/utils-go v0.0.57 github.com/armosec/utils-k8s-go v0.0.26 - github.com/aws/aws-sdk-go v1.50.0 + github.com/aws/aws-sdk-go v1.50.8 github.com/cenkalti/backoff v2.2.1+incompatible github.com/deckarep/golang-set/v2 v2.6.0 - github.com/distribution/reference v0.5.0 - github.com/docker/docker v25.0.5+incompatible - github.com/go-openapi/runtime v0.27.1 - github.com/google/go-containerregistry v0.19.0 + github.com/distribution/reference v0.6.0 + github.com/docker/docker v26.1.3+incompatible + github.com/go-openapi/runtime v0.28.0 + github.com/google/go-containerregistry v0.19.1 github.com/google/uuid v1.6.0 github.com/goradd/maps v0.1.5 github.com/gorilla/mux v1.8.1 - github.com/gorilla/websocket v1.5.0 + github.com/gorilla/websocket v1.5.1 github.com/hashicorp/golang-lru/v2 v2.0.7 - github.com/kubescape/backend v0.0.19 + github.com/kubescape/backend v0.0.20 github.com/kubescape/go-logger v0.0.22 - github.com/kubescape/k8s-interface v0.0.161 + github.com/kubescape/k8s-interface v0.0.166 + github.com/kubescape/kubescape-network-scanner v0.0.15 + github.com/kubescape/node-agent v0.2.99 github.com/kubescape/opa-utils v0.0.278 - github.com/kubescape/storage v0.0.62 + github.com/kubescape/storage v0.0.89 github.com/mitchellh/mapstructure v1.5.0 - github.com/panjf2000/ants/v2 v2.8.2 + github.com/panjf2000/ants/v2 v2.9.1 github.com/spf13/viper v1.18.2 github.com/stretchr/testify v1.9.0 + github.com/zeebo/assert v1.3.1 go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.44.0 - go.opentelemetry.io/otel v1.22.0 - go.opentelemetry.io/otel/trace v1.22.0 + go.opentelemetry.io/otel v1.26.0 + go.opentelemetry.io/otel/trace v1.26.0 gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 - k8s.io/api v0.29.2 - k8s.io/apimachinery v0.29.2 - k8s.io/client-go v0.29.2 - k8s.io/utils v0.0.0-20231121161247-cf03d44ff3cf + k8s.io/api v0.30.1 + k8s.io/apimachinery v0.30.1 + k8s.io/apiserver v0.30.0 + k8s.io/client-go v0.30.1 + k8s.io/utils v0.0.0-20240310230437-4693a0247e57 sigs.k8s.io/yaml v1.4.0 ) require ( + cloud.google.com/go/auth v0.3.0 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect + cloud.google.com/go/compute/metadata v0.3.0 // indirect + cloud.google.com/go/container v1.35.1 // indirect github.com/IBM/sarama v1.42.1 // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect @@ -73,11 +81,6 @@ require ( ) require ( - cloud.google.com/go/compute v1.23.3 // indirect - cloud.google.com/go/compute/metadata v0.2.3 // indirect - cloud.google.com/go/container v1.29.0 // indirect - github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect - github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect @@ -85,19 +88,13 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.1.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 v2.4.0 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect - github.com/Microsoft/go-winio v0.6.1 // indirect - github.com/Microsoft/hcsshim v0.11.4 // indirect github.com/OneOfOne/xxhash v1.2.8 // indirect github.com/acobaugh/osrelease v0.1.0 // indirect - github.com/adrg/xdg v0.4.0 // indirect github.com/agnivade/levenshtein v1.1.1 // indirect - github.com/anchore/clio v0.0.0-20231016125544-c98a83e1c7fc // indirect - github.com/anchore/fangs v0.0.0-20231201140849-5075d28d6d8b // indirect - github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a // indirect - github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501 // indirect - github.com/anchore/stereoscope v0.0.1 // indirect - github.com/anchore/syft v0.101.1 // indirect - github.com/andybalholm/brotli v1.0.4 // indirect + github.com/anchore/go-logger v0.0.0-20240217160628-ee28a485904f // indirect + github.com/anchore/packageurl-go v0.1.1-0.20240312213626-055233e539b4 // indirect + github.com/anchore/stereoscope v0.0.3-0.20240501181043-2e9894674185 // indirect + github.com/anchore/syft v1.4.1 // indirect github.com/armosec/gojay v1.2.17 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect @@ -118,32 +115,24 @@ require ( github.com/aws/smithy-go v1.19.0 // indirect github.com/becheran/wildmatch-go v1.0.0 // indirect github.com/beorn7/perks v1.0.1 // indirect + github.com/blang/semver/v4 v4.0.0 // indirect github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect github.com/briandowns/spinner v1.23.0 // indirect - github.com/cenkalti/backoff/v4 v4.2.1 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/containerd/cgroups v1.1.0 // indirect - github.com/containerd/containerd v1.7.12 // indirect - github.com/containerd/continuity v0.4.2 // indirect - github.com/containerd/fifo v1.1.0 // indirect - github.com/containerd/log v0.1.0 // indirect - github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect - github.com/containerd/ttrpc v1.2.2 // indirect - github.com/containerd/typeurl/v2 v2.1.1 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/containerd/containerd v1.7.17 // indirect + github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect + github.com/containers/common v0.59.0 // indirect github.com/coreos/go-oidc v2.2.1+incompatible // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/docker/cli v24.0.7+incompatible // indirect + github.com/docker/cli v26.1.3+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.1 // indirect - github.com/docker/go-connections v0.4.0 // indirect - github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect - github.com/docker/go-units v0.5.0 // indirect - github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect - github.com/emicklei/go-restful/v3 v3.11.0 // indirect - github.com/evanphx/json-patch v5.7.0+incompatible // indirect + github.com/docker/go-connections v0.5.0 // indirect + github.com/emicklei/go-restful/v3 v3.12.0 // indirect + github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/facebookincubator/nvdtools v0.1.5 // indirect - github.com/fatih/color v1.16.0 // indirect - github.com/felixge/fgprof v0.9.3 // indirect + github.com/fatih/color v1.17.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/francoispqt/gojay v1.2.13 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect @@ -153,45 +142,41 @@ require ( github.com/go-ini/ini v1.67.0 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-openapi/analysis v0.22.0 // indirect - github.com/go-openapi/errors v0.21.0 // indirect - github.com/go-openapi/jsonpointer v0.20.2 // indirect - github.com/go-openapi/jsonreference v0.20.4 // indirect - github.com/go-openapi/loads v0.21.5 // indirect - github.com/go-openapi/spec v0.20.13 // indirect - github.com/go-openapi/strfmt v0.22.0 // indirect - github.com/go-openapi/swag v0.22.9 // indirect - github.com/go-openapi/validate v0.22.4 // indirect + github.com/go-openapi/analysis v0.23.0 // indirect + github.com/go-openapi/errors v0.22.0 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.21.0 // indirect + github.com/go-openapi/loads v0.22.0 // indirect + github.com/go-openapi/spec v0.21.0 // indirect + github.com/go-openapi/strfmt v0.23.0 // indirect + github.com/go-openapi/swag v0.23.0 // indirect + github.com/go-openapi/validate v0.24.0 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect - github.com/golang/glog v1.1.2 // indirect + github.com/golang/glog v1.2.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/golang/snappy v0.0.4 // indirect github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect - github.com/googleapis/gax-go/v2 v2.12.0 // indirect - github.com/gookit/color v1.5.4 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.1 // indirect + github.com/googleapis/gax-go/v2 v2.12.3 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/hcl v1.0.1-vault-5 // indirect - github.com/iancoleman/strcase v0.3.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/inspektor-gadget/inspektor-gadget v0.27.0 // indirect github.com/jinzhu/copier v0.4.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.17.2 // indirect - github.com/klauspost/pgzip v1.2.6 // indirect - github.com/kubescape/kubescape-network-scanner v0.0.15 + github.com/klauspost/compress v1.17.8 // indirect github.com/kubescape/kubescape/v3 v3.0.4 // indirect github.com/kubescape/rbac-utils v0.0.21-0.20230806101615-07e36f555520 // indirect github.com/kubescape/regolibrary v1.0.315 // indirect @@ -200,45 +185,32 @@ require ( github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect - github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect - github.com/mholt/archiver/v3 v3.5.1 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect - github.com/moby/locker v1.0.1 // indirect - github.com/moby/sys/mountinfo v0.6.2 // indirect - github.com/moby/sys/sequential v0.5.0 // indirect - github.com/moby/sys/signal v0.7.0 // indirect - github.com/moby/sys/user v0.1.0 // indirect - github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/nwaples/rardecode v1.1.0 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/olvrng/ujson v1.1.0 // indirect github.com/open-policy-agent/opa v0.61.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc5 // indirect - github.com/opencontainers/runtime-spec v1.1.0 // indirect - github.com/opencontainers/selinux v1.11.0 // indirect - github.com/pborman/indent v1.2.1 // indirect - github.com/pelletier/go-toml v1.9.5 // indirect - github.com/pelletier/go-toml/v2 v2.1.0 // indirect - github.com/pierrec/lz4/v4 v4.1.18 // indirect + github.com/opencontainers/image-spec v1.1.0 // indirect + github.com/opencontainers/runtime-spec v1.2.0 // indirect + github.com/pelletier/go-toml/v2 v2.2.2 // indirect + github.com/pierrec/lz4/v4 v4.1.21 // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/pkg/profile v1.7.0 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/pquerna/cachecontrol v0.2.0 // indirect - github.com/prometheus/client_golang v1.18.0 // indirect - github.com/prometheus/client_model v0.5.0 // indirect - github.com/prometheus/common v0.45.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/prometheus/client_golang v1.19.0 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.53.0 // indirect + github.com/prometheus/procfs v0.13.0 // indirect github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect github.com/sagikazarmark/locafero v0.4.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e // indirect + github.com/seccomp/libseccomp-golang v0.10.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/afero v1.11.0 // indirect @@ -247,64 +219,60 @@ require ( github.com/spf13/pflag v1.0.5 // indirect github.com/stripe/stripe-go/v74 v74.30.0 // indirect github.com/subosito/gotenv v1.6.0 // indirect - github.com/sylabs/sif/v2 v2.11.5 // indirect github.com/sylabs/squashfs v0.6.1 // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/therootcompany/xz v1.0.1 // indirect - github.com/ulikunitz/xz v0.5.11 // indirect - github.com/uptrace/opentelemetry-go-extra/otelutil v0.2.3 // indirect - github.com/uptrace/opentelemetry-go-extra/otelzap v0.2.3 // indirect - github.com/uptrace/uptrace-go v1.21.0 // indirect + github.com/ulikunitz/xz v0.5.12 // indirect + github.com/uptrace/opentelemetry-go-extra/otelutil v0.2.4 // indirect + github.com/uptrace/opentelemetry-go-extra/otelzap v0.2.4 // indirect + github.com/uptrace/uptrace-go v1.26.2 // indirect github.com/vbatts/tar-split v0.11.5 // indirect github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651 // indirect github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect - github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect github.com/yashtewari/glob-intersection v0.2.0 // indirect - go.mongodb.org/mongo-driver v1.13.1 // indirect + go.mongodb.org/mongo-driver v1.15.0 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect - go.opentelemetry.io/contrib/instrumentation/runtime v0.46.1 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 // indirect - go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 // indirect - go.opentelemetry.io/otel/metric v1.22.0 // indirect - go.opentelemetry.io/otel/sdk v1.22.0 // indirect - go.opentelemetry.io/otel/sdk/metric v1.21.0 // indirect - go.opentelemetry.io/proto/otlp v1.0.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect + go.opentelemetry.io/contrib/instrumentation/runtime v0.51.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.26.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.26.0 // indirect + go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.26.0 // indirect + go.opentelemetry.io/otel/metric v1.26.0 // indirect + go.opentelemetry.io/otel/sdk v1.26.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.26.0 // indirect + go.opentelemetry.io/proto/otlp v1.2.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/crypto v0.24.0 // indirect - golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 // indirect + golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect golang.org/x/mod v0.17.0 // indirect golang.org/x/net v0.26.0 // indirect - golang.org/x/oauth2 v0.16.0 // indirect + golang.org/x/oauth2 v0.20.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/sys v0.21.0 // indirect golang.org/x/term v0.21.0 // indirect golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect gonum.org/v1/gonum v0.9.1 // indirect - google.golang.org/api v0.159.0 // indirect - google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240116215550-a9fa1716bcac // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac // indirect - google.golang.org/grpc v1.61.0 // indirect - google.golang.org/protobuf v1.33.0 // indirect + google.golang.org/api v0.177.0 // indirect + google.golang.org/genproto v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/grpc v1.64.1 // indirect + google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/klog/v2 v2.110.1 // indirect - k8s.io/kube-openapi v0.0.0-20231113174909-778a5567bc1e // indirect - sigs.k8s.io/controller-runtime v0.16.3 // indirect + istio.io/pkg v0.0.0-20231221211216-7635388a563e // indirect + k8s.io/component-base v0.30.0 // indirect + k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect + sigs.k8s.io/controller-runtime v0.18.2 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/go.sum b/go.sum index 694b7f6..cab5159 100644 --- a/go.sum +++ b/go.sum @@ -29,20 +29,22 @@ cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= cloud.google.com/go v0.98.0/go.mod h1:ua6Ush4NALrHk5QXDWnjvZHN93OuF0HfuEPq9I1X0cM= cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA= -cloud.google.com/go v0.111.0 h1:YHLKNupSD1KqjDbQ3+LVdQ81h/UJbJyZG203cEfnQgM= -cloud.google.com/go v0.111.0/go.mod h1:0mibmpKP1TyOOFYQY5izo0LnT+ecvOQ0Sg3OdmMiNRU= +cloud.google.com/go v0.113.0 h1:g3C70mn3lWfckKBiCVsAshabrDg01pQ0pnX1MNtnMkA= +cloud.google.com/go v0.113.0/go.mod h1:glEqlogERKYeePz6ZdkcLJ28Q2I6aERgDDErBg9GzO8= +cloud.google.com/go/auth v0.3.0 h1:PRyzEpGfx/Z9e8+lHsbkoUVXD0gnu4MNmm7Gp8TQNIs= +cloud.google.com/go/auth v0.3.0/go.mod h1:lBv6NKTWp8E3LPzmO1TbiiRKc4drLOfHsgmlH9ogv5w= +cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= +cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk= -cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI= -cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= -cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= -cloud.google.com/go/container v1.29.0 h1:jIltU529R2zBFvP8rhiG1mgeTcnT27KhU0H/1d6SQRg= -cloud.google.com/go/container v1.29.0/go.mod h1:b1A1gJeTBXVLQ6GGw9/9M4FG94BEGsqJ5+t4d/3N7O4= +cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= +cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +cloud.google.com/go/container v1.35.1 h1:Vbu/3PZNrgV1Z5DGcRubQdUccX/uMUDNc+NgHNIfbEk= +cloud.google.com/go/container v1.35.1/go.mod h1:udm8fgLm3TtpnjFN4QLLjZezAIIp/VnMo316yIRVRQU= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY= @@ -62,10 +64,6 @@ dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1 dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU= gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= -github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= -github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= -github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 h1:59MxjQVfjXsBpLy+dbd2/ELV5ofnUkUZBvWSC85sheA= -github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= @@ -83,8 +81,6 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.1.2 h1:mLY+pNL github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.1.2/go.mod h1:FbdwsQ2EzwvXxOPcMFYO8ogEc9uMMIj3YkmCdXdAFmk= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.0.0 h1:ECsQtyERDVz3NP3kvDOTLvbQhqWp/x9EsGKtb4ogUr8= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.0.0/go.mod h1:s1tW/At+xHqjNFvWU4G0c0Qv33KOhvbGNj0RCTQDV8s= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= @@ -93,10 +89,6 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/IBM/sarama v1.42.1 h1:wugyWa15TDEHh2kvq2gAy1IHLjEjuYOYgXz/ruC/OSQ= github.com/IBM/sarama v1.42.1/go.mod h1:Xxho9HkHd4K/MDUo/T/sOqwtX/17D33++E9Wib6hUdQ= -github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= -github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= -github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= @@ -111,24 +103,19 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/anchore/clio v0.0.0-20231016125544-c98a83e1c7fc h1:A1KFO+zZZmbNlz1+WKsCF0RKVx6XRoxsAG3lrqH9hUQ= -github.com/anchore/clio v0.0.0-20231016125544-c98a83e1c7fc/go.mod h1:QeWvNzxsrUNxcs6haQo3OtISfXUXW0qAuiG4EQiz0GU= +github.com/anchore/clio v0.0.0-20240209204744-cb94e40a4f65 h1:u9XrEabKlGPsrmRvAER+kUKkwXiJfLyqGhmOTFsXjX4= +github.com/anchore/clio v0.0.0-20240209204744-cb94e40a4f65/go.mod h1:8Jr7CjmwFVcBPtkJdTpaAGHimoGJGfbExypjzOu87Og= github.com/anchore/fangs v0.0.0-20231201140849-5075d28d6d8b h1:L/djgY7ZbZ/38+wUtdkk398W3PIBJLkt1N8nU/7e47A= github.com/anchore/fangs v0.0.0-20231201140849-5075d28d6d8b/go.mod h1:TLcE0RE5+8oIx2/NPWem/dq1DeaMoC+fPEH7hoSzPLo= -github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a h1:nJ2G8zWKASyVClGVgG7sfM5mwoZlZ2zYpIzN2OhjWkw= -github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a/go.mod h1:ubLFmlsv8/DFUQrZwY5syT5/8Er3ugSr4rDFwHsE3hg= -github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 h1:VzprUTpc0vW0nnNKJfJieyH/TZ9UYAnTZs5/gHTdAe8= -github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04/go.mod h1:6dK64g27Qi1qGQZ67gFmBFvEHScy0/C8qhQhNe5B5pQ= -github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501 h1:AV7qjwMcM4r8wFhJq3jLRztew3ywIyPTRapl2T1s9o8= -github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4= -github.com/anchore/stereoscope v0.0.1 h1:OxF7PaxMltnAxjLnDMyka+SKRIQar/bBkDdavsnjyxM= -github.com/anchore/stereoscope v0.0.1/go.mod h1:IylG7ofLoUKHwS1XDF6rPhOmaE3GgpAgsMdvvYfooTU= -github.com/anchore/syft v0.101.1 h1:PTh7XBdtXq3BYhuPz67rrC6AFPZxC1Rt8jgqv7Z75rA= -github.com/anchore/syft v0.101.1/go.mod h1:6rbrRWQN16TFENxXG1uFQOh9RCIp/UHJqPAJnHSKhjQ= +github.com/anchore/go-logger v0.0.0-20240217160628-ee28a485904f h1:qRQCz19ioRN2FtAct4j6Lb3Nl0VolFiuHtYMezGYBn0= +github.com/anchore/go-logger v0.0.0-20240217160628-ee28a485904f/go.mod h1:ErB21zunlmQOE/aFPkt4Tv2Q00ttFxPZ2l87gSXxSec= +github.com/anchore/packageurl-go v0.1.1-0.20240312213626-055233e539b4 h1:SjemQ90fgflz39HG+VMkNfrpUVJpcFW6ZFA3TDXqzBM= +github.com/anchore/packageurl-go v0.1.1-0.20240312213626-055233e539b4/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4= +github.com/anchore/stereoscope v0.0.3-0.20240501181043-2e9894674185 h1:SuViDJ27nZ+joGdKbAkxAlm7tYMt9NTxTZZ05po4hls= +github.com/anchore/stereoscope v0.0.3-0.20240501181043-2e9894674185/go.mod h1:ckIamHiRMp8iBwWoTtE5Xkt9VQ5QC+6+O4VzwqyZr5Q= +github.com/anchore/syft v1.4.1 h1:4ofNePf3vuEyNZZW7SDmTX9uR/vHYXtHkcLbo27Mtjs= +github.com/anchore/syft v1.4.1/go.mod h1:2N75VGorI/18u2xSRAP/DEaZjjjVHtIXM+hFqSkfOTM= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= -github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= -github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= -github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= @@ -138,8 +125,8 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armosec/armoapi-go v0.0.330 h1:kvyLshJ3VBqWxDO/hvlpVU1DNsrmkb5M0oStw+Uwxb8= -github.com/armosec/armoapi-go v0.0.330/go.mod h1:6VYIw1hoNU3dTXKckMHNHhzhhPTMXDHtv5AFxvG4Q+U= +github.com/armosec/armoapi-go v0.0.430 h1:ekXSYUDvlX01tvYJ0yEUwYSi4mDjsoa+3Wd3AQPEURg= +github.com/armosec/armoapi-go v0.0.430/go.mod h1:mpok+lZaolcN5XRz/JxpwhfF8nln1OEKnGuvwAN+7Lo= github.com/armosec/cluster-notifier-api-go v0.0.5 h1:UKY58ehKocKgtqzrawyaIHJa5paG9A4srv+4/6n+Ez4= github.com/armosec/cluster-notifier-api-go v0.0.5/go.mod h1:p5w9/zWIWwpi8W8mHGQdE6HuBb3AxXmZM9Rp//JWvx0= github.com/armosec/gojay v1.2.17 h1:VSkLBQzD1c2V+FMtlGFKqWXNsdNvIKygTKJI9ysY8eM= @@ -152,8 +139,8 @@ github.com/armosec/utils-k8s-go v0.0.26 h1:gVSV1mrALyphaesc+JXbx9SfbxLqfgg1KvvC1 github.com/armosec/utils-k8s-go v0.0.26/go.mod h1:WL2brx3tszxeSl1yHac0oAVJUg3o22HYh1dPjaSfjXU= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/aws/aws-sdk-go v1.50.0 h1:HBtrLeO+QyDKnc3t1+5DR1RxodOHCGr8ZcrHudpv7jI= -github.com/aws/aws-sdk-go v1.50.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.50.8 h1:gY0WoOW+/Wz6XmYSgDH9ge3wnAevYDSQWPxxJvqAkP4= +github.com/aws/aws-sdk-go v1.50.8/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aws/aws-sdk-go-v2 v1.19.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= github.com/aws/aws-sdk-go-v2 v1.19.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM= @@ -206,6 +193,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bitly/go-hostpool v0.0.0-20171023180738-a3a6125de932 h1:mXoPYz/Ul5HYEDvkta6I8/rnYM5gSdSV2tJ6XbZuEtY= github.com/bitly/go-hostpool v0.0.0-20171023180738-a3a6125de932/go.mod h1:NOuUCSz6Q9T7+igc/hlvDOUdtWKryOrtFyIVABv/p7k= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/bmatcuk/doublestar/v4 v4.6.1 h1:FH9SifrbvJhnlQpztAx++wlkk70QBf0iBWDwNy7PA4I= github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY= @@ -219,16 +208,16 @@ github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HV github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -245,24 +234,12 @@ github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 h1:7To3pQ+pZo0i3dsWEbinPNFs5gPSBOsJtx3wTT94VBY= -github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= -github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= -github.com/containerd/containerd v1.7.12 h1:+KQsnv4VnzyxWcfO9mlxxELaoztsDEjOuCMPAuPqgU0= -github.com/containerd/containerd v1.7.12/go.mod h1:/5OMpE1p0ylxtEUGY8kuCYkDRzJm9NO1TFMWjUpdevk= -github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= -github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= -github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY= -github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o= -github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= -github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= -github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k= -github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o= -github.com/containerd/ttrpc v1.2.2 h1:9vqZr0pxwOF5koz6N0N3kJ0zDHokrcPxIR/ZR2YFtOs= -github.com/containerd/ttrpc v1.2.2/go.mod h1:sIT6l32Ph/H9cvnJsfXM5drIVzTr5A2flTf1G5tYZak= -github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= -github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= +github.com/containerd/containerd v1.7.17 h1:KjNnn0+tAVQHAoaWRjmdak9WlvnFR/8rU1CHHy8Rm2A= +github.com/containerd/containerd v1.7.17/go.mod h1:vK+hhT4TIv2uejlcDlbVIc8+h/BqtKLIyNrtCZol8lI= +github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU= +github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk= +github.com/containers/common v0.59.0 h1:fy9Jz0B7Qs1C030bm73YJtVddaiFSZD3558EV1tgN2g= +github.com/containers/common v0.59.0/go.mod h1:53VicJCZ2AD0O+Br7VVoyrS7viXF4YmwlTIocWUT8XE= github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk= github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= @@ -289,25 +266,18 @@ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/r github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g= github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= -github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= -github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v24.0.7+incompatible h1:wa/nIwYFW7BVTGa7SWPVyyXU9lgORqUb1xfI36MSkFg= -github.com/docker/cli v24.0.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= +github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= +github.com/docker/cli v26.1.3+incompatible h1:bUpXT/N0kDE3VUHI2r5VMsYQgi38kYuoC0oL9yt3lqc= +github.com/docker/cli v26.1.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v25.0.5+incompatible h1:UmQydMduGkrD5nQde1mecF/YnSbTOaPeFIeP5C4W+DE= -github.com/docker/docker v25.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v26.1.3+incompatible h1:lLCzRbrVZrljpVNobJu1J2FHk8V0s4BawoZippkc+xo= +github.com/docker/docker v26.1.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo= github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= -github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= -github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= -github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= -github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= -github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= -github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 h1:iFaUwBSo5Svw6L7HYpRu/0lE3e0BaElwnNO1qkNQxBY= -github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5/go.mod h1:qssHWj60/X5sZFNxpG4HBPDHVqxNm4DfnCKgrbZOT+s= -github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY= +github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= +github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= @@ -321,8 +291,8 @@ github.com/elastic/elastic-transport-go/v8 v8.4.0 h1:EKYiH8CHd33BmMna2Bos1rDNMM8 github.com/elastic/elastic-transport-go/v8 v8.4.0/go.mod h1:YLHer5cj0csTzNFXoNQ8qhtGY1GTvSqPnKWKaqQE3Hk= github.com/elastic/go-elasticsearch/v8 v8.12.0 h1:krkiCf4peJa7bZwGegy01b5xWWaYpik78wvisTeRO1U= github.com/elastic/go-elasticsearch/v8 v8.12.0/go.mod h1:wSzJYrrKPZQ8qPuqAqc6KMR4HrBfHnZORvyL+FMFqq0= -github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= -github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= +github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -334,22 +304,20 @@ github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go. github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws= -github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= -github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= -github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= -github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= +github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/facebookincubator/flog v0.0.0-20190930132826-d2511d0ce33c/go.mod h1:QGzNH9ujQ2ZUr/CjDGZGWeDAVStrWNjHeEcjJL96Nuk= github.com/facebookincubator/nvdtools v0.1.5 h1:jbmDT1nd6+k+rlvKhnkgMokrCAzHoASWE5LtHbX2qFQ= github.com/facebookincubator/nvdtools v0.1.5/go.mod h1:Kh55SAWnjckS96TBSrXI99KrEKH4iB0OJby3N8GRJO4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= +github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= github.com/fatih/set v0.2.1 h1:nn2CaJyknWE/6txyUDGwysr3G5QC6xWB/PtVjPBbeaA= github.com/fatih/set v0.2.1/go.mod h1:+RKtMCH+favT2+3YecHGxcc0b4KyVWA1QWWJUs4E0CI= -github.com/felixge/fgprof v0.9.3 h1:VvyZxILNuCiUCSXtPtYmmtGvb65nqXh2QFWc0Wpf2/g= -github.com/felixge/fgprof v0.9.3/go.mod h1:RdbpDgzqYVh/T9fPELJyV7EYJuHB55UTEULNun8eiPw= +github.com/felixge/fgprof v0.9.4 h1:ocDNwMFlnA0NU0zSB3I52xkO4sFXk80VK9lXjLClu88= +github.com/felixge/fgprof v0.9.4/go.mod h1:yKl+ERSa++RYOs32d8K6WEXCB4uXdLls4ZaZPpayhMM= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= @@ -391,33 +359,32 @@ github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2C github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= -github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= -github.com/go-openapi/analysis v0.22.0 h1:wQ/d07nf78HNj4u+KiSY0sT234IAyePPbMgpUjUJQR0= -github.com/go-openapi/analysis v0.22.0/go.mod h1:acDnkkCI2QxIo8sSIPgmp1wUlRohV7vfGtAIVae73b0= -github.com/go-openapi/errors v0.21.0 h1:FhChC/duCnfoLj1gZ0BgaBmzhJC2SL/sJr8a2vAobSY= -github.com/go-openapi/errors v0.21.0/go.mod h1:jxNTMUxRCKj65yb/okJGEtahVd7uvWnuWfj53bse4ho= -github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= -github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= -github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= -github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= -github.com/go-openapi/loads v0.21.5 h1:jDzF4dSoHw6ZFADCGltDb2lE4F6De7aWSpe+IcsRzT0= -github.com/go-openapi/loads v0.21.5/go.mod h1:PxTsnFBoBe+z89riT+wYt3prmSBP6GDAQh2l9H1Flz8= -github.com/go-openapi/runtime v0.27.1 h1:ae53yaOoh+fx/X5Eaq8cRmavHgDma65XPZuvBqvJYto= -github.com/go-openapi/runtime v0.27.1/go.mod h1:fijeJEiEclyS8BRurYE1DE5TLb9/KZl6eAdbzjsrlLU= -github.com/go-openapi/spec v0.20.13 h1:XJDIN+dLH6vqXgafnl5SUIMnzaChQ6QTo0/UPMbkIaE= -github.com/go-openapi/spec v0.20.13/go.mod h1:8EOhTpBoFiask8rrgwbLC3zmJfz4zsCUueRuPM6GNkw= -github.com/go-openapi/strfmt v0.22.0 h1:Ew9PnEYc246TwrEspvBdDHS4BVKXy/AOVsfqGDgAcaI= -github.com/go-openapi/strfmt v0.22.0/go.mod h1:HzJ9kokGIju3/K6ap8jL+OlGAbjpSv27135Yr9OivU4= -github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= -github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= -github.com/go-openapi/validate v0.22.4 h1:5v3jmMyIPKTR8Lv9syBAIRxG6lY0RqeBPB1LKEijzk8= -github.com/go-openapi/validate v0.22.4/go.mod h1:qm6O8ZIcPVdSY5219468Jv7kBdGvkiZLPOmqnqTUZ2A= +github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= +github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= +github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU= +github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo= +github.com/go-openapi/errors v0.22.0 h1:c4xY/OLxUBSTiepAg3j/MHuAv5mJhnf53LLMWFB+u/w= +github.com/go-openapi/errors v0.22.0/go.mod h1:J3DmZScxCDufmIMsdOuDHxJbdOGC0xtUynjIx092vXE= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= +github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco= +github.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs= +github.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ= +github.com/go-openapi/runtime v0.28.0/go.mod h1:QN7OzcS+XuYmkQLw05akXk0jRH/eZ3kb18+1KwW9gyc= +github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY= +github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk= +github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c= +github.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58= +github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ= github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI= github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= @@ -425,7 +392,8 @@ github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrt github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= @@ -440,8 +408,8 @@ github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17w github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo= -github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= +github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68= +github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -474,10 +442,8 @@ github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -503,8 +469,8 @@ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-containerregistry v0.19.0 h1:uIsMRBV7m/HDkDxE/nXMnv1q+lOOSPlQ/ywc5JbB8Ic= -github.com/google/go-containerregistry v0.19.0/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ= +github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY= +github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -528,9 +494,8 @@ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg= -github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b h1:RMpPgZTSApbPf7xaVel+QkoGPRLFLrwFO89uDUHEGf0= -github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -545,8 +510,8 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= -github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= -github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= +github.com/googleapis/gax-go/v2 v2.12.3 h1:5/zPPDvw8Q1SuXjrqrZslrqT7dL/uJT2CQii/cLCKqA= +github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4= github.com/gookit/color v1.2.5/go.mod h1:AhIE+pS6D4Ql0SQWbBeXPHw7gY0/sjHoA4s/n1KB7xg= github.com/gookit/color v1.5.4 h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0= github.com/gookit/color v1.5.4/go.mod h1:pZJOeOS8DM43rXbp4AZo1n9zCU2qjpcRko0b6/QJi9w= @@ -557,13 +522,13 @@ github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= -github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= -github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= +github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.1 h1:6UKoz5ujsI55KNpsJH3UwCq3T8kKbZwNZBNPuTTje8U= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.1/go.mod h1:YvJ2f6MplWDhfxiUC3KpyTy76kYUZA4W3pTv/wdKQ9Y= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed h1:5upAirOpQc1Q53c0bnx2ufif5kANL7bfZWcc6VJWJd8= github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed/go.mod h1:tMWxXQ9wFIaZeTI9F+hmhFiGpFmhOHzyShyFUhRm0H4= github.com/hashicorp/consul/api v1.11.0/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M= @@ -614,12 +579,13 @@ github.com/iancoleman/strcase v0.3.0 h1:nTXanmYxhfFAMjZL34Ov6gkzEsSJZ5DbhxWjvSAS github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/inspektor-gadget/inspektor-gadget v0.27.0 h1:f28khEROUBkKVShlyXOT3sN8T68WZLn6AqRp0aZmUzM= +github.com/inspektor-gadget/inspektor-gadget v0.27.0/go.mod h1:26ArCiACp1/3lfF6RymrznxBDfuPXYgvyk0dJEhFMVI= github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo= @@ -653,15 +619,8 @@ github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+ github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= -github.com/klauspost/compress v1.11.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.17.2 h1:RlWWUY/Dr4fL8qk9YG7DTZ7PDgME2V4csBXA8L/ixi4= -github.com/klauspost/compress v1.17.2/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= -github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= -github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= -github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU= -github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= +github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU= +github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= @@ -674,30 +633,30 @@ github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kubescape/backend v0.0.19 h1:u8gp/VljTEFrdjtHo+IB9KeBhf+8n1St+J2kOFvPj+I= -github.com/kubescape/backend v0.0.19/go.mod h1:FpazfN+c3Ucuvv4jZYCnk99moSBRNMVIxl5aWCZAEBo= +github.com/kubescape/backend v0.0.20 h1:E3nZGqWW8ELSh/n3ZRitlkmuZq33Lyx/42Lm4gpghhM= +github.com/kubescape/backend v0.0.20/go.mod h1:FpazfN+c3Ucuvv4jZYCnk99moSBRNMVIxl5aWCZAEBo= github.com/kubescape/go-logger v0.0.22 h1:gle7wH6emOiGv9ljdpVi82pWLQ3jGucrUucvil6JXHE= github.com/kubescape/go-logger v0.0.22/go.mod h1:x3HBpZo3cMT/WIdy18BxvVVd5D0e/PWFVk/HiwBNu3g= -github.com/kubescape/k8s-interface v0.0.161 h1:v6b3/kmA4o/2niNrejrbXj5X9MLfH0UrpI3s+e/fdwc= -github.com/kubescape/k8s-interface v0.0.161/go.mod h1:oF+Yxug3Kpfu9Yr2j63wy7gwswrKXpiqI0mLk/7gF/s= +github.com/kubescape/k8s-interface v0.0.166 h1:n9rG8vUvHw7UMh+/PZHadfK4Mcj++WAaj+rvNc8kbJY= +github.com/kubescape/k8s-interface v0.0.166/go.mod h1:oF+Yxug3Kpfu9Yr2j63wy7gwswrKXpiqI0mLk/7gF/s= github.com/kubescape/kubescape-network-scanner v0.0.15 h1:LsaVCQzj0PbA30BeFdzxchW2bkg6nn5quwllWmm/2/s= github.com/kubescape/kubescape-network-scanner v0.0.15/go.mod h1:fqTzRCWsuniGEEZHtOEdITxnqx+i5ICdOVuenSQJd3U= github.com/kubescape/kubescape/v3 v3.0.4 h1:gZ5d8QMxLYZQ6Yz9wRvGcDQlBUIV+v/Y/41g56/YDy8= github.com/kubescape/kubescape/v3 v3.0.4/go.mod h1:upPCVTCRT3+LuZ1bawGtjreRmr/Xa+LT0fHtPzlylRU= +github.com/kubescape/node-agent v0.2.99 h1:ZODfLAIfmUjU3OQVR5P3sBnshH380VPwlwTtZTCVitY= +github.com/kubescape/node-agent v0.2.99/go.mod h1:bjLZvChHzD4t9tLoDtjpitPvoygZ/VhaaPGLFhnTrpw= github.com/kubescape/opa-utils v0.0.278 h1:x0akigrjYjocD0HzlRZ4+ZgL+ZK33286d2L48z6m0PE= github.com/kubescape/opa-utils v0.0.278/go.mod h1:N/UnbZHpoiHQH7O50yadhIXZvVl0IVtTGBmePPrSQSg= github.com/kubescape/rbac-utils v0.0.21-0.20230806101615-07e36f555520 h1:SqlwF8G+oFazeYmZQKoPczLEflBQpwpHCU8DoLLyfj8= github.com/kubescape/rbac-utils v0.0.21-0.20230806101615-07e36f555520/go.mod h1:wuxMUSDzGUyWd25IJfBzEJ/Udmw2Vy7npj+MV3u3GrU= github.com/kubescape/regolibrary v1.0.315 h1:Oyr+K8QsOnOulzVkIqOcIoK+g+NDIdoRvTG54BhCh3Q= github.com/kubescape/regolibrary v1.0.315/go.mod h1:xTXVzytnyytxl5RwEEYuL98/xMpdgDJeX4Ayx7CAxZc= -github.com/kubescape/storage v0.0.62 h1:unq7dG6u62DJltAS4Mvf6E7A55EtXS1VKsWURau+byE= -github.com/kubescape/storage v0.0.62/go.mod h1:uMwudLhZCPgjf4JEbRSUZ20JmQJitLVrexZb7S1N4b0= +github.com/kubescape/storage v0.0.89 h1:kYjaYqKndm3C/15MB1J4hgdmA4vbV4zCMWox2ga8O3M= +github.com/kubescape/storage v0.0.89/go.mod h1:eLCQ7JKpR6JRjtENnN3JduvRLMOyJFtBihfdVC+1hLA= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= -github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381 h1:bqDmpDG49ZRnB5PcgP0RXtQvnMSgIF14M7CBd2shtXs= -github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= @@ -723,12 +682,8 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= -github.com/mholt/archiver/v3 v3.5.1 h1:rDjOBX9JSF5BvoJGvjqK479aL70qh9DIpZCl+k7Clwo= -github.com/mholt/archiver/v3 v3.5.1/go.mod h1:e3dqJ7H78uzsRSEACH1joayhuSyhnonssnDhppzS1L4= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= @@ -746,18 +701,8 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= -github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= -github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= -github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= -github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc= -github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo= -github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI= -github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= -github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg= -github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU= -github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= -github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= +github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g= +github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -765,57 +710,49 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/montanaflynn/stats v0.7.0 h1:r3y12KyNxj/Sb/iOE46ws+3mS1+MZca1wlHQFPsY/JU= github.com/montanaflynn/stats v0.7.0/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= -github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= -github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= -github.com/nwaples/rardecode v1.1.0 h1:vSxaY8vQhOcVr4mm5e8XllHWTiM4JF507A0Katqw7MQ= -github.com/nwaples/rardecode v1.1.0/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= -github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= -github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= +github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY= +github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc= github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olvrng/ujson v1.1.0 h1:8xVUzVlqwdMVWh5d1UHBtLQ1D50nxoPuPEq9Wozs8oA= github.com/olvrng/ujson v1.1.0/go.mod h1:Mz4G3RODTUfbkKyvi0lgmPx/7vd3Saksk+1jgk8s9xo= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4= -github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= -github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= -github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/ginkgo/v2 v2.18.0 h1:W9Y7IWXxPUpAit9ieMOLI7PJZGaW22DTKgiVAuhDTLc= +github.com/onsi/ginkgo/v2 v2.18.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/open-policy-agent/opa v0.61.0 h1:nhncQ2CAYtQTV/SMBhDDPsCpCQsUW+zO/1j+T5V7oZg= github.com/open-policy-agent/opa v0.61.0/go.mod h1:7OUuzJnsS9yHf8lw0ApfcbrnaRG1EkN3J2fuuqi4G/E= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= -github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= -github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg= -github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= -github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= +github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= +github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= +github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= +github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-tools v0.9.1-0.20230914150019-408c51e934dc h1:d2hUh5O6MRBvStV55MQ8we08t42zSTqBbscoQccWmMc= +github.com/opencontainers/runtime-tools v0.9.1-0.20230914150019-408c51e934dc/go.mod h1:8tx1helyqhUC65McMm3x7HmOex8lO2/v9zPuxmKHurs= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= -github.com/panjf2000/ants/v2 v2.8.2 h1:D1wfANttg8uXhC9149gRt1PDQ+dLVFjNXkCEycMcvQQ= -github.com/panjf2000/ants/v2 v2.8.2/go.mod h1:7ZxyxsqE4vvW0M7LSD8aI3cKwgFhBHbxnlN8mDqHa1I= +github.com/panjf2000/ants/v2 v2.9.1 h1:Q5vh5xohbsZXGcD6hhszzGqB7jSSc2/CRr3QKIga8Kw= +github.com/panjf2000/ants/v2 v2.9.1/go.mod h1:7ZxyxsqE4vvW0M7LSD8aI3cKwgFhBHbxnlN8mDqHa1I= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/indent v1.2.1 h1:lFiviAbISHv3Rf0jcuh489bi06hj98JsVMtIDZQb9yM= github.com/pborman/indent v1.2.1/go.mod h1:FitS+t35kIYtB5xWTZAPhnmrxcciEEOdbyrrpz5K6Vw= github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= -github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4= -github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= +github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= +github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= -github.com/pierrec/lz4/v4 v4.1.2/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= -github.com/pierrec/lz4/v4 v4.1.18 h1:xaKrnTkyoqfh1YItXl56+6KJNVYWlEEPuAQW9xsplYQ= -github.com/pierrec/lz4/v4 v4.1.18/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= +github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ= +github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -836,26 +773,25 @@ github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= -github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= -github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= +github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= +github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= -github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= -github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= +github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE= +github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= -github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/prometheus/procfs v0.13.0 h1:GqzLlQyfsPbaEHaQkO7tbDlriv/4o5Hudv6OXHGKX7o= +github.com/prometheus/procfs v0.13.0/go.mod h1:cd4PFCR54QLnGKPaKGA6l+cfuNXtht43ZKY6tow0Y1g= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= @@ -874,13 +810,13 @@ github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWR github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e h1:7q6NSFZDeGfvvtIRwBrU/aegEYJYmvev0cHAwo17zZQ= github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e/go.mod h1:DkpGd78rljTxKAnTDPFqXSGxvETQnJyuSOQwsHycqfs= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/sebdah/goldie/v2 v2.5.3 h1:9ES/mNN+HNUbNWpVAlrzuZ7jE+Nrczbj8uFRjM7624Y= -github.com/sebdah/goldie/v2 v2.5.3/go.mod h1:oZ9fp0+se1eapSRjfYbsV/0Hqhbuu3bJVvKI/NNtssI= +github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY= +github.com/seccomp/libseccomp-golang v0.10.0/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= -github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY= github.com/shurcooL/events v0.0.0-20181021180414-410e4ca65f48/go.mod h1:5u70Mqkb5O5cxEA8nxTsgrgLehJeAw6Oc4Ab1c/P1HM= github.com/shurcooL/github_flavored_markdown v0.0.0-20181002035957-2122de532470/go.mod h1:2dOwnU2uBioM+SGy2aZoq1f/Sd1l9OkAeAUvjSyvgU0= @@ -905,7 +841,6 @@ github.com/shurcooL/users v0.0.0-20180125191416-49c67e49c537/go.mod h1:QJTqeLYED github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5kWdCj2z2KEozexVbfEZIWiTjhE0+UjmZgPqehw= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= @@ -935,7 +870,6 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= @@ -955,26 +889,24 @@ github.com/stripe/stripe-go/v74 v74.30.0/go.mod h1:f9L6LvaXa35ja7eyvP6GQswoaIPaB github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= -github.com/sylabs/sif/v2 v2.11.5 h1:7ssPH3epSonsTrzbS1YxeJ9KuqAN7ISlSM61a7j/mQM= -github.com/sylabs/sif/v2 v2.11.5/go.mod h1:GBoZs9LU3e4yJH1dcZ3Akf/jsqYgy5SeguJQC+zd75Y= github.com/sylabs/squashfs v0.6.1 h1:4hgvHnD9JGlYWwT0bPYNt9zaz23mAV3Js+VEgQoRGYQ= github.com/sylabs/squashfs v0.6.1/go.mod h1:ZwpbPCj0ocIvMy2br6KZmix6Gzh6fsGQcCnydMF+Kx8= +github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= +github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= github.com/therootcompany/xz v1.0.1 h1:CmOtsn1CbtmyYiusbfmhmkpAAETj0wBIH6kCYaX+xzw= github.com/therootcompany/xz v1.0.1/go.mod h1:3K3UH1yCKgBneZYhuQUvJ9HPD19UEXEI0BWbMn8qNMY= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/ulikunitz/xz v0.5.9/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= -github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/uptrace/opentelemetry-go-extra/otelutil v0.2.3 h1:LyGS9cIZV0YVhE81zwfMhIE2l2flcj3wn5IoK4VkbWA= -github.com/uptrace/opentelemetry-go-extra/otelutil v0.2.3/go.mod h1:RvCYhPchLhvQ9l9C9goblbgO7BaKt597kBMf5mgKyo0= -github.com/uptrace/opentelemetry-go-extra/otelzap v0.2.3 h1:2na5W81H38Z4qXCQCuzlcdSMiTWgPJ6XeZIArq6VIJE= -github.com/uptrace/opentelemetry-go-extra/otelzap v0.2.3/go.mod h1:9IVEh9mPv3NwFf99dVLX15FqVgdpZJ8RMDo/Cr0vK74= -github.com/uptrace/uptrace-go v1.21.0 h1:oJoUjhiVT7aiuoG6B3ClVHtJozLn3cK9hQt8U5dQO1M= -github.com/uptrace/uptrace-go v1.21.0/go.mod h1:/aXAFGKOqeAFBqWa1xtzLnGX2xJm1GScqz9NJ0TJjLM= +github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= +github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/uptrace/opentelemetry-go-extra/otelutil v0.2.4 h1:A6+6ZGgLRoUTD+Jkw/Ph0g8HKiHUsiGlbngcSqBaHsw= +github.com/uptrace/opentelemetry-go-extra/otelutil v0.2.4/go.mod h1:gNYQe4RRVyszriFOhuMpwpAu4kdoFlZgcsw6dcIDFWg= +github.com/uptrace/opentelemetry-go-extra/otelzap v0.2.4 h1:/4mU8NB88+6u9JVKlkdD6HjrhRM1V1KRTsJaU8FSr8I= +github.com/uptrace/opentelemetry-go-extra/otelzap v0.2.4/go.mod h1:JoL6Kg6zYo9WtK5Y715GWItSUNpWprRYj5wgO01h00g= +github.com/uptrace/uptrace-go v1.26.2 h1:SWUejeNNqi+6peNl8164px+i1bS3gtlxyJdv7XGVzFY= +github.com/uptrace/uptrace-go v1.26.2/go.mod h1:TNlPcHKsOGnHYxmIrNK9+iVPneRxfhBBRFbbWLwkfKA= github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts= github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= @@ -993,10 +925,8 @@ github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMc github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo= -github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= -github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 h1:QldyIu/L63oPpyvQmHgvgickp1Yw510KJOqX7H24mg8= -github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs= +github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no= +github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg= github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d h1:splanxYIlg+5LfHAM6xpdFEAYOk8iySO56hMFq6uLyA= @@ -1007,6 +937,8 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/zeebo/assert v1.3.1 h1:vukIABvugfNMZMQO1ABsyQDJDTVQbn+LWSMy1ol1h6A= +github.com/zeebo/assert v1.3.1/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/api/v3 v3.5.11 h1:B54KwXbWDHyD3XYAwprxNzTe7vlhR69LuBgZnMVvS7E= go.etcd.io/etcd/api/v3 v3.5.11/go.mod h1:Ot+o0SWSyT6uHhA56al1oCED0JImsRiU9Dc26+C2a+4= @@ -1016,8 +948,8 @@ go.etcd.io/etcd/client/pkg/v3 v3.5.11/go.mod h1:seTzl2d9APP8R5Y2hFL3NVlD6qC/dOT+ go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs= go.etcd.io/etcd/client/v3 v3.5.11 h1:ajWtgoNSZJ1gmS8k+icvPtqsqEav+iUorF7b0qozgUU= go.etcd.io/etcd/client/v3 v3.5.11/go.mod h1:a6xQUEqFJ8vztO1agJh/KQKOMfFI8og52ZconzcDJwE= -go.mongodb.org/mongo-driver v1.13.1 h1:YIc7HTYsKndGK4RFzJ3covLz1byri52x0IoMB0Pt/vk= -go.mongodb.org/mongo-driver v1.13.1/go.mod h1:wcDf1JBCXy2mOW0bWHwO/IOYqdca1MPCwDtFu/Z9+eo= +go.mongodb.org/mongo-driver v1.15.0 h1:rJCKC8eEliewXjZGf0ddURtl7tTVy1TK3bfl0gkUSLc= +go.mongodb.org/mongo-driver v1.15.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= @@ -1030,35 +962,35 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.44.0 h1:QaNUlLvmettd1vnmFHrgBYQHearxWP3uO4h4F3pVtkM= go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.44.0/go.mod h1:cJu+5jZwoZfkBOECSFtBZK/O7h/pY5djn0fwnIGnQ4A= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 h1:UNQQKPfTDe1J81ViolILjTKPr9WetKW6uei2hFgJmFs= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 h1:sv9kVfal0MK0wBMCOGr+HeJm9v803BkJxGrk2au7j08= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw= -go.opentelemetry.io/contrib/instrumentation/runtime v0.46.1 h1:m9ReioVPIffxjJlGNRd0d5poy+9oTro3D+YbiEzUDOc= -go.opentelemetry.io/contrib/instrumentation/runtime v0.46.1/go.mod h1:CANkrsXNzqOKXfOomu2zhOmc1/J5UZK9SGjrat6ZCG0= -go.opentelemetry.io/otel v1.22.0 h1:xS7Ku+7yTFvDfDraDIJVpw7XPyuHlB9MCiqqX5mcJ6Y= -go.opentelemetry.io/otel v1.22.0/go.mod h1:eoV4iAi3Ea8LkAEI9+GFT44O6T/D0GWAVFyZVCC6pMI= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 h1:jd0+5t/YynESZqsSyPz+7PAFdEop0dlN0+PkyHYo8oI= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0/go.mod h1:U707O40ee1FpQGyhvqnzmCJm1Wh6OX6GGBVn0E6Uyyk= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 h1:9M3+rhx7kZCIQQhQRYaZCdNu1V73tm4TvXs2ntl98C4= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0/go.mod h1:noq80iT8rrHP1SfybmPiRGc9dc5M8RPmGvtwo7Oo7tc= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 h1:Xs2Ncz0gNihqu9iosIZ5SkBbWo5T8JhhLJFMQL1qmLI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0/go.mod h1:vy+2G/6NvVMpwGX/NyLqcC41fxepnuKHk16E6IZUcJc= +go.opentelemetry.io/contrib/instrumentation/runtime v0.51.0 h1:1tBjncp/Rr5iuV0WfdKGGynrzIJ8bMm5z7Zl6jMjfIE= +go.opentelemetry.io/contrib/instrumentation/runtime v0.51.0/go.mod h1:6MqTuVXkhmzrIc7SFHYVTo7N6OFvVpDH5eq5xXKpAZQ= +go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs= +go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.26.0 h1:HGZWGmCVRCVyAs2GQaiHQPbDHo+ObFWeUEOd+zDnp64= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.26.0/go.mod h1:SaH+v38LSCHddyk7RGlU9uZyQoRrKao6IBnJw6Kbn+c= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0 h1:1u/AyyOqAWzy+SkPxDpahCNZParHV8Vid1RnI2clyDE= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0/go.mod h1:z46paqbJ9l7c9fIPCXTqTGwhQZ5XoTIsfeFYWboizjs= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 h1:H2JFgRcGiyHg7H7bwcwaQJYrNFqCqrbTQ8K4p1OvDu8= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0/go.mod h1:WfCWp1bGoYK8MeULtI15MmQVczfR+bFkk0DF3h06QmQ= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU= -go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 h1:VhlEQAPp9R1ktYfrPk5SOryw1e9LDDTZCbIPFrho0ec= -go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0/go.mod h1:kB3ufRbfU+CQ4MlUcqtW8Z7YEOBeK2DJ6CmR5rYYF3E= -go.opentelemetry.io/otel/metric v1.22.0 h1:lypMQnGyJYeuYPhOM/bgjbFM6WE44W1/T45er4d8Hhg= -go.opentelemetry.io/otel/metric v1.22.0/go.mod h1:evJGjVpZv0mQ5QBRJoBF64yMuOf4xCWdXjK8pzFvliY= -go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw= -go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc= -go.opentelemetry.io/otel/sdk/metric v1.21.0 h1:smhI5oD714d6jHE6Tie36fPx4WDFIg+Y6RfAY4ICcR0= -go.opentelemetry.io/otel/sdk/metric v1.21.0/go.mod h1:FJ8RAsoPGv/wYMgBdUJXOm+6pzFY3YdljnXtv1SBE8Q= -go.opentelemetry.io/otel/trace v1.22.0 h1:Hg6pPujv0XG9QaVbGOBVHunyuLcCC3jN7WEhPx83XD0= -go.opentelemetry.io/otel/trace v1.22.0/go.mod h1:RbbHXVqKES9QhzZq/fE5UnOSILqRt40a21sPw2He1xo= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.26.0 h1:1wp/gyxsuYtuE/JFxsQRtcCDtMrO2qMvlfXALU5wkzI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.26.0/go.mod h1:gbTHmghkGgqxMomVQQMur1Nba4M0MQ8AYThXDUjsJ38= +go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.26.0 h1:0W5o9SzoR15ocYHEQfvfipzcNog1lBxOLfnex91Hk6s= +go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.26.0/go.mod h1:zVZ8nz+VSggWmnh6tTsJqXQ7rU4xLwRtna1M4x5jq58= +go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30= +go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4= +go.opentelemetry.io/otel/sdk v1.26.0 h1:Y7bumHf5tAiDlRYFmGqetNcLaVUZmh4iYfmGxtmz7F8= +go.opentelemetry.io/otel/sdk v1.26.0/go.mod h1:0p8MXpqLeJ0pzcszQQN4F0S5FVjBLgypeGSngLsmirs= +go.opentelemetry.io/otel/sdk/metric v1.26.0 h1:cWSks5tfriHPdWFnl+qpX3P681aAYqlZHcAyHw5aU9Y= +go.opentelemetry.io/otel/sdk/metric v1.26.0/go.mod h1:ClMFFknnThJCksebJwz7KIyEDHO+nTB6gK8obLy8RyE= +go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA= +go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= -go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= +go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= +go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= @@ -1083,7 +1015,6 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= @@ -1101,8 +1032,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ= -golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= @@ -1187,7 +1118,6 @@ golang.org/x/net v0.0.0-20210423184538-5f58ad60dda6/go.mod h1:OJAsFXCWl8Ukc7SiCT golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= @@ -1212,8 +1142,8 @@ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= -golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= +golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= +golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1276,7 +1206,6 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210304124612-50617c2ba197/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1298,7 +1227,6 @@ golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1443,8 +1371,8 @@ google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdr google.golang.org/api v0.59.0/go.mod h1:sT2boj7M9YJxZzgeZqXogmhfmRWDtPzT31xkieUbuZU= google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= google.golang.org/api v0.62.0/go.mod h1:dKmwPCydfsad4qCH08MSdgWjfHOyfpd4VtDGgRFdavw= -google.golang.org/api v0.159.0 h1:fVTj+7HHiUYz4JEZCHHoRIeQX7h5FMzrA2RF/DzDdbs= -google.golang.org/api v0.159.0/go.mod h1:0mu0TpK33qnydLvWqbImq2b1eQ5FHRSDCBzAxX9ZHyw= +google.golang.org/api v0.177.0 h1:8a0p/BbPa65GlqGWtUKxot4p0TV8OGOfyTjtmkXNXmk= +google.golang.org/api v0.177.0/go.mod h1:srbhue4MLjkjbkux5p3dw/ocYOSZTaIEvf7bCOnFQDw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1454,8 +1382,6 @@ google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -1523,12 +1449,12 @@ google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ6 google.golang.org/genproto v0.0.0-20211203200212-54befc351ae9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac h1:ZL/Teoy/ZGnzyrqK/Optxxp2pmVh+fmJ97slxSRyzUg= -google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:+Rvu7ElI+aLzyDQhpHMFMMltsD6m7nqpuWDd2CwJw3k= -google.golang.org/genproto/googleapis/api v0.0.0-20240116215550-a9fa1716bcac h1:OZkkudMUu9LVQMCoRUbI/1p5VCo9BOrlvkqMvWtqa6s= -google.golang.org/genproto/googleapis/api v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:B5xPO//w8qmBDjGReYLpR6UJPnkldGkCSMoH/2vxJeg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac h1:nUQEQmH/csSvFECKYRv6HWEyypysidKl2I6Qpsglq/0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:daQN87bsDqDoe316QbbvX60nMoJQa4r6Ds0ZuoAe5yA= +google.golang.org/genproto v0.0.0-20240515191416-fc5f0ca64291 h1:CTZGpOdDJr2Jq+LcJ/mpjG8mClGy/uJdBBVYbS9g5lY= +google.golang.org/genproto v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:ch5ZrEj5+9MCxUeR3Gp3mCJ4u0eVpusYAmSr/mvpMSk= +google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 h1:4HZJ3Xv1cmrJ+0aFo304Zn79ur1HMxptAE7aCPNLSqc= +google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:RGnPtTG7r4i8sPlNyDeikXF99hMM+hN6QMm4ooG9g2g= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 h1:AgADTJarZTBqgjiUzRgfaBchgYB3/WFTC80GPwsMcRI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= @@ -1559,8 +1485,8 @@ google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0= -google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= +google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -1575,8 +1501,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1618,24 +1544,30 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= -k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= -k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= -k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= -k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= -k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= -k8s.io/kube-openapi v0.0.0-20231113174909-778a5567bc1e h1:snPmy96t93RredGRjKfMFt+gvxuVAncqSAyBveJtr4Q= -k8s.io/kube-openapi v0.0.0-20231113174909-778a5567bc1e/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= -k8s.io/utils v0.0.0-20231121161247-cf03d44ff3cf h1:iTzha1p7Fi83476ypNSz8nV9iR9932jIIs26F7gNLsU= -k8s.io/utils v0.0.0-20231121161247-cf03d44ff3cf/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +istio.io/pkg v0.0.0-20231221211216-7635388a563e h1:ZlLVbKDlCzfP0MPbWc6VRcY23d9NdjLxwpPQpDrh3Gc= +istio.io/pkg v0.0.0-20231221211216-7635388a563e/go.mod h1:fvmqEdHhZjYYwf6dSiIwvwc7db54kMWVTfsb91KmhzY= +k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= +k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= +k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= +k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= +k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= +k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= +k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= +k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f h1:0LQagt0gDpKqvIkAMPaRGcXawNMouPECM1+F9BVxEaM= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f/go.mod h1:S9tOR0FxgyusSNR+MboCuiDpVWkAifZvaYI1Q2ubgro= +k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY= +k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4= -sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= +sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= +sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/main.go b/main.go index c7dcea9..855fc42 100644 --- a/main.go +++ b/main.go @@ -7,18 +7,27 @@ import ( "net/http" "net/url" "os" + "os/signal" + "syscall" "time" + "github.com/kubescape/node-agent/pkg/rulebindingmanager" + "github.com/kubescape/node-agent/pkg/watcher/dynamicwatcher" + _ "net/http/pprof" "github.com/kubescape/go-logger/helpers" "github.com/kubescape/k8s-interface/k8sinterface" + exporters "github.com/kubescape/operator/admission/exporter" + rulebindingcachev1 "github.com/kubescape/operator/admission/rulebinding/cache" + "github.com/kubescape/operator/admission/webhook" "github.com/kubescape/operator/config" cs "github.com/kubescape/operator/continuousscanning" "github.com/kubescape/operator/mainhandler" "github.com/kubescape/operator/notificationhandler" "github.com/kubescape/operator/restapihandler" "github.com/kubescape/operator/utils" + "k8s.io/apimachinery/pkg/runtime" restclient "k8s.io/client-go/rest" "github.com/armosec/utils-k8s-go/probes" @@ -143,6 +152,43 @@ func main() { }(mainHandler) } + if operatorConfig.AdmissionControllerEnabled() { + serverContext, serverCancel := context.WithCancel(ctx) + + addr := ":8443" + + exporter, err := exporters.InitHTTPExporter(*operatorConfig.HttpExporterConfig(), operatorConfig.ClusterName()) + if err != nil { + logger.L().Ctx(ctx).Fatal("failed to initialize HTTP exporter", helpers.Error(err)) + } + + // Create watchers + dWatcher := dynamicwatcher.NewWatchHandler(k8sApi) + + // create ruleBinding cache + ruleBindingCache := rulebindingcachev1.NewCache(k8sApi) + dWatcher.AddAdaptor(ruleBindingCache) + + ruleBindingNotify := make(chan rulebindingmanager.RuleBindingNotify, 100) + ruleBindingCache.AddNotifier(&ruleBindingNotify) + + admissionController := webhook.New(addr, "/etc/certs/tls.crt", "/etc/certs/tls.key", runtime.NewScheme(), webhook.NewAdmissionValidator(k8sApi, exporter, ruleBindingCache), ruleBindingCache) + // Start HTTP REST server for webhook + go func() { + defer func() { + // Cancel the server context to stop other workers + serverCancel() + }() + + err := admissionController.Run(serverContext) + logger.L().Ctx(ctx).Fatal("server stopped", helpers.Error(err)) + }() + + // start watching + dWatcher.Start(ctx) + defer dWatcher.Stop(ctx) + } + if logger.L().GetLevel() == helpers.DebugLevel.String() { go func() { // start pprof server -> https://pkg.go.dev/net/http/pprof @@ -154,6 +200,10 @@ func main() { // send reports every 24 hours go mainHandler.SendReports(ctx, 24*time.Hour) + // Wait for shutdown signal + shutdown := make(chan os.Signal, 1) + signal.Notify(shutdown, os.Interrupt, syscall.SIGTERM) + <-shutdown <-ctx.Done() }